TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5386f6ba071a36e105b52cd5c6dc3efbc07633c0 / . / tests / suites / test_suite_pk.function
blob: fbb69073e573dd84b72e25820ca8c97f123f59c1 [file] [log] [blame]
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/pk.h"
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]3
Manuel Pégourié-Gonnard7c13d692014-11-12 00:01:34 +0100[diff] [blame]4/* For error codes */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]5#include "mbedtls/asn1.h"
6#include "mbedtls/base64.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]7#include "mbedtls/ecp.h"
8#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnard7c13d692014-11-12 00:01:34 +0100[diff] [blame]9
Andres Amaya Garcia7ea67272017-05-08 11:15:49 +0100[diff] [blame]10#include <limits.h>
Andres Amaya Garcia6ff067d2017-06-09 14:26:59 +0100[diff] [blame]11#include <stdint.h>
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]12
Gilles Peskine952f4092019-05-23 20:25:48 +0200[diff] [blame]13#if defined(MBEDTLS_USE_PSA_CRYPTO)
14#include "mbedtls/psa_util.h"
Gilles Peskine1838e822019-06-20 12:40:56 +0200[diff] [blame]15#include "psa_crypto_helpers.h"
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]16#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
17#else
18/* Define empty macros so that we can use them in the preamble and teardown
19 * of every test function that uses PSA conditionally based on
20 * MBEDTLS_USE_PSA_CRYPTO. */
21#define PSA_INIT( ) ( (void) 0 )
22#define PSA_DONE( ) ( (void) 0 )
Gilles Peskine952f4092019-05-23 20:25:48 +0200[diff] [blame]23#endif
24
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]25static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
26
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]27#define RSA_KEY_SIZE 512
28#define RSA_KEY_LEN 64
29
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30static int pk_genkey( mbedtls_pk_context *pk )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]31{
Paul Bakkera5320902013-12-19 17:29:52 +0100[diff] [blame]32 ((void) pk);
33
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]34#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
35 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
36 return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]37#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]38#if defined(MBEDTLS_ECP_C)
39 if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
40 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
41 mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]42 {
43 int ret;
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]44 if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]45 MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]46 return( ret );
47
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48 return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
49 &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]50 }
51#endif
52 return( -1 );
53}
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]54
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]55#if defined(MBEDTLS_RSA_C)
56int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]57 const unsigned char *input, unsigned char *output,
58 size_t output_max_len )
59{
Hanno Becker6ac972d2017-09-07 10:57:48 +0100[diff] [blame]60 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
61 rnd_std_rand, NULL, mode, olen,
62 input, output, output_max_len ) );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]63}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64int mbedtls_rsa_sign_func( void *ctx,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]65 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]67 const unsigned char *hash, unsigned char *sig )
68{
Hanno Beckera5400682017-05-03 16:43:15 +0100[diff] [blame]69 ((void) f_rng);
70 ((void) p_rng);
71 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]72 md_alg, hashlen, hash, sig ) );
73}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]74size_t mbedtls_rsa_key_len_func( void *ctx )
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]75{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 return( ((const mbedtls_rsa_context *) ctx)->len );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]77}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78#endif /* MBEDTLS_RSA_C */
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]79
80#if defined(MBEDTLS_USE_PSA_CRYPTO)
81
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]82/*
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]83 * Generate a key using PSA and return a handle to that key,
84 * or 0 if the key generation failed.
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]85 * The key uses NIST P-256 and is usable for signing with SHA-256.
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]86 */
Andrzej Kurek2349c4d2019-01-08 09:36:01 -0500[diff] [blame]87psa_key_handle_t pk_psa_genkey( void )
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]88{
Andrzej Kurek2349c4d2019-01-08 09:36:01 -0500[diff] [blame]89 psa_key_handle_t key;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]90 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]91 const int curve = PSA_ECC_CURVE_SECP256R1;
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200[diff] [blame]92 const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve);
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]93 const size_t bits = 256;
94
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]95 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
96 psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
97 psa_set_key_type( &attributes, type );
98 psa_set_key_bits( &attributes, bits );
99 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]100
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]101exit:
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]102 return( key );
103}
104#endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]105/* END_HEADER */
106
107/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]108 * depends_on:MBEDTLS_PK_C
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]109 * END_DEPENDENCIES
110 */
111
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]112/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]113void pk_psa_utils( )
114{
Manuel Pégourié-Gonnardd97390e2018-10-31 11:14:36 +0100[diff] [blame]115 mbedtls_pk_context pk, pk2;
Andrzej Kurek2349c4d2019-01-08 09:36:01 -0500[diff] [blame]116 psa_key_handle_t key;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]117 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]118
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]119 const char * const name = "Opaque";
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]120 const size_t bitlen = 256; /* harcoded in genkey() */
