TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6e3187b2122055bbd0bf43f59d01dd4d6dc89f35 / . / tests / suites / test_suite_pkcs1_v15.function
blob: 3d29f10bb17930dbfae6aa9eb88ac2c6a4b07177 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]12void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
13 int radix_E, char * input_E, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]14 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]15 data_t * result_str, int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]16{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]17 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]19 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]20 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]21
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]22 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
23 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]24 info.buf = rnd_buf->x;
25 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]26
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]27 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]28 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]29 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
30 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]31 memset( output, 0x00, sizeof( output ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]32
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]33 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
34 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
35 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
36 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]37 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
38
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]39 if( message_str->len == 0 )
40 message_str->x = NULL;
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]41 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
42 &mbedtls_test_rnd_buffer_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]43 &info, message_str->len,
44 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]45 output ) == result );
46
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]47 if( result == 0 )
48 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]49 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
50 ctx.len, result_str->len ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]51 }
52
53exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]54 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]55 mbedtls_rsa_free( &ctx );
56}
57/* END_CASE */
58
59/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]60void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
61 int radix_Q, char * input_Q, int radix_N,
62 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]63 int hash, data_t * result_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]64 char * seed, data_t * message_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]65 int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]66{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]67 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]68 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]69 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]70 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]71 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]72 ((void) seed);
73
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]74 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
75 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]76 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]77 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
78 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]79
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]80 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]81 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]82
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]83 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
84 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
85 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
86 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]87
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]88 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
89 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]90 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]91 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
92
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]93 if( result_str->len == 0 )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]94 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]95 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
96 &mbedtls_test_rnd_pseudo_rand,
97 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]98 &output_len, message_str->x,
99 NULL, 0 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]100 }
101 else
102 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]103 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
104 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]105 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]106 &output_len, message_str->x,
107 output, 1000 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]108 if( result == 0 )
109 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]110 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]111 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]112 result_str->len) == 0 );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]113 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]114 }
115
116exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]117 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
118 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]119 mbedtls_rsa_free( &ctx );
120}
121/* END_CASE */
122
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]123/* BEGIN_CASE */
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]124void pkcs1_v15_decode( data_t *input,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]125 int expected_plaintext_length_arg,
126 int output_size_arg,
127 int expected_result )
128{
129 size_t expected_plaintext_length = expected_plaintext_length_arg;
130 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]131 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]132 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
133 mbedtls_rsa_context ctx;
134 static unsigned char N[128] = {
135 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
136 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
137 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
138 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
139 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
140 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
141 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
142 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
143 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
144 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
145 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
146 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
147 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
148 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
149 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
150 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
151 };
152 static unsigned char E[1] = { 0x03 };
153 static unsigned char P[64] = {
154 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
155 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
156 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
157 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
158 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
159 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
160 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
161 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
162 };
163 static unsigned char Q[64] = {
164 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
165 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
166 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
167 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
168 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
169 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
170 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
171 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
172 };
173 unsigned char original[128];
174 unsigned char intermediate[128];
175 static unsigned char default_content[128] = {
176 /* A randomly generated pattern. */
177 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
178 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
179 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
180 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
181 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
182 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
183 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
184 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
185 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
186 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
187 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
188 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
189 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
190 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
191 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
192 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
193 };
194 unsigned char final[128];
195 size_t output_length = 0x7EA0;
196
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]197 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]198 mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
199 mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]200 mbedtls_rsa_init( &ctx );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]201
202 TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
203 TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
204 TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
205 TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
206
207 TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
208 NULL, &Empi ) == 0 );
209 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
210
211 TEST_ASSERT( input->len <= sizeof( N ) );
212 memcpy( original, input->x, input->len );
213 memset( original + input->len, 'd', sizeof( original ) - input->len );
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]214 TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]215
216 memcpy( final, default_content, sizeof( final ) );
217 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]218 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]219 &rnd_info, &output_length,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]220 intermediate, final,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]221 output_size ) == expected_result );
222 if( expected_result == 0 )
223 {
224 TEST_ASSERT( output_length == expected_plaintext_length );
225 TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
226 final,
227 output_length ) == 0 );
228 }
229 else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
230 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
231 {
232 size_t max_payload_length =
233 output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
234 size_t i;
235 size_t count = 0;
236
237#if !defined(MBEDTLS_RSA_ALT)
238 /* Check that the output in invalid cases is what the default
239 * implementation currently does. Alternative implementations
240 * may produce different output, so we only perform these precise
241 * checks when using the default implementation. */
242 TEST_ASSERT( output_length == max_payload_length );
243 for( i = 0; i < max_payload_length; i++ )
244 TEST_ASSERT( final[i] == 0 );
245#endif
246 /* Even in alternative implementations, the outputs must have
247 * changed, otherwise it indicates at least a timing vulnerability
248 * because no write to the outputs is performed in the bad case. */
249 TEST_ASSERT( output_length != 0x7EA0 );
250 for( i = 0; i < max_payload_length; i++ )
251 count += ( final[i] == default_content[i] );
252 /* If more than 16 bytes are unchanged in final, that's evidence
253 * that final wasn't overwritten. */
254 TEST_ASSERT( count < 16 );
255 }
256
257exit:
258 mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
259 mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
260 mbedtls_rsa_free( &ctx );
261}
262/* END_CASE */
263
264/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]265void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
266 char * input_Q, int radix_N, char * input_N,
267 int radix_E, char * input_E, int digest, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]268 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]269 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]270{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]271 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]272 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]273 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]274 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]275 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]276 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]277
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]278 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
279 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]280 info.buf = rnd_buf->x;
281 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]282
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]283 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
284 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]285 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]286 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
287 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]288
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]289 memset( hash_result, 0x00, sizeof( hash_result ) );
290 memset( output, 0x00, sizeof( output ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]291
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]292 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
293 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
294 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
295 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]296
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]297 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
298 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]299 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]300 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
301
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]302 if( md_info != NULL )
303 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]304
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]305 TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
306 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
307 digest, mbedtls_md_get_size( md_info ), hash_result,
308 output ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]309 if( result == 0 )
310 {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]311
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]312 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
313 ctx.len, result_str->len ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]314 }
315
316exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]317 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
318 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]319 mbedtls_rsa_free( &ctx );
320}
321/* END_CASE */
322
323/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]324void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
325 int radix_E, char * input_E, int digest,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]326 int hash, data_t * message_str, char * salt,
327 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]328{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]329 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]330 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]331 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]332 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]333 ((void) salt);
334
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]335 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]336 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]337 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
338 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]339 memset( hash_result, 0x00, sizeof( hash_result ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]340
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]341 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
342 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
343 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
344 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]345 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
346
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]347
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]348 if( md_info != NULL )
349 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]350
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame^]351 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]352
353exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]354 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]355 mbedtls_rsa_free( &ctx );
356}
357/* END_CASE */