2013-09-15 13:01:22 +02:00
|
|
|
/* BEGIN_HEADER */
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/pk.h"
|
|
|
|
#include "mbedtls/pem.h"
|
|
|
|
#include "mbedtls/oid.h"
|
2023-01-26 10:00:55 +01:00
|
|
|
#include "mbedtls/ecp.h"
|
2023-07-04 19:58:43 +02:00
|
|
|
#include "mbedtls/psa_util.h"
|
2023-05-15 11:18:46 +02:00
|
|
|
#include "pk_internal.h"
|
2023-09-21 16:21:10 +02:00
|
|
|
|
|
|
|
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
|
|
|
#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der
|
|
|
|
#endif
|
|
|
|
|
2013-09-15 13:01:22 +02:00
|
|
|
/* END_HEADER */
|
|
|
|
|
|
|
|
/* BEGIN_DEPENDENCIES
|
2023-07-26 18:12:23 +02:00
|
|
|
* depends_on:MBEDTLS_PK_PARSE_C
|
2013-09-15 13:01:22 +02:00
|
|
|
* END_DEPENDENCIES
|
|
|
|
*/
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
|
2023-01-11 14:50:10 +01:00
|
|
|
void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
|
2013-09-15 13:01:22 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_pk_context ctx;
|
2013-09-15 13:01:22 +02:00
|
|
|
int res;
|
|
|
|
char *pwd = password;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_init(&ctx);
|
2023-04-24 13:53:21 +02:00
|
|
|
MD_PSA_INIT();
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (strcmp(pwd, "NULL") == 0) {
|
2013-09-15 13:01:22 +02:00
|
|
|
pwd = NULL;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd,
|
|
|
|
mbedtls_test_rnd_std_rand, NULL);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(res, result);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (res == 0) {
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context *rsa;
|
2023-01-11 14:50:10 +01:00
|
|
|
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
|
|
|
|
rsa = mbedtls_pk_rsa(ctx);
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(&ctx);
|
2023-03-17 11:59:12 +01:00
|
|
|
MD_PSA_DONE();
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
2023-03-17 11:59:12 +01:00
|
|
|
|
2013-09-15 13:01:22 +02:00
|
|
|
/* END_CASE */
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
|
2023-01-11 14:50:10 +01:00
|
|
|
void pk_parse_public_keyfile_rsa(char *key_file, int result)
|
2013-09-15 13:01:22 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_pk_context ctx;
|
2013-09-15 13:01:22 +02:00
|
|
|
int res;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_init(&ctx);
|
2023-04-24 13:53:21 +02:00
|
|
|
MD_PSA_INIT();
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(res, result);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (res == 0) {
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context *rsa;
|
2023-01-11 14:50:10 +01:00
|
|
|
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
|
|
|
|
rsa = mbedtls_pk_rsa(ctx);
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(&ctx);
|
2023-03-17 11:59:12 +01:00
|
|
|
MD_PSA_DONE();
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|
|
|
|
|
2023-06-14 14:56:48 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
|
2023-01-11 14:50:10 +01:00
|
|
|
void pk_parse_public_keyfile_ec(char *key_file, int result)
|
2013-09-15 13:01:22 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_pk_context ctx;
|
2013-09-15 13:01:22 +02:00
|
|
|
int res;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_init(&ctx);
|
2023-11-15 07:20:07 +01:00
|
|
|
MD_OR_USE_PSA_INIT();
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(res, result);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (res == 0) {
|
|
|
|
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
|
2023-05-17 15:37:29 +02:00
|
|
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
|
|
|
/* No need to check whether the parsed public point is on the curve or
|
|
|
|
* not because this is already done by the internal "pk_get_ecpubkey()"
|
|
|
|
* function */
|
|
|
|
#else
|
|
|
|
const mbedtls_ecp_keypair *eckey;
|
2023-05-15 11:18:46 +02:00
|
|
|
eckey = mbedtls_pk_ec_ro(ctx);
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0);
|
2023-05-17 15:37:29 +02:00
|
|
|
#endif
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(&ctx);
|
2023-11-15 07:20:07 +01:00
|
|
|
MD_OR_USE_PSA_DONE();
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|
