From c60611b986ab6f8223cb10dbc36c7542d89896ac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jan 2023 16:27:11 +0100 Subject: [PATCH 1/6] test: check pkparse with compressed ec Signed-off-by: Valerio Setti --- tests/data_files/ec_224_prv.comp.pem | 4 ++ tests/data_files/ec_256_prv.comp.pem | 4 ++ tests/data_files/ec_256_pub.comp.pem | 4 ++ tests/data_files/ec_384_prv.comp.pem | 5 +++ tests/data_files/ec_384_pub.comp.pem | 4 ++ tests/data_files/ec_521_prv.comp.pem | 6 +++ tests/data_files/ec_521_pub.comp.pem | 4 ++ tests/data_files/ec_bp256_prv.comp.pem | 4 ++ tests/data_files/ec_bp256_pub.comp.pem | 4 ++ tests/data_files/ec_bp384_prv.comp.pem | 5 +++ tests/data_files/ec_bp384_pub.comp.pem | 4 ++ tests/data_files/ec_bp512_prv.comp.pem | 6 +++ tests/data_files/ec_bp512_pub.comp.pem | 4 ++ tests/data_files/ec_prv.sec1.comp.pem | 4 ++ tests/data_files/ec_pub.comp.pem | 4 ++ tests/suites/test_suite_pkparse.data | 60 ++++++++++++++++++++++++++ 16 files changed, 126 insertions(+) create mode 100644 tests/data_files/ec_224_prv.comp.pem create mode 100644 tests/data_files/ec_256_prv.comp.pem create mode 100644 tests/data_files/ec_256_pub.comp.pem create mode 100644 tests/data_files/ec_384_prv.comp.pem create mode 100644 tests/data_files/ec_384_pub.comp.pem create mode 100644 tests/data_files/ec_521_prv.comp.pem create mode 100644 tests/data_files/ec_521_pub.comp.pem create mode 100644 tests/data_files/ec_bp256_prv.comp.pem create mode 100644 tests/data_files/ec_bp256_pub.comp.pem create mode 100644 tests/data_files/ec_bp384_prv.comp.pem create mode 100644 tests/data_files/ec_bp384_pub.comp.pem create mode 100644 tests/data_files/ec_bp512_prv.comp.pem create mode 100644 tests/data_files/ec_bp512_pub.comp.pem create mode 100644 tests/data_files/ec_prv.sec1.comp.pem create mode 100644 tests/data_files/ec_pub.comp.pem diff --git a/tests/data_files/ec_224_prv.comp.pem b/tests/data_files/ec_224_prv.comp.pem new file mode 100644 index 0000000000..e7ed538785 --- /dev/null +++ b/tests/data_files/ec_224_prv.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PRIVATE KEY----- +MEwCAQEEHGhJ+X0QZvaZd1ljfH44mUZM7j7HrJcGU6C+B0KgBwYFK4EEACGhIAMe +AAMWk6KQ9/C1cf4rQdXYSwEydjH0qGD5lfozLAl/ +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_256_prv.comp.pem b/tests/data_files/ec_256_prv.comp.pem new file mode 100644 index 0000000000..9ef8c97e1a --- /dev/null +++ b/tests/data_files/ec_256_prv.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PRIVATE KEY----- +MFcCAQEEIEnJqMGMS4hWOMQxzx3xyZQTFgm1gNT9Q6DKsX2y8T7uoAoGCCqGSM49 +AwEHoSQDIgADd3Jlb4FLOZJ51eHxeB+sbwmaPFyhsONTUYNLCLZeC1c= +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_256_pub.comp.pem b/tests/data_files/ec_256_pub.comp.pem new file mode 100644 index 0000000000..bf9655db12 --- /dev/null +++ b/tests/data_files/ec_256_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADd3Jlb4FLOZJ51eHxeB+sbwmaPFyh +sONTUYNLCLZeC1c= +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_384_prv.comp.pem b/tests/data_files/ec_384_prv.comp.pem new file mode 100644 index 0000000000..3125b419f5 --- /dev/null +++ b/tests/data_files/ec_384_prv.comp.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHQCAQEEMD9djZvigLVpbMXMn5TPivfmth3WWSsqsrOkxgdFBBfsMn3Nyu18EAU9 +cZoFdPCnaqAHBgUrgQQAIqE0AzIAA9nGYrULopykeZBFDgQ66vTwxpsVZ20RL2Iq +cckwWa+ZlpHFaA0rRNERV52xL0pBOg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_384_pub.comp.pem b/tests/data_files/ec_384_pub.comp.pem new file mode 100644 index 0000000000..ccb67024df --- /dev/null +++ b/tests/data_files/ec_384_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEYwEAYHKoZIzj0CAQYFK4EEACIDMgAD2cZitQuinKR5kEUOBDrq9PDGmxVnbREv +YipxyTBZr5mWkcVoDStE0RFXnbEvSkE6 +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_521_prv.comp.pem b/tests/data_files/ec_521_prv.comp.pem new file mode 100644 index 0000000000..314c393243 --- /dev/null +++ b/tests/data_files/ec_521_prv.comp.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGYAgEBBEIBsbatB7t55zINpZhg6ijgVShPYFjyed5mbgbUNdKve9oo2Z+ke33Q +lj4WsAcweO6LijjZZqWC9G0Z/5XfOtloWq6gBwYFK4EEACOhRgNEAAMAHeFC1U9p +6wOO5LevnTygdzb9nPcZ6zVNaYee5/PBNvsPv58I+Gvl+hKOwaBR0+bGQ+ha2o/6 +zzZjwmC9LIRLb1Y= +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_521_pub.comp.pem b/tests/data_files/ec_521_pub.comp.pem new file mode 100644 index 0000000000..4bb8c2b6c8 --- /dev/null +++ b/tests/data_files/ec_521_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFgwEAYHKoZIzj0CAQYFK4EEACMDRAADAB3hQtVPaesDjuS3r508oHc2/Zz3Ges1 +TWmHnufzwTb7D7+fCPhr5foSjsGgUdPmxkPoWtqP+s82Y8JgvSyES29W +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_bp256_prv.comp.pem b/tests/data_files/ec_bp256_prv.comp.pem new file mode 100644 index 0000000000..198d21dcb6 --- /dev/null +++ b/tests/data_files/ec_bp256_prv.