Test that creating RSA keys larger than the maximum fails

Test keypair import, public key import and key generation.
2018-06-28 00:16:11 +02:00 · 2018-06-28 00:16:11 +02:00 · 0b352bcf95
commit 0b352bcf95
parent 69c1267fd2
2 changed files with 127 additions and 0 deletions
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -129,6 +129,12 @@ PSA import EC keypair: valid key but RSA
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
 import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT

+PSA import RSA key pair: maximum size exceeded
+import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED
+
+PSA import RSA public key: maximum size exceeded
+import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED
+
 PSA key policy set and get
 key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE

@ -681,6 +687,9 @@ PSA generate key: RSA, 512 bits, good, encrypt
 depends_on:MBEDTLS_RSA_C
 generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS

+PSA generate key: RSA, maximum size exceeded
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+
 PSA generate key: ECC, SECP256R1, good
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
 generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include <stdint.h>
+#include "mbedtls/asn1write.h"
 #include "psa/crypto.h"

 #if(UINT32_MAX > SIZE_MAX)
@ -37,6 +38,88 @@ static int key_type_is_raw_bytes( psa_key_type_t type )
            category == PSA_KEY_TYPE_CATEGORY_SYMMETRIC );
 }

+/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
+static int asn1_write_10x( unsigned char **p,
+                           unsigned char *start,
+                           size_t bits,
+                           unsigned char x )
+{
+    int ret;
+    int len = bits / 8 + 1;
+    if( x >= 1 << bits )
+        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    if( *p < start || *p - start < (ssize_t) len )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    *p -= len;
+    ( *p )[len-1] = x;
+    if( bits % 8 == 0 )
+        ( *p )[1] |= 1;
+    else
+        ( *p )[0] |= 1 << ( bits % 8 );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+                                                       MBEDTLS_ASN1_INTEGER ) );
+    return( len );
+}
+
+static int construct_fake_rsa_key( unsigned char *buffer,
+                                   size_t buffer_size,
+                                   unsigned char **p,
+                                   size_t bits,
+                                   int keypair )
+{
+    size_t half_bits = ( bits + 1 ) / 2;
+    int ret;
+    int len = 0;
+    /* Construct something that looks like a DER encoding of
+     * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
+     *   RSAPrivateKey ::= SEQUENCE {
+     *       version           Version,
+     *       modulus           INTEGER,  -- n
+     *       publicExponent    INTEGER,  -- e
+     *       privateExponent   INTEGER,  -- d
+     *       prime1            INTEGER,  -- p
+     *       prime2            INTEGER,  -- q
+     *       exponent1         INTEGER,  -- d mod (p-1)
+     *       exponent2         INTEGER,  -- d mod (q-1)
+     *       coefficient       INTEGER,  -- (inverse of q) mod p
+     *       otherPrimeInfos   OtherPrimeInfos OPTIONAL
+     *   }
+     * Or, for a public key, the same structure with only
+     * version, modulus and publicExponent.
+     */
+    *p = buffer + buffer_size;
+    if( keypair )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, /* pq */
+                              asn1_write_10x( p, buffer, half_bits, 1 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, /* dq */
+                              asn1_write_10x( p, buffer, half_bits, 1 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, /* dp */
+                              asn1_write_10x( p, buffer, half_bits, 1 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, /* q */
+                              asn1_write_10x( p, buffer, half_bits, 1 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
+                              asn1_write_10x( p, buffer, half_bits, 3 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, /* d */
+                              asn1_write_10x( p, buffer, bits, 1 ) );
+    }
+    MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
+                          asn1_write_10x( p, buffer, 17, 1 ) );
+    MBEDTLS_ASN1_CHK_ADD( len, /* n */
+                          asn1_write_10x( p, buffer, bits, 1 ) );
+    if( keypair )
+        MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
+                              mbedtls_asn1_write_int( p, buffer, 0 ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
+    {
+        const unsigned char tag =
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
+    }
+    return( len );
+}
+
 static int exercise_mac_key( psa_key_slot_t key,
                             psa_key_usage_t usage,
                             psa_algorithm_t alg )
@ -304,6 +387,41 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE */
+void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
+{
+    int slot = 1;
+    size_t bits = bits_arg;
+    psa_status_t expected_status = expected_status_arg;
+    psa_status_t status;
+    psa_key_type_t type =
+        keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+    size_t buffer_size = /* Slight overapproximations */
+        keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
+    unsigned char *buffer = mbedtls_calloc( 1, buffer_size );
+    unsigned char *p;
+    int ret;
+    size_t length;
+
+    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+    TEST_ASSERT( buffer != NULL );
+
+    TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
+                                                 bits, keypair ) ) >= 0 );
+    length = ret;
+
+    /* Try importing the key */
+    status = psa_import_key( slot, type, p, length );
+    TEST_ASSERT( status == expected_status );
+    if( status == PSA_SUCCESS )
+        TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
+
+exit:
+    mbedtls_free( buffer );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void import_export( data_t *data,
                    int type_arg,