TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c7feaf349ce3ad00ef478d0f69915c39061d3212 / . / tests / suites / test_suite_pkcs1_v15.function
blob: b03bddac687dca0d05fa18b0b5fcbec60681b35d [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]12void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
13 int radix_E, char * input_E, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]14 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]15 data_t * result_str, int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]16{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]17 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]19 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]20 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]21
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]22 info.buf = rnd_buf->x;
23 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]24
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]25 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]26 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]27 memset( output, 0x00, sizeof( output ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]29 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
30 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
31 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
32 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]33 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
34
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]35 if( message_str->len == 0 )
36 message_str->x = NULL;
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]37 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
38 &mbedtls_test_rnd_buffer_rand,
39 &info, MBEDTLS_RSA_PUBLIC,
40 message_str->len, message_str->x,
41 output ) == result );
42
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]43 if( result == 0 )
44 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]45 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
46 ctx.len, result_str->len ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]47 }
48
49exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]50 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]51 mbedtls_rsa_free( &ctx );
52}
53/* END_CASE */
54
55/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]56void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
57 int radix_Q, char * input_Q, int radix_N,
58 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]59 int hash, data_t * result_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]60 char * seed, data_t * message_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]61 int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]62{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]63 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]64 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]65 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]66 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]67 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]68 ((void) seed);
69
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]70 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
71 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]72 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
73
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]74 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]75 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]76
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]77 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
78 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
79 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
80 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]81
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]82 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
83 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]84 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]85 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
86
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]87 if( result_str->len == 0 )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]88 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]89 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
90 &mbedtls_test_rnd_pseudo_rand,
91 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]92 &output_len, message_str->x,
93 NULL, 0 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]94 }
95 else
96 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]97 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
98 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame^]99 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]100 &output_len, message_str->x,
101 output, 1000 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]102 if( result == 0 )
103 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]104 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]105 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]106 result_str->len) == 0 );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]107 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]108 }
109
110exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]111 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
112 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]113 mbedtls_rsa_free( &ctx );
114}
115/* END_CASE */
116
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]117/* BEGIN_CASE */
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]118void pkcs1_v15_decode( data_t *input,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]119 int expected_plaintext_length_arg,
120 int output_size_arg,
121 int expected_result )
122{
123 size_t expected_plaintext_length = expected_plaintext_length_arg;
124 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]125 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]126 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
127 mbedtls_rsa_context ctx;
128 static unsigned char N[128] = {
129 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
130 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
131 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
132 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
133 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
134 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
135 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
136 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
137 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
138 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
139 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
140 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
141 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
142 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
143 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
144 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
145 };
146 static unsigned char E[1] = { 0x03 };
147 static unsigned char P[64] = {
148 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
149 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
150 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
151 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
152 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
153 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
154 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
155 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
156 };
157 static unsigned char Q[64] = {
158 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
159 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
160 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
161 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
162 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
163 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
164 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
165 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
166 };
167 unsigned char original[128];
168 unsigned char intermediate[128];
169 static unsigned char default_content[128] = {
170 /* A randomly generated pattern. */
171 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
172 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
173 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
174 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
175 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
176 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
177 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
178 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
179 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
180 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
181 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
182 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
183 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
184 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
185 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
186 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
187 };
188 unsigned char final[128];
189 size_t output_length = 0x7EA0;
190
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]191 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]192 mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
193 mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
194 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
195
196 TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
197 TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
198 TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
199 TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
200
201 TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
202 NULL, &Empi ) == 0 );
203 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
204
205 TEST_ASSERT( input->len <= sizeof( N ) );
206 memcpy( original, input->x, input->len );
207 memset( original + input->len, 'd', sizeof( original ) - input->len );
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]208 TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]209
210 memcpy( final, default_content, sizeof( final ) );
211 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]212 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame^]213 &rnd_info, &output_length,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]214 intermediate, final,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]215 output_size ) == expected_result );
216 if( expected_result == 0 )
217 {
218 TEST_ASSERT( output_length == expected_plaintext_length );
219 TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
220 final,
221 output_length ) == 0 );
222 }
223 else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
224 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
225 {
226 size_t max_payload_length =
227 output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
228 size_t i;
229 size_t count = 0;
230
231#if !defined(MBEDTLS_RSA_ALT)
232 /* Check that the output in invalid cases is what the default
233 * implementation currently does. Alternative implementations
234 * may produce different output, so we only perform these precise
235 * checks when using the default implementation. */
236 TEST_ASSERT( output_length == max_payload_length );
237 for( i = 0; i < max_payload_length; i++ )
238 TEST_ASSERT( final[i] == 0 );
239#endif
240 /* Even in alternative implementations, the outputs must have
241 * changed, otherwise it indicates at least a timing vulnerability
242 * because no write to the outputs is performed in the bad case. */
243 TEST_ASSERT( output_length != 0x7EA0 );
244 for( i = 0; i < max_payload_length; i++ )
245 count += ( final[i] == default_content[i] );
246 /* If more than 16 bytes are unchanged in final, that's evidence
247 * that final wasn't overwritten. */
248 TEST_ASSERT( count < 16 );
249 }
250
251exit:
252 mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
253 mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
254 mbedtls_rsa_free( &ctx );
255}
256/* END_CASE */
257
258/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]259void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
260 char * input_Q, int radix_N, char * input_N,
261 int radix_E, char * input_E, int digest, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]262 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]263 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]264{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]265 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
266 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]267 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]268 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]269 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]270
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]271 info.buf = rnd_buf->x;
272 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]273
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]274 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
275 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]276 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
277
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]278 memset( hash_result, 0x00, sizeof( hash_result ) );
279 memset( output, 0x00, sizeof( output ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]280
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]281 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
282 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
283 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
284 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]285
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]286 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
287 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]288 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]289 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
290
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]291
292 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]293 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]294
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]295 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
296 &info, MBEDTLS_RSA_PRIVATE, digest,
297 0, hash_result, output ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]298 if( result == 0 )
299 {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]300
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]301 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
302 ctx.len, result_str->len ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]303 }
304
305exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]306 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
307 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]308 mbedtls_rsa_free( &ctx );
309}
310/* END_CASE */
311
312/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]313void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
314 int radix_E, char * input_E, int digest,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]315 int hash, data_t * message_str, char * salt,
316 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]317{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]318 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]319 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]320 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]321 ((void) salt);
322
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]323 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]324 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]325 memset( hash_result, 0x00, sizeof( hash_result ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]326
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]327 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
328 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
329 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
330 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]331 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
332
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]333
334 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]335 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]336
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]337 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]338
339exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]340 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]341 mbedtls_rsa_free( &ctx );
342}
343/* END_CASE */