test: fix tests for the new EC public key management

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
Mbed-TLS · Mar 10, 2023 · 3db22f9 · 3db22f9
1 parent 11d2bb4
commit 3db22f9
Show file tree

Hide file tree

Showing 8 changed files with 145 additions and 16 deletions.
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
@@ -58,9 +58,9 @@ mbedtls_debug_print_mpi:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee6
 Debug print mbedtls_mpi: 764 bits #2
 mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\:  09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\:  14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\:  ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\:  09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\:  af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\:  52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
 
-Debug print certificate #1 (RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\:  a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\:  15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\:  43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\:  dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\:  83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\:  70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\:  4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\:  f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\:  ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\:  24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\:  ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\:  69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\:  73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\:  db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\:  5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\:  ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\:  01 00 01\n"
+#Debug print certificate #1 (RSA)
+#depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA:!MBEDTLS_X509_REMOVE_INFO
+#mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\:  a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\:  15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\:  43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\:  dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\:  83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\:  70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\:  4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\:  f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\:  ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\:  24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\:  ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\:  69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\:  73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\:  db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\:  5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\:  ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\:  01 00 01\n"
 
 Debug print certificate #2 (EC)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA:!MBEDTLS_X509_REMOVE_INFO

diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
@@ -159,6 +159,9 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line,
     mbedtls_ssl_config conf;
     struct buffer_data buffer;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_INIT();
+#endif
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&crt);
@@ -183,6 +186,9 @@ exit:
     mbedtls_x509_crt_free(&crt);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_DONE();
+#endif
 }
 /* END_CASE */
 

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
@@ -48,6 +48,10 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
     if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
         mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
         mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        return mbedtls_pk_gen_ec_keypair(pk, parameter,
+                                mbedtls_test_rnd_std_rand, NULL);
+#else /* MBEDTLS_USE_PSA_CRYPTO */
         int ret;
         if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp,
                                           parameter)) != 0) {
@@ -58,8 +62,9 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
                                        &mbedtls_pk_ec(*pk)->d,
                                        &mbedtls_pk_ec(*pk)->Q,
                                        mbedtls_test_rnd_std_rand, NULL);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
-#endif
+#endif /* MBEDTLS_ECP_C */
     return -1;
 }
 
@@ -510,6 +515,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
     }
 #endif
 
+exit:
     mbedtls_pk_free(&pub);
     mbedtls_pk_free(&prv);
     mbedtls_pk_free(&alt);
@@ -643,6 +649,10 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash,
     TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q,
                                               key->x, key->len) == 0);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk) == 0);
+#endif
+
     // MBEDTLS_MD_NONE is used since it will be ignored.
     TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE,
                                   hash->x, hash->len, sig->x, sig->len) == ret);
@@ -679,6 +689,9 @@ void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str,
     TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0);
     TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0);
     TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pub) == 0);
+#endif
 
     mbedtls_ecp_set_max_ops(max_ops);
 
@@ -1229,6 +1242,9 @@ void pk_psa_sign(int parameter_arg,
         TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
                                         (mbedtls_ecp_keypair *) pk.pk_ctx,
                                         mbedtls_test_rnd_std_rand, NULL) == 0);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk) == 0);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
         alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
     } else
 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
@@ -1314,6 +1330,9 @@ void pk_psa_sign(int parameter_arg,
     TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp),
                                              &(mbedtls_pk_ec(pk)->Q),
                                              pkey_legacy_start, klen_legacy), 0);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk) == 0);
+#endif
 #endif
     TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
                                   hash, sizeof(hash), sig, sig_len) == 0);

diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
@@ -75,21 +75,34 @@ void pk_parse_public_keyfile_ec(char *key_file, int result)
     mbedtls_pk_context ctx;
     int res;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_INIT();
+#endif
+
     mbedtls_pk_init(&ctx);
 
     res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
 
     TEST_ASSERT(res == result);
 
     if (res == 0) {
-        mbedtls_ecp_keypair *eckey;
         TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        /* No need to check whether the parsed public point is on the curve or
+         * not because this is already done by the internal "pk_get_ecpubkey()"
+         * function */
+#else
+        mbedtls_ecp_keypair *eckey;
         eckey = mbedtls_pk_ec(ctx);
         TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0);
+#endif
     }
 
 exit:
     mbedtls_pk_free(&ctx);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_DONE();
+#endif
 }
 /* END_CASE */
 
