1/* BEGIN_HEADER */ 2#include "mbedtls/pk.h" 3 4/* For error codes */ 5#include "mbedtls/asn1.h" 6#include "mbedtls/base64.h" 7#include "mbedtls/ecp.h" 8#include "mbedtls/rsa.h" 9 10#include "hash_info.h" 11#include "mbedtls/legacy_or_psa.h" 12 13#include <limits.h> 14#include <stdint.h> 15 16/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), 17 * but the test code generator requires test case data to be valid C code 18 * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ 19#include "psa/crypto.h" 20 21#define RSA_KEY_SIZE 512 22#define RSA_KEY_LEN 64 23 24/** Generate a key of the desired type. 25 * 26 * \param pk The PK object to fill. It must have been initialized 27 * with mbedtls_pk_setup(). 28 * \param parameter - For RSA keys, the key size in bits. 29 * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). 30 * 31 * \return The status from the underlying type-specific key 32 * generation function. 33 * \return -1 if the key type is not recognized. 34 */ 35static int pk_genkey( mbedtls_pk_context *pk, int parameter ) 36{ 37 ((void) pk); 38 (void) parameter; 39 40#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 41 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) 42 return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), 43 mbedtls_test_rnd_std_rand, NULL, 44 parameter, 3 ); 45#endif 46#if defined(MBEDTLS_ECP_C) 47 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY || 48 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH || 49 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA ) 50 { 51 int ret; 52 if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp, 53 parameter ) ) != 0 ) 54 return( ret ); 55 56 return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, 57 &mbedtls_pk_ec( *pk )->d, 58 &mbedtls_pk_ec( *pk )->Q, 59 mbedtls_test_rnd_std_rand, NULL ); 60 } 61#endif 62 return( -1 ); 63} 64 65#if defined(MBEDTLS_RSA_C) 66int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, 67 const unsigned char *input, unsigned char *output, 68 size_t output_max_len ) 69{ 70 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, 71 mbedtls_test_rnd_std_rand, NULL, 72 olen, input, output, output_max_len ) ); 73} 74int mbedtls_rsa_sign_func( void *ctx, 75 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 76 mbedtls_md_type_t md_alg, unsigned int hashlen, 77 const unsigned char *hash, unsigned char *sig ) 78{ 79 ((void) f_rng); 80 ((void) p_rng); 81 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, 82 mbedtls_test_rnd_std_rand, NULL, 83 md_alg, hashlen, hash, sig ) ); 84} 85size_t mbedtls_rsa_key_len_func( void *ctx ) 86{ 87 return( ((const mbedtls_rsa_context *) ctx)->len ); 88} 89#endif /* MBEDTLS_RSA_C */ 90 91#if defined(MBEDTLS_USE_PSA_CRYPTO) 92 93/* 94 * Generate an ECC key using PSA and return the key identifier of that key, 95 * or 0 if the key generation failed. 96 * The key uses NIST P-256 and is usable for signing with SHA-256. 97 */ 98mbedtls_svc_key_id_t pk_psa_genkey_ecc( void ) 99{ 100 mbedtls_svc_key_id_t key; 101 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 102 const psa_key_type_t type = 103 PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); 104 const size_t bits = 256; 105 106 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 107 psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) ); 108 psa_set_key_type( &attributes, type ); 109 psa_set_key_bits( &attributes, bits ); 110 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 111 112exit: 113 return( key ); 114} 115 116/* 117 * Generate an RSA key using PSA and return the key identifier of that key, 118 * or 0 if the key generation failed. 119 */ 120mbedtls_svc_key_id_t pk_psa_genkey_rsa( void ) 121{ 122 mbedtls_svc_key_id_t key; 123 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 124 const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; 125 const size_t bits = 1024; 126 127 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 128 psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW ); 129 psa_set_key_type( &attributes, type ); 130 psa_set_key_bits( &attributes, bits ); 131 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 132 133exit: 134 return( key ); 135} 136#endif /* MBEDTLS_USE_PSA_CRYPTO */ 137/* END_HEADER */ 138 139/* BEGIN_DEPENDENCIES 140 * depends_on:MBEDTLS_PK_C 141 * END_DEPENDENCIES 142 */ 143 144/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 145void pk_psa_utils( int key_is_rsa ) 146{ 147 mbedtls_pk_context pk, pk2; 148 mbedtls_svc_key_id_t key; 149 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 150 151 const char * const name = "Opaque"; 152 size_t bitlen; 153 154 mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; 155 unsigned char b1[1], b2[1]; 156 size_t len; 157 mbedtls_pk_debug_item dbg; 158 159 PSA_ASSERT( psa_crypto_init( ) ); 160 161 mbedtls_pk_init( &pk ); 162 mbedtls_pk_init( &pk2 ); 163 164 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); 165 166 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) == 167 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 168 169 mbedtls_pk_free( &pk ); 170 mbedtls_pk_init( &pk ); 171 172 if( key_is_rsa ) 173 { 174 bitlen = 1024; /* hardcoded in genkey() */ 175 key = pk_psa_genkey_rsa(); 176 } 177 else 178 { 179 bitlen = 256; /* hardcoded in genkey() */ 180 key = pk_psa_genkey_ecc(); 181 } 182 if( mbedtls_svc_key_id_is_null( key ) ) 183 goto exit; 184 185 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); 186 187 TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE ); 188 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 ); 189 190 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen ); 191 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 ); 192 193 if( key_is_rsa ) 194 { 195 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 ); 196 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 ); 197 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 ); 198 } 199 else 200 { 201 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); 202 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); 203 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); 204 } 205 206 /* unsupported operations: verify, decrypt, encrypt */ 207 TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg, 208 b1, sizeof( b1), b2, sizeof( b2 ) ) 209 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 210 if( key_is_rsa == 0 ) 211 { 212 TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ), 213 b2, &len, sizeof( b2 ), 214 NULL, NULL ) 215 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 216 } 217 TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ), 218 b2, &len, sizeof( b2 ), 219 NULL, NULL ) 220 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 221 222 /* unsupported functions: check_pair, debug */ 223 if( key_is_rsa ) 224 TEST_ASSERT( mbedtls_pk_setup( &pk2, 225 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 226 else 227 TEST_ASSERT( mbedtls_pk_setup( &pk2, 228 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); 229 TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2, 230 mbedtls_test_rnd_std_rand, NULL ) 231 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 232 TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg ) 233 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 234 235 /* test that freeing the context does not destroy the key */ 236 mbedtls_pk_free( &pk ); 237 TEST_ASSERT( PSA_SUCCESS == psa_get_key_attributes( key, &attributes ) ); 238 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) ); 239 240exit: 241 /* 242 * Key attributes may have been returned by psa_get_key_attributes() 243 * thus reset them as required. 244 */ 245 psa_reset_key_attributes( &attributes ); 246 247 mbedtls_pk_free( &pk ); /* redundant except upon error */ 248 mbedtls_pk_free( &pk2 ); 249 USE_PSA_DONE( ); 250} 251/* END_CASE */ 252 253/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 254void pk_can_do_ext( int opaque_key, int key_type, int key_usage, int key_alg, 255 int key_alg2, int parameter, int alg_check, int usage_check, 256 int result ) 257{ 258 mbedtls_pk_context pk; 259 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 260 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 261 262 PSA_ASSERT( psa_crypto_init( ) ); 263 264 mbedtls_pk_init( &pk ); 265 266 if( opaque_key == 1 ) 267 { 268 psa_set_key_usage_flags( &attributes, key_usage ); 269 psa_set_key_algorithm( &attributes, key_alg ); 270 if( key_alg2 != 0 ) 271 psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); 272 psa_set_key_type( &attributes, key_type ); 273 psa_set_key_bits( &attributes, parameter ); 274 275 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 276 277 if( mbedtls_svc_key_id_is_null( key ) ) 278 goto exit; 279 280 TEST_EQUAL( mbedtls_pk_setup_opaque( &pk, key ), 0 ); 281 282 TEST_EQUAL( mbedtls_pk_get_type( &pk ), MBEDTLS_PK_OPAQUE ); 283 } 284 else 285 { 286 TEST_EQUAL( mbedtls_pk_setup( &pk, 287 mbedtls_pk_info_from_type( key_type ) ), 0 ); 288 TEST_EQUAL( pk_genkey( &pk, parameter ), 0 ); 289 TEST_EQUAL( mbedtls_pk_get_type( &pk ), key_type ); 290 } 291 292 TEST_EQUAL( mbedtls_pk_can_do_ext( &pk, alg_check, usage_check ), result ); 293 294exit: 295 psa_reset_key_attributes( &attributes ); 296 PSA_ASSERT( psa_destroy_key( key ) ); 297 mbedtls_pk_free( &pk ); 298 USE_PSA_DONE( ); 299} 300/* END_CASE */ 301 302/* BEGIN_CASE */ 303void pk_invalid_param() 304{ 305 mbedtls_pk_context ctx; 306 mbedtls_pk_type_t pk_type = 0; 307 unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 308 size_t buf_size = sizeof( buf ); 309 310 mbedtls_pk_init( &ctx ); 311 312 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 313 mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_NONE, 314 NULL, buf_size, 315 buf, buf_size, 316 NULL ) ); 317 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 318 mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_SHA256, 319 NULL, 0, 320 buf, buf_size, 321 NULL ) ); 322 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 323 mbedtls_pk_verify_ext( pk_type, NULL, 324 &ctx, MBEDTLS_MD_NONE, 325 NULL, buf_size, 326 buf, buf_size ) ); 327 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 328 mbedtls_pk_verify_ext( pk_type, NULL, 329 &ctx, MBEDTLS_MD_SHA256, 330 NULL, 0, 331 buf, buf_size ) ); 332 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 333 mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_NONE, 334 NULL, buf_size, 335 buf, buf_size, &buf_size, 336 NULL, NULL, 337 NULL ) ); 338 TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 339 mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_SHA256, 340 NULL, 0, 341 buf, buf_size, &buf_size, 342 NULL, NULL, 343 NULL ) ); 344exit: 345 mbedtls_pk_free( &ctx ); 346} 347/* END_CASE */ 348 349/* BEGIN_CASE */ 350void valid_parameters( ) 351{ 352 mbedtls_pk_context pk; 353 unsigned char buf[1]; 354 size_t len; 355 void *options = NULL; 356 357 mbedtls_pk_init( &pk ); 358 359 TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == 360 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 361 362 /* In informational functions, we accept NULL where a context pointer 363 * is expected because that's what the library has done forever. 