From 8959095e871432b27117d1c83f95299076dc8837 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Apr 2023 17:34:09 +0200 Subject: [PATCH 01/12] test: memory footprint optimization for pkwrite tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 107 +++++++++-------------- 1 file changed, 40 insertions(+), 67 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 7e8a32d34..8fc5f5888 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -2,6 +2,42 @@ #include "mbedtls/pk.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" + +static void pk_write_check_common(char *key_file, int is_public_key) +{ + mbedtls_pk_context key; + unsigned char *buf = NULL; + unsigned char *check_buf = NULL; + size_t check_buf_len; + int ret; + + /* Note: if mbedtls_pk_load_file() successfully reads the file, then + it also allocates check_buf, which should be freed on exit */ + TEST_ASSERT(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len) == 0); + TEST_ASSERT(check_buf_len > 0); + + ASSERT_ALLOC(buf, check_buf_len); + + mbedtls_pk_init(&key); + if (is_public_key) { + TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0); + ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); + } else { + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, + mbedtls_test_rnd_std_rand, NULL) == 0); + ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); + } + TEST_ASSERT(ret == 0); + + /* check_buf_len also includes the NULL termination char */ + TEST_EQUAL(check_buf_len - 1, strlen((char *) buf)); + TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, check_buf_len) == 0); + +exit: + mbedtls_free(buf); + mbedtls_free(check_buf); + mbedtls_pk_free(&key); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -12,78 +48,15 @@ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void pk_write_pubkey_check(char *key_file) { - mbedtls_pk_context key; - unsigned char buf[5000]; - unsigned char check_buf[5000]; - int ret; - FILE *f; - size_t ilen, pem_len, buf_index; - - memset(buf, 0, sizeof(buf)); - memset(check_buf, 0, sizeof(check_buf)); - - mbedtls_pk_init(&key); - TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0); - - ret = mbedtls_pk_write_pubkey_pem(&key, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - - f = fopen(key_file, "r"); - TEST_ASSERT(f != NULL); - ilen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(ilen == pem_len); - TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0); - -exit: - mbedtls_pk_free(&key); + pk_write_check_common(key_file, 1); + goto exit; /* make the compiler happy */ } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void pk_write_key_check(char *key_file) { - mbedtls_pk_context key; - unsigned char buf[5000]; - unsigned char check_buf[5000]; - int ret; - FILE *f; - size_t ilen, pem_len, buf_index; - - memset(buf, 0, sizeof(buf)); - memset(check_buf, 0, sizeof(check_buf)); - - mbedtls_pk_init(&key); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); - - ret = mbedtls_pk_write_key_pem(&key, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - - f = fopen(key_file, "r"); - TEST_ASSERT(f != NULL); - ilen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(ilen == strlen((char *) buf)); - TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0); - -exit: - mbedtls_pk_free(&key); + pk_write_check_common(key_file, 0); + goto exit; /* make the compiler happy */ } /* END_CASE */ From c60bc5e7004529e2febcc79b98d534eff6676e8c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Apr 2023 18:43:06 +0200 Subject: [PATCH 02/12] test: add support for DER format in pkwrite tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 36 ++++++++++++++++-------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 8fc5f5888..98a117f71 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -3,11 +3,12 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" -static void pk_write_check_common(char *key_file, int is_public_key) +static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; unsigned char *buf = NULL; unsigned char *check_buf = NULL; + unsigned char *start_buf; size_t check_buf_len; int ret; @@ -21,17 +22,30 @@ static void pk_write_check_common(char *key_file, int is_public_key) mbedtls_pk_init(&key); if (is_public_key) { TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0); - ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); + if (is_der) { + ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); + } else { + ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); + } } else { TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL) == 0); - ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); + if (is_der) { + ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); + } else { + ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); + } } - TEST_ASSERT(ret == 0); - /* check_buf_len also includes the NULL termination char */ - TEST_EQUAL(check_buf_len - 1, strlen((char *) buf)); - TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, check_buf_len) == 0); + if (is_der) { + TEST_ASSERT(ret > 0); + start_buf = buf + check_buf_len - ret; + } else { + TEST_ASSERT(ret == 0); + start_buf = buf; + } + + TEST_ASSERT(memcmp((char *) start_buf, (char *) check_buf, check_buf_len) == 0); exit: mbedtls_free(buf); @@ -46,17 +60,17 @@ exit: */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ -void pk_write_pubkey_check(char *key_file) +void pk_write_pubkey_check(char *key_file, int is_der) { - pk_write_check_common(key_file, 1); + pk_write_check_common(key_file, 1, is_der); goto exit; /* make the compiler happy */ } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ -void pk_write_key_check(char *key_file) +void pk_write_key_check(char *key_file, int is_der) { - pk_write_check_common(key_file, 0); + pk_write_check_common(key_file, 0, is_der); goto exit; /* make the compiler happy */ } /* END_CASE */ From 28567abf4fc215b3a032aba77ae316fa1ae0b740 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Apr 2023 18:43:55 +0200 Subject: [PATCH 03/12] test: add DER file format for pkwrite tests Signed-off-by: Valerio Setti --- tests/data_files/ec_256_long_prv.pem.der | Bin 0 -> 121 bytes tests/data_files/ec_521_prv.pem.der | Bin 0 -> 223 bytes tests/data_files/ec_521_pub.pem.der | Bin 0 -> 158 bytes tests/data_files/ec_521_short_prv.pem.der | Bin 0 -> 223 bytes tests/data_files/ec_bp512_prv.pem.der | Bin 0 -> 221 bytes tests/data_files/ec_bp512_pub.pem.der | Bin 0 -> 158 bytes tests/data_files/ec_prv.sec1.pem.der | Bin 0 -> 97 bytes tests/data_files/ec_pub.pem.der | Bin 0 -> 75 bytes tests/data_files/rsa4096_prv.pem.der | Bin 0 -> 2349 bytes tests/data_files/rsa4096_pub.pem.der | Bin 0 -> 550 bytes tests/data_files/server1.key.der | Bin 0 -> 1190 bytes tests/data_files/server1.pubkey.der | Bin 0 -> 294 bytes tests/suites/test_suite_pkwrite.data | 72 ++++++++++++++++++---- 13 files changed, 60 insertions(+), 12 deletions(-) create mode 100644 tests/data_files/ec_256_long_prv.pem.der create mode 100644 tests/data_files/ec_521_prv.pem.der create mode 100644 tests/data_files/ec_521_pub.pem.der create mode 100644 tests/data_files/ec_521_short_prv.pem.der create mode 100644 tests/data_files/ec_bp512_prv.pem.der create mode 100644 tests/data_files/ec_bp512_pub.pem.der create mode 100644 tests/data_files/ec_prv.sec1.pem.der create mode 100644 tests/data_files/ec_pub.pem.der create mode 100644 tests/data_files/rsa4096_prv.pem.der create mode 100644 tests/data_files/rsa4096_pub.pem.der create mode 100644 tests/data_files/server1.key.der create mode 100644 tests/data_files/server1.pubkey.der diff --git a/tests/data_files/ec_256_long_prv.pem.der b/tests/data_files/ec_256_long_prv.pem.der new file mode 100644 index 0000000000000000000000000000000000000000..96e329e20ea9a1505271e1d5b0a385bef37ea261 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R#eV$BC+5#2T4GlU4sOUSz-~v@aSsd6{v%r{9i8j6k3Y1_&yK zNX|V20SBQ(13~}L}n6< zY3l=yorYjho0y2!8ZF3zn=*BYvuY9j=`W&)8@uQ=vvy3`p-6F z!eG5DgiCK$0M6*-ik@ZAoUPcOBVFzV^SGu)zHwh4XVtVc;Qu3`{0HxMKp8$j?*DH) Z&HZ*-sTEK&QcvXa1@%NuDJ)DcYQg3~Zj1l` literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_521_pub.pem.der b/tests/data_files/ec_521_pub.pem.der new file mode 100644 index 0000000000000000000000000000000000000000..5b685deb363dbec17f18edd329ab3530b06e4eab GIT binary patch literal 158 zcmV;P0Ac?yftxT81_vsJNX|V10R{ytfdl{}1A&GB1OOf3Le)=c>jRGDx38T%pm#R? zoc9^)HBD)Up6BzyHv131p9uJC<@yqi!Jtvo=Eg(lTH25L&o*PiV7)AaOK(;H&gkTd zo@LOSt=OL%Ho{6KL(P)D!-VH39D0lnx9=1*FJ2M}8aSD4+)h1uKCB03)G+i35R#00aS4Fm=@^ z@HoChAgk&{fI0{FrRX!Adw^YrBvpEcXbXoaGaz#RqR=uDkP^2J%m((<(OtER5PpU_ zvpck>#i;$80DOba&MO(YcxUXY@=ZO`bVZ-UD=j)wNIEGvWrYW_uF@oflhX>b=Qhmc Zeeg2t_`*5u%%U!RgI-71dlJtF*Xs3$XAb}X literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_bp512_prv.pem.der b/tests/data_files/ec_bp512_prv.pem.der new file mode 100644 index 0000000000000000000000000000000000000000..2d9a3de27cc92bc24850ca3cb68d4a6fc1e6b8f0 GIT binary patch literal 221 zcmV<303!b|f!YEA0R%udESGrppK@%xqx7O^@oP~)<;{M6#(bl&}3Nob`_zV}fMQFw;?{5a}4s#23#*9vh~!(BYO$If?a z+a(>=OU`j4L?rHTN$${c@Y}@KnU>*o)mP$Ub~@>BmB4}LK7F#|irhU+ngoZj?dW#g XAIf3L0_maHaw~=sl8+doNJUv1?c8d~ literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_bp512_pub.pem.der b/tests/data_files/ec_bp512_pub.pem.der new file mode 100644 index 0000000000000000000000000000000000000000..6a8c4c79f841eaaa0cf4732a0110a78e5e36370f GIT binary patch literal 158 zcmV;P0Ac?yftxTC1_vsJNX|V10R{;xBm)Bi2mt{N1A&471UR?slC~UNY=68cr0jK_ zNc_~|<8NI9y2s9UYuhCq)=SQDBSa+b za7pgaa`4;4*O`{#b=6nmV|F^}aFxJ;=RSS1j z12O;vQFXlEFr#quol}$M5^{*x0cW-Jw6}J~boa*dRJYP31}quXE DZeJ@@ literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_pub.pem.der b/tests/data_files/ec_pub.pem.der new file mode 100644 index 0000000000000000000000000000000000000000..74c5951f60c2c13c29369f85c95958c4af70dc3c GIT binary patch literal 75 zcmXr;G!SNE*J|@PXUoLM#sOw9Gcqz8F|h2Ztlhk>p5u+JXSV+q!OhC==UG7p;&lU4%ADZ zIx~4>ll{@k_X@D5H_}c4+CgnPa|1+NA;2A29Pc#HEg;L%el50GmKBdM^alGjtR@HV zrX1?