@@ -99,6 +112,10 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result)
     mbedtls_pk_context ctx;
     int res;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_INIT();
+#endif
+
     mbedtls_pk_init(&ctx);
 
     res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
@@ -115,6 +132,9 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result)
 
 exit:
     mbedtls_pk_free(&ctx);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_DONE();
+#endif
 }
 /* END_CASE */
 

diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
@@ -22,6 +22,10 @@ void pk_write_pubkey_check(char *key_file)
     memset(buf, 0, sizeof(buf));
     memset(check_buf, 0, sizeof(check_buf));
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_INIT();
+#endif
+
     mbedtls_pk_init(&key);
     TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0);
 
@@ -45,6 +49,9 @@ void pk_write_pubkey_check(char *key_file)
 
 exit:
     mbedtls_pk_free(&key);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_DONE();
+#endif
 }
 /* END_CASE */
 
@@ -61,6 +68,10 @@ void pk_write_key_check(char *key_file)
     memset(buf, 0, sizeof(buf));
     memset(check_buf, 0, sizeof(check_buf));
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_INIT();
+#endif
+
     mbedtls_pk_init(&key);
     TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
                                          mbedtls_test_rnd_std_rand, NULL) == 0);
@@ -85,5 +96,8 @@ void pk_write_key_check(char *key_file)
 
 exit:
     mbedtls_pk_free(&key);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    PSA_DONE();
+#endif
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
@@ -4568,6 +4568,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file,
     unsigned char *buf = NULL;
     size_t len;
 
+    USE_PSA_INIT();
     /*
      * Test that a save-load pair is the identity
      */
@@ -4705,6 +4706,7 @@ exit:
     mbedtls_ssl_session_free(&original);
     mbedtls_ssl_session_free(&restored);
     mbedtls_free(buf);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -4716,6 +4718,7 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file,
     unsigned char *buf1 = NULL, *buf2 = NULL;
     size_t len0, len1, len2;
 
+    USE_PSA_INIT();
     /*
      * Test that a load-save pair is the identity
      */
@@ -4767,6 +4770,7 @@ exit:
     mbedtls_ssl_session_free(&session);
     mbedtls_free(buf1);
     mbedtls_free(buf2);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -4778,6 +4782,7 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file,
     unsigned char *buf = NULL;
     size_t good_len, bad_len, test_len;
 
+    USE_PSA_INIT();
     /*
      * Test that session_save() fails cleanly on small buffers
      */
@@ -4814,6 +4819,7 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file,
 exit:
     mbedtls_ssl_session_free(&session);
     mbedtls_free(buf);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -4825,6 +4831,7 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file,
     unsigned char *good_buf = NULL, *bad_buf = NULL;
     size_t good_len, bad_len;
 
+    USE_PSA_INIT();
     /*
      * Test that session_load() fails cleanly on small buffers
      */
@@ -4867,6 +4874,7 @@ exit:
     mbedtls_ssl_session_free(&session);
     mbedtls_free(good_buf);
     mbedtls_free(bad_buf);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
@@ -3050,17 +3050,17 @@ X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
 depends_on:MBEDTLS_X509_USE_C
 x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
 
-X509 CRT verify restart: trusted EE, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
-
-X509 CRT verify restart: trusted EE, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
-
-X509 CRT verify restart: no intermediate, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
+#X509 CRT verify restart: trusted EE, max_ops=0 (disabled)
+#depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
+#
+#X509 CRT verify restart: trusted EE, max_ops=1
+#depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
+#
+#X509 CRT verify restart: no intermediate, max_ops=0 (disabled)
+#depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
 
 X509 CRT verify restart: no intermediate, max_ops=1
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED