test_suite_pk.function (106632B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/pk.h" 3 #include "mbedtls/psa_util.h" 4 #include "pk_internal.h" 5 6 /* For error codes */ 7 #include "mbedtls/asn1.h" 8 #include "mbedtls/base64.h" 9 #include "mbedtls/ecp.h" 10 #include "mbedtls/error.h" 11 #include "mbedtls/rsa.h" 12 #include "rsa_internal.h" 13 #include "pk_internal.h" 14 15 #include <limits.h> 16 #include <stdint.h> 17 18 /* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), 19 * but the test code generator requires test case data to be valid C code 20 * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ 21 #include "psa/crypto.h" 22 #include "mbedtls/psa_util.h" 23 24 #include "pkwrite.h" 25 26 #include <test/psa_exercise_key.h> 27 28 /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ 29 #include "pkwrite.h" 30 31 #if defined(MBEDTLS_RSA_C) || \ 32 defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ 33 defined(MBEDTLS_ECDSA_C) || \ 34 defined(MBEDTLS_USE_PSA_CRYPTO) 35 #define PK_CAN_SIGN_SOME 36 #endif 37 38 /* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: 39 * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. 40 * - The build has built-in ECC and ECDSA signature. 41 */ 42 #if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ 43 (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ 44 (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN)) 45 #define MBEDTLS_TEST_PK_PSA_SIGN 46 #endif 47 48 #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 49 /* Pick an elliptic curve that's supported by PSA. Note that the curve is 50 * not guaranteed to be supported by the ECP module. 51 * 52 * This should always find a curve if ECC is enabled in the build, except in 53 * one edge case: in a build with MBEDTLS_PSA_CRYPTO_CONFIG disabled and 54 * where the only legacy curve is secp224k1, which is not supported in PSA, 55 * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY ends up enabled but PSA does not 56 * support any curve. 57 */ 58 59 /* First try all the curves that can do both ECDSA and ECDH, then try 60 * the ECDH-only curves. (There are no curves that can do ECDSA but not ECDH.) 61 * This way, if ECDSA is enabled then the curve that's selected here will 62 * be ECDSA-capable, and likewise for ECDH. */ 63 #if defined(PSA_WANT_ECC_SECP_R1_192) 64 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 65 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 66 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 67 #elif defined(PSA_WANT_ECC_SECP_R1_256) 68 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 69 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 70 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 71 #elif defined(PSA_WANT_ECC_SECP_K1_192) 72 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 73 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 74 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 75 #elif defined(PSA_WANT_ECC_SECP_K1_256) 76 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 77 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 78 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 79 #elif defined(PSA_WANT_ECC_SECP_R1_224) 80 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 81 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 82 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 83 #elif defined(PSA_WANT_ECC_SECP_R1_384) 84 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 85 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 86 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 87 #elif defined(PSA_WANT_ECC_SECP_R1_521) 88 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 89 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 90 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 91 #elif defined(PSA_WANT_ECC_SECP_K1_224) 92 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 93 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 94 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 95 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) 96 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 97 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 98 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 99 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) 100 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 101 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 102 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 103 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) 104 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 105 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 512 106 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 107 #elif defined(PSA_WANT_ECC_MONTGOMERY_255) 108 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY 109 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 255 110 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 111 #elif defined(PSA_WANT_ECC_MONTGOMERY_448) 112 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY 113 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 448 114 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 115 #endif /* curve selection */ 116 117 #if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) 118 #define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE 119 #endif 120 121 /* Pick a second curve, for tests that need two supported curves of the 122 * same size. For simplicity, we only handle a subset of configurations, 123 * and both curves will support both ECDH and ECDSA. */ 124 #if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_K1_192) 125 /* Identical redefinition of the ONE macros, to confirm that they have 126 * the values we expect here. */ 127 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 128 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 129 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 130 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES 131 #elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && \ 132 !defined(PSA_WANT_ECC_SECP_R1_192) 133 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 134 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 135 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 136 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES 137 #endif 138 139 /* Pick a second bit-size, for tests that need two supported curves of the 140 * same family. For simplicity, we only handle a subset of configurations, 141 * and both curves will support both ECDH and ECDSA. */ 142 #if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_R1_256) 143 /* Identical redefinition of the ONE macros, to confirm that they have 144 * the values we expect here. */ 145 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 146 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 147 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 256 148 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS 149 #elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) 150 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 151 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 152 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 384 153 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS 154 #endif 155 156 #endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ 157 158 /* Always define the macros so that we can use them in test data. */ 159 #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) 160 #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 161 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 0 162 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 163 #endif 164 #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) 165 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 166 #endif 167 #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS) 168 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 0 169 #endif 170 171 /* Get an available MD alg to be used in sign/verify tests. */ 172 #if defined(MBEDTLS_MD_CAN_SHA1) 173 #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA1 174 #elif defined(MBEDTLS_MD_CAN_SHA224) 175 #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224 176 #elif defined(MBEDTLS_MD_CAN_SHA256) 177 #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256 178 #elif defined(MBEDTLS_MD_CAN_SHA384) 179 #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA384 180 #elif defined(MBEDTLS_MD_CAN_SHA512) 181 #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 182 #endif 183 184 #include <test/test_keys.h> 185 186 /* Define an RSA key size we know it's present in predefined_key[] array. */ 187 #define RSA_KEY_SIZE 1024 188 #define RSA_KEY_LEN (RSA_KEY_SIZE/8) 189 190 static int get_predefined_key_data(int is_ec, int group_id_or_keybits, 191 const unsigned char **key, size_t *key_len, 192 const unsigned char **pub_key, size_t *pub_key_len) 193 { 194 size_t i; 195 struct predefined_key_element *predefined_key = NULL; 196 197 for (i = 0; i < ARRAY_LENGTH(predefined_keys); i++) { 198 if (is_ec) { 199 if (group_id_or_keybits == predefined_keys[i].group_id) { 200 predefined_key = &predefined_keys[i]; 201 } 202 } else if (group_id_or_keybits == predefined_keys[i].keybits) { 203 predefined_key = &predefined_keys[i]; 204 } 205 } 206 207 if (predefined_key != NULL) { 208 *key = predefined_key->priv_key; 209 *key_len = predefined_key->priv_key_len; 210 if (pub_key != NULL) { 211 *pub_key = predefined_key->pub_key; 212 *pub_key_len = predefined_key->pub_key_len; 213 } 214 return 0; 215 } 216 217 TEST_FAIL("Unsupported key"); 218 /* "exit" label is to make the compiler happy. */ 219 exit: 220 return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; 221 } 222 223 #if defined(MBEDTLS_PSA_CRYPTO_C) 224 static psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, 225 psa_key_type_t type, psa_key_usage_t usage, 226 psa_algorithm_t alg, mbedtls_svc_key_id_t *key) 227 { 228 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 229 psa_status_t status; 230 231 *key = MBEDTLS_SVC_KEY_ID_INIT; 232 233 /* Note: psa_import_key() automatically determines the key's bit length 234 * from the provided key data. That's why psa_set_key_bits() is not used below. */ 235 psa_set_key_usage_flags(&attributes, usage); 236 psa_set_key_algorithm(&attributes, alg); 237 psa_set_key_type(&attributes, type); 238 status = psa_import_key(&attributes, key_data, key_len, key); 239 240 return status; 241 } 242 #endif /* MBEDTLS_PSA_CRYPTO_C */ 243 244 /** Setup the provided PK context. 245 * 246 * Predefined keys used for the setup are taken from <test/test_keys.h> 247 * which is automatically generated using "framework/scripts/generate_test_keys.py". 248 * 249 * \param pk The PK object to fill. It must have been initialized 250 * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). 251 * \param pk_type mbedtls_pk_type_t to use in the PK context. 252 * \param curve_or_keybits - For RSA keys, the key size in bits. 253 * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). 254 * 255 * \return 0 on success or a negative value otherwise. 256 */ 257 static int pk_setup(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits) 258 { 259 const unsigned char *key_data = NULL; 260 const unsigned char *pub_key_data = NULL; 261 size_t key_data_len = 0; 262 size_t pub_key_data_len = 0; 263 int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; 264 265 TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); 266 267 if (pk_type == MBEDTLS_PK_RSA) { 268 #if defined(MBEDTLS_RSA_C) 269 TEST_EQUAL(get_predefined_key_data(0, curve_or_keybits, &key_data, &key_data_len, 270 NULL, 0), 0); 271 TEST_EQUAL(mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key_data, key_data_len), 0); 272 #else /* MBEDTLS_RSA_C */ 273 TEST_FAIL("RSA keys not supported."); 274 #endif /* MBEDTLS_RSA_C */ 275 } else { 276 TEST_EQUAL(get_predefined_key_data(1, curve_or_keybits, &key_data, &key_data_len, 277 &pub_key_data, &pub_key_data_len), 0); 278 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 279 pk->ec_family = mbedtls_ecc_group_to_psa(curve_or_keybits, &pk->ec_bits); 280 TEST_EQUAL(pk_psa_import_key(key_data, key_data_len, 281 PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family), 282 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | 283 PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | 284 PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_COPY | 285 PSA_KEY_USAGE_EXPORT, 286 MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH), 287 &pk->priv_id), 0); 288 memcpy(pk->pub_raw, pub_key_data, pub_key_data_len); 289 pk->pub_raw_len = pub_key_data_len; 290 #elif defined(MBEDTLS_ECP_C) 291 TEST_EQUAL(mbedtls_ecp_read_key(curve_or_keybits, mbedtls_pk_ec_rw(*pk), 292 key_data, key_data_len), 0); 293 TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_rw(*pk)->grp), 294 &(mbedtls_pk_ec_rw(*pk)->Q), 295 pub_key_data, pub_key_data_len), 0); 296 #else /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ 297 TEST_FAIL("EC keys not supported."); 298 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ 299 } 300 /* Override pk_info. */ 301 pk->pk_info = mbedtls_pk_info_from_type(pk_type); 302 ret = 0; 303 304 exit: 305 return ret; 306 } 307 308 #if defined(MBEDTLS_PSA_CRYPTO_C) 309 /** Create a PSA key of the desired type and properties. 