mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-04 10:03:48 +01:00
69baf70984
It's better for names in the API to describe the "what" (opaque keys) rather than the "how" (using PSA), at least since we don't intend to have multiple function doing the same "what" in different ways in the foreseeable future.
824 lines
28 KiB
Plaintext
824 lines
28 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/pk.h"
|
|
|
|
/* For error codes */
|
|
#include "mbedtls/ecp.h"
|
|
#include "mbedtls/rsa.h"
|
|
|
|
#include <limits.h>
|
|
#include <stdint.h>
|
|
|
|
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
|
|
|
#define RSA_KEY_SIZE 512
|
|
#define RSA_KEY_LEN 64
|
|
|
|
static int pk_genkey( mbedtls_pk_context *pk )
|
|
{
|
|
((void) pk);
|
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
|
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
|
|
return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_C)
|
|
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
|
|
mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
|
|
mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA )
|
|
{
|
|
int ret;
|
|
if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp,
|
|
MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 )
|
|
return( ret );
|
|
|
|
return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
|
|
&mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
|
|
}
|
|
#endif
|
|
return( -1 );
|
|
}
|
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
|
const unsigned char *input, unsigned char *output,
|
|
size_t output_max_len )
|
|
{
|
|
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
|
|
rnd_std_rand, NULL, mode, olen,
|
|
input, output, output_max_len ) );
|
|
}
|
|
int mbedtls_rsa_sign_func( void *ctx,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
|
const unsigned char *hash, unsigned char *sig )
|
|
{
|
|
((void) f_rng);
|
|
((void) p_rng);
|
|
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
|
|
md_alg, hashlen, hash, sig ) );
|
|
}
|
|
size_t mbedtls_rsa_key_len_func( void *ctx )
|
|
{
|
|
return( ((const mbedtls_rsa_context *) ctx)->len );
|
|
}
|
|
#endif /* MBEDTLS_RSA_C */
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
#include "mbedtls/psa_util.h"
|
|
|
|
#define PK_PSA_INVALID_SLOT 0 /* guaranteed invalid */
|
|
|
|
/*
|
|
* Generate a key in a free key slot and return this key slot,
|
|
* or PK_PSA_INVALID_SLOT if no slot was available.
|
|
* The key uses NIST P-256 and is usable for signing with SHA-256.
|
|
*/
|
|
psa_key_slot_t pk_psa_genkey( void )
|
|
{
|
|
psa_key_slot_t key;
|
|
|
|
const int curve = PSA_ECC_CURVE_SECP256R1;
|
|
const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEYPAIR(curve);
|
|
const size_t bits = 256;
|
|
psa_key_policy_t policy;
|
|
|
|
/* find a free key slot */
|
|
if( PSA_SUCCESS != mbedtls_psa_get_free_key_slot( &key ) )
|
|
return( PK_PSA_INVALID_SLOT );
|
|
|
|
/* set up policy on key slot */
|
|
psa_key_policy_init( &policy );
|
|
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
|
|
PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
|
|
if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
|
|
return( PK_PSA_INVALID_SLOT );
|
|
|
|
/* generate key */
|
|
if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
|
|
return( PK_PSA_INVALID_SLOT );
|
|
|
|
return( key );
|
|
}
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PK_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
|
void pk_psa_utils( )
|
|
{
|
|
mbedtls_pk_context pk, pk2;
|
|
psa_key_slot_t key;
|
|
|
|
const char * const name = "Opaque";
|
|
const size_t bitlen = 256; /* harcoded in genkey() */
|
|
|
|
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
|
|
unsigned char b1[1], b2[1];
|
|
size_t len;
|
|
mbedtls_pk_debug_item dbg;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
mbedtls_pk_init( &pk2 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) ==
|
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
mbedtls_pk_free( &pk );
|
|
mbedtls_pk_init( &pk );
|
|
|
|
key = pk_psa_genkey();
|
|
TEST_ASSERT( key != 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE );
|
|
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
|
|
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
|
|
|
|
/* unsupported operations: verify, decrypt, encrypt */
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
|
|
b1, sizeof( b1), b2, sizeof( b2 ) )
|
|
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
|
|
b2, &len, sizeof( b2 ),
|
|
NULL, NULL )
|
|
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
|
|
b2, &len, sizeof( b2 ),
|
|
NULL, NULL )
|
|
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
|
|
|
|
/* unsupported functions: check_pair, debug */
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk2,
|
|
mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
|
|
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
|
|
TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
|
|
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
|
|
|
|
/* test that freeing the context does not destroy the key */
|
|
mbedtls_pk_free( &pk );
|
|
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk ); /* redundant except upon error */
|
|
mbedtls_pk_free( &pk2 );
|
|
}
|
|
/* END_CASE */
|
|
|
|
|
|
/* BEGIN_CASE */
|
|
void pk_utils( int type, int size, int len, char * name )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
|
|
|
TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type );
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) );
|
|
TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) size );
|
|
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len );
|
|
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
|
|
void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
|
|
{
|
|
mbedtls_pk_context pub, prv, alt;
|
|
|
|
mbedtls_pk_init( &pub );
|
|
mbedtls_pk_init( &prv );
|
|
mbedtls_pk_init( &alt );
|
|
|
|
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret );
|
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
|
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
|
|
{
|
|
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
|
|
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
|
|
mbedtls_rsa_key_len_func ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
|
|
}
|
|
#endif
|
|
|
|
mbedtls_pk_free( &pub );
|
|
mbedtls_pk_free( &prv );
|
|
mbedtls_pk_free( &alt );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
|
|
int radix_N, char * input_N, int radix_E,
|
|
char * input_E, data_t * result_str,
|
|
int result )
|
|
{
|
|
unsigned char hash_result[1000];
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
mbedtls_pk_restart_ctx *rs_ctx = NULL;
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_ctx ctx;
|
|
|
|
rs_ctx = &ctx;
|
|
mbedtls_pk_restart_init( rs_ctx );
|
|
// this setting would ensure restart would happen if ECC was used
|
|
mbedtls_ecp_set_max_ops( 1 );
|
|
#endif
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash_result, 0x00, 1000 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
|
|
if( mbedtls_md_info_from_type( digest ) != NULL )
|
|
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
|
|
result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0,
|
|
result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result );
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_free( rs_ctx );
|
|
#endif
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
|
|
int mod, int radix_N, char * input_N,
|
|
int radix_E, char * input_E,
|
|
data_t * result_str, int pk_type,
|
|
int mgf1_hash_id, int salt_len, int result )
|
|
{
|
|
unsigned char hash_result[1000];
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
mbedtls_pk_rsassa_pss_options pss_opts;
|
|
void *options;
|
|
size_t hash_len;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash_result, 0x00, 1000 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
|
|
if( digest != MBEDTLS_MD_NONE )
|
|
{
|
|
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
|
|
message_str->x, message_str->len, hash_result ) == 0 );
|
|
hash_len = 0;
|
|
}
|
|
else
|
|
{
|
|
memcpy( hash_result, message_str->x, message_str->len );
|
|
hash_len = message_str->len;
|
|
}
|
|
|
|
if( mgf1_hash_id < 0 )
|
|
{
|
|
options = NULL;
|
|
}
|
|
else
|
|
{
|
|
options = &pss_opts;
|
|
|
|
pss_opts.mgf1_hash_id = mgf1_hash_id;
|
|
pss_opts.expected_salt_len = salt_len;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
|
|
digest, hash_result, hash_len,
|
|
result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
|
|
void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
|
|
data_t * sig, int ret )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
mbedtls_ecp_keypair *eckey;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) );
|
|
eckey = mbedtls_pk_ec( pk );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
|
|
key->x, key->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE,
|
|
hash->x, hash->len, sig->x, sig->len ) == ret );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
|
char *QX_str, char *QY_str,
|
|
int md_alg, char *msg, char *sig_str,
|
|
int max_ops, int min_restart, int max_restart )
|
|
{
|
|
int ret, cnt_restart;
|
|
mbedtls_pk_restart_ctx rs_ctx;
|
|
mbedtls_pk_context prv, pub;
|
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
|
unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
|
|
size_t hlen, slen, slen_check;
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
mbedtls_pk_restart_init( &rs_ctx );
|
|
mbedtls_pk_init( &prv );
|
|
mbedtls_pk_init( &pub );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0, sizeof( sig ) );
|
|
memset( sig_check, 0, sizeof( sig_check ) );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
|
|
|
|
slen_check = unhexify( sig_check, sig_str );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
TEST_ASSERT( md_info != NULL );
|
|
|
|
hlen = mbedtls_md_get_size( md_info );
|
|
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
