Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 7bd93c7..0e30be4 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -40,6 +40,8 @@
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
+#include "test/random.h"
+
#include <string.h>
#endif
@@ -181,7 +183,8 @@
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
+ ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
+ mbedtls_test_rnd_std_rand, NULL );
if( ret != 0 )
{
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 4b65262..c7f9741 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -39,6 +39,8 @@
#include "mbedtls/pk.h"
#include "mbedtls/error.h"
+#include "test/random.h"
+
#include <stdio.h>
#include <string.h>
#endif
@@ -292,8 +294,8 @@
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
-
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
+ mbedtls_test_rnd_std_rand, NULL );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 810d6fb..e01f5d5 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -106,7 +106,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 451e3de..422fa25 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -101,7 +101,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 26056dd..bbbe0a9 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -102,7 +102,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );