tests: src: pk_helpers: select predefined keys using PSA key type and bits

A new look-up table is created, "predefined_keys_psa", to list all the predefined keys together with the corresponding PSA key type and bits. A new look-up table was created in order not to conflict with the already existing "predefined_keys" one. "mbedtls_pk_helpers_get_predefined_key_data" is modified in order to use the new look-up table. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2026-06-06 05:25:18 +00:00 · 2026-01-07 14:28:31 +01:00
parent 88e0eb729e
commit e28511869c
2 changed files with 67 additions and 64 deletions
@@ -22,22 +22,20 @@ typedef enum {
 } pk_context_populate_method_t;

 /**
- * Get predefined key pair/public key data for the requested key. For the time
- * being it only works with EC and RSA keys.
+ * Get predefined key pair/public key data for the requested key.
 *
- * \param is_ec: 1 for EC keys, 0 for RSA.
- * \param group_id_or_keybits: this should be 'group_id' in case of EC keys, and
- *                         bitsize in case of RSA keys.
- * \param key: output buffer where the key pair will be copied.
- * \param key_len: size in bytes of the "key" buffer.
- * \param pub_key: output buffer where the public key will be copied.
- * \param pub_key_len: size in bytes of the "pub_key" buffer.
+ * If the specified key type or bit length does not exist in the list of known
+ * predefined keys, an assertion failure will be generated an the test will
+ * fail.
 *
- * \return 0 on success;
+ * \param key_type: PSA key type for the key being requested.
+ * \param key_bits: bit length for the PSA key being requested.
+ * \param output: pointer which on exit will point to the key material that has
+ *                been requested by "key_type" and "key_bits".
+ * \param output_len: length of the key material being pointed to from "output".
 */
-int mbedtls_pk_helpers_get_predefined_key_data(int is_ec, int group_id_or_keybits,
-                                               const unsigned char **key, size_t *key_len,
-                                               const unsigned char **pub_key, size_t *pub_key_len);
+void mbedtls_pk_helpers_get_predefined_key_data(psa_key_type_t key_type, psa_key_bits_t key_bits,
+                                                const uint8_t **output, size_t *output_len);

 /**
 * Create a PSA key using prefined key data.
@@ -21,37 +21,63 @@

 #if defined(MBEDTLS_PK_C)

-int mbedtls_pk_helpers_get_predefined_key_data(int is_ec, int group_id_or_keybits,
-                                               const unsigned char **key, size_t *key_len,
-                                               const unsigned char **pub_key, size_t *pub_key_len)
+typedef struct {
+    psa_key_type_t key_type;
+    psa_key_bits_t key_bits;
+    const uint8_t* key;
+    size_t key_len;
+} mbedtls_pk_helpers_predefined_key_t;
+
+#define EC_KEY(family_type, bits, array_base_name)                  \
+    {PSA_KEY_TYPE_ECC_KEY_PAIR(family_type), bits,                  \
+     array_base_name ## _priv, sizeof(array_base_name ## _priv)},   \
+    {PSA_KEY_TYPE_ECC_PUBLIC_KEY(family_type), bits,                \
+     array_base_name ## _pub, sizeof(array_base_name ## _pub)}
+
+#define RSA_KEY(bits, array_base_name)                              \
+    {PSA_KEY_TYPE_RSA_KEY_PAIR, bits,                               \
+     array_base_name ## _priv, sizeof(array_base_name ## _priv)},   \
+    {PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits,                             \
+     array_base_name ## _pub, sizeof(array_base_name ## _pub)}
+
+static mbedtls_pk_helpers_predefined_key_t predefined_keys_psa[] = {
+    EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, test_ec_bp256r1),
+    EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, test_ec_bp384r1),
+    EC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, test_ec_bp512r1),
+
+    EC_KEY(PSA_ECC_FAMILY_MONTGOMERY, 255, test_ec_curve25519),
+    EC_KEY(PSA_ECC_FAMILY_MONTGOMERY, 448, test_ec_curve448),
+
+    EC_KEY(PSA_ECC_FAMILY_SECP_K1, 256, test_ec_secp256k1),
+
+    EC_KEY(PSA_ECC_FAMILY_SECP_R1, 256, test_ec_secp256r1),
+    EC_KEY(PSA_ECC_FAMILY_SECP_R1, 384, test_ec_secp384r1),
+    EC_KEY(PSA_ECC_FAMILY_SECP_R1, 521, test_ec_secp521r1),
+
+    RSA_KEY(1024, test_rsa_1024),
+    RSA_KEY(1026, test_rsa_1026),
+    RSA_KEY(1028, test_rsa_1028),
+    RSA_KEY(1030, test_rsa_1030),
+    RSA_KEY(1536, test_rsa_1536),
+    RSA_KEY(2048, test_rsa_2048),
+    RSA_KEY(4096, test_rsa_4096),
+};
+
+void mbedtls_pk_helpers_get_predefined_key_data(psa_key_type_t key_type, psa_key_bits_t key_bits,
+                                                const uint8_t **output, size_t *output_len)
 {
-    size_t i;
-    struct predefined_key_element *predefined_key = NULL;
-
-    for (i = 0; i < ARRAY_LENGTH(predefined_keys); i++) {
-        if (is_ec) {
-            if (group_id_or_keybits == predefined_keys[i].group_id) {
-                predefined_key = &predefined_keys[i];
-            }
-        } else if (group_id_or_keybits == predefined_keys[i].keybits) {
-            predefined_key = &predefined_keys[i];
+    for (size_t i = 0; i < ARRAY_LENGTH(predefined_keys_psa); i++) {
+        if ((key_type == predefined_keys_psa[i].key_type) &&
+            (key_bits == predefined_keys_psa[i].key_bits)) {
+            *output = predefined_keys_psa[i].key;
+            *output_len = predefined_keys_psa[i].key_len;
+            return;
        }
    }

