Skip to content

Commit ffefa99

Browse files
Harshal5Harshal5
committed
test(mbedtls): Extend the mbedtls ecdsa tests
1 parent eb7c565 commit ffefa99

File tree

2 files changed

+75
-48
lines changed

2 files changed

+75
-48
lines changed

components/mbedtls/test_apps/main/CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ set(TEST_CRTS "crts/server_cert_chain.pem"
77

88
idf_component_register(SRC_DIRS "."
99
PRIV_INCLUDE_DIRS "."
10-
PRIV_REQUIRES efuse cmock test_utils mbedtls esp_timer unity spi_flash esp_psram
10+
PRIV_REQUIRES efuse cmock test_utils mbedtls esp_timer unity spi_flash esp_psram esp_security
1111
EMBED_TXTFILES ${TEST_CRTS}
1212
WHOLE_ARCHIVE)
1313

components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c

Lines changed: 74 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -205,20 +205,20 @@ const uint8_t ecdsa192_sign_pub_y[] = {
205205

206206
/* Big endian */
207207
const uint8_t init_key[] = {
208-
0x4d, 0x21, 0x64, 0x21, 0x8f, 0xa2, 0xe3, 0xa0, 0xab, 0x74, 0xb5, 0xab, 0x17, 0x9a, 0x5d, 0x08, 0x58, 0xf4, 0x22, 0x03, 0xbd, 0x52, 0xe7, 0x88, 0x3c, 0x22, 0x0f, 0x95, 0x89, 0x70, 0xe1, 0x93
208+
0xee, 0x89, 0x95, 0xda, 0x3c, 0x8a, 0x43, 0x83, 0xa9, 0x4b, 0x25, 0x5b, 0x04, 0x7e, 0xf1, 0x57, 0xb8, 0xe8, 0x06, 0x45, 0x87, 0x76, 0xee, 0x1b, 0x4e, 0x2e, 0x55, 0xa7, 0x1f, 0x25, 0xe1, 0x94,
209209
};
210210

211211
/* Big endian */
212212
const uint8_t k2_info[] = {
213-
0xd8, 0xcd, 0x04, 0x45, 0xb4, 0x45, 0xc4, 0x15, 0xf6, 0x40, 0x1c, 0x7d, 0x90, 0x1b, 0x99, 0xa4, 0x79, 0x6b, 0xfb, 0x5b, 0x2a, 0x40, 0x60, 0xe1, 0xc1, 0xe1, 0x48, 0xcd, 0x46, 0x6b, 0x9b, 0x48, 0xda, 0x7a, 0x70, 0x0a, 0x78, 0x0b, 0x9d, 0xf9, 0x0e, 0xed, 0x91, 0xfc, 0xa5, 0xc2, 0x96, 0x05, 0x91, 0x76, 0xdb, 0x68, 0x84, 0x5d, 0x5e, 0x5b, 0xa6, 0xe9, 0x6b, 0x3b, 0x12, 0x50, 0x05, 0xc3
213+
0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b,
214214
};
215215

216-
const uint8_t k1_ecdsa256_xts_encrypt[] = {
217-
0x9f, 0x64, 0x80, 0x16, 0xa3, 0xab, 0x26, 0x64, 0x9b, 0xe6, 0x86, 0xcd, 0xf5, 0x14, 0x11, 0xb9, 0xb0, 0xe9, 0x87, 0xf6, 0xfe, 0x1b, 0x98, 0x0f, 0x9c, 0x3e, 0x21, 0xa7, 0xfa, 0x53, 0x47, 0x60
216+
const uint8_t k1_ecdsa256_encrypt[] = {
217+
0xcb, 0x8b, 0x74, 0xfb, 0xdf, 0x8f, 0x52, 0x0a, 0xff, 0x00, 0xf2, 0x83, 0xfa, 0xdb, 0x34, 0x18, 0xbe, 0xae, 0xe2, 0x58, 0x75, 0x94, 0x69, 0x89, 0xdd, 0x72, 0xdb, 0x04, 0x2c, 0xad, 0x4e, 0x3a,
218218
};
219219

220-
const uint8_t k1_ecdsa192_xts_encrypt[] = {
221-
0x54, 0xf5, 0x97, 0xb8, 0xff, 0x1d, 0x34, 0x85, 0x8d, 0xf1, 0x43, 0xaa, 0xc0, 0x0f, 0xe2, 0x4d, 0x0b, 0xee, 0xdd, 0x89, 0x31, 0x39, 0x1b, 0xbe, 0x9b, 0x55, 0x53, 0xe0, 0xc7, 0xd9, 0x79, 0xaf
220+
const uint8_t k1_ecdsa192_encrypt[] = {
221+
0xde, 0xe9, 0x9c, 0x89, 0xf2, 0x3b, 0x29, 0xb7, 0x9e, 0x33, 0xec, 0x76, 0x75, 0x2f, 0x3e, 0xab, 0x61, 0x06, 0x4d, 0xea, 0x05, 0x2c, 0xc3, 0x29, 0x1c, 0x7f, 0xb7, 0x3d, 0xb8, 0x1c, 0xb2, 0x17,
222222
};
223223

224224
void test_ecdsa_sign(mbedtls_ecp_group_id id, const uint8_t *hash, const uint8_t *pub_x, const uint8_t *pub_y, bool is_deterministic, int efuse_key_block)
@@ -273,8 +273,47 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke
273273
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, false, SECP256R1_EFUSE_BLOCK);
274274
}
275275

