diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b123dc913800..80172e2379e0 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -888,6 +888,57 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +################################################################ +#### Convert PEM keys to DER format +################################################################ +server1.pubkey.der: server1.pubkey + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += server1.pubkey.der + +rsa4096_pub.der: rsa4096_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += rsa4096_pub.der + +ec_pub.der: ec_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_pub.der + +ec_521_pub.der: ec_521_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_521_pub.der + +ec_bp512_pub.der: ec_bp512_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_bp512_pub.der + +server1.key.der: server1.key + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += server1.key.der + +rsa4096_prv.der: rsa4096_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += rsa4096_prv.der + +ec_prv.sec1.der: ec_prv.sec1.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_prv.sec1.der + +ec_256_long_prv.der: ec_256_long_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_256_long_prv.der + +ec_521_prv.der: ec_521_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_prv.der + +ec_521_short_prv.der: ec_521_short_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_short_prv.der + +ec_bp512_prv.der: ec_bp512_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_bp512_prv.der + ################################################################ ### Generate CSRs for X.509 write test suite ################################################################ diff --git a/tests/data_files/ec_256_long_prv.der b/tests/data_files/ec_256_long_prv.der new file mode 100644 index 000000000000..96e329e20ea9 Binary files /dev/null and b/tests/data_files/ec_256_long_prv.der differ diff --git a/tests/data_files/ec_521_prv.der b/tests/data_files/ec_521_prv.der new file mode 100644 index 000000000000..734714aa3201 Binary files /dev/null and b/tests/data_files/ec_521_prv.der differ diff --git a/tests/data_files/ec_521_pub.der b/tests/data_files/ec_521_pub.der new file mode 100644 index 000000000000..5b685deb363d Binary files /dev/null and b/tests/data_files/ec_521_pub.der differ diff --git a/tests/data_files/ec_521_short_prv.der b/tests/data_files/ec_521_short_prv.der new file mode 100644 index 000000000000..0a1f18c32eca Binary files /dev/null and b/tests/data_files/ec_521_short_prv.der differ diff --git a/tests/data_files/ec_bp512_prv.der b/tests/data_files/ec_bp512_prv.der new file mode 100644 index 000000000000..2d9a3de27cc9 Binary files /dev/null and b/tests/data_files/ec_bp512_prv.der differ diff --git a/tests/data_files/ec_bp512_pub.der b/tests/data_files/ec_bp512_pub.der new file mode 100644 index 000000000000..6a8c4c79f841 Binary files /dev/null and b/tests/data_files/ec_bp512_pub.der differ diff --git a/tests/data_files/rsa4096_prv.der b/tests/data_files/rsa4096_prv.der new file mode 100644 index 000000000000..86ea81849a6a Binary files /dev/null and b/tests/data_files/rsa4096_prv.der differ diff --git a/tests/data_files/rsa4096_pub.der b/tests/data_files/rsa4096_pub.der new file mode 100644 index 000000000000..270bf3a01a2b Binary files /dev/null and b/tests/data_files/rsa4096_pub.der differ diff --git a/tests/data_files/server1.key.der b/tests/data_files/server1.key.der new file mode 100644 index 000000000000..88288d1697fb Binary files /dev/null and b/tests/data_files/server1.key.der differ diff --git a/tests/data_files/server1.pubkey.der b/tests/data_files/server1.pubkey.der new file mode 100644 index 000000000000..1a432a45eb80 Binary files /dev/null and b/tests/data_files/server1.pubkey.der differ diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index e0101ccdf559..83bfdcb6de91 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -1,47 +1,95 @@ Public key write check RSA -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/server1.pubkey" +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +pk_write_pubkey_check:"data_files/server1.pubkey":TEST_PEM + +Public key write check RSA (DER) +depends_on:MBEDTLS_RSA_C +pk_write_pubkey_check:"data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_pubkey_check:"data_files/rsa4096_pub.pem" +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +pk_write_pubkey_check:"data_files/rsa4096_pub.pem":TEST_PEM + +Public key write check RSA 4096 (DER) +depends_on:MBEDTLS_RSA_C +pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_pubkey_check:"data_files/ec_pub.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM + +Public key write check EC 192 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_pubkey_check:"data_files/ec_521_pub.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM + +Public key write check EC 521 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER Public key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_pubkey_check:"data_files/ec_bp512_pub.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM + +Public key write check EC Brainpool 512 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER Private key write check RSA -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/server1.key" +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +pk_write_key_check:"data_files/server1.key":TEST_PEM + +Private key write check RSA (DER) +depends_on:MBEDTLS_RSA_C +pk_write_key_check:"data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C -pk_write_key_check:"data_files/rsa4096_prv.pem" +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +pk_write_key_check:"data_files/rsa4096_prv.pem":TEST_PEM + +Private key write check RSA 4096 (DER) +depends_on:MBEDTLS_RSA_C +pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_key_check:"data_files/ec_prv.sec1.