1/* BEGIN_HEADER */ 2#include "mbedtls/pk.h" 3 4/* For error codes */ 5#include "mbedtls/asn1.h" 6#include "mbedtls/base64.h" 7#include "mbedtls/ecp.h" 8#include "mbedtls/rsa.h" 9 10#include <limits.h> 11#include <stdint.h> 12 13/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), 14 * but the test code generator requires test case data to be valid C code 15 * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ 16#include "psa/crypto.h" 17 18#define RSA_KEY_SIZE 512 19#define RSA_KEY_LEN 64 20 21/** Generate a key of the desired type. 22 * 23 * \param pk The PK object to fill. It must have been initialized 24 * with mbedtls_pk_setup(). 25 * \param parameter - For RSA keys, the key size in bits. 26 * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). 27 * 28 * \return The status from the underlying type-specific key 29 * generation function. 30 * \return -1 if the key type is not recognized. 31 */ 32static int pk_genkey(mbedtls_pk_context *pk, int parameter) 33{ 34 ((void) pk); 35 (void) parameter; 36 37#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 38 if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { 39 return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), 40 mbedtls_test_rnd_std_rand, NULL, 41 parameter, 3); 42 } 43#endif 44#if defined(MBEDTLS_ECP_C) 45 if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || 46 mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || 47 mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { 48 int ret; 49 if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp, 50 parameter)) != 0) { 51 return ret; 52 } 53 54 return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp, 55 &mbedtls_pk_ec(*pk)->d, 56 &mbedtls_pk_ec(*pk)->Q, 57 mbedtls_test_rnd_std_rand, NULL); 58 } 59#endif 60 return -1; 61} 62 63#if defined(MBEDTLS_RSA_C) 64int mbedtls_rsa_decrypt_func(void *ctx, int mode, size_t *olen, 65 const unsigned char *input, unsigned char *output, 66 size_t output_max_len) 67{ 68 return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, 69 mbedtls_test_rnd_std_rand, NULL, mode, 70 olen, input, output, output_max_len); 71} 72int mbedtls_rsa_sign_func(void *ctx, 73 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 74 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 75 const unsigned char *hash, unsigned char *sig) 76{ 77 ((void) f_rng); 78 ((void) p_rng); 79 return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, 80 mbedtls_test_rnd_std_rand, NULL, mode, 81 md_alg, hashlen, hash, sig); 82} 83size_t mbedtls_rsa_key_len_func(void *ctx) 84{ 85 return ((const mbedtls_rsa_context *) ctx)->len; 86} 87#endif /* MBEDTLS_RSA_C */ 88 89#if defined(MBEDTLS_USE_PSA_CRYPTO) 90 91/* 92 * Generate a key using PSA and return the key identifier of that key, 93 * or 0 if the key generation failed. 94 * The key uses NIST P-256 and is usable for signing with SHA-256. 95 */ 96mbedtls_svc_key_id_t pk_psa_genkey(void) 97{ 98 mbedtls_svc_key_id_t key; 99 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 100 const psa_key_type_t type = 101 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1); 102 const size_t bits = 256; 103 104 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 105 psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); 106 psa_set_key_type(&attributes, type); 107 psa_set_key_bits(&attributes, bits); 108 PSA_ASSERT(psa_generate_key(&attributes, &key)); 109 110exit: 111 return key; 112} 113#endif /* MBEDTLS_USE_PSA_CRYPTO */ 114/* END_HEADER */ 115 116/* BEGIN_DEPENDENCIES 117 * depends_on:MBEDTLS_PK_C 118 * END_DEPENDENCIES 119 */ 120 121/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 122void pk_psa_utils() 123{ 124 mbedtls_pk_context pk, pk2; 125 mbedtls_svc_key_id_t key; 126 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 127 128 const char * const name = "Opaque"; 129 const size_t bitlen = 256; /* hardcoded in genkey() */ 130 131 mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; 132 unsigned char b1[1], b2[1]; 133 size_t len; 134 mbedtls_pk_debug_item dbg; 135 136 mbedtls_pk_init(&pk); 137 mbedtls_pk_init(&pk2); 138 139 USE_PSA_INIT(); 140 141 TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) == 142 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 143 144 mbedtls_pk_free(&pk); 145 mbedtls_pk_init(&pk); 146 147 key = pk_psa_genkey(); 148 if (mbedtls_svc_key_id_is_null(key)) { 149 goto exit; 150 } 151 152 TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, key) == 0); 153 154 TEST_ASSERT(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_OPAQUE); 155 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 156 157 TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); 158 TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8); 159 160 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1); 161 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1); 162 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 0); 163 164 /* unsupported operations: verify, decrypt, encrypt */ 165 TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg, 166 b1, sizeof(b1), b2, sizeof(b2)) 167 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 168 TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1), 169 b2, &len, sizeof(b2), 170 NULL, NULL) 171 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 172 TEST_ASSERT(mbedtls_pk_encrypt(&pk, b1, sizeof(b1), 173 b2, &len, sizeof(b2), 174 NULL, NULL) 175 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 176 177 /* unsupported functions: check_pair, debug */ 178 TEST_ASSERT(mbedtls_pk_setup(&pk2, 179 mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); 180 TEST_ASSERT(mbedtls_pk_check_pair(&pk, &pk2) 181 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 182 TEST_ASSERT(mbedtls_pk_debug(&pk, &dbg) 183 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 184 185 /* test that freeing the context does not destroy the key */ 186 mbedtls_pk_free(&pk); 187 TEST_ASSERT(PSA_SUCCESS == psa_get_key_attributes(key, &attributes)); 188 TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key)); 189 190exit: 191 /* 192 * Key attributes may have been returned by psa_get_key_attributes() 193 * thus reset them as required. 