From aed87994dad43cdedb0be9c90749851038a46ebf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 4 Jul 2023 19:58:43 +0200 Subject: [PATCH] test: verify that Montgomery keys can be fixed on parsing Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 2 +- tests/suites/test_suite_pkparse.function | 37 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 91a43a6a8..432ddc910 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1198,7 +1198,7 @@ pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 -pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":0 +pk_parse_fix_x25519:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f" Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index fd098b043..9361f53ea 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -3,6 +3,7 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/ecp.h" +#include "mbedtls/psa_util.h" #include "pk_internal.h" /* END_HEADER */ @@ -148,3 +149,39 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ +void pk_parse_fix_x25519(data_t *input_key, data_t *exp_output) +{ + /* Montgomery keys have specific bits set to either 0 or 1 depending on + * their position. This is enforced during parsing (please see the implementation + * of mbedtls_ecp_read_key() for more details). The scope of this function + * is to verify this enforcing by feeding the parse algorithm with a x25519 + * key which does not have those bits set properly. */ + mbedtls_pk_context pk; + unsigned char *output_key = NULL; + size_t output_key_len = 0; + + mbedtls_pk_init(&pk); + USE_PSA_INIT(); + + TEST_EQUAL(mbedtls_pk_parse_key(&pk, input_key->x, input_key->len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL), 0); + + output_key_len = input_key->len; + ASSERT_ALLOC(output_key, output_key_len); + /* output_key_len is updated with the real amount of data written to + * output_key buffer. */ + output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); + TEST_ASSERT(output_key_len > 0); + + ASSERT_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); + +exit: + if (output_key != NULL) { + mbedtls_free(output_key); + } + mbedtls_pk_free(&pk); + USE_PSA_DONE(); +} +/* END_CASE */