121
Manuel Pégourié-Gonnardd97390e2018-10-31 11:14:36 +0100[diff] [blame]122 mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
123 unsigned char b1[1], b2[1];
124 size_t len;
125 mbedtls_pk_debug_item dbg;
126
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]127 PSA_ASSERT( psa_crypto_init( ) );
Jaeden Amero3ea26872019-02-13 11:30:22 +0000[diff] [blame]128
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]129 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnardd97390e2018-10-31 11:14:36 +0100[diff] [blame]130 mbedtls_pk_init( &pk2 );
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]131
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]132 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) ==
Manuel Pégourié-Gonnard920c0632018-10-31 10:57:29 +0100[diff] [blame]133 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
134
135 mbedtls_pk_free( &pk );
136 mbedtls_pk_init( &pk );
137
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]138 key = pk_psa_genkey();
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]139 if( key == 0 )
140 goto exit;
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]141
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]142 TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]143
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]144 TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE );
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]145 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
146
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]147 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
148 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
149
Manuel Pégourié-Gonnard920c0632018-10-31 10:57:29 +0100[diff] [blame]150 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
151 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
152 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
153
Manuel Pégourié-Gonnardd97390e2018-10-31 11:14:36 +0100[diff] [blame]154 /* unsupported operations: verify, decrypt, encrypt */
155 TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
156 b1, sizeof( b1), b2, sizeof( b2 ) )
157 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
158 TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
159 b2, &len, sizeof( b2 ),
160 NULL, NULL )
161 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
162 TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
163 b2, &len, sizeof( b2 ),
164 NULL, NULL )
165 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
166
167 /* unsupported functions: check_pair, debug */
168 TEST_ASSERT( mbedtls_pk_setup( &pk2,
169 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
170 TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
171 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
172 TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
173 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
174
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]175 /* test that freeing the context does not destroy the key */
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]176 mbedtls_pk_free( &pk );
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]177 TEST_ASSERT( PSA_SUCCESS == psa_get_key_attributes( key, &attributes ) );
Manuel Pégourié-Gonnard01a12c42018-10-31 10:28:01 +0100[diff] [blame]178 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
179
180exit:
181 mbedtls_pk_free( &pk ); /* redundant except upon error */
Manuel Pégourié-Gonnardd97390e2018-10-31 11:14:36 +0100[diff] [blame]182 mbedtls_pk_free( &pk2 );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]183 PSA_DONE( );
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]184}
185/* END_CASE */
186
187
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]188/* BEGIN_CASE */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]189void valid_parameters( )
190{
191 mbedtls_pk_context pk;
192 unsigned char buf[1];
193 size_t len;
194 void *options = NULL;
195
196 mbedtls_pk_init( &pk );
197
198 TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
199
200#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
201 TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
202#endif
203
204 TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
205 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
206
207 /* In informational functions, we accept NULL where a context pointer
208 * is expected because that's what the library has done forever.
209 * We do not document that NULL is accepted, so we may wish to change
210 * the behavior in a future version. */
211 TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 );
212 TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 );
213 TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
214
215 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
216 MBEDTLS_MD_NONE,
217 NULL, 0,
218 buf, &len,
219 rnd_std_rand, NULL,
220 NULL ) ==
221 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
222
223 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
224 MBEDTLS_MD_NONE,
225 NULL, 0,
226 buf, &len,
227 rnd_std_rand, NULL,
228 NULL ) ==
229 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
230
231 TEST_ASSERT( mbedtls_pk_sign( &pk,
232 MBEDTLS_MD_NONE,
233 NULL, 0,
234 buf, &len,
235 rnd_std_rand, NULL ) ==
236 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
237
238 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
239 MBEDTLS_MD_NONE,
240 NULL, 0,
241 buf, sizeof( buf ),
242 NULL ) ==
243 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
244
245 TEST_ASSERT( mbedtls_pk_verify( &pk,
246 MBEDTLS_MD_NONE,
247 NULL, 0,
248 buf, sizeof( buf ) ) ==
249 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
250
251 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
252 &pk,
253 MBEDTLS_MD_NONE,
254 NULL, 0,
255 buf, sizeof( buf ) ) ==
256 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
257
258 TEST_ASSERT( mbedtls_pk_encrypt( &pk,
259 NULL, 0,
260 NULL, &len, 0,
261 rnd_std_rand, NULL ) ==
262 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
263
264 TEST_ASSERT( mbedtls_pk_decrypt( &pk,
265 NULL, 0,
266 NULL, &len, 0,
267 rnd_std_rand, NULL ) ==
268 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
269
270#if defined(MBEDTLS_PK_PARSE_C)
271 TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
272 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
273
274 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
275 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
276#endif /* MBEDTLS_PK_PARSE_C */
277}
278/* END_CASE */
279
280/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
281void valid_parameters_pkwrite( data_t *key_data )
282{
283 mbedtls_pk_context pk;
284
285 /* For the write tests to be effective, we need a valid key pair. */
286 mbedtls_pk_init( &pk );