194 */ 195 psa_reset_key_attributes(&attributes); 196 197 mbedtls_pk_free(&pk); /* redundant except upon error */ 198 mbedtls_pk_free(&pk2); 199 USE_PSA_DONE(); 200} 201/* END_CASE */ 202 203 204/* BEGIN_CASE */ 205void valid_parameters() 206{ 207 mbedtls_pk_context pk; 208 unsigned char buf[1]; 209 size_t len; 210 void *options = NULL; 211 212 mbedtls_pk_init(&pk); 213 USE_PSA_INIT(); 214 215 TEST_VALID_PARAM(mbedtls_pk_free(NULL)); 216 217#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 218 TEST_VALID_PARAM(mbedtls_pk_restart_free(NULL)); 219#endif 220 221 TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) == 222 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 223 224 /* In informational functions, we accept NULL where a context pointer 225 * is expected because that's what the library has done forever. 226 * We do not document that NULL is accepted, so we may wish to change 227 * the behavior in a future version. */ 228 TEST_ASSERT(mbedtls_pk_get_bitlen(NULL) == 0); 229 TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0); 230 TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0); 231 232 TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, 233 MBEDTLS_MD_NONE, 234 NULL, 0, 235 buf, &len, 236 mbedtls_test_rnd_std_rand, NULL, 237 NULL) == 238 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 239 240 TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, 241 MBEDTLS_MD_NONE, 242 NULL, 0, 243 buf, &len, 244 mbedtls_test_rnd_std_rand, NULL, 245 NULL) == 246 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 247 248 TEST_ASSERT(mbedtls_pk_sign(&pk, 249 MBEDTLS_MD_NONE, 250 NULL, 0, 251 buf, &len, 252 mbedtls_test_rnd_std_rand, NULL) == 253 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 254 255 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, 256 MBEDTLS_MD_NONE, 257 NULL, 0, 258 buf, sizeof(buf), 259 NULL) == 260 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 261 262 TEST_ASSERT(mbedtls_pk_verify(&pk, 263 MBEDTLS_MD_NONE, 264 NULL, 0, 265 buf, sizeof(buf)) == 266 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 267 268 TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 269 &pk, 270 MBEDTLS_MD_NONE, 271 NULL, 0, 272 buf, sizeof(buf)) == 273 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 274 275 TEST_ASSERT(mbedtls_pk_encrypt(&pk, 276 NULL, 0, 277 NULL, &len, 0, 278 mbedtls_test_rnd_std_rand, NULL) == 279 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 280 281 TEST_ASSERT(mbedtls_pk_decrypt(&pk, 282 NULL, 0, 283 NULL, &len, 0, 284 mbedtls_test_rnd_std_rand, NULL) == 285 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 286 287#if defined(MBEDTLS_PK_PARSE_C) 288 TEST_ASSERT(mbedtls_pk_parse_key(&pk, NULL, 0, NULL, 1) == 289 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 290 291 TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) == 292 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 293#endif /* MBEDTLS_PK_PARSE_C */ 294 295exit: 296 USE_PSA_DONE(); 297} 298/* END_CASE */ 299 300/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ 301void valid_parameters_pkwrite(data_t *key_data) 302{ 303 mbedtls_pk_context pk; 304 305 /* For the write tests to be effective, we need a valid key pair. */ 306 mbedtls_pk_init(&pk); 307 USE_PSA_INIT(); 308 309 TEST_ASSERT(mbedtls_pk_parse_key(&pk, 310 key_data->x, key_data->len, 311 NULL, 0) == 0); 312 313 TEST_ASSERT(mbedtls_pk_write_key_der(&pk, NULL, 0) == 314 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 315 316 TEST_ASSERT(mbedtls_pk_write_pubkey_der(&pk, NULL, 0) == 317 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 318 319#if defined(MBEDTLS_PEM_WRITE_C) 320 TEST_ASSERT(mbedtls_pk_write_key_pem(&pk, NULL, 0) == 321 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 322 323 TEST_ASSERT(mbedtls_pk_write_pubkey_pem(&pk, NULL, 0) == 324 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 325#endif /* MBEDTLS_PEM_WRITE_C */ 326 327exit: 328 mbedtls_pk_free(&pk); 329 USE_PSA_DONE(); 330} 331/* END_CASE */ 332 333/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 334void invalid_parameters() 335{ 336 size_t len; 337 unsigned char *null_buf = NULL; 338 unsigned char buf[1]; 339 unsigned char *p = buf; 340 char str[1] = { 0 }; 341 mbedtls_pk_context pk; 342 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; 343 void *options = buf; 344 345 (void) null_buf; 346 (void) p; 347 (void) str; 348 349 mbedtls_pk_init(&pk); 350 USE_PSA_INIT(); 351 352 TEST_INVALID_PARAM(mbedtls_pk_init(NULL)); 353 354#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 