mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 19:45:33 +00:00
da19f4c79f
Summary of merge conflicts: include/mbedtls/ecdh.h -> documentation style include/mbedtls/ecdsa.h -> documentation style include/mbedtls/ecp.h -> alt style, new error codes, documentation style include/mbedtls/error.h -> new error codes library/error.c -> new error codes (generated anyway) library/ecp.c: - code of an extracted function was changed library/ssl_cli.c: - code addition on one side near code change on the other side (ciphersuite validation) library/x509_crt.c -> various things - top fo file: helper structure added near old zeroize removed - documentation of find_parent_in()'s signature: improved on one side, added arguments on the other side - documentation of find_parent()'s signature: same as above - verify_chain(): variables initialised later to give compiler an opportunity to warn us if not initialised on a code path - find_parent(): funcion structure completely changed, for some reason git tried to insert a paragraph of the old structure... - merge_flags_with_cb(): data structure changed, one line was fixed with a cast to keep MSVC happy, this cast is already in the new version - in verify_restratable(): adjacent independent changes (function signature on one line, variable type on the next) programs/ssl/ssl_client2.c: - testing for IN_PROGRESS return code near idle() (event-driven): don't wait for data in the the socket if ECP_IN_PROGRESS tests/data_files/Makefile: adjacent independent additions tests/suites/test_suite_ecdsa.data: adjacent independent additions tests/suites/test_suite_x509parse.data: adjacent independent additions * development: (1059 commits) Change symlink to hardlink to avoid permission issues Fix out-of-tree testing symlinks on Windows Updated version number to 2.10.0 for release Add a disabled CMAC define in the no-entropy configuration Adapt the ARIA test cases for new ECB function Fix file permissions for ssl.h Add ChangeLog entry for PR#1651 Fix MicroBlaze register typo. Fix typo in doc and copy missing warning Fix edit mistake in cipher_wrap.c Update CTR doc for the 64-bit block cipher Update CTR doc for other 128-bit block ciphers Slightly tune ARIA CTR documentation Remove double declaration of mbedtls_ssl_list_ciphersuites Update CTR documentation Use zeroize function from new platform_util Move to new header style for ALT implementations Add ifdef for selftest in header file Fix typo in comments Use more appropriate type for local variable ...
694 lines
24 KiB
Plaintext
694 lines
24 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/pk.h"
|
|
|
|
/* For error codes */
|
|
#include "mbedtls/ecp.h"
|
|
#include "mbedtls/rsa.h"
|
|
|
|
#include <limits.h>
|
|
#include <stdint.h>
|
|
|
|
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
|
|
|
#define RSA_KEY_SIZE 512
|
|
#define RSA_KEY_LEN 64
|
|
|
|
static int pk_genkey( mbedtls_pk_context *pk )
|
|
{
|
|
((void) pk);
|
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
|
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
|
|
return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_C)
|
|
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
|
|
mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
|
|
mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA )
|
|
{
|
|
int ret;
|
|
if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp,
|
|
MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 )
|
|
return( ret );
|
|
|
|
return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
|
|
&mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
|
|
}
|
|
#endif
|
|
return( -1 );
|
|
}
|
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
|
const unsigned char *input, unsigned char *output,
|
|
size_t output_max_len )
|
|
{
|
|
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
|
|
rnd_std_rand, NULL, mode, olen,
|
|
input, output, output_max_len ) );
|
|
}
|
|
int mbedtls_rsa_sign_func( void *ctx,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
|
const unsigned char *hash, unsigned char *sig )
|
|
{
|
|
((void) f_rng);
|
|
((void) p_rng);
|
|
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
|
|
md_alg, hashlen, hash, sig ) );
|
|
}
|
|
size_t mbedtls_rsa_key_len_func( void *ctx )
|
|
{
|
|
return( ((const mbedtls_rsa_context *) ctx)->len );
|
|
}
|
|
#endif /* MBEDTLS_RSA_C */
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PK_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void pk_utils( int type, int size, int len, char *name )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
|
|
|
TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type );
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) );
|
|
TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) size );