`@$WBlU6&f39}@p-dk3yDn-i8VghcuO2U$3y0cmnjP~`YKiCUBj+Kn58P7?BE z{<%qaY4cX(D37rjGSuB~;jaHDX8Uk&yQDRgayjpq(2etp{(&o;UGkv(xPYCQ81ERN z+2h29NeHTbq*F%~1qk(Vp5a_%T4(boshzU;sN%Rc&lZGA%W?>jt|)VBJ=)l2u9&^_3BzK>u@^@nBNd~+l3Jvu=20Cx za#DFOg-H)kdxxKnS3eeeYh}^Ow3`qQf>u?9d1bj=fYRNyqiPnq0%zsKMRKm zwzQ621Ed_Tj~CZ&(OFiNu-^+KH(%8;*M4?Ln^(gG)gOg+sVVuzSHUj;u~*n^yfb+j zLwhA?XP_Xr>O`jk0|5X50)henVDmj-uUjbPzT!5~P|Bwd!y+tjnO=w^#df(Tg=vsU zc9ieyc7D0QN=dC5C^WOI_-%Fx zX|T5pR!)RC;B_bZ6jH{#pReUYB*|eH#g+Xbuj!jGNF98MjM;hkz+V_T_Nk}Aqy2Nc z6;)bUZyh03D}yS+xa|2!ZFN1pKPXq5%;Yk)B=k#s^^cxgQeI1#JWEM-AUL(eULy>_ zh@k0v3UPB&(04vCq+f=HbOdQ$q(BD&Q}w!E)>WPk!69sjIR2#8DZn}p5*KJVU_aM~ z=+M?nrHXID^+}!PGb>|gEK0FnsqUXcjFfeE1Eym^@9p4NhBa7HJ@RdvI(6}7A`gt^ z8(OYYtQHnY_H|(q0)hbn0RCMC9*a7Ymo@Kho0lH*l^MO5>wc|WXKX`~Wl8e;>K7X& z>rso>F7$z1(yL+=uW16ED)Ug%Y%)TY zMouzs=zlRfyk4WmHny@w+;OoXAUnM8slDI5E=529nfRsw*^z}wJ|{Zm9ehr-RIzU% zw1_FNv?Q6DAY3u~#V7tpdXQnowF3l)IzBH1ItbiB*~wzQv?!cgqVlxDzh<8d8Y{G` z6X}=c^LA+L2BdFi>sXsnJz5a7eQHyg@O~1O676RA57TBSI3$(?qMqZ2+d5C`QdUOP zK91}0|2V|>Ow5>pt1!z%E--ZCI2G%V36)96d3OpldW>;&SZCi^#q}<01)G08&`(Er zrq8uHGJs+0|0tAkWbXok0RaHTvy&MNYB=!RaQ^LE<|w%c%D$qzQ4l&Lf!MWmX0W6fc+KiicJAsj!o5`eb#+XK0sxa@$< z662yQ;g74lFbDONhMp#m zrR)NfHwT>~8{PZzqh4quCow?QM6vryr@Dl3Si+^^px!KW#-F!^>@RvB^>KdVe{xz< zBa+aA<=)oxt#WdN2_f3`Ua0fnEZRKJX7qHHEsfQ^$VHm)DCvbaefuqll{=%~Rf$0$ zLqbnFE^T1|qM_Ysb+J(bf&l>lxWL%BvnOrmkbdJe1Z5RH!$+j4)EpqKUq*}~FO(M< zhv8WMzZj}wq-H$IF9^jhv%Bc)6QVa!4ju993K9Q7_oDR#$d}Wjw9Wzx7|kRyjaMYy?=!R=LLdS3n zp1(TMl;mM=cNWT3r8r(G)^<=QPP=CT#ickF&%)En2xd zA&%iW63d5?ASNGVwSPIy0)hbm86dQ&+g7tna4Se)Xt?fZ`;p^U zVw``QWX?VS)%Vq8t9xqZLN!D{8;II8ha5@9LC<}}v@3za^iZdl{0!ejKz=ffqeyJ| z1+1*#&yX0?$@S3iX8C>GV~-Epx)J<<->+;Hv>*gh=i@Dqq`64l2vGIFl!A}4&B8WR zM&Og7%k62d#}cXITh&3~pc{7A`Q2n}ZHz5sQ5II8EMd=e?2e95kx+3y0@?jAf&wBi4F(A+hDe6@4FLfG1potr0uKN%f&vNxf&u{m z9q^c(sEaUZ=IHkyv7uOaRu0rlpE@&nWRv~T%J&Mer#I400op-rI&%X=Tp_?6SRC&( z&@CX#(ta(rSe6x!F!TodHmoKG@1`8;_wny9b6uAjo*xqbYkLQ-F`E;XFN8$-{|8w( zqXB7hP*CLfJBeD93fheugiaFjW&XKIcWLuh0CuaL_Z@Z*5lyW)m zn9z;$i~fNtoL%yu{J4Ofm>BOEq1ofahDivjexy@J6$J?Oah~B^WLjtQC#jvX_^9Hz zS}oefjg$NIzBtzV6S42AiC5oCwBPlr@R*$KQK-xI5YHBbO3QKxk*+9nYdzZ7X0DjM z^a;aa#<3SiAtM!|zmi&{rsh!{J91KaFNH}DPG(9#AFlY>syXu8$YjZqZp*m9XCnBR5~wG1q=}NSjx~ o1l1pfcBv`(#aF>E0I^rtY`imh8AE#|XlI}xx9UWv0s{d60lxzR)Bpeg literal 0 HcmV?d00001 diff --git a/tests/data_files/server1.key.der b/tests/data_files/server1.key.der new file mode 100644 index 0000000000000000000000000000000000000000..88288d1697fbcf89551a638b72954ef481475801 GIT binary patch literal 1190 zcmV;X1X=qqf&`)h0RRGm0RaH10v|mlG)TG2Gt2AiFF6vrW%hw2^qevWh`Xtm7CoDL0%W8+H6~C%mTU;EEXi3O5DxR z_fltb@hzYu{eJW@$}Mopi3q zDch@X65LwKYZt3hf>f~r0|5X50)hbm7K!!fkwUH*rvI=}Hx;C?w4pnmTQ@19y<*om z#^GG*d-J5&TCy2B1}MozE3xpwuZt5WiQgQR=O=i-Q!w?g*%i`4)!>1Sg#aGa`jgSl z6GdI?3Kc_zV(8<@)(*ks$?N~0D>k{!=`$?HpA8qMu6fK8Q_Xcin%T6r*X})nuWvF3 zWo+`Sn3Q}K!-gM0?^Bp2lz`39lo7dLCpzQvWZDU@gr6j;hcs+hVUDRCoovz5 zlPrMS{2vNIW~l>d5t*E#cVP#g4B#!WEF6%Z`Lrj6c-OldRI;}SFUja+wzHJuF~HFp znrJ0eWwzZ%e?b|=fS5T_2LN#q0)c@5*V~wS*lp&iuymib+JL&vK3u@)uLN^tm6WEt{i@HEj~U3-2D1ejGc?6+3A`BbCc$w`{cJH!W*HcTXUZBN;*rq|5vpC8*0^ z0oFJlZoE+KKJb7LGJjj5tih~uAhY^!bD1$svWJ@uu(f1*y@#u?5|x2kTL@&4vcT9J zVQ$ub_^8eYC-g>f9djep6nj`Gr6EJaJ4*tAfK&%ozPf|L3Jcm1*51bkrx!&3Cl~C4FCWD literal 0 HcmV?d00001 diff --git a/tests/data_files/server1.pubkey.der b/tests/data_files/server1.pubkey.der new file mode 100644 index 0000000000000000000000000000000000000000..1a432a45eb80115053fa38932333f03b63c3a8b1 GIT binary patch literal 294 zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>lsRAE8Kx)-hQ;YpJ z?t*156=7b9zqsf{klXHv7E;skLr_PS5?N%2YyB(WM)`BT-OrNYkz4I%pl^vOc}0NG zgKE`5Lw8>}dy?|_ z{y|m0s{d60o!+fT>t<8 literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index cf70684c1..f0a8d7fcf 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -1,47 +1,95 @@ Public key write check RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/server1.pubkey" +pk_write_pubkey_check:"data_files/server1.pubkey":0 + +Public key write check RSA (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +pk_write_pubkey_check:"data_files/server1.pubkey.der":1 Public key write check RSA 4096 depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/rsa4096_pub.pem" +pk_write_pubkey_check:"data_files/rsa4096_pub.pem":0 + +Public key write check RSA 4096 (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +pk_write_pubkey_check:"data_files/rsa4096_pub.pem.der":1 Public key write check EC 192 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_pubkey_check:"data_files/ec_pub.pem" +pk_write_pubkey_check:"data_files/ec_pub.pem":0 + +Public key write check EC 192 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_pubkey_check:"data_files/ec_pub.pem.der":1 Public key write check EC 521 