TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e05a21f0849a40c2997c7712d93e6ae1f152e146 / . / tests / suites / test_suite_pkcs1_v15.function
blob: 03b31c22d170ee7eeca188dccfd719ea616e7e82 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
Manuel Pégourié-Gonnard4c1087f2022-07-15 11:16:58 +0200[diff] [blame]4
Manuel Pégourié-Gonnard07018f92022-09-15 11:29:35 +0200[diff] [blame]5#include "mbedtls/legacy_or_psa.h"
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]6/* END_HEADER */
7
8/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard3637c512022-07-13 12:41:36 +0200[diff] [blame]9 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]10 * END_DEPENDENCIES
11 */
12
13/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]14void pkcs1_rsaes_v15_encrypt(int mod, char *input_N,
15 char *input_E, int hash,
16 data_t *message_str, data_t *rnd_buf,
17 data_t *result_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]19 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]20 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]21 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]22 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]23
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]24 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
25 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]26 info.buf = rnd_buf->x;
27 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]29 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
30 mbedtls_rsa_init(&ctx);
Yanray Wange05a21f2023-03-17 20:09:17 +0800[diff] [blame^]31
32 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
33 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == MBEDTLS_MD_NONE);
34
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]35 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
36 MBEDTLS_RSA_PKCS_V15, hash) == 0);
37 memset(output, 0x00, sizeof(output));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]38
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]39 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
40 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
41
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]42 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
43 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
44 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
45 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
46 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]47
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 if (message_str->len == 0) {
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]49 message_str->x = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50 }
51 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
52 &mbedtls_test_rnd_buffer_rand,
53 &info, message_str->len,
54 message_str->x,
55 output) == result);
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]56
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]57 if (result == 0) {
58 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
59 ctx.len, result_str->len) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]60 }
61
62exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]63 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
64 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]65}
66/* END_CASE */
67
68/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]69void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q,
70 char *input_N, char *input_E, int hash,
71 data_t *result_str, char *seed,
72 data_t *message_str, int result)
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]73{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]74 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]75 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]76 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]77 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]78 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]79 ((void) seed);
80
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]81 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
82 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
83 mbedtls_rsa_init(&ctx);
84 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
85 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]86
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]87 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
88 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
89
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]90 memset(output, 0x00, sizeof(output));
91 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]92
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]93 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
94 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
95 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
96 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]97
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]98 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
99 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
100 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
101 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]102
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]103 if (result_str->len == 0) {
104 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
105 &mbedtls_test_rnd_pseudo_rand,
106 &rnd_info,
107 &output_len, message_str->x,
108 NULL, 0) == result);
109 } else {
110 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
111 &mbedtls_test_rnd_pseudo_rand,
112 &rnd_info,
113 &output_len, message_str->x,
114 output, 1000) == result);
115 if (result == 0) {
116 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
117 output_len,
118 result_str->len) == 0);
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]119 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]120 }
121
122exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]123 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
124 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
125 mbedtls_rsa_free(&ctx);
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]126}
127/* END_CASE */
128
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]129/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]130void pkcs1_v15_decode(data_t *input,
131 int expected_plaintext_length_arg,
132 int output_size_arg,
133 int expected_result)
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]134{
135 size_t expected_plaintext_length = expected_plaintext_length_arg;
136 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]137 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]138 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
139 mbedtls_rsa_context ctx;
140 static unsigned char N[128] = {
141 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
142 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
143 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
144 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
145 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
146 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
147 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
148 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
149 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
150 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
151 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
152 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
153 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
154 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
155 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
156 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
157 };
158 static unsigned char E[1] = { 0x03 };
159 static unsigned char P[64] = {
160 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
161 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
162 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
163 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
164 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
165 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
166 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
167 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
168 };
169 static unsigned char Q[64] = {
170 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
171 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
172 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
173 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
174 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
175 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
176 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
177 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
178 };
179 unsigned char original[128];
180 unsigned char intermediate[128];
181 static unsigned char default_content[128] = {
182 /* A randomly generated pattern. */