287 TEST_ASSERT( mbedtls_pk_parse_key( &pk,
288 key_data->x, key_data->len,
289 NULL, 0 ) == 0 );
290
291 TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
292 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
293
294 TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) ==
295 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
296
297#if defined(MBEDTLS_PEM_WRITE_C)
298 TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) ==
299 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
300
301 TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) ==
302 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
303#endif /* MBEDTLS_PEM_WRITE_C */
304
305exit:
306 mbedtls_pk_free( &pk );
307}
308/* END_CASE */
309
310/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
311void invalid_parameters( )
312{
313 size_t len;
314 unsigned char *null_buf = NULL;
315 unsigned char buf[1];
316 unsigned char *p = buf;
317 char str[1] = {0};
318 mbedtls_pk_context pk;
319 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
320 void *options = buf;
321
322 (void) null_buf;
323 (void) p;
324 (void) str;
325
326 mbedtls_pk_init( &pk );
327
328 TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
329
330#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
331 TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
332#endif
333
334 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
335 mbedtls_pk_setup( NULL, NULL ) );
336
337#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
338 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
339 mbedtls_pk_setup_rsa_alt( NULL, buf,
340 NULL, NULL, NULL ) );
341#endif
342
343 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
344 mbedtls_pk_verify_restartable( NULL,
345 MBEDTLS_MD_NONE,
346 buf, sizeof( buf ),
347 buf, sizeof( buf ),
348 NULL ) );
349 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
350 mbedtls_pk_verify_restartable( &pk,
351 MBEDTLS_MD_NONE,
352 NULL, sizeof( buf ),
353 buf, sizeof( buf ),
354 NULL ) );
355 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
356 mbedtls_pk_verify_restartable( &pk,
357 valid_md,
358 NULL, 0,
359 buf, sizeof( buf ),
360 NULL ) );
361 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
362 mbedtls_pk_verify_restartable( &pk,
363 MBEDTLS_MD_NONE,
364 buf, sizeof( buf ),
365 NULL, sizeof( buf ),
366 NULL ) );
367
368 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
369 mbedtls_pk_verify( NULL,
370 MBEDTLS_MD_NONE,
371 buf, sizeof( buf ),
372 buf, sizeof( buf ) ) );
373 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
374 mbedtls_pk_verify( &pk,
375 MBEDTLS_MD_NONE,
376 NULL, sizeof( buf ),
377 buf, sizeof( buf ) ) );
378 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
379 mbedtls_pk_verify( &pk,
380 valid_md,
381 NULL, 0,
382 buf, sizeof( buf ) ) );
383 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
384 mbedtls_pk_verify( &pk,
385 MBEDTLS_MD_NONE,
386 buf, sizeof( buf ),
387 NULL, sizeof( buf ) ) );
388
389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
390 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
391 NULL,
392 MBEDTLS_MD_NONE,
393 buf, sizeof( buf ),
394 buf, sizeof( buf ) ) );
395 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
396 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
397 &pk,
398 MBEDTLS_MD_NONE,
399 NULL, sizeof( buf ),
400 buf, sizeof( buf ) ) );
401 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
402 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
403 &pk,
404 valid_md,
405 NULL, 0,
406 buf, sizeof( buf ) ) );
407 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
408 mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
409 &pk,
410 MBEDTLS_MD_NONE,
411 buf, sizeof( buf ),
412 NULL, sizeof( buf ) ) );
413
414 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
415 mbedtls_pk_sign_restartable( NULL,
416 MBEDTLS_MD_NONE,
417 buf, sizeof( buf ),
418 buf, &len,
419 rnd_std_rand, NULL,
420 NULL ) );
421 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
422 mbedtls_pk_sign_restartable( &pk,
423 MBEDTLS_MD_NONE,
424 NULL, sizeof( buf ),
425 buf, &len,
426 rnd_std_rand, NULL,
427 NULL ) );
428 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
429 mbedtls_pk_sign_restartable( &pk,
430 valid_md,
431 NULL, 0,
432 buf, &len,
433 rnd_std_rand, NULL,
434 NULL ) );
435 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
436 mbedtls_pk_sign_restartable( &pk,
437 MBEDTLS_MD_NONE,
438 buf, sizeof( buf ),
439 NULL, &len,
440 rnd_std_rand, NULL,
441 NULL ) );
442
443 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
444 mbedtls_pk_sign( NULL,
445 MBEDTLS_MD_NONE,
446 buf, sizeof( buf ),
447 buf, &len,
448 rnd_std_rand, NULL ) );
449 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
450 mbedtls_pk_sign( &pk,
451 MBEDTLS_MD_NONE,
452 NULL, sizeof( buf ),
453 buf, &len,
454 rnd_std_rand, NULL ) );
455 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
456 mbedtls_pk_sign( &pk,
457 valid_md,
458 NULL, 0,
459 buf, &len,
460 rnd_std_rand, NULL ) );
461 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
462 mbedtls_pk_sign( &pk,
463 MBEDTLS_MD_NONE,
464 buf, sizeof( buf ),
465 NULL, &len,
466 rnd_std_rand, NULL ) );
467
468 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
469 mbedtls_pk_decrypt( NULL,
470 buf, sizeof( buf ),
471 buf, &len, sizeof( buf ),
472 rnd_std_rand, NULL ) );
473 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
474 mbedtls_pk_decrypt( &pk,
475 NULL, sizeof( buf ),
476 buf, &len, sizeof( buf ),
477 rnd_std_rand, NULL ) );
478 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
479 mbedtls_pk_decrypt( &pk,
480 buf, sizeof( buf ),
481 NULL, &len, sizeof( buf ),
482 rnd_std_rand, NULL ) );
483 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
484 mbedtls_pk_decrypt( &pk,
485 buf, sizeof( buf ),
486 buf, NULL, sizeof( buf ),
487 rnd_std_rand, NULL ) );
488
489 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
490 mbedtls_pk_encrypt( NULL,
491 buf, sizeof( buf ),
492 buf, &len, sizeof( buf ),
493 rnd_std_rand, NULL ) );
494 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
495 mbedtls_pk_encrypt( &pk,
496 NULL, sizeof( buf ),
497 buf, &len, sizeof( buf ),
498 rnd_std_rand, NULL ) );
499 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
500 mbedtls_pk_encrypt( &pk,
501 buf, sizeof( buf ),
502 NULL, &len, sizeof( buf ),
503 rnd_std_rand, NULL ) );
504 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
505 mbedtls_pk_encrypt( &pk,
506 buf, sizeof( buf ),
507 buf, NULL, sizeof( buf ),
508 rnd_std_rand, NULL ) );
509
510 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
511 mbedtls_pk_check_pair( NULL, &pk ) );
512 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
513 mbedtls_pk_check_pair( &pk, NULL ) );
514
515 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