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PRIVATE KEY----- +MFgCAQEEICFh1vLbdlJvpiwW81aoDwHzL3dnhLNqqZeZqLdmIID/oAsGCSskAwMC +CAEBB6EkAyIAA3aMjK5KvKYwbbDtgbDEpiFcN4Bm7G1hbBRuE/HH34Cb +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_bp256_pub.comp.pem b/tests/data_files/ec_bp256_pub.comp.pem new file mode 100644 index 0000000000..ecd07bcdbb --- /dev/null +++ b/tests/data_files/ec_bp256_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MDowFAYHKoZIzj0CAQYJKyQDAwIIAQEHAyIAA3aMjK5KvKYwbbDtgbDEpiFcN4Bm +7G1hbBRuE/HH34Cb +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_bp384_prv.comp.pem b/tests/data_files/ec_bp384_prv.comp.pem new file mode 100644 index 0000000000..c0e2393b4b --- /dev/null +++ b/tests/data_files/ec_bp384_prv.comp.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEMD3ZLnUNkNfTn8GIXNitEuqUQfIrkzS02WUgKtsUSM4kxYCKhd2a/CKa +8KMST3Vby6ALBgkrJAMDAggBAQuhNAMyAAJxn50JOmJ+DTUDhcZhzr8AxhkjVm/p +AGoxB68dhxvGu2iYX9ci6jK+MW+OeDt80ZU= +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_bp384_pub.comp.pem b/tests/data_files/ec_bp384_pub.comp.pem new file mode 100644 index 0000000000..638666d243 --- /dev/null +++ b/tests/data_files/ec_bp384_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEowFAYHKoZIzj0CAQYJKyQDAwIIAQELAzIAAnGfnQk6Yn4NNQOFxmHOvwDGGSNW +b+kAajEHrx2HG8a7aJhf1yLqMr4xb454O3zRlQ== +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_bp512_prv.comp.pem b/tests/data_files/ec_bp512_prv.comp.pem new file mode 100644 index 0000000000..73b1c07269 --- /dev/null +++ b/tests/data_files/ec_bp512_prv.comp.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGYAgEBBEA3LJd49p9ybLyj9KJo8WtNYX0QKA15pqApzVGHn+EBKTTf5TlUVTN9 +9pBtx9bS7qTbsgZcAij3Oz7XFkgOfXHSoAsGCSskAwMCCAEBDaFEA0IAAji37JK2 +HFxsf7wopOx1nUj81OLjdN79XElopU2+91EOUXiG+/w46jmqUpNZ1wpxVsNdPLrH +zndr2yUd1kvOcSM= +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_bp512_pub.comp.pem b/tests/data_files/ec_bp512_pub.comp.pem new file mode 100644 index 0000000000..c2fbdcab91 --- /dev/null +++ b/tests/data_files/ec_bp512_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFowFAYHKoZIzj0CAQYJKyQDAwIIAQENA0IAAji37JK2HFxsf7wopOx1nUj81OLj +dN79XElopU2+91EOUXiG+/w46jmqUpNZ1wpxVsNdPLrHzndr2yUd1kvOcSM= +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_prv.sec1.comp.pem b/tests/data_files/ec_prv.sec1.comp.pem new file mode 100644 index 0000000000..ada14c2584 --- /dev/null +++ b/tests/data_files/ec_prv.sec1.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PRIVATE KEY----- +MEcCAQEEGDOOhqiB4jj1Sb1vBVNJS3Pj1hEw/cbJbaAKBggqhkjOPQMBAaEcAxoA +A1F1vN8wo3DznVOT5hJyiNgBZ7X0tLd2xg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/ec_pub.comp.pem b/tests/data_files/ec_pub.comp.pem new file mode 100644 index 0000000000..a3742a3120 --- /dev/null +++ b/tests/data_files/ec_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MDEwEwYHKoZIzj0CAQYIKoZIzj0DAQEDGgACvHl9s65/COw9SWtPtBGz9iClWKUB +4CIt +-----END PUBLIC KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index a493325fd4..b437f859f8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -912,6 +912,10 @@ Parse Public EC Key #2 (RFC 5480, PEM) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 +Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 + Parse Public EC Key #3 (RFC 5480, secp224r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 @@ -920,26 +924,50 @@ Parse Public EC Key #4 (RFC 5480, secp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 +Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 + Parse Public EC Key #5 (RFC 5480, secp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 +Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 + Parse Public EC Key #6 (RFC 5480, secp521r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 +Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 + Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 +Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 + Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 +Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 + Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 +Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 + Parse EC Key #1 (SEC1 DER) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 @@ -948,6 +976,10 @@ Parse EC Key #2 (SEC1 PEM) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 +Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 + Parse EC Key #3 (SEC1 PEM encrypted) depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 @@ -988,30 +1020,58 @@ Parse EC Key #8 (SEC1 PEM, secp224r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 +Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 + Parse EC Key #9 (SEC1 PEM, secp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 +Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 + Parse EC Key #10 (SEC1 PEM, secp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 +Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 + Parse EC Key #11 (SEC1 PEM, secp521r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 +Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 + Parse EC Key #12 (SEC1 PEM, bp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 +Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 + Parse EC Key #13 (SEC1 PEM, bp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 +Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 + Parse EC Key #14 (SEC1 PEM, bp512r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 +Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_bp512_prv.comp.pem":"NULL":0 + Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 From 0c960160ae7dbdb281f33a52f5c0e967e11eab86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jan 2023 16:56:30 +0100 Subject: [PATCH 2/6] test: extend makefile to generate keys with compressed points Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 388b0ce413..9fed16eac0 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -864,6 +864,66 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +ec_prv.sec1.comp.pem: ec_prv.sec1.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_prv.sec1.comp.pem + +ec_224_prv.comp.pem: ec_224_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_224_prv.comp.pem + +ec_256_prv.comp.pem: ec_256_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_256_prv.comp.pem + +ec_384_prv.comp.pem: ec_384_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_384_prv.comp.pem + +ec_521_prv.comp.pem: ec_521_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_521_prv.comp.pem + +ec_bp256_prv.comp.pem: ec_bp256_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_bp256_prv.comp.pem + +ec_bp384_prv.comp.pem: ec_bp384_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_bp384_prv.comp.pem + +ec_bp512_prv.comp.pem: ec_bp512_prv.pem + $(OPENSSL) ec -in $< -out $@ -conv_form compressed +all_final += ec_bp512_prv.comp.pem + +ec_pub.comp.pem: ec_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_pub.comp.pem + +ec_256_pub.comp.pem: ec_256_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_256_pub.comp.pem + +ec_384_pub.comp.pem: ec_384_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_256_pub.comp.pem + +ec_521_pub.comp.pem: ec_521_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_521_pub.comp.pem + +ec_bp256_pub.comp.pem: ec_bp256_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_bp256_pub.comp.pem + +ec_bp384_pub.comp.pem: ec_bp384_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_bp384_pub.comp.pem + +ec_bp512_pub.comp.pem: ec_bp512_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_bp512_pub.comp.pem + ################################################################ ### Generate CSRs for X.509 write test suite ################################################################ From ff15953a01aaa3ee3449bc05e864d432a9c1f0ff Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jan 2023 17:34:53 +0100 Subject: [PATCH 3/6] test: data: fix makefile error Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 9fed16eac0..2480f607fa 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -906,7 +906,7 @@ all_final += ec_256_pub.comp.pem ec_384_pub.comp.pem: ec_384_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed -all_final += ec_256_pub.comp.pem +all_final += ec_384_pub.comp.pem ec_521_pub.comp.pem: ec_521_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed From de7bb5b3611d4f5630b09adca22fb962c65fa190 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 25 Jan 2023 14:02:03 +0100 Subject: [PATCH 4/6] test: add failing check for secp224r1 with compressed format The test is expected to fail, so we verify that this is really not suppported Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 4 ++++ tests/data_files/ec_224_pub.comp.pem | 4 ++++ tests/suites/test_suite_pkparse.data | 6 ++++++ 3 files changed, 14 insertions(+) create mode 100644 tests/data_files/ec_224_pub.comp.