test_suite_pk: use look-up table instead of file for the predefined keys
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 535c13b..4f490a1 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -184,22 +184,41 @@
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512
#endif
-const char *curve_names_lut[] = {
- [MBEDTLS_ECP_DP_SECP192R1] = "secp192r1",
- [MBEDTLS_ECP_DP_SECP224R1] = "secp224r1",
- [MBEDTLS_ECP_DP_SECP256R1] = "secp256r1",
- [MBEDTLS_ECP_DP_SECP384R1] = "secp384r1",
- [MBEDTLS_ECP_DP_SECP521R1] = "secp521r1",
- [MBEDTLS_ECP_DP_BP256R1] = "brainpoolP256r1",
- [MBEDTLS_ECP_DP_BP384R1] = "brainpoolP384r1",
- [MBEDTLS_ECP_DP_BP512R1] = "brainpoolP512r1",
- [MBEDTLS_ECP_DP_CURVE25519] = "x25519",
- [MBEDTLS_ECP_DP_SECP192K1] = "secp192k1",
- [MBEDTLS_ECP_DP_SECP256K1] = "secp256k1",
- [MBEDTLS_ECP_DP_CURVE448] = "x448",
-};
-
#if defined(MBEDTLS_PK_PARSE_C)
+
+#include <../src/test_keys.h>
+static int get_predefined_key_data(int is_rsa, int curve_or_keybits,
+ unsigned char **outbuf, size_t *out_buf_size)
+{
+ const char *key_data_hex = NULL;
+ size_t out_buf_len = 0;
+
+ if (is_rsa) {
+ size_t i;
+ for (i = 0; i < ARRAY_LENGTH(rsa_key_data_lut); i++) {
+ if (curve_or_keybits == rsa_key_data_lut[i].bits) {
+ key_data_hex = rsa_key_data_lut[i].key;
+ break;
+ }
+ }
+ } else {
+ key_data_hex = ec_key_data_lut[curve_or_keybits];
+ }
+
+ if (key_data_hex == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ *out_buf_size = strlen(key_data_hex)/2;
+ *outbuf = mbedtls_calloc(*out_buf_size, sizeof(unsigned char));
+ if (*outbuf == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
+ mbedtls_test_unhexify(*outbuf, *out_buf_size, key_data_hex, &out_buf_len);
+
+ return 0;
+}
+
/** Fill the provided PK context with a proper key.
*
* This is a fake implementation of key generation because instead of generating
@@ -217,26 +236,27 @@
*/
static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
{
- char file_name[128] = { 0 };
- int ret;
+ unsigned char *key_data = NULL;
+ size_t key_data_len = 0;
+ int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ int is_rsa = (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA);
+
/* Dump pk_info since this is overridden by mbedtls_pk_parse_keyfile(). */
const mbedtls_pk_info_t *original_pk_info = pk->pk_info;
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
- sprintf(file_name, "data_files/rsa_%d.der", curve_or_keybits);
- } else if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
- mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
- sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[curve_or_keybits]);
- }
-
- ret = mbedtls_pk_parse_keyfile(pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL);
+ TEST_EQUAL(get_predefined_key_data(is_rsa, curve_or_keybits, &key_data, &key_data_len), 0);
+ TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL), 0);
/* Restore pk_info. */
pk->pk_info = original_pk_info;
+ ret = 0;
+exit:
+ mbedtls_free(key_data);
return ret;
}
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/** Create a PSA key of the desired type and properties.