364 * We do not document that NULL is accepted, so we may wish to change 365 * the behavior in a future version. */ 366 TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 ); 367 TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 ); 368 TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); 369 370 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, 371 MBEDTLS_MD_NONE, 372 NULL, 0, 373 buf, sizeof( buf ), &len, 374 mbedtls_test_rnd_std_rand, NULL, 375 NULL ) == 376 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 377 378 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, 379 MBEDTLS_MD_NONE, 380 NULL, 0, 381 buf, sizeof( buf ), &len, 382 mbedtls_test_rnd_std_rand, NULL, 383 NULL ) == 384 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 385 386 TEST_ASSERT( mbedtls_pk_sign( &pk, 387 MBEDTLS_MD_NONE, 388 NULL, 0, 389 buf, sizeof( buf ), &len, 390 mbedtls_test_rnd_std_rand, NULL ) == 391 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 392 393 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, 394 MBEDTLS_MD_NONE, 395 NULL, 0, 396 buf, sizeof( buf ), 397 NULL ) == 398 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 399 400 TEST_ASSERT( mbedtls_pk_verify( &pk, 401 MBEDTLS_MD_NONE, 402 NULL, 0, 403 buf, sizeof( buf ) ) == 404 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 405 406 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 407 &pk, 408 MBEDTLS_MD_NONE, 409 NULL, 0, 410 buf, sizeof( buf ) ) == 411 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 412 413 TEST_ASSERT( mbedtls_pk_encrypt( &pk, 414 NULL, 0, 415 NULL, &len, 0, 416 mbedtls_test_rnd_std_rand, NULL ) == 417 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 418 419 TEST_ASSERT( mbedtls_pk_decrypt( &pk, 420 NULL, 0, 421 NULL, &len, 0, 422 mbedtls_test_rnd_std_rand, NULL ) == 423 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 424 425#if defined(MBEDTLS_PK_PARSE_C) 426 TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1, 427 mbedtls_test_rnd_std_rand, NULL ) == 428 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 429 430 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == 431 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 432#endif /* MBEDTLS_PK_PARSE_C */ 433} 434/* END_CASE */ 435 436/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ 437void valid_parameters_pkwrite( data_t *key_data ) 438{ 439 mbedtls_pk_context pk; 440 441 /* For the write tests to be effective, we need a valid key pair. */ 442 mbedtls_pk_init( &pk ); 443 TEST_ASSERT( mbedtls_pk_parse_key( &pk, 444 key_data->x, key_data->len, NULL, 0, 445 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 446 447 TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == 448 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 449 450 TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == 451 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 452 453#if defined(MBEDTLS_PEM_WRITE_C) 454 TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) == 455 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); 456 457 TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) == 458 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); 459#endif /* MBEDTLS_PEM_WRITE_C */ 460 461exit: 462 mbedtls_pk_free( &pk ); 463} 464/* END_CASE */ 465 466/* BEGIN_CASE */ 467void pk_utils( int type, int parameter, int bitlen, int len, char * name ) 468{ 469 mbedtls_pk_context pk; 470 471 mbedtls_pk_init( &pk ); 472 473 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 474 TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); 475 476 TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type ); 477 TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) ); 478 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) bitlen ); 479 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len ); 480 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 ); 481 482exit: 483 mbedtls_pk_free( &pk ); 484} 485/* END_CASE */ 486 487/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 488void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) 489{ 490 mbedtls_pk_context pub, prv, alt; 491 492 USE_PSA_INIT(); 493 494 mbedtls_pk_init( &pub ); 495 mbedtls_pk_init( &prv ); 496 mbedtls_pk_init( &alt ); 497 498 TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); 499 TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL, 500 mbedtls_test_rnd_std_rand, NULL ) 501 == 0 ); 502 503 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv, 504 mbedtls_test_rnd_std_rand, NULL ) 505 == ret ); 506 507#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 508 if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) 509 { 510 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), 511 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 512 mbedtls_rsa_key_len_func ) == 0 ); 513 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt, 514 mbedtls_test_rnd_std_rand, NULL ) 515 == ret ); 516 } 517#endif 518 519 mbedtls_pk_free( &pub ); 520 mbedtls_pk_free( &prv ); 521 mbedtls_pk_free( &alt ); 522 USE_PSA_DONE(); 523} 524/* END_CASE */ 525 526/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 527void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, 528 char * input_N, char * input_E, 529 data_t * result_str, int result ) 530{ 531 mbedtls_rsa_context *rsa; 532 mbedtls_pk_context pk; 533 mbedtls_pk_restart_ctx *rs_ctx = NULL; 534#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 535 mbedtls_pk_restart_ctx ctx; 536 537 rs_ctx = &ctx; 538 mbedtls_pk_restart_init( rs_ctx ); 539 // this setting would ensure restart would happen if ECC was used 540 mbedtls_ecp_set_max_ops( 1 ); 541#endif 542 543 USE_PSA_INIT(); 544 545 mbedtls_pk_init( &pk ); 546 547 548 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 549 rsa = mbedtls_pk_rsa( pk ); 550 551 rsa->len = mod / 8; 552 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 ); 553 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 ); 554 555 TEST_ASSERT( mbedtls_pk_verify( &pk, digest, message_str->x, 0, 556 result_str->x, mbedtls_pk_get_len( &pk ) ) == result ); 557 558 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, message_str->x, 0, 559 result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result ); 560 561exit: 562#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 563 