310 * 311 * - For RSA and EC keys predefined key data is used (as in the pk_setup() above). 312 * - Other key types (ex: DH) are generated at runtime. 313 * 314 * \param type PSA key type. 315 * \param bits PSA key bit size. 316 * \param usage PSA key usage flags. 317 * \param alg PSA key primary algorithm. 318 * \param enrollment_alg PSA key enrollment algorithm. 319 * \param persistent_key_id PSA key ID for persistent keys. Set to PSA_KEY_ID_NULL 320 * for volatile keys. 321 * \param[out] key Identifier of the "generated" (actually imported) PSA key. 322 */ 323 static psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, 324 psa_key_usage_t usage, psa_algorithm_t alg, 325 psa_algorithm_t enrollment_alg, 326 mbedtls_svc_key_id_t persistent_key_id, 327 mbedtls_svc_key_id_t *key) 328 { 329 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 330 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 331 const unsigned char *key_data = NULL; 332 size_t key_data_size = 0; 333 334 *key = MBEDTLS_SVC_KEY_ID_INIT; 335 psa_set_key_usage_flags(&attributes, usage); 336 psa_set_key_algorithm(&attributes, alg); 337 psa_set_key_enrollment_algorithm(&attributes, enrollment_alg); 338 psa_set_key_type(&attributes, type); 339 psa_set_key_bits(&attributes, bits); 340 if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { 341 psa_set_key_id(&attributes, persistent_key_id); 342 } 343 344 /* For EC and RSA keys we use predefined keys in order to: 345 * - speed up testing and 346 * - ease requirements/dependencies on test cases. 347 * For other keys (ex: DH) psa_generate_key() is used instead. */ 348 if (PSA_KEY_TYPE_IS_RSA(type)) { 349 TEST_EQUAL(get_predefined_key_data(0, bits, &key_data, &key_data_size, NULL, 0), 0); 350 } else if (PSA_KEY_TYPE_IS_ECC(type)) { 351 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 352 mbedtls_ecp_group_id grp_id; 353 grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); 354 TEST_EQUAL(get_predefined_key_data(1, grp_id, &key_data, &key_data_size, NULL, 0), 0); 355 #else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 356 TEST_FAIL("EC keys are not supported"); 357 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 358 } else { 359 return psa_generate_key(&attributes, key); 360 } 361 362 status = psa_import_key(&attributes, key_data, key_data_size, key); 363 364 exit: 365 return status; 366 } 367 368 static psa_key_usage_t pk_get_psa_attributes_implied_usage( 369 psa_key_usage_t expected_usage) 370 { 371 /* Usage implied universally */ 372 if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 373 expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; 374 } 375 if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { 376 expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 377 } 378 /* Usage implied by mbedtls_pk_get_psa_attributes() */ 379 if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 380 expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; 381 } 382 if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { 383 expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 384 } 385 if (expected_usage & PSA_KEY_USAGE_DECRYPT) { 386 expected_usage |= PSA_KEY_USAGE_ENCRYPT; 387 } 388 expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; 389 return expected_usage; 390 } 391 392 #define RSA_WRITE_PUBKEY_MAX_SIZE \ 393 PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) 394 #define ECP_WRITE_PUBKEY_MAX_SIZE \ 395 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) 396 static int pk_public_same(const mbedtls_pk_context *pk1, 397 const mbedtls_pk_context *pk2) 398 { 399 int ok = 0; 400 401 mbedtls_pk_type_t type = mbedtls_pk_get_type(pk1); 402 TEST_EQUAL(type, mbedtls_pk_get_type(pk2)); 403 404 switch (type) { 405 #if defined(MBEDTLS_RSA_C) 406 case MBEDTLS_PK_RSA: 407 { 408 const mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(*pk1); 409 const mbedtls_rsa_context *rsa2 = mbedtls_pk_rsa(*pk2); 410 TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa1), 411 mbedtls_rsa_get_padding_mode(rsa2)); 412 TEST_EQUAL(mbedtls_rsa_get_md_alg(rsa1), 413 mbedtls_rsa_get_md_alg(rsa2)); 414 unsigned char buf1[RSA_WRITE_PUBKEY_MAX_SIZE]; 415 unsigned char *p1 = buf1 + sizeof(buf1); 416 int len1 = mbedtls_rsa_write_pubkey(rsa1, buf1, &p1); 417 TEST_LE_U(0, len1); 418 unsigned char buf2[RSA_WRITE_PUBKEY_MAX_SIZE]; 419 unsigned char *p2 = buf2 + sizeof(buf2); 420 int len2 = mbedtls_rsa_write_pubkey(rsa2, buf2, &p2); 421 TEST_LE_U(0, len2); 422 TEST_MEMORY_COMPARE(p1, len1, p2, len2); 423 break; 424 } 425 #endif /* MBEDTLS_RSA_C */ 426 427 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 428 case MBEDTLS_PK_ECKEY: 429 case MBEDTLS_PK_ECKEY_DH: 430 case MBEDTLS_PK_ECDSA: 431 { 432 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 433 TEST_MEMORY_COMPARE(pk1->pub_raw, pk1->pub_raw_len, 434 pk2->pub_raw, pk2->pub_raw_len); 435 TEST_EQUAL(pk1->ec_family, pk2->ec_family); 436 TEST_EQUAL(pk1->ec_bits, pk2->ec_bits); 437 438 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 439 const mbedtls_ecp_keypair *ec1 = mbedtls_pk_ec_ro(*pk1); 440 const mbedtls_ecp_keypair *ec2 = mbedtls_pk_ec_ro(*pk2); 441 TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(ec1), 442 mbedtls_ecp_keypair_get_group_id(ec2)); 443 unsigned char buf1[ECP_WRITE_PUBKEY_MAX_SIZE]; 444 size_t len1 = 99999991; 445 TEST_EQUAL(mbedtls_ecp_write_public_key( 446 ec1, MBEDTLS_ECP_PF_UNCOMPRESSED, 447 &len1, buf1, sizeof(buf1)), 0); 448 unsigned char buf2[ECP_WRITE_PUBKEY_MAX_SIZE]; 449 size_t len2 = 99999992; 450 TEST_EQUAL(mbedtls_ecp_write_public_key( 451 ec2, MBEDTLS_ECP_PF_UNCOMPRESSED, 452 &len2, buf2, sizeof(buf2)), 0); 453 TEST_MEMORY_COMPARE(buf1, len1, buf2, len2); 454 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 455 } 456 break; 457 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 458 459 default: 460 TEST_FAIL("Unsupported pk type in pk_public_same"); 461 } 462 463 ok = 1; 464 465 exit: 466 return ok; 467 } 468 #endif /* MBEDTLS_PSA_CRYPTO_C */ 469 470 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 471 static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, 472 const unsigned char *input, unsigned char *output, 473 size_t output_max_len) 474 { 475 return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, 476 mbedtls_test_rnd_std_rand, NULL, 477 olen, input, output, output_max_len); 478 } 479 static int mbedtls_rsa_sign_func(void *ctx, 480 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 481 mbedtls_md_type_t md_alg, unsigned int hashlen, 482 const unsigned char *hash, unsigned char *sig) 483 { 484 ((void) f_rng); 485 ((void) p_rng); 486 return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, 487 mbedtls_test_rnd_std_rand, NULL, 488 md_alg, hashlen, hash, sig); 489 } 490 static size_t mbedtls_rsa_key_len_func(void *ctx) 491 { 492 return ((const mbedtls_rsa_context *) ctx)->len; 493 } 494 #endif /* MBEDTLS_RSA_C && MBEDTLS_PK_RSA_ALT_SUPPORT */ 495 496 typedef enum { 497 /* The values are compatible with thinking of "from pair" as a boolean. */ 498 FROM_PUBLIC = 0, 499 FROM_PAIR = 1 500 } from_pair_t; 501 502 #if defined(MBEDTLS_PSA_CRYPTO_C) 503 static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, 504 mbedtls_pk_context *pk, psa_key_type_t *psa_type) 505 { 506 if (pk_type == MBEDTLS_PK_NONE) { 507 return 0; 508 } 509 510 switch (pk_type) { 511 #if defined(MBEDTLS_RSA_C) 512 case MBEDTLS_PK_RSA: 513 { 514 *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 515 TEST_EQUAL(pk_setup(pk, pk_type, RSA_KEY_SIZE), 0); 516 if (!want_pair) { 517 mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); 518 mbedtls_mpi_free(&rsa->D); 519 mbedtls_mpi_free(&rsa->P); 520 mbedtls_mpi_free(&rsa->Q); 521 } 522 break; 523 } 524 #endif /* MBEDTLS_RSA_C */ 525 526 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 527 case MBEDTLS_PK_ECKEY: 528 case MBEDTLS_PK_ECKEY_DH: 529 case MBEDTLS_PK_ECDSA: 530 { 531 mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; 532 size_t bits; 533 *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); 534 TEST_EQUAL(pk_setup(pk, pk_type, grp_id), 0); 535 if (!want_pair) { 536 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 537 psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; 538 psa_set_key_type(&pub_attributes, 539 PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type)); 540 psa_set_key_usage_flags(&pub_attributes, 541 PSA_KEY_USAGE_EXPORT | 542 PSA_KEY_USAGE_COPY | 543 PSA_KEY_USAGE_VERIFY_MESSAGE | 544 PSA_KEY_USAGE_VERIFY_HASH); 545 psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); 546 PSA_ASSERT(psa_destroy_key(pk->priv_id)); 547 pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT; 548 #else 549 mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); 550 mbedtls_mpi_free(&ec->d); 551 #endif 552 } 553 break; 554 } 555 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 556 557 default: 558 TEST_FAIL("Unknown PK type in test data"); 559 break; 560 } 561 562 if (!want_pair) { 563 *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); 564 } 565 return 0; 566 567 exit: 568 return MBEDTLS_ERR_ERROR_GENERIC_ERROR; 569 } 570 #endif /* MBEDTLS_PSA_CRYPTO_C */ 571 572 #if defined(MBEDTLS_PSA_CRYPTO_C) 573 /* Create a new PSA key which will contain only the public part of the private 574 * key which is provided in input. For this new key: 575 * - Type is the public counterpart of the private key. 576 * - Usage is the copied from the original private key, but the PSA_KEY_USAGE_EXPORT 577 * flag is removed. This is to prove that mbedtls_pk_copy_from_psa() doesn't 578 * require the key to have the EXPORT flag. 579 * - Algorithm is copied from the original key pair. 580 */ 581 static mbedtls_svc_key_id_t psa_pub_key_from_priv(mbedtls_svc_key_id_t priv_id) 582 { 583 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 584 psa_key_type_t type; 585 psa_algorithm_t alg; 586 psa_key_usage_t usage; 587 unsigned char pub_key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; 588 size_t pub_key_len; 589 mbedtls_svc_key_id_t pub_key = MBEDTLS_SVC_KEY_ID_INIT; 590 591 /* Get attributes from the private key. */ 592 PSA_ASSERT(psa_get_key_attributes(priv_id, &attributes)); 593 type = psa_get_key_type(&attributes); 594 usage = psa_get_key_usage_flags(&attributes); 595 alg = psa_get_key_algorithm(&attributes); 596 psa_reset_key_attributes(&attributes); 597 598 /* Export the public key and then import it in a new slot. */ 599 PSA_ASSERT(psa_export_public_key(priv_id, pub_key_buf, sizeof(pub_key_buf), &pub_key_len)); 600 601 /* Notes: 602 * - psa_import_key() automatically determines the key's bit length 603 * from the provided key data. That's why psa_set_key_bits() is not used 604 * below. 605 */ 606 type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); 607 usage &= ~PSA_KEY_USAGE_EXPORT; 608 psa_set_key_type(&attributes, type); 609 psa_set_key_usage_flags(&attributes, usage); 610 psa_set_key_algorithm(&attributes, alg); 611 612 PSA_ASSERT(psa_import_key(&attributes, pub_key_buf, pub_key_len, &pub_key)); 613 614 exit: 615 psa_reset_key_attributes(&attributes); 616 return pub_key; 617 } 618 619 /* Create a copy of a PSA key with same usage and algorithm policy and destroy 620 * the original one. */ 621 static mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) 622 { 623 psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT; 624 psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT; 625 mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 626 627 PSA_ASSERT(psa_get_key_attributes(orig_key_id, &orig_attr)); 628 psa_set_key_usage_flags(&new_attr, psa_get_key_usage_flags(&orig_attr)); 629 psa_set_key_algorithm(&new_attr, psa_get_key_algorithm(&orig_attr)); 630 631 PSA_ASSERT(psa_copy_key(orig_key_id, &new_attr, &new_key_id)); 632 psa_destroy_key(orig_key_id); 633 634 exit: 635 psa_reset_key_attributes(&orig_attr); 636 psa_reset_key_attributes(&new_attr); 637 return new_key_id; 638 } 639 #endif /* MBEDTLS_PSA_CRYPTO_C */ 640 /* END_HEADER */ 641 642 /* BEGIN_DEPENDENCIES 643 * depends_on:MBEDTLS_PK_C 644 * END_DEPENDENCIES 645 */ 646 647 /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 648 void pk_psa_utils(int key_is_rsa) 649 { 650 mbedtls_pk_context pk, pk2; 651 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 652 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 653 654 const char * const name = "Opaque"; 655 size_t bitlen; 656 657 mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; 658 unsigned char b1[1], b2[1]; 659 size_t len; 660 mbedtls_pk_debug_item dbg; 661 662 mbedtls_pk_init(&pk); 663 mbedtls_pk_init(&pk2); 664 USE_PSA_INIT(); 665 666 TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) == 667 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 668 669 mbedtls_pk_free(&pk); 670 mbedtls_pk_init(&pk); 671 672 if (key_is_rsa) { 673 bitlen = 1024; 674 PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, 675 PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, 676 MBEDTLS_SVC_KEY_ID_INIT, &key)); 677 } else { 678 bitlen = 256; 679 PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 680 PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), 681 PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key)); 682 } 683 if (mbedtls_svc_key_id_is_null(key)) { 684 goto exit; 685 } 686 687 TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, key) == 0); 688 689 TEST_ASSERT(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_OPAQUE); 690 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 691 692 TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); 693 TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8); 694 695 if (key_is_rsa) { 696 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0); 697 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 0); 698 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 1); 699 } else { 700 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1); 701 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1); 702 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 0); 703 } 704 705 /* unsupported operations: verify, decrypt, encrypt */ 706 if (key_is_rsa == 1) { 707 TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg, 708 b1, sizeof(b1), b2, sizeof(b2)) 709 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 710 } else { 711 TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1), 712 b2, &len, sizeof(b2), 713 NULL, NULL) 714 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 715 } 716 TEST_ASSERT(mbedtls_pk_encrypt(&pk, b1, sizeof(b1), 717 b2, &len, sizeof(b2), 718 NULL, NULL) 719 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 720 721 /* unsupported functions: check_pair, debug */ 722 if (key_is_rsa) { 723 TEST_ASSERT(mbedtls_pk_setup(&pk2, 724 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 725 } else { 726 TEST_ASSERT(mbedtls_pk_setup(&pk2, 727 mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); 728 } 729 TEST_ASSERT(mbedtls_pk_check_pair(&pk, &pk2, 730 mbedtls_test_rnd_std_rand, NULL) 731 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 732 TEST_ASSERT(mbedtls_pk_debug(&pk, &dbg) 733 == MBEDTLS_ERR_PK_TYPE_MISMATCH); 734 735 /* test that freeing the context does not destroy the key */ 736 mbedtls_pk_free(&pk); 737 TEST_ASSERT(PSA_SUCCESS == psa_get_key_attributes(key, &attributes)); 738 TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key)); 739 740 exit: 741 /* 742 * Key attributes may have been returned by psa_get_key_attributes() 743 * thus reset them as required. 744 */ 745 psa_reset_key_attributes(&attributes); 746 747 mbedtls_pk_free(&pk); /* redundant except upon error */ 748 mbedtls_pk_free(&pk2); 749 USE_PSA_DONE(); 750 } 751 /* END_CASE */ 752 753 /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 754 void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, 755 int key_alg2, int curve_or_keybits, int alg_check, int usage_check, 756 int result) 757 { 758 mbedtls_pk_context pk; 759 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 760 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 761 762 mbedtls_pk_init(&pk); 763 USE_PSA_INIT(); 764 765 if (opaque_key == 1) { 766 PSA_ASSERT(pk_psa_setup(key_type, curve_or_keybits, key_usage, 767 key_alg, key_alg2, MBEDTLS_SVC_KEY_ID_INIT, &key)); 768 if (mbedtls_svc_key_id_is_null(key)) { 769 goto exit; 770 } 771 772 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key), 0); 773 774 TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); 775 } else { 776 TEST_EQUAL(pk_setup(&pk, key_type, curve_or_keybits), 0); 777 TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); 778 } 779 780 TEST_EQUAL(mbedtls_pk_can_do_ext(&pk, alg_check, usage_check), result); 781 782 exit: 783 psa_reset_key_attributes(&attributes); 784 PSA_ASSERT(psa_destroy_key(key)); 785 mbedtls_pk_free(&pk); 786 USE_PSA_DONE(); 787 } 788 /* END_CASE */ 789 790 /* BEGIN_CASE */ 791 void pk_invalid_param() 792 { 793 mbedtls_pk_context ctx; 794 mbedtls_pk_type_t pk_type = 0; 795 unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 796 size_t buf_size = sizeof(buf); 797 798 mbedtls_pk_init(&ctx); 799 USE_PSA_INIT(); 800 801 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 802 mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_NONE, 803 NULL, buf_size, 804 buf, buf_size, 805 NULL)); 806 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 807 mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_SHA256, 808 NULL, 0, 809 buf, buf_size, 810 NULL)); 811 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 812 mbedtls_pk_verify_ext(pk_type, NULL, 813 &ctx, MBEDTLS_MD_NONE, 814 NULL, buf_size, 815 buf, buf_size)); 816 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 817 mbedtls_pk_verify_ext(pk_type, NULL, 818 &ctx, MBEDTLS_MD_SHA256, 819 NULL, 0, 820 buf, buf_size)); 821 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 822 mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_NONE, 823 NULL, buf_size, 824 buf, buf_size, &buf_size, 825 NULL, NULL, 826 NULL)); 827 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 828 mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_SHA256, 829 NULL, 0, 830 buf, buf_size, &buf_size, 831 NULL, NULL, 832 NULL)); 833 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 834 mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_NONE, 835 NULL, buf_size, 836 buf, buf_size, &buf_size, 837 NULL, NULL)); 838 TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 839 mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_SHA256, 840 NULL, 0, 841 buf, buf_size, &buf_size, 842 NULL, NULL)); 843 exit: 844 mbedtls_pk_free(&ctx); 845 USE_PSA_DONE(); 846 } 847 /* END_CASE */ 848 849 /* BEGIN_CASE */ 850 void valid_parameters() 851 { 852 mbedtls_pk_context pk; 853 unsigned char buf[1]; 854 size_t len; 855 void *options = NULL; 856 857 mbedtls_pk_init(&pk); 858 USE_PSA_INIT(); 859 860 TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) == 861 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 862 863 /* In informational functions, we accept NULL where a context pointer 864 * is expected because that's what the library has done forever. 865 * We do not document that NULL is accepted, so we may wish to change 866 * the behavior in a future version. */ 867 TEST_ASSERT(mbedtls_pk_get_bitlen(NULL) == 0); 868 TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0); 869 TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0); 870 871 TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, 872 MBEDTLS_MD_NONE, 873 NULL, 0, 874 buf, sizeof(buf), &len, 875 mbedtls_test_rnd_std_rand, NULL, 876 NULL) == 877 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 878 879 TEST_ASSERT(mbedtls_pk_sign(&pk, 880 MBEDTLS_MD_NONE, 881 NULL, 0, 882 buf, sizeof(buf), &len, 883 mbedtls_test_rnd_std_rand, NULL) == 884 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 885 886 TEST_ASSERT(mbedtls_pk_sign_ext(MBEDTLS_PK_NONE, &pk, 887 MBEDTLS_MD_NONE, 888 NULL, 0, 889 buf, sizeof(buf), &len, 890 mbedtls_test_rnd_std_rand, NULL) == 891 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 892 893 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, 894 MBEDTLS_MD_NONE, 895 NULL, 0, 896 buf, sizeof(buf), 897 NULL) == 898 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 899 900 TEST_ASSERT(mbedtls_pk_verify(&pk, 901 MBEDTLS_MD_NONE, 902 NULL, 0, 903 buf, sizeof(buf)) == 904 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 905 906 TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 907 &pk, 908 MBEDTLS_MD_NONE, 909 NULL, 0, 910 buf, sizeof(buf)) == 911 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 912 913 TEST_ASSERT(mbedtls_pk_encrypt(&pk, 914 NULL, 0, 915 NULL, &len, 0, 916 mbedtls_test_rnd_std_rand, NULL) == 917 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 918 919 TEST_ASSERT(mbedtls_pk_decrypt(&pk, 920 NULL, 0, 921 NULL, &len, 0, 922 mbedtls_test_rnd_std_rand, NULL) == 923 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 924 925 #if defined(MBEDTLS_PK_PARSE_C) 926 TEST_ASSERT(mbedtls_pk_parse_key(&pk, NULL, 0, NULL, 1, 927 mbedtls_test_rnd_std_rand, NULL) == 928 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 929 930 TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) == 931 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 932 #endif /* MBEDTLS_PK_PARSE_C */ 933 USE_PSA_DONE(); 934 } 935 /* END_CASE */ 936 937 /* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ 938 void valid_parameters_pkwrite(data_t *key_data) 939 { 940 mbedtls_pk_context pk; 941 942 /* For the write tests to be effective, we need a valid key pair. */ 943 mbedtls_pk_init(&pk); 944 USE_PSA_INIT(); 945 946 TEST_ASSERT(mbedtls_pk_parse_key(&pk, 947 key_data->x, key_data->len, NULL, 0, 948 mbedtls_test_rnd_std_rand, NULL) == 0); 949 950 TEST_ASSERT(mbedtls_pk_write_key_der(&pk, NULL, 0) == 951 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 952 953 TEST_ASSERT(mbedtls_pk_write_pubkey_der(&pk, NULL, 0) == 954 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 955 956 #if defined(MBEDTLS_PEM_WRITE_C) 957 TEST_ASSERT(mbedtls_pk_write_key_pem(&pk, NULL, 0) == 958 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 959 960 TEST_ASSERT(mbedtls_pk_write_pubkey_pem(&pk, NULL, 0) == 961 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 962 #endif /* MBEDTLS_PEM_WRITE_C */ 963 964 exit: 965 mbedtls_pk_free(&pk); 966 USE_PSA_DONE(); 967 } 968 /* END_CASE */ 969 970 /* BEGIN_CASE */ 971 void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) 972 { 973 mbedtls_pk_context pk; 974 975 mbedtls_pk_init(&pk); 976 USE_PSA_INIT(); 977 978 TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0); 979 980 TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); 981 TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); 982 TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == (unsigned) bitlen); 983 TEST_ASSERT(mbedtls_pk_get_len(&pk) == (unsigned) len); 984 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 985 986 exit: 987 mbedtls_pk_free(&pk); 988 USE_PSA_DONE(); 989 } 990 /* END_CASE */ 991 992 /* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 993 void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) 994 { 995 mbedtls_pk_context pub, prv, alt; 996 #if defined(MBEDTLS_USE_PSA_CRYPTO) 997 mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; 998 psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT; 999 int is_ec_key = 0; 1000 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1001 1002 mbedtls_pk_init(&pub); 1003 mbedtls_pk_init(&prv); 1004 mbedtls_pk_init(&alt); 1005 USE_PSA_INIT(); 1006 1007 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1008 /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending 1009 on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the 1010 two */ 1011 if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { 1012 ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; 1013 } 1014 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1015 1016 TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); 1017 TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, 1018 mbedtls_test_rnd_std_rand, NULL) 1019 == 0); 1020 1021 TEST_ASSERT(mbedtls_pk_check_pair(&pub, &prv, 1022 mbedtls_test_rnd_std_rand, NULL) 1023 == ret); 1024 1025 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 1026 if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_RSA) { 1027 TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, mbedtls_pk_rsa(prv), 1028 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 1029 mbedtls_rsa_key_len_func) == 0); 1030 TEST_ASSERT(mbedtls_pk_check_pair(&pub, &alt, 1031 mbedtls_test_rnd_std_rand, NULL) 1032 == ret); 1033 } 1034 #endif 1035 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1036 is_ec_key = (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY); 1037 /* Turn the prv PK context into an opaque one.