355 TEST_INVALID_PARAM(mbedtls_pk_restart_init(NULL)); 356#endif 357 358 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 359 mbedtls_pk_setup(NULL, NULL)); 360 361#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 362 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 363 mbedtls_pk_setup_rsa_alt(NULL, buf, 364 NULL, NULL, NULL)); 365#endif 366 367 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 368 mbedtls_pk_verify_restartable(NULL, 369 MBEDTLS_MD_NONE, 370 buf, sizeof(buf), 371 buf, sizeof(buf), 372 NULL)); 373 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 374 mbedtls_pk_verify_restartable(&pk, 375 MBEDTLS_MD_NONE, 376 NULL, sizeof(buf), 377 buf, sizeof(buf), 378 NULL)); 379 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 380 mbedtls_pk_verify_restartable(&pk, 381 valid_md, 382 NULL, 0, 383 buf, sizeof(buf), 384 NULL)); 385 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 386 mbedtls_pk_verify_restartable(&pk, 387 MBEDTLS_MD_NONE, 388 buf, sizeof(buf), 389 NULL, sizeof(buf), 390 NULL)); 391 392 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 393 mbedtls_pk_verify(NULL, 394 MBEDTLS_MD_NONE, 395 buf, sizeof(buf), 396 buf, sizeof(buf))); 397 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 398 mbedtls_pk_verify(&pk, 399 MBEDTLS_MD_NONE, 400 NULL, sizeof(buf), 401 buf, sizeof(buf))); 402 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 403 mbedtls_pk_verify(&pk, 404 valid_md, 405 NULL, 0, 406 buf, sizeof(buf))); 407 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 408 mbedtls_pk_verify(&pk, 409 MBEDTLS_MD_NONE, 410 buf, sizeof(buf), 411 NULL, sizeof(buf))); 412 413 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 414 mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 415 NULL, 416 MBEDTLS_MD_NONE, 417 buf, sizeof(buf), 418 buf, sizeof(buf))); 419 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 420 mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 421 &pk, 422 MBEDTLS_MD_NONE, 423 NULL, sizeof(buf), 424 buf, sizeof(buf))); 425 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 426 mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 427 &pk, 428 valid_md, 429 NULL, 0, 430 buf, sizeof(buf))); 431 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 432 mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 433 &pk, 434 MBEDTLS_MD_NONE, 435 buf, sizeof(buf), 436 NULL, sizeof(buf))); 437 438 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 439 mbedtls_pk_sign_restartable(NULL, MBEDTLS_MD_NONE, buf, sizeof(buf), 440 buf, &len, mbedtls_test_rnd_std_rand, 441 NULL, NULL)); 442 443 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 444 mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_NONE, NULL, sizeof(buf), 445 buf, &len, mbedtls_test_rnd_std_rand, 446 NULL, NULL)); 447 448 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 449 mbedtls_pk_sign_restartable(&pk, valid_md, NULL, 0, buf, &len, 450 mbedtls_test_rnd_std_rand, NULL, NULL)); 451 452 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 453 mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_NONE, buf, sizeof(buf), 454 NULL, &len, mbedtls_test_rnd_std_rand, 455 NULL, NULL)); 456 457 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 458 mbedtls_pk_sign(NULL, MBEDTLS_MD_NONE, buf, sizeof(buf), 459 buf, &len, mbedtls_test_rnd_std_rand, NULL)); 460 461 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 462 mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, NULL, sizeof(buf), 463 buf, &len, mbedtls_test_rnd_std_rand, NULL)); 464 465 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 466 mbedtls_pk_sign(&pk, valid_md, NULL, 0, buf, &len, 467 mbedtls_test_rnd_std_rand, NULL)); 468 469 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 470 mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, buf, sizeof(buf), NULL, &len, 471 mbedtls_test_rnd_std_rand, NULL)); 472 473 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 474 mbedtls_pk_decrypt(NULL, buf, sizeof(buf), buf, &len, sizeof(buf), 475 mbedtls_test_rnd_std_rand, NULL)); 476 477 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 478 mbedtls_pk_decrypt(&pk, NULL, sizeof(buf), buf, &len, sizeof(buf), 479 mbedtls_test_rnd_std_rand, NULL)); 480 481 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 482 mbedtls_pk_decrypt(&pk, buf, sizeof(buf), NULL, &len, sizeof(buf), 483 mbedtls_test_rnd_std_rand, NULL)); 484 485 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 486 mbedtls_pk_decrypt(&pk, buf, sizeof(buf), buf, NULL, sizeof(buf), 487 mbedtls_test_rnd_std_rand, NULL)); 488 489 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 490 mbedtls_pk_encrypt(NULL, buf, sizeof(buf), buf, &len, sizeof(buf), 491 mbedtls_test_rnd_std_rand, NULL)); 492 493 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 494 mbedtls_pk_encrypt(&pk, NULL, sizeof(buf), buf, &len, sizeof(buf), 495 mbedtls_test_rnd_std_rand, NULL)); 496 497 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 498 mbedtls_pk_encrypt(&pk, buf, sizeof(buf), NULL, &len, sizeof(buf), 499 mbedtls_test_rnd_std_rand, NULL)); 500 501 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 502 mbedtls_pk_encrypt(&pk, buf, sizeof(buf), buf, NULL, sizeof(buf), 503 mbedtls_test_rnd_std_rand, NULL)); 504 505 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 506 mbedtls_pk_check_pair(NULL, &pk)); 