|
|
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len );
|
|
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
|
|
void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret )
|
|
{
|
|
mbedtls_pk_context pub, prv, alt;
|
|
|
|
mbedtls_pk_init( &pub );
|
|
mbedtls_pk_init( &prv );
|
|
mbedtls_pk_init( &alt );
|
|
|
|
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret );
|
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
|
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
|
|
{
|
|
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
|
|
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
|
|
mbedtls_rsa_key_len_func ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
|
|
}
|
|
#endif
|
|
|
|
mbedtls_pk_free( &pub );
|
|
mbedtls_pk_free( &prv );
|
|
mbedtls_pk_free( &alt );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
|
|
int mod, int radix_N, char *input_N, int radix_E,
|
|
char *input_E, char *result_hex_str, int result )
|
|
{
|
|
unsigned char message_str[1000];
|
|
unsigned char hash_result[1000];
|
|
unsigned char result_str[1000];
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
int msg_len;
|
|
mbedtls_pk_restart_ctx *rs_ctx = NULL;
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_ctx ctx;
|
|
|
|
rs_ctx = &ctx;
|
|
mbedtls_pk_restart_init( rs_ctx );
|
|
mbedtls_ecp_set_max_ops( 42 );
|
|
#endif
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( message_str, 0x00, 1000 );
|
|
memset( hash_result, 0x00, 1000 );
|
|
memset( result_str, 0x00, 1000 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
msg_len = unhexify( message_str, message_hex_string );
|
|
unhexify( result_str, result_hex_str );
|
|
|
|
if( mbedtls_md_info_from_type( digest ) != NULL )
|
|
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
|
|
result_str, mbedtls_pk_get_len( &pk ) ) == result );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0,
|
|
result_str, mbedtls_pk_get_len( &pk ), rs_ctx ) == result );
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_free( rs_ctx );
|
|
#endif
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
|
|
int mod, int radix_N, char *input_N, int radix_E,
|
|
char *input_E, char *result_hex_str,
|
|
int pk_type, int mgf1_hash_id, int salt_len,
|
|
int result )
|
|
{
|
|
unsigned char message_str[1000];
|
|
unsigned char hash_result[1000];
|
|
unsigned char result_str[1000];
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
mbedtls_pk_rsassa_pss_options pss_opts;
|
|
void *options;
|
|
int msg_len;
|
|
size_t hash_len;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( message_str, 0x00, 1000 );
|
|
memset( hash_result, 0x00, 1000 );
|
|
memset( result_str, 0x00, 1000 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
msg_len = unhexify( message_str, message_hex_string );
|
|
unhexify( result_str, result_hex_str );
|
|
|
|
if( digest != MBEDTLS_MD_NONE )
|
|
{
|
|
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
|
|
message_str, msg_len, hash_result ) == 0 );
|
|
hash_len = 0;
|
|
}
|
|
else
|
|
{
|
|
memcpy( hash_result, message_str, msg_len );
|
|
hash_len = msg_len;
|
|
}
|
|
|
|
if( mgf1_hash_id < 0 )
|
|
{
|
|
options = NULL;
|
|
}
|
|
else
|
|
{
|
|
options = &pss_opts;
|
|
|
|
pss_opts.mgf1_hash_id = mgf1_hash_id;
|
|
pss_opts.expected_salt_len = salt_len;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
|
|
digest, hash_result, hash_len,
|
|
result_str, mbedtls_pk_get_len( &pk ) ) == result );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
|
|
void pk_ec_test_vec( int type, int id, char *key_str,
|
|
char *hash_str, char * sig_str, int ret )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
mbedtls_ecp_keypair *eckey;
|
|
unsigned char hash[100], sig[500], key[500];
|
|
size_t hash_len, sig_len, key_len;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash, 0, sizeof( hash ) ); hash_len = unhexify(hash, hash_str);
|
|
memset( sig, 0, sizeof( sig ) ); sig_len = unhexify(sig, sig_str);
|
|
memset( key, 0, sizeof( key ) ); key_len = unhexify(key, key_str);
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) );
|
|
eckey = mbedtls_pk_ec( pk );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
|
|
key, key_len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE,
|
|
hash, hash_len, sig, sig_len ) == ret );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
|
char *QX_str, char *QY_str,
|
|
int md_alg, char *msg, char *sig_str,
|
|
int max_ops, int min_restart, int max_restart )
|
|
{
|
|
int ret, cnt_restart;
|
|
mbedtls_pk_restart_ctx rs_ctx;
|
|
mbedtls_pk_context prv, pub;
|
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
|
unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
|
|
size_t hlen, slen, slen_check;
