Add RNG params to private key parsing

This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-07-30 22:43:08 +03:00 · 2021-06-15 11:29:26 +02:00
parent 39be1410fd
commit 84dea01f36
25 changed files with 175 additions and 121 deletions
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@ -94,7 +94,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
    memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );

    mbedtls_pk_init( &key );
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+                        mbedtls_test_rnd_std_rand, NULL ) == 0 );

    mbedtls_x509write_csr_init( &req );
    mbedtls_x509write_csr_set_md_alg( &req, md_type );
@ -163,7 +164,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
    TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );

    mbedtls_pk_init( &key );
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+                        mbedtls_test_rnd_std_rand, NULL ) == 0 );
    TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );

    mbedtls_x509write_csr_init( &req );
@ -225,10 +227,10 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
    mbedtls_x509write_crt_init( &crt );

    TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
-                                         subject_pwd ) == 0 );
+                    subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );

    TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
-                                         issuer_pwd ) == 0 );
+                    issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );

 #if defined(MBEDTLS_RSA_C)
    /* For RSA PK contexts, create a copy as an alternative RSA context. */