Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Investigate ECP light #7357

Closed
wants to merge 9 commits into from
5 changes: 5 additions & 0 deletions include/mbedtls/ecp.h
Original file line number Diff line number Diff line change
Expand Up @@ -1214,10 +1214,15 @@ int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
#if defined(ECP_FULL)
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#else
int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
mbedtls_ecp_point *Q);
#endif

/**
* \brief This function generates an ECP key.
Expand Down
66 changes: 65 additions & 1 deletion library/ecp.c
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,14 @@

#include <string.h>

#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif

#if !defined(MBEDTLS_ECP_ALT)

#include "mbedtls/platform.h"
Expand Down Expand Up @@ -3198,6 +3206,57 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
{
return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng);
}
#else /* ECP_FULL */
int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good, but I'm not sure the implementation belongs here, as opposed to test_suite_pk.function which seems to be the only place using this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the mbedtls_ecp_alt_gen_keypair function itself is only explicitly called by test_suite_pk.function, but it is also indirectly called from mbedtls_ecp_gen_key which is instead used also elsewhere such as psa_crypto_ecp.c and test_suite_ecp.function

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, thanks for the info. Regarding test_suite_ecp.function I think that's pretty simple: we'll just skip those cases. For psa_crypto_ecp.c I'll have a look right now. (I had grepped for mbedtls_ecp_gen_key() before commenting, but had completely missed the line from psa_crypto_ecp.c in the results. Should have looked more carefully.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just had a look, and the call in psa_crypto_ecp.c is guarded by MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR so it shouldn't be a problem in builds where KEY_TYPE_ECC_KEY_PAIR is accelerated, which are our target here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding test_suite_ecp.function I think that's pretty simple: we'll just skip those cases

Yes, sorry for not thinking about this, but it doesn't make much sense to test the ECP module with functions that are actually outside it. I'll fix this!

mbedtls_mpi *d, mbedtls_ecp_point *Q)
{
psa_status_t status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
size_t curve_bits;
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
&curve_bits);
unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t key_len;
int ret;

psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
psa_set_key_bits(&key_attr, curve_bits);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);

status = psa_generate_key(&key_attr, &key_id);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}

status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len);
if (status != PSA_SUCCESS) {
psa_destroy_key(key_id);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}

ret = mbedtls_mpi_read_binary(d, key_buf, key_len);
if (ret != 0) {
return ret;
}

status = psa_export_public_key(key_id, key_buf, sizeof(key_buf),
&key_len);
if (status != PSA_SUCCESS) {
psa_destroy_key(key_id);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}

ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
if (ret != 0) {
return ret;
}

psa_destroy_key(key_id);

return 0;
}
#endif /* ECP_FULL */

/*
* Generate a keypair, prettier wrapper
Expand All @@ -3210,9 +3269,14 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
return ret;
}

#if defined(ECP_FULL)
return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
#else
(void)f_rng;
(void)p_rng;
return mbedtls_ecp_alt_gen_keypair(&key->grp, &key->d, &key->Q);
#endif
}
#endif /* ECP_FULL */

#define ECP_CURVE25519_KEY_SIZE 32
#define ECP_CURVE448_KEY_SIZE 56
Expand Down
2 changes: 1 addition & 1 deletion library/pk_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -1190,7 +1190,7 @@ static int eckey_alt_check_pair(const void *pub, const void *prv,

return 0;
}
#endif /* ECP_HAS_CHECK_PAIR */
#endif /* ECP_FULL */

static int eckey_check_pair(const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
Expand Down
16 changes: 8 additions & 8 deletions library/pkparse.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,14 @@
#include "mbedtls/pkcs12.h"
#endif

#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif

#include "mbedtls/platform.h"

#if defined(MBEDTLS_FS_IO)
Expand Down Expand Up @@ -868,14 +876,6 @@ static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa,
}
#endif /* MBEDTLS_RSA_C */

#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif

#if !defined(MBEDTLS_ECP_FULL)
static int pk_derive_public_key(mbedtls_ecp_group *grp, mbedtls_ecp_point *Q,
const mbedtls_mpi *d)
Expand Down
60 changes: 30 additions & 30 deletions tests/suites/test_suite_pk.data
Original file line number Diff line number Diff line change
Expand Up @@ -13,35 +13,35 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"

PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"

PK utils: ECKEY_DH SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"

PK utils: ECKEY_DH Curve25519
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"

PK utils: ECKEY_DH Curve448
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"

PK utils: ECDSA SECP192R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA"

PK utils: ECDSA SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA"

PK utils: ECDSA SECP384R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA"

PK utils: ECDSA SECP521R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"

PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
Expand Down Expand Up @@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1

PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1

PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1

PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
Expand Down Expand Up @@ -369,35 +369,35 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0

ECDSA sign-verify: SECP192R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0

ECDSA sign-verify: SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0

ECDSA sign-verify: SECP384R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0

ECDSA sign-verify: SECP521R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0

ECDSA sign-verify: BP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0

ECDSA sign-verify: BP512R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0

EC(DSA) sign-verify: SECP192R1
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0

EC_DH (no) sign-verify: SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH

RSA sign-verify
Expand Down Expand Up @@ -581,40 +581,40 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64

PSA wrapped sign: SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256

PSA wrapped sign: SECP384R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384

PSA wrapped sign: SECP521R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521

PSA wrapped sign: SECP192K1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192

## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
# PSA wrapped sign: SECP224K1
# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED:ECP_HAS_KEY_GENERATION
# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED
# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224

PSA wrapped sign: SECP256K1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256

PSA wrapped sign: BP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256

PSA wrapped sign: BP384R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384

PSA wrapped sign: BP512R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512

PSA wrapped sign: RSA PKCS1 v1.5
Expand Down Expand Up @@ -646,15 +646,15 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512

PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256

PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384

PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512:ECP_HAS_KEY_GENERATION
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512

PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256
Expand Down
21 changes: 15 additions & 6 deletions tests/suites/test_suite_pk.function
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
parameter, 3);
}
#endif
#if defined(MBEDTLS_ECP_C) && defined(ECP_FULL)
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
Expand All @@ -53,12 +53,18 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
return ret;
}

#if defined(ECP_FULL)
return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
#else /* ECP_FULL */
return mbedtls_ecp_alt_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q);
#endif /* ECP_FULL */
}
#endif
#endif /* MBEDTLS_ECP_C */
return -1;
}

Expand Down Expand Up @@ -462,6 +468,10 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name)
{
mbedtls_pk_context pk;

#if defined(MBEDTLS_USE_PSA_CRYPTO)
PSA_INIT();
#endif

mbedtls_pk_init(&pk);

TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
Expand All @@ -475,6 +485,9 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name)

exit:
mbedtls_pk_free(&pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
PSA_DONE();
#endif
}
/* END_CASE */

Expand Down Expand Up @@ -1224,14 +1237,10 @@ void pk_psa_sign(int parameter_arg,
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
#if defined(ECP_FULL)
mbedtls_ecp_group_id grpid = parameter_arg;
TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
(mbedtls_ecp_keypair *) pk.pk_ctx,
mbedtls_test_rnd_std_rand, NULL) == 0);
#else
TEST_ASSERT(!"ECP_HAS_KEY_GENERATION required");
#endif

alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
} else
Expand Down