1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/pk.h" 3*62c56f98SSadaf Ebrahimi#include "mbedtls/pem.h" 4*62c56f98SSadaf Ebrahimi#include "mbedtls/oid.h" 5*62c56f98SSadaf Ebrahimi#include "mbedtls/ecp.h" 6*62c56f98SSadaf Ebrahimi#include "mbedtls/psa_util.h" 7*62c56f98SSadaf Ebrahimi#include "pk_internal.h" 8*62c56f98SSadaf Ebrahimi 9*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 10*62c56f98SSadaf Ebrahimi#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der 11*62c56f98SSadaf Ebrahimi#endif 12*62c56f98SSadaf Ebrahimi 13*62c56f98SSadaf Ebrahimi/* END_HEADER */ 14*62c56f98SSadaf Ebrahimi 15*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 16*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_PK_PARSE_C 17*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 18*62c56f98SSadaf Ebrahimi */ 19*62c56f98SSadaf Ebrahimi 20*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ 21*62c56f98SSadaf Ebrahimivoid pk_parse_keyfile_rsa(char *key_file, char *password, int result) 22*62c56f98SSadaf Ebrahimi{ 23*62c56f98SSadaf Ebrahimi mbedtls_pk_context ctx; 24*62c56f98SSadaf Ebrahimi int res; 25*62c56f98SSadaf Ebrahimi char *pwd = password; 26*62c56f98SSadaf Ebrahimi 27*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&ctx); 28*62c56f98SSadaf Ebrahimi MD_PSA_INIT(); 29*62c56f98SSadaf Ebrahimi 30*62c56f98SSadaf Ebrahimi if (strcmp(pwd, "NULL") == 0) { 31*62c56f98SSadaf Ebrahimi pwd = NULL; 32*62c56f98SSadaf Ebrahimi } 33*62c56f98SSadaf Ebrahimi 34*62c56f98SSadaf Ebrahimi res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd, 35*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_std_rand, NULL); 36*62c56f98SSadaf Ebrahimi 37*62c56f98SSadaf Ebrahimi TEST_ASSERT(res == result); 38*62c56f98SSadaf Ebrahimi 39*62c56f98SSadaf Ebrahimi if (res == 0) { 40*62c56f98SSadaf Ebrahimi mbedtls_rsa_context *rsa; 41*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); 42*62c56f98SSadaf Ebrahimi rsa = mbedtls_pk_rsa(ctx); 43*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0); 44*62c56f98SSadaf Ebrahimi } 45*62c56f98SSadaf Ebrahimi 46*62c56f98SSadaf Ebrahimiexit: 47*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&ctx); 48*62c56f98SSadaf Ebrahimi MD_PSA_DONE(); 49*62c56f98SSadaf Ebrahimi} 50*62c56f98SSadaf Ebrahimi 51*62c56f98SSadaf Ebrahimi/* END_CASE */ 52*62c56f98SSadaf Ebrahimi 53*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */ 54*62c56f98SSadaf Ebrahimivoid pk_parse_public_keyfile_rsa(char *key_file, int result) 55*62c56f98SSadaf Ebrahimi{ 56*62c56f98SSadaf Ebrahimi mbedtls_pk_context ctx; 57*62c56f98SSadaf Ebrahimi int res; 58*62c56f98SSadaf Ebrahimi 59*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&ctx); 60*62c56f98SSadaf Ebrahimi MD_PSA_INIT(); 61*62c56f98SSadaf Ebrahimi 62*62c56f98SSadaf Ebrahimi res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); 63*62c56f98SSadaf Ebrahimi 64*62c56f98SSadaf Ebrahimi TEST_ASSERT(res == result); 65*62c56f98SSadaf Ebrahimi 66*62c56f98SSadaf Ebrahimi if (res == 0) { 67*62c56f98SSadaf Ebrahimi mbedtls_rsa_context *rsa; 68*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); 69*62c56f98SSadaf Ebrahimi rsa = mbedtls_pk_rsa(ctx); 70*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0); 71*62c56f98SSadaf Ebrahimi } 72*62c56f98SSadaf Ebrahimi 73*62c56f98SSadaf Ebrahimiexit: 74*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&ctx); 75*62c56f98SSadaf Ebrahimi MD_PSA_DONE(); 76*62c56f98SSadaf Ebrahimi} 