507 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 508 mbedtls_pk_check_pair(&pk, NULL)); 509 510 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 511 mbedtls_pk_debug(NULL, NULL)); 512 513#if defined(MBEDTLS_PK_PARSE_C) 514#if defined(MBEDTLS_FS_IO) 515 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 516 mbedtls_pk_load_file(NULL, &p, &len)); 517 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 518 mbedtls_pk_load_file(str, NULL, &len)); 519 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 520 mbedtls_pk_load_file(str, &p, NULL)); 521 522 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 523 mbedtls_pk_parse_keyfile(NULL, str, NULL)); 524 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 525 mbedtls_pk_parse_keyfile(&pk, NULL, NULL)); 526 527 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 528 mbedtls_pk_parse_public_keyfile(NULL, str)); 529 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 530 mbedtls_pk_parse_public_keyfile(&pk, NULL)); 531#endif 532 533 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 534 mbedtls_pk_parse_subpubkey(NULL, buf, &pk)); 535 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 536 mbedtls_pk_parse_subpubkey(&null_buf, buf, &pk)); 537 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 538 mbedtls_pk_parse_subpubkey(&p, NULL, &pk)); 539 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 540 mbedtls_pk_parse_subpubkey(&p, buf, NULL)); 541 542 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 543 mbedtls_pk_parse_key(NULL, 544 buf, sizeof(buf), 545 buf, sizeof(buf))); 546 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 547 mbedtls_pk_parse_key(&pk, 548 NULL, sizeof(buf), 549 buf, sizeof(buf))); 550 551 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 552 mbedtls_pk_parse_public_key(NULL, 553 buf, sizeof(buf))); 554 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 555 mbedtls_pk_parse_public_key(&pk, 556 NULL, sizeof(buf))); 557#endif /* MBEDTLS_PK_PARSE_C */ 558 559#if defined(MBEDTLS_PK_WRITE_C) 560 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 561 mbedtls_pk_write_pubkey(NULL, p, &pk)); 562 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 563 mbedtls_pk_write_pubkey(&null_buf, p, &pk)); 564 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 565 mbedtls_pk_write_pubkey(&p, NULL, &pk)); 566 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 567 mbedtls_pk_write_pubkey(&p, p, NULL)); 568 569 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 570 mbedtls_pk_write_pubkey_der(NULL, 571 buf, sizeof(buf))); 572 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 573 mbedtls_pk_write_pubkey_der(&pk, 574 NULL, sizeof(buf))); 575 576 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 577 mbedtls_pk_write_key_der(NULL, 578 buf, sizeof(buf))); 579 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 580 mbedtls_pk_write_key_der(&pk, 581 NULL, sizeof(buf))); 582 583#if defined(MBEDTLS_PEM_WRITE_C) 584 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 585 mbedtls_pk_write_pubkey_pem(NULL, 586 buf, sizeof(buf))); 587 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 588 mbedtls_pk_write_pubkey_pem(&pk, 589 NULL, sizeof(buf))); 590 591 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 592 mbedtls_pk_write_key_pem(NULL, 593 buf, sizeof(buf))); 594 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 595 mbedtls_pk_write_key_pem(&pk, 596 NULL, sizeof(buf))); 597#endif /* MBEDTLS_PEM_WRITE_C */ 598 599#endif /* MBEDTLS_PK_WRITE_C */ 600exit: 601 USE_PSA_DONE(); 602} 603/* END_CASE */ 604 605/* BEGIN_CASE */ 606void pk_utils(int type, int parameter, int bitlen, int len, char *name) 607{ 608 mbedtls_pk_context pk; 609 610 mbedtls_pk_init(&pk); 611 USE_PSA_INIT(); 612 613 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 614 TEST_ASSERT(pk_genkey(&pk, parameter) == 0); 615 616 TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); 617 TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); 618 TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == (unsigned) bitlen); 619 TEST_ASSERT(mbedtls_pk_get_len(&pk) == (unsigned) len); 620 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 621 622exit: 623 mbedtls_pk_free(&pk); 624 USE_PSA_DONE(); 625} 626/* END_CASE */ 627 628/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 629void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) 630{ 631 mbedtls_pk_context pub, prv, alt; 632 633 mbedtls_pk_init(&pub); 634 mbedtls_pk_init(&prv); 635 mbedtls_pk_init(&alt); 636 USE_PSA_INIT(); 637 638 TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); 639 TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL) == 0); 640 641 TEST_ASSERT(mbedtls_pk_check_pair(&pub, &prv) == ret); 642 643#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 644 if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_RSA) { 645 TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, mbedtls_pk_rsa(prv), 646 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 647 mbedtls_rsa_key_len_func) == 0); 648 TEST_ASSERT(mbedtls_pk_check_pair(&pub, &alt) == ret); 649 } 650#endif 651 652exit: 653 mbedtls_pk_free(&pub); 654 mbedtls_pk_free(&prv); 655 mbedtls_pk_free(&alt); 656 USE_PSA_DONE(); 657} 658/* END_CASE */ 659 660/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 661void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, 