Mbed-TLS/mbedtls-framework
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls-framework.git synced 2026-06-05 21:15:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #257 from valeriosetti/issue598-framework

Browse Source 
[framework] tests: pk: add a common function to create a PSA key out of predefined keys
This commit is contained in:
Valerio Setti
2026-01-15 16:55:35 +01:00
committed by GitHub
parent ebad5b9817 c32c5064c0
commit b392da5c46
3 changed files with 247 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/generate_test_keys.py
+17 -2
View File
@@ -15,7 +15,7 @@ from mbedtls_framework import build_tree
BYTES_PER_LINE = 16
def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]:
yield 'const unsigned char '
yield 'static const unsigned char '
yield array_name
yield '[] = {'
for index in range(0, len(key_data), BYTES_PER_LINE):
@@ -89,12 +89,25 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str,
def write_output_file(output_file_name: str, arrays: str, look_up_table: str):
"""Write generated content to the output file"""
with open(output_file_name, 'wt') as output:
output.write("""\
/*********************************************************************************
* This file was automatically generated from framework/scripts/generate_test_keys.py.
* Please do not edit it manually.
*********************************************************************************/
#ifndef TEST_TEST_KEYS_H
#define TEST_TEST_KEYS_H
#if TF_PSA_CRYPTO_VERSION_MAJOR >= 1
#include <tf_psa_crypto_common.h>
#include <mbedtls/private/ecp.h>
#else
#include <common.h>
#include <mbedtls/ecp.h>
#endif
""")
output.write(arrays)
output.write("""
@@ -107,10 +120,12 @@ struct predefined_key_element {{
size_t pub_key_len;
}};
struct predefined_key_element predefined_keys[] = {{
MBEDTLS_MAYBE_UNUSED static struct predefined_key_element predefined_keys[] = {{
{}
}};
#endif /* TEST_TEST_KEYS_H */
/* End of generated file */
""".format(look_up_table))
tests/include/test/pk_helpers.h
+94
View File
@@ -0,0 +1,94 @@
/*
* Helper functions for PK.
* This is only for TF-PSA-Crypto 1.0 and above.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PK_HELPERS_H
#define PK_HELPERS_H
#if defined(MBEDTLS_PK_C)
#include <psa/crypto.h>
#include <mbedtls/pk.h>
/* 'pk_context_populate_method_t' is only used in 'mbedtls_pk_helpers_populate_context'
* which takes a PSA key ID to populate the PK context. The idea is to use that
* function after calling 'mbedtls_pk_helpers_make_psa_key_from_predefined' to
* retrieve a PSA key ID. Adding support for parsing doesn't fit well with the
* current prototype of 'mbedtls_pk_helpers_populate_context'.
* What is needed to add parsing in the list below is a new function which acts
* as a combination between 'mbedtls_pk_helpers_make_psa_key_from_predefined' and
* 'mbedtls_pk_helpers_populate_context', i.e. it takes a key type, key bits and
* population method as input and it returns a PK context.
*/
typedef enum {
TEST_PK_WRAP_PSA,
TEST_PK_COPY_FROM_PSA,
TEST_PK_COPY_PUBLIC_FROM_PSA,
} pk_context_populate_method_t;
/**
* Get predefined key pair/public key data for the requested key.
*
* If the specified key type or bit length does not exist in the list of known
* predefined keys, an assertion failure will be generated.
*
* The output format is compatible with PSA API, so they key can be imported
* with psa_import_key().
*
* \param key_type PSA key type for the key being requested.
* \param key_bits Bit length for the PSA key being requested.
* \param output Pointer which on exit will point to the key material that has
* been requested by "key_type" and "key_bits".
* \param output_len Length of the key material being pointed to from "output".
*
* \return 0 on success; MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the required
* key is not the in list of known ones.
*/
int mbedtls_pk_helpers_get_predefined_key_data(psa_key_type_t key_type, psa_key_bits_t key_bits,
const uint8_t **output, size_t *output_len);
/**
* Create a PSA key using prefined key data.
*
* Predefined key data is used to create the key and the choice of predefined
* key material is based on the combination of "key_type" and "key_bits".
*
* \param key_type Type of key to be created. For the time being only RSA and
* EC key types are supported.
* \param key_bits Length of the key (in bits).
* \param alg Algorithm to be associated with the key.
* \param alg2 Enrollment alogrithm to be associated with the key.
* \param usage_flags Usage flags to be associated with the key.
*
* \return On success the key ID of the created PSA key.
* On failure 0 is returned and the test is marked as failed.
*/
mbedtls_svc_key_id_t mbedtls_pk_helpers_make_psa_key_from_predefined(psa_key_type_t key_type,
psa_key_bits_t key_bits,
psa_algorithm_t alg,
psa_algorithm_t alg2,
psa_key_usage_t usage_flags);
/**
* Populate the given PK context using "key_id" and the desired "method".
*
* \param pk The PK context to be populated; it must have been initialized.
* \param key_id The PSA key ID to be used to populate the PK context.
* \param method The desired method for populating the PK context. See
* "pk_context_populate_method_t" for available options.
*
* \return 0 on success.
* In case of failure -1 is returned and the test case is marked
* as failed.
