TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4c1087f47487433155d6ea5c04db31aa95b6be2e / . / tests / suites / test_suite_pkcs1_v15.function
blob: 0bd3f81a0a4ad4c8bd2f35ccac394eaf39acaa44 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
Manuel Pégourié-Gonnard4c1087f2022-07-15 11:16:58 +0200[diff] [blame^]4
5#include "or_psa_helpers.h"
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]6/* END_HEADER */
7
8/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard3637c512022-07-13 12:41:36 +0200[diff] [blame]9 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]10 * END_DEPENDENCIES
11 */
12
13/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]14void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
15 int radix_E, char * input_E, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]16 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]17 data_t * result_str, int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]19 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]20 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]21 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]22 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]23
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]24 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
25 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]26 info.buf = rnd_buf->x;
27 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]29 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]30 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]31 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
32 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]33 memset( output, 0x00, sizeof( output ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]34
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]35 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
36 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]37 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
38 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]39 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
40
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]41 if( message_str->len == 0 )
42 message_str->x = NULL;
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]43 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
44 &mbedtls_test_rnd_buffer_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]45 &info, message_str->len,
46 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]47 output ) == result );
48
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]49 if( result == 0 )
50 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]51 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
52 ctx.len, result_str->len ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]53 }
54
55exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]56 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]57 mbedtls_rsa_free( &ctx );
58}
59/* END_CASE */
60
61/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]62void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
63 int radix_Q, char * input_Q, int radix_N,
64 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]65 int hash, data_t * result_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]66 char * seed, data_t * message_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]67 int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]68{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]69 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]70 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]71 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]72 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]73 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]74 ((void) seed);
75
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]76 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
77 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]78 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]79 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
80 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]81
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]82 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]83 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]84
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]85 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
86 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
87 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
88 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]89
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]90 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
91 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]92 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]93 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
94
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]95 if( result_str->len == 0 )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]96 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]97 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
98 &mbedtls_test_rnd_pseudo_rand,
99 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]100 &output_len, message_str->x,
101 NULL, 0 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]102 }
103 else
104 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]105 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
106 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]107 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]108 &output_len, message_str->x,
109 output, 1000 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]110 if( result == 0 )
111 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]112 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]113 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]114 result_str->len) == 0 );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]115 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]116 }
117
118exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]119 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
120 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]121 mbedtls_rsa_free( &ctx );
122}
123/* END_CASE */
124
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]125/* BEGIN_CASE */
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]126void pkcs1_v15_decode( data_t *input,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]127 int expected_plaintext_length_arg,
128 int output_size_arg,
129 int expected_result )
130{
131 size_t expected_plaintext_length = expected_plaintext_length_arg;
132 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]133 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]134 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
135 mbedtls_rsa_context ctx;
136 static unsigned char N[128] = {
137 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
138 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
139 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
140 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
141 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
142 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
143 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
144 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
145 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
146 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
147 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
148 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
149 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
150 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
151 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
152 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
153 };
154 static unsigned char E[1] = { 0x03 };
155 static unsigned char P[64] = {
156 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
157 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
158 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
159 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
160 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
161 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
162 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
163 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
164 };
165 static unsigned char Q[64] = {
166 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
167 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
168 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
169 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
170 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
171 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
172 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
173 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
174 };
175 unsigned char original[128];
176 unsigned char intermediate[128];
177 static unsigned char default_content[128] = {
178 /* A randomly generated pattern. */
179 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
180 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
181 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
182 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
183 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
184 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
185 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
186 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
187 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
188 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
189 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
190 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
191 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
192 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
193 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
194 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
195 };
196 unsigned char final[128];
197 size_t output_length = 0x7EA0;
198
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]199 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]200 mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
201 mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]202 mbedtls_rsa_init( &ctx );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]203
204 TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
205 TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
206 TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
207 TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
208
209 TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
210 NULL, &Empi ) == 0 );
211 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
212
213 TEST_ASSERT( input->len <= sizeof( N ) );
214 memcpy( original, input->x, input->len );
215 memset( original + input->len, 'd', sizeof( original ) - input->len );
Thomas Daubney99914142021-05-06 15:17:03 +0100[diff] [blame]216 TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]217
218 memcpy( final, default_content, sizeof( final ) );
219 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]220 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]221 &rnd_info, &output_length,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]222 intermediate, final,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]223 output_size ) == expected_result );
224 if( expected_result == 0 )
225 {
226 TEST_ASSERT( output_length == expected_plaintext_length );
227 TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
228 final,
229 output_length ) == 0 );
230 }
231 else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
232 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
233 {
234 size_t max_payload_length =
235 output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
236 size_t i;
237 size_t count = 0;
238
239#if !defined(MBEDTLS_RSA_ALT)
240 /* Check that the output in invalid cases is what the default
241 * implementation currently does. Alternative implementations
242 * may produce different output, so we only perform these precise
243 * checks when using the default implementation. */
244 TEST_ASSERT( output_length == max_payload_length );
245 for( i = 0; i < max_payload_length; i++ )
246 TEST_ASSERT( final[i] == 0 );
247#endif
248 /* Even in alternative implementations, the outputs must have
249 * changed, otherwise it indicates at least a timing vulnerability
250 * because no write to the outputs is performed in the bad case. */
251 TEST_ASSERT( output_length != 0x7EA0 );
252 for( i = 0; i < max_payload_length; i++ )
253 count += ( final[i] == default_content[i] );
254 /* If more than 16 bytes are unchanged in final, that's evidence
255 * that final wasn't overwritten. */
256 TEST_ASSERT( count < 16 );
257 }
258
259exit:
260 mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
261 mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
262 mbedtls_rsa_free( &ctx );
263}
264/* END_CASE */
265
Manuel Pégourié-Gonnarde496c622022-07-05 13:11:13 +0200[diff] [blame]266/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]267void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
268 char * input_Q, int radix_N, char * input_N,
269 int radix_E, char * input_E, int digest, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]270 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]271 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]272{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]273 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]274 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]275 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]276 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]277 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]278 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]279
Gilles Peskineecacc3c2021-03-24 00:48:57 +0100[diff] [blame]280 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
281 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]282 info.buf = rnd_buf->x;
283 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]284
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]285 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
286 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]287 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]288 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
289 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]290
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]291 memset( hash_result, 0x00, sizeof( hash_result ) );
292 memset( output, 0x00, sizeof( output ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]293
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]294 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
295 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
296 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
297 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]298
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]299 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
300 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]301 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]302 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
303
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]304 if( md_info != NULL )
305 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]306
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]307 TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
308 &ctx, &mbedtls_test_rnd_buffer_rand, &info,
309 digest, mbedtls_md_get_size( md_info ), hash_result,
310 output ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]311 if( result == 0 )
312 {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]313
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]314 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
315 ctx.len, result_str->len ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]316 }
317
318exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]319 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
320 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]321 mbedtls_rsa_free( &ctx );
322}
323/* END_CASE */
324
Manuel Pégourié-Gonnarde496c622022-07-05 13:11:13 +0200[diff] [blame]325/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]326void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
327 int radix_E, char * input_E, int digest,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]328 int hash, data_t * message_str, char * salt,
329 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]330{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]331 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]332 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]333 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]334 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]335 ((void) salt);
336
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]337 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]338 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]339 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
340 MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]341 memset( hash_result, 0x00, sizeof( hash_result ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]342
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]343 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
344 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]345 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
346 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]347 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
348
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]349
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]350 if( md_info != NULL )
351 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]352
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]353 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]354
355exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]356 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]357 mbedtls_rsa_free( &ctx );
358}
359/* END_CASE */