blob: 0723623a5f2a8444c9482491d481431ddcfa675b [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +00001/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +010012void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
13 int radix_E, char * input_E, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +010014 data_t * message_str, data_t * rnd_buf,
15 data_t * result_hex_str, int result )
Janos Follath8a49a012016-02-12 13:18:20 +000016{
Janos Follath8a49a012016-02-12 13:18:20 +000017 unsigned char output[1000];
Janos Follath8a49a012016-02-12 13:18:20 +000018 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +000019 rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +010020 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +000021
Azim Khand30ca132017-06-09 04:32:58 +010022 info.buf = rnd_buf->x;
23 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +000024
Hanno Becker6d43f9e2017-08-23 06:35:17 +010025 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +000026 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Janos Follath8a49a012016-02-12 13:18:20 +000027 memset( output, 0x00, 1000 );
Janos Follath8a49a012016-02-12 13:18:20 +000028
Hanno Becker6d43f9e2017-08-23 06:35:17 +010029 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
30 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
31 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
32 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follath8a49a012016-02-12 13:18:20 +000033 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
34
Janos Follath8a49a012016-02-12 13:18:20 +000035
Azim Khand30ca132017-06-09 04:32:58 +010036 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
Janos Follath8a49a012016-02-12 13:18:20 +000037 if( result == 0 )
38 {
Janos Follath8a49a012016-02-12 13:18:20 +000039
Azim Khand30ca132017-06-09 04:32:58 +010040 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +000041 }
42
43exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +010044 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +000045 mbedtls_rsa_free( &ctx );
46}
47/* END_CASE */
48
49/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +010050void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
51 int radix_Q, char * input_Q, int radix_N,
52 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +010053 int hash, data_t * result_hex_str,
54 char * seed, data_t * message_str,
Azim Khanf1aaec92017-05-30 14:23:15 +010055 int result )
Janos Follath8a49a012016-02-12 13:18:20 +000056{
Janos Follath8a49a012016-02-12 13:18:20 +000057 unsigned char output[1000];
Janos Follath8a49a012016-02-12 13:18:20 +000058 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +000059 size_t output_len;
60 rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +010061 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +000062 ((void) seed);
63
Hanno Becker6d43f9e2017-08-23 06:35:17 +010064 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
65 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +000066 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
67
Janos Follath8a49a012016-02-12 13:18:20 +000068 memset( output, 0x00, 1000 );
Janos Follath8a49a012016-02-12 13:18:20 +000069 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
70
Hanno Becker6d43f9e2017-08-23 06:35:17 +010071 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
72 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
73 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
74 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +000075
Hanno Becker6d43f9e2017-08-23 06:35:17 +010076 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
77 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +010078 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +000079 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
80
Janos Follath8a49a012016-02-12 13:18:20 +000081
Azim Khand30ca132017-06-09 04:32:58 +010082 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
Janos Follath8a49a012016-02-12 13:18:20 +000083 if( result == 0 )
84 {
Janos Follath8a49a012016-02-12 13:18:20 +000085
Azim Khand30ca132017-06-09 04:32:58 +010086 TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +000087 }
88
89exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +010090 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
91 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +000092 mbedtls_rsa_free( &ctx );
93}
94/* END_CASE */
95
Janos Follathe6aef9f2016-03-16 16:39:41 +000096/* BEGIN_CASE */
Gilles Peskine695a3462018-10-05 18:15:25 +020097void pkcs1_v15_decode( int mode,
98 data_t *input,
99 int expected_plaintext_length_arg,
100 int output_size_arg,
101 int expected_result )
102{
103 size_t expected_plaintext_length = expected_plaintext_length_arg;
104 size_t output_size = output_size_arg;
105 rnd_pseudo_info rnd_info;
106 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
107 mbedtls_rsa_context ctx;
108 static unsigned char N[128] = {
109 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
110 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
111 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
112 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
113 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
114 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
115 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
116 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
117 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
118 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
119 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
120 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
121 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
122 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
123 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
124 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
125 };
126 static unsigned char E[1] = { 0x03 };
127 static unsigned char P[64] = {
128 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
129 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
130 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
131 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
132 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
133 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
134 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
135 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
136 };
137 static unsigned char Q[64] = {
138 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
139 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
140 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
141 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
142 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
143 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
144 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
145 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
146 };
147 unsigned char original[128];
148 unsigned char intermediate[128];
149 static unsigned char default_content[128] = {
150 /* A randomly generated pattern. */
151 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
152 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
153 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
154 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
155 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
156 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
157 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
158 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
