mbedtls/tests/suites/test_suite_pkparse.function
Gilles Peskine 069cec1737 Also check the RSA length for public keys
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:59:17 +01:00

294 lines
10 KiB
C

/* BEGIN_HEADER */
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/ecp.h"
#include "mbedtls/psa_util.h"
#include "pk_internal.h"
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der
#endif
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PK_PARSE_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
int res;
char *pwd = password;
mbedtls_pk_init(&ctx);
MD_PSA_INIT();
if (strcmp(pwd, "NULL") == 0) {
pwd = NULL;
}
res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd,
mbedtls_test_rnd_std_rand, NULL);
TEST_EQUAL(res, result);
if (res == 0) {
mbedtls_rsa_context *rsa;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx);
TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
size_t bitlen = mbedtls_rsa_get_bitlen(rsa);
TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen);
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DECRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
void pk_parse_public_keyfile_rsa(char *key_file, int result)
{
mbedtls_pk_context ctx;
int res;
mbedtls_pk_init(&ctx);
MD_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
TEST_EQUAL(res, result);
if (res == 0) {
mbedtls_rsa_context *rsa;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx);
TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
size_t bitlen = mbedtls_rsa_get_bitlen(rsa);
TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen);
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_public_keyfile_ec(char *key_file, int result)
{
mbedtls_pk_context ctx;
int res;
mbedtls_pk_init(&ctx);
MD_OR_USE_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
TEST_EQUAL(res, result);
if (res == 0) {
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/* No need to check whether the parsed public point is on the curve or
* not because this is already done by the internal "pk_get_ecpubkey()"
* function */
#else
const mbedtls_ecp_keypair *eckey;
eckey = mbedtls_pk_ec_ro(ctx);
TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0);
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
int res;
mbedtls_pk_init(&ctx);
MD_OR_USE_PSA_INIT();
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
mbedtls_test_rnd_std_rand, NULL);
TEST_EQUAL(res, result);
if (res == 0) {
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/* PSA keys are already checked on import so nothing to do here. */
#else
const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0);
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DERIVE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void pk_parse_key(data_t *buf, int result)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL) == result);
exit:
mbedtls_pk_free(&pk);
USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */
void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len,
pass->x, pass->len,
mbedtls_test_rnd_std_rand,
NULL), result);
exit:
mbedtls_pk_free(&pk);
USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */
void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output)
{
/* Montgomery keys have specific bits set to either 0 or 1 depending on
* their position. This is enforced during parsing (please see the implementation
* of mbedtls_ecp_read_key() for more details). The scope of this function
* is to verify this enforcing by feeding the parse algorithm with a x25519
* key which does not have those bits set properly. */
mbedtls_pk_context pk;
unsigned char *output_key = NULL;
size_t output_key_len = 0;
mbedtls_pk_init(&pk);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL), 0);
output_key_len = input_key->len;
TEST_CALLOC(output_key, output_key_len);
/* output_key_len is updated with the real amount of data written to
* output_key buffer. */
output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len);
TEST_ASSERT(output_key_len > 0);
TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len);
exit:
if (output_key != NULL) {
mbedtls_free(output_key);
}
mbedtls_pk_free(&pk);
USE_PSA_DONE();
}
/* END_CASE */