commit 668a78d9529a82eed0be36ecf49632f76391498a
author Cédric Meuter <cedric.meuter@gmail.com> Thu Apr 30 11:57:04 2020 +0200
committer Cédric Meuter <cedric.meuter@gmail.com> Thu Dec 24 11:30:08 2020 +0100
tree b3dfdba04ea2a55adde17475f105d5726c99f845
parent a05cbecc909e1ab95a68056d4c45eacec340c780

Added sppecific test cases for mbedtls_rsa_rsassa_pss_sign_ext()

- all positibe test cases were sampled from the CAVP test suite
  (SigGenPSS_186-2.txt, SigGenPSS_186-3.txt)
  Only kept one representative for each triple (modlen, sha, saltlen)
- two extra test cases were added to cover the maximum salt length
  (slen=olen-slen-2 and slen=(olen-slen-2)-1)
- in rsa.c, the salt intermediate buffer was too small to cover cases
  where slen > hlen. So reworked the code to generate the salt in the
  encoded message directly. This has the advantage to remove a memcpy
  and a memset.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>

tests/suites/test_suite_pkcs1_v21.function

diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index b928e80..a0c5f51 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -183,6 +183,59 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
+void pkcs1_rsassa_pss_sign_ext( int mod, int radix_P, char * input_P, int radix_Q,
+                                char * input_Q, int radix_N, char * input_N,
+                                int radix_E, char * input_E, int digest, int hash,
+                                data_t * message_str, data_t * rnd_buf,
+                                data_t * result_str, int fixed_salt_length,
+                                int result )
+{
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+    unsigned char output[512];
+    mbedtls_rsa_context ctx;
+    mbedtls_test_rnd_buf_info info;
+    mbedtls_mpi N, P, Q, E;
+
+    info.buf = rnd_buf->x;
+    info.length = rnd_buf->len;
+
+    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+
+    memset( hash_result, 0x00, sizeof( hash_result ) );
+    memset( output, 0x00, sizeof( output ) );
+
+    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+
+    TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
+    TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
+    TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+    TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+
+
+    if( mbedtls_md_info_from_type( digest ) != NULL )
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+
+    TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand, &info, digest,
+                                                  0, hash_result, fixed_salt_length, output ) == result );
+    if( result == 0 )
+    {
+        TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+                                          ctx.len, result_str->len ) == 0 );
+    }
+
+exit:
+    mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
+    mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
+    mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int digest,
                               int hash, data_t * message_str, char * salt,