*/ 1038 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, 1039 &opaque_key_attr), 0); 1040 TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); 1041 mbedtls_pk_free(&prv); 1042 mbedtls_pk_init(&prv); 1043 TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); 1044 /* Test check_pair() between the opaque key we just created and the public PK counterpart. 1045 * Note: opaque EC keys support check_pair(), whereas RSA ones do not. */ 1046 if (is_ec_key) { 1047 TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, 1048 NULL), ret); 1049 } else { 1050 TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, 1051 NULL), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 1052 } 1053 #endif 1054 1055 exit: 1056 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1057 psa_destroy_key(opaque_key_id); 1058 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1059 mbedtls_pk_free(&pub); 1060 mbedtls_pk_free(&prv); 1061 mbedtls_pk_free(&alt); 1062 USE_PSA_DONE(); 1063 } 1064 /* END_CASE */ 1065 1066 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1067 void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest, 1068 int mod, char *input_N, char *input_E, 1069 data_t *result_str, int expected_result) 1070 { 1071 mbedtls_rsa_context *rsa; 1072 mbedtls_pk_context pk; 1073 mbedtls_pk_restart_ctx *rs_ctx = NULL; 1074 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1075 mbedtls_pk_restart_ctx ctx; 1076 1077 rs_ctx = &ctx; 1078 mbedtls_pk_restart_init(rs_ctx); 1079 // this setting would ensure restart would happen if ECC was used 1080 mbedtls_ecp_set_max_ops(1); 1081 #endif 1082 1083 mbedtls_pk_init(&pk); 1084 MD_OR_USE_PSA_INIT(); 1085 1086 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1087 rsa = mbedtls_pk_rsa(pk); 1088 1089 rsa->len = (mod + 7) / 8; 1090 if (padding >= 0) { 1091 TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0); 1092 } 1093 1094 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1095 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1096 1097 int actual_result; 1098 actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0, 1099 result_str->x, mbedtls_pk_get_len(&pk)); 1100 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 1101 if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && 1102 expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { 1103 /* Tolerate INVALID_PADDING error for an invalid signature with 1104 * the legacy API (but not with PSA). */ 1105 } else 1106 #endif 1107 { 1108 TEST_EQUAL(actual_result, expected_result); 1109 } 1110 1111 actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, 1112 result_str->x, 1113 mbedtls_pk_get_len(&pk), 1114 rs_ctx); 1115 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 1116 if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && 1117 expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { 1118 /* Tolerate INVALID_PADDING error for an invalid signature with 1119 * the legacy API (but not with PSA). */ 1120 } else 1121 #endif 1122 { 1123 TEST_EQUAL(actual_result, expected_result); 1124 } 1125 1126 exit: 1127 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1128 mbedtls_pk_restart_free(rs_ctx); 1129 #endif 1130 mbedtls_pk_free(&pk); 1131 MD_OR_USE_PSA_DONE(); 1132 } 1133 /* END_CASE */ 1134 1135 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1136 void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, 1137 int mod, char *input_N, 1138 char *input_E, data_t *result_str, 1139 int pk_type, int mgf1_hash_id, 1140 int salt_len, int sig_len, 1141 int result) 1142 { 1143 mbedtls_rsa_context *rsa; 1144 mbedtls_pk_context pk; 1145 mbedtls_pk_rsassa_pss_options pss_opts; 1146 void *options; 1147 int ret; 1148 1149 mbedtls_pk_init(&pk); 1150 MD_OR_USE_PSA_INIT(); 1151 1152 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1153 rsa = mbedtls_pk_rsa(pk); 1154 1155 rsa->len = (mod + 7) / 8; 1156 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1157 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1158 1159 1160 if (mgf1_hash_id < 0) { 1161 options = NULL; 1162 } else { 1163 options = &pss_opts; 1164 1165 pss_opts.mgf1_hash_id = mgf1_hash_id; 1166 pss_opts.expected_salt_len = salt_len; 1167 } 1168 1169 ret = mbedtls_pk_verify_ext(pk_type, options, &pk, 1170 digest, message_str->x, message_str->len, 1171 result_str->x, sig_len); 1172 1173 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1174 if (result == MBEDTLS_ERR_RSA_INVALID_PADDING) { 1175 /* Mbed TLS distinguishes "invalid padding" from "valid padding but 1176 * the rest of the signature is invalid". This has little use in 1177 * practice and PSA doesn't report this distinction. 1178 * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated 1179 * to MBEDTLS_ERR_RSA_VERIFY_FAILED. 1180 * However, currently `mbedtls_pk_verify_ext()` may use either the 1181 * PSA or the Mbed TLS API, depending on the PSS options used. 1182 * So, it may return either INVALID_PADDING or INVALID_SIGNATURE. 1183 */ 1184 TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED); 1185 } else 1186 #endif 1187 { 1188 TEST_EQUAL(ret, result); 1189 } 1190 1191 exit: 1192 mbedtls_pk_free(&pk); 1193 MD_OR_USE_PSA_DONE(); 1194 } 1195 /* END_CASE */ 1196 1197 /* BEGIN_CASE depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY */ 1198 void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, 1199 data_t *sig, int ret) 1200 { 1201 mbedtls_pk_context pk; 1202 1203 mbedtls_pk_init(&pk); 1204 USE_PSA_INIT(); 1205 1206 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1207 1208 TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); 1209 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 1210 TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); 1211 memcpy(pk.pub_raw, key->x, key->len); 1212 pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits)); 1213 pk.pub_raw_len = key->len; 1214 #else 1215 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); 1216 1217 TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); 1218 TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, 1219 key->x, key->len) == 0); 1220 #endif 1221 1222 // MBEDTLS_MD_NONE is used since it will be ignored. 1223 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, 1224 hash->x, hash->len, sig->x, sig->len) == ret); 1225 1226 exit: 1227 mbedtls_pk_free(&pk); 1228 USE_PSA_DONE(); 1229 } 1230 /* END_CASE */ 1231 1232 /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ 1233 void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str, 1234 char *QX_str, char *QY_str, 1235 int md_alg, data_t *hash, data_t *sig_check, 1236 int max_ops, int min_restart, int max_restart) 1237 { 1238 int ret, cnt_restart; 1239 mbedtls_pk_restart_ctx rs_ctx; 1240 mbedtls_pk_context prv, pub; 1241 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 1242 size_t slen; 1243 1244 mbedtls_pk_restart_init(&rs_ctx); 1245 mbedtls_pk_init(&prv); 1246 mbedtls_pk_init(&pub); 1247 USE_PSA_INIT(); 1248 1249 memset(sig, 0, sizeof(sig)); 1250 1251 TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0); 1252 TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0); 1253 TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0); 1254 1255 TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0); 1256 TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0); 1257 TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0); 1258 1259 mbedtls_ecp_set_max_ops(max_ops); 1260 1261 slen = sizeof(sig); 1262 cnt_restart = 0; 1263 do { 1264 ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, 1265 sig, sizeof(sig), &slen, 1266 mbedtls_test_rnd_std_rand, NULL, 1267 &rs_ctx); 1268 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 1269 1270 TEST_ASSERT(ret == 0); 1271 TEST_ASSERT(slen == sig_check->len); 1272 TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0); 1273 1274 TEST_ASSERT(cnt_restart >= min_restart); 1275 TEST_ASSERT(cnt_restart <= max_restart); 1276 1277 cnt_restart = 0; 1278 do { 1279 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1280 hash->x, hash->len, sig, slen, &rs_ctx); 1281 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 1282 1283 TEST_ASSERT(ret == 0); 1284 TEST_ASSERT(cnt_restart >= min_restart); 1285 TEST_ASSERT(cnt_restart <= max_restart); 1286 1287 sig[0]++; 1288 do { 1289 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1290 hash->x, hash->len, sig, slen, &rs_ctx); 1291 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1292 TEST_ASSERT(ret != 0); 1293 sig[0]--; 1294 1295 /* Do we leak memory when aborting? try verify then sign 1296 * This test only makes sense when we actually restart */ 1297 if (min_restart > 0) { 1298 ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1299 hash->x, hash->len, sig, slen, &rs_ctx); 1300 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1301 mbedtls_pk_restart_free(&rs_ctx); 1302 1303 slen = sizeof(sig); 1304 ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, 1305 sig, sizeof(sig), &slen, 1306 mbedtls_test_rnd_std_rand, NULL, 1307 &rs_ctx); 1308 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1309 } 1310 1311 exit: 1312 mbedtls_pk_restart_free(&rs_ctx); 1313 mbedtls_pk_free(&prv); 1314 mbedtls_pk_free(&pub); 1315 USE_PSA_DONE(); 1316 } 1317 /* END_CASE */ 1318 1319 /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ 1320 void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, 1321 int sign_ret, int verify_ret) 1322 { 1323 mbedtls_pk_context pk; 1324 size_t sig_len; 1325 unsigned char hash[32]; // Hard-coded for SHA256 1326 size_t hash_len = sizeof(hash); 1327 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1328 void *rs_ctx = NULL; 1329 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1330 mbedtls_pk_restart_ctx ctx; 1331 1332 rs_ctx = &ctx; 1333 mbedtls_pk_restart_init(rs_ctx); 1334 /* This value is large enough that the operation will complete in one run. 1335 * See comments at the top of ecp_test_vect_restart in 1336 * test_suite_ecp.function for estimates of operation counts. */ 1337 mbedtls_ecp_set_max_ops(42000); 1338 #endif 1339 1340 mbedtls_pk_init(&pk); 1341 MD_OR_USE_PSA_INIT(); 1342 1343 memset(hash, 0x2a, sizeof(hash)); 1344 memset(sig, 0, sizeof(sig)); 1345 1346 TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0); 1347 1348 #if defined(MBEDTLS_RSA_C) 1349 if (type == MBEDTLS_PK_RSA) { 1350 TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); 1351 } 1352 #else 1353 (void) rsa_padding; 1354 (void) rsa_md_alg; 1355 #endif /* MBEDTLS_RSA_C */ 1356 1357 TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, 1358 hash, hash_len, 1359 sig, sizeof(sig), &sig_len, 1360 mbedtls_test_rnd_std_rand, NULL, 1361 rs_ctx) == sign_ret); 1362 if (sign_ret == 0) { 1363 TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 1364 } else { 1365 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 1366 } 1367 1368 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1369 hash, hash_len, sig, sig_len) == verify_ret); 1370 1371 if (verify_ret == 0) { 1372 hash[0]++; 1373 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1374 hash, hash_len, sig, sig_len) != 0); 1375 hash[0]--; 1376 1377 sig[0]++; 1378 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1379 hash, hash_len, sig, sig_len) != 0); 1380 sig[0]--; 1381 } 1382 1383 TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, hash_len, 1384 sig, sizeof(sig), &sig_len, 1385 mbedtls_test_rnd_std_rand, 1386 NULL) == sign_ret); 