*
* This is similar to pk_genkey() above in the sense that it does not really
@@ -261,51 +281,61 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
mbedtls_pk_context pk;
- char file_name[128] = { 0 };
- unsigned char key_data[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE] = { 0 };
- size_t key_data_len;
+ unsigned char *key_data = NULL;
+ size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading
+ * zeros (if any). */
+ size_t key_data_len = 0; /* Length of valid bytes in key_data. */
unsigned char *key_data_start;
int ret;
mbedtls_pk_init(&pk);
- /* Get the name of the key file to load. */
+ /* Get the predefined key (in DER format) and parse it. */
if (PSA_KEY_TYPE_IS_RSA(type)) {
- sprintf(file_name, "data_files/rsa_%lu.der", bits);
- } else if (PSA_KEY_TYPE_IS_ECC(type)) {
- psa_ecc_family_t ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(type);
- mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_from_psa(ec_family, bits);
- sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[grp_id]);
+ TEST_EQUAL(get_predefined_key_data(1, bits, &key_data, &key_data_size), 0);
} else {
- TEST_FAIL("Only EC or RSA key type is supported.");
+ mbedtls_ecp_group_id grp_id;
+ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits);
+ TEST_EQUAL(get_predefined_key_data(0, grp_id, &key_data, &key_data_size), 0);
}
- /* Parse the key file and write the key material to the key_data buffer. */
- TEST_EQUAL(mbedtls_pk_parse_keyfile(&pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL), 0);
+ TEST_EQUAL(mbedtls_pk_parse_key(&pk, key_data, key_data_size, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL), 0);
+ /* Resize key_data buffer. */
+ mbedtls_free(key_data);
+ key_data = NULL;
+ TEST_CALLOC(key_data, MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE);
+ key_data_size = MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE;
+
+ /* Export only the key data material in a PSA friendly format.
+ *
+ * Note: mbedtls_pk_write_key_der() and mbedtls_mpi_write_binary() write
+ * key data at the end of the provided buffer, whereas psa_export_key()
+ * writes the key at the beginning.
+ */
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
#if defined(MBEDTLS_PK_WRITE_C)
- ret = mbedtls_pk_write_key_der(&pk, key_data, sizeof(key_data));
+ ret = mbedtls_pk_write_key_der(&pk, key_data, key_data_size);
TEST_ASSERT(ret > 0);
key_data_len = (size_t) ret;
+ key_data_start = key_data + key_data_size - key_data_len;
#else
TEST_FAIL("RSA is unsupported");
#endif /* MBEDTLS_PK_WRITE_C */
} else if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
-#if defined(MBEDTLS_PK_USE_EC_DATA)
- PSA_ASSERT(psa_export_key(pk->priv_id, key_data, sizeof(key_data), &key_data_len));
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ PSA_ASSERT(psa_export_key(pk.priv_id, key_data, key_data_size, &key_data_len));
+ key_data_start = key_data;
#elif defined(MBEDTLS_PK_HAVE_ECC_KEYS)
const mbedtls_ecp_keypair *ec_ctx = mbedtls_pk_ec_ro(pk);
- TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, sizeof(key_data)), 0);
+ TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, key_data_size), 0);
key_data_len = PSA_BITS_TO_BYTES(mbedtls_mpi_bitlen(&(ec_ctx->d)));
+ key_data_start = key_data + key_data_size - key_data_len;
#else /* !MBEDTLS_PK_USE_EC_DATA && !MBEDTLS_PK_HAVE_ECC_KEYS */
TEST_FAIL("EC is unsupported");
#endif /* */
} else {
TEST_FAIL("Unknown key type");
}
- /* Data was written to the end of the key_data buffer so we shift that to
- * the beginnig. */
- key_data_start = key_data + sizeof(key_data) - key_data_len;
- memmove(key_data, key_data_start, key_data_len);
/* Import the key into PSA. */
*key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -317,12 +347,14 @@
if (!mbedtls_svc_key_id_is_null(persistent_key_id)) {
psa_set_key_id(&attributes, persistent_key_id);
}
- status = psa_import_key(&attributes, key_data, key_data_len, key);
+ status = psa_import_key(&attributes, key_data_start, key_data_len, key);
exit:
+ mbedtls_free(key_data);
mbedtls_pk_free(&pk);
return status;
}
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -2563,6 +2595,7 @@
PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS,
PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+ PSA_ALG_NONE,
PSA_KEY_ID_NULL, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
exit: