1/* BEGIN_HEADER */ 2#include "mbedtls/pk.h" 3 4/* For error codes */ 5#include "mbedtls/asn1.h" 6#include "mbedtls/base64.h" 7#include "mbedtls/ecp.h" 8#include "mbedtls/rsa.h" 9 10#include <limits.h> 11#include <stdint.h> 12 13/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), 14 * but the test code generator requires test case data to be valid C code 15 * unconditionally (https://github.com/ARMmbed/mbedtls/issues/2023). */ 16#include "psa/crypto.h" 17 18#define RSA_KEY_SIZE 512 19#define RSA_KEY_LEN 64 20 21/** Generate a key of the desired type. 22 * 23 * \param pk The PK object to fill. It must have been initialized 24 * with mbedtls_pk_setup(). 25 * \param parameter - For RSA keys, the key size in bits. 26 * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). 27 * 28 * \return The status from the underlying type-specific key 29 * generation function. 30 * \return -1 if the key type is not recognized. 31 */ 32static int pk_genkey( mbedtls_pk_context *pk, int parameter ) 33{ 34 ((void) pk); 35 (void) parameter; 36 37#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 38 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) 39 return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), 40 mbedtls_test_rnd_std_rand, NULL, 41 parameter, 3 ); 42#endif 43#if defined(MBEDTLS_ECP_C) 44 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY || 45 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH || 46 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA ) 47 { 48 int ret; 49 if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp, 50 parameter ) ) != 0 ) 51 return( ret ); 52 53 return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, 54 &mbedtls_pk_ec( *pk )->d, 55 &mbedtls_pk_ec( *pk )->Q, 56 mbedtls_test_rnd_std_rand, NULL ); 57 } 58#endif 59 return( -1 ); 60} 61 62#if defined(MBEDTLS_RSA_C) 63int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, 64 const unsigned char *input, unsigned char *output, 65 size_t output_max_len ) 66{ 67 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, 68 mbedtls_test_rnd_std_rand, NULL, mode, 69 olen, input, output, output_max_len ) ); 70} 71int mbedtls_rsa_sign_func( void *ctx, 72 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 73 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 74 const unsigned char *hash, unsigned char *sig ) 75{ 76 ((void) f_rng); 77 ((void) p_rng); 78 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, 79 mbedtls_test_rnd_std_rand, NULL, mode, 80 md_alg, hashlen, hash, sig ) ); 81} 82size_t mbedtls_rsa_key_len_func( void *ctx ) 83{ 84 return( ((const mbedtls_rsa_context *) ctx)->len ); 85} 86#endif /* MBEDTLS_RSA_C */ 87 88#if defined(MBEDTLS_USE_PSA_CRYPTO) 89 90/* 91 * Generate a key using PSA and return the key identifier of that key, 92 * or 0 if the key generation failed. 93 * The key uses NIST P-256 and is usable for signing with SHA-256. 94 */ 95mbedtls_svc_key_id_t pk_psa_genkey( void ) 96{ 97 mbedtls_svc_key_id_t key; 98 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 99 const psa_key_type_t type = 100 PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); 101 const size_t bits = 256; 102 103 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 104 psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) ); 105 psa_set_key_type( &attributes, type ); 106 psa_set_key_bits( &attributes, bits ); 107 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 108 109exit: 110 return( key ); 111} 112#endif /* MBEDTLS_USE_PSA_CRYPTO */ 113/* END_HEADER */ 114 115/* BEGIN_DEPENDENCIES 116 * depends_on:MBEDTLS_PK_C 117 * END_DEPENDENCIES 118 */ 119 120/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 121void pk_psa_utils( ) 122{ 123 mbedtls_pk_context pk, pk2; 124 mbedtls_svc_key_id_t key; 125 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 126 127 const char * const name = "Opaque"; 128 const size_t bitlen = 256; /* harcoded in genkey() */ 129 130 mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; 131 unsigned char b1[1], b2[1]; 132 size_t len; 133 mbedtls_pk_debug_item dbg; 134 135 PSA_ASSERT( psa_crypto_init( ) ); 136 137 mbedtls_pk_init( &pk ); 138 mbedtls_pk_init( &pk2 ); 139 140 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); 141 142 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) == 143 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 144 145 mbedtls_pk_free( &pk ); 146 mbedtls_pk_init( &pk ); 147 148 key = pk_psa_genkey(); 149 if( mbedtls_svc_key_id_is_null( key ) ) 150 goto exit; 151 152 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); 153 154 TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE ); 155 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 ); 156 157 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen ); 158 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 ); 159 160 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); 161 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); 162 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); 163 164 /* unsupported operations: verify, decrypt, encrypt */ 165 TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg, 166 b1, sizeof( b1), b2, sizeof( b2 ) ) 167 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 168 TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ), 169 b2, &len, sizeof( b2 ), 170 NULL, NULL ) 171 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 