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2480f607fa..a6466475f0 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -900,6 +900,10 @@ ec_pub.comp.pem: ec_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed all_final += ec_pub.comp.pem +ec_224_pub.comp.pem: ec_224_pub.pem + $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed +all_final += ec_224_pub.comp.pem + ec_256_pub.comp.pem: ec_256_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed all_final += ec_256_pub.comp.pem diff --git a/tests/data_files/ec_224_pub.comp.pem b/tests/data_files/ec_224_pub.comp.pem new file mode 100644 index 0000000000..159366cdae --- /dev/null +++ b/tests/data_files/ec_224_pub.comp.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEACEDHgADFpOikPfwtXH+K0HV2EsBMnYx9Khg+ZX6 +MywJfw== +-----END PUBLIC KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index b437f859f8..317a6c9144 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -920,6 +920,12 @@ Parse Public EC Key #3 (RFC 5480, secp224r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 +# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and +# MBEDTLS_ECP_DP_SECP224K1. Therefore a failure is expected in this case +Parse Public EC Key #3a (RFC 5480, secp224r1, compressed) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED +pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + Parse Public EC Key #4 (RFC 5480, secp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 From fa49a8ecdbca6b3d46cacfd7657db35dd86f2046 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Jan 2023 10:00:55 +0100 Subject: [PATCH 5/6] test: fix complementary domain testing for !MBEDTLS_ECP_C Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index ff19981e03..0856f3f38c 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -2,6 +2,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" +#include "mbedtls/ecp.h" #include "mbedtls/legacy_or_psa.h" /* END_HEADER */ From 78f79d323d1d286587f72cb01d4cafdd35139494 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Feb 2023 08:33:26 +0100 Subject: [PATCH 6/6] ecp: add documentation for compressed points limitations Signed-off-by: Valerio Setti --- include/mbedtls/ecp.h | 22 ++++++++++++++++++---- include/mbedtls/pk.h | 3 +++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 18b37a9473..7a28a19573 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -419,11 +419,22 @@ typedef struct mbedtls_ecp_keypair { } mbedtls_ecp_keypair; -/* - * Point formats, from RFC 4492's enum ECPointFormat +/** + * The uncompressed point format for Short Weierstrass curves + * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX). */ -#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */ -#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */ +#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 +/** + * The compressed point format for Short Weierstrass curves + * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX). + * + * \warning While this format is supported for all concerned curves for + * writing, when it comes to parsing, it is not supported for all + * curves. Specifically, parsing compressed points on + * MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1 is not + * supported. + */ +#define MBEDTLS_ECP_PF_COMPRESSED 1 /* * Some other constants from RFC 4492 @@ -752,6 +763,9 @@ int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, * belongs to the given group, see mbedtls_ecp_check_pubkey() * for that. * + * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for + * limitations. + * * \param grp The group to which the point should belong. * This must be initialized and have group parameters * set, for example through mbedtls_ecp_group_load(). diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 0392bd48e9..e66a9f81ff 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -804,6 +804,9 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *ctx, * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * specific key type, check the result with mbedtls_pk_can_do(). * + * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for + * limitations. + * * \note The key is also checked for correctness. * * \return 0 if successful, or a specific PK or PEM error code