1387 if (sign_ret == 0) { 1388 TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 1389 } else { 1390 sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 1391 } 1392 1393 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1394 hash, hash_len, sig, sig_len, rs_ctx) == verify_ret); 1395 1396 if (verify_ret == 0) { 1397 hash[0]++; 1398 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1399 hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); 1400 hash[0]--; 1401 1402 sig[0]++; 1403 TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1404 hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); 1405 sig[0]--; 1406 } 1407 1408 exit: 1409 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1410 mbedtls_pk_restart_free(rs_ctx); 1411 #endif 1412 mbedtls_pk_free(&pk); 1413 MD_OR_USE_PSA_DONE(); 1414 } 1415 /* END_CASE */ 1416 1417 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1418 void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, int padding, 1419 char *input_P, char *input_Q, 1420 char *input_N, char *input_E, 1421 int ret) 1422 { 1423 unsigned char output[300], result[300]; 1424 mbedtls_test_rnd_pseudo_info rnd_info; 1425 mbedtls_mpi N, P, Q, E; 1426 mbedtls_rsa_context *rsa; 1427 mbedtls_pk_context pk; 1428 size_t olen, rlen; 1429 1430 mbedtls_pk_init(&pk); 1431 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1432 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1433 MD_OR_USE_PSA_INIT(); 1434 1435 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1436 memset(output, 0, sizeof(output)); 1437 1438 /* encryption test */ 1439 1440 /* init pk-rsa context */ 1441 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1442 rsa = mbedtls_pk_rsa(pk); 1443 mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); 1444 1445 /* load public key */ 1446 rsa->len = (mod + 7) / 8; 1447 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1448 TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1449 1450 TEST_ASSERT(mbedtls_pk_encrypt(&pk, message->x, message->len, 1451 output, &olen, sizeof(output), 1452 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1453 1454 /* decryption test */ 1455 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1456 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1457 1458 /* init pk-rsa context */ 1459 mbedtls_pk_free(&pk); 1460 TEST_ASSERT(mbedtls_pk_setup(&pk, 1461 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1462 rsa = mbedtls_pk_rsa(pk); 1463 mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); 1464 1465 /* load public key */ 1466 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1467 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1468 1469 /* load private key */ 1470 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1471 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1472 TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); 1473 TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1474 TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); 1475 1476 TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); 1477 TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1478 1479 memset(result, 0, sizeof(result)); 1480 rlen = 0; 1481 TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen, 1482 result, &rlen, sizeof(result), 1483 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1484 if (ret == 0) { 1485 TEST_ASSERT(rlen == message->len); 1486 TEST_ASSERT(memcmp(result, message->x, rlen) == 0); 1487 } 1488 1489 exit: 1490 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1491 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1492 mbedtls_pk_free(&pk); 1493 MD_OR_USE_PSA_DONE(); 1494 } 1495 /* END_CASE */ 1496 1497 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1498 void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg, 1499 char *input_P, char *input_Q, 1500 char *input_N, char *input_E, 1501 data_t *clear, int ret) 1502 { 1503 unsigned char output[256]; 1504 mbedtls_test_rnd_pseudo_info rnd_info; 1505 mbedtls_mpi N, P, Q, E; 1506 mbedtls_rsa_context *rsa; 1507 mbedtls_pk_context pk; 1508 size_t olen; 1509 1510 mbedtls_pk_init(&pk); 1511 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1512 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1513 MD_OR_USE_PSA_INIT(); 1514 1515 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1516 1517 /* init pk-rsa context */ 1518 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1519 rsa = mbedtls_pk_rsa(pk); 1520 1521 /* load public key */ 1522 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1523 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1524 1525 /* load private key */ 1526 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1527 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1528 TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); 1529 TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1530 TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); 1531 1532 TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1533 TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); 1534 1535 /* set padding mode */ 1536 if (padding >= 0) { 1537 TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0); 1538 } 1539 1540 /* decryption test */ 1541 memset(output, 0, sizeof(output)); 1542 olen = 0; 1543 TEST_ASSERT(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, 1544 output, &olen, sizeof(output), 1545 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1546 if (ret == 0) { 1547 TEST_ASSERT(olen == clear->len); 1548 TEST_ASSERT(memcmp(output, clear->x, olen) == 0); 1549 } 1550 1551 exit: 1552 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1553 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1554 mbedtls_pk_free(&pk); 1555 MD_OR_USE_PSA_DONE(); 1556 } 1557 /* END_CASE */ 1558 1559 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ 1560 void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, 1561 char *input_P, char *input_Q, 1562 char *input_N, char *input_E, 1563 int padding_mode, 1564 data_t *clear, int ret) 1565 { 1566 unsigned char output[256]; 1567 mbedtls_test_rnd_pseudo_info rnd_info; 1568 mbedtls_mpi N, P, Q, E; 1569 mbedtls_rsa_context *rsa; 1570 mbedtls_pk_context pk; 1571 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1572 psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 1573 size_t olen; 1574 1575 mbedtls_pk_init(&pk); 1576 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1577 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1578 USE_PSA_INIT(); 1579 1580 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1581 1582 /* init pk-rsa context */ 1583 TEST_EQUAL(mbedtls_pk_setup(&pk, 1584 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1585 rsa = mbedtls_pk_rsa(pk); 1586 1587 /* load public key */ 1588 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); 1589 TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); 1590 1591 /* load private key */ 1592 TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0); 1593 TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0); 1594 TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0); 1595 TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1596 TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); 1597 1598 /* Set padding mode */ 1599 if (padding_mode == MBEDTLS_RSA_PKCS_V21) { 1600 TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding_mode, MBEDTLS_MD_SHA1), 0); 1601 } 1602 1603 /* Turn PK context into an opaque one. */ 1604 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0); 1605 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); 1606 mbedtls_pk_free(&pk); 1607 mbedtls_pk_init(&pk); 1608 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 1609 1610 TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1611 1612 /* decryption test */ 1613 memset(output, 0, sizeof(output)); 1614 olen = 0; 1615 TEST_EQUAL(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, 1616 output, &olen, sizeof(output), 1617 mbedtls_test_rnd_pseudo_rand, &rnd_info), ret); 1618 if (ret == 0) { 1619 TEST_EQUAL(olen, clear->len); 1620 TEST_EQUAL(memcmp(output, clear->x, olen), 0); 1621 } 1622 1623 TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); 1624 1625 exit: 1626 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1627 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1628 mbedtls_pk_free(&pk); 1629 USE_PSA_DONE(); 1630 } 1631 /* END_CASE */ 1632 1633 /* BEGIN_CASE */ 1634 void pk_ec_nocrypt(int type) 1635 { 1636 mbedtls_pk_context pk; 1637 unsigned char output[100]; 1638 unsigned char input[100]; 1639 mbedtls_test_rnd_pseudo_info rnd_info; 1640 size_t olen = 0; 1641 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1642 1643 mbedtls_pk_init(&pk); 1644 USE_PSA_INIT(); 1645 1646 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1647 memset(output, 0, sizeof(output)); 1648 memset(input, 0, sizeof(input)); 1649 1650 TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1651 1652 TEST_ASSERT(mbedtls_pk_encrypt(&pk, input, sizeof(input), 1653 output, &olen, sizeof(output), 1654 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1655 1656 TEST_ASSERT(mbedtls_pk_decrypt(&pk, input, sizeof(input), 1657 output, &olen, sizeof(output), 1658 mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1659 1660 exit: 1661 mbedtls_pk_free(&pk); 1662 USE_PSA_DONE(); 1663 } 1664 /* END_CASE */ 1665 1666 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1667 void pk_rsa_overflow() 1668 { 1669 mbedtls_pk_context pk; 1670 size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1; 1671 unsigned char hash[50], sig[100]; 1672 1673 mbedtls_pk_init(&pk); 1674 USE_PSA_INIT(); 1675 1676 memset(hash, 0x2a, sizeof(hash)); 1677 memset(sig, 0, sizeof(sig)); 1678 1679 TEST_EQUAL(mbedtls_pk_setup(&pk, 1680 mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1681 1682 #if defined(MBEDTLS_PKCS1_V21) 1683 TEST_EQUAL(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, 1684 MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len), 1685 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1686 #endif /* MBEDTLS_PKCS1_V21 */ 1687 1688 TEST_EQUAL(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, 1689 sig, sig_len), 1690 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1691 1692 #if defined(MBEDTLS_PKCS1_V21) 1693 TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, 1694 MBEDTLS_MD_NONE, hash, hash_len, 1695 sig, sizeof(sig), &sig_len, 1696 mbedtls_test_rnd_std_rand, NULL), 1697 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1698 #endif /* MBEDTLS_PKCS1_V21 */ 1699 1700 TEST_EQUAL(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, 1701 sig, sizeof(sig), &sig_len, 1702 mbedtls_test_rnd_std_rand, NULL), 1703 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1704 1705 exit: 1706 mbedtls_pk_free(&pk); 1707 USE_PSA_DONE(); 1708 } 1709 /* END_CASE */ 1710 1711 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 1712 void pk_rsa_alt() 1713 { 1714 /* 1715 * An rsa_alt context can only do private operations (decrypt, sign). 1716 * Test it against the public operations (encrypt, verify) of a 1717 * corresponding rsa context. 