mbedtls_pk_restart_free( rs_ctx ); 564#endif 565 mbedtls_pk_free( &pk ); 566 USE_PSA_DONE(); 567} 568/* END_CASE */ 569 570/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 571void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, 572 int mod, char * input_N, 573 char * input_E, data_t * result_str, 574 int pk_type, int mgf1_hash_id, 575 int salt_len, int sig_len, 576 int result ) 577{ 578 mbedtls_rsa_context *rsa; 579 mbedtls_pk_context pk; 580 mbedtls_pk_rsassa_pss_options pss_opts; 581 void *options; 582 int ret; 583 584 USE_PSA_INIT( ); 585 mbedtls_pk_init( &pk ); 586 587 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 588 rsa = mbedtls_pk_rsa( pk ); 589 590 rsa->len = mod / 8; 591 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 ); 592 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 ); 593 594 595 if( mgf1_hash_id < 0 ) 596 { 597 options = NULL; 598 } 599 else 600 { 601 options = &pss_opts; 602 603 pss_opts.mgf1_hash_id = mgf1_hash_id; 604 pss_opts.expected_salt_len = salt_len; 605 } 606 607 ret = mbedtls_pk_verify_ext( pk_type, options, &pk, 608 digest, message_str->x, message_str->len, 609 result_str->x, sig_len ); 610 611#if defined(MBEDTLS_USE_PSA_CRYPTO) 612 if( result == MBEDTLS_ERR_RSA_INVALID_PADDING ) 613 { 614 /* Mbed TLS distinguishes "invalid padding" from "valid padding but 615 * the rest of the signature is invalid". This has little use in 616 * practice and PSA doesn't report this distinction. 617 * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated 618 * to MBEDTLS_ERR_RSA_VERIFY_FAILED. 619 * However, currently `mbedtls_pk_verify_ext()` may use either the 620 * PSA or the Mbed TLS API, depending on the PSS options used. 621 * So, it may return either INVALID_PADDING or INVALID_SIGNATURE. 622 */ 623 TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED ); 624 } 625 else 626#endif 627 { 628 TEST_EQUAL( ret, result ); 629 } 630 631exit: 632 mbedtls_pk_free( &pk ); 633 USE_PSA_DONE( ); 634} 635/* END_CASE */ 636 637/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */ 638void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash, 639 data_t * sig, int ret ) 640{ 641 mbedtls_pk_context pk; 642 mbedtls_ecp_keypair *eckey; 643 644 mbedtls_pk_init( &pk ); 645 USE_PSA_INIT( ); 646 647 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 648 649 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) ); 650 eckey = mbedtls_pk_ec( pk ); 651 652 TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 ); 653 TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q, 654 key->x, key->len ) == 0 ); 655 656 // MBEDTLS_MD_NONE is used since it will be ignored. 657 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, 658 hash->x, hash->len, sig->x, sig->len ) == ret ); 659 660exit: 661 mbedtls_pk_free( &pk ); 662 USE_PSA_DONE( ); 663} 664/* END_CASE */ 665 666/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ 667void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, 668 char *QX_str, char *QY_str, 669 int md_alg, data_t *hash, data_t *sig_check, 670 int max_ops, int min_restart, int max_restart ) 671{ 672 int ret, cnt_restart; 673 mbedtls_pk_restart_ctx rs_ctx; 674 mbedtls_pk_context prv, pub; 675 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 676 size_t slen; 677 678 USE_PSA_INIT(); 679 680 mbedtls_pk_restart_init( &rs_ctx ); 681 mbedtls_pk_init( &prv ); 682 mbedtls_pk_init( &pub ); 683 memset( sig, 0, sizeof( sig ) ); 684 685 TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); 686 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); 687 TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, d_str ) == 0 ); 688 689 TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); 690 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); 691 TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); 692 693 mbedtls_ecp_set_max_ops( max_ops ); 694 695 slen = sizeof( sig ); 696 cnt_restart = 0; 697 do { 698 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash->x, hash->len, 699 sig, sizeof( sig ), &slen, 700 mbedtls_test_rnd_std_rand, NULL, 701 &rs_ctx ); 702 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 703 704 TEST_ASSERT( ret == 0 ); 705 TEST_ASSERT( slen == sig_check->len ); 706 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); 707 708 TEST_ASSERT( cnt_restart >= min_restart ); 709 TEST_ASSERT( cnt_restart <= max_restart ); 710 711 cnt_restart = 0; 712 do { 713 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 714 hash->x, hash->len, sig, slen, &rs_ctx ); 715 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 716 717 TEST_ASSERT( ret == 0 ); 718 TEST_ASSERT( cnt_restart >= min_restart ); 719 TEST_ASSERT( cnt_restart <= max_restart ); 720 721 sig[0]++; 722 do { 723 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 724 hash->x, hash->len, sig, slen, &rs_ctx ); 725 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 726 TEST_ASSERT( ret != 0 ); 727 sig[0]--; 728 729 /* Do we leak memory when aborting? try verify then sign 730 * This test only makes sense when we actually restart */ 731 if( min_restart > 0 ) 732 { 733 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 734 hash->x, hash->len, sig, slen, &rs_ctx ); 735 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 736 mbedtls_pk_restart_free( &rs_ctx ); 737 738 slen = sizeof( sig ); 739 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash->x, hash->len, 740 sig, sizeof sig, &slen, 741 mbedtls_test_rnd_std_rand, NULL, 742 &rs_ctx ); 743 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 744 } 745 746exit: 747 mbedtls_pk_restart_free( &rs_ctx ); 748 mbedtls_pk_free( &prv ); 749 mbedtls_pk_free( &pub ); 750 USE_PSA_DONE(); 751} 752/* END_CASE */ 753 754/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 755void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) 756{ 757 mbedtls_pk_context pk; 