516 mbedtls_pk_debug( NULL, NULL ) );
517
518#if defined(MBEDTLS_PK_PARSE_C)
519#if defined(MBEDTLS_FS_IO)
520 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
521 mbedtls_pk_load_file( NULL, &p, &len ) );
522 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
523 mbedtls_pk_load_file( str, NULL, &len ) );
524 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
525 mbedtls_pk_load_file( str, &p, NULL ) );
526
527 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
528 mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
529 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
530 mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
531
532 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
533 mbedtls_pk_parse_public_keyfile( NULL, str ) );
534 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
535 mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
536#endif
537
538 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
539 mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
540 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
541 mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
542 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
543 mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
544 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
545 mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
546
547 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
548 mbedtls_pk_parse_key( NULL,
549 buf, sizeof( buf ),
550 buf, sizeof( buf ) ) );
551 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
552 mbedtls_pk_parse_key( &pk,
553 NULL, sizeof( buf ),
554 buf, sizeof( buf ) ) );
555
556 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
557 mbedtls_pk_parse_public_key( NULL,
558 buf, sizeof( buf ) ) );
559 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
560 mbedtls_pk_parse_public_key( &pk,
561 NULL, sizeof( buf ) ) );
562#endif /* MBEDTLS_PK_PARSE_C */
563
564#if defined(MBEDTLS_PK_WRITE_C)
565 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
566 mbedtls_pk_write_pubkey( NULL, p, &pk ) );
567 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
568 mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
569 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
570 mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
571 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
572 mbedtls_pk_write_pubkey( &p, p, NULL ) );
573
574 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
575 mbedtls_pk_write_pubkey_der( NULL,
576 buf, sizeof( buf ) ) );
577 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
578 mbedtls_pk_write_pubkey_der( &pk,
579 NULL, sizeof( buf ) ) );
580
581 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
582 mbedtls_pk_write_key_der( NULL,
583 buf, sizeof( buf ) ) );
584 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
585 mbedtls_pk_write_key_der( &pk,
586 NULL, sizeof( buf ) ) );
587
588#if defined(MBEDTLS_PEM_WRITE_C)
589 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
590 mbedtls_pk_write_pubkey_pem( NULL,
591 buf, sizeof( buf ) ) );
592 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
593 mbedtls_pk_write_pubkey_pem( &pk,
594 NULL, sizeof( buf ) ) );
595
596 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
597 mbedtls_pk_write_key_pem( NULL,
598 buf, sizeof( buf ) ) );
599 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
600 mbedtls_pk_write_key_pem( &pk,
601 NULL, sizeof( buf ) ) );
602#endif /* MBEDTLS_PEM_WRITE_C */
603
604#endif /* MBEDTLS_PK_WRITE_C */
605}
606/* END_CASE */
607
608/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]609void pk_utils( int type, int size, int len, char * name )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]610{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]611 mbedtls_pk_context pk;
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]612
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]613 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]614
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]615 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]616 TEST_ASSERT( pk_genkey( &pk ) == 0 );
617
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]618 TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type );
619 TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) );
Manuel Pégourié-Gonnard097c7bb2015-06-18 16:43:38 +0200[diff] [blame]620 TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) size );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len );
622 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]623
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]624exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]626}
627/* END_CASE */
628
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]629/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]630void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]631{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]632 mbedtls_pk_context pub, prv, alt;
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]633
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]634 mbedtls_pk_init( &pub );
635 mbedtls_pk_init( &prv );
636 mbedtls_pk_init( &alt );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]637
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]638 TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
639 TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]640
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]641 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]642
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]643#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
644 if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]645 {
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]646 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
Hanno Becker6ac972d2017-09-07 10:57:48 +0100[diff] [blame]647 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
648 mbedtls_rsa_key_len_func ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]649 TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]650 }
Manuel Pégourié-Gonnard7c13d692014-11-12 00:01:34 +0100[diff] [blame]651#endif
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]652
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]653 mbedtls_pk_free( &pub );
654 mbedtls_pk_free( &prv );
655 mbedtls_pk_free( &alt );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]656}
657/* END_CASE */
658
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]660void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]661 int radix_N, char * input_N, int radix_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]662 char * input_E, data_t * result_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]663 int result )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]664{