1718 */ 1719 mbedtls_rsa_context raw; 1720 mbedtls_pk_context rsa, alt; 1721 mbedtls_pk_debug_item dbg_items[10]; 1722 unsigned char hash[50], sig[RSA_KEY_LEN]; 1723 unsigned char msg[50], ciph[RSA_KEY_LEN], test[50]; 1724 size_t sig_len, ciph_len, test_len; 1725 int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1726 1727 mbedtls_rsa_init(&raw); 1728 mbedtls_pk_init(&rsa); 1729 mbedtls_pk_init(&alt); 1730 USE_PSA_INIT(); 1731 1732 memset(hash, 0x2a, sizeof(hash)); 1733 memset(sig, 0, sizeof(sig)); 1734 memset(msg, 0x2a, sizeof(msg)); 1735 memset(ciph, 0, sizeof(ciph)); 1736 memset(test, 0, sizeof(test)); 1737 1738 /* Initialize PK RSA context with random key */ 1739 TEST_ASSERT(pk_setup(&rsa, MBEDTLS_PK_RSA, RSA_KEY_SIZE) == 0); 1740 1741 /* Extract key to the raw rsa context */ 1742 TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); 1743 1744 /* Initialize PK RSA_ALT context */ 1745 TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, (void *) &raw, 1746 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 1747 mbedtls_rsa_key_len_func) == 0); 1748 1749 /* Test administrative functions */ 1750 TEST_ASSERT(mbedtls_pk_can_do(&alt, MBEDTLS_PK_RSA)); 1751 TEST_ASSERT(mbedtls_pk_get_bitlen(&alt) == RSA_KEY_SIZE); 1752 TEST_ASSERT(mbedtls_pk_get_len(&alt) == RSA_KEY_LEN); 1753 TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); 1754 TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); 1755 1756 #if defined(MBEDTLS_PSA_CRYPTO_C) 1757 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1758 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, 1759 PSA_KEY_USAGE_ENCRYPT, 1760 &attributes), 1761 MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 1762 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1763 TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), 1764 MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 1765 #endif /* MBEDTLS_PSA_CRYPTO_C */ 1766 1767 /* Test signature */ 1768 #if SIZE_MAX > UINT_MAX 1769 TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, 1770 sig, sizeof(sig), &sig_len, 1771 mbedtls_test_rnd_std_rand, NULL) 1772 == MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1773 #endif /* SIZE_MAX > UINT_MAX */ 1774 TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), 1775 sig, sizeof(sig), &sig_len, 1776 mbedtls_test_rnd_std_rand, NULL) 1777 == 0); 1778 TEST_ASSERT(sig_len == RSA_KEY_LEN); 1779 TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE, 1780 hash, sizeof(hash), sig, sig_len) == 0); 1781 1782 /* Test decrypt */ 1783 TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg), 1784 ciph, &ciph_len, sizeof(ciph), 1785 mbedtls_test_rnd_std_rand, NULL) == 0); 1786 TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len, 1787 test, &test_len, sizeof(test), 1788 mbedtls_test_rnd_std_rand, NULL) == 0); 1789 TEST_ASSERT(test_len == sizeof(msg)); 1790 TEST_ASSERT(memcmp(test, msg, test_len) == 0); 1791 1792 /* Test forbidden operations */ 1793 TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg), 1794 ciph, &ciph_len, sizeof(ciph), 1795 mbedtls_test_rnd_std_rand, NULL) == ret); 1796 TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE, 1797 hash, sizeof(hash), sig, sig_len) == ret); 1798 TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret); 1799 1800 exit: 1801 mbedtls_rsa_free(&raw); 1802 mbedtls_pk_free(&rsa); mbedtls_pk_free(&alt); 1803 USE_PSA_DONE(); 1804 } 1805 /* END_CASE */ 1806 1807 /* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ 1808 void pk_psa_sign(int psa_type, int bits, int rsa_padding) 1809 { 1810 mbedtls_pk_context pk; 1811 unsigned char hash[32]; 1812 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1813 unsigned char legacy_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; 1814 unsigned char opaque_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; 1815 size_t sig_len, legacy_pub_key_len, opaque_pub_key_len; 1816 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1817 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1818 #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_WRITE_C) 1819 int ret; 1820 #endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */ 1821 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1822 mbedtls_ecp_group_id ecp_grp_id = MBEDTLS_ECP_DP_NONE; 1823 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1824 1825 /* 1826 * Following checks are perfomed: 1827 * - create an RSA/EC opaque context; 1828 * - sign with opaque context for both EC and RSA keys; 1829 * - [EC only] verify with opaque context; 1830 * - verify that public keys of opaque and non-opaque contexts match; 1831 * - verify with non-opaque context. 1832 */ 1833 1834 mbedtls_pk_init(&pk); 1835 USE_PSA_INIT(); 1836 1837 /* Create the legacy EC/RSA PK context. */ 1838 #if defined(MBEDTLS_RSA_C) 1839 if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1840 TEST_EQUAL(pk_setup(&pk, MBEDTLS_PK_RSA, bits), 0); 1841 TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); 1842 } 1843 #else /* MBEDTLS_RSA_C */ 1844 (void) rsa_padding; 1845 #endif /* MBEDTLS_RSA_C */ 1846 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1847 if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1848 ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); 1849 TEST_ASSERT(pk_setup(&pk, MBEDTLS_PK_ECKEY, ecp_grp_id) == 0); 1850 } 1851 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1852 1853 /* Export public key from the non-opaque PK context we just created. */ 1854 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1855 ret = mbedtls_pk_write_pubkey_der(&pk, legacy_pub_key, sizeof(legacy_pub_key)); 1856 TEST_ASSERT(ret >= 0); 1857 legacy_pub_key_len = (size_t) ret; 1858 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer so we 1859 * shift data back to the beginning of the buffer. */ 1860 memmove(legacy_pub_key, 1861 legacy_pub_key + sizeof(legacy_pub_key) - legacy_pub_key_len, 1862 legacy_pub_key_len); 1863 #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1864 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1865 if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1866 TEST_EQUAL(mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), 1867 &(mbedtls_pk_ec_ro(pk)->Q), 1868 MBEDTLS_ECP_PF_UNCOMPRESSED, 1869 &legacy_pub_key_len, legacy_pub_key, 1870 sizeof(legacy_pub_key)), 0); 1871 } 1872 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1873 #if defined(MBEDTLS_RSA_C) 1874 if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1875 unsigned char *end = legacy_pub_key + sizeof(legacy_pub_key); 1876 ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, &end); 1877 legacy_pub_key_len = (size_t) ret; 1878 TEST_ASSERT(legacy_pub_key_len > 0); 1879 /* mbedtls_rsa_write_pubkey() writes data backward in the buffer so 1880 * we shift that to the origin of the buffer instead. */ 1881 memmove(legacy_pub_key, end, legacy_pub_key_len); 1882 } 1883 #endif /* MBEDTLS_RSA_C */ 1884 #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1885 1886 /* Turn the PK context into an opaque one. */ 1887 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0); 1888 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0); 1889 mbedtls_pk_free(&pk); 1890 mbedtls_pk_init(&pk); 1891 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 1892 1893 PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); 1894 TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type); 1895 TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) bits); 1896 TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 1897 1898 /* Sign with the opaque context. */ 1899 memset(hash, 0x2a, sizeof(hash)); 1900 memset(sig, 0, sizeof(sig)); 1901 TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, 1902 hash, sizeof(hash), sig, sizeof(sig), &sig_len, 1903 NULL, NULL) == 0); 1904 /* Only opaque EC keys support verification. */ 1905 if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1906 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1907 hash, sizeof(hash), sig, sig_len) == 0); 1908 } 1909 1910 /* Export public key from the opaque PK context. */ 1911 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1912 ret = mbedtls_pk_write_pubkey_der(&pk, opaque_pub_key, sizeof(opaque_pub_key)); 1913 TEST_ASSERT(ret >= 0); 1914 opaque_pub_key_len = (size_t) ret; 1915 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1916 memmove(opaque_pub_key, 1917 opaque_pub_key + sizeof(opaque_pub_key) - opaque_pub_key_len, 1918 opaque_pub_key_len); 1919 #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1920 TEST_EQUAL(psa_export_public_key(key_id, opaque_pub_key, sizeof(opaque_pub_key), 1921 &opaque_pub_key_len), PSA_SUCCESS); 1922 #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1923 1924 /* Check that the public keys of opaque and non-opaque PK contexts match. */ 1925 TEST_EQUAL(opaque_pub_key_len, legacy_pub_key_len); 1926 TEST_MEMORY_COMPARE(opaque_pub_key, opaque_pub_key_len, legacy_pub_key, legacy_pub_key_len); 1927 1928 /* Destroy the opaque PK context and the wrapped PSA key. */ 1929 mbedtls_pk_free(&pk); 1930 TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id)); 1931 1932 /* Create a new non-opaque PK context to verify the signature. */ 1933 mbedtls_pk_init(&pk); 1934 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1935 TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, legacy_pub_key, legacy_pub_key_len), 0); 1936 #else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1937 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1938 if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1939 TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); 1940 TEST_EQUAL(mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(pk)->grp), ecp_grp_id), 0); 1941 TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), 1942 &(mbedtls_pk_ec_rw(pk)->Q), 1943 legacy_pub_key, legacy_pub_key_len), 0); 1944 } 1945 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1946 #if defined(MBEDTLS_RSA_C) 1947 if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1948 TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1949 TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, 1950 legacy_pub_key_len), 0); 1951 } 1952 #endif /* MBEDTLS_RSA_C */ 1953 #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1954 1955 #if defined(MBEDTLS_RSA_C) 1956 if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1957 TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); 1958 } 1959 #endif /* MBEDTLS_RSA_C */ 1960 TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1961 hash, sizeof(hash), sig, sig_len) == 0); 1962 1963 exit: 1964 psa_reset_key_attributes(&attributes); 1965 1966 mbedtls_pk_free(&pk); 1967 USE_PSA_DONE(); 1968 } 1969 /* END_CASE */ 1970 1971 /* BEGIN_CASE */ 1972 void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) 1973 { 1974 mbedtls_pk_context pk; 1975 size_t sig_len; 1976 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1977 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 1978 size_t hash_len = mbedtls_md_get_size_from_type(md_alg); 1979 void const *options = NULL; 1980 mbedtls_pk_rsassa_pss_options rsassa_pss_options; 1981 memset(hash, 0x2a, sizeof(hash)); 1982 memset(sig, 0, sizeof(sig)); 1983 1984 mbedtls_pk_init(&pk); 1985 MD_OR_USE_PSA_INIT(); 1986 1987 TEST_EQUAL(pk_setup(&pk, pk_type, curve_or_keybits), 0); 1988 1989 TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, 1990 sig, sizeof(sig), &sig_len, 1991 mbedtls_test_rnd_std_rand, NULL), 0); 1992 1993 if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 1994 rsassa_pss_options.mgf1_hash_id = md_alg; 1995 TEST_ASSERT(hash_len != 0); 1996 rsassa_pss_options.expected_salt_len = hash_len; 1997 options = (const void *) &rsassa_pss_options; 1998 } 1999 TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, 2000 hash, hash_len, sig, sig_len), 0); 2001 exit: 2002 mbedtls_pk_free(&pk); 2003 MD_OR_USE_PSA_DONE(); 2004 } 2005 /* END_CASE */ 2006 2007 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ 2008 void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg) 2009 { 2010 mbedtls_pk_context pk; 2011 size_t sig_len, pkey_len; 2012 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2013 psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 2014 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 2015 unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; 2016 unsigned char *pkey_start; 2017 unsigned char hash[PSA_HASH_MAX_SIZE]; 2018 psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); 2019 size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); 2020 void const *options = NULL; 2021 mbedtls_pk_rsassa_pss_options rsassa_pss_options; 2022 int ret; 2023 2024 mbedtls_pk_init(&pk); 2025 PSA_INIT(); 2026 2027 /* Create legacy RSA public/private key in PK context. */ 2028 mbedtls_pk_init(&pk); 2029 TEST_EQUAL(pk_setup(&pk, pk_type, key_bits), 0); 2030 2031 if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2032 mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); 2033 } 2034 2035 /* Export underlying public key for re-importing in a legacy context. 2036 * Note: mbedtls_rsa_write_key() writes backwards in the data buffer. */ 2037 pkey_start = pkey + sizeof(pkey); 2038 ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), pkey, &pkey_start); 2039 TEST_ASSERT(ret >= 0); 2040 2041 pkey_len = (size_t) ret; 2042 /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 2043 pkey_start = pkey + sizeof(pkey) - pkey_len; 2044 2045 /* Turn PK context into an opaque one. */ 2046 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); 2047 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); 2048 mbedtls_pk_free(&pk); 2049 mbedtls_pk_init(&pk); 2050 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 2051 2052 memset(hash, 0x2a, sizeof(hash)); 2053 memset(sig, 0, sizeof(sig)); 2054 2055 #if defined(MBEDTLS_PKCS1_V21) 2056 /* Check that trying to use the wrong pk_type in sign_ext() results in a failure. 