-    if (predefined_key != NULL) {
-        *key = predefined_key->priv_key;
-        *key_len = predefined_key->priv_key_len;
-        if (pub_key != NULL) {
-            *pub_key = predefined_key->pub_key;
-            *pub_key_len = predefined_key->pub_key_len;
-        }
-        return 0;
-    }
+    TEST_FAIL("Predefined key not available");

-    TEST_FAIL("Unsupported key");
-    /* "exit" label is to make the compiler happy. */
-exit:
-    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+exit:;
 }

 mbedtls_svc_key_id_t mbedtls_pk_helpers_make_psa_key_from_predefined(psa_key_type_t key_type,
@@ -62,37 +88,16 @@ mbedtls_svc_key_id_t mbedtls_pk_helpers_make_psa_key_from_predefined(psa_key_typ
 {
    mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
    psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
-    const uint8_t *priv_key = NULL;
-    size_t priv_key_len = 0;
-    const uint8_t *pub_key = NULL;
-    size_t pub_key_len = 0;
-    int ret;
+    const uint8_t *key = NULL;
+    size_t key_len = 0;

-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-    if (PSA_KEY_TYPE_IS_RSA(key_type)) {
-        ret = mbedtls_pk_helpers_get_predefined_key_data(0, key_bits, &priv_key, &priv_key_len,
-                                                         &pub_key, &pub_key_len);
-        TEST_EQUAL(ret, 0);
-    } else
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-    if (PSA_KEY_TYPE_IS_ECC(key_type)) {
-        psa_ecc_family_t ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type);
-        mbedtls_ecp_group_id ecp_group = mbedtls_ecc_group_from_psa(ec_family, key_bits);
-        ret = mbedtls_pk_helpers_get_predefined_key_data(1, ecp_group, &priv_key, &priv_key_len,
-                                                         &pub_key, &pub_key_len);
-        TEST_EQUAL(ret, 0);
-    } else
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-    {
-        TEST_FAIL("Unsupported key");
-    }
+    mbedtls_pk_helpers_get_predefined_key_data(key_type, key_bits, &key, &key_len);

    psa_set_key_type(&attr, key_type);
    psa_set_key_usage_flags(&attr, usage_flags);
    psa_set_key_algorithm(&attr, alg);
    psa_set_key_enrollment_algorithm(&attr, alg2);
-    PSA_ASSERT(psa_import_key(&attr, priv_key, priv_key_len, &key_id));
+    PSA_ASSERT(psa_import_key(&attr, key, key_len, &key_id));

 exit:
    return key_id;