|
|
|
|
2023-06-14 14:56:48 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
|
2023-01-11 14:50:10 +01:00
|
|
|
void pk_parse_keyfile_ec(char *key_file, char *password, int result)
|
2013-09-15 13:01:22 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_pk_context ctx;
|
2013-09-15 13:01:22 +02:00
|
|
|
int res;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_init(&ctx);
|
2023-11-15 07:20:07 +01:00
|
|
|
MD_OR_USE_PSA_INIT();
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
|
|
|
|
mbedtls_test_rnd_std_rand, NULL);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(res, result);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (res == 0) {
|
|
|
|
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
|
2023-05-18 19:00:22 +02:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
|
2023-11-15 11:04:08 +01:00
|
|
|
TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0);
|
2023-05-18 19:00:22 +02:00
|
|
|
#else
|
|
|
|
/* PSA keys are already checked on import so nothing to do here. */
|
|
|
|
#endif
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(&ctx);
|
2023-11-15 07:20:07 +01:00
|
|
|
MD_OR_USE_PSA_DONE();
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|
|
|
|
|
2020-02-10 10:50:16 +01:00
|
|
|
/* BEGIN_CASE */
|
2023-01-11 14:50:10 +01:00
|
|
|
void pk_parse_key(data_t *buf, int result)
|
2013-09-15 13:01:22 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_pk_context pk;
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_init(&pk);
|
2023-04-24 13:53:21 +02:00
|
|
|
USE_PSA_INIT();
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0,
|
|
|
|
mbedtls_test_rnd_std_rand, NULL) == result);
|
2013-09-15 13:01:22 +02:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(&pk);
|
2023-04-24 13:53:21 +02:00
|
|
|
USE_PSA_DONE();
|
2013-09-15 13:01:22 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|
2023-07-04 19:58:43 +02:00
|
|
|
|
2023-09-21 16:21:10 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */
|
2023-09-20 19:00:48 +02:00
|
|
|
void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result)
|
|
|
|
{
|
|
|
|
mbedtls_pk_context pk;
|
|
|
|
|
|
|
|
mbedtls_pk_init(&pk);
|
|
|
|
USE_PSA_INIT();
|
2023-09-21 16:21:10 +02:00
|
|
|
|
2023-09-21 09:27:39 +02:00
|
|
|
TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len,
|
2023-09-21 10:19:56 +02:00
|
|
|
pass->x, pass->len,
|
|
|
|
mbedtls_test_rnd_std_rand,
|
|
|
|
NULL), result);
|
2023-09-20 19:00:48 +02:00
|
|
|
exit:
|
|
|
|
mbedtls_pk_free(&pk);
|
|
|
|
USE_PSA_DONE();
|
|
|
|
}
|
|
|
|
/* END_CASE */
|
|
|
|
|
2023-07-05 10:33:53 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */
|
|
|
|
void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output)
|
2023-07-04 19:58:43 +02:00
|
|
|
{
|
|
|
|
/* Montgomery keys have specific bits set to either 0 or 1 depending on
|
|
|
|
* their position. This is enforced during parsing (please see the implementation
|
|
|
|
* of mbedtls_ecp_read_key() for more details). The scope of this function
|
|
|
|
* is to verify this enforcing by feeding the parse algorithm with a x25519
|
|
|
|
* key which does not have those bits set properly. */
|
|
|
|
mbedtls_pk_context pk;
|
|
|
|
unsigned char *output_key = NULL;
|
|
|
|
size_t output_key_len = 0;
|
|
|
|
|
|
|
|
mbedtls_pk_init(&pk);
|
|
|
|
USE_PSA_INIT();
|
|
|
|
|
|
|
|
TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0,
|
|
|
|
mbedtls_test_rnd_std_rand, NULL), 0);
|
|
|
|
|
|
|
|
output_key_len = input_key->len;
|
2023-07-21 12:31:13 +02:00
|
|
|
TEST_CALLOC(output_key, output_key_len);
|
2023-07-04 19:58:43 +02:00
|
|
|
/* output_key_len is updated with the real amount of data written to
|
|
|
|
* output_key buffer. */
|
|
|
|
output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len);
|
|
|
|
TEST_ASSERT(output_key_len > 0);
|
|
|
|
|
2023-07-21 12:40:20 +02:00
|
|
|
TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len);
|
2023-07-04 19:58:43 +02:00
|
|
|
|
|
|
|
exit:
|
|
|
|
if (output_key != NULL) {
|
|
|
|
mbedtls_free(output_key);
|
|
|
|
}
|
|
|
|
mbedtls_pk_free(&pk);
|
|
|
|
USE_PSA_DONE();
|
|
|
|
}
|
|
|
|
/* END_CASE */
|