| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
| Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 2 | #include "mbedtls/rsa.h" |
| Manuel Pégourié-Gonnard | 07018f9 | 2022-09-15 11:29:35 +0200 | [diff] [blame] | 3 | #include "mbedtls/legacy_or_psa.h" |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 4 | /* END_HEADER */ |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 5 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 6 | /* BEGIN_DEPENDENCIES |
| Manuel Pégourié-Gonnard | e741c61 | 2022-07-27 13:13:55 +0200 | [diff] [blame] | 7 | * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 8 | * END_DEPENDENCIES |
| 9 | */ |
| Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 10 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 11 | /* BEGIN_CASE */ |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 12 | void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, |
| 13 | int hash, data_t *message_str, data_t *rnd_buf, |
| 14 | data_t *result_str, int result) |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 15 | { |
| Ron Eldor | 5b8f120 | 2018-11-22 15:49:49 +0200 | [diff] [blame] | 16 | unsigned char output[256]; |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 17 | mbedtls_rsa_context ctx; |
| Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 18 | mbedtls_test_rnd_buf_info info; |
| Hanno Becker | 6326a6d | 2017-08-23 06:38:22 +0100 | [diff] [blame] | 19 | mbedtls_mpi N, E; |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 20 | |
| Gilles Peskine | ecacc3c | 2021-03-24 00:48:57 +0100 | [diff] [blame] | 21 | info.fallback_f_rng = mbedtls_test_rnd_std_rand; |
| 22 | info.fallback_p_rng = NULL; |
| Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 23 | info.buf = rnd_buf->x; |
| 24 | info.length = rnd_buf->len; |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 25 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 26 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 27 | mbedtls_rsa_init(&ctx); |
| 28 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, |
| 29 | MBEDTLS_RSA_PKCS_V21, hash) == 0); |
| 30 | memset(output, 0x00, sizeof(output)); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 31 | |
| Yanray Wang | 15d3df7 | 2023-03-17 19:34:01 +0800 | [diff] [blame^] | 32 | TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V21); |
| 33 | TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash); |
| 34 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 35 | TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); |
| 36 | TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); |
| 37 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
| 38 | TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); |
| 39 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 40 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 41 | if (message_str->len == 0) { |
| Gilles Peskine | 85a6dd4 | 2018-10-15 16:32:42 +0200 | [diff] [blame] | 42 | message_str->x = NULL; |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 43 | } |
| 44 | TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, |
| 45 | &mbedtls_test_rnd_buffer_rand, |
| 46 | &info, message_str->len, |
| 47 | message_str->x, |
| 48 | output) == result); |
| 49 | if (result == 0) { |
| 50 | ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 51 | } |
| Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 52 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 53 | exit: |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 54 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 55 | mbedtls_rsa_free(&ctx); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 56 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 57 | /* END_CASE */ |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 58 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 59 | /* BEGIN_CASE */ |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 60 | void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, |
| 61 | data_t *input_N, data_t *input_E, int hash, |
| 62 | data_t *result_str, char *seed, data_t *message_str, |
| 63 | int result) |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 64 | { |
| Ron Eldor | 5b8f120 | 2018-11-22 15:49:49 +0200 | [diff] [blame] | 65 | unsigned char output[64]; |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 66 | mbedtls_rsa_context ctx; |
| Paul Bakker | f4a3f30 | 2011-04-24 15:53:29 +0000 | [diff] [blame] | 67 | size_t output_len; |
| Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 68 | mbedtls_test_rnd_pseudo_info rnd_info; |
| Hanno Becker | 6326a6d | 2017-08-23 06:38:22 +0100 | [diff] [blame] | 69 | mbedtls_mpi N, P, Q, E; |
| Paul Bakker | dbd443d | 2013-08-16 13:38:47 +0200 | [diff] [blame] | 70 | ((void) seed); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 71 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 72 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 73 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| Hanno Becker | 6326a6d | 2017-08-23 06:38:22 +0100 | [diff] [blame] | 74 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 75 | mbedtls_rsa_init(&ctx); |
| 76 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, |
| 77 | MBEDTLS_RSA_PKCS_V21, hash) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 78 | |
| Yanray Wang | 15d3df7 | 2023-03-17 19:34:01 +0800 | [diff] [blame^] | 79 | TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V21); |
| 80 | TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash); |
| 81 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 82 | memset(output, 0x00, sizeof(output)); |
| 83 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 84 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 85 | TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); |
| 86 | TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); |
| 87 | TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); |
| 88 | TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); |
| Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 89 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 90 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
| 91 | TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); |
| 92 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 93 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 94 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 95 | if (result_str->len == 0) { |
| 96 | TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, |
| 97 | &mbedtls_test_rnd_pseudo_rand, |
| 98 | &rnd_info, |
| 99 | &output_len, message_str->x, |
| 100 | NULL, 0) == result); |
| 101 | } else { |
| 102 | TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, |
| 103 | &mbedtls_test_rnd_pseudo_rand, |
| 104 | &rnd_info, |
| 105 | &output_len, message_str->x, |
| 106 | output, |
| 107 | sizeof(output)) == result); |
| 108 | if (result == 0) { |
| 109 | ASSERT_COMPARE(output, output_len, result_str->x, result_str->len); |
| Gilles Peskine | 85a6dd4 | 2018-10-15 16:32:42 +0200 | [diff] [blame] | 110 | } |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 111 | } |
| Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 112 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 113 | exit: |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 114 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 115 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| 116 | mbedtls_rsa_free(&ctx); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 117 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 118 | /* END_CASE */ |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 119 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 120 | /* BEGIN_CASE */ |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 121 | void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, |
| 122 | data_t *input_N, data_t *input_E, int digest, |
| 123 | int hash, data_t *hash_digest, data_t *rnd_buf, |
| 124 | data_t *result_str, int fixed_salt_length, |