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
mbedtls_pk_restart_init( &rs_ctx );
|
|
mbedtls_pk_init( &prv );
|
|
mbedtls_pk_init( &pub );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0, sizeof( sig ) );
|
|
memset( sig_check, 0, sizeof( sig_check ) );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
|
|
|
|
slen_check = unhexify( sig_check, sig_str );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
TEST_ASSERT( md_info != NULL );
|
|
|
|
hlen = mbedtls_md_get_size( md_info );
|
|
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
slen = sizeof( sig );
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
|
sig, &slen, NULL, NULL, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( slen == slen_check );
|
|
TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
|
|
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
hash[0]++;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
do {
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret != 0 );
|
|
sig[0]--;
|
|
|
|
/* Do we leak memory when aborting? try verify then sign
|
|
* This test only makes sense when we actually restart */
|
|
if( min_restart > 0 )
|
|
{
|
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
|
hash, hlen, sig, slen, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
mbedtls_pk_restart_free( &rs_ctx );
|
|
|
|
slen = sizeof( sig );
|
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
|
sig, &slen, NULL, NULL, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_pk_restart_free( &rs_ctx );
|
|
mbedtls_pk_free( &prv );
|
|
mbedtls_pk_free( &pub );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
|
void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
unsigned char hash[50], sig[5000];
|
|
size_t sig_len;
|
|
void *rs_ctx = NULL;
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_ctx ctx;
|
|
|
|
rs_ctx = &ctx;
|
|
mbedtls_pk_restart_init( rs_ctx );
|
|
mbedtls_ecp_set_max_ops( 42000 );
|
|
#endif
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, &sig_len,
|
|
rnd_std_rand, NULL, rs_ctx ) == sign_ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
|
|
|
if( verify_ret == 0 )
|
|
{
|
|
hash[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len ) != 0 );
|
|
sig[0]--;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
|
|
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
|
|
|
|
if( verify_ret == 0 )
|
|
{
|
|
hash[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
|
hash[0]--;
|
|
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
|
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
|
sig[0]--;
|
|
}
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
mbedtls_pk_restart_free( rs_ctx );
|
|
#endif
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_encrypt_test_vec( char *message_hex, int mod,
|
|
int radix_N, char *input_N,
|
|
int radix_E, char *input_E,
|
|
char *result_hex, int ret )
|
|
{
|
|
unsigned char message[1000];
|
|
unsigned char output[1000];
|
|
unsigned char result[1000];
|
|
size_t msg_len, olen, res_len;
|
|
rnd_pseudo_info rnd_info;
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
memset( message, 0, sizeof( message ) );
|
|
memset( output, 0, sizeof( output ) );
|
|
memset( result, 0, sizeof( result ) );
|
|
|
|
msg_len = unhexify( message, message_hex );
|
|
res_len = unhexify( result, result_hex );
|
|
|
|
mbedtls_pk_init( &pk );
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
rsa->len = mod / 8;
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message, msg_len,
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
TEST_ASSERT( olen == res_len );
|
|
TEST_ASSERT( memcmp( output, result, olen ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod,
|
|
int radix_P, char *input_P,
|
|
int radix_Q, char *input_Q,
|
|
int radix_N, char *input_N,
|
|
int radix_E, char *input_E,
|
|
char *clear_hex, int ret )
|
|
{
|
|
unsigned char clear[1000];
|
|
unsigned char output[1000];
|
|
unsigned char cipher[1000];
|
|
size_t clear_len, olen, cipher_len;
|
|
rnd_pseudo_info rnd_info;
|
|
mbedtls_mpi N, P, Q, E;
|
|
mbedtls_rsa_context *rsa;
|
|
mbedtls_pk_context pk;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
|
|
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
memset( clear, 0, sizeof( clear ) );
|
|
memset( cipher, 0, sizeof( cipher ) );
|
|
|
|
clear_len = unhexify( clear, clear_hex );
|
|
cipher_len = unhexify( cipher, cipher_hex );
|
|
|
|
/* init pk-rsa context */
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
rsa = mbedtls_pk_rsa( pk );
|
|
|
|
/* load public key */
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
|
|
|
/* load private key */
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
|
|
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
|
|