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]665 unsigned char hash_result[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]666 mbedtls_rsa_context *rsa;
667 mbedtls_pk_context pk;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]668 mbedtls_pk_restart_ctx *rs_ctx = NULL;
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]669#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]670 mbedtls_pk_restart_ctx ctx;
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]671
672 rs_ctx = &ctx;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]673 mbedtls_pk_restart_init( rs_ctx );
Manuel Pégourié-Gonnard4edb9cb2018-07-02 12:23:23 +0200[diff] [blame]674 // this setting would ensure restart would happen if ECC was used
675 mbedtls_ecp_set_max_ops( 1 );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]676#endif
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]677
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]679
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]680 memset( hash_result, 0x00, 1000 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]681
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]682 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]683 rsa = mbedtls_pk_rsa( pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]684
Paul Bakker42099c32014-01-27 11:45:49 +0100[diff] [blame]685 rsa->len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]686 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
687 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]688
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]689
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]690 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]691 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]692
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]693 TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]694 result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]695
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]696 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0,
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]697 result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]698
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]699exit:
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]700#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]701 mbedtls_pk_restart_free( rs_ctx );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]702#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]703 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]704}
705/* END_CASE */
706
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]707/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]708void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]709 int mod, int radix_N, char * input_N,
710 int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]711 data_t * result_str, int pk_type,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]712 int mgf1_hash_id, int salt_len, int result )
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]713{
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]714 unsigned char hash_result[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715 mbedtls_rsa_context *rsa;
716 mbedtls_pk_context pk;
717 mbedtls_pk_rsassa_pss_options pss_opts;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]718 void *options;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]719 size_t hash_len;
720
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]721 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]722
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]723 memset( hash_result, 0x00, 1000 );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]724
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]725 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]726 rsa = mbedtls_pk_rsa( pk );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]727
728 rsa->len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]729 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
730 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]731
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]732
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]733 if( digest != MBEDTLS_MD_NONE )
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]734 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]735 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]736 message_str->x, message_str->len, hash_result ) == 0 );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]737 hash_len = 0;
738 }
739 else
740 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]741 memcpy( hash_result, message_str->x, message_str->len );
742 hash_len = message_str->len;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]743 }
744
745 if( mgf1_hash_id < 0 )
746 {
747 options = NULL;
748 }
749 else
750 {
751 options = &pss_opts;
752
753 pss_opts.mgf1_hash_id = mgf1_hash_id;
754 pss_opts.expected_salt_len = salt_len;
755 }
756
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]757 TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]758 digest, hash_result, hash_len,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]759 result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]760
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]761exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]762 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]763}
764/* END_CASE */
765
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]766/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]767void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
768 data_t * sig, int ret )
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]769{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]770 mbedtls_pk_context pk;
771 mbedtls_ecp_keypair *eckey;
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]772
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773 mbedtls_pk_init( &pk );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]774 PSA_INIT( );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]775
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]776 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]777
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]778 TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) );
779 eckey = mbedtls_pk_ec( pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]780
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]781 TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]782 TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]783 key->x, key->len ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]784
Andrzej Kurekc05ec9f2018-11-08 05:04:53 -0500[diff] [blame]785 // MBEDTLS_MD_SHA1 is a dummy - it is ignored, but has to be other than MBEDTLS_MD_NONE.
