From d971b7834b746b6d2c8d08f513456027835b0b76 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Mar 2024 15:08:53 +0100 Subject: test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined This bug was not found until now because: - !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite() - the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency so it was not executed in that component. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 2 +- tests/suites/test_suite_pk.function | 37 ++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 102aee2..a979cbd 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -684,7 +684,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP512R1 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 PSA wrapped sign: RSA PKCS1 v1.5 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK sign ext: RSA2048, PK_RSA, MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8f5e7f6..0a0f158 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1875,12 +1875,21 @@ void pk_psa_sign(int psa_type, int bits) legacy_pub_key + sizeof(legacy_pub_key) - legacy_pub_key_len, legacy_pub_key_len); #else /* MBEDTLS_PK_WRITE_C */ - ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), - &(mbedtls_pk_ec_ro(pk)->Q), - MBEDTLS_ECP_PF_UNCOMPRESSED, - &legacy_pub_key_len, legacy_pub_key, - sizeof(legacy_pub_key)); - TEST_EQUAL(ret, 0); + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { + TEST_EQUAL(mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), + &(mbedtls_pk_ec_ro(pk)->Q), + MBEDTLS_ECP_PF_UNCOMPRESSED, + &legacy_pub_key_len, legacy_pub_key, + sizeof(legacy_pub_key)), 0); + } else { + unsigned char *end = legacy_pub_key + sizeof(legacy_pub_key); + ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, &end); + legacy_pub_key_len = (size_t) ret; + TEST_ASSERT(legacy_pub_key_len > 0); + /* mbedtls_rsa_write_pubkey() writes data backward in the buffer so + * we shift that to the origin of the buffer instead. */ + memmove(legacy_pub_key, end, legacy_pub_key_len); + } #endif /* MBEDTLS_PK_WRITE_C */ /* Turn the PK context into an opaque one. */ @@ -1939,11 +1948,17 @@ void pk_psa_sign(int psa_type, int bits) #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_PARSE_C) TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, legacy_pub_key, legacy_pub_key_len), 0); #else - TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); - TEST_EQUAL(mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(pk)->grp), ecp_grp_id), 0); - TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), - &(mbedtls_pk_ec_rw(pk)->Q), - legacy_pub_key, legacy_pub_key_len), 0); + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { + TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); + TEST_EQUAL(mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(pk)->grp), ecp_grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), + &(mbedtls_pk_ec_rw(pk)->Q), + legacy_pub_key, legacy_pub_key_len), 0); + } else { + TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, + legacy_pub_key_len), 0); + } #endif TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, sizeof(hash), sig, sig_len) == 0); -- cgit v1.1