758 size_t sig_len; 759 unsigned char hash[32]; // Hard-coded for SHA256 760 size_t hash_len = sizeof( hash ); 761 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 762 void *rs_ctx = NULL; 763#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 764 mbedtls_pk_restart_ctx ctx; 765 766 rs_ctx = &ctx; 767 mbedtls_pk_restart_init( rs_ctx ); 768 /* This value is large enough that the operation will complete in one run. 769 * See comments at the top of ecp_test_vect_restart in 770 * test_suite_ecp.function for estimates of operation counts. */ 771 mbedtls_ecp_set_max_ops( 42000 ); 772#endif 773 774 mbedtls_pk_init( &pk ); 775 USE_PSA_INIT( ); 776 777 memset( hash, 0x2a, sizeof hash ); 778 memset( sig, 0, sizeof sig ); 779 780 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 781 TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); 782 783 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256, 784 hash, hash_len, 785 sig, sizeof sig, &sig_len, 786 mbedtls_test_rnd_std_rand, NULL, 787 rs_ctx ) == sign_ret ); 788 if( sign_ret == 0 ) 789 TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); 790 else 791 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 792 793 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 794 hash, hash_len, sig, sig_len ) == verify_ret ); 795 796 if( verify_ret == 0 ) 797 { 798 hash[0]++; 799 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 800 hash, hash_len, sig, sig_len ) != 0 ); 801 hash[0]--; 802 803 sig[0]++; 804 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 805 hash, hash_len, sig, sig_len ) != 0 ); 806 sig[0]--; 807 } 808 809 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, hash_len, 810 sig, sizeof sig, &sig_len, 811 mbedtls_test_rnd_std_rand, 812 NULL ) == sign_ret ); 813 if( sign_ret == 0 ) 814 TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); 815 else 816 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 817 818 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, 819 hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret ); 820 821 if( verify_ret == 0 ) 822 { 823 hash[0]++; 824 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, 825 hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 ); 826 hash[0]--; 827 828 sig[0]++; 829 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, 830 hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 ); 831 sig[0]--; 832 } 833 834exit: 835#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 836 mbedtls_pk_restart_free( rs_ctx ); 837#endif 838 mbedtls_pk_free( &pk ); 839 USE_PSA_DONE( ); 840} 841/* END_CASE */ 842 843/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 844void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, 845 char * input_P, char * input_Q, 846 char * input_N, char * input_E, 847 int ret ) 848{ 849 unsigned char output[300], result[300]; 850 mbedtls_test_rnd_pseudo_info rnd_info; 851 mbedtls_mpi N, P, Q, E; 852 mbedtls_rsa_context *rsa; 853 mbedtls_pk_context pk; 854 size_t olen, rlen; 855 856 mbedtls_pk_init( &pk ); 857 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 858 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 859 860 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 861 memset( output, 0, sizeof( output ) ); 862 863 USE_PSA_INIT( ); 864 865 /* encryption test */ 866 867 /* init pk-rsa context */ 868 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 869 rsa = mbedtls_pk_rsa( pk ); 870 871 /* load public key */ 872 rsa->len = mod / 8; 873 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, input_N ) == 0 ); 874 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, input_E ) == 0 ); 875 876 TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, 877 output, &olen, sizeof( output ), 878 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 879 880 /* decryption test */ 881 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 882 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 883 884 /* init pk-rsa context */ 885 mbedtls_pk_free( &pk ); 886 TEST_ASSERT( mbedtls_pk_setup( &pk, 887 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 888 rsa = mbedtls_pk_rsa( pk ); 889 890 /* load public key */ 891 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 892 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 893 894 /* load private key */ 895 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 896 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 897 TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); 898 TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); 899 TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); 900 901 memset( result, 0, sizeof( result ) ); 902 rlen = 0; 903 TEST_ASSERT( mbedtls_pk_decrypt( &pk, output, olen, 904 result, &rlen, sizeof( result ), 905 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 906 if( ret == 0 ) 907 { 908 TEST_ASSERT( rlen == message->len ); 909 TEST_ASSERT( memcmp( result, message->x, rlen ) == 0 ); 910 } 911 912exit: 913 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 914 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 915 mbedtls_pk_free( &pk ); 916 USE_PSA_DONE( ); 917} 918/* END_CASE */ 919 920/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 921void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, 922 char * input_P, char * input_Q, 923 char * input_N, char * input_E, 924 data_t * clear, int ret ) 925{ 926 unsigned char output[256]; 927 mbedtls_test_rnd_pseudo_info rnd_info; 928 mbedtls_mpi N, P, Q, E; 929 mbedtls_rsa_context *rsa; 930 mbedtls_pk_context pk; 931 size_t olen; 932 933 USE_PSA_INIT( ); 934 935 mbedtls_pk_init( &pk ); 936 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 937 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 938 939 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 940 941 942 /* init pk-rsa context */ 943 