Added tests for mbedtls_rsa_rsassa_pss_sign_ext()
- added some invalid param tests in test_suite_rsa
- added functional tests in test_suite_pkcs1_v21
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
diff --git a/library/rsa.c b/library/rsa.c
index 2b4b0fd..02423c0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1812,6 +1812,8 @@
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET( saltlen == MBEDTLS_RSA_SALT_LEN_ANY ||
+ saltlen > 0 );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1854,7 +1856,7 @@
else
slen = olen - hlen - 2;
}
- else if ( (saltlen < 0) || ((size_t) saltlen > olen - hlen - 2) )
+ else if ( ( (size_t) saltlen ) > olen - hlen - 2 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index c28cf08..b928e80 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -159,7 +159,18 @@
hash_result, output ) == result );
if( result == 0 )
{
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
+ }
+ info.buf = rnd_buf->x;
+ info.length = rnd_buf->len;
+
+ TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, digest, 0, hash_result,
+ MBEDTLS_RSA_SALT_LEN_ANY, output ) == result );
+ if( result == 0 )
+ {
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
ctx.len, result_str->len ) == 0 );
}
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 6c73e39..bbe2360 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -25,6 +25,7 @@
const int invalid_padding = 42;
const int valid_mode = MBEDTLS_RSA_PRIVATE;
const int invalid_mode = 42;
+ const int negative_salt_length = -2;
unsigned char buf[42] = { 0 };
size_t olen;
@@ -338,6 +339,33 @@
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
+ 0, sizeof( buf ), buf,
+ negative_salt_length,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL,
+ 0, sizeof( buf ), buf,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
+ 0, sizeof( buf ), NULL,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
+ 0, sizeof( buf ), buf,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
valid_mode,
0, sizeof( buf ), buf,