TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8a7ed6951df6b3068bc8cd0b162e7d3e691bc750 / . / tests / suites / test_suite_pkcs1_v21.function
blob: 376c752f49050813856eb69c92f9735bf45b9bb9 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnard07018f92022-09-15 11:29:35 +0200[diff] [blame]3#include "mbedtls/legacy_or_psa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]4/* END_HEADER */
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]5
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]6/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnarde741c612022-07-27 13:13:55 +0200[diff] [blame]7 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]8 * END_DEPENDENCIES
9 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]10
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]11/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]12void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E,
13 int hash, data_t *message_str, data_t *rnd_buf,
14 data_t *result_str, int result)
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]15{
Ron Eldor5b8f1202018-11-22 15:49:49 +0200[diff] [blame]16 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]17 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]18 mbedtls_test_rnd_buf_info info;
Hanno Becker6326a6d2017-08-23 06:38:22 +0100[diff] [blame]19 mbedtls_mpi N, E;
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]20
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]21 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
22 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]23 info.buf = rnd_buf->x;
24 info.length = rnd_buf->len;
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]25
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]26 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
27 mbedtls_rsa_init(&ctx);
28 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
29 MBEDTLS_RSA_PKCS_V21, hash) == 0);
30 memset(output, 0x00, sizeof(output));
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]31
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]32 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
33 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
34 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
35 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
36 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]37
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]38 if (message_str->len == 0) {
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]39 message_str->x = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]40 }
41 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
42 &mbedtls_test_rnd_buffer_rand,
43 &info, message_str->len,
44 message_str->x,
45 output) == result);
46 if (result == 0) {
47 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]48 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]49
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]50exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]51 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
52 mbedtls_rsa_free(&ctx);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]53}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]54/* END_CASE */
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]55
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]56/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]57void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q,
58 data_t *input_N, data_t *input_E, int hash,
59 data_t *result_str, char *seed, data_t *message_str,
60 int result)
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]61{
Ron Eldor5b8f1202018-11-22 15:49:49 +0200[diff] [blame]62 unsigned char output[64];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]63 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]64 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]65 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6326a6d2017-08-23 06:38:22 +0100[diff] [blame]66 mbedtls_mpi N, P, Q, E;
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]67 ((void) seed);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]68
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]69 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
70 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
Hanno Becker6326a6d2017-08-23 06:38:22 +0100[diff] [blame]71
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]72 mbedtls_rsa_init(&ctx);
73 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
74 MBEDTLS_RSA_PKCS_V21, hash) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]75
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]76 memset(output, 0x00, sizeof(output));
77 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]78
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]79 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0);
80 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0);
81 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
82 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]83
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]84 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
85 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
86 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
87 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]88
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 if (result_str->len == 0) {
90 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
91 &mbedtls_test_rnd_pseudo_rand,
92 &rnd_info,
93 &output_len, message_str->x,
94 NULL, 0) == result);
95 } else {
96 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
97 &mbedtls_test_rnd_pseudo_rand,
98 &rnd_info,
99 &output_len, message_str->x,
100 output,
101 sizeof(output)) == result);
102 if (result == 0) {
103 ASSERT_COMPARE(output, output_len, result_str->x, result_str->len);
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]104 }
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]105 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]106
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]107exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]108 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
109 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
110 mbedtls_rsa_free(&ctx);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]111}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]112/* END_CASE */
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]113
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]114/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]115void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q,
116 data_t *input_N, data_t *input_E, int digest,
117 int hash, data_t *hash_digest, data_t *rnd_buf,
118 data_t *result_str, int fixed_salt_length,
119 int result)
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]120{
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]121 unsigned char output[512];
122 mbedtls_rsa_context ctx;
123 mbedtls_test_rnd_buf_info info;
124 mbedtls_mpi N, P, Q, E;
125
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]126 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
127 info.fallback_p_rng = NULL;
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]128 info.buf = rnd_buf->x;
129 info.length = rnd_buf->len;
130
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]131 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
132 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
133 mbedtls_rsa_init(&ctx);
134 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
135 MBEDTLS_RSA_PKCS_V21, hash) == 0);
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]136
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137 memset(output, 0x00, sizeof(output));
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]138
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0);
140 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0);
141 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
142 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]143
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]144 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
145 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
146 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
147 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]148
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]149 if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) {
150 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
151 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
152 digest, hash_digest->len, hash_digest->x, output) == result);
153 if (result == 0) {
154 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
Cédric Meuter61adfd62021-01-10 11:52:39 +0100[diff] [blame]155 }
156
157 info.buf = rnd_buf->x;
158 info.length = rnd_buf->len;
159 }
160
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]161 TEST_ASSERT(mbedtls_rsa_rsassa_pss_sign_ext(
162 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
163 digest, hash_digest->len, hash_digest->x,
164 fixed_salt_length, output) == result);
165 if (result == 0) {
166 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]167 }
168
169exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]170 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
171 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
172 mbedtls_rsa_free(&ctx);
Cédric Meuter668a78d2020-04-30 11:57:04 +0200[diff] [blame]173}
174/* END_CASE */
175
176/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]177void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E,
178 int digest, int hash, data_t *hash_digest,
179 char *salt, data_t *result_str, int result)
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]180{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]181 mbedtls_rsa_context ctx;
Hanno Becker6326a6d2017-08-23 06:38:22 +0100[diff] [blame]182 mbedtls_mpi N, E;
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]183 ((void) salt);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]184
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]185 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
186 mbedtls_rsa_init(&ctx);
187 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
188 MBEDTLS_RSA_PKCS_V21, hash) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]189
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]190 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
191 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]192
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]193 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
194 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
195 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]196
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]197
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]198 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, hash_digest->len, hash_digest->x,
199 result_str->x) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]200
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]201exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]202 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
203 mbedtls_rsa_free(&ctx);
Paul Bakker9dcc3222011-03-08 14:16:06 +0000[diff] [blame]204}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]205/* END_CASE */
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]206
207/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]208void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E,
209 int msg_digest_id, int ctx_hash,
210 int mgf_hash, int salt_len,
211 data_t *hash_digest,
212 data_t *result_str, int result_simple,
213 int result_full)
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]214{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]215 mbedtls_rsa_context ctx;
Hanno Becker6326a6d2017-08-23 06:38:22 +0100[diff] [blame]216 mbedtls_mpi N, E;
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]217
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]218 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
219 mbedtls_rsa_init(&ctx);
220 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
221 MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]222
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]223 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0);
224 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]225
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
227 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
228 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]229
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]230
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]231 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, msg_digest_id,
232 hash_digest->len, hash_digest->x,
233 result_str->x) == result_simple);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]234
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]235 TEST_ASSERT(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, msg_digest_id, hash_digest->len,
236 hash_digest->x, mgf_hash, salt_len,
237 result_str->x) == result_full);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]238
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]239exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]240 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
241 mbedtls_rsa_free(&ctx);
Manuel Pégourié-Gonnard5ec628a2014-06-03 11:44:06 +0200[diff] [blame]242}
243/* END_CASE */