| /* BEGIN_HEADER */ |
| #include "mbedtls/pk.h" |
| #include "mbedtls/psa_util.h" |
| #include "pk_internal.h" |
| |
| /* For error codes */ |
| #include "mbedtls/asn1.h" |
| #include "mbedtls/base64.h" |
| #include "mbedtls/ecp.h" |
| #include "mbedtls/error.h" |
| #include "mbedtls/rsa.h" |
| #include "rsa_internal.h" |
| #include "pk_internal.h" |
| |
| #include <limits.h> |
| #include <stdint.h> |
| |
| /* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), |
| * but the test code generator requires test case data to be valid C code |
| * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ |
| #include "psa/crypto.h" |
| #include "mbedtls/psa_util.h" |
| |
| #include <test/psa_exercise_key.h> |
| |
| /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ |
| #include "pkwrite.h" |
| |
| /* Used for properly sizing the key buffer in pk_genkey_ec() */ |
| #include "psa_util_internal.h" |
| |
| #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS |
| #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) |
| |
| #if defined(MBEDTLS_RSA_C) || \ |
| defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ |
| defined(MBEDTLS_ECDSA_C) || \ |
| defined(MBEDTLS_USE_PSA_CRYPTO) |
| #define PK_CAN_SIGN_SOME |
| #endif |
| |
| /* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: |
| * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. |
| * - The build has built-in ECC and ECDSA signature. |
| */ |
| #if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ |
| ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \ |
| defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ |
| (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN)) |
| #define MBEDTLS_TEST_PK_PSA_SIGN |
| #endif |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) |
| /* Pick an elliptic curve that's supported by PSA. Note that the curve is |
| * not guaranteed to be supported by the ECP module. |
| * |
| * This should always find a curve if ECC is enabled in the build, except in |
| * one edge case: in a build with MBEDTLS_PSA_CRYPTO_CONFIG disabled and |
| * where the only legacy curve is secp224k1, which is not supported in PSA, |
| * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY ends up enabled but PSA does not |
| * support any curve. |
| */ |
| |
| /* First try all the curves that can do both ECDSA and ECDH, then try |
| * the ECDH-only curves. (There are no curves that can do ECDSA but not ECDH.) |
| * This way, if ECDSA is enabled then the curve that's selected here will |
| * be ECDSA-capable, and likewise for ECDH. */ |
| #if defined(PSA_WANT_ECC_SECP_R1_192) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 |
| #elif defined(PSA_WANT_ECC_SECP_R1_224) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 |
| #elif defined(PSA_WANT_ECC_SECP_R1_256) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 |
| #elif defined(PSA_WANT_ECC_SECP_R1_384) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 |
| #elif defined(PSA_WANT_ECC_SECP_R1_521) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 |
| #elif defined(PSA_WANT_ECC_SECP_K1_192) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 |
| #elif defined(PSA_WANT_ECC_SECP_K1_224) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 |
| #elif defined(PSA_WANT_ECC_SECP_K1_256) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 |
| #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 |
| #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 |
| #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 512 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 |
| #elif defined(PSA_WANT_ECC_MONTGOMERY_255) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 255 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 |
| #elif defined(PSA_WANT_ECC_MONTGOMERY_448) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 448 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 |
| #endif /* curve selection */ |
| |
| #if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) |
| #define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE |
| #endif |
| |
| /* Pick a second curve, for tests that need two supported curves of the |
| * same size. For simplicity, we only handle a subset of configurations, |
| * and both curves will support both ECDH and ECDSA. */ |
| #if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_K1_192) |
| /* Identical redefinition of the ONE macros, to confirm that they have |
| * the values we expect here. */ |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 |
| #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES |
| #elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 |
| #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES |
| #endif |
| |
| /* Pick a second bit-size, for tests that need two supported curves of the |
| * same family. For simplicity, we only handle a subset of configurations, |
| * and both curves will support both ECDH and ECDSA. */ |
| #if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_R1_256) |
| /* Identical redefinition of the ONE macros, to confirm that they have |
| * the values we expect here. */ |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 256 |
| #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS |
| #elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 384 |
| #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS |
| #endif |
| |
| #endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ |
| |
| /* Always define the macros so that we can use them in test data. */ |
| #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) |
| #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 |
| #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 0 |
| #define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 |
| #endif |
| #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 |
| #endif |
| #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS) |
| #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 0 |
| #endif |
| |
| /* Get an available MD alg to be used in sign/verify tests. */ |
| #if defined(MBEDTLS_MD_CAN_SHA1) |
| #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA1 |
| #elif defined(MBEDTLS_MD_CAN_SHA224) |
| #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224 |
| #elif defined(MBEDTLS_MD_CAN_SHA256) |
| #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256 |
| #elif defined(MBEDTLS_MD_CAN_SHA384) |
| #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA384 |
| #elif defined(MBEDTLS_MD_CAN_SHA512) |
| #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 |
| #endif |
| |
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
| static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) |
| { |
| psa_status_t status; |
| psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; |
| size_t curve_bits; |
| psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); |
| int ret; |
| |
| if (curve == 0) { |
| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
| } |
| |
| psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); |
| psa_set_key_bits(&key_attr, curve_bits); |
| psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; |
| psa_algorithm_t sign_alg = 0; |
| psa_algorithm_t derive_alg = 0; |
| if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { |
| usage |= PSA_KEY_USAGE_DERIVE; |
| derive_alg = PSA_ALG_ECDH; |
| } |
| if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && |
| curve != PSA_ECC_FAMILY_MONTGOMERY) { |
| usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; |
| #if defined(MBEDTLS_ECDSA_DETERMINISTIC) |
| sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); |
| #else |
| sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); |
| #endif |
| } |
| if (derive_alg != 0) { |
| psa_set_key_algorithm(&key_attr, derive_alg); |
| if (sign_alg != 0) { |
| psa_set_key_enrollment_algorithm(&key_attr, sign_alg); |
| } |
| } else { |
| psa_set_key_algorithm(&key_attr, sign_alg); |
| } |
| psa_set_key_usage_flags(&key_attr, usage); |
| |
| status = psa_generate_key(&key_attr, &pk->priv_id); |
| if (status != PSA_SUCCESS) { |
| return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; |
| } |
| |
| status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), |
| &pk->pub_raw_len); |
| if (status != PSA_SUCCESS) { |
| ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; |
| goto exit; |
| } |
| |
| pk->ec_family = curve; |
| pk->ec_bits = curve_bits; |
| |
| return 0; |
| |
| exit: |
| status = psa_destroy_key(pk->priv_id); |
| return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); |
| } |
| #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
| |
| /** Generate a key of the desired type. |
| * |
| * \param pk The PK object to fill. It must have been initialized |
| * with mbedtls_pk_setup(). |
| * \param curve_or_keybits - For RSA keys, the key size in bits. |
| * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). |
| * |
| * \return The status from the underlying type-specific key |
| * generation function. |
| * \return -1 if the key type is not recognized. |
| */ |
| static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) |
| { |
| (void) pk; |
| (void) curve_or_keybits; |
| |
| #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) |
| if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { |
| return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), |
| mbedtls_test_rnd_std_rand, NULL, |
| curve_or_keybits, 3); |
| } |
| #endif |
| #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
| if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || |
| mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || |
| mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { |
| int ret; |
| |
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
| ret = pk_genkey_ec(pk, curve_or_keybits); |
| if (ret != 0) { |
| return ret; |
| } |
| |
| return 0; |
| #else |
| ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); |
| if (ret != 0) { |
| return ret; |
| } |
| return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, |
| &mbedtls_pk_ec_rw(*pk)->d, |
| &mbedtls_pk_ec_rw(*pk)->Q, |
| mbedtls_test_rnd_std_rand, NULL); |
| #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
| |
| } |
| #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
| return -1; |
| } |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) |
| static psa_key_usage_t pk_get_psa_attributes_implied_usage( |
| psa_key_usage_t expected_usage) |
| { |
| /* Usage implied universally */ |
| if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { |
| expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; |
| } |
| if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { |
| expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; |
| } |
| /* Usage implied by mbedtls_pk_get_psa_attributes() */ |
| if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { |
| expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; |
| } |
| if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { |
| expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; |
| } |
| if (expected_usage & PSA_KEY_USAGE_DECRYPT) { |
| expected_usage |= PSA_KEY_USAGE_ENCRYPT; |
| } |
| expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; |
| return expected_usage; |
| } |
| |
| #define RSA_WRITE_PUBKEY_MAX_SIZE \ |
| PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) |
| #define ECP_WRITE_PUBKEY_MAX_SIZE \ |
| PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) |
| static int pk_public_same(const mbedtls_pk_context *pk1, |
| const mbedtls_pk_context *pk2) |
| { |
| int ok = 0; |
| |
| mbedtls_pk_type_t type = mbedtls_pk_get_type(pk1); |
| TEST_EQUAL(type, mbedtls_pk_get_type(pk2)); |
| |
| switch (type) { |
| #if defined(MBEDTLS_RSA_C) |
| case MBEDTLS_PK_RSA: |
| { |
| const mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(*pk1); |
| const mbedtls_rsa_context *rsa2 = mbedtls_pk_rsa(*pk2); |
| TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa1), |
| mbedtls_rsa_get_padding_mode(rsa2)); |
| TEST_EQUAL(mbedtls_rsa_get_md_alg(rsa1), |
| mbedtls_rsa_get_md_alg(rsa2)); |
| unsigned char buf1[RSA_WRITE_PUBKEY_MAX_SIZE]; |
| unsigned char *p1 = buf1 + sizeof(buf1); |
| int len1 = mbedtls_rsa_write_pubkey(rsa1, buf1, &p1); |
| TEST_LE_U(0, len1); |
| unsigned char buf2[RSA_WRITE_PUBKEY_MAX_SIZE]; |
| unsigned char *p2 = buf2 + sizeof(buf2); |
| int len2 = mbedtls_rsa_write_pubkey(rsa2, buf2, &p2); |
| TEST_LE_U(0, len2); |
| TEST_MEMORY_COMPARE(p1, len1, p2, len2); |
| break; |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| |
| #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
| case MBEDTLS_PK_ECKEY: |
| case MBEDTLS_PK_ECKEY_DH: |
| case MBEDTLS_PK_ECDSA: |
| { |
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
| TEST_MEMORY_COMPARE(pk1->pub_raw, pk1->pub_raw_len, |
| pk2->pub_raw, pk2->pub_raw_len); |
| TEST_EQUAL(pk1->ec_family, pk2->ec_family); |
| TEST_EQUAL(pk1->ec_bits, pk2->ec_bits); |
| |
| #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
| const mbedtls_ecp_keypair *ec1 = mbedtls_pk_ec_ro(*pk1); |
| const mbedtls_ecp_keypair *ec2 = mbedtls_pk_ec_ro(*pk2); |
| TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(ec1), |
| mbedtls_ecp_keypair_get_group_id(ec2)); |
| unsigned char buf1[ECP_WRITE_PUBKEY_MAX_SIZE]; |
| size_t len1 = 99999991; |
| TEST_EQUAL(mbedtls_ecp_write_public_key( |
| ec1, MBEDTLS_ECP_PF_UNCOMPRESSED, |
| &len1, buf1, sizeof(buf1)), 0); |
| unsigned char buf2[ECP_WRITE_PUBKEY_MAX_SIZE]; |
| size_t len2 = 99999992; |
| TEST_EQUAL(mbedtls_ecp_write_public_key( |
| ec2, MBEDTLS_ECP_PF_UNCOMPRESSED, |
| &len2, buf2, sizeof(buf2)), 0); |
| TEST_MEMORY_COMPARE(buf1, len1, buf2, len2); |
| #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
| } |
| break; |
| #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
| |
| default: |
| TEST_FAIL("Unsupported pk type in pk_public_same"); |
| } |
| |
| ok = 1; |
| |
| exit: |
| return ok; |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_C */ |
| |
| #if defined(MBEDTLS_RSA_C) |
| int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, |
| const unsigned char *input, unsigned char *output, |
| size_t output_max_len) |
| { |
| return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, |
| mbedtls_test_rnd_std_rand, NULL, |
| olen, input, output, output_max_len); |
| } |
| int mbedtls_rsa_sign_func(void *ctx, |
| int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, |
| mbedtls_md_type_t md_alg, unsigned int hashlen, |
| const unsigned char *hash, unsigned char *sig) |
| { |
| ((void) f_rng); |
| ((void) p_rng); |
| return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, |
| mbedtls_test_rnd_std_rand, NULL, |
| md_alg, hashlen, hash, sig); |
| } |
| size_t mbedtls_rsa_key_len_func(void *ctx) |
| { |
| return ((const mbedtls_rsa_context *) ctx)->len; |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| |
| typedef enum { |
| /* The values are compatible with thinking of "from pair" as a boolean. */ |
| FROM_PUBLIC = 0, |
| FROM_PAIR = 1 |
| } from_pair_t; |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) |
| static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, |
| mbedtls_pk_context *pk, psa_key_type_t *psa_type) |
| { |
| if (pk_type == MBEDTLS_PK_NONE) { |
| return 0; |
| } |
| TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); |
| |
| switch (pk_type) { |
| #if defined(MBEDTLS_RSA_C) |
| case MBEDTLS_PK_RSA: |
| { |
| *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; |
| mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); |
| if (want_pair) { |
| #if defined(MBEDTLS_GENPRIME) |
| TEST_EQUAL(mbedtls_rsa_gen_key( |
| rsa, |
| mbedtls_test_rnd_std_rand, NULL, |
| MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); |
| #else |
| TEST_FAIL("I don't know how to create an RSA key pair in this configuration."); |
| #endif |
| } else { |
| unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; |
| N[sizeof(N) - 1] = 0x03; |
| const unsigned char E[1] = { 0x03 }; |
| TEST_EQUAL(mbedtls_rsa_import_raw(rsa, |
| N, sizeof(N), |
| NULL, 0, NULL, 0, NULL, 0, |
| E, sizeof(E)), 0); |
| TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); |
| } |
| break; |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| |
| #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
| case MBEDTLS_PK_ECKEY: |
| case MBEDTLS_PK_ECKEY_DH: |
| case MBEDTLS_PK_ECDSA: |
| { |
| mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; |
| size_t bits; |
| *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); |
| TEST_EQUAL(pk_genkey(pk, grp_id), 0); |
| if (!want_pair) { |
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
| psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_set_key_type(&pub_attributes, |
| PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type)); |
| psa_set_key_usage_flags(&pub_attributes, |
| PSA_KEY_USAGE_EXPORT | |
| PSA_KEY_USAGE_COPY | |
| PSA_KEY_USAGE_VERIFY_MESSAGE | |
| PSA_KEY_USAGE_VERIFY_HASH); |
| psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); |
| PSA_ASSERT(psa_destroy_key(pk->priv_id)); |
| pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT; |
| #else |
| mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); |
| mbedtls_mpi_free(&ec->d); |
| #endif |
| } |
| break; |
| } |
| #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
| |
| default: |
| TEST_FAIL("Unknown PK type in test data"); |
| break; |
| } |
| |
| if (!want_pair) { |
| *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); |
| } |
| return 0; |
| |
| exit: |
| return MBEDTLS_ERR_ERROR_GENERIC_ERROR; |
| } |
| #endif |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) |
| /* Create a new PSA key which will contain only the public part of the private |
| * key which is provided in input. For this new key: |
| * - Type is the public counterpart of the private key. |
| * - Usage is the copied from the original private key, but the PSA_KEY_USAGE_EXPORT |
| * flag is removed. This is to prove that mbedtls_pk_copy_from_psa() doesn't |
| * require the key to have the EXPORT flag. |
| * - Algorithm is copied from the original key pair. |
| */ |
| static mbedtls_svc_key_id_t psa_pub_key_from_priv(mbedtls_svc_key_id_t priv_id) |
| { |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_type_t type; |
| psa_algorithm_t alg; |
| psa_key_usage_t usage; |
| unsigned char pub_key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; |
| size_t pub_key_len; |
| mbedtls_svc_key_id_t pub_key = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| /* Get attributes from the private key. */ |
| PSA_ASSERT(psa_get_key_attributes(priv_id, &attributes)); |
| type = psa_get_key_type(&attributes); |
| usage = psa_get_key_usage_flags(&attributes); |
| alg = psa_get_key_algorithm(&attributes); |
| psa_reset_key_attributes(&attributes); |
| |
| /* Export the public key and then import it in a new slot. */ |
| PSA_ASSERT(psa_export_public_key(priv_id, pub_key_buf, sizeof(pub_key_buf), &pub_key_len)); |
| |
| /* Notes: |
| * - psa_import_key() automatically determines the key's bit length |
| * from the provided key data. That's why psa_set_key_bits() is not used |
| * below. |
| */ |
| type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); |
| usage &= ~PSA_KEY_USAGE_EXPORT; |
| psa_set_key_type(&attributes, type); |
| psa_set_key_usage_flags(&attributes, usage); |
| psa_set_key_algorithm(&attributes, alg); |
| |
| PSA_ASSERT(psa_import_key(&attributes, pub_key_buf, pub_key_len, &pub_key)); |
| |
| exit: |
| psa_reset_key_attributes(&attributes); |
| return pub_key; |
| } |
| |
| /* Create a copy of a PSA key with same usage and algorithm policy and destroy |
| * the original one. */ |
| mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) |
| { |
| psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| PSA_ASSERT(psa_get_key_attributes(orig_key_id, &orig_attr)); |
| psa_set_key_usage_flags(&new_attr, psa_get_key_usage_flags(&orig_attr)); |
| psa_set_key_algorithm(&new_attr, psa_get_key_algorithm(&orig_attr)); |
| |
| PSA_ASSERT(psa_copy_key(orig_key_id, &new_attr, &new_key_id)); |
| psa_destroy_key(orig_key_id); |
| |
| exit: |
| psa_reset_key_attributes(&orig_attr); |
| psa_reset_key_attributes(&new_attr); |
| return new_key_id; |
| } |
| |
| psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len, |
| psa_key_type_t type, psa_key_usage_t usage, |
| psa_algorithm_t alg, mbedtls_svc_key_id_t *key) |
| { |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_status_t status; |
| |
| *key = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| /* Note: psa_import_key() automatically determines the key's bit length |
| * from the provided key data. That's why psa_set_key_bits() is not used below. */ |
| psa_set_key_usage_flags(&attributes, usage); |
| psa_set_key_algorithm(&attributes, alg); |
| psa_set_key_type(&attributes, type); |
| status = psa_import_key(&attributes, key_data, key_len, key); |
| |
| return status; |
| } |
| |
| psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits, |
| psa_key_usage_t usage, psa_algorithm_t alg, |
| mbedtls_svc_key_id_t *key) |
| { |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_status_t status; |
| |
| *key = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| psa_set_key_usage_flags(&attributes, usage); |
| psa_set_key_algorithm(&attributes, alg); |
| psa_set_key_type(&attributes, type); |
| psa_set_key_bits(&attributes, bits); |
| status = psa_generate_key(&attributes, key); |
| |
| return status; |
| } |
| |
| /* |
| * Generate an ECC key using PSA and return the key identifier of that key, |
| * or 0 if the key generation failed. |
| * The key uses NIST P-256 and is usable for signing with SHA-256. |
| */ |
| mbedtls_svc_key_id_t pk_psa_genkey_ecc(void) |
| { |
| mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, |
| PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), |
| &key); |
| |
| return key; |
| } |
| |
| /* |
| * Generate an RSA key using PSA and return the key identifier of that key, |
| * or 0 if the key generation failed. |
| */ |
| mbedtls_svc_key_id_t pk_psa_genkey_rsa(void) |
| { |
| mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, |
| PSA_ALG_RSA_PKCS1V15_SIGN_RAW, &key); |
| |
| return key; |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_C */ |
| /* END_HEADER */ |
| |
| /* BEGIN_DEPENDENCIES |
| * depends_on:MBEDTLS_PK_C |
| * END_DEPENDENCIES |
| */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_psa_utils(int key_is_rsa) |
| { |
| mbedtls_pk_context pk, pk2; |
| mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| |
