Merge development-psa commit 80b5662 into development-psa-merged branch

Adjust crypto submodule version to use new, forked crypto version accordingly.
2026-04-07 23:45:18 +00:00 · 2019-02-05 06:02:51 -05:00 · 2019-02-05 06:02:51 -05:00 · 8a2e97c2df
commit 8a2e97c2df
parent e9c3b8130a 80b566267f
8 changed files with 492 additions and 54 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -755,16 +755,21 @@ run_test() {
 run_test_psa() {
    requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
    run_test    "PSA-supported ciphersuite: $1" \
-                "$P_SRV debug_level=1 force_version=tls1_2" \
-                "$P_CLI debug_level=1 force_version=tls1_2 force_ciphersuite=$1" \
+                "$P_SRV debug_level=2 force_version=tls1_2" \
+                "$P_CLI debug_level=2 force_version=tls1_2 force_ciphersuite=$1" \
                0 \
                -c "Successfully setup PSA-based decryption cipher context" \
                -c "Successfully setup PSA-based encryption cipher context" \
+                -c "PSA calc verify" \
+                -c "calc PSA finished" \
                -s "Successfully setup PSA-based decryption cipher context" \
                -s "Successfully setup PSA-based encryption cipher context" \
+                -s "PSA calc verify" \
+                -s "calc PSA finished" \
                -C "Failed to setup PSA-based cipher context"\
                -S "Failed to setup PSA-based cipher context"\
                -s "Protocol is TLSv1.2" \
+                -c "Perform PSA-based computation of digest of ServerKeyExchange" \
                -S "error" \
                -C "error"
 }
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -1200,44 +1200,65 @@ exit:
 void pk_psa_sign(  )
 {
    mbedtls_pk_context pk;
-    psa_key_handle_t key;
-    unsigned char hash[50], sig[100], pkey[100];
-    size_t sig_len, klen = 0;
+    unsigned char hash[50], sig[100], pkey_legacy[100], pkey_psa[100];
+    unsigned char *pkey_legacy_start, *pkey_psa_start;
+    size_t sig_len, klen_legacy, klen_psa;
+    int ret;
+    psa_key_handle_t handle;

    /*
     * This tests making signatures with a wrapped PSA key:
-     * - generate a fresh PSA key
+     * - generate a fresh ECP legacy PK context
     * - wrap it in a PK context and make a signature this way
     * - extract the public key
     * - parse it to a PK context and verify the signature this way
     */

+    /* Create legacy EC public/private key in PK context. */
    mbedtls_pk_init( &pk );
+    TEST_ASSERT( mbedtls_pk_setup( &pk,
+                      mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1,
+                                      (mbedtls_ecp_keypair*) pk.pk_ctx,
+                                      rnd_std_rand, NULL ) == 0 );
+
+    /* Export underlying public key for re-importing in a legacy context. */
+    ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
+                                       sizeof( pkey_legacy ) );
+    TEST_ASSERT( ret >= 0 );
+    klen_legacy = (size_t) ret;
+    /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+    pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
+
+    /* Turn PK context into an opaque one. */
+    TEST_ASSERT( psa_allocate_key( &handle ) == PSA_SUCCESS );
+    TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
+                                            PSA_ALG_SHA_256 ) == 0 );

    memset( hash, 0x2a, sizeof hash );
    memset( sig, 0, sizeof sig );
-    memset( pkey, 0, sizeof pkey );
-
-    key = pk_psa_genkey();
-    TEST_ASSERT( key != 0 );
-
-    TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );

    TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
                 hash, sizeof hash, sig, &sig_len,
                 NULL, NULL ) == 0 );

-    mbedtls_pk_free( &pk );
+    /* Export underlying public key for re-importing in a psa context. */
+    ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa,
+                                       sizeof( pkey_psa ) );
+    TEST_ASSERT( ret >= 0 );
+    klen_psa = (size_t) ret;
+    /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+    pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa;

-    TEST_ASSERT( PSA_SUCCESS == psa_export_public_key(
-                                key, pkey, sizeof( pkey ), &klen ) );
-    TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
+    TEST_ASSERT( klen_psa == klen_legacy );
+    TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
+
+    mbedtls_pk_free( &pk );
+    TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );

    mbedtls_pk_init( &pk );
-
-    TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey, klen ) == 0 );
-
-
+    TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
+                                              klen_legacy ) == 0 );
    TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
                            hash, sizeof hash, sig, sig_len ) == 0 );