172 TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ), 173 b2, &len, sizeof( b2 ), 174 NULL, NULL ) 175 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 176 177 /* unsupported functions: check_pair, debug */ 178 TEST_ASSERT( mbedtls_pk_setup( &pk2, 179 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); 180 TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 ) 181 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 182 TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg ) 183 == MBEDTLS_ERR_PK_TYPE_MISMATCH ); 184 185 /* test that freeing the context does not destroy the key */ 186 mbedtls_pk_free( &pk ); 187 TEST_ASSERT( PSA_SUCCESS == psa_get_key_attributes( key, &attributes ) ); 188 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) ); 189 190exit: 191 /* 192 * Key attributes may have been returned by psa_get_key_attributes() 193 * thus reset them as required. 194 */ 195 psa_reset_key_attributes( &attributes ); 196 197 mbedtls_pk_free( &pk ); /* redundant except upon error */ 198 mbedtls_pk_free( &pk2 ); 199 USE_PSA_DONE( ); 200} 201/* END_CASE */ 202 203 204/* BEGIN_CASE */ 205void valid_parameters( ) 206{ 207 mbedtls_pk_context pk; 208 unsigned char buf[1]; 209 size_t len; 210 void *options = NULL; 211 212 mbedtls_pk_init( &pk ); 213 214 TEST_VALID_PARAM( mbedtls_pk_free( NULL ) ); 215 216#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 217 TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) ); 218#endif 219 220 TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == 221 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 222 223 /* In informational functions, we accept NULL where a context pointer 224 * is expected because that's what the library has done forever. 225 * We do not document that NULL is accepted, so we may wish to change 226 * the behavior in a future version. */ 227 TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 ); 228 TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 ); 229 TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); 230 231 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, 232 MBEDTLS_MD_NONE, 233 NULL, 0, 234 buf, &len, 235 mbedtls_test_rnd_std_rand, NULL, 236 NULL ) == 237 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 238 239 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, 240 MBEDTLS_MD_NONE, 241 NULL, 0, 242 buf, &len, 243 mbedtls_test_rnd_std_rand, NULL, 244 NULL ) == 245 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 246 247 TEST_ASSERT( mbedtls_pk_sign( &pk, 248 MBEDTLS_MD_NONE, 249 NULL, 0, 250 buf, &len, 251 mbedtls_test_rnd_std_rand, NULL ) == 252 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 253 254 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, 255 MBEDTLS_MD_NONE, 256 NULL, 0, 257 buf, sizeof( buf ), 258 NULL ) == 259 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 260 261 TEST_ASSERT( mbedtls_pk_verify( &pk, 262 MBEDTLS_MD_NONE, 263 NULL, 0, 264 buf, sizeof( buf ) ) == 265 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 266 267 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 268 &pk, 269 MBEDTLS_MD_NONE, 270 NULL, 0, 271 buf, sizeof( buf ) ) == 272 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 273 274 TEST_ASSERT( mbedtls_pk_encrypt( &pk, 275 NULL, 0, 276 NULL, &len, 0, 277 mbedtls_test_rnd_std_rand, NULL ) == 278 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 279 280 TEST_ASSERT( mbedtls_pk_decrypt( &pk, 281 NULL, 0, 282 NULL, &len, 0, 283 mbedtls_test_rnd_std_rand, NULL ) == 284 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 285 286#if defined(MBEDTLS_PK_PARSE_C) 287 TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == 288 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 289 290 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == 291 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 292#endif /* MBEDTLS_PK_PARSE_C */ 293} 294/* END_CASE */ 295 296/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ 297void valid_parameters_pkwrite( data_t *key_data ) 298{ 299 mbedtls_pk_context pk; 300 301 /* For the write tests to be effective, we need a valid key pair. */ 302 mbedtls_pk_init( &pk ); 303 TEST_ASSERT( mbedtls_pk_parse_key( &pk, 304 key_data->x, key_data->len, 305 NULL, 0 ) == 0 ); 306 307 TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == 308 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 309 310 TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == 311 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 312 313#if defined(MBEDTLS_PEM_WRITE_C) 314 TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) == 315 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); 316 317 TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) == 318 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); 319#endif /* MBEDTLS_PEM_WRITE_C */ 320 321exit: 322 mbedtls_pk_free( &pk ); 323} 324/* END_CASE */ 325 326/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 327void invalid_parameters( ) 328{ 329 size_t len; 330 unsigned char *null_buf = NULL; 331 unsigned char buf[1]; 332 unsigned char *p = buf; 333 char str[1] = {0}; 334 mbedtls_pk_context pk; 335 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; 336 void *options = buf; 337 338 (void) null_buf; 339 (void) p; 340 (void) str; 341 342 mbedtls_pk_init( &pk ); 343 344 TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) ); 