| const char * const name = "Opaque"; |
| size_t bitlen; |
| |
| mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; |
| unsigned char b1[1], b2[1]; |
| size_t len; |
| mbedtls_pk_debug_item dbg; |
| |
| mbedtls_pk_init(&pk); |
| mbedtls_pk_init(&pk2); |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| mbedtls_pk_free(&pk); |
| mbedtls_pk_init(&pk); |
| |
| if (key_is_rsa) { |
| bitlen = 1024; /* hardcoded in genkey() */ |
| key = pk_psa_genkey_rsa(); |
| } else { |
| bitlen = 256; /* hardcoded in genkey() */ |
| key = pk_psa_genkey_ecc(); |
| } |
| if (mbedtls_svc_key_id_is_null(key)) { |
| goto exit; |
| } |
| |
| TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, key) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_OPAQUE); |
| TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); |
| TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8); |
| |
| if (key_is_rsa) { |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0); |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 0); |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 1); |
| } else { |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1); |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1); |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 0); |
| } |
| |
| /* unsupported operations: verify, decrypt, encrypt */ |
| if (key_is_rsa == 1) { |
| TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg, |
| b1, sizeof(b1), b2, sizeof(b2)) |
| == MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| } else { |
| TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1), |
| b2, &len, sizeof(b2), |
| NULL, NULL) |
| == MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| } |
| TEST_ASSERT(mbedtls_pk_encrypt(&pk, b1, sizeof(b1), |
| b2, &len, sizeof(b2), |
| NULL, NULL) |
| == MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| |
| /* unsupported functions: check_pair, debug */ |
| if (key_is_rsa) { |
| TEST_ASSERT(mbedtls_pk_setup(&pk2, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| } else { |
| TEST_ASSERT(mbedtls_pk_setup(&pk2, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); |
| } |
| TEST_ASSERT(mbedtls_pk_check_pair(&pk, &pk2, |
| mbedtls_test_rnd_std_rand, NULL) |
| == MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| TEST_ASSERT(mbedtls_pk_debug(&pk, &dbg) |
| == MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| |
| /* test that freeing the context does not destroy the key */ |
| mbedtls_pk_free(&pk); |
| TEST_ASSERT(PSA_SUCCESS == psa_get_key_attributes(key, &attributes)); |
| TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key)); |
| |
| exit: |
| /* |
| * Key attributes may have been returned by psa_get_key_attributes() |
| * thus reset them as required. |
| */ |
| psa_reset_key_attributes(&attributes); |
| |
| mbedtls_pk_free(&pk); /* redundant except upon error */ |
| mbedtls_pk_free(&pk2); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, |
| int key_alg2, int curve_or_keybits, int alg_check, int usage_check, |
| int result) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| if (opaque_key == 1) { |
| psa_set_key_usage_flags(&attributes, key_usage); |
| psa_set_key_algorithm(&attributes, key_alg); |
| if (key_alg2 != 0) { |
| psa_set_key_enrollment_algorithm(&attributes, key_alg2); |
| } |
| psa_set_key_type(&attributes, key_type); |
| psa_set_key_bits(&attributes, curve_or_keybits); |
| |
| PSA_ASSERT(psa_generate_key(&attributes, &key)); |
| |
| if (mbedtls_svc_key_id_is_null(key)) { |
| goto exit; |
| } |
| |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key), 0); |
| |
| TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); |
| } else { |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(key_type)), 0); |
| TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); |
| TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); |
| } |
| |
| TEST_EQUAL(mbedtls_pk_can_do_ext(&pk, alg_check, usage_check), result); |
| |
| exit: |
| psa_reset_key_attributes(&attributes); |
| PSA_ASSERT(psa_destroy_key(key)); |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void pk_invalid_param() |
| { |
| mbedtls_pk_context ctx; |
| mbedtls_pk_type_t pk_type = 0; |
| unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; |
| size_t buf_size = sizeof(buf); |
| |
| mbedtls_pk_init(&ctx); |
| USE_PSA_INIT(); |
| |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_NONE, |
| NULL, buf_size, |
| buf, buf_size, |
| NULL)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_SHA256, |
| NULL, 0, |
| buf, buf_size, |
| NULL)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_verify_ext(pk_type, NULL, |
| &ctx, MBEDTLS_MD_NONE, |
| NULL, buf_size, |
| buf, buf_size)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_verify_ext(pk_type, NULL, |
| &ctx, MBEDTLS_MD_SHA256, |
| NULL, 0, |
| buf, buf_size)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_NONE, |
| NULL, buf_size, |
| buf, buf_size, &buf_size, |
| NULL, NULL, |
| NULL)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_SHA256, |
| NULL, 0, |
| buf, buf_size, &buf_size, |
| NULL, NULL, |
| NULL)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_NONE, |
| NULL, buf_size, |
| buf, buf_size, &buf_size, |
| NULL, NULL)); |
| TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, |
| mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_SHA256, |
| NULL, 0, |
| buf, buf_size, &buf_size, |
| NULL, NULL)); |
| exit: |
| mbedtls_pk_free(&ctx); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void valid_parameters() |
| { |
| mbedtls_pk_context pk; |
| unsigned char buf[1]; |
| size_t len; |
| void *options = NULL; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| /* In informational functions, we accept NULL where a context pointer |
| * is expected because that's what the library has done forever. |
| * We do not document that NULL is accepted, so we may wish to change |
| * the behavior in a future version. */ |
| TEST_ASSERT(mbedtls_pk_get_bitlen(NULL) == 0); |
| TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0); |
| TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf), &len, |
| mbedtls_test_rnd_std_rand, NULL, |
| NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_sign(&pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf), &len, |
| mbedtls_test_rnd_std_rand, NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_sign_ext(MBEDTLS_PK_NONE, &pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf), &len, |
| mbedtls_test_rnd_std_rand, NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf), |
| NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_verify(&pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf)) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, |
| &pk, |
| MBEDTLS_MD_NONE, |
| NULL, 0, |
| buf, sizeof(buf)) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_encrypt(&pk, |
| NULL, 0, |
| NULL, &len, 0, |
| mbedtls_test_rnd_std_rand, NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_pk_decrypt(&pk, |
| NULL, 0, |
| NULL, &len, 0, |
| mbedtls_test_rnd_std_rand, NULL) == |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| #if defined(MBEDTLS_PK_PARSE_C) |
| TEST_ASSERT(mbedtls_pk_parse_key(&pk, NULL, 0, NULL, 1, |
| mbedtls_test_rnd_std_rand, NULL) == |
| MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); |
| |
| TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) == |
| MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); |
| #endif /* MBEDTLS_PK_PARSE_C */ |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ |
| void valid_parameters_pkwrite(data_t *key_data) |
| { |
| mbedtls_pk_context pk; |
| |
| /* For the write tests to be effective, we need a valid key pair. */ |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_parse_key(&pk, |
| key_data->x, key_data->len, NULL, 0, |
| mbedtls_test_rnd_std_rand, NULL) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_write_key_der(&pk, NULL, 0) == |
| MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); |
| |
| TEST_ASSERT(mbedtls_pk_write_pubkey_der(&pk, NULL, 0) == |
| MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); |
| |
| #if defined(MBEDTLS_PEM_WRITE_C) |
| TEST_ASSERT(mbedtls_pk_write_key_pem(&pk, NULL, 0) == |
| MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); |
| |
| TEST_ASSERT(mbedtls_pk_write_pubkey_pem(&pk, NULL, 0) == |
| MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); |
| #endif /* MBEDTLS_PEM_WRITE_C */ |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) |
| { |
| mbedtls_pk_context pk; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); |
| TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); |
| |
| TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); |
| TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == (unsigned) bitlen); |
| TEST_ASSERT(mbedtls_pk_get_len(&pk) == (unsigned) len); |
| TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ |
| void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) |
| { |
| mbedtls_pk_context pub, prv, alt; |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT; |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| |
| mbedtls_pk_init(&pub); |
| mbedtls_pk_init(&prv); |
| mbedtls_pk_init(&alt); |
| USE_PSA_INIT(); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending |
| on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the |
| two */ |
| if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { |
| ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
| } |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| |
| TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); |
| TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, |
| mbedtls_test_rnd_std_rand, NULL) |
| == 0); |
| |
| TEST_ASSERT(mbedtls_pk_check_pair(&pub, &prv, |
| mbedtls_test_rnd_std_rand, NULL) |
| == ret); |
| |
| #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) |
| if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_RSA) { |
| TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, mbedtls_pk_rsa(prv), |
| mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, |
| mbedtls_rsa_key_len_func) == 0); |
| TEST_ASSERT(mbedtls_pk_check_pair(&pub, &alt, |
| mbedtls_test_rnd_std_rand, NULL) |
| == ret); |
| } |
| #endif |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { |
| /* Turn the prv PK context into an opaque one.*/ |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, |
| &opaque_key_attr), 0); |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); |
| mbedtls_pk_free(&prv); |
| mbedtls_pk_init(&prv); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); |
| TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, |
| NULL), ret); |
| } |
| #endif |
| |
| exit: |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| psa_destroy_key(opaque_key_id); |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| mbedtls_pk_free(&pub); |
| mbedtls_pk_free(&prv); |
| mbedtls_pk_free(&alt); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ |
| void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest, |
| int mod, char *input_N, char *input_E, |
| data_t *result_str, int expected_result) |
| { |
| mbedtls_rsa_context *rsa; |
| mbedtls_pk_context pk; |
| mbedtls_pk_restart_ctx *rs_ctx = NULL; |
| #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
| mbedtls_pk_restart_ctx ctx; |
| |
| rs_ctx = &ctx; |
| mbedtls_pk_restart_init(rs_ctx); |
| // this setting would ensure restart would happen if ECC was used |
| mbedtls_ecp_set_max_ops(1); |
| #endif |
| |
| mbedtls_pk_init(&pk); |
| MD_OR_USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| rsa = mbedtls_pk_rsa(pk); |
| |
| rsa->len = (mod + 7) / 8; |
| if (padding >= 0) { |
| TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0); |
| } |
| |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); |
| |
| int actual_result; |
| actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0, |
| result_str->x, mbedtls_pk_get_len(&pk)); |
| #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && |
| expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { |
| /* Tolerate INVALID_PADDING error for an invalid signature with |
| * the legacy API (but not with PSA). */ |
| } else |
| #endif |
| { |
| TEST_EQUAL(actual_result, expected_result); |
| } |
| |
| actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, |
| result_str->x, |
| mbedtls_pk_get_len(&pk), |
| rs_ctx); |
| #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && |
| expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { |
| /* Tolerate INVALID_PADDING error for an invalid signature with |
| * the legacy API (but not with PSA). */ |
| } else |
| #endif |
| { |
| TEST_EQUAL(actual_result, expected_result); |
| } |
| |
| exit: |
| #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
| mbedtls_pk_restart_free(rs_ctx); |
| #endif |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ |
| void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, |
| int mod, char *input_N, |
| char *input_E, data_t *result_str, |
| int pk_type, int mgf1_hash_id, |
| int salt_len, int sig_len, |
| int result) |
| { |
| mbedtls_rsa_context *rsa; |
| mbedtls_pk_context pk; |
| mbedtls_pk_rsassa_pss_options pss_opts; |
| void *options; |
| int ret; |
| |
| mbedtls_pk_init(&pk); |
| MD_OR_USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| rsa = mbedtls_pk_rsa(pk); |
| |
| rsa->len = (mod + 7) / 8; |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); |
| |
| |
| if (mgf1_hash_id < 0) { |
| options = NULL; |
| } else { |
| options = &pss_opts; |
| |
| pss_opts.mgf1_hash_id = mgf1_hash_id; |
| pss_opts.expected_salt_len = salt_len; |
| } |
| |
| ret = mbedtls_pk_verify_ext(pk_type, options, &pk, |
| digest, message_str->x, message_str->len, |
| result_str->x, sig_len); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (result == MBEDTLS_ERR_RSA_INVALID_PADDING) { |
| /* Mbed TLS distinguishes "invalid padding" from "valid padding but |
| * the rest of the signature is invalid". This has little use in |
| * practice and PSA doesn't report this distinction. |
| * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated |
| * to MBEDTLS_ERR_RSA_VERIFY_FAILED. |
| * However, currently `mbedtls_pk_verify_ext()` may use either the |
| * PSA or the Mbed TLS API, depending on the PSS options used. |
| * So, it may return either INVALID_PADDING or INVALID_SIGNATURE. |
| */ |
| TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED); |
| } else |
| #endif |
| { |
| TEST_EQUAL(ret, result); |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY */ |
| void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, |
| data_t *sig, int ret) |
| { |
| mbedtls_pk_context pk; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); |
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
| TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); |
| memcpy(pk.pub_raw, key->x, key->len); |
| pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits)); |
| pk.pub_raw_len = key->len; |
| #else |
| mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); |
| |
| TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); |
| TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, |
| key->x, key->len) == 0); |
| #endif |
| |
| // MBEDTLS_MD_NONE is used since it will be ignored. |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, |
| hash->x, hash->len, sig->x, sig->len) == ret); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ |
| void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str, |
| char *QX_str, char *QY_str, |
| int md_alg, data_t *hash, data_t *sig_check, |
| int max_ops, int min_restart, int max_restart) |
| { |
| int ret, cnt_restart; |
| mbedtls_pk_restart_ctx rs_ctx; |
| mbedtls_pk_context prv, pub; |
| unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; |
| size_t slen; |
| |
| mbedtls_pk_restart_init(&rs_ctx); |
| mbedtls_pk_init(&prv); |
| mbedtls_pk_init(&pub); |
| USE_PSA_INIT(); |
| |
| memset(sig, 0, sizeof(sig)); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0); |
| TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0); |
| TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0); |
| TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0); |
| |
| mbedtls_ecp_set_max_ops(max_ops); |
| |
| slen = sizeof(sig); |
| cnt_restart = 0; |
| do { |
| ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, |
| sig, sizeof(sig), &slen, |
| mbedtls_test_rnd_std_rand, NULL, |
| &rs_ctx); |
| } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); |
| |
| TEST_ASSERT(ret == 0); |
| TEST_ASSERT(slen == sig_check->len); |
| TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0); |
| |
| TEST_ASSERT(cnt_restart >= min_restart); |
| TEST_ASSERT(cnt_restart <= max_restart); |
| |
| cnt_restart = 0; |
| do { |
| ret = mbedtls_pk_verify_restartable(&pub, md_alg, |
| hash->x, hash->len, sig, slen, &rs_ctx); |
| } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); |
| |
| TEST_ASSERT(ret == 0); |
| TEST_ASSERT(cnt_restart >= min_restart); |
| TEST_ASSERT(cnt_restart <= max_restart); |
| |
| sig[0]++; |
| do { |
| ret = mbedtls_pk_verify_restartable(&pub, md_alg, |
| hash->x, hash->len, sig, slen, &rs_ctx); |
| } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS); |
| TEST_ASSERT(ret != 0); |
| sig[0]--; |
| |
| /* Do we leak memory when aborting? try verify then sign |
| * This test only makes sense when we actually restart */ |
| if (min_restart > 0) { |
| ret = mbedtls_pk_verify_restartable(&pub, md_alg, |
| hash->x, hash->len, sig, slen, &rs_ctx); |
| TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); |
| mbedtls_pk_restart_free(&rs_ctx); |
| |
| slen = sizeof(sig); |
| ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, |
| sig, sizeof(sig), &slen, |
| mbedtls_test_rnd_std_rand, NULL, |
| &rs_ctx); |
| TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); |
| } |
| |
| exit: |
| mbedtls_pk_restart_free(&rs_ctx); |
| mbedtls_pk_free(&prv); |
| mbedtls_pk_free(&pub); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ |
| void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, |
| int sign_ret, int verify_ret) |
| { |
| mbedtls_pk_context pk; |
| size_t sig_len; |
| unsigned char hash[32]; // Hard-coded for SHA256 |
| size_t hash_len = sizeof(hash); |
| unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| void *rs_ctx = NULL; |
| #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
| mbedtls_pk_restart_ctx ctx; |
| |
| rs_ctx = &ctx; |
| mbedtls_pk_restart_init(rs_ctx); |
| /* This value is large enough that the operation will complete in one run. |
| * See comments at the top of ecp_test_vect_restart in |
| * test_suite_ecp.function for estimates of operation counts. */ |
| mbedtls_ecp_set_max_ops(42000); |
| #endif |
| |
| mbedtls_pk_init(&pk); |
| MD_OR_USE_PSA_INIT(); |
| |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); |
| TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); |
| |
| #if defined(MBEDTLS_RSA_C) |
| if (type == MBEDTLS_PK_RSA) { |
| TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); |
| } |
| #else |
| (void) rsa_padding; |
| (void) rsa_md_alg; |
| #endif /* MBEDTLS_RSA_C */ |
| |
| TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, |
| hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL, |
| rs_ctx) == sign_ret); |
| if (sign_ret == 0) { |
| TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); |
| } else { |
| sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; |
| } |
| |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, |
| hash, hash_len, sig, sig_len) == verify_ret); |
| |
| if (verify_ret == 0) { |
| hash[0]++; |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, |
| hash, hash_len, sig, sig_len) != 0); |
| hash[0]--; |
| |
| sig[0]++; |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, |
| hash, hash_len, sig, sig_len) != 0); |
| sig[0]--; |
| } |
| |
| TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, |
| NULL) == sign_ret); |
| if (sign_ret == 0) { |
| TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); |
| } else { |
| sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; |
| } |
| |
| TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, |
| hash, hash_len, sig, sig_len, rs_ctx) == verify_ret); |
| |
| if (verify_ret == 0) { |
| hash[0]++; |
| TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, |
| hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); |
| hash[0]--; |
| |
| sig[0]++; |
| TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, |
| hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); |
| sig[0]--; |
| } |
| |
| exit: |
| #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
| mbedtls_pk_restart_free(rs_ctx); |
| #endif |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ |
| void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, int padding, |
| char *input_P, char *input_Q, |
| char *input_N, char *input_E, |
| int ret) |
| { |
| unsigned char output[300], result[300]; |
| mbedtls_test_rnd_pseudo_info rnd_info; |
| mbedtls_mpi N, P, Q, E; |
| mbedtls_rsa_context *rsa; |
| mbedtls_pk_context pk; |
| size_t olen, rlen; |
| |
| mbedtls_pk_init(&pk); |
| mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| MD_OR_USE_PSA_INIT(); |
| |
| memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
| memset(output, 0, sizeof(output)); |
| |
| /* encryption test */ |
| |
| /* init pk-rsa context */ |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| rsa = mbedtls_pk_rsa(pk); |
| mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); |
| |
| /* load public key */ |
| rsa->len = (mod + 7) / 8; |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_encrypt(&pk, message->x, message->len, |
| output, &olen, sizeof(output), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); |
| |
| /* decryption test */ |
| mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| |
| /* init pk-rsa context */ |
| mbedtls_pk_free(&pk); |
| TEST_ASSERT(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| rsa = mbedtls_pk_rsa(pk); |
| mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); |
| |
| /* load public key */ |
| TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| |
| /* load private key */ |
| TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); |
| TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); |
| TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); |
| |
| TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); |
| TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); |
| |
| memset(result, 0, sizeof(result)); |
| rlen = 0; |
| TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen, |
| result, &rlen, sizeof(result), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); |
| if (ret == 0) { |
| TEST_ASSERT(rlen == message->len); |
| TEST_ASSERT(memcmp(result, message->x, rlen) == 0); |
| } |
| |
| exit: |
| mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ |
| void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg, |
| char *input_P, char *input_Q, |
| char *input_N, char *input_E, |
| data_t *clear, int ret) |
| { |
| unsigned char output[256]; |
| mbedtls_test_rnd_pseudo_info rnd_info; |
| mbedtls_mpi N, P, Q, E; |
| mbedtls_rsa_context *rsa; |
| mbedtls_pk_context pk; |
| size_t olen; |
| |
| mbedtls_pk_init(&pk); |
| mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| MD_OR_USE_PSA_INIT(); |
| |
| memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
| |
| /* init pk-rsa context */ |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| rsa = mbedtls_pk_rsa(pk); |
| |
| /* load public key */ |
| TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| |
| /* load private key */ |
| TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); |
| TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); |
| TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); |
| |
| TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); |
| TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); |
| |
| /* set padding mode */ |
| if (padding >= 0) { |
| TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0); |
| } |
| |
| /* decryption test */ |
| memset(output, 0, sizeof(output)); |
| olen = 0; |
| TEST_ASSERT(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, |
| output, &olen, sizeof(output), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); |
| if (ret == 0) { |
| TEST_ASSERT(olen == clear->len); |
| TEST_ASSERT(memcmp(output, clear->x, olen) == 0); |
| } |
| |
| exit: |
| mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, |
| char *input_P, char *input_Q, |
| char *input_N, char *input_E, |
| int padding_mode, |
| data_t *clear, int ret) |
| { |
| unsigned char output[256]; |
| mbedtls_test_rnd_pseudo_info rnd_info; |
| mbedtls_mpi N, P, Q, E; |
| mbedtls_rsa_context *rsa; |
| mbedtls_pk_context pk; |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; |
| size_t olen; |
| |
| mbedtls_pk_init(&pk); |
| mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| USE_PSA_INIT(); |
| |
| memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
| |
| /* init pk-rsa context */ |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); |
| rsa = mbedtls_pk_rsa(pk); |
| |
| /* load public key */ |
| TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); |
| TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); |
| |
| /* load private key */ |
| TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0); |
| TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0); |
| TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0); |
| TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); |
| TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); |
| |
| /* Set padding mode */ |
| if (padding_mode == MBEDTLS_RSA_PKCS_V21) { |
| TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding_mode, MBEDTLS_MD_SHA1), 0); |
| } |
| |
| /* Turn PK context into an opaque one. */ |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0); |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); |
| mbedtls_pk_free(&pk); |
| mbedtls_pk_init(&pk); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); |
| |
| TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); |
| |
| /* decryption test */ |
| memset(output, 0, sizeof(output)); |
| olen = 0; |
| TEST_EQUAL(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, |
| output, &olen, sizeof(output), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info), ret); |
| if (ret == 0) { |
| TEST_EQUAL(olen, clear->len); |
| TEST_EQUAL(memcmp(output, clear->x, olen), 0); |
| } |
| |
| TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); |
| |
| exit: |
| mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void pk_ec_nocrypt(int type) |
| { |
| mbedtls_pk_context pk; |
| unsigned char output[100]; |
| unsigned char input[100]; |
| mbedtls_test_rnd_pseudo_info rnd_info; |
| size_t olen = 0; |
| int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
| memset(output, 0, sizeof(output)); |
| memset(input, 0, sizeof(input)); |
| |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); |
| |
| TEST_ASSERT(mbedtls_pk_encrypt(&pk, input, sizeof(input), |
| output, &olen, sizeof(output), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); |
| |
| TEST_ASSERT(mbedtls_pk_decrypt(&pk, input, sizeof(input), |
| output, &olen, sizeof(output), |
| mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ |
| void pk_rsa_overflow() |
| { |
| mbedtls_pk_context pk; |
| size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1; |
| unsigned char hash[50], sig[100]; |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); |
| |
| #if defined(MBEDTLS_PKCS1_V21) |
| TEST_EQUAL(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, |
| MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| #endif /* MBEDTLS_PKCS1_V21 */ |
| |
| TEST_EQUAL(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, |
| sig, sig_len), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| #if defined(MBEDTLS_PKCS1_V21) |
| TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, |
| MBEDTLS_MD_NONE, hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| #endif /* MBEDTLS_PKCS1_V21 */ |
| |
| TEST_EQUAL(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ |
| void pk_rsa_alt() |
| { |
| /* |
| * An rsa_alt context can only do private operations (decrypt, sign). |
| * Test it against the public operations (encrypt, verify) of a |
| * corresponding rsa context. |
| */ |
| mbedtls_rsa_context raw; |
| mbedtls_pk_context rsa, alt; |
| mbedtls_pk_debug_item dbg_items[10]; |
| unsigned char hash[50], sig[RSA_KEY_LEN]; |
| unsigned char msg[50], ciph[RSA_KEY_LEN], test[50]; |
| size_t sig_len, ciph_len, test_len; |
| int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; |
| |
| mbedtls_rsa_init(&raw); |
| mbedtls_pk_init(&rsa); |
| mbedtls_pk_init(&alt); |
| USE_PSA_INIT(); |
| |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| memset(msg, 0x2a, sizeof(msg)); |
| memset(ciph, 0, sizeof(ciph)); |
| memset(test, 0, sizeof(test)); |
| |
| /* Initialize PK RSA context with random key */ |
| TEST_ASSERT(mbedtls_pk_setup(&rsa, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0); |
| |
| /* Extract key to the raw rsa context */ |
| TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); |
| |
| /* Initialize PK RSA_ALT context */ |
| TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, (void *) &raw, |
| mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, |
| mbedtls_rsa_key_len_func) == 0); |
| |
| /* Test administrative functions */ |
| TEST_ASSERT(mbedtls_pk_can_do(&alt, MBEDTLS_PK_RSA)); |
| TEST_ASSERT(mbedtls_pk_get_bitlen(&alt) == RSA_KEY_SIZE); |
| TEST_ASSERT(mbedtls_pk_get_len(&alt) == RSA_KEY_LEN); |
| TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); |
| TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, |
| PSA_KEY_USAGE_ENCRYPT, |
| &attributes), |
| MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), |
| MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); |
| #endif /* MBEDTLS_PSA_CRYPTO_C */ |
| |
| /* Test signature */ |
| #if SIZE_MAX > UINT_MAX |
| TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL) |
| == MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| #endif /* SIZE_MAX > UINT_MAX */ |
| TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL) |
| == 0); |
| TEST_ASSERT(sig_len == RSA_KEY_LEN); |
| TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE, |
| hash, sizeof(hash), sig, sig_len) == 0); |
| |
| /* Test decrypt */ |
| TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg), |
| ciph, &ciph_len, sizeof(ciph), |
| mbedtls_test_rnd_std_rand, NULL) == 0); |
| TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len, |
| test, &test_len, sizeof(test), |
| mbedtls_test_rnd_std_rand, NULL) == 0); |
| TEST_ASSERT(test_len == sizeof(msg)); |
| TEST_ASSERT(memcmp(test, msg, test_len) == 0); |
| |
| /* Test forbidden operations */ |
| TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg), |
| ciph, &ciph_len, sizeof(ciph), |
| mbedtls_test_rnd_std_rand, NULL) == ret); |
| TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE, |
| hash, sizeof(hash), sig, sig_len) == ret); |
| TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret); |
| |
| exit: |
| mbedtls_rsa_free(&raw); |
| mbedtls_pk_free(&rsa); mbedtls_pk_free(&alt); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ |
| void pk_psa_sign(int psa_type, int bits, int rsa_padding) |
| { |
| mbedtls_pk_context pk; |
| unsigned char hash[32]; |
| unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| unsigned char legacy_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; |
| unsigned char opaque_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; |
| size_t sig_len, legacy_pub_key_len, opaque_pub_key_len; |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_WRITE_C) |
| int ret; |
| #endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */ |
| #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) |
| mbedtls_ecp_group_id ecp_grp_id; |
| #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ |
| |
| /* |
| * Following checks are perfomed: |
| * - create an RSA/EC opaque context; |
| * - sign with opaque context for both EC and RSA keys; |
| * - [EC only] verify with opaque context; |
| * - verify that public keys of opaque and non-opaque contexts match; |
| * - verify with non-opaque context. |
| */ |
| |
| mbedtls_pk_init(&pk); |
| USE_PSA_INIT(); |
| |
| /* Create the legacy EC/RSA PK context. */ |
| #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) |
| if (PSA_KEY_TYPE_IS_RSA(psa_type)) { |
| TEST_ASSERT(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); |
| TEST_EQUAL(pk_genkey(&pk, bits), 0); |
| TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); |
| } |
| #else /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ |
| (void) rsa_padding; |
| #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ |
| #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) |
| if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { |
| ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); |
| TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); |
| TEST_ASSERT(pk_genkey(&pk, ecp_grp_id) == 0); |
| } |
| #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ |
| |
| /* Export public key from the non-opaque PK context we just created. */ |
| #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) |
| ret = mbedtls_pk_write_pubkey_der(&pk, legacy_pub_key, sizeof(legacy_pub_key)); |
| TEST_ASSERT(ret >= 0); |
| legacy_pub_key_len = (size_t) ret; |
| /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer so we |
| * shift data back to the beginning of the buffer. */ |
| memmove(legacy_pub_key, |
| legacy_pub_key + sizeof(legacy_pub_key) - legacy_pub_key_len, |
| legacy_pub_key_len); |
| #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) |
| if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { |
| TEST_EQUAL(mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), |
| &(mbedtls_pk_ec_ro(pk)->Q), |
| MBEDTLS_ECP_PF_UNCOMPRESSED, |
| &legacy_pub_key_len, legacy_pub_key, |
| sizeof(legacy_pub_key)), 0); |
| } |
| #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ |
| #if defined(MBEDTLS_RSA_C) |
| if (PSA_KEY_TYPE_IS_RSA(psa_type)) { |
| unsigned char *end = legacy_pub_key + sizeof(legacy_pub_key); |
| ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, &end); |
| legacy_pub_key_len = (size_t) ret; |
| TEST_ASSERT(legacy_pub_key_len > 0); |
| /* mbedtls_rsa_write_pubkey() writes data backward in the buffer so |
| * we shift that to the origin of the buffer instead. */ |
| memmove(legacy_pub_key, end, legacy_pub_key_len); |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| |
| /* Turn the PK context into an opaque one. */ |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0); |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0); |
| mbedtls_pk_free(&pk); |
| mbedtls_pk_init(&pk); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); |
| |
| PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); |
| TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type); |
| TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) bits); |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); |
| |
| /* Sign with the opaque context. */ |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, |
| hash, sizeof(hash), sig, sizeof(sig), &sig_len, |
| NULL, NULL) == 0); |
| /* Only opaque EC keys support verification. */ |
| if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, |
| hash, sizeof(hash), sig, sig_len) == 0); |
| } |
| |
| /* Export public key from the opaque PK context. */ |
| #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) |
| ret = mbedtls_pk_write_pubkey_der(&pk, opaque_pub_key, sizeof(opaque_pub_key)); |
| TEST_ASSERT(ret >= 0); |
| opaque_pub_key_len = (size_t) ret; |
| /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ |
| memmove(opaque_pub_key, |
| opaque_pub_key + sizeof(opaque_pub_key) - opaque_pub_key_len, |
| opaque_pub_key_len); |
| #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| TEST_EQUAL(psa_export_public_key(key_id, opaque_pub_key, sizeof(opaque_pub_key), |
| &opaque_pub_key_len), PSA_SUCCESS); |
| #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| |
| /* Check that the public keys of opaque and non-opaque PK contexts match. */ |
| TEST_EQUAL(opaque_pub_key_len, legacy_pub_key_len); |
| TEST_MEMORY_COMPARE(opaque_pub_key, opaque_pub_key_len, legacy_pub_key, legacy_pub_key_len); |
| |
| /* Destroy the opaque PK context and the wrapped PSA key. */ |
| mbedtls_pk_free(&pk); |
| TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id)); |
| |
| /* Create a new non-opaque PK context to verify the signature. */ |
| mbedtls_pk_init(&pk); |
| #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) |
| TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, legacy_pub_key, legacy_pub_key_len), 0); |
| #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) |
| if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { |
| TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); |
| TEST_EQUAL(mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(pk)->grp), ecp_grp_id), 0); |
| TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), |
| &(mbedtls_pk_ec_rw(pk)->Q), |
| legacy_pub_key, legacy_pub_key_len), 0); |
| } |
| #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ |
| #if defined(MBEDTLS_RSA_C) |
| if (PSA_KEY_TYPE_IS_RSA(psa_type)) { |
| TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); |
| TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, |
| legacy_pub_key_len), 0); |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ |
| |
| #if defined(MBEDTLS_RSA_C) |
| if (PSA_KEY_TYPE_IS_RSA(psa_type)) { |
| TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, |
| hash, sizeof(hash), sig, sig_len) == 0); |
| |
| exit: |
| psa_reset_key_attributes(&attributes); |
| |
| mbedtls_pk_free(&pk); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ |
| void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) |
| { |
| mbedtls_pk_context pk; |
| size_t sig_len; |
| unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
| size_t hash_len = mbedtls_md_get_size_from_type(md_alg); |
| void const *options = NULL; |
| mbedtls_pk_rsassa_pss_options rsassa_pss_options; |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| |
| mbedtls_pk_init(&pk); |
| MD_OR_USE_PSA_INIT(); |
| |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(pk_type)), 0); |
| TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); |
| |
| TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| |
| if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { |
| rsassa_pss_options.mgf1_hash_id = md_alg; |
| TEST_ASSERT(hash_len != 0); |
| rsassa_pss_options.expected_salt_len = hash_len; |
| options = (const void *) &rsassa_pss_options; |
| } |
| TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, |
| hash, hash_len, sig, sig_len), 0); |
| exit: |
| mbedtls_pk_free(&pk); |
| MD_OR_USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg) |
| { |
| mbedtls_pk_context pk; |
| size_t sig_len, pkey_len; |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; |
| unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; |
| unsigned char *pkey_start; |
| unsigned char hash[PSA_HASH_MAX_SIZE]; |
| psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); |
| size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); |
| void const *options = NULL; |
| mbedtls_pk_rsassa_pss_options rsassa_pss_options; |
| int ret; |
| |
| mbedtls_pk_init(&pk); |
| PSA_INIT(); |
| |
| /* Create legacy RSA public/private key in PK context. */ |
| mbedtls_pk_init(&pk); |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(pk_type)), 0); |
| TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), |
| mbedtls_test_rnd_std_rand, NULL, |
| key_bits, 3), 0); |
| |
| if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { |
| mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); |
| } |
| |
| /* Export underlying public key for re-importing in a legacy context. |
| * Note: mbedtls_rsa_write_key() writes backwards in the data buffer. */ |
| pkey_start = pkey + sizeof(pkey); |
| ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), pkey, &pkey_start); |
| TEST_ASSERT(ret >= 0); |
| |
| pkey_len = (size_t) ret; |
| /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ |
| pkey_start = pkey + sizeof(pkey) - pkey_len; |
| |
| /* Turn PK context into an opaque one. */ |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); |
| mbedtls_pk_free(&pk); |
| mbedtls_pk_init(&pk); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); |
| |
| memset(hash, 0x2a, sizeof(hash)); |
| memset(sig, 0, sizeof(sig)); |
| |
| TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, |
| sig, sizeof(sig), &sig_len, |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| |
| /* verify_ext() is not supported when using an opaque context. */ |
| if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { |
| mbedtls_pk_rsassa_pss_options pss_opts = { |
| .mgf1_hash_id = md_alg, |
| .expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY, |
| }; |
| TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, &pss_opts, &pk, md_alg, |
| hash, hash_len, sig, sig_len), |
| MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); |
| } else { |
| TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, NULL, &pk, md_alg, |
| hash, hash_len, sig, sig_len), |
| MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| } |
| |
| mbedtls_pk_free(&pk); |
| TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); |
| |
| mbedtls_pk_init(&pk); |
| TEST_EQUAL(mbedtls_pk_setup(&pk, |
| mbedtls_pk_info_from_type(pk_type)), 0); |
| TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), pkey_start, pkey_len), 0); |
| |
| if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { |
| rsassa_pss_options.mgf1_hash_id = md_alg; |
| TEST_ASSERT(hash_len != 0); |
| rsassa_pss_options.expected_salt_len = hash_len; |
| options = (const void *) &rsassa_pss_options; |
| } |
| TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, |
| hash, hash_len, sig, sig_len), 0); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ |
| void pk_get_psa_attributes(int pk_type, int from_pair, |
| int usage_arg, |
| int to_pair, int expected_alg) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_usage_t usage = usage_arg; |
| mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| PSA_INIT(); |
| |
| psa_key_type_t expected_psa_type = 0; |
| TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, |
| &pk, &expected_psa_type), 0); |
| if (!to_pair) { |
| expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); |
| } |
| |
| psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity |
| psa_set_key_id(&attributes, key_id); |
| psa_set_key_lifetime(&attributes, lifetime); |
| psa_set_key_enrollment_algorithm(&attributes, 42); |
| psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); |
| |
| #if defined(MBEDTLS_ECDSA_DETERMINISTIC) |
| /* When the resulting algorithm is ECDSA, the compile-time configuration |
| * can cause it to be either deterministic or randomized ECDSA. |
| * Rather than have two near-identical sets of test data depending on |
| * the configuration, always use randomized in the test data and |
| * tweak the expected result here. */ |
| if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { |
| expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); |
| } |
| #endif |
| |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); |
| |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); |
| TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), |
| key_id)); |
| TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); |
| TEST_EQUAL(psa_get_key_bits(&attributes), |
| mbedtls_pk_get_bitlen(&pk)); |
| TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); |
| TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); |
| TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); |
| |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); |
| if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { |
| goto exit; |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_reset_key_attributes(&attributes); |
| psa_destroy_key(new_key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */ |
| void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, |
| int usage_arg, |
| int to_pair, int expected_alg) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_usage_t usage = usage_arg; |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| PSA_INIT(); |
| |
| psa_key_type_t expected_psa_type = 0; |
| TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, |
| &pk, &expected_psa_type), 0); |
| mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); |
| TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); |
| if (!to_pair) { |
| expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); |
| } |
| psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); |
| |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); |
| |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); |
| TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), |
| MBEDTLS_SVC_KEY_ID_INIT)); |
| TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); |
| TEST_EQUAL(psa_get_key_bits(&attributes), |
| mbedtls_pk_get_bitlen(&pk)); |
| TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); |
| TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); |
| TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); |
| |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); |
| if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { |
| goto exit; |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_reset_key_attributes(&attributes); |
| psa_destroy_key(new_key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ |
| void pk_get_psa_attributes_fail(int pk_type, int from_pair, |
| int usage_arg, |
| int expected_ret) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_usage_t usage = usage_arg; |
| |
| PSA_INIT(); |
| |
| psa_key_type_t expected_psa_type; |
| TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, |
| &pk, &expected_psa_type), 0); |
| |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), |
| expected_ret); |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_reset_key_attributes(&attributes); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ |
| void pk_import_into_psa_lifetime(int from_opaque, |
| int from_persistent, /* when from opaque */ |
| int from_exportable, /* when from opaque */ |
| int to_public, |
| int to_persistent) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| mbedtls_svc_key_id_t expected_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_lifetime_t expected_lifetime = PSA_KEY_LIFETIME_VOLATILE; |
| |
| PSA_INIT(); |
| |
| if (from_opaque) { |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| psa_key_type_t from_psa_type = |
| PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY); |
| psa_set_key_type(&attributes, from_psa_type); |
| psa_set_key_bits(&attributes, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS); |
| psa_set_key_usage_flags( |
| &attributes, |
| (from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) | |
| PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); |
| psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); |
| if (from_persistent) { |
| psa_set_key_id(&attributes, mbedtls_svc_key_id_make(0, 1)); |
| } |
| PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); |
| psa_reset_key_attributes(&attributes); |
| #else |
| (void) from_persistent; |
| (void) from_exportable; |
| TEST_FAIL("Attempted to test opaque key without opaque key support"); |
| #endif |
| } else { |
| psa_key_type_t psa_type_according_to_setup; |
| TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_ECKEY, 1, |
| &pk, &psa_type_according_to_setup), 0); |
| } |
| |
| if (to_persistent) { |
| expected_key_id = mbedtls_svc_key_id_make(42, 2); |
| psa_set_key_id(&attributes, expected_key_id); |
| /* psa_set_key_id() sets the lifetime to PERSISTENT */ |
| expected_lifetime = PSA_KEY_LIFETIME_PERSISTENT; |
| } |
| |
| psa_key_usage_t to_usage = |
| to_public ? PSA_KEY_USAGE_VERIFY_HASH : PSA_KEY_USAGE_SIGN_HASH; |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, to_usage, |
| &attributes), 0); |
| /* mbedtls_pk_get_psa_attributes() is specified to not modify |
| * the persistence attributes. */ |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); |
| TEST_EQUAL(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), |
| MBEDTLS_SVC_KEY_ID_GET_KEY_ID(expected_key_id)); |
| |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); |
| if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { |
| goto exit; |
| } |
| |
| PSA_ASSERT(psa_get_key_attributes(new_key_id, &attributes)); |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); |
| /* Here expected_key_id=0 for a volatile key, but we expect |
| * attributes to contain a dynamically assigned key id which we |
| * can't predict. */ |
| if (to_persistent) { |
| TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), |
| expected_key_id)); |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_reset_key_attributes(&attributes); |
| psa_destroy_key(old_key_id); |
| psa_destroy_key(new_key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, |
| int from_usage_arg, int from_alg_arg, |
| int usage_arg, |
| int expected_ret, |
| int to_pair, int expected_usage_arg) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_type_t from_type = from_type_arg; |
| size_t bits = from_bits_arg; |
| psa_key_usage_t from_usage = from_usage_arg; |
| psa_algorithm_t alg = from_alg_arg; |
| psa_key_usage_t usage = usage_arg; |
| psa_key_usage_t expected_usage = expected_usage_arg; |
| mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| PSA_INIT(); |
| |
| psa_set_key_type(&attributes, from_type); |
| psa_set_key_bits(&attributes, bits); |
| psa_set_key_usage_flags(&attributes, from_usage); |
| psa_set_key_algorithm(&attributes, alg); |
| psa_set_key_enrollment_algorithm(&attributes, 42); |
| PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); |
| |
| psa_key_type_t expected_psa_type = |
| to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); |
| |
| TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), |
| expected_ret); |
| |
| if (expected_ret == 0) { |
| TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); |
| TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), |
| MBEDTLS_SVC_KEY_ID_INIT)); |
| TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); |
| TEST_EQUAL(psa_get_key_bits(&attributes), bits); |
| TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); |
| TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); |
| TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); |
| |
| int expected_import_ret = 0; |
| if (to_pair && |
| !(from_usage & (PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT))) { |
| expected_import_ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; |
| } |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), |
| expected_import_ret); |
| if (expected_import_ret == 0) { |
| if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { |
| goto exit; |
| } |
| } |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_destroy_key(old_key_id); |
| psa_destroy_key(new_key_id); |
| psa_reset_key_attributes(&attributes); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ |
| void pk_import_into_psa_fail(int pk_type, int from_pair, |
| int type_arg, int bits_arg, |
| int expected_ret) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_type_t type = type_arg; |
| size_t bits = bits_arg; |
| mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); |
| |
| PSA_INIT(); |
| |
| psa_key_type_t expected_psa_type; |
| TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, |
| &pk, &expected_psa_type), 0); |
| |
| psa_set_key_type(&attributes, type); |
| psa_set_key_bits(&attributes, bits); |
| |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), |
| expected_ret); |
| TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT)); |
| |
| exit: |
| psa_destroy_key(key_id); |
| mbedtls_pk_free(&pk); |
| psa_reset_key_attributes(&attributes); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ |
| void pk_import_into_psa_opaque(int from_type, int from_bits, |
| int from_usage, int from_alg, |
| int to_type, int to_bits, |
| int to_usage, int to_alg, |
| int expected_ret) |
| { |
| mbedtls_pk_context pk; |
| mbedtls_pk_init(&pk); |
| psa_key_attributes_t from_attributes = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t from_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t to_attributes = PSA_KEY_ATTRIBUTES_INIT; |
| mbedtls_svc_key_id_t to_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; |
| |
| PSA_INIT(); |
| |
| psa_set_key_type(&from_attributes, from_type); |
| psa_set_key_bits(&from_attributes, from_bits); |
| psa_set_key_usage_flags(&from_attributes, from_usage); |
| psa_set_key_algorithm(&from_attributes, from_alg); |
| PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id)); |
| TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); |
| |
| psa_set_key_type(&to_attributes, to_type); |
| psa_set_key_bits(&to_attributes, to_bits); |
| psa_set_key_usage_flags(&to_attributes, to_usage); |
| psa_set_key_algorithm(&to_attributes, to_alg); |
| |
| TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &to_attributes, &to_key_id), |
| expected_ret); |
| |
| if (expected_ret == 0) { |
| PSA_ASSERT(psa_get_key_attributes(to_key_id, &actual_attributes)); |
| TEST_EQUAL(to_type, psa_get_key_type(&actual_attributes)); |
| if (to_bits != 0) { |
| TEST_EQUAL(to_bits, psa_get_key_bits(&actual_attributes)); |
| } |
| TEST_EQUAL(to_alg, psa_get_key_algorithm(&actual_attributes)); |
| psa_key_usage_t expected_usage = to_usage; |
| if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { |
| expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; |
| } |
| if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { |
| expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; |
| } |
| TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); |
| if (!mbedtls_test_key_consistency_psa_pk(to_key_id, &pk)) { |
| goto exit; |
| } |
| } else { |
| TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); |
| } |
| |
| exit: |
| mbedtls_pk_free(&pk); |
| psa_destroy_key(from_key_id); |
| psa_destroy_key(to_key_id); |
| psa_reset_key_attributes(&from_attributes); |
| psa_reset_key_attributes(&to_attributes); |
| psa_reset_key_attributes(&actual_attributes); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ |
| void pk_copy_from_psa_fail(void) |
| { |
| mbedtls_pk_context pk_ctx; |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| mbedtls_pk_init(&pk_ctx); |
| PSA_INIT(); |
| |
| /* Null pk pointer. */ |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, NULL), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, NULL), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| /* Invalid key ID. */ |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), |
| MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| |
| #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) |
| /* Generate a key type that is not handled by the PK module. */ |
| PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, |
| PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, &key_id)); |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| psa_destroy_key(key_id); |
| #endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ |
| |
| #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \ |
| defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) |
| /* Generate an EC key which cannot be exported. */ |
| PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, |
| 0, PSA_ALG_NONE, &key_id)); |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| psa_destroy_key(key_id); |
| #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 && |
| PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ |
| |
| exit: |
| mbedtls_pk_free(&pk_ctx); |
| psa_destroy_key(key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ |
| void pk_copy_from_psa_builtin_fail() |
| { |
| mbedtls_pk_context pk_ctx; |
| mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| mbedtls_pk_init(&pk_ctx); |
| PSA_INIT(); |
| |
| PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, |
| PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, |
| PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, |
| PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), |
| &key_id)); |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); |
| exit: |
| mbedtls_pk_free(&pk_ctx); |
| psa_destroy_key(key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ |
| void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg, |
| int key_alg_arg) |
| { |
| psa_key_type_t key_type = key_type_arg; |
| psa_algorithm_t key_alg = key_alg_arg; |
| psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | |
| PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; |
| mbedtls_pk_context pk_priv, pk_priv_copy_public, pk_pub, pk_pub_copy_public; |
| mbedtls_svc_key_id_t priv_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| mbedtls_svc_key_id_t pub_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| unsigned char *in_buf = NULL; |
| size_t in_buf_len = MBEDTLS_MD_MAX_SIZE; |
| unsigned char out_buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| unsigned char out_buf2[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; |
| size_t out_buf_len, out_buf2_len; |
| |
| mbedtls_pk_init(&pk_priv); |
| mbedtls_pk_init(&pk_priv_copy_public); |
| mbedtls_pk_init(&pk_pub); |
| mbedtls_pk_init(&pk_pub_copy_public); |
| PSA_INIT(); |
| |
| if (key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) { |
| key_usage |= PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; |
| } |
| |
| /* Create both a private key and its public counterpart in PSA. */ |
| PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, |
| key_type, key_usage, key_alg, &priv_key_id)); |
| pub_key_id = psa_pub_key_from_priv(priv_key_id); |
| |
| /* Create 4 PK contexts starting from the PSA keys we just created. */ |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(priv_key_id, &pk_priv), 0); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(priv_key_id, &pk_priv_copy_public), 0); |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(pub_key_id, &pk_pub), 0); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(pub_key_id, &pk_pub_copy_public), 0); |
| |
| /* Destoy both PSA keys to prove that generated PK contexts are independent |
| * from them. */ |
| priv_key_id = psa_copy_and_destroy(priv_key_id); |
| pub_key_id = psa_copy_and_destroy(pub_key_id); |
| |
| /* Test #1: |
| * - check that the generated PK contexts are of the correct type. |
| * - [only for RSA] check that the padding mode is correct. |
| */ |
| if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) { |
| TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_ECKEY); |
| TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_ECKEY); |
| } else { |
| TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_RSA); |
| TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_RSA); |
| #if defined(MBEDTLS_RSA_C) |
| mbedtls_rsa_context *rsa_priv = mbedtls_pk_rsa(pk_priv); |
| mbedtls_rsa_context *rsa_pub = mbedtls_pk_rsa(pk_pub); |
| if (PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) { |
| TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V21); |
| TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V21); |
| } else { |
| TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V15); |
| TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V15); |
| } |
| #endif /* MBEDTLS_RSA_C */ |
| } |
| |
| /* Test #2: check that the 2 generated PK contexts form a valid private/public key pair. */ |
| TEST_EQUAL(mbedtls_pk_check_pair(&pk_pub, &pk_priv, mbedtls_test_rnd_std_rand, NULL), 0); |
| |
| /* Get the MD alg to be used for the tests below from the provided key policy. */ |
| mbedtls_md_type_t md_for_test = MBEDTLS_MD_ALG_FOR_TEST; /* Default */ |
| if ((PSA_ALG_GET_HASH(key_alg) != PSA_ALG_NONE) && |
| (PSA_ALG_GET_HASH(key_alg) != PSA_ALG_ANY_HASH)) { |
| md_for_test = mbedtls_md_type_from_psa_alg(key_alg); |
| } |
| /* Use also the same MD algorithm for PSA sign/verify checks. This is helpful |
| * for the cases in which the key policy algorithm is ANY_HASH type. */ |
| psa_algorithm_t psa_alg_for_test = |
| (key_alg & ~PSA_ALG_HASH_MASK) | |
| (mbedtls_md_psa_alg_from_type(md_for_test) & PSA_ALG_HASH_MASK); |
| |
| in_buf_len = mbedtls_md_get_size_from_type(md_for_test); |
| TEST_CALLOC(in_buf, in_buf_len); |
| memset(in_buf, 0x1, in_buf_len); |
| |
| /* Test #3: sign/verify with the following pattern: |
| * - Sign using the PK context generated from the private key. |
| * - Verify from the same PK context used for signature. |
| * - Verify with the PK context generated using public key. |
| * - Verify using the public PSA key directly. |
| */ |
| |
| /* Edge cases: in a build with RSA key support but not RSA padding modes, |
| * or with ECDSA verify support but not signature, the signature might be |
| * impossible. */ |
| int pk_can_sign = 0; |
| #if defined(MBEDTLS_PKCS1_V15) |
| if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(key_alg) || key_alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { |
| pk_can_sign = 1; |
| } |
| #endif |
| #if defined(MBEDTLS_PKCS1_V21) |
| if (PSA_ALG_IS_RSA_PSS(key_alg) || PSA_ALG_IS_RSA_OAEP(key_alg)) { |
| pk_can_sign = 1; |
| } |
| #endif |
| #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) |
| if (PSA_ALG_IS_ECDSA(key_alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(key_alg)) { |
| pk_can_sign = 1; |
| } |
| #endif |
| if (pk_can_sign) { |
| TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len, |
| out_buf, sizeof(out_buf), &out_buf_len, |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| |
| TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len, |
| out_buf, out_buf_len), 0); |
| TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len, |
| out_buf, out_buf_len), 0); |
| } |
| |
| if (PSA_ALG_IS_HASH_AND_SIGN(key_alg)) { |
| #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) |
| /* ECDSA signature requires PK->PSA format conversion. */ |
| if (PSA_ALG_IS_ECDSA(key_alg)) { |
| TEST_EQUAL(mbedtls_ecdsa_der_to_raw(mbedtls_pk_get_bitlen(&pk_pub), |
| out_buf, out_buf_len, out_buf, |
| sizeof(out_buf), &out_buf_len), 0); |
| } |
| #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ |
| PSA_ASSERT(psa_verify_hash(pub_key_id, psa_alg_for_test, in_buf, in_buf_len, |
| out_buf, out_buf_len)); |
| } |
| |
| /* Test #4: check sign/verify interoperability also in the opposite direction: |
| * sign with PSA and verify with PK. Key's policy must include a valid hash |
| * algorithm (not any). |
| */ |
| if (PSA_ALG_IS_HASH_AND_SIGN(key_alg)) { |
| PSA_ASSERT(psa_sign_hash(priv_key_id, psa_alg_for_test, in_buf, in_buf_len, |
| out_buf, sizeof(out_buf), &out_buf_len)); |
| #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) |
| /* ECDSA signature requires PSA->PK format conversion */ |
| if (PSA_ALG_IS_ECDSA(key_alg)) { |
| TEST_EQUAL(mbedtls_ecdsa_raw_to_der(mbedtls_pk_get_bitlen(&pk_pub), |
| out_buf, out_buf_len, out_buf, |
| sizeof(out_buf), &out_buf_len), 0); |
| } |
| #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ |
| TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len, |
| out_buf, out_buf_len), 0); |
| } |
| |
| /* Test #5: in case of RSA key pair try also encryption/decryption. */ |
| if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(key_alg)) { |
| /* Encrypt with the public key only PK context. */ |
| TEST_EQUAL(mbedtls_pk_encrypt(&pk_pub, in_buf, in_buf_len, |
| out_buf, &out_buf_len, sizeof(out_buf), |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| |
| /* Decrypt with key pair PK context and compare with original data. */ |
| TEST_EQUAL(mbedtls_pk_decrypt(&pk_priv, out_buf, out_buf_len, |
| out_buf2, &out_buf2_len, sizeof(out_buf2), |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); |
| |
| if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(key_alg)) { |
| /* Decrypt with PSA private key directly and compare with original data. */ |
| PSA_ASSERT(psa_asymmetric_decrypt(priv_key_id, key_alg, out_buf, out_buf_len, |
| NULL, 0, |
| out_buf2, sizeof(out_buf2), &out_buf2_len)); |
| TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); |
| |
| /* Encrypt with PSA public key directly, decrypt with public key PK context |
| * and compare with original data. */ |
| PSA_ASSERT(psa_asymmetric_encrypt(pub_key_id, key_alg, in_buf, in_buf_len, |
| NULL, 0, |
| out_buf, sizeof(out_buf), &out_buf_len)); |
| TEST_EQUAL(mbedtls_pk_decrypt(&pk_priv, out_buf, out_buf_len, |
| out_buf2, &out_buf2_len, sizeof(out_buf2), |
| mbedtls_test_rnd_std_rand, NULL), 0); |
| TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); |
| } |
| } |
| |
| /* Test that the keys from mbedtls_pk_copy_public_from_psa() are identical |
| * to the public key from mbedtls_pk_copy_from_psa(). */ |
| mbedtls_test_set_step(1); |
| TEST_ASSERT(pk_public_same(&pk_pub, &pk_priv_copy_public)); |
| mbedtls_test_set_step(2); |
| TEST_ASSERT(pk_public_same(&pk_pub, &pk_pub_copy_public)); |
| |
| exit: |
| mbedtls_free(in_buf); |
| mbedtls_pk_free(&pk_priv); |
| mbedtls_pk_free(&pk_priv_copy_public); |
| mbedtls_pk_free(&pk_pub); |
| mbedtls_pk_free(&pk_pub_copy_public); |
| psa_destroy_key(priv_key_id); |
| psa_destroy_key(pub_key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ |
| void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg) |
| { |
| psa_key_type_t key_type = key_type_arg; |
| mbedtls_pk_context pk_from_exportable; |
| mbedtls_pk_init(&pk_from_exportable); |
| mbedtls_pk_context pk_from_non_exportable; |
| mbedtls_pk_init(&pk_from_non_exportable); |
| mbedtls_pk_context pk_private; |
| mbedtls_pk_init(&pk_private); |
| mbedtls_svc_key_id_t non_exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| mbedtls_svc_key_id_t exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; |
| |
| PSA_INIT(); |
| |
| PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, |
| key_type, |
| PSA_KEY_USAGE_EXPORT, |
| PSA_ALG_NONE, |
| &exportable_key_id)); |
| PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, |
| key_type, |
| 0, |
| PSA_ALG_NONE, |
| &non_exportable_key_id)); |
| |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(exportable_key_id, |
| &pk_from_exportable), 0); |
| TEST_EQUAL(mbedtls_pk_copy_public_from_psa(non_exportable_key_id, |
| &pk_from_non_exportable), 0); |
| |
| /* Check that the non-exportable key really is non-exportable */ |
| TEST_EQUAL(mbedtls_pk_copy_from_psa(non_exportable_key_id, &pk_private), |
| MBEDTLS_ERR_PK_TYPE_MISMATCH); |
| |
| psa_destroy_key(exportable_key_id); |
| psa_destroy_key(non_exportable_key_id); |
| |
| /* The goal of this test function is mostly to check that |
| * mbedtls_pk_copy_public_from_psa works with a non-exportable key pair. |
| * We check that the resulting key is the same as for an exportable |
| * key pair. We rely on pk_copy_from_psa_success tests to validate that |
| * the result is correct. */ |
| TEST_ASSERT(pk_public_same(&pk_from_non_exportable, &pk_from_exportable)); |
| |
| exit: |
| mbedtls_pk_free(&pk_from_non_exportable); |
| mbedtls_pk_free(&pk_from_exportable); |
| mbedtls_pk_free(&pk_private); |
| psa_destroy_key(exportable_key_id); |
| psa_destroy_key(non_exportable_key_id); |
| PSA_DONE(); |
| } |
| /* END_CASE */ |