Merge branch 'development'
diff --git a/ChangeLog b/ChangeLog
index 3b32873..bb3af66 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,16 @@
= mbed TLS 2.x branch
+Security
+ * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+ required by PKCS1 v2.2
+ * Fix potential integer overflow to buffer overflow in
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
+ (not triggerable remotely in (D)TLS).
+ * Fix a potential integer underflow to buffer overread in
+ mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
+ SSL/TLS.
+
Features
* Support for platform abstraction of the standard C library time()
function.
diff --git a/library/rsa.c b/library/rsa.c
index 9386a76..8e17ac4 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -477,8 +477,7 @@
hlen = mbedtls_md_get_size( md_ctx->md_info );
- // Generate and apply dbMask
- //
+ /* Generate and apply dbMask */
p = dst;
while( dlen > 0 )
@@ -535,22 +534,21 @@
olen = ctx->len;
hlen = mbedtls_md_get_size( md_info );
- if( olen < ilen + 2 * hlen + 2 )
+ /* first comparison checks for overflow */
+ if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( output, 0, olen );
*p++ = 0;
- // Generate a random octet string seed
- //
+ /* Generate a random octet string seed */
if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
p += hlen;
- // Construct DB
- //
+ /* Construct DB */
mbedtls_md( md_info, label, label_len, p );
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
@@ -560,13 +558,11 @@
mbedtls_md_init( &md_ctx );
mbedtls_md_setup( &md_ctx, md_info, 0 );
- // maskedDB: Apply dbMask to DB
- //
+ /* maskedDB: Apply dbMask to DB */
mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
&md_ctx );
- // maskedSeed: Apply seedMask to seed
- //
+ /* maskedSeed: Apply seedMask to seed */
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx );
@@ -602,7 +598,8 @@
olen = ctx->len;
- if( olen < ilen + 11 )
+ /* first comparison checks for overflow */
+ if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen;
@@ -620,8 +617,7 @@
ret = f_rng( p_rng, p, 1 );
} while( *p == 0 && --rng_dl && ret == 0 );
- // Check if RNG failed to generate data
- //
+ /* Check if RNG failed to generate data */
if( rng_dl == 0 || ret != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
@@ -712,6 +708,12 @@
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ hlen = mbedtls_md_get_size( md_info );
+
+ // checking for integer underflow
+ if( 2 * hlen + 2 > ilen )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
/*
* RSA operation
*/
@@ -725,8 +727,6 @@
/*
* Unmask data and generate lHash
*/
- hlen = mbedtls_md_get_size( md_info );
-
mbedtls_md_init( &md_ctx );
mbedtls_md_setup( &md_ctx, md_info, 0 );
@@ -866,6 +866,8 @@
bad |= *p++; /* Must be zero */
}
+ bad |= ( pad_count < 8 );
+
if( bad )
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
@@ -942,8 +944,7 @@
if( md_alg != MBEDTLS_MD_NONE )
{
- // Gather length of hash to sign
- //
+ /* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -963,13 +964,11 @@
memset( sig, 0, olen );
- // Generate salt of length slen
- //
+ /* Generate salt of length slen */
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
- // Note: EMSA-PSS encoding is over the length of N - 1 bits
- //
+ /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
p += olen - hlen * 2 - 2;
*p++ = 0x01;
@@ -979,21 +978,18 @@
mbedtls_md_init( &md_ctx );
mbedtls_md_setup( &md_ctx, md_info, 0 );
- // Generate H = Hash( M' )
- //
+ /* Generate H = Hash( M' ) */
mbedtls_md_starts( &md_ctx );
mbedtls_md_update( &md_ctx, p, 8 );
mbedtls_md_update( &md_ctx, hash, hashlen );
mbedtls_md_update( &md_ctx, salt, slen );
mbedtls_md_finish( &md_ctx, p );
- // Compensate for boundary condition when applying mask
- //
+ /* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
offset = 1;
- // maskedDB: Apply dbMask to DB
- //
+ /* maskedDB: Apply dbMask to DB */
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
mbedtls_md_free( &md_ctx );
@@ -1222,8 +1218,7 @@
if( md_alg != MBEDTLS_MD_NONE )
{
- // Gather length of hash to sign
- //
+ /* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1240,12 +1235,12 @@
memset( zeros, 0, 8 );
- // Note: EMSA-PSS verification is over the length of N - 1 bits
- //
+ /*
+ * Note: EMSA-PSS verification is over the length of N - 1 bits
+ */
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- // Compensate for boundary condition when applying mask
- //
+ /* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
{
p++;
@@ -1281,8 +1276,9 @@
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
}
- // Generate H = Hash( M' )
- //
+ /*
+ * Generate H = Hash( M' )
+ */
mbedtls_md_starts( &md_ctx );
mbedtls_md_update( &md_ctx, zeros, 8 );
mbedtls_md_update( &md_ctx, hash, hashlen );
@@ -1392,8 +1388,9 @@
end = p + len;
- // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
- //
+ /*
+ * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
+ */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 94431e0..57c6720 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -29,7 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
@@ -39,8 +43,8 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include <stdio.h>
#include <string.h>
+
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@@ -57,7 +61,7 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret, c;
+ int return_val, exit_val, c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
@@ -68,8 +72,7 @@