786 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA1,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]787 hash->x, hash->len, sig->x, sig->len ) == ret );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]788
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]789exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]790 mbedtls_pk_free( &pk );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]791 PSA_DONE( );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]792}
793/* END_CASE */
794
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]795/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
796void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
797 char *QX_str, char *QY_str,
798 int md_alg, char *msg, char *sig_str,
799 int max_ops, int min_restart, int max_restart )
800{
801 int ret, cnt_restart;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]802 mbedtls_pk_restart_ctx rs_ctx;
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]803 mbedtls_pk_context prv, pub;
804 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
805 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
806 unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
807 size_t hlen, slen, slen_check;
808 const mbedtls_md_info_t *md_info;
809
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]810 mbedtls_pk_restart_init( &rs_ctx );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]811 mbedtls_pk_init( &prv );
812 mbedtls_pk_init( &pub );
813 memset( hash, 0, sizeof( hash ) );
814 memset( sig, 0, sizeof( sig ) );
815 memset( sig_check, 0, sizeof( sig_check ) );
816
817 TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
818 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
819 TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
820
821 TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
822 TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
823 TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
824
825 slen_check = unhexify( sig_check, sig_str );
826
827 md_info = mbedtls_md_info_from_type( md_alg );
828 TEST_ASSERT( md_info != NULL );
829
830 hlen = mbedtls_md_get_size( md_info );
831 mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
832
833 mbedtls_ecp_set_max_ops( max_ops );
834
835 slen = sizeof( sig );
836 cnt_restart = 0;
837 do {
838 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
839 sig, &slen, NULL, NULL, &rs_ctx );
840 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
841
842 TEST_ASSERT( ret == 0 );
843 TEST_ASSERT( slen == slen_check );
844 TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
845
846 TEST_ASSERT( cnt_restart >= min_restart );
847 TEST_ASSERT( cnt_restart <= max_restart );
848
849 cnt_restart = 0;
850 do {
851 ret = mbedtls_pk_verify_restartable( &pub, md_alg,
852 hash, hlen, sig, slen, &rs_ctx );
853 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
854
855 TEST_ASSERT( ret == 0 );
856 TEST_ASSERT( cnt_restart >= min_restart );
857 TEST_ASSERT( cnt_restart <= max_restart );
858
859 hash[0]++;
860 do {
861 ret = mbedtls_pk_verify_restartable( &pub, md_alg,
862 hash, hlen, sig, slen, &rs_ctx );
863 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
864 TEST_ASSERT( ret != 0 );
865 hash[0]--;
866
867 sig[0]++;
868 do {
869 ret = mbedtls_pk_verify_restartable( &pub, md_alg,
870 hash, hlen, sig, slen, &rs_ctx );
871 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
872 TEST_ASSERT( ret != 0 );
873 sig[0]--;
874
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]875 /* Do we leak memory when aborting? try verify then sign
876 * This test only makes sense when we actually restart */
877 if( min_restart > 0 )
878 {
879 ret = mbedtls_pk_verify_restartable( &pub, md_alg,
880 hash, hlen, sig, slen, &rs_ctx );
881 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
882 mbedtls_pk_restart_free( &rs_ctx );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]883
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]884 slen = sizeof( sig );
885 ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
886 sig, &slen, NULL, NULL, &rs_ctx );
887 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
888 }
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]889
890exit:
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]891 mbedtls_pk_restart_free( &rs_ctx );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]892 mbedtls_pk_free( &prv );
893 mbedtls_pk_free( &pub );
894}
895/* END_CASE */
896
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]897/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]898void pk_sign_verify( int type, int sign_ret, int verify_ret )
899{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]900 mbedtls_pk_context pk;
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]901 unsigned char hash[50], sig[5000];
902 size_t sig_len;
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]903 void *rs_ctx = NULL;
904#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]905 mbedtls_pk_restart_ctx ctx;
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]906
907 rs_ctx = &ctx;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]908 mbedtls_pk_restart_init( rs_ctx );
Manuel Pégourié-Gonnard4edb9cb2018-07-02 12:23:23 +0200[diff] [blame]909 /* This value is large enough that the operation will complete in one run.
910 * See comments at the top of ecp_test_vect_restart in
911 * test_suite_ecp.function for estimates of operation counts. */
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]912 mbedtls_ecp_set_max_ops( 42000 );
913#endif
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]914
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]915 mbedtls_pk_init( &pk );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]916 PSA_INIT( );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]917
918 memset( hash, 0x2a, sizeof hash );
919 memset( sig, 0, sizeof sig );
920
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]921 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]922 TEST_ASSERT( pk_genkey( &pk ) == 0 );
923
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]924 TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
925 hash, sizeof hash, sig, &sig_len,
926 rnd_std_rand, NULL, rs_ctx ) == sign_ret );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]927
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]928 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]929 hash, sizeof hash, sig, sig_len ) == verify_ret );
930
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]931 if( verify_ret == 0 )
932 {
933 hash[0]++;
934 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
935 hash, sizeof hash, sig, sig_len ) != 0 );
936 hash[0]--;
937
938 sig[0]++;
939 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
940 hash, sizeof hash, sig, sig_len ) != 0 );
941 sig[0]--;
942 }
943
944 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
945 sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
946
947 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
948 hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
949
950 if( verify_ret == 0 )
951 {
952 hash[0]++;
953 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
954 hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
955 hash[0]--;
956
957 sig[0]++;
958 TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
959 hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
960 sig[0]--;
961 }
962
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]963exit:
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]964#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]965 mbedtls_pk_restart_free( rs_ctx );
Manuel Pégourié-Gonnardc4ee9ac2017-05-08 10:09:36 +0200[diff] [blame]966#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]967 mbedtls_pk_free( &pk );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]968 PSA_DONE( );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200[diff] [blame]969}
970/* END_CASE */
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]971
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]972/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]973void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]974 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]975 data_t * result, int ret )
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]976{
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]977 unsigned char output[1000];
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]978 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]979 mbedtls_rsa_context *rsa;
980 mbedtls_pk_context pk;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]981 size_t olen;
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]982
983 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]984 memset( output, 0, sizeof( output ) );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]985
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]986
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]987 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]988 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]989 rsa = mbedtls_pk_rsa( pk );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]990
991 rsa->len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]992 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
993 TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]994
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]995 TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]996 output, &olen, sizeof( output ),
997 rnd_pseudo_rand, &rnd_info ) == ret );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]998 TEST_ASSERT( olen == result->len );
999 TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1000
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1001exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1002 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1003}
1004/* END_CASE */
1005
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1006/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1007void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1008 char * input_P, int radix_Q, char * input_Q,
1009 int radix_N, char * input_N, int radix_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1010 char * input_E, data_t * clear, int ret )
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1011{
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1012 unsigned char output[1000];
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1013 rnd_pseudo_info rnd_info;
Hanno Beckerd71dc152017-08-23 06:32:42 +0100[diff] [blame]1014 mbedtls_mpi N, P, Q, E;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1015 mbedtls_rsa_context *rsa;
1016 mbedtls_pk_context pk;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1017 size_t olen;
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1018
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1019 mbedtls_pk_init( &pk );
Hanno Beckerd71dc152017-08-23 06:32:42 +0100[diff] [blame]1020 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
1021 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1022
1023 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1024
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1025
1026 /* init pk-rsa context */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1027 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1028 rsa = mbedtls_pk_rsa( pk );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1029
1030 /* load public key */
Hanno Beckerd71dc152017-08-23 06:32:42 +0100[diff] [blame]1031 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1032 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1033
1034 /* load private key */
Hanno Beckerd71dc152017-08-23 06:32:42 +0100[diff] [blame]1035 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1036 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1037 TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
1038 TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1039 TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1040
1041 /* decryption test */
1042 memset( output, 0, sizeof( output ) );
1043 olen = 0;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1044 TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1045 output, &olen, sizeof( output ),
1046 rnd_pseudo_rand, &rnd_info ) == ret );
1047 if( ret == 0 )
1048 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1049 TEST_ASSERT( olen == clear->len );
1050 TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1051 }
1052
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1053exit:
Hanno Beckerd71dc152017-08-23 06:32:42 +0100[diff] [blame]1054 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
1055 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1056 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200[diff] [blame]1057}
1058/* END_CASE */
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1059
1060/* BEGIN_CASE */
1061void pk_ec_nocrypt( int type )
1062{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1063 mbedtls_pk_context pk;
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1064 unsigned char output[100];
1065 unsigned char input[100];
1066 rnd_pseudo_info rnd_info;
1067 size_t olen = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1068 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1069
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1070 mbedtls_pk_init( &pk );
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1071
1072 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
1073 memset( output, 0, sizeof( output ) );
1074 memset( input, 0, sizeof( input ) );
1075
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1076 TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1077
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1078 TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ),
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1079 output, &olen, sizeof( output ),
1080 rnd_pseudo_rand, &rnd_info ) == ret );
1081
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1082 TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ),
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1083 output, &olen, sizeof( output ),
1084 rnd_pseudo_rand, &rnd_info ) == ret );
1085
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1086exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1087 mbedtls_pk_free( &pk );
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200[diff] [blame]1088}
1089/* END_CASE */
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1090
Andres Amaya Garcia7ea67272017-05-08 11:15:49 +0100[diff] [blame]1091/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1092void pk_rsa_overflow( )
1093{
1094 mbedtls_pk_context pk;
itayzafrir693a1d92018-02-26 12:02:10 +0200[diff] [blame]1095 size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
1096 unsigned char hash[50], sig[100];
Andres Amaya Garcia7ea67272017-05-08 11:15:49 +0100[diff] [blame]1097
1098 if( SIZE_MAX <= UINT_MAX )
1099 return;
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1100
itayzafrir693a1d92018-02-26 12:02:10 +0200[diff] [blame]1101 memset( hash, 0x2a, sizeof hash );
1102 memset( sig, 0, sizeof sig );
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1103
1104 mbedtls_pk_init( &pk );
1105
1106 TEST_ASSERT( mbedtls_pk_setup( &pk,
1107 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
1108
1109#if defined(MBEDTLS_PKCS1_V21)
1110 TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
itayzafrir693a1d92018-02-26 12:02:10 +0200[diff] [blame]1111 MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1112 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1113#endif /* MBEDTLS_PKCS1_V21 */
1114
itayzafrir693a1d92018-02-26 12:02:10 +0200[diff] [blame]1115 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
1116 sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1117
itayzafrir693a1d92018-02-26 12:02:10 +0200[diff] [blame]1118 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1119 rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1120
1121exit:
1122 mbedtls_pk_free( &pk );
1123}
1124/* END_CASE */
1125
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1126/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1127void pk_rsa_alt( )
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1128{
1129 /*
1130 * An rsa_alt context can only do private operations (decrypt, sign).
1131 * Test it against the public operations (encrypt, verify) of a
1132 * corresponding rsa context.