345 346#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 347 TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) ); 348#endif 349 350 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 351 mbedtls_pk_setup( NULL, NULL ) ); 352 353#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 354 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 355 mbedtls_pk_setup_rsa_alt( NULL, buf, 356 NULL, NULL, NULL ) ); 357#endif 358 359 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 360 mbedtls_pk_verify_restartable( NULL, 361 MBEDTLS_MD_NONE, 362 buf, sizeof( buf ), 363 buf, sizeof( buf ), 364 NULL ) ); 365 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 366 mbedtls_pk_verify_restartable( &pk, 367 MBEDTLS_MD_NONE, 368 NULL, sizeof( buf ), 369 buf, sizeof( buf ), 370 NULL ) ); 371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 372 mbedtls_pk_verify_restartable( &pk, 373 valid_md, 374 NULL, 0, 375 buf, sizeof( buf ), 376 NULL ) ); 377 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 378 mbedtls_pk_verify_restartable( &pk, 379 MBEDTLS_MD_NONE, 380 buf, sizeof( buf ), 381 NULL, sizeof( buf ), 382 NULL ) ); 383 384 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 385 mbedtls_pk_verify( NULL, 386 MBEDTLS_MD_NONE, 387 buf, sizeof( buf ), 388 buf, sizeof( buf ) ) ); 389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 390 mbedtls_pk_verify( &pk, 391 MBEDTLS_MD_NONE, 392 NULL, sizeof( buf ), 393 buf, sizeof( buf ) ) ); 394 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 395 mbedtls_pk_verify( &pk, 396 valid_md, 397 NULL, 0, 398 buf, sizeof( buf ) ) ); 399 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 400 mbedtls_pk_verify( &pk, 401 MBEDTLS_MD_NONE, 402 buf, sizeof( buf ), 403 NULL, sizeof( buf ) ) ); 404 405 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 406 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 407 NULL, 408 MBEDTLS_MD_NONE, 409 buf, sizeof( buf ), 410 buf, sizeof( buf ) ) ); 411 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 412 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 413 &pk, 414 MBEDTLS_MD_NONE, 415 NULL, sizeof( buf ), 416 buf, sizeof( buf ) ) ); 417 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 418 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 419 &pk, 420 valid_md, 421 NULL, 0, 422 buf, sizeof( buf ) ) ); 423 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 424 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, 425 &pk, 426 MBEDTLS_MD_NONE, 427 buf, sizeof( buf ), 428 NULL, sizeof( buf ) ) ); 429 430 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 431 mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), 432 buf, &len, mbedtls_test_rnd_std_rand, 433 NULL, NULL ) ); 434 435 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 436 mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), 437 buf, &len, mbedtls_test_rnd_std_rand, 438 NULL, NULL ) ); 439 440 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 441 mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, 442 mbedtls_test_rnd_std_rand, NULL, NULL ) ); 443 444 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 445 mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), 446 NULL, &len, mbedtls_test_rnd_std_rand, 447 NULL, NULL ) ); 448 449 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 450 mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), 451 buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); 452 453 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 454 mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), 455 buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); 456 457 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 458 mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, 459 mbedtls_test_rnd_std_rand, NULL ) ); 460 461 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 462 mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, 463 mbedtls_test_rnd_std_rand, NULL ) ); 464 465 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 466 mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), 467 mbedtls_test_rnd_std_rand, NULL ) ); 468 469 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 470 mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), 471 mbedtls_test_rnd_std_rand, NULL ) ); 472 473 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 474 mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), 475 mbedtls_test_rnd_std_rand, NULL ) ); 476 477 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 478 mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), 479 mbedtls_test_rnd_std_rand, NULL ) ); 480 481 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 482 mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), 483 mbedtls_test_rnd_std_rand, NULL ) ); 484 485 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 486 mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), 487 mbedtls_test_rnd_std_rand, NULL ) ); 488 489 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 490 mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), 491 mbedtls_test_rnd_std_rand, NULL ) ); 492 493 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 494 mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), 495 mbedtls_test_rnd_std_rand, NULL ) ); 496 497 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 498 mbedtls_pk_check_pair( NULL, &pk ) ); 