*/
int mbedtls_pk_helpers_populate_context(mbedtls_pk_context *pk, mbedtls_svc_key_id_t key_id,
pk_context_populate_method_t method);
#endif /* MBEDTLS_PK_C */
#endif /* PK_HELPERS_H */
tests/src/pk_helpers.c
+136
View File
@@ -0,0 +1,136 @@
/*
* Helper functions for PK.
* This is only for TF-PSA-Crypto 1.0 and above.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <mbedtls/pk.h>
#include <test/macros.h>
#include <test/helpers.h>
#include <test/pk_helpers.h>
#include <test/psa_helpers.h>
#include <test/test_keys.h>
#include "psa_util_internal.h"
/* Functions like mbedtls_pk_wrap_psa() are only available in tf-psa-crypto and
* not in 3.6 LTS branch, so we need a guard for this. */
#if TF_PSA_CRYPTO_VERSION_MAJOR >= 1
#if defined(MBEDTLS_PK_C)
typedef struct {
psa_key_type_t key_type;
psa_key_bits_t key_bits;
const uint8_t *key;
size_t key_len;
} mbedtls_pk_helpers_predefined_key_t;
#define EC_KEY(family_type, bits, array_base_name) \
{ PSA_KEY_TYPE_ECC_KEY_PAIR(family_type), bits, \
array_base_name ## _priv, sizeof(array_base_name ## _priv) }, \
{ PSA_KEY_TYPE_ECC_PUBLIC_KEY(family_type), bits, \
array_base_name ## _pub, sizeof(array_base_name ## _pub) }
#define RSA_KEY(bits, array_base_name) \
{ PSA_KEY_TYPE_RSA_KEY_PAIR, bits, \
array_base_name ## _priv, sizeof(array_base_name ## _priv) }, \
{ PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits, \
array_base_name ## _pub, sizeof(array_base_name ## _pub) }
static mbedtls_pk_helpers_predefined_key_t predefined_keys_psa[] = {
EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, test_ec_bp256r1),
EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, test_ec_bp384r1),
EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, test_ec_bp512r1),
EC_KEY(PSA_ECC_FAMILY_MONTGOMERY, 255, test_ec_curve25519),
EC_KEY(PSA_ECC_FAMILY_MONTGOMERY, 448, test_ec_curve448),
EC_KEY(PSA_ECC_FAMILY_SECP_K1, 256, test_ec_secp256k1),
EC_KEY(PSA_ECC_FAMILY_SECP_R1, 256, test_ec_secp256r1),
EC_KEY(PSA_ECC_FAMILY_SECP_R1, 384, test_ec_secp384r1),
EC_KEY(PSA_ECC_FAMILY_SECP_R1, 521, test_ec_secp521r1),
RSA_KEY(1024, test_rsa_1024),
RSA_KEY(1026, test_rsa_1026),
RSA_KEY(1028, test_rsa_1028),
RSA_KEY(1030, test_rsa_1030),
RSA_KEY(1536, test_rsa_1536),
RSA_KEY(2048, test_rsa_2048),
RSA_KEY(4096, test_rsa_4096),
};
int mbedtls_pk_helpers_get_predefined_key_data(psa_key_type_t key_type, psa_key_bits_t key_bits,
const uint8_t **output, size_t *output_len)
{
for (size_t i = 0; i < ARRAY_LENGTH(predefined_keys_psa); i++) {
if ((key_type == predefined_keys_psa[i].key_type) &&
(key_bits == predefined_keys_psa[i].key_bits)) {
*output = predefined_keys_psa[i].key;
*output_len = predefined_keys_psa[i].key_len;
return 0;
}
}
*output = NULL;
*output_len = 0;
TEST_FAIL("Predefined key not available");
exit:
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
mbedtls_svc_key_id_t mbedtls_pk_helpers_make_psa_key_from_predefined(psa_key_type_t key_type,
psa_key_bits_t key_bits,
psa_algorithm_t alg,
psa_algorithm_t alg2,
psa_key_usage_t usage_flags)
{
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t *key = NULL;
size_t key_len = 0;
mbedtls_pk_helpers_get_predefined_key_data(key_type, key_bits, &key, &key_len);
psa_set_key_type(&attr, key_type);
psa_set_key_usage_flags(&attr, usage_flags);
psa_set_key_algorithm(&attr, alg);
psa_set_key_enrollment_algorithm(&attr, alg2);
PSA_ASSERT(psa_import_key(&attr, key, key_len, &key_id));
exit:
return key_id;
}
int mbedtls_pk_helpers_populate_context(mbedtls_pk_context *pk, mbedtls_svc_key_id_t key_id,
pk_context_populate_method_t method)
{
int ret = -1;
switch (method) {
case TEST_PK_WRAP_PSA:
TEST_EQUAL(mbedtls_pk_wrap_psa(pk, key_id), 0);
break;
case TEST_PK_COPY_FROM_PSA:
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, pk), 0);
break;
case TEST_PK_COPY_PUBLIC_FROM_PSA:
TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, pk), 0);
break;
default:
TEST_FAIL("Unknown population method");
}
ret = 0;
exit:
return ret;
}
#endif /* MBEDTLS_PK_C */
#endif /* !TF_PSA_CRYPTO_VERSION_MAJOR */