TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8a7ed6951df6b3068bc8cd0b162e7d3e691bc750 / . / tests / suites / test_suite_pkcs1_v15.function
blob: d0ea23cdb5d62a9a3b6d32b12a2f24c09bba0af7 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
Manuel Pégourié-Gonnard4c1087f2022-07-15 11:16:58 +0200[diff] [blame]4
Manuel Pégourié-Gonnard07018f92022-09-15 11:29:35 +0200[diff] [blame]5#include "mbedtls/legacy_or_psa.h"
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]6/* END_HEADER */
7
8/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard3637c512022-07-13 12:41:36 +0200[diff] [blame]9 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]10 * END_DEPENDENCIES
11 */
12
13/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]14void pkcs1_rsaes_v15_encrypt(int mod, char *input_N,
15 char *input_E, int hash,
16 data_t *message_str, data_t *rnd_buf,
17 data_t *result_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]19 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]20 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]21 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]22 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]23
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]24 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
25 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]26 info.buf = rnd_buf->x;
27 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]29 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
30 mbedtls_rsa_init(&ctx);
31 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
32 MBEDTLS_RSA_PKCS_V15, hash) == 0);
33 memset(output, 0x00, sizeof(output));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]34
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]35 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
36 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
37 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
38 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
39 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]40
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]41 if (message_str->len == 0) {
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]42 message_str->x = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]43 }
44 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
45 &mbedtls_test_rnd_buffer_rand,
46 &info, message_str->len,
47 message_str->x,
48 output) == result);
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]49
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50 if (result == 0) {
51 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
52 ctx.len, result_str->len) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]53 }
54
55exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]56 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
57 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]58}
59/* END_CASE */
60
61/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]62void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q,
63 char *input_N, char *input_E, int hash,
64 data_t *result_str, char *seed,
65 data_t *message_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]66{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]67 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]68 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]69 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]70 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]71 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]72 ((void) seed);
73
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]74 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
75 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
76 mbedtls_rsa_init(&ctx);
77 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
78 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]79
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]80 memset(output, 0x00, sizeof(output));
81 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]82
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]83 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
84 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
85 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
86 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
89 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
90 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
91 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]92
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]93 if (result_str->len == 0) {
94 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
95 &mbedtls_test_rnd_pseudo_rand,
96 &rnd_info,
97 &output_len, message_str->x,
98 NULL, 0) == result);
99 } else {
100 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
101 &mbedtls_test_rnd_pseudo_rand,
102 &rnd_info,
103 &output_len, message_str->x,
104 output, 1000) == result);
105 if (result == 0) {
106 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
107 output_len,
108 result_str->len) == 0);
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]109 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]110 }
111
112exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]113 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
114 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
115 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]116}
117/* END_CASE */
118
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]119/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]120void pkcs1_v15_decode(data_t *input,
121 int expected_plaintext_length_arg,
122 int output_size_arg,
123 int expected_result)
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]124{
125 size_t expected_plaintext_length = expected_plaintext_length_arg;
126 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]127 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]128 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
129 mbedtls_rsa_context ctx;
130 static unsigned char N[128] = {
131 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
132 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
133 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
134 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
135 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
136 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
137 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
138 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
139 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
140 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
141 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
142 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
143 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
144 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
145 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
146 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
147 };
148 static unsigned char E[1] = { 0x03 };
149 static unsigned char P[64] = {
150 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
151 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
152 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
153 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
154 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
155 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
156 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
157 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
158 };
159 static unsigned char Q[64] = {
160 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
161 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
162 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
163 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
164 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
165 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
166 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
167 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
168 };
169 unsigned char original[128];
170 unsigned char intermediate[128];
171 static unsigned char default_content[128] = {
172 /* A randomly generated pattern. */
173 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
174 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
175 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
176 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
177 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
178 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
179 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
180 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
181 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
182 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
183 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
184 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
185 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
186 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
187 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
188 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
189 };
190 unsigned char final[128];
191 size_t output_length = 0x7EA0;
192
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]193 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
194 mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi);
195 mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi);
196 mbedtls_rsa_init(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]197
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]198 TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0);
199 TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0);
200 TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0);
201 TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]202
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi,
204 NULL, &Empi) == 0);
205 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]206
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]207 TEST_ASSERT(input->len <= sizeof(N));
208 memcpy(original, input->x, input->len);
209 memset(original + input->len, 'd', sizeof(original) - input->len);
210 TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]211
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]212 memcpy(final, default_content, sizeof(final));
213 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
214 &mbedtls_test_rnd_pseudo_rand,
215 &rnd_info, &output_length,
216 intermediate, final,
217 output_size) == expected_result);
218 if (expected_result == 0) {
219 TEST_ASSERT(output_length == expected_plaintext_length);
220 TEST_ASSERT(memcmp(original + sizeof(N) - output_length,
221 final,
222 output_length) == 0);
223 } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
224 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) {
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]225 size_t max_payload_length =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226 output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]227 size_t i;
228 size_t count = 0;
229
230#if !defined(MBEDTLS_RSA_ALT)
231 /* Check that the output in invalid cases is what the default
232 * implementation currently does. Alternative implementations
233 * may produce different output, so we only perform these precise
234 * checks when using the default implementation. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]235 TEST_ASSERT(output_length == max_payload_length);
236 for (i = 0; i < max_payload_length; i++) {
237 TEST_ASSERT(final[i] == 0);
238 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]239#endif
240 /* Even in alternative implementations, the outputs must have
241 * changed, otherwise it indicates at least a timing vulnerability
242 * because no write to the outputs is performed in the bad case. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 TEST_ASSERT(output_length != 0x7EA0);
244 for (i = 0; i < max_payload_length; i++) {
245 count += (final[i] == default_content[i]);
246 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]247 /* If more than 16 bytes are unchanged in final, that's evidence
248 * that final wasn't overwritten. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]249 TEST_ASSERT(count < 16);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]250 }
251
252exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]253 mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi);
254 mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi);
255 mbedtls_rsa_free(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]256}
257/* END_CASE */
258
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]259/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]260void pkcs1_rsassa_v15_sign(int mod, char *input_P,
261 char *input_Q, char *input_N,
262 char *input_E, int digest, int hash,
263 data_t *message_str, data_t *rnd_buf,
264 data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]265{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]266 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]267 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]268 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]269 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]270
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]271 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
272 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]273 info.buf = rnd_buf->x;
274 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]275
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]276 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
277 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
278 mbedtls_rsa_init(&ctx);
279 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
280 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]281
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282 memset(output, 0x00, sizeof(output));
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]283
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]284 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
285 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
286 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
287 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]288
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
290 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
291 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
292 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]293
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
295 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
296 digest, message_str->len, message_str->x,
297 output) == result);
298 if (result == 0) {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]299
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]300 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
301 ctx.len, result_str->len) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]302 }
303
304exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]305 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
306 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
307 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]308}
309/* END_CASE */
310
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]311/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]312void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E,
313 int digest, int hash, data_t *message_str,
314 char *salt, data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]315{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]316 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]317 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]318 ((void) salt);
319
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]320 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
321 mbedtls_rsa_init(&ctx);
322 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
323 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]324
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]325 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
326 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
327 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
328 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
329 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]330
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]331 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
332 result_str->x) == result);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]333
334exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]335 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
336 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]337}
338/* END_CASE */