1/* BEGIN_HEADER */ 2#include "mbedtls/pk.h" 3 4/* For error codes */ 5#include "mbedtls/ecp.h" 6#include "mbedtls/rsa.h" 7 8static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); 9 10#define RSA_KEY_SIZE 512 11#define RSA_KEY_LEN 64 12 13static int pk_genkey( mbedtls_pk_context *pk ) 14{ 15 ((void) pk); 16 17#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 18 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) 19 return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 ); 20#endif 21#if defined(MBEDTLS_ECP_C) 22 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY || 23 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH || 24 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA ) 25 { 26 int ret; 27 if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp, 28 MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 ) 29 return( ret ); 30 31 return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, 32 &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL ); 33 } 34#endif 35 return( -1 ); 36} 37 38#if defined(MBEDTLS_RSA_C) 39int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, 40 const unsigned char *input, unsigned char *output, 41 size_t output_max_len ) 42{ 43 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, 44 input, output, output_max_len ) ); 45} 46int mbedtls_rsa_sign_func( void *ctx, 47 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 48 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 49 const unsigned char *hash, unsigned char *sig ) 50{ 51 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, 52 md_alg, hashlen, hash, sig ) ); 53} 54size_t mbedtls_rsa_key_len_func( void *ctx ) 55{ 56 return( ((const mbedtls_rsa_context *) ctx)->len ); 57} 58#endif /* MBEDTLS_RSA_C */ 59/* END_HEADER */ 60 61/* BEGIN_DEPENDENCIES 62 * depends_on:MBEDTLS_PK_C 63 * END_DEPENDENCIES 64 */ 65 66/* BEGIN_CASE */ 67void pk_utils( int type, int size, int len, char *name ) 68{ 69 mbedtls_pk_context pk; 70 71 mbedtls_pk_init( &pk ); 72 73 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 74 TEST_ASSERT( pk_genkey( &pk ) == 0 ); 75 76 TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type ); 77 TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) ); 78 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) size ); 79 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len ); 80 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 ); 81 82exit: 83 mbedtls_pk_free( &pk ); 84} 85/* END_CASE */ 86 87/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 88void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret ) 89{ 90 mbedtls_pk_context pub, prv, alt; 91 92 mbedtls_pk_init( &pub ); 93 mbedtls_pk_init( &prv ); 94 mbedtls_pk_init( &alt ); 95 96 TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); 97 TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); 98 99 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret ); 100 101#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 102 if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) 103 { 104 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), 105 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); 106 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); 107 } 108#endif 109 110 mbedtls_pk_free( &pub ); 111 mbedtls_pk_free( &prv ); 112 mbedtls_pk_free( &alt ); 113} 114/* END_CASE */ 115 116/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 117void pk_rsa_verify_test_vec( char *message_hex_string, int digest, 118 int mod, int radix_N, char *input_N, int radix_E, 119 char *input_E, char *result_hex_str, int result ) 120{ 121 unsigned char message_str[1000]; 122 unsigned char hash_result[1000]; 123 unsigned char result_str[1000]; 124 mbedtls_rsa_context *rsa; 125 mbedtls_pk_context pk; 126 int msg_len; 127 128 mbedtls_pk_init( &pk ); 129 130 memset( message_str, 0x00, 1000 ); 131 memset( hash_result, 0x00, 1000 ); 132 memset( result_str, 0x00, 1000 ); 133 134 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 135 rsa = mbedtls_pk_rsa( pk ); 136 137 rsa->len = mod / 8; 138 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); 139 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); 140 141 msg_len = unhexify( message_str, message_hex_string ); 142 unhexify( result_str, result_hex_str ); 143 144 if( mbedtls_md_info_from_type( digest ) != NULL ) 145 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); 146 147 TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, 148 result_str, mbedtls_pk_get_len( &pk ) ) == result ); 149 150exit: 151 mbedtls_pk_free( &pk ); 152} 153/* END_CASE */ 154 155/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 156void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest, 157 int mod, int radix_N, char *input_N, int radix_E, 158 char *input_E, char *result_hex_str, 159 int pk_type, int mgf1_hash_id, int salt_len, 160 int result ) 161{ 162 unsigned char message_str[1000]; 163 unsigned char hash_result[1000]; 164 unsigned char result_str[1000]; 165 mbedtls_rsa_context *rsa; 166 mbedtls_pk_context pk; 167 mbedtls_pk_rsassa_pss_options pss_opts; 168 void *options; 169 int msg_len; 170 size_t hash_len; 171 172 mbedtls_pk_init( &pk ); 173 174 memset( message_str, 