TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f37b9f73c7fd98be7f39dcdef901b6622d910c55 / . / tests / suites / test_suite_pkcs1_v15.function
blob: 9af6aec8a8ed91db4b4c0d0a42a15587476ada37 [file] [log] [blame]
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "mbedtls/md.h"
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]12void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
13 int radix_E, char * input_E, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]14 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]15 data_t * result_str, int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]16{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]17 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]18 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]19 mbedtls_test_rnd_buf_info info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]20 mbedtls_mpi N, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]21
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]22 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
23 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]24 info.buf = rnd_buf->x;
25 info.length = rnd_buf->len;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]26
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]27 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]28 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]29 memset( output, 0x00, sizeof( output ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]30
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]31 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
32 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
33 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
34 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]35 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
36
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]37 if( message_str->len == 0 )
38 message_str->x = NULL;
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]39 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
40 &mbedtls_test_rnd_buffer_rand,
41 &info, MBEDTLS_RSA_PUBLIC,
42 message_str->len, message_str->x,
43 output ) == result );
44
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]45 if( result == 0 )
46 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]47 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
48 ctx.len, result_str->len ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]49 }
50
51exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]52 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]53 mbedtls_rsa_free( &ctx );
54}
55/* END_CASE */
56
57/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]58void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
59 int radix_Q, char * input_Q, int radix_N,
60 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]61 int hash, data_t * result_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]62 char * seed, data_t * message_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]63 int result )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]64{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]65 unsigned char output[128];
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]66 mbedtls_rsa_context ctx;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]67 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]68 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]69 mbedtls_mpi N, P, Q, E;
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]70 ((void) seed);
71
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]72 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
73 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]74 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
75
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]76 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]77 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]78
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]79 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
80 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
81 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
82 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]83
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]84 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
85 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]86 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]87 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
88
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]89 if( result_str->len == 0 )
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]90 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]91 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
92 &mbedtls_test_rnd_pseudo_rand,
93 &rnd_info,
94 MBEDTLS_RSA_PRIVATE,
95 &output_len, message_str->x,
96 NULL, 0 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]97 }
98 else
99 {
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]100 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
101 &mbedtls_test_rnd_pseudo_rand,
102 &rnd_info, MBEDTLS_RSA_PRIVATE,
103 &output_len, message_str->x,
104 output, 1000 ) == result );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]105 if( result == 0 )
106 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]107 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]108 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]109 result_str->len) == 0 );
Gilles Peskine85a6dd42018-10-15 16:32:42 +0200[diff] [blame]110 }
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]111 }
112
113exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]114 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
115 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follath8a49a012016-02-12 13:18:20 +0000[diff] [blame]116 mbedtls_rsa_free( &ctx );
117}
118/* END_CASE */
119
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]120/* BEGIN_CASE */
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]121void pkcs1_v15_decode( int mode,
122 data_t *input,
123 int expected_plaintext_length_arg,
124 int output_size_arg,
125 int expected_result )
126{
127 size_t expected_plaintext_length = expected_plaintext_length_arg;
128 size_t output_size = output_size_arg;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]129 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]130 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
131 mbedtls_rsa_context ctx;
132 static unsigned char N[128] = {
133 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
134 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
135 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
136 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
137 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
138 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
139 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
140 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
141 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
142 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
143 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
144 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
145 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
146 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
147 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
148 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
149 };
150 static unsigned char E[1] = { 0x03 };
151 static unsigned char P[64] = {
152 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
153 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
154 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
155 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
156 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
157 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
158 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
159 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
160 };
161 static unsigned char Q[64] = {
162 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
163 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
164 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
165 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
166 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
167 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
168 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
169 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
170 };
171 unsigned char original[128];
172 unsigned char intermediate[128];
173 static unsigned char default_content[128] = {
174 /* A randomly generated pattern. */
175 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
176 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
177 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