662 char *input_N, char *input_E, 663 data_t *result_str, int result) 664{ 665 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 666 mbedtls_rsa_context *rsa; 667 mbedtls_pk_context pk; 668 mbedtls_pk_restart_ctx *rs_ctx = NULL; 669#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 670 mbedtls_pk_restart_ctx ctx; 671 672 rs_ctx = &ctx; 673 mbedtls_pk_restart_init(rs_ctx); 674 // this setting would ensure restart would happen if ECC was used 675 mbedtls_ecp_set_max_ops(1); 676#endif 677 678 mbedtls_pk_init(&pk); 679 USE_PSA_INIT(); 680 681 memset(hash_result, 0x00, MBEDTLS_MD_MAX_SIZE); 682 683 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 684 rsa = mbedtls_pk_rsa(pk); 685 686 rsa->len = mod / 8; 687 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 688 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 689 690 691 if (mbedtls_md_info_from_type(digest) != NULL) { 692 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len, 693 hash_result) == 0); 694 } 695 696 TEST_ASSERT(mbedtls_pk_verify(&pk, digest, hash_result, 0, 697 result_str->x, mbedtls_pk_get_len(&pk)) == result); 698 699 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, hash_result, 0, 700 result_str->x, mbedtls_pk_get_len( 701 &pk), rs_ctx) == result); 702 703exit: 704#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 705 mbedtls_pk_restart_free(rs_ctx); 706#endif 707 mbedtls_pk_free(&pk); 708 USE_PSA_DONE(); 709} 710/* END_CASE */ 711 712/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 713void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, 714 int mod, char *input_N, 715 char *input_E, data_t *result_str, 716 int pk_type, int mgf1_hash_id, 717 int salt_len, int result) 718{ 719 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 720 mbedtls_rsa_context *rsa; 721 mbedtls_pk_context pk; 722 mbedtls_pk_rsassa_pss_options pss_opts; 723 void *options; 724 size_t hash_len; 725 726 mbedtls_pk_init(&pk); 727 USE_PSA_INIT(); 728 729 memset(hash_result, 0x00, sizeof(hash_result)); 730 731 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 732 rsa = mbedtls_pk_rsa(pk); 733 734 rsa->len = mod / 8; 735 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 736 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 737 738 739 if (digest != MBEDTLS_MD_NONE) { 740 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), 741 message_str->x, message_str->len, hash_result) == 0); 742 hash_len = 0; 743 } else { 744 memcpy(hash_result, message_str->x, message_str->len); 745 hash_len = message_str->len; 746 } 747 748 if (mgf1_hash_id < 0) { 749 options = NULL; 750 } else { 751 options = &pss_opts; 752 753 pss_opts.mgf1_hash_id = mgf1_hash_id; 754 pss_opts.expected_salt_len = salt_len; 755 } 756 757 TEST_ASSERT(mbedtls_pk_verify_ext(pk_type, options, &pk, 758 digest, hash_result, hash_len, 759 result_str->x, mbedtls_pk_get_len(&pk)) == result); 760 761exit: 762 mbedtls_pk_free(&pk); 763 USE_PSA_DONE(); 764} 765/* END_CASE */ 766 767/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */ 768void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, 769 data_t *sig, int ret) 770{ 771 mbedtls_pk_context pk; 772 mbedtls_ecp_keypair *eckey; 773 774 mbedtls_pk_init(&pk); 775 USE_PSA_INIT(); 776 777 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 778 779 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); 780 eckey = mbedtls_pk_ec(pk); 781 782 TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); 783 TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, 784 key->x, key->len) == 0); 785 786 // MBEDTLS_MD_NONE is used since it will be ignored. 787 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, 788 hash->x, hash->len, sig->x, sig->len) == ret); 789 790exit: 791 mbedtls_pk_free(&pk); 792 USE_PSA_DONE(); 793} 794/* END_CASE */ 795 796/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ 797void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str, 798 char *QX_str, char *QY_str, 799 int md_alg, char *msg, data_t *sig_check, 800 int max_ops, int min_restart, int max_restart) 801{ 802 int ret, cnt_restart; 803 mbedtls_pk_restart_ctx rs_ctx; 804 mbedtls_pk_context prv, pub; 805 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 806 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 807 size_t hlen, slen; 808 const mbedtls_md_info_t *md_info; 809 810 mbedtls_pk_restart_init(&rs_ctx); 811 mbedtls_pk_init(&prv); 812 mbedtls_pk_init(&pub); 813 memset(hash, 0, sizeof(hash)); 814 memset(sig, 0, sizeof(sig)); 815 USE_PSA_INIT(); 816 817 TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0); 818 TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0); 819 TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec(prv)->d, d_str) == 0); 820 821 TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0); 822 TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0); 823 TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0); 824 825 md_info = mbedtls_md_info_from_type(md_alg); 826 TEST_ASSERT(md_info != NULL); 827 828 hlen = mbedtls_md_get_size(md_info); 829 TEST_ASSERT(mbedtls_md(md_info, 830 (const unsigned char *) msg, strlen(msg), 831 hash) == 0); 832 833 mbedtls_ecp_set_max_ops(max_ops); 834 835 slen = sizeof(sig); 836 cnt_restart = 0; 837 do { 838 ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash, hlen, 839 sig, &slen, NULL, NULL, &rs_ctx); 840 