0x00, 1000 ); 175 memset( hash_result, 0x00, 1000 ); 176 memset( result_str, 0x00, 1000 ); 177 178 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 179 rsa = mbedtls_pk_rsa( pk ); 180 181 rsa->len = mod / 8; 182 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); 183 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); 184 185 msg_len = unhexify( message_str, message_hex_string ); 186 unhexify( result_str, result_hex_str ); 187 188 if( digest != MBEDTLS_MD_NONE ) 189 { 190 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), 191 message_str, msg_len, hash_result ) == 0 ); 192 hash_len = 0; 193 } 194 else 195 { 196 memcpy( hash_result, message_str, msg_len ); 197 hash_len = msg_len; 198 } 199 200 if( mgf1_hash_id < 0 ) 201 { 202 options = NULL; 203 } 204 else 205 { 206 options = &pss_opts; 207 208 pss_opts.mgf1_hash_id = mgf1_hash_id; 209 pss_opts.expected_salt_len = salt_len; 210 } 211 212 TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk, 213 digest, hash_result, hash_len, 214 result_str, mbedtls_pk_get_len( &pk ) ) == result ); 215 216exit: 217 mbedtls_pk_free( &pk ); 218} 219/* END_CASE */ 220 221/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */ 222void pk_ec_test_vec( int type, int id, char *key_str, 223 char *hash_str, char * sig_str, int ret ) 224{ 225 mbedtls_pk_context pk; 226 mbedtls_ecp_keypair *eckey; 227 unsigned char hash[100], sig[500], key[500]; 228 size_t hash_len, sig_len, key_len; 229 230 mbedtls_pk_init( &pk ); 231 232 memset( hash, 0, sizeof( hash ) ); hash_len = unhexify(hash, hash_str); 233 memset( sig, 0, sizeof( sig ) ); sig_len = unhexify(sig, sig_str); 234 memset( key, 0, sizeof( key ) ); key_len = unhexify(key, key_str); 235 236 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 237 238 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) ); 239 eckey = mbedtls_pk_ec( pk ); 240 241 TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 ); 242 TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q, 243 key, key_len ) == 0 ); 244 245 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, 246 hash, hash_len, sig, sig_len ) == ret ); 247 248exit: 249 mbedtls_pk_free( &pk ); 250} 251/* END_CASE */ 252 253/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 254void pk_sign_verify( int type, int sign_ret, int verify_ret ) 255{ 256 mbedtls_pk_context pk; 257 unsigned char hash[50], sig[5000]; 258 size_t sig_len; 259 260 mbedtls_pk_init( &pk ); 261 262 memset( hash, 0x2a, sizeof hash ); 263 memset( sig, 0, sizeof sig ); 264 265 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 266 TEST_ASSERT( pk_genkey( &pk ) == 0 ); 267 268 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, 269 sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); 270 271 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 272 hash, sizeof hash, sig, sig_len ) == verify_ret ); 273 274exit: 275 mbedtls_pk_free( &pk ); 276} 277/* END_CASE */ 278 279/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 280void pk_rsa_encrypt_test_vec( char *message_hex, int mod, 281 int radix_N, char *input_N, 282 int radix_E, char *input_E, 283 char *result_hex, int ret ) 284{ 285 unsigned char message[1000]; 286 unsigned char output[1000]; 287 unsigned char result[1000]; 288 size_t msg_len, olen, res_len; 289 rnd_pseudo_info rnd_info; 290 mbedtls_rsa_context *rsa; 291 mbedtls_pk_context pk; 292 293 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 294 memset( message, 0, sizeof( message ) ); 295 memset( output, 0, sizeof( output ) ); 296 memset( result, 0, sizeof( result ) ); 297 298 msg_len = unhexify( message, message_hex ); 299 res_len = unhexify( result, result_hex ); 300 301 mbedtls_pk_init( &pk ); 302 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 303 rsa = mbedtls_pk_rsa( pk ); 304 305 rsa->len = mod / 8; 306 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); 307 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); 308 309 TEST_ASSERT( mbedtls_pk_encrypt( &pk, message, msg_len, 310 output, &olen, sizeof( output ), 311 rnd_pseudo_rand, &rnd_info ) == ret ); 312 TEST_ASSERT( olen == res_len ); 313 TEST_ASSERT( memcmp( output, result, olen ) == 0 ); 314 315exit: 316 mbedtls_pk_free( &pk ); 317} 318/* END_CASE */ 319 320/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 321void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, 322 int radix_P, char *input_P, 323 int radix_Q, char *input_Q, 324 int radix_N, char *input_N, 325 int radix_E, char *input_E, 326 char *clear_hex, int ret ) 327{ 328 unsigned char clear[1000]; 329 unsigned char output[1000]; 330 unsigned char cipher[1000]; 331 size_t clear_len, olen, cipher_len; 332 rnd_pseudo_info rnd_info; 333 mbedtls_mpi P1, Q1, H, G; 334 mbedtls_rsa_context *rsa; 335 mbedtls_pk_context pk; 336 337 mbedtls_pk_init( &pk ); 338 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); 339 340 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 341 memset( clear, 0, sizeof( clear ) ); 342 memset( cipher, 0, sizeof( cipher ) ); 343 344 clear_len = unhexify( clear, clear_hex ); 345 cipher_len = unhexify( cipher, cipher_hex ); 346 347 /* init pk-rsa context */ 348 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 349 rsa = mbedtls_pk_rsa( pk ); 350 351 /* load public key */ 352 rsa->len = mod / 8; 353 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); 354 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); 355 356 /* load private key */ 357 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->P, radix_P, input_P ) == 0 ); 358 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->Q, radix_Q, input_Q ) == 0 ); 359 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &rsa->P, 1 ) == 0 ); 360 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &rsa->Q, 1 ) == 0 ); 361 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); 362 TEST_ASSERT( mbedtls_mpi_gcd( &G, &rsa->E, &H ) == 0 ); 363 TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->D , &rsa->E, &H ) == 0 ); 364 TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DP, &rsa->D, &P1 ) == 0 ); 365 TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DQ, &rsa->D, &Q1 ) == 0 ); 366 TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->QP, &rsa->Q, &rsa->P ) == 0 ); 367 368 /* decryption test */ 369 memset( output, 0, sizeof( output ) ); 370 olen = 0; 371 TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher, cipher_len, 372 output, &olen, sizeof( output ), 373 rnd_pseudo_rand, &rnd_info ) == ret ); 374 if( ret == 0 ) 375 { 376 TEST_ASSERT( olen == clear_len ); 377 TEST_ASSERT( memcmp( output, clear, olen ) == 0 ); 378 } 379 380exit: 381 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); 382 mbedtls_pk_free( &pk ); 383} 384/* END_CASE */ 385 386/* BEGIN_CASE */ 387void pk_ec_nocrypt( int type ) 388{ 389 mbedtls_pk_context pk; 390 unsigned char output[100]; 391 unsigned char input[100]; 392 rnd_pseudo_info rnd_info; 393 size_t olen = 0; 394 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 395 396 mbedtls_pk_init( &pk ); 397 398 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 399 memset( output, 0, sizeof( output ) ); 400 memset( input, 0, sizeof( input ) ); 401 402 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 403 404 TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), 405 output, &olen, sizeof( output ), 406 rnd_pseudo_rand, &rnd_info ) == ret ); 407 408 TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), 409 output, &olen, sizeof( output ), 410 rnd_pseudo_rand, &rnd_info ) == ret ); 411 412exit: 413 mbedtls_pk_free( &pk ); 414} 415/* END_CASE */ 416 417/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 418void pk_rsa_alt( ) 419{ 420 /* 421 * An rsa_alt context can only do private operations (decrypt, sign). 422 * Test it against the public operations (encrypt, verify) of a 423 * corresponding rsa context. 424 */ 425 mbedtls_rsa_context raw; 426 mbedtls_pk_context rsa, alt; 427 mbedtls_pk_debug_item dbg_items[10]; 428 unsigned char hash[50], sig[1000]; 429 unsigned char msg[50], ciph[1000], test[1000]; 430 size_t sig_len, ciph_len, test_len; 431 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 432 433 mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); 434 mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt ); 435 436 memset( hash, 0x2a, sizeof hash ); 437 memset( sig, 0, sizeof sig ); 438 memset( msg, 0x2a, sizeof msg ); 439 memset( ciph, 0, sizeof ciph ); 440 memset( test, 0, sizeof test ); 441 442 /* Initiliaze PK RSA context with random key */ 443 TEST_ASSERT( mbedtls_pk_setup( &rsa, 444 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 445 TEST_ASSERT( pk_genkey( &rsa ) == 0 ); 446 447 /* Extract key to the raw rsa context */ 448 TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 ); 449 450 /* Initialize PK RSA_ALT context */ 451 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw, 452 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); 453 454 /* Test administrative functions */ 455 TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) ); 456 TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE ); 457 TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN ); 458 TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT ); 459 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 ); 460 461 /* Test signature */ 462 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, 463 sig, &sig_len, rnd_std_rand, NULL ) == 0 ); 464 TEST_ASSERT( sig_len == RSA_KEY_LEN ); 465 TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, 466 hash, sizeof hash, sig, sig_len ) == 0 ); 467 468 /* Test decrypt */ 469 TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg, 470 ciph, &ciph_len, sizeof ciph, 471 rnd_std_rand, NULL ) == 0 ); 472 TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len, 473 test, &test_len, sizeof test, 474 rnd_std_rand, NULL ) == 0 ); 475 TEST_ASSERT( test_len == sizeof msg ); 476 TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); 477 478 /* Test forbidden operations */ 479 TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg, 480 ciph, &ciph_len, sizeof ciph, 481 rnd_std_rand, NULL ) == ret ); 482 TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE, 483 hash, sizeof hash, sig, sig_len ) == ret ); 484 TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret ); 485 486exit: 487 mbedtls_rsa_free( &raw ); 488 mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt ); 489} 490/* END_CASE */ 491