2057 * The PSA key was setup to use PKCS1 v1.5 signature algorithm, but here we try 2058 * to use it for PSS (PKCS1 v2.1) and it should fail. */ 2059 if (key_pk_type == MBEDTLS_PK_RSA) { 2060 TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, md_alg, hash, hash_len, 2061 sig, sizeof(sig), &sig_len, 2062 mbedtls_test_rnd_std_rand, NULL), 2063 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 2064 } 2065 #endif /* MBEDTLS_PKCS1_V21 */ 2066 2067 /* Perform sign_ext() with the correct pk_type. */ 2068 TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, 2069 sig, sizeof(sig), &sig_len, 2070 mbedtls_test_rnd_std_rand, NULL), 0); 2071 2072 /* verify_ext() is not supported when using an opaque context. */ 2073 if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2074 mbedtls_pk_rsassa_pss_options pss_opts = { 2075 .mgf1_hash_id = md_alg, 2076 .expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY, 2077 }; 2078 TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, &pss_opts, &pk, md_alg, 2079 hash, hash_len, sig, sig_len), 2080 MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 2081 } else { 2082 TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, NULL, &pk, md_alg, 2083 hash, hash_len, sig, sig_len), 2084 MBEDTLS_ERR_PK_TYPE_MISMATCH); 2085 } 2086 2087 mbedtls_pk_free(&pk); 2088 TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); 2089 2090 mbedtls_pk_init(&pk); 2091 TEST_EQUAL(mbedtls_pk_setup(&pk, 2092 mbedtls_pk_info_from_type(pk_type)), 0); 2093 TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), pkey_start, pkey_len), 0); 2094 2095 if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2096 rsassa_pss_options.mgf1_hash_id = md_alg; 2097 TEST_ASSERT(hash_len != 0); 2098 rsassa_pss_options.expected_salt_len = hash_len; 2099 options = (const void *) &rsassa_pss_options; 2100 } 2101 TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, 2102 hash, hash_len, sig, sig_len), 0); 2103 2104 exit: 2105 mbedtls_pk_free(&pk); 2106 PSA_DONE(); 2107 } 2108 /* END_CASE */ 2109 2110 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2111 void pk_get_psa_attributes(int pk_type, int from_pair, 2112 int usage_arg, 2113 int to_pair, int expected_alg) 2114 { 2115 mbedtls_pk_context pk; 2116 mbedtls_pk_init(&pk); 2117 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2118 psa_key_usage_t usage = usage_arg; 2119 mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2120 2121 PSA_INIT(); 2122 2123 psa_key_type_t expected_psa_type = 0; 2124 TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2125 &pk, &expected_psa_type), 0); 2126 if (!to_pair) { 2127 expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); 2128 } 2129 2130 psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity 2131 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity 2132 psa_set_key_id(&attributes, key_id); 2133 psa_set_key_lifetime(&attributes, lifetime); 2134 psa_set_key_enrollment_algorithm(&attributes, 42); 2135 psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); 2136 2137 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) 2138 /* When the resulting algorithm is ECDSA, the compile-time configuration 2139 * can cause it to be either deterministic or randomized ECDSA. 2140 * Rather than have two near-identical sets of test data depending on 2141 * the configuration, always use randomized in the test data and 2142 * tweak the expected result here. */ 2143 if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { 2144 expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); 2145 } 2146 #endif 2147 2148 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); 2149 2150 TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); 2151 TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2152 key_id)); 2153 TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2154 TEST_EQUAL(psa_get_key_bits(&attributes), 2155 mbedtls_pk_get_bitlen(&pk)); 2156 TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2157 TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); 2158 TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2159 2160 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2161 if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2162 goto exit; 2163 } 2164 2165 exit: 2166 mbedtls_pk_free(&pk); 2167 psa_reset_key_attributes(&attributes); 2168 psa_destroy_key(new_key_id); 2169 PSA_DONE(); 2170 } 2171 /* END_CASE */ 2172 2173 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ 2174 void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, 2175 int usage_arg, 2176 int to_pair, int expected_alg) 2177 { 2178 mbedtls_pk_context pk; 2179 mbedtls_pk_init(&pk); 2180 psa_key_usage_t usage = usage_arg; 2181 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2182 mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2183 2184 PSA_INIT(); 2185 2186 psa_key_type_t expected_psa_type = 0; 2187 TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, 2188 &pk, &expected_psa_type), 0); 2189 mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); 2190 TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); 2191 if (!to_pair) { 2192 expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); 2193 } 2194 psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); 2195 2196 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); 2197 2198 TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 2199 TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2200 MBEDTLS_SVC_KEY_ID_INIT)); 2201 TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2202 TEST_EQUAL(psa_get_key_bits(&attributes), 2203 mbedtls_pk_get_bitlen(&pk)); 2204 TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2205 TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); 2206 TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2207 2208 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2209 if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2210 goto exit; 2211 } 2212 2213 exit: 2214 mbedtls_pk_free(&pk); 2215 psa_reset_key_attributes(&attributes); 2216 psa_destroy_key(new_key_id); 2217 PSA_DONE(); 2218 } 2219 /* END_CASE */ 2220 2221 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2222 void pk_get_psa_attributes_fail(int pk_type, int from_pair, 2223 int usage_arg, 2224 int expected_ret) 2225 { 2226 mbedtls_pk_context pk; 2227 mbedtls_pk_init(&pk); 2228 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2229 psa_key_usage_t usage = usage_arg; 2230 2231 PSA_INIT(); 2232 2233 psa_key_type_t expected_psa_type; 2234 TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2235 &pk, &expected_psa_type), 0); 2236 2237 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 2238 expected_ret); 2239 2240 exit: 2241 mbedtls_pk_free(&pk); 2242 psa_reset_key_attributes(&attributes); 2243 PSA_DONE(); 2244 } 2245 /* END_CASE */ 2246 2247 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 2248 void pk_import_into_psa_lifetime(int from_opaque, 2249 int from_persistent, /* when from opaque */ 2250 int from_exportable, /* when from opaque */ 2251 int to_public, 2252 int to_persistent) 2253 { 2254 mbedtls_pk_context pk; 2255 mbedtls_pk_init(&pk); 2256 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2257 mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2258 mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2259 mbedtls_svc_key_id_t expected_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2260 psa_key_lifetime_t expected_lifetime = PSA_KEY_LIFETIME_VOLATILE; 2261 2262 PSA_INIT(); 2263 2264 if (from_opaque) { 2265 #if defined(MBEDTLS_USE_PSA_CRYPTO) 2266 psa_key_type_t from_psa_type = 2267 PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY); 2268 psa_key_usage_t psa_key_usage = 2269 (from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) | 2270 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; 2271 mbedtls_svc_key_id_t persistent_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2272 2273 if (from_persistent) { 2274 persistent_key_id = mbedtls_svc_key_id_make(0, 1); 2275 } 2276 2277 PSA_ASSERT(pk_psa_setup(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS, 2278 psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE, 2279 persistent_key_id, &old_key_id)); 2280 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); 2281 psa_reset_key_attributes(&attributes); 2282 #else 2283 (void) from_persistent; 2284 (void) from_exportable; 2285 TEST_FAIL("Attempted to test opaque key without opaque key support"); 2286 #endif 2287 } else { 2288 psa_key_type_t psa_type_according_to_setup; 2289 TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_ECKEY, 1, 2290 &pk, &psa_type_according_to_setup), 0); 2291 } 2292 2293 if (to_persistent) { 2294 expected_key_id = mbedtls_svc_key_id_make(42, 2); 2295 psa_set_key_id(&attributes, expected_key_id); 2296 /* psa_set_key_id() sets the lifetime to PERSISTENT */ 2297 expected_lifetime = PSA_KEY_LIFETIME_PERSISTENT; 2298 } 2299 2300 psa_key_usage_t to_usage = 2301 to_public ? PSA_KEY_USAGE_VERIFY_HASH : PSA_KEY_USAGE_SIGN_HASH; 2302 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, to_usage, 2303 &attributes), 0); 2304 /* mbedtls_pk_get_psa_attributes() is specified to not modify 2305 * the persistence attributes. */ 2306 TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); 2307 TEST_EQUAL(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 2308 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(expected_key_id)); 2309 2310 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2311 if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2312 goto exit; 2313 } 2314 2315 PSA_ASSERT(psa_get_key_attributes(new_key_id, &attributes)); 2316 TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); 2317 /* Here expected_key_id=0 for a volatile key, but we expect 2318 * attributes to contain a dynamically assigned key id which we 2319 * can't predict. */ 2320 if (to_persistent) { 2321 TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2322 expected_key_id)); 2323 } 2324 2325 exit: 2326 mbedtls_pk_free(&pk); 2327 psa_reset_key_attributes(&attributes); 2328 psa_destroy_key(old_key_id); 2329 psa_destroy_key(new_key_id); 2330 PSA_DONE(); 2331 } 2332 /* END_CASE */ 2333 2334 /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 2335 void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, 2336 int from_usage_arg, int from_alg_arg, 2337 int usage_arg, 2338 int expected_ret, 2339 int to_pair, int expected_usage_arg) 2340 { 2341 mbedtls_pk_context pk; 2342 mbedtls_pk_init(&pk); 2343 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2344 mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2345 psa_key_type_t from_type = from_type_arg; 2346 size_t bits = from_bits_arg; 2347 psa_key_usage_t from_usage = from_usage_arg; 2348 psa_algorithm_t alg = from_alg_arg; 2349 psa_key_usage_t usage = usage_arg; 2350 psa_key_usage_t expected_usage = expected_usage_arg; 2351 mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2352 2353 PSA_INIT(); 2354 2355 PSA_ASSERT(pk_psa_setup(from_type, bits, from_usage, alg, 42, 2356 MBEDTLS_SVC_KEY_ID_INIT, &old_key_id)); 2357 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); 2358 2359 psa_key_type_t expected_psa_type = 2360 to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); 2361 2362 TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 2363 expected_ret); 2364 2365 if (expected_ret == 0) { 2366 TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 2367 TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2368 MBEDTLS_SVC_KEY_ID_INIT)); 2369 TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2370 TEST_EQUAL(psa_get_key_bits(&attributes), bits); 2371 TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2372 TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); 2373 TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2374 2375 int expected_import_ret = 0; 2376 if (to_pair && 2377 !