mbedtls/tests/suites/test_suite_pkwrite.function

/* BEGIN_HEADER */
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "psa/crypto_sizes.h"

typedef enum {
    TEST_PEM,
    TEST_DER
} pkwrite_file_format_t;

/* Helper function for removing "\r" chars from a buffer. */
static void fix_new_lines(unsigned char *in_str, size_t *len)
{
    size_t chars_left;
    unsigned int i;

    for (i = 0; (i < *len) && (*len > 0); i++) {
        if (in_str[i] == '\r') {
            if (i < (*len - 1)) {
                chars_left = *len - i - 1;
                memmove(&in_str[i], &in_str[i+1], chars_left);
            } else {
                in_str[i] = '\0';
            }
            *len = *len - 1;
        }
    }
}

static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
    mbedtls_pk_context key;
    unsigned char *buf = NULL;
    unsigned char *check_buf = NULL;
    unsigned char *start_buf;
    size_t buf_len, check_buf_len;
    int ret;

    mbedtls_pk_init(&key);
    USE_PSA_INIT();

    /* Note: if mbedtls_pk_load_file() successfully reads the file, then
       it also allocates check_buf, which should be freed on exit */
    TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
    TEST_ASSERT(check_buf_len > 0);

    /* Windows' line ending is different from the Linux's one ("\r\n" vs "\n").
     * Git treats PEM files as text, so when on Windows, it replaces new lines
     * with "\r\n" on checkout.
     * Unfortunately mbedtls_pk_load_file() loads files in binary format,
     * while mbedtls_pk_write_pubkey_pem() goes through the I/O layer which
     * uses "\n" for newlines in both Windows and Linux.
     * Here we remove the extra "\r" so that "buf" and "check_buf" can be
     * easily compared later. */
    if (!is_der) {
        fix_new_lines(check_buf, &check_buf_len);
    }
    TEST_ASSERT(check_buf_len > 0);

    ASSERT_ALLOC(buf, check_buf_len);

    if (is_public_key) {
        TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0);
        if (is_der) {
            ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len);
        } else {
#if defined(MBEDTLS_PEM_WRITE_C)
            ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len);
#else
            ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#endif
        }
    } else {
        TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
                                            mbedtls_test_rnd_std_rand, NULL), 0);
        if (is_der) {
            ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len);
        } else {
#if defined(MBEDTLS_PEM_WRITE_C)
            ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len);
#else
            ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#endif
        }
    }

    if (is_der) {
        TEST_LE_U(1, ret);
        buf_len = ret;
        start_buf = buf + check_buf_len - buf_len;
    } else {
        TEST_EQUAL(ret, 0);
        buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */
        start_buf = buf;
    }

    ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len);

exit:
    mbedtls_free(buf);
    mbedtls_free(check_buf);
    mbedtls_pk_free(&key);
    USE_PSA_DONE();
}
/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void pk_write_pubkey_check(char *key_file, int is_der)
{
    pk_write_check_common(key_file, 1, is_der);
    goto exit; /* make the compiler happy */
}
/* END_CASE */

/* BEGIN_CASE */
void pk_write_key_check(char *key_file, int is_der)
{
    pk_write_check_common(key_file, 0, is_der);
    goto exit; /* make the compiler happy */
}
/* END_CASE */

/* BEGIN_CASE */
void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
{
    mbedtls_pk_context priv_key;
    uint8_t *derived_key_raw = NULL;
    size_t derived_key_len = 0;
    uint8_t *pub_key_raw = NULL;
    size_t pub_key_len = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_pk_init(&priv_key);
    USE_PSA_INIT();

    TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL,
                                        mbedtls_test_rnd_std_rand, NULL), 0);
    TEST_EQUAL(mbedtls_pk_load_file(pub_key_file, &pub_key_raw,
                                    &pub_key_len), 0);

    derived_key_len = pub_key_len;
    ASSERT_ALLOC(derived_key_raw, derived_key_len);

    TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
                                           derived_key_len), pub_key_len);

    ASSERT_COMPARE(derived_key_raw, derived_key_len,
                   pub_key_raw, pub_key_len);

#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw));

    TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
                                         PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
                                         PSA_ALG_NONE), 0);

    TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
                                           derived_key_len), pub_key_len);

    ASSERT_COMPARE(derived_key_raw, derived_key_len,
                   pub_key_raw, pub_key_len);
#endif /* MBEDTLS_USE_PSA_CRYPTO */

exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_destroy_key(opaque_key_id);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    mbedtls_free(derived_key_raw);
    mbedtls_free(pub_key_raw);
    mbedtls_pk_free(&priv_key);
    USE_PSA_DONE();
}
/* END_CASE */