499 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 500 mbedtls_pk_check_pair( &pk, NULL ) ); 501 502 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 503 mbedtls_pk_debug( NULL, NULL ) ); 504 505#if defined(MBEDTLS_PK_PARSE_C) 506#if defined(MBEDTLS_FS_IO) 507 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 508 mbedtls_pk_load_file( NULL, &p, &len ) ); 509 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 510 mbedtls_pk_load_file( str, NULL, &len ) ); 511 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 512 mbedtls_pk_load_file( str, &p, NULL ) ); 513 514 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 515 mbedtls_pk_parse_keyfile( NULL, str, NULL ) ); 516 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 517 mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) ); 518 519 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 520 mbedtls_pk_parse_public_keyfile( NULL, str ) ); 521 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 522 mbedtls_pk_parse_public_keyfile( &pk, NULL ) ); 523#endif 524 525 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 526 mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) ); 527 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 528 mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) ); 529 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 530 mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) ); 531 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 532 mbedtls_pk_parse_subpubkey( &p, buf, NULL ) ); 533 534 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 535 mbedtls_pk_parse_key( NULL, 536 buf, sizeof( buf ), 537 buf, sizeof( buf ) ) ); 538 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 539 mbedtls_pk_parse_key( &pk, 540 NULL, sizeof( buf ), 541 buf, sizeof( buf ) ) ); 542 543 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 544 mbedtls_pk_parse_public_key( NULL, 545 buf, sizeof( buf ) ) ); 546 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 547 mbedtls_pk_parse_public_key( &pk, 548 NULL, sizeof( buf ) ) ); 549#endif /* MBEDTLS_PK_PARSE_C */ 550 551#if defined(MBEDTLS_PK_WRITE_C) 552 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 553 mbedtls_pk_write_pubkey( NULL, p, &pk ) ); 554 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 555 mbedtls_pk_write_pubkey( &null_buf, p, &pk ) ); 556 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 557 mbedtls_pk_write_pubkey( &p, NULL, &pk ) ); 558 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 559 mbedtls_pk_write_pubkey( &p, p, NULL ) ); 560 561 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 562 mbedtls_pk_write_pubkey_der( NULL, 563 buf, sizeof( buf ) ) ); 564 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 565 mbedtls_pk_write_pubkey_der( &pk, 566 NULL, sizeof( buf ) ) ); 567 568 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 569 mbedtls_pk_write_key_der( NULL, 570 buf, sizeof( buf ) ) ); 571 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 572 mbedtls_pk_write_key_der( &pk, 573 NULL, sizeof( buf ) ) ); 574 575#if defined(MBEDTLS_PEM_WRITE_C) 576 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 577 mbedtls_pk_write_pubkey_pem( NULL, 578 buf, sizeof( buf ) ) ); 579 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 580 mbedtls_pk_write_pubkey_pem( &pk, 581 NULL, sizeof( buf ) ) ); 582 583 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 584 mbedtls_pk_write_key_pem( NULL, 585 buf, sizeof( buf ) ) ); 586 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, 587 mbedtls_pk_write_key_pem( &pk, 588 NULL, sizeof( buf ) ) ); 589#endif /* MBEDTLS_PEM_WRITE_C */ 590 591#endif /* MBEDTLS_PK_WRITE_C */ 592} 593/* END_CASE */ 594 595/* BEGIN_CASE */ 596void pk_utils( int type, int parameter, int bitlen, int len, char * name ) 597{ 598 mbedtls_pk_context pk; 599 600 mbedtls_pk_init( &pk ); 601 602 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 603 TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); 604 605 TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type ); 606 TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) ); 607 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) bitlen ); 608 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len ); 609 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 ); 610 611exit: 612 mbedtls_pk_free( &pk ); 613} 614/* END_CASE */ 615 616/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 617void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) 618{ 619 mbedtls_pk_context pub, prv, alt; 620 621 mbedtls_pk_init( &pub ); 622 mbedtls_pk_init( &prv ); 623 mbedtls_pk_init( &alt ); 624 625 TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); 626 TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); 627 628 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret ); 629 630#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 631 if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) 632 { 633 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), 634 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 635 mbedtls_rsa_key_len_func ) == 0 ); 636 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); 637 } 638#endif 639 640 mbedtls_pk_free( &pub ); 641 mbedtls_pk_free( &prv ); 642 mbedtls_pk_free( &alt ); 643} 644/* END_CASE */ 645 646/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 647void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, 648 int radix_N, char * input_N, int radix_E, 649 char * input_E, data_t * result_str, 650 int result ) 651{ 652 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 653 mbedtls_rsa_context *rsa; 654 mbedtls_pk_context pk; 655 mbedtls_pk_restart_ctx *rs_ctx = NULL; 656#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 657 mbedtls_pk_restart_ctx ctx; 658 659 rs_ctx = &ctx; 660 mbedtls_pk_restart_init( rs_ctx ); 661 // this setting would ensure restart would happen if ECC was used 662 mbedtls_ecp_set_max_ops( 1 ); 663#endif 664 665 mbedtls_pk_init( &pk ); 666 667 memset( hash_result, 0x00, MBEDTLS_MD_MAX_SIZE ); 668 669 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 670 rsa = mbedtls_pk_rsa( pk ); 671 672 rsa->len = mod / 8; 673 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); 674 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); 675 676 677 if( mbedtls_md_info_from_type( digest ) != NULL ) 678 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 679 680 TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, 681 result_str->x, mbedtls_pk_get_len( &pk ) ) == result ); 682 683 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0, 684 result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result ); 685 686exit: 687#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 688 mbedtls_pk_restart_free( rs_ctx ); 689#endif 690 mbedtls_pk_free( &pk ); 691} 692/* END_CASE */ 693 694/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 695void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, 696 int mod, int radix_N, char * input_N, 697 int radix_E, char * input_E, 698 data_t * result_str, int pk_type, 699 int mgf1_hash_id, int salt_len, int result ) 700{ 701 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 702 mbedtls_rsa_context *rsa; 703 mbedtls_pk_context pk; 704 mbedtls_pk_rsassa_pss_options pss_opts; 705 void *options; 706 size_t hash_len; 707 708 mbedtls_pk_init( &pk ); 709 710 memset( hash_result, 0x00, sizeof( hash_result ) ); 711 712 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 713 rsa = mbedtls_pk_rsa( pk ); 714 715 rsa->len = mod / 8; 716 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); 717 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); 718 719 720 if( digest != MBEDTLS_MD_NONE ) 721 { 722 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), 723 message_str->x, message_str->len, hash_result ) == 0 ); 724 hash_len = 0; 725 } 726 else 727 { 728 memcpy( hash_result, message_str->x, message_str->len ); 729 hash_len = message_str->len; 730 } 731 732 if( mgf1_hash_id < 0 ) 733 { 734 options = NULL; 735 } 736 else 737 { 738 options = &pss_opts; 739 740 pss_opts.mgf1_hash_id = mgf1_hash_id; 741 pss_opts.expected_salt_len = salt_len; 742 } 743 744 TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk, 745 digest, hash_result, hash_len, 746 result_str->x, mbedtls_pk_get_len( &pk ) ) == result ); 747 748exit: 749 mbedtls_pk_free( &pk ); 750} 751/* END_CASE */ 752 753/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */ 754void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash, 755 data_t * sig, int ret ) 756{ 757 mbedtls_pk_context pk; 758 mbedtls_ecp_keypair *eckey; 759 760 mbedtls_pk_init( &pk ); 761 USE_PSA_INIT( ); 762 763 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 764 765 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) ); 766 eckey = mbedtls_pk_ec( pk ); 767 768 TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 ); 769 TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q, 770 key->x, key->len ) == 0 ); 771 772 // MBEDTLS_MD_NONE is used since it will be ignored. 773 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, 774 hash->x, hash->len, sig->x, sig->len ) == ret ); 775 776exit: 777 mbedtls_pk_free( &pk ); 778 USE_PSA_DONE( ); 779} 780/* END_CASE */ 781 782/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ 783void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, 784 char *QX_str, char *QY_str, 785 int md_alg, char *msg, data_t *sig_check, 786 int max_ops, int min_restart, int max_restart ) 787{ 788 int ret, cnt_restart; 789 mbedtls_pk_restart_ctx rs_ctx; 790 mbedtls_pk_context prv, pub; 791 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 792 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 793 size_t hlen, slen; 794 const mbedtls_md_info_t *md_info; 795 796 mbedtls_pk_restart_init( &rs_ctx ); 797 mbedtls_pk_init( &prv ); 798 mbedtls_pk_init( &pub ); 799 memset( hash, 0, sizeof( hash ) ); 800 memset( sig, 0, sizeof( sig ) ); 801 802 TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); 803 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); 804 TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 ); 805 806 TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); 807 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); 808 TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); 809 810 md_info = mbedtls_md_info_from_type( md_alg ); 811 TEST_ASSERT( md_info != NULL ); 812 813 hlen = mbedtls_md_get_size( md_info ); 814 TEST_ASSERT( mbedtls_md( md_info, 815 (const unsigned char *) msg, strlen( msg ), 816 hash ) == 0 ); 817 818 mbedtls_ecp_set_max_ops( max_ops ); 819 820 slen = sizeof( sig ); 821 cnt_restart = 0; 822 do { 823 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, 824 sig, &slen, NULL, NULL, &rs_ctx ); 825 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 826 827 TEST_ASSERT( ret == 0 ); 828 TEST_ASSERT( slen == sig_check->len ); 829 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); 830 831 TEST_ASSERT( cnt_restart >= min_restart ); 832 TEST_ASSERT( cnt_restart <= max_restart ); 833 834 cnt_restart = 0; 835 do { 836 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 837 hash, hlen, sig, slen, &rs_ctx ); 838 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 839 840 TEST_ASSERT( ret == 0 ); 841 TEST_ASSERT( cnt_restart >= min_restart ); 842 TEST_ASSERT( cnt_restart <= max_restart ); 843 844 hash[0]++; 845 do { 846 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 847 hash, hlen, sig, slen, &rs_ctx ); 848 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 849 TEST_ASSERT( ret != 0 ); 850 hash[0]--; 851 852 sig[0]++; 853 do { 854 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 855 hash, hlen, sig, slen, &rs_ctx ); 856 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 857 TEST_ASSERT( ret != 0 ); 858 sig[0]--; 859 860 /* Do we leak memory when aborting? try verify then sign 861 * This test only makes sense when we actually restart */ 862 if( min_restart > 0 ) 863 { 864 ret = mbedtls_pk_verify_restartable( &pub, md_alg, 865 hash, hlen, sig, slen, &rs_ctx ); 866 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 867 mbedtls_pk_restart_free( &rs_ctx ); 868 869 slen = sizeof( sig ); 870 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, 871 sig, &slen, NULL, NULL, &rs_ctx ); 872 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 873 } 874 875exit: 876 mbedtls_pk_restart_free( &rs_ctx ); 877 mbedtls_pk_free( &prv ); 878 mbedtls_pk_free( &pub ); 879} 880/* END_CASE */ 881 882/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 883void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) 884{ 885 mbedtls_pk_context pk; 886 size_t sig_len, hash_len; 887 mbedtls_md_type_t md = MBEDTLS_MD_SHA256; 888 unsigned char *hash = NULL; 889 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 890 void *rs_ctx = NULL; 891#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 892 mbedtls_pk_restart_ctx ctx; 893 894 rs_ctx = &ctx; 895 mbedtls_pk_restart_init( rs_ctx ); 896 /* This value is large enough that the operation will complete in one run. 897 * See comments at the top of ecp_test_vect_restart in 898 * test_suite_ecp.function for estimates of operation counts. */ 899 mbedtls_ecp_set_max_ops( 42000 ); 900#endif 901 902 hash_len = mbedtls_md_get_size( mbedtls_md_info_from_type( md ) ); 903 ASSERT_ALLOC( hash, hash_len ); 904 905 mbedtls_pk_init( &pk ); 906 USE_PSA_INIT( ); 907 908 memset( hash, 0x2a, hash_len ); 909 memset( sig, 0, sizeof sig ); 910 911 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 912 TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); 913 914 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, md, 915 hash, hash_len, sig, &sig_len, 916 mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret ); 917 if( sign_ret == 0 ) 918 TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); 919 else 920 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 921 922 TEST_ASSERT( mbedtls_pk_verify( &pk, md, 923 hash, hash_len, sig, sig_len ) == verify_ret ); 924 925 if( verify_ret == 0 ) 926 { 927 hash[0]++; 928 TEST_ASSERT( mbedtls_pk_verify( &pk, md, 929 hash, hash_len, sig, sig_len ) != 0 ); 930 hash[0]--; 931 932 sig[0]++; 933 TEST_ASSERT( mbedtls_pk_verify( &pk, md, 934 hash, hash_len, sig, sig_len ) != 0 ); 935 sig[0]--; 936 } 937 938 TEST_ASSERT( mbedtls_pk_sign( &pk, md, hash, hash_len, 939 sig, &sig_len, 940 mbedtls_test_rnd_std_rand, 941 NULL ) == sign_ret ); 942 if( sign_ret == 0 ) 943 TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); 944 else 945 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 946 947 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md, 948 hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret ); 949 950 if( verify_ret == 0 ) 951 { 952 hash[0]++; 953 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md, 954 hash, hash_len, sig, sig_len, rs_ctx ) != 0 ); 955 hash[0]--; 956 957 sig[0]++; 958 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md, 959 hash, hash_len, sig, sig_len, rs_ctx ) != 0 ); 960 sig[0]--; 961 } 962 963exit: 964#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 965 mbedtls_pk_restart_free( rs_ctx ); 966#endif 967 mbedtls_pk_free( &pk ); 968 mbedtls_free( hash ); 969 USE_PSA_DONE( ); 970} 971/* END_CASE */ 972 973/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 974void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, 975 char * input_N, int radix_E, char * input_E, 976 data_t * result, int ret ) 977{ 978 unsigned char output[300]; 979 mbedtls_test_rnd_pseudo_info rnd_info; 980 mbedtls_rsa_context *rsa; 981 mbedtls_pk_context pk; 982 size_t olen; 983 984 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 985 memset( output, 0, sizeof( output ) ); 986 987 988 mbedtls_pk_init( &pk ); 989 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 990 rsa = mbedtls_pk_rsa( pk ); 991 992 rsa->len = mod / 8; 993 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); 994 TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); 995 996 TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, 997 output, &olen, sizeof( output ), 998 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 