mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 08:37:25 +00:00
9a09443973
Run the function on a few different curves with shorter, just-right and larger buffer sizes. Perform some basic sanity checks on the output (which is random). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
109 lines
3.4 KiB
C
109 lines
3.4 KiB
C
/* BEGIN_HEADER */
|
|
/* Unit tests for internal functions for built-in ECC mechanisms. */
|
|
#include <psa/crypto.h>
|
|
|
|
#include "psa_crypto_ecp.h"
|
|
|
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
|
/*
|
|
* Check if a buffer is all-0 bytes:
|
|
* return 1 if it is,
|
|
* 0 if it isn't.
|
|
*
|
|
* TODO: we use this in multiple test suites. Move it to tests/src.
|
|
*/
|
|
static int buffer_is_all_zero(const uint8_t *buf, size_t size)
|
|
{
|
|
for (size_t i = 0; i < size; i++) {
|
|
if (buf[i] != 0) {
|
|
return 0;
|
|
}
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
/* Do some sanity checks on an ECC private key. This is not intended to be
|
|
* a full validity check, just to catch some potential mistakes. */
|
|
static int check_ecc_private_key(psa_ecc_family_t family, size_t bits,
|
|
const uint8_t *key, size_t key_length)
|
|
{
|
|
int ok = 0;
|
|
|
|
/* Check the expected length (same calculation for all curves). */
|
|
TEST_EQUAL(PSA_BITS_TO_BYTES(bits), key_length);
|
|
|
|
/* All-bits zero is invalid and means no key material was copied to the
|
|
* output buffer, or a grave RNG pluming failure. */
|
|
TEST_ASSERT(!buffer_is_all_zero(key, key_length));
|
|
|
|
/* Check the top byte of the value for non-byte-aligned curve sizes.
|
|
* This is a partial endianness check. */
|
|
if (bits % 8 != 0) {
|
|
/* All supported non-byte-aligned curve sizes are for Weierstrass
|
|
* curves with a big-endian representation. */
|
|
uint8_t top_byte = key[0];
|
|
uint8_t mask = 0xff << (bits & 8);
|
|
TEST_EQUAL(top_byte & mask, 0);
|
|
}
|
|
|
|
/* Check masked bits on Curve25519 and Curve448. */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255)
|
|
if (family == PSA_ECC_FAMILY_MONTGOMERY && bits == 255) {
|
|
TEST_EQUAL(key[0] & 0xf8, key[0]);
|
|
TEST_EQUAL(key[31] & 0xc0, 0x40);
|
|
}
|
|
#endif /* MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448)
|
|
if (family == PSA_ECC_FAMILY_MONTGOMERY && bits == 448) {
|
|
TEST_EQUAL(key[0] & 0xfc, key[0]);
|
|
TEST_EQUAL(key[55] & 0x80, 0x80);
|
|
}
|
|
#endif /* MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 */
|
|
(void) family; // unused in Weierstrass-only builds
|
|
|
|
ok = 1;
|
|
exit:
|
|
return ok;
|
|
}
|
|
#endif
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
|
void generate_key(int family_arg, int bits_arg,
|
|
int output_size_arg,
|
|
psa_status_t expected_status)
|
|
{
|
|
psa_ecc_family_t family = family_arg;
|
|
size_t bits = bits_arg;
|
|
size_t output_size = output_size_arg;
|
|
|
|
uint8_t *output = NULL;
|
|
size_t output_length = SIZE_MAX;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(family));
|
|
psa_set_key_bits(&attributes, bits);
|
|
PSA_INIT();
|
|
TEST_CALLOC(output, output_size);
|
|
|
|
TEST_EQUAL(mbedtls_psa_ecp_generate_key(&attributes,
|
|
output, output_size,
|
|
&output_length),
|
|
expected_status);
|
|
if (expected_status == PSA_SUCCESS) {
|
|
TEST_LE_U(output_length, output_size);
|
|
TEST_ASSERT(check_ecc_private_key(family, bits,
|
|
output, output_length));
|
|
}
|
|
|
|
exit:
|
|
PSA_DONE();
|
|
mbedtls_free(output);
|
|
}
|
|
/* END_CASE */
|