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM + +Private key write check EC 192 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER Private key write check EC 256 bits (top bit set) -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_write_key_check:"data_files/ec_256_long_prv.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM + +Private key write check EC 256 bits (top bit set) (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_prv.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM + +Private key write check EC 521 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_key_check:"data_files/ec_521_short_prv.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM + +Private key write check EC 521 bits (top byte is 0) (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER Private key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_key_check:"data_files/ec_bp512_prv.pem" +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM + +Private key write check EC Brainpool 512 bits (DER) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index a49846bcdf99..08ec835e3cd3 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -2,87 +2,121 @@ #include "mbedtls/pk.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" -/* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO - * END_DEPENDENCIES - */ +typedef enum { + TEST_PEM, + TEST_DER +} pkwrite_file_format_t; -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ -void pk_write_pubkey_check(char *key_file) +/* Helper function for removing "\r" chars from a buffer. */ +static void fix_new_lines(unsigned char *in_str, size_t *len) { - mbedtls_pk_context key; - unsigned char buf[5000]; - unsigned char check_buf[5000]; - int ret; - FILE *f; - size_t ilen, pem_len, buf_index; - - memset(buf, 0, sizeof(buf)); - memset(check_buf, 0, sizeof(check_buf)); - - mbedtls_pk_init(&key); - TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0); - - ret = mbedtls_pk_write_pubkey_pem(&key, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); + size_t chars_left; + unsigned int i; + + for (i = 0; (i < *len) && (*len > 0); i++) { + if (in_str[i] == '\r') { + if (i < (*len - 1)) { + chars_left = *len - i - 1; + memmove(&in_str[i], &in_str[i+1], chars_left); + } else { + in_str[i] = '\0'; + } + *len = *len - 1; + } } - - f = fopen(key_file, "r"); - TEST_ASSERT(f != NULL); - ilen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(ilen == pem_len); - TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0); - -exit: - mbedtls_pk_free(&key); } -/* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ -void pk_write_key_check(char *key_file) +static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; - unsigned char buf[5000]; - unsigned char check_buf[5000]; + unsigned char *buf = NULL; + unsigned char *check_buf = NULL; + unsigned char *start_buf; + size_t buf_len, check_buf_len; int ret; - FILE *f; - size_t ilen, pem_len, buf_index; - memset(buf, 0, sizeof(buf)); - memset(check_buf, 0, sizeof(check_buf)); - - mbedtls_pk_init(&key); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); - - ret = mbedtls_pk_write_key_pem(&key, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); + /* Note: if mbedtls_pk_load_file() successfully reads the file, then + it also allocates check_buf, which should be freed on exit */ + TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0); + TEST_ASSERT(check_buf_len > 0); + + /* Windows' line ending is different from the Linux's one ("\r\n" vs "\n"). + * Git treats PEM files as text, so when on Windows, it replaces new lines + * with "\r\n" on checkout. + * Unfortunately mbedtls_pk_load_file() loads files in binary format, + * while mbedtls_pk_write_pubkey_pem() goes through the I/O layer which + * uses "\n" for newlines in both Windows and Linux. + * Here we remove the extra "\r" so that "buf" and "check_buf" can be + * easily compared later. */ + if (!is_der) { + fix_new_lines(check_buf, &check_buf_len); + } + TEST_ASSERT(check_buf_len > 0); - pem_len = strlen((char *) buf); + ASSERT_ALLOC(buf, check_buf_len); - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); + mbedtls_pk_init(&key); + if (is_public_key) { + TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); + if (is_der) { + ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); + } else { +#if defined(MBEDTLS_PEM_WRITE_C) + ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); +#else + ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif + } + } else { + TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL), 0); + if (is_der) { + ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); + } else { +#if defined(MBEDTLS_PEM_WRITE_C) + ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); +#else + ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif + } } - f = fopen(key_file, "r"); - TEST_ASSERT(f != NULL); - ilen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); + if (is_der) { + TEST_LE_U(1, ret); + buf_len = ret; + start_buf = buf + check_buf_len - buf_len; + } else { + TEST_EQUAL(ret, 0); + buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */ + start_buf = buf; + } - TEST_ASSERT(ilen == strlen((char *) buf)); - TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0); + ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); exit: + mbedtls_free(buf); + mbedtls_free(check_buf); mbedtls_pk_free(&key); } +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pk_write_pubkey_check(char *key_file, int is_der) +{ + pk_write_check_common(key_file, 1, is_der); + goto exit; /* make the compiler happy */ +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pk_write_key_check(char *key_file, int is_der) +{ + pk_write_check_common(key_file, 0, is_der); + goto exit; /* make the compiler happy */ +} /* END_CASE */