test: verify that Montgomery keys can be fixed on parsing

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-04 19:58:43 +02:00 · 2023-07-04 19:58:43 +02:00 · aed87994da
commit aed87994da
parent 41b0818bcb
2 changed files with 38 additions and 1 deletions
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@ -1198,7 +1198,7 @@ pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0)
 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
-pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":0
+pk_parse_fix_x25519:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"

 Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@ -3,6 +3,7 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/ecp.h"
+#include "mbedtls/psa_util.h"
 #include "pk_internal.h"
 /* END_HEADER */

@ -148,3 +149,39 @@ exit:
    USE_PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
+void pk_parse_fix_x25519(data_t *input_key, data_t *exp_output)
+{
+    /* Montgomery keys have specific bits set to either 0 or 1 depending on
+     * their position. This is enforced during parsing (please see the implementation
+     * of mbedtls_ecp_read_key() for more details). The scope of this function
+     * is to verify this enforcing by feeding the parse algorithm with a x25519
+     * key which does not have those bits set properly. */
+    mbedtls_pk_context pk;
+    unsigned char *output_key = NULL;
+    size_t output_key_len = 0;
+
+    mbedtls_pk_init(&pk);
+    USE_PSA_INIT();
+
+    TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0,
+                                    mbedtls_test_rnd_std_rand, NULL), 0);
+
+    output_key_len = input_key->len;
+    ASSERT_ALLOC(output_key, output_key_len);
+    /* output_key_len is updated with the real amount of data written to
+     * output_key buffer. */
+    output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len);
+    TEST_ASSERT(output_key_len > 0);
+
+    ASSERT_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len);
+
+exit:
+    if (output_key != NULL) {
+        mbedtls_free(output_key);
+    }
+    mbedtls_pk_free(&pk);
+    USE_PSA_DONE();
+}
+/* END_CASE */