From 3a815cbd2f519232e58f690d27b9d987060ce71d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Feb 2024 09:54:18 +0100 Subject: all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() This is possible because after #8740 RSA_C no longer depends on PK to parse and write private/public keys. This commit also solves related issues that arose after this change in "pk.c" and "test_suite_pk". In particular now we can use rsa's module functions for parsing and writing keys without need to rely on pk_parse and pk_write functions. Signed-off-by: Valerio Setti --- library/pk.c | 2 +- tests/scripts/all.sh | 5 ----- tests/suites/test_suite_pk.function | 11 ++++++++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/pk.c b/library/pk.c index 2c0ef68..580fa0e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1021,7 +1021,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); p = buf + sizeof(buf); - key_len = mbedtls_pk_write_pubkey(&p, buf, ctx); + key_len = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*ctx), buf, &p); if (key_len < 0) { return key_len; diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e101bb6..6f47a5e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1559,11 +1559,6 @@ component_full_no_pkparse_pkwrite() { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # Disable features that re-enable PK_PARSE_C - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all PSA_WANT_ALG_RSA - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all PSA_WANT_KEY_TYPE_RSA - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 43f9e4f..2b37110 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -9,6 +9,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" #include "mbedtls/rsa.h" +#include "rsa_internal.h" #include "pk_internal.h" #include @@ -1898,8 +1899,10 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); } - /* Export underlying public key for re-importing in a legacy context. */ - ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey)); + /* Export underlying public key for re-importing in a legacy context. + * Note: mbedtls_rsa_write_key() writes backwards in the data buffer. */ + pkey_start = pkey + sizeof(pkey); + ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), pkey, &pkey_start); TEST_ASSERT(ret >= 0); pkey_len = (size_t) ret; @@ -1924,7 +1927,9 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); mbedtls_pk_init(&pk); - TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, pkey_start, pkey_len), 0); + TEST_EQUAL(mbedtls_pk_setup(&pk, + mbedtls_pk_info_from_type(pk_type)), 0); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), pkey_start, pkey_len), 0); if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { rsassa_pss_options.mgf1_hash_id = md_alg; -- cgit v1.1