((void) argv);
memset(result, 0, sizeof( result ) );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- ret = 1;
+ exit_val = MBEDTLS_EXIT_SUCCESS;
if( argc != 1 )
{
@@ -79,18 +82,23 @@
mbedtls_printf( "\n" );
#endif
- goto exit;
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+
+ return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( return_val != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ return_val );
goto exit;
}
@@ -99,23 +107,24 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
- if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+ if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ return_val );
goto exit;
}
@@ -126,10 +135,9 @@
/*
* Extract the RSA encrypted value from the text file
*/
- ret = 1;
-
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -144,6 +152,7 @@
if( i != rsa.len )
{
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
@@ -154,11 +163,14 @@
mbedtls_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
- if( ( ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
- MBEDTLS_RSA_PRIVATE, &i, buf, result,
- 1024 ) ) != 0 )
+ return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
+ buf, result, 1024 );
+ if( return_val != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
+ return_val );
goto exit;
}
@@ -166,17 +178,17 @@
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
- ret = 0;
-
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+ mbedtls_rsa_free( &rsa );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_val );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
+
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 796343f..e78e273 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -29,8 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
@@ -40,7 +44,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include <stdio.h>
#include <string.h>
#endif
@@ -58,7 +61,7 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int return_val, exit_val;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
@@ -67,8 +70,7 @@
unsigned char buf[512];
const char *pers = "rsa_encrypt";
- mbedtls_ctr_drbg_init( &ctr_drbg );
- ret = 1;
+ exit_val = MBEDTLS_EXIT_SUCCESS;
if( argc != 2 )
{
@@ -78,18 +80,24 @@
mbedtls_printf( "\n" );
#endif
- goto exit;
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+
+ return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( return_val != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ return_val );
goto exit;
}
@@ -98,18 +106,18 @@
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- ret = 1;
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ return_val );
goto exit;
}
@@ -119,6 +127,7 @@
if( strlen( argv[1] ) > 100 )
{
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -131,11 +140,14 @@
mbedtls_printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
- if( ( ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
- MBEDTLS_RSA_PUBLIC, strlen( argv[1] ),
- input, buf ) ) != 0 )
+ return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+ strlen( argv[1] ), input, buf );
+ if( return_val != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", ret );
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
+ return_val );
goto exit;
}
@@ -144,7 +156,7 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- ret = 1;
+ exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -160,13 +172,14 @@
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+ mbedtls_rsa_free( &rsa );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_val );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index e897c65..27f3566 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -62,6 +62,7 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
ret = 1;
if( argc != 2 )
@@ -86,8 +87,6 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
@@ -157,6 +156,8 @@
exit:
+ mbedtls_rsa_free( &rsa );
+
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index ade36dc..a22b555 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -61,7 +61,9 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
ret = 1;
+
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_verify <filename>\n" );
@@ -83,8 +85,6 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
@@ -149,6 +149,8 @@
exit:
+ mbedtls_rsa_free( &rsa );
+
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 6ca07bb..e57a78e 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -397,6 +397,6 @@
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
+ return( MBEDTLS_EXIT_SUCCESS );
}
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 23eb2a4..a004a3d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -87,6 +87,7 @@
add_test_suite(memory_buffer_alloc)
add_test_suite(mpi)
add_test_suite(pem)
+add_test_suite(pkcs1_v15)
add_test_suite(pkcs1_v21)
add_test_suite(pkcs5)
add_test_suite(pk)
diff --git a/tests/Makefile b/tests/Makefile
index c5172e4..58c404e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -76,7 +76,7 @@
test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \
test_suite_memory_buffer_alloc$(EXEXT) \
test_suite_mpi$(EXEXT) \
- test_suite_pem$(EXEXT) \
+ test_suite_pem$(EXEXT) test_suite_pkcs1_v15$(EXEXT) \
test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \
test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \
test_suite_pk$(EXEXT) \
@@ -376,6 +376,10 @@
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5ecf868..c3b708f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -191,6 +191,7 @@
