TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 15d3df7aec7b30f4f0b76049e04ff11003494c47 / . / tests / suites / test_suite_pkcs1_v15.function
blob: 91dcda3aeead1da2b907d42cb108c581038f513f [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
Manuel Pégourié-Gonnard4c1087f2022-07-15 11:16:58 +0200[diff] [blame]4
Manuel Pégourié-Gonnard07018f92022-09-15 11:29:35 +0200[diff] [blame]5#include "mbedtls/legacy_or_psa.h"
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]6/* END_HEADER */
7
8/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard3637c512022-07-13 12:41:36 +0200[diff] [blame]9 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]10 * END_DEPENDENCIES
11 */
12
13/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]14void pkcs1_rsaes_v15_encrypt(int mod, char *input_N,
15 char *input_E, int hash,
16 data_t *message_str, data_t *rnd_buf,
17 data_t *result_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]19 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]20 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]21 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]22 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]23
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]24 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
25 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]26 info.buf = rnd_buf->x;
27 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]29 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
30 mbedtls_rsa_init(&ctx);
31 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
32 MBEDTLS_RSA_PKCS_V15, hash) == 0);
33 memset(output, 0x00, sizeof(output));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]34
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame^]35 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
36 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
37
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]38 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
39 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
40 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
41 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
42 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]43
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]44 if (message_str->len == 0) {
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]45 message_str->x = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]46 }
47 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
48 &mbedtls_test_rnd_buffer_rand,
49 &info, message_str->len,
50 message_str->x,
51 output) == result);
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]52
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]53 if (result == 0) {
54 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
55 ctx.len, result_str->len) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]56 }
57
58exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
60 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]61}
62/* END_CASE */
63
64/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q,
66 char *input_N, char *input_E, int hash,
67 data_t *result_str, char *seed,
68 data_t *message_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]69{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]70 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]71 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]72 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]73 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]74 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]75 ((void) seed);
76
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]77 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
78 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
79 mbedtls_rsa_init(&ctx);
80 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
81 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]82
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame^]83 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
84 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
85
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]86 memset(output, 0x00, sizeof(output));
87 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]88
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
90 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
91 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
92 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]93
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]94 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
95 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
96 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
97 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]98
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]99 if (result_str->len == 0) {
100 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
101 &mbedtls_test_rnd_pseudo_rand,
102 &rnd_info,
103 &output_len, message_str->x,
104 NULL, 0) == result);
105 } else {
106 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
107 &mbedtls_test_rnd_pseudo_rand,
108 &rnd_info,
109 &output_len, message_str->x,
110 output, 1000) == result);
111 if (result == 0) {
112 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
113 output_len,
114 result_str->len) == 0);
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]115 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]116 }
117
118exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]119 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
120 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
121 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]122}
123/* END_CASE */
124
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]125/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]126void pkcs1_v15_decode(data_t *input,
127 int expected_plaintext_length_arg,
128 int output_size_arg,
129 int expected_result)
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]130{
131 size_t expected_plaintext_length = expected_plaintext_length_arg;
132 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]133 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]134 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
135 mbedtls_rsa_context ctx;
136 static unsigned char N[128] = {
137 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
138 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
139 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
140 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
141 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
142 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
143 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
144 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
145 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
146 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
147 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
148 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
149 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
150 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
151 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
152 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
153 };
154 static unsigned char E[1] = { 0x03 };
155 static unsigned char P[64] = {
156 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
157 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
158 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
159 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
160 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
161 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
162 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
163 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
164 };
165 static unsigned char Q[64] = {
166 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
167 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
168 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
169 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
170 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
171 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
172 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
173 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
174 };
175 unsigned char original[128];
176 unsigned char intermediate[128];
177 static unsigned char default_content[128] = {
178 /* A randomly generated pattern. */
179 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
180 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
181 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
182 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
183 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
184 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
185 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
186 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
187 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
188 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
189 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
190 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
191 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
192 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
193 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
194 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
195 };
196 unsigned char final[128];
197 size_t output_length = 0x7EA0;
198
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
200 mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi);
201 mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi);
202 mbedtls_rsa_init(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]203
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]204 TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0);
205 TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0);
206 TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0);
207 TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]208
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi,
210 NULL, &Empi) == 0);
211 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]212
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 TEST_ASSERT(input->len <= sizeof(N));
214 memcpy(original, input->x, input->len);
215 memset(original + input->len, 'd', sizeof(original) - input->len);
216 TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]217
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]218 memcpy(final, default_content, sizeof(final));
219 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
220 &mbedtls_test_rnd_pseudo_rand,
221 &rnd_info, &output_length,
222 intermediate, final,
223 output_size) == expected_result);
224 if (expected_result == 0) {
225 TEST_ASSERT(output_length == expected_plaintext_length);
226 TEST_ASSERT(memcmp(original + sizeof(N) - output_length,
227 final,
228 output_length) == 0);
229 } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
230 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) {
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]231 size_t max_payload_length =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]232 output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]233 size_t i;
234 size_t count = 0;
235
236#if !defined(MBEDTLS_RSA_ALT)
237 /* Check that the output in invalid cases is what the default
238 * implementation currently does. Alternative implementations
239 * may produce different output, so we only perform these precise
240 * checks when using the default implementation. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]241 TEST_ASSERT(output_length == max_payload_length);
242 for (i = 0; i < max_payload_length; i++) {
243 TEST_ASSERT(final[i] == 0);
244 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]245#endif
246 /* Even in alternative implementations, the outputs must have
247 * changed, otherwise it indicates at least a timing vulnerability
248 * because no write to the outputs is performed in the bad case. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]249 TEST_ASSERT(output_length != 0x7EA0);
250 for (i = 0; i < max_payload_length; i++) {
251 count += (final[i] == default_content[i]);
252 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]253 /* If more than 16 bytes are unchanged in final, that's evidence
254 * that final wasn't overwritten. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]255 TEST_ASSERT(count < 16);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]256 }
257
258exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259 mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi);
260 mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi);
261 mbedtls_rsa_free(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]262}
263/* END_CASE */
264
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]265/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]266void pkcs1_rsassa_v15_sign(int mod, char *input_P,
267 char *input_Q, char *input_N,
268 char *input_E, int digest, int hash,
269 data_t *message_str, data_t *rnd_buf,
270 data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]271{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]272 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]273 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]274 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]275 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]276
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]277 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
278 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]279 info.buf = rnd_buf->x;
280 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]281
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
283 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
284 mbedtls_rsa_init(&ctx);
285 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
286 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]287
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]288 memset(output, 0x00, sizeof(output));
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]289
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame^]290 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
291 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
292
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]293 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
294 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
295 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
296 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]297
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]298 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
299 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
300 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
301 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]302
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]303 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
304 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
305 digest, message_str->len, message_str->x,
306 output) == result);
307 if (result == 0) {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]308
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]309 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
310 ctx.len, result_str->len) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]311 }
312
313exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]314 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
315 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
316 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]317}
318/* END_CASE */
319
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]320/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]321void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E,
322 int digest, int hash, data_t *message_str,
323 char *salt, data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]324{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]325 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]326 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]327 ((void) salt);
328
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]329 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
330 mbedtls_rsa_init(&ctx);
331 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
332 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]333
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame^]334 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
335 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
336
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]337 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
338 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
339 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
340 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
341 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]342
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]343 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
344 result_str->x) == result);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]345
346exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
348 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]349}
350/* END_CASE */