159 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
160 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
161 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
162 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
163 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
164 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
165 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
166 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
167 };
168 unsigned char final[128];
169 size_t output_length = 0x7EA0;
170
171 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
172 mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
173 mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
174 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
175
176 TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
177 TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
178 TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
179 TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
180
181 TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
182 NULL, &Empi ) == 0 );
183 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
184
185 TEST_ASSERT( input->len <= sizeof( N ) );
186 memcpy( original, input->x, input->len );
187 memset( original + input->len, 'd', sizeof( original ) - input->len );
188 if( mode == MBEDTLS_RSA_PRIVATE )
189 TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
190 else
191 TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info,
192 original, intermediate ) == 0 );
193
194 memcpy( final, default_content, sizeof( final ) );
195 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
196 &rnd_pseudo_rand, &rnd_info,
197 mode,
198 &output_length,
199 intermediate,
200 final,
201 output_size ) == expected_result );
202 if( expected_result == 0 )
203 {
204 TEST_ASSERT( output_length == expected_plaintext_length );
205 TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
206 final,
207 output_length ) == 0 );
208 }
209 else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
210 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
211 {
212 size_t max_payload_length =
213 output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
214 size_t i;
215 size_t count = 0;
216
217#if !defined(MBEDTLS_RSA_ALT)
218 /* Check that the output in invalid cases is what the default
219 * implementation currently does. Alternative implementations
220 * may produce different output, so we only perform these precise
221 * checks when using the default implementation. */
222 TEST_ASSERT( output_length == max_payload_length );
223 for( i = 0; i < max_payload_length; i++ )
224 TEST_ASSERT( final[i] == 0 );
225#endif
226 /* Even in alternative implementations, the outputs must have
227 * changed, otherwise it indicates at least a timing vulnerability
228 * because no write to the outputs is performed in the bad case. */
229 TEST_ASSERT( output_length != 0x7EA0 );
230 for( i = 0; i < max_payload_length; i++ )
231 count += ( final[i] == default_content[i] );
232 /* If more than 16 bytes are unchanged in final, that's evidence
233 * that final wasn't overwritten. */
234 TEST_ASSERT( count < 16 );
235 }
236
237exit:
238 mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
239 mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
240 mbedtls_rsa_free( &ctx );
241}
242/* END_CASE */
243
244/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100245void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
246 char * input_Q, int radix_N, char * input_N,
247 int radix_E, char * input_E, int digest, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100248 data_t * message_str, data_t * rnd_buf,
249 data_t * result_hex_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000250{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000251 unsigned char hash_result[1000];
252 unsigned char output[1000];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000253 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100254 mbedtls_mpi N, P, Q, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000255 rnd_buf_info info;
256
Azim Khand30ca132017-06-09 04:32:58 +0100257 info.buf = rnd_buf->x;
258 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000259
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100260 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
261 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000262 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
263
Janos Follathe6aef9f2016-03-16 16:39:41 +0000264 memset( hash_result, 0x00, 1000 );
265 memset( output, 0x00, 1000 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000266
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100267 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
268 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
269 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
270 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000271
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100272 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
273 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100274 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000275 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
276
Janos Follathe6aef9f2016-03-16 16:39:41 +0000277
278 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100279 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000280
281 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
282 if( result == 0 )
283 {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000284
Azim Khand30ca132017-06-09 04:32:58 +0100285 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000286 }
287
288exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100289 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
290 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000291 mbedtls_rsa_free( &ctx );
292}
293/* END_CASE */
294
295/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100296void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
297 int radix_E, char * input_E, int digest,
Azim Khan5fcca462018-06-29 11:05:32 +0100298 int hash, data_t * message_str, char * salt,
299 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000300{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000301 unsigned char hash_result[1000];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000302 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100303 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000304 ((void) salt);
305
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100306 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000307 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000308 memset( hash_result, 0x00, 1000 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000309
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100310 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
311 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
312 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
313 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000314 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
315
Janos Follathe6aef9f2016-03-16 16:39:41 +0000316
317 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100318 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000319
Azim Khand30ca132017-06-09 04:32:58 +0100320 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000321
322exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100323 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000324 mbedtls_rsa_free( &ctx );
325}
326/* END_CASE */