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 944 rsa = mbedtls_pk_rsa( pk ); 945 946 /* load public key */ 947 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 948 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 949 950 /* load private key */ 951 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 952 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 953 TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); 954 TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); 955 TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); 956 957 /* decryption test */ 958 memset( output, 0, sizeof( output ) ); 959 olen = 0; 960 TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, 961 output, &olen, sizeof( output ), 962 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 963 if( ret == 0 ) 964 { 965 TEST_ASSERT( olen == clear->len ); 966 TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 ); 967 } 968 969exit: 970 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 971 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 972 mbedtls_pk_free( &pk ); 973 USE_PSA_DONE( ); 974} 975/* END_CASE */ 976 977/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ 978void pk_wrap_rsa_decrypt_test_vec( data_t * cipher, int mod, 979 char * input_P, char * input_Q, 980 char * input_N, char * input_E, 981 data_t * clear, int ret ) 982{ 983 unsigned char output[256]; 984 mbedtls_test_rnd_pseudo_info rnd_info; 985 mbedtls_mpi N, P, Q, E; 986 mbedtls_rsa_context *rsa; 987 mbedtls_pk_context pk; 988 mbedtls_svc_key_id_t key_id; 989 size_t olen; 990 991 USE_PSA_INIT( ); 992 993 mbedtls_pk_init( &pk ); 994 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 995 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 996 997 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 998 999 /* init pk-rsa context */ 1000 TEST_EQUAL( mbedtls_pk_setup( &pk, 1001 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ), 0 ); 1002 rsa = mbedtls_pk_rsa( pk ); 1003 1004 /* load public key */ 1005 TEST_EQUAL( mbedtls_test_read_mpi( &N, input_N ), 0 ); 1006 TEST_EQUAL( mbedtls_test_read_mpi( &E, input_E ), 0 ); 1007 1008 /* load private key */ 1009 TEST_EQUAL( mbedtls_test_read_mpi( &P, input_P ), 0 ); 1010 TEST_EQUAL( mbedtls_test_read_mpi( &Q, input_Q ), 0 ); 1011 TEST_EQUAL( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ), 0 ); 1012 TEST_EQUAL( mbedtls_rsa_get_len( rsa ), (size_t) ( mod / 8 ) ); 1013 TEST_EQUAL( mbedtls_rsa_complete( rsa ), 0 ); 1014 1015 /* Turn PK context into an opaque one. */ 1016 TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &pk, &key_id, 1017 PSA_ALG_RSA_PKCS1V15_CRYPT, 1018 PSA_KEY_USAGE_DECRYPT, 1019 PSA_ALG_NONE ), 0 ); 1020 1021 /* decryption test */ 1022 memset( output, 0, sizeof( output ) ); 1023 olen = 0; 1024 TEST_EQUAL( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, 1025 output, &olen, sizeof( output ), 1026 mbedtls_test_rnd_pseudo_rand, &rnd_info ), ret ); 1027 if( ret == 0 ) 1028 { 1029 TEST_EQUAL( olen, clear->len ); 1030 TEST_EQUAL( memcmp( output, clear->x, olen ), 0 ); 1031 } 1032 1033 TEST_EQUAL( PSA_SUCCESS, psa_destroy_key( key_id ) ); 1034 1035exit: 1036 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 1037 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 1038 mbedtls_pk_free( &pk ); 1039 USE_PSA_DONE( ); 1040} 1041/* END_CASE */ 1042 1043/* BEGIN_CASE */ 1044void pk_ec_nocrypt( int type ) 1045{ 1046 mbedtls_pk_context pk; 1047 unsigned char output[100]; 1048 unsigned char input[100]; 1049 mbedtls_test_rnd_pseudo_info rnd_info; 1050 size_t olen = 0; 1051 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1052 1053 mbedtls_pk_init( &pk ); 1054 1055 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 1056 memset( output, 0, sizeof( output ) ); 1057 memset( input, 0, sizeof( input ) ); 1058 1059 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 1060 1061 TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), 1062 output, &olen, sizeof( output ), 1063 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 1064 1065 TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), 1066 output, &olen, sizeof( output ), 1067 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 1068 1069exit: 1070 mbedtls_pk_free( &pk ); 1071} 1072/* END_CASE */ 1073 1074/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1075void pk_rsa_overflow( ) 1076{ 1077 mbedtls_pk_context pk; 1078 size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX; 1079 unsigned char hash[50], sig[100]; 1080 1081 if( SIZE_MAX <= UINT_MAX ) 1082 return; 1083 1084 memset( hash, 0x2a, sizeof hash ); 1085 memset( sig, 0, sizeof sig ); 1086 1087 mbedtls_pk_init( &pk ); 1088 1089 TEST_ASSERT( mbedtls_pk_setup( &pk, 1090 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1091 1092#if defined(MBEDTLS_PKCS1_V21) 1093 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk, 1094 MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == 1095 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1096#endif /* MBEDTLS_PKCS1_V21 */ 1097 1098 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, 1099 sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1100 1101 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, 1102 sig, sizeof sig, &sig_len, 1103 mbedtls_test_rnd_std_rand, NULL ) 1104 == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1105 1106exit: 1107 mbedtls_pk_free( &pk ); 1108} 1109/* END_CASE */ 1110 1111/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 1112void pk_rsa_alt( ) 1113{ 1114 /* 1115 * An rsa_alt context can only do private operations (decrypt, sign). 1116 * Test it against the public operations (encrypt, verify) of a 1117 * corresponding rsa context. 