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_pubkey_check:"data_files/ec_521_pub.pem" +pk_write_pubkey_check:"data_files/ec_521_pub.pem":0 + +Public key write check EC 521 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_pubkey_check:"data_files/ec_521_pub.pem.der":1 Public key write check EC Brainpool 512 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_pubkey_check:"data_files/ec_bp512_pub.pem" +pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":0 + +Public key write check EC Brainpool 512 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_pubkey_check:"data_files/ec_bp512_pub.pem.der":1 Private key write check RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/server1.key" +pk_write_key_check:"data_files/server1.key":0 + +Private key write check RSA (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +pk_write_key_check:"data_files/server1.key.der":1 Private key write check RSA 4096 depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/rsa4096_prv.pem" +pk_write_key_check:"data_files/rsa4096_prv.pem":0 + +Private key write check RSA 4096 (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +pk_write_key_check:"data_files/rsa4096_prv.pem.der":1 Private key write check EC 192 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_key_check:"data_files/ec_prv.sec1.pem" +pk_write_key_check:"data_files/ec_prv.sec1.pem":0 + +Private key write check EC 192 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_key_check:"data_files/ec_prv.sec1.pem.der":1 Private key write check EC 256 bits (top bit set) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_write_key_check:"data_files/ec_256_long_prv.pem" +pk_write_key_check:"data_files/ec_256_long_prv.pem":0 + +Private key write check EC 256 bits (top bit set) (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_write_key_check:"data_files/ec_256_long_prv.pem.der":1 Private key write check EC 521 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_prv.pem" +pk_write_key_check:"data_files/ec_521_prv.pem":0 + +Private key write check EC 521 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_prv.pem.der":1 Private key write check EC 521 bits (top byte is 0) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_short_prv.pem" +pk_write_key_check:"data_files/ec_521_short_prv.pem":0 + +Private key write check EC 521 bits (top byte is 0) (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_short_prv.pem.der":1 Private key write check EC Brainpool 512 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_key_check:"data_files/ec_bp512_prv.pem" +pk_write_key_check:"data_files/ec_bp512_prv.pem":0 + +Private key write check EC Brainpool 512 bits (DER) +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_key_check:"data_files/ec_bp512_prv.pem.der":1 From 3401b306ab0573862994f6f5b06051926443a5e2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Apr 2023 10:42:53 +0200 Subject: [PATCH 04/12] test: use proper macros for checks Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 98a117f71..716ba44a2 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -9,27 +9,27 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) unsigned char *buf = NULL; unsigned char *check_buf = NULL; unsigned char *start_buf; - size_t check_buf_len; + size_t buf_len, check_buf_len; int ret; /* Note: if mbedtls_pk_load_file() successfully reads the file, then it also allocates check_buf, which should be freed on exit */ - TEST_ASSERT(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len) == 0); + TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0); TEST_ASSERT(check_buf_len > 0); ASSERT_ALLOC(buf, check_buf_len); mbedtls_pk_init(&key); if (is_public_key) { - TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0); + TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); if (is_der) { ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); } else { ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); } } else { - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL, + mbedtls_test_rnd_std_rand, NULL), 0); if (is_der) { ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); } else { @@ -38,14 +38,16 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) } if (is_der) { - TEST_ASSERT(ret > 0); - start_buf = buf + check_buf_len - ret; + TEST_LE_U(1, ret); + buf_len = ret; + start_buf = buf + check_buf_len - buf_len; } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); + buf_len = check_buf_len; start_buf = buf; } - TEST_ASSERT(memcmp((char *) start_buf, (char *) check_buf, check_buf_len) == 0); + ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); exit: mbedtls_free(buf); From 8b7d4323daf3a2202869641d627dfb5c42210e1b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Apr 2023 11:08:44 +0200 Subject: [PATCH 05/12] test: add Makefile target for the generated DER files Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4228f4582..d32b43f6f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -999,6 +999,57 @@ ec_bp512_pub.comp.pem: ec_bp512_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed all_final += ec_bp512_pub.comp.pem +################################################################ +#### Convert PEM keys in DER format +################################################################ +server1.pubkey.der: server1.pubkey + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += server1.pubkey.der + +rsa4096_pub.pem.der: rsa4096_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += rsa4096_pub.pem.der + +ec_pub.pem.der: ec_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_pub.pem.der + +ec_521_pub.pem.der: ec_521_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_521_pub.pem.der + +ec_bp512_pub.pem.der: ec_bp512_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_bp512_pub.pem.der + +server1.key.der: server1.key + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += server1.key.der + +rsa4096_prv.pem.der: rsa4096_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += rsa4096_prv.pem.der + +ec_prv.sec1.pem.der: ec_prv.sec1.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_prv.sec1.pem.der + +ec_256_long_prv.pem.der: ec_256_long_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_256_long_prv.pem.der + +ec_521_prv.pem.der: ec_521_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_prv.pem.der + +ec_521_short_prv.pem.der: ec_521_short_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_short_prv.pem.der + +ec_bp512_prv.pem.der: ec_bp512_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_bp512_prv.pem.der + ################################################################ ### Generate CSRs for X.509 write test suite ################################################################ From c9cb5324b71d4956a387065b4593b2506345c10f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Apr 2023 11:20:36 +0200 Subject: [PATCH 06/12] test: specify input file type through enum Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.data | 48 ++++++++++++------------ tests/suites/test_suite_pkwrite.function | 5 +++ 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index f0a8d7fcf..25767fff0 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -1,95 +1,95 @@ Public key write check RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/server1.pubkey":0 +pk_write_pubkey_check:"data_files/server1.pubkey":TEST_PEM Public key write check RSA (DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/server1.pubkey.der":1 +pk_write_pubkey_check:"data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/rsa4096_pub.pem":0 +pk_write_pubkey_check:"data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/rsa4096_pub.pem.der":1 +pk_write_pubkey_check:"data_files/rsa4096_pub.pem.der":TEST_DER Public key write check EC 192 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_pubkey_check:"data_files/ec_pub.pem":0 +pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM Public key write check EC 192 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_pubkey_check:"data_files/ec_pub.pem.der":1 +pk_write_pubkey_check:"data_files/ec_pub.pem.der":TEST_DER Public key write check EC 521 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_pubkey_check:"data_files/ec_521_pub.pem":0 +pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_pubkey_check:"data_files/ec_521_pub.pem.der":1 +pk_write_pubkey_check:"data_files/ec_521_pub.pem.der":TEST_DER Public key write check EC Brainpool 512 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":0 +pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM Public key write check EC Brainpool 512 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_pubkey_check:"data_files/ec_bp512_pub.pem.der":1 +pk_write_pubkey_check:"data_files/ec_bp512_pub.pem.der":TEST_DER Private key write check RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/server1.key":0 +pk_write_key_check:"data_files/server1.key":TEST_PEM Private key write check RSA (DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/server1.key.der":1 +pk_write_key_check:"data_files/server1.key.der":TEST_DER Private key write check RSA 4096 depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/rsa4096_prv.pem":0 +pk_write_key_check:"data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/rsa4096_prv.pem.der":1 +pk_write_key_check:"data_files/rsa4096_prv.pem.der":TEST_DER Private key write check EC 192 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_key_check:"data_files/ec_prv.sec1.pem":0 +pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM Private key write check EC 192 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_key_check:"data_files/ec_prv.sec1.pem.der":1 +pk_write_key_check:"data_files/ec_prv.sec1.pem.der":TEST_DER Private key write check EC 256 bits (top bit set) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_write_key_check:"data_files/ec_256_long_prv.pem":0 +pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM Private key write check EC 256 bits (top bit set) (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_write_key_check:"data_files/ec_256_long_prv.pem.der":1 +pk_write_key_check:"data_files/ec_256_long_prv.pem.der":TEST_DER Private key write check EC 521 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_prv.pem":0 +pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_prv.pem.der":1 +pk_write_key_check:"data_files/ec_521_prv.pem.der":TEST_DER Private key write check EC 521 bits (top byte is 0) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_short_prv.pem":0 +pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_short_prv.pem.der":1 +pk_write_key_check:"data_files/ec_521_short_prv.pem.der":TEST_DER Private key write check EC Brainpool 512 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_key_check:"data_files/ec_bp512_prv.pem":0 +pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_key_check:"data_files/ec_bp512_prv.pem.der":1 +pk_write_key_check:"data_files/ec_bp512_prv.pem.der":TEST_DER diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 716ba44a2..a304e07e6 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -3,6 +3,11 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" +typedef enum { + TEST_PEM, + TEST_DER +} pkwrite_file_format_t; + static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; From 15cac17da5d44477fad64c703e08abd6490c80dd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Apr 2023 11:25:30 +0200 Subject: [PATCH 07/12] test: fix dependencies in DER and PEM tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.data | 48 ++++++++++++------------ tests/suites/test_suite_pkwrite.function | 12 +++++- 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 25767fff0..698c8f565 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -1,95 +1,95 @@ Public key write check RSA -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C pk_write_pubkey_check:"data_files/server1.pubkey":TEST_PEM Public key write check RSA (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C pk_write_pubkey_check:"data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"data_files/rsa4096_pub.pem.der":TEST_DER Public key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM Public key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.pem.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.pem.der":TEST_DER Public key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM Public key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.pem.der":TEST_DER Private key write check RSA -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C pk_write_key_check:"data_files/server1.key":TEST_PEM Private key write check RSA (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C pk_write_key_check:"data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C pk_write_key_check:"data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C +depends_on:MBEDTLS_RSA_C pk_write_key_check:"data_files/rsa4096_prv.pem.der":TEST_DER Private key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM Private key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.pem.der":TEST_DER Private key write check EC 256 bits (top bit set) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM Private key write check EC 256 bits (top bit set) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.pem.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.pem.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.pem.der":TEST_DER Private key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.pem.der":TEST_DER diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index a304e07e6..11bc5a88a 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -30,7 +30,11 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) if (is_der) { ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); } else { +#if defined(MBEDTLS_PEM_WRITE_C) ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); +#else + ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif } } else { TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL, @@ -38,7 +42,11 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) if (is_der) { ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); } else { +#if defined(MBEDTLS_PEM_WRITE_C) ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); +#else + ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif } } @@ -66,7 +74,7 @@ exit: * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ +/* BEGIN_CASE */ void pk_write_pubkey_check(char *key_file, int is_der) { pk_write_check_common(key_file, 1, is_der); @@ -74,7 +82,7 @@ void pk_write_pubkey_check(char *key_file, int is_der) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ +/* BEGIN_CASE */ void pk_write_key_check(char *key_file, int is_der) { pk_write_check_common(key_file, 0, is_der); From 232a006a461fbf8cf5ec4603211b1031d97dccef Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Apr 2023 12:53:19 +0200 Subject: [PATCH 08/12] test: fix extension in DER test files Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 40 +++++++++--------- ...6_long_prv.pem.der => ec_256_long_prv.der} | Bin .../{ec_521_prv.pem.der => ec_521_prv.der} | Bin .../{ec_521_pub.pem.der => ec_521_pub.der} | Bin ...short_prv.pem.der => ec_521_short_prv.der} | Bin ...