Add RNG params to private key parsing

This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-15 11:29:26 +02:00 · 2021-06-15 11:29:26 +02:00 · 84dea01f36
commit 84dea01f36
parent 39be1410fd
25 changed files with 175 additions and 121 deletions
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@ -360,7 +360,23 @@ int main( void )
    mbedtls_entropy_init( &entropy );

    /*
-     * 1. Load the certificates and private RSA key
+     * 1a. Seed the random number generator
+     */
+    mbedtls_printf( "  . Seeding the random number generator..." );
+
+    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+                               (const unsigned char *) pers,
+                               strlen( pers ) ) ) != 0 )
+    {
+        mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                ( unsigned int ) -ret );
+        goto exit;
+    }
+
+    mbedtls_printf( " ok\n" );
+
+    /*
+     * 1b. Load the certificates and private RSA key
     */
    mbedtls_printf( "\n  . Loading the server cert. and key..." );
    fflush( stdout );
@ -388,7 +404,8 @@ int main( void )

    mbedtls_pk_init( &pkey );
    ret =  mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
-                         mbedtls_test_srv_key_len, NULL, 0 );
+                         mbedtls_test_srv_key_len, NULL, 0,
+                         mbedtls_ctr_drbg_random, &ctr_drbg );
    if( ret != 0 )
    {
        mbedtls_printf( " failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret );
@ -397,22 +414,6 @@ int main( void )

    mbedtls_printf( " ok\n" );

-    /*
-     * 1b. Seed the random number generator
-     */
-    mbedtls_printf( "  . Seeding the random number generator..." );
-
-    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
-    {
-        mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                ( unsigned int ) -ret );
-        goto exit;
-    }
-
-    mbedtls_printf( " ok\n" );
-
    /*
     * 1c. Prepare SSL configuration
     */