slen = sizeof( sig );
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
|
sig, &slen, NULL, NULL, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( slen == slen_check );
|
|
TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
|
|
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
hash[0]++;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret != 0 );
|
|
sig[0]--;
|
|
|
|
/* Do we leak memory when aborting? try verify then sign
|
|
* This test only makes sense when we actually restart */
|
|
if( min_restart > 0 )
|
|
{
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
mbedtls_pk_restart_free( &rs_ctx );
|
|
|
|
slen = sizeof( sig );
|
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
|
sig, &slen, NULL, NULL, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_restart_free( &rs_ctx );
|
|
mbedtls_pk_free( &prv );
|
|
mbedtls_pk_free( &pub );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
|
void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
unsigned char hash[50], sig[5000];
|
|
size_t sig_len;
|
|
void *rs_ctx = NULL;
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_ctx ctx;
|
|
|
|
rs_ctx = &ctx;
|
|
mbedtls_pk_restart_init( rs_ctx );
|
|
/* This value is large enough that the operation will complete in one run.
|
|
* See comments at the top of ecp_test_vect_restart in
|
|
* test_suite_ecp.function for estimates of operation counts. */
|
|
mbedtls_ecp_set_max_ops( 42000 );
|
|
#endif
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, &sig_len,
|
|
rnd_std_rand, NULL, rs_ctx ) == sign_ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
|
|
|
if( verify_ret == 0 )
|
|
{
|
|
hash[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) != 0 );
|
|
sig[0]--;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
|
|
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
|
|
|
|
if( verify_ret == 0 )
|
|
{
|
|
hash[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
|
sig[0]--;
|
|
}
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_free( rs_ctx );
|
|
#endif
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
|
|
char * input_N, int radix_E, char * input_E,
|
|
data_t * result, int ret )
|
|
{
|
|
unsigned char output[1000];
|
|
rnd_pseudo_info rnd_info;
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
size_t olen;
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
memset( output, 0, sizeof( output ) );
|
|
|
|
|
|
mbedtls_pk_init( &pk );
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
TEST_ASSERT( olen == result->len );
|
|
TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
|
|
char * input_P, int radix_Q, char * input_Q,
|
|
int radix_N, char * input_N, int radix_E,
|
|
char * input_E, data_t * clear, int ret )
|
|
{
|
|
unsigned char output[1000];
|
|
rnd_pseudo_info rnd_info;
|
|
mbedtls_mpi N, P, Q, E;
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
size_t olen;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
|
|
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
|
|
|
|
/* init pk-rsa context */
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
/* load public key */
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
|
|
|
/* load private key */
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
|
|
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
|
|
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
|
|
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
|
|
|
|
/* decryption test */
|
|
memset( output, 0, sizeof( output ) );
|
|
olen = 0;
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
if( ret == 0 )
|
|
{
|
|
TEST_ASSERT( olen == clear->len );
|
|
TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
|
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void pk_ec_nocrypt( int type )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
unsigned char output[100];
|
|
unsigned char input[100];
|
|
rnd_pseudo_info rnd_info;
|
|
size_t olen = 0;
|
|
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
memset( output, 0, sizeof( output ) );
|
|
memset( input, 0, sizeof( input ) );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ),
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ),
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_overflow( )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
|
|
unsigned char hash[50], sig[100];
|
|
|
|
if( SIZE_MAX <= UINT_MAX )
|
|
return;
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk,
|
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
|
|
#if defined(MBEDTLS_PKCS1_V21)
|
|
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
|
|
MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
|
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* MBEDTLS_PKCS1_V21 */
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
|
|
sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
|
|
rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
|
|
void pk_rsa_alt( )
|
|
{
|
|
/*
|
|
* An rsa_alt context can only do private operations (decrypt, sign).