999 TEST_ASSERT( olen == result->len ); 1000 TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); 1001 1002exit: 1003 mbedtls_pk_free( &pk ); 1004} 1005/* END_CASE */ 1006 1007/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1008void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, 1009 char * input_P, int radix_Q, char * input_Q, 1010 int radix_N, char * input_N, int radix_E, 1011 char * input_E, data_t * clear, int ret ) 1012{ 1013 unsigned char output[256]; 1014 mbedtls_test_rnd_pseudo_info rnd_info; 1015 mbedtls_mpi N, P, Q, E; 1016 mbedtls_rsa_context *rsa; 1017 mbedtls_pk_context pk; 1018 size_t olen; 1019 1020 mbedtls_pk_init( &pk ); 1021 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 1022 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 1023 1024 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 1025 1026 1027 /* init pk-rsa context */ 1028 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1029 rsa = mbedtls_pk_rsa( pk ); 1030 1031 /* load public key */ 1032 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1033 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1034 1035 /* load private key */ 1036 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 1037 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 1038 TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); 1039 TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); 1040 TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); 1041 1042 /* decryption test */ 1043 memset( output, 0, sizeof( output ) ); 1044 olen = 0; 1045 TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, 1046 output, &olen, sizeof( output ), 1047 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 1048 if( ret == 0 ) 1049 { 1050 TEST_ASSERT( olen == clear->len ); 1051 TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 ); 1052 } 1053 1054exit: 1055 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 1056 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 1057 mbedtls_pk_free( &pk ); 1058} 1059/* END_CASE */ 1060 1061/* BEGIN_CASE */ 1062void pk_ec_nocrypt( int type ) 1063{ 1064 mbedtls_pk_context pk; 1065 unsigned char output[100]; 1066 unsigned char input[100]; 1067 mbedtls_test_rnd_pseudo_info rnd_info; 1068 size_t olen = 0; 1069 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1070 1071 mbedtls_pk_init( &pk ); 1072 1073 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 1074 memset( output, 0, sizeof( output ) ); 1075 memset( input, 0, sizeof( input ) ); 1076 1077 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); 1078 1079 TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), 1080 output, &olen, sizeof( output ), 1081 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 1082 1083 TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), 1084 output, &olen, sizeof( output ), 1085 mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); 1086 1087exit: 1088 mbedtls_pk_free( &pk ); 1089} 1090/* END_CASE */ 1091 1092/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1093void pk_rsa_overflow( ) 1094{ 1095 mbedtls_pk_context pk; 1096 size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX; 1097 unsigned char hash[50], sig[100]; 1098 1099 if( SIZE_MAX <= UINT_MAX ) 1100 return; 1101 1102 memset( hash, 0x2a, sizeof hash ); 1103 memset( sig, 0, sizeof sig ); 1104 1105 mbedtls_pk_init( &pk ); 1106 1107 TEST_ASSERT( mbedtls_pk_setup( &pk, 1108 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1109 1110#if defined(MBEDTLS_PKCS1_V21) 1111 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk, 1112 MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == 1113 MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1114#endif /* MBEDTLS_PKCS1_V21 */ 1115 1116 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, 1117 sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1118 1119 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, 1120 &sig_len, mbedtls_test_rnd_std_rand, NULL ) 1121 == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1122 1123exit: 1124 mbedtls_pk_free( &pk ); 1125} 1126/* END_CASE */ 1127 1128/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 1129void pk_rsa_alt( ) 1130{ 1131 /* 1132 * An rsa_alt context can only do private operations (decrypt, sign). 1133 * Test it against the public operations (encrypt, verify) of a 1134 * corresponding rsa context. 1135 */ 1136 mbedtls_rsa_context raw; 1137 mbedtls_pk_context rsa, alt; 1138 mbedtls_pk_debug_item dbg_items[10]; 1139 unsigned char hash[50], sig[64]; 1140 unsigned char msg[50], ciph[64], test[50]; 1141 size_t sig_len, ciph_len, test_len; 1142 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1143 1144 mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); 1145 mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt ); 1146 1147 memset( hash, 0x2a, sizeof hash ); 1148 memset( sig, 0, sizeof sig ); 1149 memset( msg, 0x2a, sizeof msg ); 1150 memset( ciph, 0, sizeof ciph ); 1151 memset( test, 0, sizeof test ); 1152 1153 /* Initiliaze PK RSA context with random key */ 1154 TEST_ASSERT( mbedtls_pk_setup( &rsa, 1155 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); 1156 TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 ); 1157 1158 /* Extract key to the raw rsa context */ 1159 TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 ); 1160 1161 /* Initialize PK RSA_ALT context */ 1162 