1118 */ 1119 mbedtls_rsa_context raw; 1120 mbedtls_pk_context rsa, alt; 1121 mbedtls_pk_debug_item dbg_items[10]; 1122 unsigned char hash[50], sig[64]; 1123 unsigned char msg[50], ciph[64], test[50]; 1124 size_t sig_len, ciph_len, test_len; 1125 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1126 1127 USE_PSA_INIT( ); 1128 1129 mbedtls_rsa_init( &raw ); 1130 mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt ); 1131 1132 memset( hash, 0x2a, sizeof hash ); 1133 memset( sig, 0, sizeof sig ); 1134 memset( msg, 0x2a, sizeof msg ); 1135 memset( ciph, 0, sizeof ciph ); 1136 memset( test, 0, sizeof test ); 1137 1138 /* Initialize PK RSA context with random key */ 1139 TEST_ASSERT( mbedtls_pk_setup( &rsa, 1140 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1141 TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 ); 1142 1143 /* Extract key to the raw rsa context */ 1144 TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 ); 1145 1146 /* Initialize PK RSA_ALT context */ 1147 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw, 1148 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); 1149 1150 /* Test administrative functions */ 1151 TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) ); 1152 TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE ); 1153 TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN ); 1154 TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT ); 1155 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 ); 1156 1157 /* Test signature */ 1158#if SIZE_MAX > UINT_MAX 1159 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, 1160 sig, sizeof sig, &sig_len, 1161 mbedtls_test_rnd_std_rand, NULL ) 1162 == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1163#endif /* SIZE_MAX > UINT_MAX */ 1164 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, 1165 sig, sizeof sig, &sig_len, 1166 mbedtls_test_rnd_std_rand, NULL ) 1167 == 0 ); 1168 TEST_ASSERT( sig_len == RSA_KEY_LEN ); 1169 TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, 1170 hash, sizeof hash, sig, sig_len ) == 0 ); 1171 1172 /* Test decrypt */ 1173 TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg, 1174 ciph, &ciph_len, sizeof ciph, 1175 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1176 TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len, 1177 test, &test_len, sizeof test, 1178 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1179 TEST_ASSERT( test_len == sizeof msg ); 1180 TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); 1181 1182 /* Test forbidden operations */ 1183 TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg, 1184 ciph, &ciph_len, sizeof ciph, 1185 mbedtls_test_rnd_std_rand, NULL ) == ret ); 1186 TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE, 1187 hash, sizeof hash, sig, sig_len ) == ret ); 1188 TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret ); 1189 1190exit: 1191 mbedtls_rsa_free( &raw ); 1192 mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt ); 1193 USE_PSA_DONE( ); 1194} 1195/* END_CASE */ 1196 1197/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO */ 1198void pk_psa_sign( int parameter_arg, 1199 int psa_type_arg, int expected_bits_arg ) 1200{ 1201 mbedtls_pk_context pk; 1202 unsigned char hash[32]; 1203 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1204 unsigned char pkey_legacy[200]; 1205 unsigned char pkey_psa[200]; 1206 unsigned char *pkey_legacy_start, *pkey_psa_start; 1207 psa_algorithm_t alg_psa; 1208 size_t sig_len, klen_legacy, klen_psa; 1209 int ret; 1210 mbedtls_svc_key_id_t key_id; 1211 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1212 psa_key_type_t expected_type = psa_type_arg; 1213 size_t expected_bits = expected_bits_arg; 1214 1215 /* 1216 * This tests making signatures with a wrapped PSA key: 1217 * - generate a fresh ECP/RSA legacy PK context 1218 * - wrap it in a PK context and make a signature this way 1219 * - extract the public key 1220 * - parse it to a PK context and verify the signature this way 1221 */ 1222 1223 PSA_ASSERT( psa_crypto_init( ) ); 1224 1225#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 1226 if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) ) 1227 { 1228 /* Create legacy RSA public/private key in PK context. */ 1229 mbedtls_pk_init( &pk ); 1230 TEST_ASSERT( mbedtls_pk_setup( &pk, 1231 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1232 TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ), 1233 mbedtls_test_rnd_std_rand, NULL, 1234 parameter_arg, 3 ) == 0 ); 1235 alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ); 1236 } 1237 else 1238#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ 1239#if defined(MBEDTLS_ECDSA_C) 1240 if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) ) 1241 { 1242 mbedtls_ecp_group_id grpid = parameter_arg; 1243 1244 /* Create legacy EC public/private key in PK context. */ 1245 mbedtls_pk_init( &pk ); 1246 TEST_ASSERT( mbedtls_pk_setup( &pk, 1247 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); 1248 TEST_ASSERT( mbedtls_ecp_gen_key( grpid, 1249 (mbedtls_ecp_keypair*) pk.pk_ctx, 1250 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1251 alg_psa = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); 1252 } 1253 else 1254#endif /* MBEDTLS_ECDSA_C */ 1255 { 1256 (void) parameter_arg; 1257 TEST_ASSUME( ! "Opaque PK key not supported in this configuration" ); 1258 } 1259 1260 /* Export underlying public key for re-importing in a legacy context. */ 1261 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, 1262 sizeof( pkey_legacy ) ); 1263 TEST_ASSERT( ret >= 0 ); 1264 klen_legacy = (size_t) ret; 1265 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1266 pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; 1267 1268 /* Turn PK context into an opaque one. */ 1269 TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id, alg_psa, 1270 PSA_KEY_USAGE_SIGN_HASH, 1271 PSA_ALG_NONE ) == 0 ); 1272 1273 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 1274 TEST_EQUAL( psa_get_key_type( &attributes ), expected_type ); 1275 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); 1276 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 1277 PSA_KEY_LIFETIME_VOLATILE ); 1278 1279 memset( hash, 0x2a, sizeof hash ); 1280 memset( sig, 0, sizeof sig ); 1281 1282 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, 1283 hash, sizeof hash, sig, sizeof sig, &sig_len, 1284 NULL, NULL ) == 0 ); 1285 1286 /* Export underlying public key for re-importing in a psa context. */ 1287 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa, 1288 sizeof( pkey_psa ) ); 1289 TEST_ASSERT( ret >= 0 ); 1290 klen_psa = (size_t) ret; 1291 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1292 pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa; 1293 1294 TEST_ASSERT( klen_psa == klen_legacy ); 1295 TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); 1296 1297 mbedtls_pk_free( &pk ); 1298 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) ); 1299 1300 mbedtls_pk_init( &pk ); 1301 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, 1302 klen_legacy ) == 0 ); 1303 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 1304 hash, sizeof hash, sig, sig_len ) == 0 ); 1305 1306exit: 1307 /* 1308 * Key attributes may have been returned by psa_get_key_attributes() 1309 * thus reset them as required. 1310 */ 1311 psa_reset_key_attributes( &attributes ); 1312 1313 mbedtls_pk_free( &pk ); 1314 USE_PSA_DONE( ); 1315} 1316/* END_CASE */ 1317 1318/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ 1319void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) 1320{ 1321 /* See the description of pk_genkey() for the description of the `parameter` argument. */ 1322 mbedtls_pk_context pk; 1323 size_t sig_len; 1324 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1325 unsigned char hash[PSA_HASH_MAX_SIZE]; 1326 size_t hash_len = mbedtls_hash_info_get_size( md_alg ); 1327 void const *options = NULL; 1328 mbedtls_pk_rsassa_pss_options rsassa_pss_options; 1329 memset( hash, 0x2a, sizeof( hash ) ); 1330 memset( sig, 0, sizeof( sig ) ); 1331 1332 mbedtls_pk_init( &pk ); 1333 PSA_INIT(); 1334 1335 TEST_ASSERT( mbedtls_pk_setup( &pk, 1336 mbedtls_pk_info_from_type( pk_type ) ) == 0 ); 1337 1338 TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); 1339 1340 TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, 1341 sig, sizeof( sig ), &sig_len, 1342 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1343 1344 if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) 1345 { 1346 rsassa_pss_options.mgf1_hash_id = md_alg; 1347 TEST_ASSERT( hash_len != 0 ); 1348 rsassa_pss_options.expected_salt_len = hash_len; 1349 options = (const void*) &rsassa_pss_options; 1350 } 1351 TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, 1352 hash, hash_len, sig, sig_len ) == 0 ); 1353exit: 1354 PSA_DONE( ); 1355 mbedtls_pk_free( &pk ); 1356} 1357/* END_CASE */ 1358 1359/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */ 1360void pk_psa_wrap_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) 1361{ 1362 /* See the description of mbedtls_rsa_gen_key() for the description of the `parameter` argument. */ 1363 mbedtls_pk_context pk; 1364 size_t sig_len, pkey_len; 1365 mbedtls_svc_key_id_t key_id; 1366 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1367 unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; 1368 unsigned char *pkey_start; 1369 unsigned char hash[PSA_HASH_MAX_SIZE]; 1370 psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg ); 1371 psa_algorithm_t psa_alg; 1372 size_t hash_len = PSA_HASH_LENGTH( psa_md_alg ); 1373 void const *options = NULL; 1374 mbedtls_pk_rsassa_pss_options rsassa_pss_options; 1375 int ret; 1376 1377 mbedtls_pk_init( &pk ); 1378 PSA_INIT(); 1379 1380 /* Create legacy RSA public/private key in PK context. */ 1381 mbedtls_pk_init( &pk ); 1382 TEST_EQUAL( mbedtls_pk_setup( &pk, 1383 mbedtls_pk_info_from_type( pk_type ) ), 0 ); 1384 TEST_EQUAL( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ), 1385 mbedtls_test_rnd_std_rand, NULL, 1386 parameter, 3 ), 0 ); 1387 1388 /* Export underlying public key for re-importing in a legacy context. */ 1389 ret = mbedtls_pk_write_pubkey_der( &pk, pkey, sizeof( pkey ) ); 1390 TEST_ASSERT( ret >= 0 ); 1391 1392 pkey_len = (size_t) ret; 1393 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1394 pkey_start = pkey + sizeof( pkey ) - pkey_len; 1395 1396 if( key_pk_type == MBEDTLS_PK_RSA ) 1397 psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( psa_md_alg ); 1398 else if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) 1399 psa_alg = PSA_ALG_RSA_PSS( psa_md_alg ); 1400 else 1401 TEST_ASSUME( ! "PK key type not supported in this configuration" ); 1402 1403 /* Turn PK context into an opaque one. */ 1404 TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &pk, &key_id, psa_alg, 1405 PSA_KEY_USAGE_SIGN_HASH, 1406 PSA_ALG_NONE ), 0 ); 1407 1408 memset( hash, 0x2a, sizeof( hash ) ); 1409 memset( sig, 0, sizeof( sig ) ); 1410 1411 TEST_EQUAL( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, 1412 sig, sizeof( sig ), &sig_len, 1413 mbedtls_test_rnd_std_rand, NULL ), 0 ); 1414 1415 mbedtls_pk_free( &pk ); 1416 TEST_EQUAL( PSA_SUCCESS, psa_destroy_key( key_id ) ); 1417 1418 mbedtls_pk_init( &pk ); 1419 TEST_EQUAL( mbedtls_pk_parse_public_key( &pk, pkey_start, pkey_len ), 0 ); 1420 1421 if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) 1422 { 1423 rsassa_pss_options.mgf1_hash_id = md_alg; 1424 TEST_ASSERT( hash_len != 0 ); 1425 rsassa_pss_options.expected_salt_len = hash_len; 1426 options = (const void*) &rsassa_pss_options; 1427 } 1428 TEST_EQUAL( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, 1429 hash, hash_len, sig, sig_len ), 0 ); 1430 1431exit: 1432 mbedtls_pk_free( &pk ); 1433 PSA_DONE( ); 1434} 1435/* END_CASE */ 1436