msg "build: cmake, full config, clang" # ~ 50s
cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data
new file mode 100644
index 0000000..db7a4cd
--- /dev/null
+++ b/tests/suites/test_suite_pkcs1_v15.data
@@ -0,0 +1,35 @@
+RSAES-V15 Encryption Test Vector Int
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0
+
+RSAES-V15 Decryption Test Vector Int
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0
+
+RSAES-V15 Encryption Test Vector Data just fits
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0
+
+RSAES-V15 Decryption Test Vector Data just fits
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0
+
+RSAES-V15 Encryption Test Vector Data too long 1
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 7
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 Encryption Test Vector Data too long 3
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 5
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 Encryption Test Vector Data too long 8
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 0
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSASSA-V15 Signing Test Vector Int
+pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
+
+RSASSA-V15 Verification Test Vector Int
+pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
new file mode 100644
index 0000000..09fe05b
--- /dev/null
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -0,0 +1,210 @@
+/* BEGIN_HEADER */
+#include "mbedtls/rsa.h"
+#include "mbedtls/md.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
+ char *input_E, int hash,
+ char *message_hex_string, char *seed,
+ char *result_hex_str, int result )
+{
+ unsigned char message_str[1000];
+ unsigned char output[1000];
+ unsigned char output_str[1000];
+ unsigned char rnd_buf[1000];
+ mbedtls_rsa_context ctx;
+ size_t msg_len;
+ rnd_buf_info info;
+
+ info.length = unhexify( rnd_buf, seed );
+ info.buf = rnd_buf;
+
+ mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ memset( message_str, 0x00, 1000 );
+ memset( output, 0x00, 1000 );
+ memset( output_str, 0x00, 1000 );
+
+ ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+
+ msg_len = unhexify( message_str, message_hex_string );
+
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
+ if( result == 0 )
+ {
+ hexify( output_str, output, ctx.len );
+
+ TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ }
+
+exit:
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
+ int radix_Q, char *input_Q, int radix_N,
+ char *input_N, int radix_E, char *input_E,
+ int hash, char *result_hex_str, char *seed,
+ char *message_hex_string, int result )
+{
+ unsigned char message_str[1000];
+ unsigned char output[1000];
+ unsigned char output_str[1000];
+ mbedtls_rsa_context ctx;
+ mbedtls_mpi P1, Q1, H, G;
+ size_t output_len;
+ rnd_pseudo_info rnd_info;
+ ((void) seed);
+
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
+ mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+
+ memset( message_str, 0x00, 1000 );
+ memset( output, 0x00, 1000 );
+ memset( output_str, 0x00, 1000 );
+ memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+
+ ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+
+ unhexify( message_str, message_hex_string );
+
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+ if( result == 0 )
+ {
+ hexify( output_str, output, ctx.len );
+
+ TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+ }
+
+exit:
+ mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
+ char *input_Q, int radix_N, char *input_N,
+ int radix_E, char *input_E, int digest, int hash,
+ char *message_hex_string, char *salt,
+ char *result_hex_str, int result )
+{
+ unsigned char message_str[1000];
+ unsigned char hash_result[1000];
+ unsigned char output[1000];
+ unsigned char output_str[1000];
+ unsigned char rnd_buf[1000];
+ mbedtls_rsa_context ctx;
+ mbedtls_mpi P1, Q1, H, G;
+ size_t msg_len;
+ rnd_buf_info info;
+
+ info.length = unhexify( rnd_buf, salt );
+ info.buf = rnd_buf;
+
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
+ mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+
+ memset( message_str, 0x00, 1000 );
+ memset( hash_result, 0x00, 1000 );
+ memset( output, 0x00, 1000 );
+ memset( output_str, 0x00, 1000 );
+
+ ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+
+ msg_len = unhexify( message_str, message_hex_string );
+
+ if( mbedtls_md_info_from_type( digest ) != NULL )
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
+ if( result == 0 )
+ {
+ hexify( output_str, output, ctx.len);
+
+ TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ }
+
+exit:
+ mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
+ char *input_E, int digest, int hash,
+ char *message_hex_string, char *salt,
+ char *result_hex_str, int result )
+{
+ unsigned char message_str[1000];
+ unsigned char hash_result[1000];
+ unsigned char result_str[1000];
+ mbedtls_rsa_context ctx;
+ size_t msg_len;
+ ((void) salt);
+
+ mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ memset( message_str, 0x00, 1000 );
+ memset( hash_result, 0x00, 1000 );
+ memset( result_str, 0x00, 1000 );
+
+ ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+
+ msg_len = unhexify( message_str, message_hex_string );
+ unhexify( result_str, result_hex_str );
+
+ if( mbedtls_md_info_from_type( digest ) != NULL )
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
+
+exit:
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */