84dea01f36
This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
131 lines
3 KiB
Text
131 lines
3 KiB
Text
/* BEGIN_HEADER */
|
|
#include "mbedtls/pk.h"
|
|
#include "mbedtls/pem.h"
|
|
#include "mbedtls/oid.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_BIGNUM_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
|
|
void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
|
|
{
|
|
mbedtls_pk_context ctx;
|
|
int res;
|
|
char *pwd = password;
|
|
|
|
mbedtls_pk_init( &ctx );
|
|
|
|
if( strcmp( pwd, "NULL" ) == 0 )
|
|
pwd = NULL;
|
|
|
|
res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd,
|
|
mbedtls_test_rnd_std_rand, NULL );
|
|
|
|
TEST_ASSERT( res == result );
|
|
|
|
if( res == 0 )
|
|
{
|
|
mbedtls_rsa_context *rsa;
|
|
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_RSA ) );
|
|
rsa = mbedtls_pk_rsa( ctx );
|
|
TEST_ASSERT( mbedtls_rsa_check_privkey( rsa ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
|
|
void pk_parse_public_keyfile_rsa( char * key_file, int result )
|
|
{
|
|
mbedtls_pk_context ctx;
|
|
int res;
|
|
|
|
mbedtls_pk_init( &ctx );
|
|
|
|
res = mbedtls_pk_parse_public_keyfile( &ctx, key_file );
|
|
|
|
TEST_ASSERT( res == result );
|
|
|
|
if( res == 0 )
|
|
{
|
|
mbedtls_rsa_context *rsa;
|
|
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_RSA ) );
|
|
rsa = mbedtls_pk_rsa( ctx );
|
|
TEST_ASSERT( mbedtls_rsa_check_pubkey( rsa ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
|
|
void pk_parse_public_keyfile_ec( char * key_file, int result )
|
|
{
|
|
mbedtls_pk_context ctx;
|
|
int res;
|
|
|
|
mbedtls_pk_init( &ctx );
|
|
|
|
res = mbedtls_pk_parse_public_keyfile( &ctx, key_file );
|
|
|
|
TEST_ASSERT( res == result );
|
|
|
|
if( res == 0 )
|
|
{
|
|
mbedtls_ecp_keypair *eckey;
|
|
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
|
|
eckey = mbedtls_pk_ec( ctx );
|
|
TEST_ASSERT( mbedtls_ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
|
|
void pk_parse_keyfile_ec( char * key_file, char * password, int result )
|
|
{
|
|
mbedtls_pk_context ctx;
|
|
int res;
|
|
|
|
mbedtls_pk_init( &ctx );
|
|
|
|
res = mbedtls_pk_parse_keyfile( &ctx, key_file, password,
|
|
mbedtls_test_rnd_std_rand, NULL );
|
|
|
|
TEST_ASSERT( res == result );
|
|
|
|
if( res == 0 )
|
|
{
|
|
mbedtls_ecp_keypair *eckey;
|
|
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
|
|
eckey = mbedtls_pk_ec( ctx );
|
|
TEST_ASSERT( mbedtls_ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void pk_parse_key( data_t * buf, int result )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0,
|
|
mbedtls_test_rnd_std_rand, NULL ) == result );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|