|
|
* Test it against the public operations (encrypt, verify) of a
|
|
* corresponding rsa context.
|
|
*/
|
|
mbedtls_rsa_context raw;
|
|
mbedtls_pk_context rsa, alt;
|
|
mbedtls_pk_debug_item dbg_items[10];
|
|
unsigned char hash[50], sig[1000];
|
|
unsigned char msg[50], ciph[1000], test[1000];
|
|
size_t sig_len, ciph_len, test_len;
|
|
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
|
|
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
memset( msg, 0x2a, sizeof msg );
|
|
memset( ciph, 0, sizeof ciph );
|
|
memset( test, 0, sizeof test );
|
|
|
|
/* Initiliaze PK RSA context with random key */
|
|
TEST_ASSERT( mbedtls_pk_setup( &rsa,
|
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &rsa ) == 0 );
|
|
|
|
/* Extract key to the raw rsa context */
|
|
TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
|
|
|
|
/* Initialize PK RSA_ALT context */
|
|
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw,
|
|
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
|
|
|
|
/* Test administrative functions */
|
|
TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) );
|
|
TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE );
|
|
TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN );
|
|
TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT );
|
|
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 );
|
|
|
|
/* Test signature */
|
|
#if SIZE_MAX > UINT_MAX
|
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
|
|
sig, &sig_len, rnd_std_rand, NULL ) ==
|
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
|
|
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( sig_len == RSA_KEY_LEN );
|
|
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
|
|
hash, sizeof hash, sig, sig_len ) == 0 );
|
|
|
|
/* Test decrypt */
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
|
|
ciph, &ciph_len, sizeof ciph,
|
|
rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
|
|
test, &test_len, sizeof test,
|
|
rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( test_len == sizeof msg );
|
|
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
|
|
|
|
/* Test forbidden operations */
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
|
|
ciph, &ciph_len, sizeof ciph,
|
|
rnd_std_rand, NULL ) == ret );
|
|
TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
|
|
hash, sizeof hash, sig, sig_len ) == ret );
|
|
TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
|
|
|
|
exit:
|
|
mbedtls_rsa_free( &raw );
|
|
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
|
void pk_psa_sign( )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
psa_key_slot_t key;
|
|
unsigned char hash[50], sig[100], pkey[100];
|
|
size_t sig_len, klen = 0;
|
|
|
|
/*
|
|
* This tests making signatures with a wrapped PSA key:
|
|
* - generate a fresh PSA key
|
|
* - wrap it in a PK context and make a signature this way
|
|
* - extract the public key
|
|
* - parse it to a PK context and verify the signature this way
|
|
*/
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
memset( pkey, 0, sizeof pkey );
|
|
|
|
key = pk_psa_genkey();
|
|
TEST_ASSERT( key != 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, &sig_len,
|
|
NULL, NULL ) == 0 );
|
|
|
|
mbedtls_pk_free( &pk );
|
|
|
|
TEST_ASSERT( PSA_SUCCESS == psa_export_public_key(
|
|
key, pkey, sizeof( pkey ), &klen ) );
|
|
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey, klen ) == 0 );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|