Add tests to test pkcs8 parsing of encrypted keys

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-03-22 13:20:50 +00:00 · 2023-09-20 18:00:48 +01:00 · 2023-09-20 18:00:48 +01:00 · 1db5cdaf57
commit 1db5cdaf57
parent 5e48cad7f0
4 changed files with 41 additions and 5 deletions
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@ -117,5 +117,14 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */

+#if defined(MBEDTLS_TEST_HOOKS)
+
+MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
+    mbedtls_pk_context *pk,
+    unsigned char *key, size_t keylen,
+    const unsigned char *pwd, size_t pwdlen,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+
+#endif

 #endif /* MBEDTLS_PK_INTERNAL_H */
--- a/library/pkparse.c
+++ b/library/pkparse.c
@ -1436,7 +1436,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
 *
 */
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-static int pk_parse_key_pkcs8_encrypted_der(
+MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
    mbedtls_pk_context *pk,
    unsigned char *key, size_t keylen,
    const unsigned char *pwd, size_t pwdlen,
@ -1650,8 +1650,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
                                      key, NULL, 0, &len);
    }
    if (ret == 0) {
-        if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen,
-                                                    pwd, pwdlen, f_rng, p_rng)) != 0) {
+        if ((ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen,
+                                                            pwd, pwdlen, f_rng, p_rng)) != 0) {
            mbedtls_pk_free(pk);
        }

@ -1683,8 +1683,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,

        memcpy(key_copy, key, keylen);

-        ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
-                                               pwd, pwdlen, f_rng, p_rng);
+        ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
+                                                       pwd, pwdlen, f_rng, p_rng);

        mbedtls_zeroize_and_free(key_copy, keylen);
    }
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@ -1219,6 +1219,14 @@ Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and uns
 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
 pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

+Key ASN1 (Encrypted key PKCS5, trailing garbage data)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+Key ASN1 (Encrypted key PKCS12, trailing garbage data)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
 # From RFC8410 Appendix A but made into version 0
 OneAsymmetricKey X25519, doesn't match masking requirements #1
 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@ -150,6 +150,25 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result)
+{
+    mbedtls_pk_context pk;
+
+    mbedtls_pk_init(&pk);
+    USE_PSA_INIT();
+
+    TEST_ASSERT(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len,
+                                                         pass->x, pass->len,
+                                                         mbedtls_test_rnd_std_rand,
+                                                         NULL) == result);
+
+exit:
+    mbedtls_pk_free(&pk);
+    USE_PSA_DONE();
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */
 void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output)
 {