1/* BEGIN_HEADER */ 2#include "mbedtls/pk.h" 3#include "mbedtls/pem.h" 4#include "mbedtls/oid.h" 5#include "mbedtls/ecp.h" 6#include "mbedtls/psa_util.h" 7#include "pk_internal.h" 8 9#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 10#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der 11#endif 12 13/* END_HEADER */ 14 15/* BEGIN_DEPENDENCIES 16 * depends_on:MBEDTLS_PK_PARSE_C 17 * END_DEPENDENCIES 18 */ 19 20/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ 21void pk_parse_keyfile_rsa(char *key_file, char *password, int result) 22{ 23 mbedtls_pk_context ctx; 24 int res; 25 char *pwd = password; 26 27 mbedtls_pk_init(&ctx); 28 MD_PSA_INIT(); 29 30 if (strcmp(pwd, "NULL") == 0) { 31 pwd = NULL; 32 } 33 34 res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd, 35 mbedtls_test_rnd_std_rand, NULL); 36 37 TEST_ASSERT(res == result); 38 39 if (res == 0) { 40 mbedtls_rsa_context *rsa; 41 TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); 42 rsa = mbedtls_pk_rsa(ctx); 43 TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0); 44 } 45 46exit: 47 mbedtls_pk_free(&ctx); 48 MD_PSA_DONE(); 49} 50 51/* END_CASE */ 52 53/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ 54void pk_parse_public_keyfile_rsa(char *key_file, int result) 55{ 56 mbedtls_pk_context ctx; 57 int res; 58 59 mbedtls_pk_init(&ctx); 60 MD_PSA_INIT(); 61 62 res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); 63 64 TEST_ASSERT(res == result); 65 66 if (res == 0) { 67 mbedtls_rsa_context *rsa; 68 TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); 69 rsa = mbedtls_pk_rsa(ctx); 70 TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0); 71 } 72 73exit: 74 mbedtls_pk_free(&ctx); 75 MD_PSA_DONE(); 76} 77/* END_CASE */ 78 79/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ 80void pk_parse_public_keyfile_ec(char *key_file, int result) 81{ 82 mbedtls_pk_context ctx; 83 int res; 84 85 mbedtls_pk_init(&ctx); 86 USE_PSA_INIT(); 87 88 res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); 89 90 TEST_ASSERT(res == result); 91 92 if (res == 0) { 93 TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); 94#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 95 /* No need to check whether the parsed public point is on the curve or 96 * not because this is already done by the internal "pk_get_ecpubkey()" 97 * function */ 98#else 99 const mbedtls_ecp_keypair *eckey; 100 eckey = mbedtls_pk_ec_ro(ctx); 101 TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0); 102#endif 103 } 104 105exit: 106 mbedtls_pk_free(&ctx); 107 USE_PSA_DONE(); 108} 109/* END_CASE */ 110 111/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ 112void pk_parse_keyfile_ec(char *key_file, char *password, int result) 113{ 114 mbedtls_pk_context ctx; 115 int res; 116 117 mbedtls_pk_init(&ctx); 118 USE_PSA_INIT(); 119 120 res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, 121 mbedtls_test_rnd_std_rand, NULL); 122 123 TEST_ASSERT(res == result); 124 125 if (res == 0) { 126 TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); 127#if defined(MBEDTLS_ECP_C) 128 const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); 129 TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); 130#else 131 /* PSA keys are already checked on import so nothing to do here. */ 132#endif 133 } 134 135exit: 136 mbedtls_pk_free(&ctx); 137 USE_PSA_DONE(); 138} 139/* END_CASE */ 140 141/* BEGIN_CASE */ 142void pk_parse_key(data_t *buf, int result) 143{ 144 mbedtls_pk_context pk; 145 146 mbedtls_pk_init(&pk); 147 USE_PSA_INIT(); 148 149 TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0, 150 mbedtls_test_rnd_std_rand, NULL) == result); 151 152exit: 153 mbedtls_pk_free(&pk); 154 USE_PSA_DONE(); 155} 156/* END_CASE */ 157 158/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */ 159void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result) 160{ 161 mbedtls_pk_context pk; 162 163 mbedtls_pk_init(&pk); 164 USE_PSA_INIT(); 165 166 TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len, 167 pass->x, pass->len, 168 mbedtls_test_rnd_std_rand, 169 NULL), result); 170exit: 171 mbedtls_pk_free(&pk); 172 USE_PSA_DONE(); 173} 174/* END_CASE */ 175 176/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */ 177void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) 178{ 179 /* Montgomery keys have specific bits set to either 0 or 1 depending on 180 * their position. This is enforced during parsing (please see the implementation 181 * of mbedtls_ecp_read_key() for more details). The scope of this function 182 * is to verify this enforcing by feeding the parse algorithm with a x25519 183 * key which does not have those bits set properly. */ 184 mbedtls_pk_context pk; 185 unsigned char *output_key = NULL; 186 size_t output_key_len = 0; 187 188 mbedtls_pk_init(&pk); 189 USE_PSA_INIT(); 190 191 TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0, 192 mbedtls_test_rnd_std_rand, NULL), 0); 193 194 output_key_len = input_key->len; 195 TEST_CALLOC(output_key, output_key_len); 196 /* output_key_len is updated with the real amount of data written to 197 * output_key buffer. */ 198 output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); 199 TEST_ASSERT(output_key_len > 0); 200 201 TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); 202 203exit: 204 if (output_key != NULL) { 205 mbedtls_free(output_key); 206 } 207 mbedtls_pk_free(&pk); 208 USE_PSA_DONE(); 209} 210/* END_CASE */ 211