(from_usage & (PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT))) { 2378 expected_import_ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 2379 } 2380 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 2381 expected_import_ret); 2382 if (expected_import_ret == 0) { 2383 if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2384 goto exit; 2385 } 2386 } 2387 } 2388 2389 exit: 2390 mbedtls_pk_free(&pk); 2391 psa_destroy_key(old_key_id); 2392 psa_destroy_key(new_key_id); 2393 psa_reset_key_attributes(&attributes); 2394 PSA_DONE(); 2395 } 2396 /* END_CASE */ 2397 2398 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2399 void pk_import_into_psa_fail(int pk_type, int from_pair, 2400 int type_arg, int bits_arg, 2401 int expected_ret) 2402 { 2403 mbedtls_pk_context pk; 2404 mbedtls_pk_init(&pk); 2405 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2406 psa_key_type_t type = type_arg; 2407 size_t bits = bits_arg; 2408 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); 2409 2410 PSA_INIT(); 2411 2412 psa_key_type_t expected_psa_type; 2413 TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2414 &pk, &expected_psa_type), 0); 2415 2416 psa_set_key_type(&attributes, type); 2417 psa_set_key_bits(&attributes, bits); 2418 2419 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 2420 expected_ret); 2421 TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT)); 2422 2423 exit: 2424 psa_destroy_key(key_id); 2425 mbedtls_pk_free(&pk); 2426 psa_reset_key_attributes(&attributes); 2427 PSA_DONE(); 2428 } 2429 /* END_CASE */ 2430 2431 /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 2432 void pk_import_into_psa_opaque(int from_type, int from_bits, 2433 int from_usage, int from_alg, 2434 int to_type, int to_bits, 2435 int to_usage, int to_alg, 2436 int expected_ret) 2437 { 2438 mbedtls_pk_context pk; 2439 mbedtls_pk_init(&pk); 2440 psa_key_attributes_t from_attributes = PSA_KEY_ATTRIBUTES_INIT; 2441 mbedtls_svc_key_id_t from_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2442 psa_key_attributes_t to_attributes = PSA_KEY_ATTRIBUTES_INIT; 2443 mbedtls_svc_key_id_t to_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2444 psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; 2445 2446 PSA_INIT(); 2447 2448 PSA_ASSERT(pk_psa_setup(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE, 2449 MBEDTLS_SVC_KEY_ID_INIT, &from_key_id)); 2450 TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); 2451 2452 psa_set_key_type(&to_attributes, to_type); 2453 psa_set_key_bits(&to_attributes, to_bits); 2454 psa_set_key_usage_flags(&to_attributes, to_usage); 2455 psa_set_key_algorithm(&to_attributes, to_alg); 2456 2457 TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &to_attributes, &to_key_id), 2458 expected_ret); 2459 2460 if (expected_ret == 0) { 2461 PSA_ASSERT(psa_get_key_attributes(to_key_id, &actual_attributes)); 2462 TEST_EQUAL(to_type, psa_get_key_type(&actual_attributes)); 2463 if (to_bits != 0) { 2464 TEST_EQUAL(to_bits, psa_get_key_bits(&actual_attributes)); 2465 } 2466 TEST_EQUAL(to_alg, psa_get_key_algorithm(&actual_attributes)); 2467 psa_key_usage_t expected_usage = to_usage; 2468 if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 2469 expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; 2470 } 2471 if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { 2472 expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 2473 } 2474 TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); 2475 if (!mbedtls_test_key_consistency_psa_pk(to_key_id, &pk)) { 2476 goto exit; 2477 } 2478 } else { 2479 TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); 2480 } 2481 2482 exit: 2483 mbedtls_pk_free(&pk); 2484 psa_destroy_key(from_key_id); 2485 psa_destroy_key(to_key_id); 2486 psa_reset_key_attributes(&from_attributes); 2487 psa_reset_key_attributes(&to_attributes); 2488 psa_reset_key_attributes(&actual_attributes); 2489 PSA_DONE(); 2490 } 2491 /* END_CASE */ 2492 2493 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2494 void pk_copy_from_psa_fail(void) 2495 { 2496 mbedtls_pk_context pk_ctx; 2497 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2498 2499 mbedtls_pk_init(&pk_ctx); 2500 PSA_INIT(); 2501 2502 /* Null pk pointer. */ 2503 TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, NULL), 2504 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2505 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, NULL), 2506 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2507 2508 /* Invalid key ID. */ 2509 TEST_EQUAL(mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), 2510 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2511 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), 2512 MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2513 2514 #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) 2515 pk_psa_setup(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, 2516 PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE, 2517 MBEDTLS_SVC_KEY_ID_INIT, &key_id); 2518 TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2519 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2520 psa_destroy_key(key_id); 2521 #endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ 2522 2523 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) 2524 /* Generate an EC key which cannot be exported. */ 2525 PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 2526 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id)); 2527 TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); 2528 psa_destroy_key(key_id); 2529 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */ 2530 2531 exit: 2532 mbedtls_pk_free(&pk_ctx); 2533 psa_destroy_key(key_id); 2534 PSA_DONE(); 2535 } 2536 /* END_CASE */ 2537 2538 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ 2539 void pk_copy_from_psa_builtin_fail() 2540 { 2541 mbedtls_pk_context pk_ctx; 2542 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2543 2544 mbedtls_pk_init(&pk_ctx); 2545 PSA_INIT(); 2546 2547 PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR, 2548 PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, 2549 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, 2550 PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), 2551 PSA_ALG_NONE, 2552 MBEDTLS_SVC_KEY_ID_INIT, &key_id)); 2553 TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2554 exit: 2555 mbedtls_pk_free(&pk_ctx); 2556 psa_destroy_key(key_id); 2557 PSA_DONE(); 2558 } 2559 /* END_CASE */ 2560 2561 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2562 void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg, 2563 int key_alg_arg) 2564 { 2565 psa_key_type_t key_type = key_type_arg; 2566 psa_algorithm_t key_alg = key_alg_arg; 2567 psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | 2568 PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; 2569 mbedtls_pk_context pk_priv, pk_priv_copy_public, pk_pub, pk_pub_copy_public; 2570 mbedtls_svc_key_id_t priv_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2571 mbedtls_svc_key_id_t pub_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2572 2573 mbedtls_pk_init(&pk_priv); 2574 mbedtls_pk_init(&pk_priv_copy_public); 2575 mbedtls_pk_init(&pk_pub); 2576 mbedtls_pk_init(&pk_pub_copy_public); 2577 PSA_INIT(); 2578 2579 if (key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) { 2580 key_usage |= PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; 2581 } 2582 2583 /* Create both a private key and its public counterpart in PSA. */ 2584 PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2585 key_type, key_usage, key_alg, &priv_key_id)); 2586 pub_key_id = psa_pub_key_from_priv(priv_key_id); 2587 2588 /* Create 4 PK contexts starting from the PSA keys we just created. */ 2589 TEST_EQUAL(mbedtls_pk_copy_from_psa(priv_key_id, &pk_priv), 0); 2590 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(priv_key_id, &pk_priv_copy_public), 0); 2591 TEST_EQUAL(mbedtls_pk_copy_from_psa(pub_key_id, &pk_pub), 0); 2592 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(pub_key_id, &pk_pub_copy_public), 0); 2593 2594 /* Destroy both PSA keys to prove that generated PK contexts are independent 2595 * from them. */ 2596 priv_key_id = psa_copy_and_destroy(priv_key_id); 2597 pub_key_id = psa_copy_and_destroy(pub_key_id); 2598 2599 /* - Check that the generated PK contexts are of the correct type. 2600 * - [Only for RSA] check that the padding mode is correct. 2601 */ 2602 if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) { 2603 TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_ECKEY); 2604 TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_ECKEY); 2605 } else { 2606 TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_RSA); 2607 TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_RSA); 2608 #if defined(MBEDTLS_RSA_C) 2609 mbedtls_rsa_context *rsa_priv = mbedtls_pk_rsa(pk_priv); 2610 mbedtls_rsa_context *rsa_pub = mbedtls_pk_rsa(pk_pub); 2611 if (PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) { 2612 TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V21); 2613 TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V21); 2614 } else { 2615 TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V15); 2616 TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V15); 2617 } 2618 #endif /* MBEDTLS_RSA_C */ 2619 } 2620 2621 /* Check that generated private/public PK contexts form a valid private/public key pair. */ 2622 TEST_EQUAL(mbedtls_pk_check_pair(&pk_pub, &pk_priv, mbedtls_test_rnd_std_rand, NULL), 0); 2623 2624 /* Check consistency between copied PSA keys and generated PK contexts. */ 2625 TEST_EQUAL(mbedtls_test_key_consistency_psa_pk(priv_key_id, &pk_priv), 1); 2626 TEST_EQUAL(mbedtls_test_key_consistency_psa_pk(priv_key_id, &pk_pub), 1); 2627 TEST_EQUAL(mbedtls_test_key_consistency_psa_pk(pub_key_id, &pk_priv), 1); 2628 TEST_EQUAL(mbedtls_test_key_consistency_psa_pk(pub_key_id, &pk_pub), 1); 2629 2630 /* Test that the keys from mbedtls_pk_copy_public_from_psa() are identical 2631 * to the public keys from mbedtls_pk_copy_from_psa(). */ 2632 mbedtls_test_set_step(1); 2633 TEST_ASSERT(pk_public_same(&pk_pub, &pk_priv_copy_public)); 2634 mbedtls_test_set_step(2); 2635 TEST_ASSERT(pk_public_same(&pk_pub, &pk_pub_copy_public)); 2636 2637 exit: 2638 mbedtls_pk_free(&pk_priv); 2639 mbedtls_pk_free(&pk_priv_copy_public); 2640 mbedtls_pk_free(&pk_pub); 2641 mbedtls_pk_free(&pk_pub_copy_public); 2642 psa_destroy_key(priv_key_id); 2643 psa_destroy_key(pub_key_id); 2644 PSA_DONE(); 2645 } 2646 /* END_CASE */ 2647 2648 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2649 void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg) 2650 { 2651 psa_key_type_t key_type = key_type_arg; 2652 mbedtls_pk_context pk_from_exportable; 2653 mbedtls_pk_init(&pk_from_exportable); 2654 mbedtls_pk_context pk_from_non_exportable; 2655 mbedtls_pk_init(&pk_from_non_exportable); 2656 mbedtls_pk_context pk_private; 2657 mbedtls_pk_init(&pk_private); 2658 mbedtls_svc_key_id_t non_exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2659 mbedtls_svc_key_id_t exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2660 2661 PSA_INIT(); 2662 2663 PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2664 key_type, 2665 PSA_KEY_USAGE_EXPORT, 2666 PSA_ALG_NONE, 2667 &exportable_key_id)); 2668 PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2669 key_type, 2670 0, 2671 PSA_ALG_NONE, 2672 &non_exportable_key_id)); 2673 2674 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(exportable_key_id, 2675 &pk_from_exportable), 0); 2676 TEST_EQUAL(mbedtls_pk_copy_public_from_psa(non_exportable_key_id, 2677 &pk_from_non_exportable), 0); 2678 2679 /* Check that the non-exportable key really is non-exportable */ 2680 TEST_EQUAL(mbedtls_pk_copy_from_psa(non_exportable_key_id, &pk_private), 2681 MBEDTLS_ERR_PK_TYPE_MISMATCH); 2682 2683 psa_destroy_key(exportable_key_id); 2684 psa_destroy_key(non_exportable_key_id); 2685 2686 /* The goal of this test function is mostly to check that 2687 * mbedtls_pk_copy_public_from_psa works with a non-exportable key pair. 2688 * We check that the resulting key is the same as for an exportable 2689 * key pair. We rely on pk_copy_from_psa_success tests to validate that 2690 * the result is correct. */ 2691 TEST_ASSERT(pk_public_same(&pk_from_non_exportable, &pk_from_exportable)); 2692 2693 exit: 2694 mbedtls_pk_free(&pk_from_non_exportable); 2695 mbedtls_pk_free(&pk_from_exportable); 2696 mbedtls_pk_free(&pk_private); 2697 psa_destroy_key(exportable_key_id); 2698 psa_destroy_key(non_exportable_key_id); 2699 PSA_DONE(); 2700 } 2701 /* END_CASE */