Split off mbedtls_test_ssl_endpoint_make_key_opaque

gilles-peskine-arm · gilles-peskine-arm · commit 81b92c450238 · 2025-05-28T19:05:16.000+02:00
Split the opaque key handling out of
`mbedtls_test_ssl_endpoint_certificate_init()` and into a separate function
`mbedtls_test_ssl_endpoint_make_key_opaque()`. This will allow more
flexibility in what `mbedtls_test_ssl_endpoint_certificate_init()` can do,
since it no longer has to care about the opaque case.

There is only one test function that calls
``mbedtls_test_ssl_endpoint_certificate_init()` to set up an opaque key.
Make it call `mbedtls_test_ssl_endpoint_make_key_opaque()` (only on the
server side, since the function doesn't do client authentication anyway).
Thus there is no behavior change in the test suite.

Signed-off-by: Gilles Peskine &lt;Gilles.Peskine@arm.com&gt;
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
@@ -103,9 +103,6 @@ typedef struct mbedtls_test_handshake_test_options {
     int expected_handshake_result;
     int expected_ciphersuite;
     int pk_alg;
-    int opaque_alg;
-    int opaque_alg2;
-    int opaque_usage;
     data_t *psk_str;
     int dtls;
     int srv_auth_mode;
@@ -442,9 +439,27 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx,
  * \retval  0 on success, otherwise error code.
  */
 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
-                                               int pk_alg,
-                                               int opaque_alg, int opaque_alg2,
-                                               int opaque_usage);
+                                               int pk_alg);
+
+/** Make the endpoint's private key opaque.
+ *
+ * Call this function after mbedtls_test_ssl_endpoint_certificate_init()
+ * (including indirect calls by mbedtls_test_ssl_endpoint_init()) to
+ * replace the endpoint key by an opaque key with the same material.
+ *
+ * \param ep            The endpoint to set up. It must already have a key
+ *                      and certificate set.
+ * \param opaque_alg    The algorithm to declare in the PSA key policy.
+ * \param opaque_alg2   The enrollment algorithm to declare in the PSA
+ *                      key policy.
+ * \param opaque_usage  The usage flags to declare in the PSA key policy.
+ *
+ * \return  0 on success. On error, this function marks the test as failed
+ *          and returns a negative error code.
+ */
+int mbedtls_test_ssl_endpoint_make_key_opaque(mbedtls_test_ssl_endpoint *ep,
+                                              int opaque_alg, int opaque_alg2,
+                                              int opaque_usage);
 
 /*
  * Initializes \p ep structure. It is important to call
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
@@ -716,16 +716,11 @@ static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep)
 }
 
 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
-                                               int pk_alg,
-                                               int opaque_alg, int opaque_alg2,
-                                               int opaque_usage)
+                                               int pk_alg)
 {
     int i = 0;
     int ret = -1;
     int ok = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif
 
     if (ep == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -757,29 +752,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
         TEST_EQUAL(load_endpoint_ecc(ep), 0);
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if (opaque_alg != 0) {
-        psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
-        /* Use a fake key usage to get a successful initial guess for the PSA attributes. */
-        TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
-                                                 &key_attr), 0);
-        /* Then manually usage, alg and alg2 as requested by the test. */
-        psa_set_key_usage_flags(&key_attr, opaque_usage);
-        psa_set_key_algorithm(&key_attr, opaque_alg);
-        if (opaque_alg2 != PSA_ALG_NONE) {
-            psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
-        }
-        TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
-        mbedtls_pk_free(ep->pkey);
-        mbedtls_pk_init(ep->pkey);
-        TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
-    }
-#else
-    (void) opaque_alg;
-    (void) opaque_alg2;
-    (void) opaque_usage;
-#endif
-
     mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
 
     ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
@@ -800,6 +772,52 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
     return ret;
 }
 
+int mbedtls_test_ssl_endpoint_make_key_opaque(mbedtls_test_ssl_endpoint *ep,
+                                              int opaque_alg, int opaque_alg2,
+                                              int opaque_usage)
+{
+    psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
+#endif
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    int ok = 0;
+
+    /* Use a fake key usage to get a successful initial guess for the PSA attributes. */
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
+                                             &key_attr), 0);
+    /* Then manually usage, alg and alg2 as requested by the test. */
+    psa_set_key_usage_flags(&key_attr, opaque_usage);
+    psa_set_key_algorithm(&key_attr, opaque_alg);
+    if (opaque_alg2 != PSA_ALG_NONE) {
+        psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
+    }
+    TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
+    mbedtls_pk_free(ep->pkey);
+    mbedtls_pk_init(ep->pkey);
+    TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
+
+    /* Reset (key, certificate) pair(s) in the SSL configuration, so that
+     * the configuration will only contain what we put explicitly in
+     * this function. */
+    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL);
+    TEST_EQUAL(ret, 0);
+
+    /* Only put the opaque key, with the same certificate as before. */
+    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, ep->pkey);
+    TEST_EQUAL(ret, 0);
+
+    ok = 1;
+
+exit:
+    if (ret == 0 && !ok) {
+        /* Exiting due to a test assertion that isn't ret == 0 */
+        ret = -1;
+    }
+
+    return ret;
+}
+
 int mbedtls_test_ssl_endpoint_init(
     mbedtls_test_ssl_endpoint *ep, int endpoint_type,
     const mbedtls_test_handshake_test_options *options)
@@ -970,10 +988,7 @@ int mbedtls_test_ssl_endpoint_init(
 #endif
 #endif /* MBEDTLS_DEBUG_C */
 
-    ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
-                                                     options->opaque_alg,
-                                                     options->opaque_alg2,
-                                                     options->opaque_usage);
+    ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg);
     TEST_EQUAL(ret, 0);
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
@@ -3033,13 +3033,14 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str,
 {
     mbedtls_test_handshake_test_options options;
     mbedtls_test_init_handshake_options(&options);
+    mbedtls_test_ssl_endpoint client;
+    memset(&client, 0, sizeof(client));
+    mbedtls_test_ssl_endpoint server;
+    memset(&server, 0, sizeof(server));
 
     options.cipher = cipher;
     options.psk_str = psk_str;
     options.pk_alg = pk_alg;
-    options.opaque_alg = psa_alg;
-    options.opaque_alg2 = psa_alg2;
-    options.opaque_usage = psa_usage;
     options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
     options.expected_handshake_result = expected_handshake_result;
     options.expected_ciphersuite = expected_ciphersuite;
@@ -3048,13 +3049,31 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str,
     options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
     options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
 
-    mbedtls_test_ssl_perform_handshake(&options);
+    MD_OR_USE_PSA_INIT();
+
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client,
+                                              MBEDTLS_SSL_IS_CLIENT,
+                                              &options), 0);
+
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server,
+                                              MBEDTLS_SSL_IS_SERVER,
+                                              &options), 0);
+    if (psa_alg != 0) {
+        TEST_EQUAL(mbedtls_test_ssl_endpoint_make_key_opaque(&server,
+                                                             psa_alg, psa_alg2,
+                                                             psa_usage), 0);
+    }
+
+    TEST_ASSERT(mbedtls_test_ssl_perform_connection(&options, &client, &server));
 
     /* The goto below is used to avoid an "unused label" warning.*/
     goto exit;
 
 exit:
+    mbedtls_test_ssl_endpoint_free(&client);
+    mbedtls_test_ssl_endpoint_free(&server);
     mbedtls_test_free_handshake_options(&options);
+    MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
 