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 841 842 TEST_ASSERT(ret == 0); 843 TEST_ASSERT(slen == sig_check->len); 844 TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0); 845 846 TEST_ASSERT(cnt_restart >= min_restart); 847 TEST_ASSERT(cnt_restart <= max_restart); 848 849 cnt_restart = 0; 850 do { 851 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 852 hash, hlen, sig, slen, &rs_ctx); 853 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 854 855 TEST_ASSERT(ret == 0); 856 TEST_ASSERT(cnt_restart >= min_restart); 857 TEST_ASSERT(cnt_restart <= max_restart); 858 859 hash[0]++; 860 do { 861 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 862 hash, hlen, sig, slen, &rs_ctx); 863 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 864 TEST_ASSERT(ret != 0); 865 hash[0]--; 866 867 sig[0]++; 868 do { 869 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 870 hash, hlen, sig, slen, &rs_ctx); 871 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 872 TEST_ASSERT(ret != 0); 873 sig[0]--; 874 875 /* Do we leak memory when aborting? try verify then sign 876 * This test only makes sense when we actually restart */ 877 if (min_restart > 0) { 878 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 879 hash, hlen, sig, slen, &rs_ctx); 880 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 881 mbedtls_pk_restart_free(&rs_ctx); 882 883 slen = sizeof(sig); 884 ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash, hlen, 885 sig, &slen, NULL, NULL, &rs_ctx); 886 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 887 } 888 889exit: 890 mbedtls_pk_restart_free(&rs_ctx); 891 mbedtls_pk_free(&prv); 892 mbedtls_pk_free(&pub); 893 USE_PSA_DONE(); 894} 895/* END_CASE */ 896 897/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 898void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret) 899{ 900 mbedtls_pk_context pk; 901 size_t sig_len, hash_len; 902 mbedtls_md_type_t md = MBEDTLS_MD_SHA256; 903 unsigned char *hash = NULL; 904 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 905 void *rs_ctx = NULL; 906#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 907 mbedtls_pk_restart_ctx ctx; 908 909 rs_ctx = &ctx; 910 mbedtls_pk_restart_init(rs_ctx); 911 /* This value is large enough that the operation will complete in one run. 912 * See comments at the top of ecp_test_vect_restart in 913 * test_suite_ecp.function for estimates of operation counts. */ 914 mbedtls_ecp_set_max_ops(42000); 915#endif 916 917 hash_len = mbedtls_md_get_size(mbedtls_md_info_from_type(md)); 918 TEST_CALLOC(hash, hash_len); 919 920 mbedtls_pk_init(&pk); 921 USE_PSA_INIT(); 922 923 memset(hash, 0x2a, hash_len); 924 memset(sig, 0, sizeof(sig)); 925 926 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 927 TEST_ASSERT(pk_genkey(&pk, parameter) == 0); 928 929 TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, md, 930 hash, hash_len, sig, &sig_len, 931 mbedtls_test_rnd_std_rand, NULL, rs_ctx) == sign_ret); 932 if (sign_ret == 0) { 933 TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 934 } else { 935 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 936 } 937 938 TEST_ASSERT(mbedtls_pk_verify(&pk, md, 939 hash, hash_len, sig, sig_len) == verify_ret); 940 941 if (verify_ret == 0) { 942 hash[0]++; 943 TEST_ASSERT(mbedtls_pk_verify(&pk, md, 944 hash, hash_len, sig, sig_len) != 0); 945 hash[0]--; 946 947 sig[0]++; 948 TEST_ASSERT(mbedtls_pk_verify(&pk, md, 949 hash, hash_len, sig, sig_len) != 0); 950 sig[0]--; 951 } 952 953 TEST_ASSERT(mbedtls_pk_sign(&pk, md, hash, hash_len, 954 sig, &sig_len, 955 mbedtls_test_rnd_std_rand, 956 NULL) == sign_ret); 957 if (sign_ret == 0) { 958 TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 959 } else { 960 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 961 } 962 963 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md, 964 hash, hash_len, sig, sig_len, rs_ctx) == verify_ret); 965 966 if (verify_ret == 0) { 967 hash[0]++; 968 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md, 969 hash, hash_len, sig, sig_len, rs_ctx) != 0); 970 hash[0]--; 971 972 sig[0]++; 973 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, md, 974 hash, hash_len, sig, sig_len, rs_ctx) != 0); 975 sig[0]--; 976 } 977 978exit: 979#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 980 mbedtls_pk_restart_free(rs_ctx); 981#endif 982 mbedtls_pk_free(&pk); 983 mbedtls_free(hash); 984 USE_PSA_DONE(); 985} 986/* END_CASE */ 987 988/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 989void pk_rsa_encrypt_test_vec(data_t *message, int mod, 990 char *input_N, char *input_E, 991 data_t *result, int ret) 992{ 993 unsigned char output[300]; 994 mbedtls_test_rnd_pseudo_info rnd_info; 995 mbedtls_rsa_context *rsa; 996 mbedtls_pk_context pk; 997 size_t olen; 998 999 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1000 memset(output, 0, sizeof(output)); 1001 1002 mbedtls_pk_init(&pk); 1003 USE_PSA_INIT(); 1004 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1005 rsa = mbedtls_pk_rsa(pk); 1006 1007 rsa->len = mod / 8; 1008 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1009 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1010 1011 TEST_ASSERT(mbedtls_pk_encrypt(&pk, message->x, message->len, 1012 output, &olen, sizeof(output), 1013 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1014 TEST_ASSERT(olen == result->len); 1015 