| 125 | int result) |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 126 | { |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 127 | unsigned char output[512]; |
| 128 | mbedtls_rsa_context ctx; |
| 129 | mbedtls_test_rnd_buf_info info; |
| 130 | mbedtls_mpi N, P, Q, E; |
| 131 | |
| Gilles Peskine | ecacc3c | 2021-03-24 00:48:57 +0100 | [diff] [blame] | 132 | info.fallback_f_rng = mbedtls_test_rnd_std_rand; |
| 133 | info.fallback_p_rng = NULL; |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 134 | info.buf = rnd_buf->x; |
| 135 | info.length = rnd_buf->len; |
| 136 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 137 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 138 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| 139 | mbedtls_rsa_init(&ctx); |
| 140 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, |
| 141 | MBEDTLS_RSA_PKCS_V21, hash) == 0); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 142 | |
| Yanray Wang | 15d3df7 | 2023-03-17 19:34:01 +0800 | [diff] [blame^] | 143 | TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V21); |
| 144 | TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash); |
| 145 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 146 | memset(output, 0x00, sizeof(output)); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 147 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 148 | TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); |
| 149 | TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); |
| 150 | TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); |
| 151 | TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 152 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 153 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
| 154 | TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); |
| 155 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 156 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 157 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 158 | if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { |
| 159 | TEST_ASSERT(mbedtls_rsa_pkcs1_sign( |
| 160 | &ctx, &mbedtls_test_rnd_buffer_rand, &info, |
| 161 | digest, hash_digest->len, hash_digest->x, output) == result); |
| 162 | if (result == 0) { |
| 163 | ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); |
| Cédric Meuter | 61adfd6 | 2021-01-10 11:52:39 +0100 | [diff] [blame] | 164 | } |
| 165 | |
| 166 | info.buf = rnd_buf->x; |
| 167 | info.length = rnd_buf->len; |
| 168 | } |
| 169 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 170 | TEST_ASSERT(mbedtls_rsa_rsassa_pss_sign_ext( |
| 171 | &ctx, &mbedtls_test_rnd_buffer_rand, &info, |
| 172 | digest, hash_digest->len, hash_digest->x, |
| 173 | fixed_salt_length, output) == result); |
| 174 | if (result == 0) { |
| 175 | ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | exit: |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 179 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 180 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| 181 | mbedtls_rsa_free(&ctx); |
| Cédric Meuter | 668a78d | 2020-04-30 11:57:04 +0200 | [diff] [blame] | 182 | } |
| 183 | /* END_CASE */ |
| 184 | |
| 185 | /* BEGIN_CASE */ |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 186 | void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E, |
| 187 | int digest, int hash, data_t *hash_digest, |
| 188 | char *salt, data_t *result_str, int result) |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 189 | { |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 190 | mbedtls_rsa_context ctx; |
| Hanno Becker | 6326a6d | 2017-08-23 06:38:22 +0100 | [diff] [blame] | 191 | mbedtls_mpi N, E; |
| Paul Bakker | dbd443d | 2013-08-16 13:38:47 +0200 | [diff] [blame] | 192 | ((void) salt); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 193 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 194 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 195 | mbedtls_rsa_init(&ctx); |
| 196 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, |
| 197 | MBEDTLS_RSA_PKCS_V21, hash) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 198 | |
| Yanray Wang | 15d3df7 | 2023-03-17 19:34:01 +0800 | [diff] [blame^] | 199 | TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V21); |
| 200 | TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash); |
| 201 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 202 | TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); |
| 203 | TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 204 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 205 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
| 206 | TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); |
| 207 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 208 | |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 209 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 210 | TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, hash_digest->len, hash_digest->x, |
| 211 | result_str->x) == result); |
| Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 212 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 213 | exit: |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 214 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 215 | mbedtls_rsa_free(&ctx); |
| Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 216 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 217 | /* END_CASE */ |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 218 | |
| 219 | /* BEGIN_CASE */ |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 220 | void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E, |
| 221 | int msg_digest_id, int ctx_hash, |
| 222 | int mgf_hash, int salt_len, |
| 223 | data_t *hash_digest, |
| 224 | data_t *result_str, int result_simple, |
| 225 | int result_full) |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 226 | { |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 227 | mbedtls_rsa_context ctx; |
| Hanno Becker | 6326a6d | 2017-08-23 06:38:22 +0100 | [diff] [blame] | 228 | mbedtls_mpi N, E; |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 229 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 230 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 231 | mbedtls_rsa_init(&ctx); |
| 232 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, |
| 233 | MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 234 | |
| Yanray Wang | 15d3df7 | 2023-03-17 19:34:01 +0800 | [diff] [blame^] | 235 | TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V21); |
| 236 | TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == ctx_hash); |
| 237 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 238 | TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); |
| 239 | TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 240 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 241 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
| 242 | TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); |
| 243 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 244 | |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 245 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 246 | TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, msg_digest_id, |
| 247 | hash_digest->len, hash_digest->x, |
| 248 | result_str->x) == result_simple); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 249 | |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 250 | TEST_ASSERT(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, msg_digest_id, hash_digest->len, |
| 251 | hash_digest->x, mgf_hash, salt_len, |
| 252 | result_str->x) == result_full); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 253 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 254 | exit: |
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 255 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 256 | mbedtls_rsa_free(&ctx); |
| Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 257 | } |
| 258 | /* END_CASE */ |