77*62c56f98SSadaf Ebrahimi/* END_CASE */ 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ 80*62c56f98SSadaf Ebrahimivoid pk_parse_public_keyfile_ec(char *key_file, int result) 81*62c56f98SSadaf Ebrahimi{ 82*62c56f98SSadaf Ebrahimi mbedtls_pk_context ctx; 83*62c56f98SSadaf Ebrahimi int res; 84*62c56f98SSadaf Ebrahimi 85*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&ctx); 86*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 87*62c56f98SSadaf Ebrahimi 88*62c56f98SSadaf Ebrahimi res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); 89*62c56f98SSadaf Ebrahimi 90*62c56f98SSadaf Ebrahimi TEST_ASSERT(res == result); 91*62c56f98SSadaf Ebrahimi 92*62c56f98SSadaf Ebrahimi if (res == 0) { 93*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); 94*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 95*62c56f98SSadaf Ebrahimi /* No need to check whether the parsed public point is on the curve or 96*62c56f98SSadaf Ebrahimi * not because this is already done by the internal "pk_get_ecpubkey()" 97*62c56f98SSadaf Ebrahimi * function */ 98*62c56f98SSadaf Ebrahimi#else 99*62c56f98SSadaf Ebrahimi const mbedtls_ecp_keypair *eckey; 100*62c56f98SSadaf Ebrahimi eckey = mbedtls_pk_ec_ro(ctx); 101*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0); 102*62c56f98SSadaf Ebrahimi#endif 103*62c56f98SSadaf Ebrahimi } 104*62c56f98SSadaf Ebrahimi 105*62c56f98SSadaf Ebrahimiexit: 106*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&ctx); 107*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 108*62c56f98SSadaf Ebrahimi} 109*62c56f98SSadaf Ebrahimi/* END_CASE */ 110*62c56f98SSadaf Ebrahimi 111*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ 112*62c56f98SSadaf Ebrahimivoid pk_parse_keyfile_ec(char *key_file, char *password, int result) 113*62c56f98SSadaf Ebrahimi{ 114*62c56f98SSadaf Ebrahimi mbedtls_pk_context ctx; 115*62c56f98SSadaf Ebrahimi int res; 116*62c56f98SSadaf Ebrahimi 117*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&ctx); 118*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 119*62c56f98SSadaf Ebrahimi 120*62c56f98SSadaf Ebrahimi res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, 121*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_std_rand, NULL); 122*62c56f98SSadaf Ebrahimi 123*62c56f98SSadaf Ebrahimi TEST_ASSERT(res == result); 124*62c56f98SSadaf Ebrahimi 125*62c56f98SSadaf Ebrahimi if (res == 0) { 126*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); 127*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_ECP_C) 128*62c56f98SSadaf Ebrahimi const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); 129*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); 130*62c56f98SSadaf Ebrahimi#else 131*62c56f98SSadaf Ebrahimi /* PSA keys are already checked on import so nothing to do here. */ 132*62c56f98SSadaf Ebrahimi#endif 133*62c56f98SSadaf Ebrahimi } 134*62c56f98SSadaf Ebrahimi 135*62c56f98SSadaf Ebrahimiexit: 136*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&ctx); 137*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 138*62c56f98SSadaf Ebrahimi} 139*62c56f98SSadaf Ebrahimi/* END_CASE */ 140*62c56f98SSadaf Ebrahimi 141*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 142*62c56f98SSadaf Ebrahimivoid pk_parse_key(data_t *buf, int result) 143*62c56f98SSadaf Ebrahimi{ 144*62c56f98SSadaf Ebrahimi mbedtls_pk_context pk; 145*62c56f98SSadaf Ebrahimi 146*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&pk); 147*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 148*62c56f98SSadaf Ebrahimi 149*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0, 150*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_std_rand, NULL) == result); 151*62c56f98SSadaf Ebrahimi 152*62c56f98SSadaf Ebrahimiexit: 153*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&pk); 154*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 155*62c56f98SSadaf Ebrahimi} 156*62c56f98SSadaf Ebrahimi/* END_CASE */ 157*62c56f98SSadaf Ebrahimi 158*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */ 159*62c56f98SSadaf Ebrahimivoid pk_parse_key_encrypted(data_t *buf, data_t *pass, int result) 160*62c56f98SSadaf Ebrahimi{ 161*62c56f98SSadaf Ebrahimi mbedtls_pk_context pk; 162*62c56f98SSadaf Ebrahimi 163*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&pk); 164*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 165*62c56f98SSadaf Ebrahimi 166*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len, 167*62c56f98SSadaf Ebrahimi pass->x, pass->len, 168*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_std_rand, 169*62c56f98SSadaf Ebrahimi NULL), result); 170*62c56f98SSadaf Ebrahimiexit: 171*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&pk); 172*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 173*62c56f98SSadaf Ebrahimi} 174*62c56f98SSadaf Ebrahimi/* END_CASE */ 175*62c56f98SSadaf Ebrahimi 176*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */ 177*62c56f98SSadaf Ebrahimivoid pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) 178*62c56f98SSadaf Ebrahimi{ 179*62c56f98SSadaf Ebrahimi /* Montgomery keys have specific bits set to either 0 or 1 depending on 180*62c56f98SSadaf Ebrahimi * their position. This is enforced during parsing (please see the implementation 181*62c56f98SSadaf Ebrahimi * of mbedtls_ecp_read_key() for more details). The scope of this function 182*62c56f98SSadaf Ebrahimi * is to verify this enforcing by feeding the parse algorithm with a x25519 183*62c56f98SSadaf Ebrahimi * key which does not have those bits set properly. */ 184*62c56f98SSadaf Ebrahimi mbedtls_pk_context pk; 185*62c56f98SSadaf Ebrahimi unsigned char *output_key = NULL; 186*62c56f98SSadaf Ebrahimi size_t output_key_len = 0; 187*62c56f98SSadaf Ebrahimi 188*62c56f98SSadaf Ebrahimi mbedtls_pk_init(&pk); 189*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 190*62c56f98SSadaf Ebrahimi 191*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0, 192*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_std_rand, NULL), 0); 193*62c56f98SSadaf Ebrahimi 194*62c56f98SSadaf Ebrahimi output_key_len = input_key->len; 195*62c56f98SSadaf Ebrahimi TEST_CALLOC(output_key, output_key_len); 196*62c56f98SSadaf Ebrahimi /* output_key_len is updated with the real amount of data written to 197*62c56f98SSadaf Ebrahimi * output_key buffer. */ 198*62c56f98SSadaf Ebrahimi output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); 199*62c56f98SSadaf Ebrahimi TEST_ASSERT(output_key_len > 0); 200*62c56f98SSadaf Ebrahimi 201*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); 202*62c56f98SSadaf Ebrahimi 203*62c56f98SSadaf Ebrahimiexit: 204*62c56f98SSadaf Ebrahimi if (output_key != NULL) { 205*62c56f98SSadaf Ebrahimi mbedtls_free(output_key); 206*62c56f98SSadaf Ebrahimi } 207*62c56f98SSadaf Ebrahimi mbedtls_pk_free(&pk); 208*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 209*62c56f98SSadaf Ebrahimi} 210*62c56f98SSadaf Ebrahimi/* END_CASE */ 211