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw, 1163 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); 1164 1165 /* Test administrative functions */ 1166 TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) ); 1167 TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE ); 1168 TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN ); 1169 TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT ); 1170 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 ); 1171 1172 /* Test signature */ 1173#if SIZE_MAX > UINT_MAX 1174 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig, 1175 &sig_len, mbedtls_test_rnd_std_rand, NULL ) 1176 == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 1177#endif /* SIZE_MAX > UINT_MAX */ 1178 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, 1179 &sig_len, mbedtls_test_rnd_std_rand, NULL ) 1180 == 0 ); 1181 TEST_ASSERT( sig_len == RSA_KEY_LEN ); 1182 TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, 1183 hash, sizeof hash, sig, sig_len ) == 0 ); 1184 1185 /* Test decrypt */ 1186 TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg, 1187 ciph, &ciph_len, sizeof ciph, 1188 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1189 TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len, 1190 test, &test_len, sizeof test, 1191 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1192 TEST_ASSERT( test_len == sizeof msg ); 1193 TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); 1194 1195 /* Test forbidden operations */ 1196 TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg, 1197 ciph, &ciph_len, sizeof ciph, 1198 mbedtls_test_rnd_std_rand, NULL ) == ret ); 1199 TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE, 1200 hash, sizeof hash, sig, sig_len ) == ret ); 1201 TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret ); 1202 1203exit: 1204 mbedtls_rsa_free( &raw ); 1205 mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt ); 1206} 1207/* END_CASE */ 1208 1209/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ 1210void pk_psa_sign( int grpid_arg, 1211 int psa_curve_arg, int expected_bits_arg ) 1212{ 1213 mbedtls_ecp_group_id grpid = grpid_arg; 1214 mbedtls_pk_context pk; 1215 unsigned char hash[32]; 1216 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 1217 unsigned char pkey_legacy[200]; 1218 unsigned char pkey_psa[200]; 1219 unsigned char *pkey_legacy_start, *pkey_psa_start; 1220 size_t sig_len, klen_legacy, klen_psa; 1221 int ret; 1222 mbedtls_svc_key_id_t key_id; 1223 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1224 psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); 1225 size_t expected_bits = expected_bits_arg; 1226 1227 /* 1228 * This tests making signatures with a wrapped PSA key: 1229 * - generate a fresh ECP legacy PK context 1230 * - wrap it in a PK context and make a signature this way 1231 * - extract the public key 1232 * - parse it to a PK context and verify the signature this way 1233 */ 1234 1235 PSA_ASSERT( psa_crypto_init( ) ); 1236 1237 /* Create legacy EC public/private key in PK context. */ 1238 mbedtls_pk_init( &pk ); 1239 TEST_ASSERT( mbedtls_pk_setup( &pk, 1240 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); 1241 TEST_ASSERT( mbedtls_ecp_gen_key( grpid, 1242 (mbedtls_ecp_keypair*) pk.pk_ctx, 1243 mbedtls_test_rnd_std_rand, NULL ) == 0 ); 1244 1245 /* Export underlying public key for re-importing in a legacy context. */ 1246 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, 1247 sizeof( pkey_legacy ) ); 1248 TEST_ASSERT( ret >= 0 ); 1249 klen_legacy = (size_t) ret; 1250 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1251 pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; 1252 1253 /* Turn PK context into an opaque one. */ 1254 TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id, 1255 PSA_ALG_SHA_256 ) == 0 ); 1256 1257 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 1258 TEST_EQUAL( psa_get_key_type( &attributes ), expected_type ); 1259 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); 1260 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 1261 PSA_KEY_LIFETIME_VOLATILE ); 1262 1263 memset( hash, 0x2a, sizeof hash ); 1264 memset( sig, 0, sizeof sig ); 1265 1266 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, 1267 hash, sizeof hash, sig, &sig_len, 1268 NULL, NULL ) == 0 ); 1269 1270 /* Export underlying public key for re-importing in a psa context. */ 1271 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa, 1272 sizeof( pkey_psa ) ); 1273 TEST_ASSERT( ret >= 0 ); 1274 klen_psa = (size_t) ret; 1275 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1276 pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa; 1277 1278 TEST_ASSERT( klen_psa == klen_legacy ); 1279 TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); 1280 1281 mbedtls_pk_free( &pk ); 1282 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) ); 1283 1284 mbedtls_pk_init( &pk ); 1285 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, 1286 klen_legacy ) == 0 ); 1287 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, 1288 hash, sizeof hash, sig, sig_len ) == 0 ); 1289 1290exit: 1291 /* 1292 * Key attributes may have been returned by psa_get_key_attributes() 1293 * thus reset them as required. 1294 */ 1295 psa_reset_key_attributes( &attributes ); 1296 1297 mbedtls_pk_free( &pk ); 1298 USE_PSA_DONE( ); 1299} 1300/* END_CASE */ 1301