TEST_ASSERT(memcmp(output, result->x, olen) == 0); 1016 1017exit: 1018 mbedtls_pk_free(&pk); 1019 USE_PSA_DONE(); 1020} 1021/* END_CASE */ 1022 1023/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1024void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, 1025 char *input_P, char *input_Q, 1026 char *input_N, char *input_E, 1027 data_t *clear, int ret) 1028{ 1029 unsigned char output[256]; 1030 mbedtls_test_rnd_pseudo_info rnd_info; 1031 mbedtls_mpi N, P, Q, E; 1032 mbedtls_rsa_context *rsa; 1033 mbedtls_pk_context pk; 1034 size_t olen; 1035 1036 mbedtls_pk_init(&pk); 1037 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1038 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1039 USE_PSA_INIT(); 1040 1041 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1042 1043 1044 /* init pk-rsa context */ 1045 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1046 rsa = mbedtls_pk_rsa(pk); 1047 1048 /* load public key */ 1049 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1050 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1051 1052 /* load private key */ 1053 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1054 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1055 TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); 1056 TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); 1057 TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); 1058 1059 /* decryption test */ 1060 memset(output, 0, sizeof(output)); 1061 olen = 0; 1062 TEST_ASSERT(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, 1063 output, &olen, sizeof(output), 1064 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1065 if (ret == 0) { 1066 TEST_ASSERT(olen == clear->len); 1067 TEST_ASSERT(memcmp(output, clear->x, olen) == 0); 1068 } 1069 1070exit: 1071 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1072 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1073 mbedtls_pk_free(&pk); 1074 USE_PSA_DONE(); 1075} 1076/* END_CASE */ 1077 1078/* BEGIN_CASE */ 1079void pk_ec_nocrypt(int type) 1080{ 1081 mbedtls_pk_context pk; 1082 unsigned char output[100]; 1083 unsigned char input[100]; 1084 mbedtls_test_rnd_pseudo_info rnd_info; 1085 size_t olen = 0; 1086 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1087 1088 mbedtls_pk_init(&pk); 1089 USE_PSA_INIT(); 1090 1091 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1092 memset(output, 0, sizeof(output)); 1093 memset(input, 0, sizeof(input)); 1094 1095 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1096 1097 TEST_ASSERT(mbedtls_pk_encrypt(&pk, input, sizeof(input), 1098 output, &olen, sizeof(output), 1099 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1100 1101 TEST_ASSERT(mbedtls_pk_decrypt(&pk, input, sizeof(input), 1102 output, &olen, sizeof(output), 1103 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1104 1105exit: 1106 mbedtls_pk_free(&pk); 1107 USE_PSA_DONE(); 1108} 1109/* END_CASE */ 1110 1111/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1112void pk_rsa_overflow() 1113{ 1114 mbedtls_pk_context pk; 1115 size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1; 1116 unsigned char hash[50], sig[100]; 1117 1118 if (SIZE_MAX <= UINT_MAX) { 1119 return; 1120 } 1121 1122 memset(hash, 0x2a, sizeof(hash)); 1123 memset(sig, 0, sizeof(sig)); 1124 1125 mbedtls_pk_init(&pk); 1126 USE_PSA_INIT(); 1127 1128 TEST_ASSERT(mbedtls_pk_setup(&pk, 1129 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1130 1131#if defined(MBEDTLS_PKCS1_V21) 1132 TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, 1133 MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len) == 1134 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1135#endif /* MBEDTLS_PKCS1_V21 */ 1136 1137 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, 1138 sig, sig_len) == MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1139 1140 TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, sig, 1141 &sig_len, mbedtls_test_rnd_std_rand, NULL) 1142 == MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1143 1144exit: 1145 mbedtls_pk_free(&pk); 1146 USE_PSA_DONE(); 1147} 1148/* END_CASE */ 1149 1150/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 1151void pk_rsa_alt() 1152{ 1153 /* 1154 * An rsa_alt context can only do private operations (decrypt, sign). 1155 * Test it against the public operations (encrypt, verify) of a 1156 * corresponding rsa context. 1157 */ 1158 mbedtls_rsa_context raw; 1159 mbedtls_pk_context rsa, alt; 1160 mbedtls_pk_debug_item dbg_items[10]; 1161 unsigned char hash[50], sig[64]; 1162 unsigned char msg[50], ciph[64], test[50]; 1163 size_t sig_len, ciph_len, test_len; 1164 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1165 1166 mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE); 1167 mbedtls_pk_init(&rsa); 1168 mbedtls_pk_init(&alt); 1169 USE_PSA_INIT(); 1170 1171 memset(hash, 0x2a, sizeof(hash)); 1172 memset(sig, 0, sizeof(sig)); 1173 memset(msg, 0x2a, sizeof(msg)); 1174 memset(ciph, 0, sizeof(ciph)); 1175 memset(test, 0, sizeof(test)); 1176 1177 /* Initialize PK RSA context with random key */ 1178 TEST_ASSERT(mbedtls_pk_setup(&rsa, 1179 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1180 TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0); 1181 1182 /* Extract key to the raw rsa context */ 1183 TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); 1184 1185 /* Initialize PK RSA_ALT context */ 1186 TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, (void *) &raw, 1187 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 1188 mbedtls_rsa_key_len_func) == 0); 1189 1190 /* Test administrative functions */ 1191 TEST_ASSERT(mbedtls_pk_can_do(&alt, MBEDTLS_PK_RSA)); 1192 TEST_ASSERT(mbedtls_pk_get_bitlen(&alt) == RSA_KEY_SIZE); 1193 TEST_ASSERT(mbedtls_pk_get_len(&alt) == RSA_KEY_LEN); 1194 TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); 1195 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); 1196 1197 /* Test signature */ 1198#if SIZE_MAX > UINT_MAX 1199 TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig, 1200 &sig_len, mbedtls_test_rnd_std_rand, NULL) 1201 == MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1202#endif /* SIZE_MAX > UINT_MAX */ 1203 TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), sig, 1204 &sig_len, mbedtls_test_rnd_std_rand, NULL) 1205 == 0); 1206 TEST_ASSERT(sig_len == RSA_KEY_LEN); 1207 TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE, 1208 hash, sizeof(hash), sig, sig_len) == 0); 1209 1210 /* Test decrypt */ 1211 TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg), 1212 ciph, &ciph_len, sizeof(ciph), 1213 mbedtls_test_rnd_std_rand, NULL) == 0); 1214 TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len, 1215 test, &test_len, sizeof(test), 1216 mbedtls_test_rnd_std_rand, NULL) == 0); 1217 TEST_ASSERT(test_len == sizeof(msg)); 1218 TEST_ASSERT(memcmp(test, msg, test_len) == 0); 1219 1220 /* Test forbidden operations */ 1221 TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg), 1222 ciph, &ciph_len, sizeof(ciph), 1223 mbedtls_test_rnd_std_rand, NULL) == ret); 1224 TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE, 1225 hash, sizeof(hash), sig, sig_len) == ret); 1226 TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret); 1227 1228exit: 1229 mbedtls_rsa_free(&raw); 1230 mbedtls_pk_free(&rsa); 1231 mbedtls_pk_free(&alt); 1232 USE_PSA_DONE(); 1233} 1234/* END_CASE */ 1235 1236/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ 1237void pk_psa_sign(int grpid_arg, 1238 int psa_curve_arg, int expected_bits_arg) 1239{ 1240 mbedtls_ecp_group_id grpid = grpid_arg; 1241 mbedtls_pk_context pk; 1242 unsigned char hash[32]; 1243 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 1244 unsigned char pkey_legacy[200]; 1245 unsigned char pkey_psa[200]; 1246 unsigned char *pkey_legacy_start, *pkey_psa_start; 1247 size_t sig_len, klen_legacy, klen_psa; 1248 int ret; 1249 mbedtls_svc_key_id_t key_id; 1250 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1251 psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR(psa_curve_arg); 1252 size_t expected_bits = expected_bits_arg; 1253 1254 /* 1255 * This tests making signatures with a wrapped PSA key: 1256 * - generate a fresh ECP legacy PK context 1257 * - wrap it in a PK context and make a signature this way 1258 * - extract the public key 1259 * - parse it to a PK context and verify the signature this way 1260 */ 1261 1262 /* Create legacy EC public/private key in PK context. */ 1263 mbedtls_pk_init(&pk); 1264 USE_PSA_INIT(); 1265 1266 TEST_ASSERT(mbedtls_pk_setup(&pk, 1267 mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); 1268 TEST_ASSERT(mbedtls_ecp_gen_key(grpid, 1269 (mbedtls_ecp_keypair *) pk.pk_ctx, 1270 mbedtls_test_rnd_std_rand, NULL) == 0); 1271 1272 /* Export underlying public key for re-importing in a legacy context. */ 1273 ret = mbedtls_pk_write_pubkey_der(&pk, pkey_legacy, 1274 sizeof(pkey_legacy)); 1275 TEST_ASSERT(ret >= 0); 1276 klen_legacy = (size_t) ret; 1277 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1278 pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy; 1279 1280 /* Turn PK context into an opaque one. */ 1281 TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, 1282 PSA_ALG_SHA_256) == 0); 1283 1284 PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); 1285 TEST_EQUAL(psa_get_key_type(&attributes), expected_type); 1286 TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits); 1287 TEST_EQUAL(psa_get_key_lifetime(&attributes), 1288 PSA_KEY_LIFETIME_VOLATILE); 1289 1290 memset(hash, 0x2a, sizeof(hash)); 1291 memset(sig, 0, sizeof(sig)); 1292 1293 TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, 1294 hash, sizeof(hash), sig, &sig_len, 1295 NULL, NULL) == 0); 1296 1297 /* Export underlying public key for re-importing in a psa context. */ 1298 ret = mbedtls_pk_write_pubkey_der(&pk, pkey_psa, 1299 sizeof(pkey_psa)); 1300 TEST_ASSERT(ret >= 0); 1301 klen_psa = (size_t) ret; 1302 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1303 pkey_psa_start = pkey_psa + sizeof(pkey_psa) - klen_psa; 1304 1305 TEST_ASSERT(klen_psa == klen_legacy); 1306 TEST_ASSERT(memcmp(pkey_psa_start, pkey_legacy_start, klen_psa) == 0); 1307 1308 mbedtls_pk_free(&pk); 1309 TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id)); 1310 1311 mbedtls_pk_init(&pk); 1312 TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start, 1313 klen_legacy) == 0); 1314 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1315 hash, sizeof(hash), sig, sig_len) == 0); 1316 1317exit: 1318 /* 1319 * Key attributes may have been returned by psa_get_key_attributes() 1320 * thus reset them as required. 1321 */ 1322 psa_reset_key_attributes(&attributes); 1323 1324 mbedtls_pk_free(&pk); 1325 USE_PSA_DONE(); 1326} 1327/* END_CASE */ 1328