TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / aa01a038b521931382951036a5cd49bddcc40b51 / . / tests / suites / test_suite_pkcs1_v15.function
blob: 7113274550f0ceeb8e6b0c240a8f522a3e5f4022 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard3637c512022-07-13 12:41:36 +0200[diff] [blame]7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]12void pkcs1_rsaes_v15_encrypt(int mod, char *input_N,
13 char *input_E, int hash,
14 data_t *message_str, data_t *rnd_buf,
15 data_t *result_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]16{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]17 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]19 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]20 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]21
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]22 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
23 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]24 info.buf = rnd_buf->x;
25 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]26
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]27 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
28 mbedtls_rsa_init(&ctx);
Yanray Wange05a21f2023-03-17 20:09:17 +0800[diff] [blame]29
Yanray Wang69bc8402023-03-17 20:33:03 +0800[diff] [blame]30 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15);
31 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), MBEDTLS_MD_NONE);
Yanray Wange05a21f2023-03-17 20:09:17 +0800[diff] [blame]32
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]33 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
34 MBEDTLS_RSA_PKCS_V15, hash) == 0);
35 memset(output, 0x00, sizeof(output));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]36
Yanray Wang69bc8402023-03-17 20:33:03 +0800[diff] [blame]37 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15);
38 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash);
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]39
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]40 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
41 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
42 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
43 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
44 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]45
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]46 if (message_str->len == 0) {
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]47 message_str->x = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 }
49 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
50 &mbedtls_test_rnd_buffer_rand,
51 &info, message_str->len,
52 message_str->x,
53 output) == result);
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]54
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]55 if (result == 0) {
56 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
57 ctx.len, result_str->len) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]58 }
59
60exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]61 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
62 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]63}
64/* END_CASE */
65
66/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]67void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q,
68 char *input_N, char *input_E, int hash,
69 data_t *result_str, char *seed,
70 data_t *message_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]71{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]72 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]73 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]74 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]75 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]76 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]77 ((void) seed);
78
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]79 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
80 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
81 mbedtls_rsa_init(&ctx);
82 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
83 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]84
Yanray Wang69bc8402023-03-17 20:33:03 +0800[diff] [blame]85 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15);
86 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash);
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 memset(output, 0x00, sizeof(output));
89 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]90
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]91 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
92 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
93 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
94 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]95
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]96 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
97 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
98 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
99 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]100
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]101 if (result_str->len == 0) {
102 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
103 &mbedtls_test_rnd_pseudo_rand,
104 &rnd_info,
105 &output_len, message_str->x,
106 NULL, 0) == result);
107 } else {
108 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
109 &mbedtls_test_rnd_pseudo_rand,
110 &rnd_info,
111 &output_len, message_str->x,
112 output, 1000) == result);
113 if (result == 0) {
114 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
115 output_len,
116 result_str->len) == 0);
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]117 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]118 }
119
120exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]121 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
122 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
123 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]124}
125/* END_CASE */
126
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]127/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128void pkcs1_v15_decode(data_t *input,
129 int expected_plaintext_length_arg,
130 int output_size_arg,
131 int expected_result)
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]132{
133 size_t expected_plaintext_length = expected_plaintext_length_arg;
134 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]135 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]136 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
137 mbedtls_rsa_context ctx;
138 static unsigned char N[128] = {
139 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
140 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
141 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
142 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
143 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
144 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
145 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
146 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
147 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
148 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
149 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
150 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
151 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
152 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
153 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
154 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
155 };
156 static unsigned char E[1] = { 0x03 };
157 static unsigned char P[64] = {
158 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
159 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
160 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
161 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
162 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
163 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
164 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
165 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
166 };
167 static unsigned char Q[64] = {
168 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
169 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
170 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
171 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
172 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
173 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
174 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
175 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
176 };
177 unsigned char original[128];
178 unsigned char intermediate[128];
179 static unsigned char default_content[128] = {
180 /* A randomly generated pattern. */
181 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
182 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
183 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
184 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
