/* BEGIN_HEADER */ #include "mbedtls/pk.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/ecp.h" #include "mbedtls/psa_util.h" #include "pk_internal.h" #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) #define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der #endif /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_PK_PARSE_C * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) { mbedtls_pk_context ctx; int res; char *pwd = password; mbedtls_pk_init(&ctx); MD_PSA_INIT(); if (strcmp(pwd, "NULL") == 0) { pwd = NULL; } res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd, mbedtls_test_rnd_std_rand, NULL); TEST_EQUAL(res, result); if (res == 0) { mbedtls_rsa_context *rsa; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); } exit: mbedtls_pk_free(&ctx); MD_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ void pk_parse_public_keyfile_rsa(char *key_file, int result) { mbedtls_pk_context ctx; int res; mbedtls_pk_init(&ctx); MD_PSA_INIT(); res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); TEST_EQUAL(res, result); if (res == 0) { mbedtls_rsa_context *rsa; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); } exit: mbedtls_pk_free(&ctx); MD_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_public_keyfile_ec(char *key_file, int result) { mbedtls_pk_context ctx; int res; mbedtls_pk_init(&ctx); MD_OR_USE_PSA_INIT(); res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); TEST_EQUAL(res, result); if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /* No need to check whether the parsed public point is on the curve or * not because this is already done by the internal "pk_get_ecpubkey()" * function */ #else const mbedtls_ecp_keypair *eckey; eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0); #endif } exit: mbedtls_pk_free(&ctx); MD_OR_USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_keyfile_ec(char *key_file, char *password, int result) { mbedtls_pk_context ctx; int res; mbedtls_pk_init(&ctx); MD_OR_USE_PSA_INIT(); res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, mbedtls_test_rnd_std_rand, NULL); TEST_EQUAL(res, result); if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); #if defined(MBEDTLS_ECP_C) const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0); #else /* PSA keys are already checked on import so nothing to do here. */ #endif } exit: mbedtls_pk_free(&ctx); MD_OR_USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void pk_parse_key(data_t *buf, int result) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0, mbedtls_test_rnd_std_rand, NULL) == result); exit: mbedtls_pk_free(&pk); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */ void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); USE_PSA_INIT(); TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len, pass->x, pass->len, mbedtls_test_rnd_std_rand, NULL), result); exit: mbedtls_pk_free(&pk); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) { /* Montgomery keys have specific bits set to either 0 or 1 depending on * their position. This is enforced during parsing (please see the implementation * of mbedtls_ecp_read_key() for more details). The scope of this function * is to verify this enforcing by feeding the parse algorithm with a x25519 * key which does not have those bits set properly. */ mbedtls_pk_context pk; unsigned char *output_key = NULL; size_t output_key_len = 0; mbedtls_pk_init(&pk); USE_PSA_INIT(); TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0, mbedtls_test_rnd_std_rand, NULL), 0); output_key_len = input_key->len; TEST_CALLOC(output_key, output_key_len); /* output_key_len is updated with the real amount of data written to * output_key buffer. */ output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); TEST_ASSERT(output_key_len > 0); TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); exit: if (output_key != NULL) { mbedtls_free(output_key); } mbedtls_pk_free(&pk); USE_PSA_DONE(); } /* END_CASE */