183 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
184 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
185 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
186 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
187 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
188 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
189 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
190 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
191 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
192 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
193 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
194 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
195 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
196 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
197 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
198 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
199 };
200 unsigned char final[128];
201 size_t output_length = 0x7EA0;
202
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
204 mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi);
205 mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi);
206 mbedtls_rsa_init(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]207
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]208 TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0);
209 TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0);
210 TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0);
211 TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]212
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi,
214 NULL, &Empi) == 0);
215 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]216
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]217 TEST_ASSERT(input->len <= sizeof(N));
218 memcpy(original, input->x, input->len);
219 memset(original + input->len, 'd', sizeof(original) - input->len);
220 TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]221
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]222 memcpy(final, default_content, sizeof(final));
223 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx,
224 &mbedtls_test_rnd_pseudo_rand,
225 &rnd_info, &output_length,
226 intermediate, final,
227 output_size) == expected_result);
228 if (expected_result == 0) {
229 TEST_ASSERT(output_length == expected_plaintext_length);
230 TEST_ASSERT(memcmp(original + sizeof(N) - output_length,
231 final,
232 output_length) == 0);
233 } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
234 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) {
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]235 size_t max_payload_length =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]236 output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]237 size_t i;
238 size_t count = 0;
239
240#if !defined(MBEDTLS_RSA_ALT)
241 /* Check that the output in invalid cases is what the default
242 * implementation currently does. Alternative implementations
243 * may produce different output, so we only perform these precise
244 * checks when using the default implementation. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]245 TEST_ASSERT(output_length == max_payload_length);
246 for (i = 0; i < max_payload_length; i++) {
247 TEST_ASSERT(final[i] == 0);
248 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]249#endif
250 /* Even in alternative implementations, the outputs must have
251 * changed, otherwise it indicates at least a timing vulnerability
252 * because no write to the outputs is performed in the bad case. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]253 TEST_ASSERT(output_length != 0x7EA0);
254 for (i = 0; i < max_payload_length; i++) {
255 count += (final[i] == default_content[i]);
256 }
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]257 /* If more than 16 bytes are unchanged in final, that's evidence
258 * that final wasn't overwritten. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259 TEST_ASSERT(count < 16);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]260 }
261
262exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]263 mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi);
264 mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi);
265 mbedtls_rsa_free(&ctx);
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]266}
267/* END_CASE */
268
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]269/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]270void pkcs1_rsassa_v15_sign(int mod, char *input_P,
271 char *input_Q, char *input_N,
272 char *input_E, int digest, int hash,
273 data_t *message_str, data_t *rnd_buf,
274 data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]275{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]276 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]277 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]278 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]279 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]280
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]281 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
282 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]283 info.buf = rnd_buf->x;
284 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]285
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]286 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
287 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
288 mbedtls_rsa_init(&ctx);
289 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
290 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]291
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]292 memset(output, 0x00, sizeof(output));
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]293
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]294 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
295 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
296
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]297 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
298 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
299 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
300 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]301
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
303 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
304 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
305 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]306
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]307 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
308 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
309 digest, message_str->len, message_str->x,
310 output) == result);
311 if (result == 0) {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]312
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]313 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
314 ctx.len, result_str->len) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]315 }
316
317exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]318 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
319 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
320 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]321}
322/* END_CASE */
323
Manuel Pégourié-Gonnard5ce99592022-07-16 08:04:55 +0200[diff] [blame]324/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]325void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E,
326 int digest, int hash, data_t *message_str,
327 char *salt, data_t *result_str, int result)
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]328{
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]329 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]330 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]331 ((void) salt);
332
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]333 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
334 mbedtls_rsa_init(&ctx);
335 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
336 MBEDTLS_RSA_PKCS_V15, hash) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]337
Yanray Wang15d3df72023-03-17 19:34:01 +0800[diff] [blame]338 TEST_ASSERT(mbedtls_rsa_get_padding_mode(&ctx) == MBEDTLS_RSA_PKCS_V15);
339 TEST_ASSERT(mbedtls_rsa_get_md_alg(&ctx) == hash);
340
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]341 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
342 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
343 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
344 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8));
345 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]346
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
348 result_str->x) == result);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]349
350exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]351 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
352 mbedtls_rsa_free(&ctx);
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]353}
354/* END_CASE */