185 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
186 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
187 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
188 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
189 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
190 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
191 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
192 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
193 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
194 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
195 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
196 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
197 };
198 unsigned char final[128];
199 size_t output_length = 0x7EA0;
200
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]201 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
202 mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi);
203 mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi);
204 mbedtls_rsa_init(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]205
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]206 TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0);
207 TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0);
208 TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0);
209 TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]210
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]211 TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi,
212 NULL, &Empi) == 0);
213 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]214
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]215 TEST_ASSERT(input->len <= sizeof(N));
216 memcpy(original, input->x, input->len);
217 memset(original + input->len, 'd', sizeof(original) - input->len);
218 TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]219
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]220 memcpy(final, default_content, sizeof(final));
221 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
222 &mbedtls_test_rnd_pseudo_rand,
223 &rnd_info, &output_length,
224 intermediate, final,
225 output_size) == expected_result);
226 if (expected_result == 0) {
227 TEST_ASSERT(output_length == expected_plaintext_length);
228 TEST_ASSERT(memcmp(original + sizeof(N) - output_length,
229 final,
230 output_length) == 0);
231 } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
232 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) {
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]233 size_t max_payload_length =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]234 output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]235 size_t i;
236 size_t count = 0;
237
238#if !defined(MBEDTLS_RSA_ALT)
239 /* Check that the output in invalid cases is what the default
240 * implementation currently does. Alternative implementations
241 * may produce different output, so we only perform these precise
242 * checks when using the default implementation. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 TEST_ASSERT(output_length == max_payload_length);
244 for (i = 0; i < max_payload_length; i++) {
245 TEST_ASSERT(final[i] == 0);
246 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]247#endif
248 /* Even in alternative implementations, the outputs must have
249 * changed, otherwise it indicates at least a timing vulnerability
250 * because no write to the outputs is performed in the bad case. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251 TEST_ASSERT(output_length != 0x7EA0);
252 for (i = 0; i < max_payload_length; i++) {
253 count += (final[i] == default_content[i]);
254 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]255 /* If more than 16 bytes are unchanged in final, that's evidence
256 * that final wasn't overwritten. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]257 TEST_ASSERT(count < 16);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]258 }
259
260exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]261 mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi);
262 mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi);
263 mbedtls_rsa_free(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]264}
265/* END_CASE */
266
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]267/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]268void pkcs1_rsassa_v15_sign(int mod, char *input_P,
269 char *input_Q, char *input_N,
270 char *input_E, int digest, int hash,
271 data_t *message_str, data_t *rnd_buf,
272 data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]273{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]274 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]275 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]276 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]277 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]278
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]279 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
280 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]281 info.buf = rnd_buf->x;
282 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]283
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]284 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
285 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
286 mbedtls_rsa_init(&ctx);
287 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
288 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]289
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]290 memset(output, 0x00, sizeof(output));
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]291
Yanray Wang69bc8402023-03-17 20:33:03 +0800[diff] [blame]292 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15);
293 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash);
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]294
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]295 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
296 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
297 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
298 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]299
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]300 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
301 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
302 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
303 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]304
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]305 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
306 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
307 digest, message_str->len, message_str->x,
308 output) == result);
309 if (result == 0) {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]310
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]311 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
312 ctx.len, result_str->len) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]313 }
314
315exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]316 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
317 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
318 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]319}
320/* END_CASE */
321
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]322/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]323void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E,
324 int digest, int hash, data_t *message_str,
325 char *salt, data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]326{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]327 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]328 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]329 ((void) salt);
330
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]331 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
332 mbedtls_rsa_init(&ctx);
333 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
334 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]335
Yanray Wang69bc8402023-03-17 20:33:03 +0800[diff] [blame]336 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15);
337 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash);
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]338
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]339 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
340 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
341 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
342 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
343 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]344
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]345 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
346 result_str->x) == result);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]347
348exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]349 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
350 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]351}
352/* END_CASE */