{ec_bp512_prv.pem.der => ec_bp512_prv.der} | Bin ...{ec_bp512_pub.pem.der => ec_bp512_pub.der} | Bin tests/data_files/ec_prv.sec1.pem.der | Bin 97 -> 0 bytes tests/data_files/ec_pub.pem.der | Bin 75 -> 0 bytes .../{rsa4096_prv.pem.der => rsa4096_prv.der} | Bin .../{rsa4096_pub.pem.der => rsa4096_pub.der} | Bin tests/suites/test_suite_pkwrite.data | 20 ++++----- 12 files changed, 30 insertions(+), 30 deletions(-) rename tests/data_files/{ec_256_long_prv.pem.der => ec_256_long_prv.der} (100%) rename tests/data_files/{ec_521_prv.pem.der => ec_521_prv.der} (100%) rename tests/data_files/{ec_521_pub.pem.der => ec_521_pub.der} (100%) rename tests/data_files/{ec_521_short_prv.pem.der => ec_521_short_prv.der} (100%) rename tests/data_files/{ec_bp512_prv.pem.der => ec_bp512_prv.der} (100%) rename tests/data_files/{ec_bp512_pub.pem.der => ec_bp512_pub.der} (100%) delete mode 100644 tests/data_files/ec_prv.sec1.pem.der delete mode 100644 tests/data_files/ec_pub.pem.der rename tests/data_files/{rsa4096_prv.pem.der => rsa4096_prv.der} (100%) rename tests/data_files/{rsa4096_pub.pem.der => rsa4096_pub.der} (100%) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d32b43f6f..38ed0387b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1006,49 +1006,49 @@ server1.pubkey.der: server1.pubkey $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER all_final += server1.pubkey.der -rsa4096_pub.pem.der: rsa4096_pub.pem +rsa4096_pub.der: rsa4096_pub.pem $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER -all_final += rsa4096_pub.pem.der +all_final += rsa4096_pub.der -ec_pub.pem.der: ec_pub.pem +ec_pub.der: ec_pub.pem $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER -all_final += ec_pub.pem.der +all_final += ec_pub.der -ec_521_pub.pem.der: ec_521_pub.pem +ec_521_pub.der: ec_521_pub.pem $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER -all_final += ec_521_pub.pem.der +all_final += ec_521_pub.der -ec_bp512_pub.pem.der: ec_bp512_pub.pem +ec_bp512_pub.der: ec_bp512_pub.pem $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER -all_final += ec_bp512_pub.pem.der +all_final += ec_bp512_pub.der server1.key.der: server1.key $(OPENSSL) pkey -in $< -out $@ -outform DER all_final += server1.key.der -rsa4096_prv.pem.der: rsa4096_prv.pem +rsa4096_prv.der: rsa4096_prv.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += rsa4096_prv.pem.der +all_final += rsa4096_prv.der -ec_prv.sec1.pem.der: ec_prv.sec1.pem +ec_prv.sec1.der: ec_prv.sec1.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += ec_prv.sec1.pem.der +all_final += ec_prv.sec1.der -ec_256_long_prv.pem.der: ec_256_long_prv.pem +ec_256_long_prv.der: ec_256_long_prv.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += ec_256_long_prv.pem.der +all_final += ec_256_long_prv.der -ec_521_prv.pem.der: ec_521_prv.pem +ec_521_prv.der: ec_521_prv.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += ec_521_prv.pem.der +all_final += ec_521_prv.der -ec_521_short_prv.pem.der: ec_521_short_prv.pem +ec_521_short_prv.der: ec_521_short_prv.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += ec_521_short_prv.pem.der +all_final += ec_521_short_prv.der -ec_bp512_prv.pem.der: ec_bp512_prv.pem +ec_bp512_prv.der: ec_bp512_prv.pem $(OPENSSL) pkey -in $< -out $@ -outform DER -all_final += ec_bp512_prv.pem.der +all_final += ec_bp512_prv.der ################################################################ ### Generate CSRs for X.509 write test suite diff --git a/tests/data_files/ec_256_long_prv.pem.der b/tests/data_files/ec_256_long_prv.der similarity index 100% rename from tests/data_files/ec_256_long_prv.pem.der rename to tests/data_files/ec_256_long_prv.der diff --git a/tests/data_files/ec_521_prv.pem.der b/tests/data_files/ec_521_prv.der similarity index 100% rename from tests/data_files/ec_521_prv.pem.der rename to tests/data_files/ec_521_prv.der diff --git a/tests/data_files/ec_521_pub.pem.der b/tests/data_files/ec_521_pub.der similarity index 100% rename from tests/data_files/ec_521_pub.pem.der rename to tests/data_files/ec_521_pub.der diff --git a/tests/data_files/ec_521_short_prv.pem.der b/tests/data_files/ec_521_short_prv.der similarity index 100% rename from tests/data_files/ec_521_short_prv.pem.der rename to tests/data_files/ec_521_short_prv.der diff --git a/tests/data_files/ec_bp512_prv.pem.der b/tests/data_files/ec_bp512_prv.der similarity index 100% rename from tests/data_files/ec_bp512_prv.pem.der rename to tests/data_files/ec_bp512_prv.der diff --git a/tests/data_files/ec_bp512_pub.pem.der b/tests/data_files/ec_bp512_pub.der similarity index 100% rename from tests/data_files/ec_bp512_pub.pem.der rename to tests/data_files/ec_bp512_pub.der diff --git a/tests/data_files/ec_prv.sec1.pem.der b/tests/data_files/ec_prv.sec1.pem.der deleted file mode 100644 index fe336b71055afccfda17798c806c7b94a5cabbea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 97 zcmV-n0G|IaUjhLE1Q;`phNyw!IQ2=rZv|6HOLODa5itG6$!