276-
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
276+
#if SOC_KEY_MANAGER_SUPPORTED
277+
static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type) {
278+
esp_key_mgr_aes_key_config_t *key_config = NULL;
279+
key_config = heap_caps_calloc(1, sizeof(esp_key_mgr_aes_key_config_t), MALLOC_CAP_INTERNAL);
280+
TEST_ASSERT_NOT_NULL(key_config);
281+
282+
key_config->key_type = key_type;
283+
key_config->use_pre_generated_sw_init_key = 1;
284+
memcpy(key_config->k2_info, (uint8_t*) k2_info, KEY_MGR_K2_INFO_SIZE);
285+
memcpy(key_config->k1_encrypted[0], (uint8_t*) k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
286+
memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE);
287+
288+
esp_key_mgr_key_recovery_info_t *key_info = NULL;
289+
key_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
290+
TEST_ASSERT_NOT_NULL(key_info);
291+
292+
esp_key_mgr_deploy_key_in_aes_mode(key_config, key_info);
293+
294+
ESP_LOGI(TAG, "Key deployed successfully");
295+
esp_key_mgr_activate_key(key_info);
296+
297+
free(key_info);
298+
free(key_config);
299+
}
277300

301+
TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_manager_key]")
302+
{
303+
deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY);
304+
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER);
305+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY);
306+
}
307+
308+
TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]")
309+
{
310+
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY);
311+
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER);
312+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY);
313+
}
314+
#endif /* SOC_KEY_MANAGER_SUPPORTED */
315+
316+
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
278317
TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]")
279318
{
280319
if (!ecdsa_ll_is_deterministic_mode_supported()) {
@@ -293,48 +332,32 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe
293332
}
294333
}
295334

296-
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
297-
298335
#if SOC_KEY_MANAGER_SUPPORTED
299-
void deploy_key_in_key_manager(const uint8_t *k1_encrypted) {
300-
esp_key_mgr_aes_key_config_t *key_config;
301-
302-
key_config = heap_caps_calloc(1, sizeof(esp_key_mgr_aes_key_config_t), MALLOC_CAP_INTERNAL);
303-
TEST_ASSERT_NOT_NULL(key_config);
304-
memcpy(key_config->k2_info, (uint8_t*) k2_info, KEY_MGR_K2_INFO_SIZE);
305-
memcpy(key_config->k1_encrypted[0], (uint8_t*) k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
306-
memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE);
307-
key_config->use_pre_generated_sw_init_key = 1;
308-
key_config->key_type = ESP_KEY_MGR_ECDSA_KEY;
309-
310-
esp_key_mgr_key_recovery_info_t *key_info;
311-
key_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
312-
TEST_ASSERT_NOT_NULL(key_config);
313-
314-
esp_key_mgr_deploy_key_in_aes_mode(key_config, key_info);
315-
printf("\nkey deployed successfully\n");
316-
esp_key_mgr_activate_key(key_info);
317-
free(key_info);
318-
free(key_config);
319-
}
320-
321-
TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_manager_key]")
336+
TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][key_manager_key]")
322337
{
323-
deploy_key_in_key_manager(k1_ecdsa192_xts_encrypt);
324-
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER);
325-
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
338+
if (!ecdsa_ll_is_deterministic_mode_supported()) {
339+
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
340+
} else {
341+
deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY);
342+
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER);
343+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY);
344+
}
326345
}
327346

328-
TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]")
347+
TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][key_manager_key]")
329348
{
330-
deploy_key_in_key_manager(k1_ecdsa256_xts_encrypt);
331-
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER);
332-
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
349+
if (!ecdsa_ll_is_deterministic_mode_supported()) {
350+
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
351+
} else {
352+
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY);
353+
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER);
354+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY);
355+
}
333356
}
334-
#endif
357+
#endif /* SOC_KEY_MANAGER_SUPPORTED */
358+
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
335359

336360
#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
337-
338361
void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, const uint8_t *pub_y, int efuse_key_block)
339362
{
340363
uint8_t export_pub_x[32] = {0};
@@ -344,9 +367,14 @@ void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, con
344367
esp_ecdsa_pk_conf_t pk_conf = {
345368
.grp_id = id,
346369
.load_pubkey = true,
347-
.efuse_block = efuse_key_block,
348370
};
349371

372+
if (efuse_key_block == USE_ECDSA_KEY_FROM_KEY_MANAGER) {
373+
pk_conf.use_km_key = true;
374+
} else {
375+
pk_conf.efuse_block = efuse_key_block;
376+
}
377+
350378
if (id == MBEDTLS_ECP_DP_SECP192R1) {
351379
len = 24;
352380
} else if (id == MBEDTLS_ECP_DP_SECP256R1) {
@@ -382,18 +410,17 @@ TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]"
382410
#if SOC_KEY_MANAGER_SUPPORTED
383411
TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager_key]")
384412
{
385-
deploy_key_in_key_manager(k1_ecdsa192_xts_encrypt);
413+
deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY);
386414
test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER);
387-
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
415+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY);
388416
}
389417

390418
TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager_key]")
391419
{
392-
deploy_key_in_key_manager(k1_ecdsa256_xts_encrypt);
420+
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY);
393421
test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER);
394-
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
422+
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY);
395423
}
396424
#endif
397425
#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
398-
399426
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */

0 commit comments

Comments
 (0)