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
|
|
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
|
|
|
|
/* decryption test */
|
|
memset( output, 0, sizeof( output ) );
|
|
olen = 0;
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher, cipher_len,
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
if( ret == 0 )
|
|
{
|
|
TEST_ASSERT( olen == clear_len );
|
|
TEST_ASSERT( memcmp( output, clear, olen ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
|
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void pk_ec_nocrypt( int type )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
unsigned char output[100];
|
|
unsigned char input[100];
|
|
rnd_pseudo_info rnd_info;
|
|
size_t olen = 0;
|
|
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
|
|
memset( output, 0, sizeof( output ) );
|
|
memset( input, 0, sizeof( input ) );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ),
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ),
|
|
output, &olen, sizeof( output ),
|
|
rnd_pseudo_rand, &rnd_info ) == ret );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
|
void pk_rsa_overflow( )
|
|
{
|
|
mbedtls_pk_context pk;
|
|
size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
|
|
unsigned char hash[50], sig[100];
|
|
|
|
if( SIZE_MAX <= UINT_MAX )
|
|
return;
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
|
|
mbedtls_pk_init( &pk );
|
|
|
|
TEST_ASSERT( mbedtls_pk_setup( &pk,
|
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
|
|
#if defined(MBEDTLS_PKCS1_V21)
|
|
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
|
|
MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
|
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* MBEDTLS_PKCS1_V21 */
|
|
|
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
|
|
sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
|
|
rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
exit:
|
|
mbedtls_pk_free( &pk );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
|
|
void pk_rsa_alt( )
|
|
{
|
|
/*
|
|
* An rsa_alt context can only do private operations (decrypt, sign).
|
|
* Test it against the public operations (encrypt, verify) of a
|
|
* corresponding rsa context.
|
|
*/
|
|
mbedtls_rsa_context raw;
|
|
mbedtls_pk_context rsa, alt;
|
|
mbedtls_pk_debug_item dbg_items[10];
|
|
unsigned char hash[50], sig[1000];
|
|
unsigned char msg[50], ciph[1000], test[1000];
|
|
size_t sig_len, ciph_len, test_len;
|
|
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
|
|
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
|
|
|
|
memset( hash, 0x2a, sizeof hash );
|
|
memset( sig, 0, sizeof sig );
|
|
memset( msg, 0x2a, sizeof msg );
|
|
memset( ciph, 0, sizeof ciph );
|
|
memset( test, 0, sizeof test );
|
|
|
|
/* Initiliaze PK RSA context with random key */
|
|
TEST_ASSERT( mbedtls_pk_setup( &rsa,
|
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
|
TEST_ASSERT( pk_genkey( &rsa ) == 0 );
|
|
|
|
/* Extract key to the raw rsa context */
|
|
TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
|
|
|
|
/* Initialize PK RSA_ALT context */
|
|
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw,
|
|
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
|
|
|
|
/* Test administrative functions */
|
|
TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) );
|
|
TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE );
|
|
TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN );
|
|
TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT );
|
|
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 );
|
|
|
|
/* Test signature */
|
|
#if SIZE_MAX > UINT_MAX
|
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
|
|
sig, &sig_len, rnd_std_rand, NULL ) ==
|
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
|
|
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( sig_len == RSA_KEY_LEN );
|
|
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
|
|
hash, sizeof hash, sig, sig_len ) == 0 );
|
|
|
|
/* Test decrypt */
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
|
|
ciph, &ciph_len, sizeof ciph,
|
|
rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
|
|
test, &test_len, sizeof test,
|
|
rnd_std_rand, NULL ) == 0 );
|
|
TEST_ASSERT( test_len == sizeof msg );
|
|
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
|
|
|
|
/* Test forbidden operations */
|
|
TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
|
|
ciph, &ciph_len, sizeof ciph,
|
|
rnd_std_rand, NULL ) == ret );
|
|
TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
|
|
hash, sizeof hash, sig, sig_len ) == ret );
|
|
TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
|
|
|
|
exit:
|
|
mbedtls_rsa_free( &raw );
|
|
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
|
|
}
|
|
/* END_CASE */
|