(wt1_&yKNX|V20Rf>j z12O;vQFXlEFr#quol}$M5^{*x0cW-Jw6}J~boa*dRJYP31}quXE DZeJ@@ diff --git a/tests/data_files/ec_pub.pem.der b/tests/data_files/ec_pub.pem.der deleted file mode 100644 index 74c5951f60c2c13c29369f85c95958c4af70dc3c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 75 zcmXr;G!SNE*J|@PXUoLM#sOw9Gcqz8F|h2Ztlhk>p5u+JXSV+q!Oh Date: Tue, 18 Apr 2023 12:57:52 +0200 Subject: [PATCH 09/12] test: properly check written PEM buffer len Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 11bc5a88a..1697a5140 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -38,7 +38,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) } } else { TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL), 0); + mbedtls_test_rnd_std_rand, NULL), 0); if (is_der) { ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); } else { @@ -56,7 +56,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) start_buf = buf + check_buf_len - buf_len; } else { TEST_EQUAL(ret, 0); - buf_len = check_buf_len; + buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */ start_buf = buf; } From 7bacaf859abdc31684978f5f787151d92ac3920a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Apr 2023 08:52:16 +0200 Subject: [PATCH 10/12] fix new line difference in Windows Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 1697a5140..fa205eeae 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -8,6 +8,25 @@ typedef enum { TEST_DER } pkwrite_file_format_t; +/* Helper function for removing "\r" chars from a buffer. This i */ +static void fix_new_lines(unsigned char *in_str, size_t *len) +{ + size_t chars_left; + unsigned int i; + + for (i = 0; (i < *len) && (*len > 0); i++) { + if (in_str[i] == '\r') { + if (i < (*len - 1)) { + chars_left = *len - i - 1; + memcpy(&in_str[i], &in_str[i+1], chars_left); + } else { + in_str[i] = '\0'; + } + *len = *len - 1; + } + } +} + static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; @@ -22,6 +41,19 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0); TEST_ASSERT(check_buf_len > 0); + /* Windows' line ending is different from the Linux's one ("\r\n" vs "\n"). + * Git treats PEM files as text, so when on Windows, it replaces new lines + * with "\r\n" on checkout. + * Unfortunately mbedtls_pk_load_file() loads files in binary format, + * while mbedtls_pk_write_pubkey_pem() goes through the I/O layer which + * uses "\n" for newlines in both Windows and Linux. + * Here we remove the extra "\r" so that "buf" and "check_buf" can be + * easily compared later. */ + if (!is_der) { + fix_new_lines(check_buf, &check_buf_len); + } + TEST_ASSERT(check_buf_len > 0); + ASSERT_ALLOC(buf, check_buf_len); mbedtls_pk_init(&key); From 547b3a4ab538715c1d5349c3cbbdea893aa43765 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Apr 2023 10:24:37 +0200 Subject: [PATCH 11/12] fix typos Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 2 +- tests/suites/test_suite_pkwrite.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 38ed0387b..47370b49e 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1000,7 +1000,7 @@ ec_bp512_pub.comp.pem: ec_bp512_pub.pem all_final += ec_bp512_pub.comp.pem ################################################################ -#### Convert PEM keys in DER format +#### Convert PEM keys to DER format ################################################################ server1.pubkey.der: server1.pubkey $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index fa205eeae..7cc845ace 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -8,7 +8,7 @@ typedef enum { TEST_DER } pkwrite_file_format_t; -/* Helper function for removing "\r" chars from a buffer. This i */ +/* Helper function for removing "\r" chars from a buffer. */ static void fix_new_lines(unsigned char *in_str, size_t *len) { size_t chars_left; From bf974b9b1cbcb71f37ad72215d1427b614bae00e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Apr 2023 10:26:24 +0200 Subject: [PATCH 12/12] test_suite_pkwrite: replace memcpy with memmove Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 7cc845ace..c0c5ad0b6 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -18,7 +18,7 @@ static void fix_new_lines(unsigned char *in_str, size_t *len) if (in_str[i] == '\r') { if (i < (*len - 1)) { chars_left = *len - i - 1; - memcpy(&in_str[i], &in_str[i+1], chars_left); + memmove(&in_str[i], &in_str[i+1], chars_left); } else { in_str[i] = '\0'; }