1133 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1134 mbedtls_rsa_context raw;
1135 mbedtls_pk_context rsa, alt;
1136 mbedtls_pk_debug_item dbg_items[10];
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1137 unsigned char hash[50], sig[1000];
1138 unsigned char msg[50], ciph[1000], test[1000];
1139 size_t sig_len, ciph_len, test_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1140 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1141
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1142 mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
1143 mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1144
1145 memset( hash, 0x2a, sizeof hash );
1146 memset( sig, 0, sizeof sig );
1147 memset( msg, 0x2a, sizeof msg );
1148 memset( ciph, 0, sizeof ciph );
1149 memset( test, 0, sizeof test );
1150
1151 /* Initiliaze PK RSA context with random key */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1152 TEST_ASSERT( mbedtls_pk_setup( &rsa,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1153 mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1154 TEST_ASSERT( pk_genkey( &rsa ) == 0 );
1155
1156 /* Extract key to the raw rsa context */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1157 TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1158
1159 /* Initialize PK RSA_ALT context */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1160 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1161 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1162
1163 /* Test administrative functions */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1164 TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) );
Manuel Pégourié-Gonnard097c7bb2015-06-18 16:43:38 +0200[diff] [blame]1165 TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1166 TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN );
1167 TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT );
1168 TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1169
1170 /* Test signature */
Andres Amaya Garcia7ea67272017-05-08 11:15:49 +0100[diff] [blame]1171#if SIZE_MAX > UINT_MAX
1172 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
1173 sig, &sig_len, rnd_std_rand, NULL ) ==
Andres AG5c79d252017-02-15 10:52:32 +0000[diff] [blame]1174 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Andres Amaya Garcia7ea67272017-05-08 11:15:49 +0100[diff] [blame]1175#endif /* SIZE_MAX > UINT_MAX */
1176 TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
1177 sig, &sig_len, rnd_std_rand, NULL ) == 0 );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1178 TEST_ASSERT( sig_len == RSA_KEY_LEN );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1179 TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1180 hash, sizeof hash, sig, sig_len ) == 0 );
1181
1182 /* Test decrypt */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1183 TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1184 ciph, &ciph_len, sizeof ciph,
1185 rnd_std_rand, NULL ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1186 TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1187 test, &test_len, sizeof test,
1188 rnd_std_rand, NULL ) == 0 );
1189 TEST_ASSERT( test_len == sizeof msg );
1190 TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
1191
1192 /* Test forbidden operations */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1193 TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1194 ciph, &ciph_len, sizeof ciph,
1195 rnd_std_rand, NULL ) == ret );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1196 TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1197 hash, sizeof hash, sig, sig_len ) == ret );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1198 TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1199
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1200exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1201 mbedtls_rsa_free( &raw );
1202 mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200[diff] [blame]1203}
1204/* END_CASE */
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1205
1206/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
1207void pk_psa_sign( )
1208{
1209 mbedtls_pk_context pk;
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1210 unsigned char hash[50], sig[100], pkey_legacy[100], pkey_psa[100];
1211 unsigned char *pkey_legacy_start, *pkey_psa_start;
1212 size_t sig_len, klen_legacy, klen_psa;
1213 int ret;
1214 psa_key_handle_t handle;
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1215
1216 /*
1217 * This tests making signatures with a wrapped PSA key:
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1218 * - generate a fresh ECP legacy PK context
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1219 * - wrap it in a PK context and make a signature this way
1220 * - extract the public key
1221 * - parse it to a PK context and verify the signature this way
1222 */
1223
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]1224 PSA_ASSERT( psa_crypto_init( ) );
1225
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1226 /* Create legacy EC public/private key in PK context. */
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1227 mbedtls_pk_init( &pk );
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1228 TEST_ASSERT( mbedtls_pk_setup( &pk,
1229 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
1230 TEST_ASSERT( mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1,
1231 (mbedtls_ecp_keypair*) pk.pk_ctx,
1232 rnd_std_rand, NULL ) == 0 );
1233
1234 /* Export underlying public key for re-importing in a legacy context. */
1235 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
1236 sizeof( pkey_legacy ) );
1237 TEST_ASSERT( ret >= 0 );
1238 klen_legacy = (size_t) ret;
1239 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
1240 pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
1241
1242 /* Turn PK context into an opaque one. */
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1243 TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
1244 PSA_ALG_SHA_256 ) == 0 );
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1245
1246 memset( hash, 0x2a, sizeof hash );
1247 memset( sig, 0, sizeof sig );
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1248
1249 TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
1250 hash, sizeof hash, sig, &sig_len,
1251 NULL, NULL ) == 0 );
1252
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1253 /* Export underlying public key for re-importing in a psa context. */
1254 ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa,
1255 sizeof( pkey_psa ) );
1256 TEST_ASSERT( ret >= 0 );
1257 klen_psa = (size_t) ret;
1258 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
1259 pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa;
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1260
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1261 TEST_ASSERT( klen_psa == klen_legacy );
1262 TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
1263
1264 mbedtls_pk_free( &pk );
1265 TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1266
1267 mbedtls_pk_init( &pk );
Hanno Becker56104ea2019-02-01 11:48:19 +0000[diff] [blame]1268 TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
1269 klen_legacy ) == 0 );
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1270 TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
1271 hash, sizeof hash, sig, sig_len ) == 0 );
1272
1273exit:
1274 mbedtls_pk_free( &pk );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame^]1275 PSA_DONE( );
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]1276}
1277/* END_CASE */