178 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
179 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
180 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
181 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
182 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
183 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
184 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
185 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
186 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
187 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
188 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
189 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
190 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
191 };
192 unsigned char final[128];
193 size_t output_length = 0x7EA0;
194
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]195 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]196 mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
197 mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
198 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
199
200 TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
201 TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
202 TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
203 TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
204
205 TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
206 NULL, &Empi ) == 0 );
207 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
208
209 TEST_ASSERT( input->len <= sizeof( N ) );
210 memcpy( original, input->x, input->len );
211 memset( original + input->len, 'd', sizeof( original ) - input->len );
212 if( mode == MBEDTLS_RSA_PRIVATE )
213 TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
214 else
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]215 TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand,
216 &rnd_info, original,
217 intermediate ) == 0 );
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]218
219 memcpy( final, default_content, sizeof( final ) );
220 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]221 &mbedtls_test_rnd_pseudo_rand,
222 &rnd_info, mode, &output_length,
223 intermediate, final,
Gilles Peskine695a3462018-10-05 18:15:25 +0200[diff] [blame]224 output_size ) == expected_result );
225 if( expected_result == 0 )
226 {
227 TEST_ASSERT( output_length == expected_plaintext_length );
228 TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
229 final,
230 output_length ) == 0 );
231 }
232 else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
233 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
234 {
235 size_t max_payload_length =
236 output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
237 size_t i;
238 size_t count = 0;
239
240#if !defined(MBEDTLS_RSA_ALT)
241 /* Check that the output in invalid cases is what the default
242 * implementation currently does. Alternative implementations
243 * may produce different output, so we only perform these precise
244 * checks when using the default implementation. */
245 TEST_ASSERT( output_length == max_payload_length );
246 for( i = 0; i < max_payload_length; i++ )
247 TEST_ASSERT( final[i] == 0 );
248#endif
249 /* Even in alternative implementations, the outputs must have
250 * changed, otherwise it indicates at least a timing vulnerability
251 * because no write to the outputs is performed in the bad case. */
252 TEST_ASSERT( output_length != 0x7EA0 );
253 for( i = 0; i < max_payload_length; i++ )
254 count += ( final[i] == default_content[i] );
255 /* If more than 16 bytes are unchanged in final, that's evidence
256 * that final wasn't overwritten. */
257 TEST_ASSERT( count < 16 );
258 }
259
260exit:
261 mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
262 mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
263 mbedtls_rsa_free( &ctx );
264}
265/* END_CASE */
266
267/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]268void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
269 char * input_Q, int radix_N, char * input_N,
270 int radix_E, char * input_E, int digest, int hash,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]271 data_t * message_str, data_t * rnd_buf,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]272 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]273{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]274 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
275 unsigned char output[128];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]276 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]277 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]278 mbedtls_test_rnd_buf_info info;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]279
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]280 info.fallback_f_rng = mbedtls_test_rnd_std_rand;
281 info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]282 info.buf = rnd_buf->x;
283 info.length = rnd_buf->len;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]284
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]285 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
286 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]287 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
288
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]289 memset( hash_result, 0x00, sizeof( hash_result ) );
290 memset( output, 0x00, sizeof( output ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]291
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]292 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
293 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
294 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
295 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]296
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]297 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
298 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]299 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]300 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
301
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]302
303 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]304 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]305
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]306 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
307 &info, MBEDTLS_RSA_PRIVATE, digest,
308 0, hash_result, output ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]309 if( result == 0 )
310 {
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]311
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]312 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
313 ctx.len, result_str->len ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]314 }
315
316exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]317 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
318 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]319 mbedtls_rsa_free( &ctx );
320}
321/* END_CASE */
322
323/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]324void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
325 int radix_E, char * input_E, int digest,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]326 int hash, data_t * message_str, char * salt,
327 data_t * result_str, int result )
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]328{
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]329 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]330 mbedtls_rsa_context ctx;
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]331 mbedtls_mpi N, E;
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]332 ((void) salt);
333
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]334 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]335 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
Ron Eldor635888b2018-11-25 15:54:52 +0200[diff] [blame]336 memset( hash_result, 0x00, sizeof( hash_result ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]337
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]338 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
339 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
340 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
341 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]342 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
343
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]344
345 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]346 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]347
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]348 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]349
350exit:
Hanno Becker6d43f9e2017-08-23 06:35:17 +0100[diff] [blame]351 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Janos Follathe6aef9f2016-03-16 16:39:41 +0000[diff] [blame]352 mbedtls_rsa_free( &ctx );
353}
354/* END_CASE */