Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index b46cf05..5ccb072 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -279,7 +279,8 @@
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_PK_PARSE_C)
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1,
+ mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
@@ -296,8 +297,8 @@
/* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk,
- key_data->x, key_data->len,
- NULL, 0 ) == 0 );
+ key_data->x, key_data->len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -349,7 +350,9 @@
mbedtls_pk_init( &alt );
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL )
+ == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv,
mbedtls_test_rnd_std_rand, NULL )
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 4650d33..4c7f3d2 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -21,7 +21,8 @@
if( strcmp( pwd, "NULL" ) == 0 )
pwd = NULL;
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd );
+ res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result );
@@ -96,7 +97,8 @@
mbedtls_pk_init( &ctx );
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, password );
+ res = mbedtls_pk_parse_keyfile( &ctx, key_file, password,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result );
@@ -120,7 +122,8 @@
mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result );
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL ) == result );
exit:
mbedtls_pk_free( &pk );
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 2bad4ed..d1e029a 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -63,7 +63,8 @@
memset( check_buf, 0, sizeof( check_buf ) );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 );
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index c555d74..d4aad60 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -800,7 +800,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
else
@@ -812,7 +813,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0 );
+ mbedtls_test_srv_key_ec_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
}
@@ -827,7 +829,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
else
@@ -839,7 +842,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0 );
+ mbedtls_test_cli_key_ec_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
}
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 44f846f..c9b7cf9 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -94,7 +94,8 @@
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
@@ -163,7 +164,8 @@
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req );
@@ -225,10 +227,10 @@
mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
- subject_pwd ) == 0 );
+ subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
- issuer_pwd ) == 0 );
+ issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */