1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/md.h" 4/* END_HEADER */ 5 6/* BEGIN_DEPENDENCIES 7 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C:MBEDTLS_SHA1_C 8 * END_DEPENDENCIES 9 */ 10 11/* BEGIN_CASE */ 12void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, 13 int hash, data_t * message_str, data_t * rnd_buf, 14 data_t * result_str, int result ) 15{ 16 unsigned char output[256]; 17 mbedtls_rsa_context ctx; 18 mbedtls_test_rnd_buf_info info; 19 mbedtls_mpi N, E; 20 21 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 22 info.fallback_p_rng = NULL; 23 info.buf = rnd_buf->x; 24 info.length = rnd_buf->len; 25 26 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 27 mbedtls_rsa_init( &ctx ); 28 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 29 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 30 memset( output, 0x00, sizeof( output ) ); 31 32 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 33 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 34 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 35 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 36 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 37 38 if( message_str->len == 0 ) 39 message_str->x = NULL; 40 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, 41 &mbedtls_test_rnd_buffer_rand, 42 &info, message_str->len, 43 message_str->x, 44 output ) == result ); 45 if( result == 0 ) 46 { 47 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 48 } 49 50exit: 51 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 52 mbedtls_rsa_free( &ctx ); 53} 54/* END_CASE */ 55 56/* BEGIN_CASE */ 57void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, 58 data_t * input_N, data_t * input_E, int hash, 59 data_t * result_str, char * seed, data_t * message_str, 60 int result ) 61{ 62 unsigned char output[64]; 63 mbedtls_rsa_context ctx; 64 size_t output_len; 65 mbedtls_test_rnd_pseudo_info rnd_info; 66 mbedtls_mpi N, P, Q, E; 67 ((void) seed); 68 69 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 70 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 71 72 mbedtls_rsa_init( &ctx ); 73 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 74 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 75 76 memset( output, 0x00, sizeof( output ) ); 77 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 78 79 TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 ); 80 TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 ); 81 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 82 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 83 84 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 85 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 86 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 87 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 88 89 if( result_str->len == 0 ) 90 { 91 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, 92 &mbedtls_test_rnd_pseudo_rand, 93 &rnd_info, 94 &output_len, message_str->x, 95 NULL, 0 ) == result ); 96 } 97 else 98 { 99 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, 100 &mbedtls_test_rnd_pseudo_rand, 101 &rnd_info, 102 &output_len, message_str->x, 103 output, 104 sizeof( output ) ) == result ); 105 if( result == 0 ) 106 { 107 ASSERT_COMPARE( output, output_len, result_str->x, result_str->len ); 108 } 109 } 110 111exit: 112 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 113 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 114 mbedtls_rsa_free( &ctx ); 115} 116/* END_CASE */ 117 118/* BEGIN_CASE */ 119void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, 120 data_t * input_N, data_t * input_E, int digest, 121 int hash, data_t * message_str, data_t * rnd_buf, 122 data_t * result_str, int fixed_salt_length, 123 int result ) 124{ 125 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 126 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest ); 127 unsigned char output[512]; 128 mbedtls_rsa_context ctx; 129 mbedtls_test_rnd_buf_info info; 130 mbedtls_mpi N, P, Q, E; 131 132 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 133 info.fallback_p_rng = NULL; 134 info.buf = rnd_buf->x; 135 info.length = rnd_buf->len; 136 137 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 138 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 139 mbedtls_rsa_init( &ctx ); 140 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 141 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 142 143 memset( hash_result, 0x00, sizeof( hash_result ) ); 144 memset( output, 0x00, sizeof( output ) ); 145 146 TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 ); 147 TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 ); 148 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 149 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 150 151 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 152 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 153 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 154 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 155 156 if( md_info != NULL ) 157 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 ); 158 159 if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) 160 { 161 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( 162 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 163 digest, mbedtls_md_get_size( md_info ), hash_result, 164 output ) == result ); 165 if( result == 0 ) 166 { 167 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 168 } 169 170 info.buf = rnd_buf->x; 171 info.length = rnd_buf->len; 172 } 173 174 TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( 175 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 176 digest, mbedtls_md_get_size( md_info ), hash_result, 177 fixed_salt_length, output ) == result ); 178 if( result == 0 ) 179 { 180 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 181 } 182 183exit: 184 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 185 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 186 mbedtls_rsa_free( &ctx ); 187} 188/* END_CASE */ 189 190/* BEGIN_CASE */ 191void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, 192 int digest, int hash, data_t * message_str, 193 char * salt, data_t * result_str, int result ) 194{ 195 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 196 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest ); 197 mbedtls_rsa_context ctx; 198 mbedtls_mpi N, E; 199 ((void) salt); 200 201 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 202 mbedtls_rsa_init( &ctx ); 203 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 204 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 205 memset( hash_result, 0x00, sizeof( hash_result ) ); 206 207 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 208 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 209 210 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 211 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 212 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 213 214 215 if( md_info != NULL ) 216 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 ); 217 218 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result ); 219 220exit: 221 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 222 mbedtls_rsa_free( &ctx ); 223} 224/* END_CASE */ 225 226/* BEGIN_CASE */ 227void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, 228 int msg_digest_id, int ctx_hash, 229 int mgf_hash, int salt_len, 230 data_t * message_str, 231 data_t * result_str, int result_simple, 232 int result_full ) 233{ 234 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 235 mbedtls_rsa_context ctx; 236 size_t hash_len; 237 mbedtls_mpi N, E; 238 239 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 240 mbedtls_rsa_init( &ctx ); 241 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 242 MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 ); 243 memset( hash_result, 0x00, sizeof( hash_result ) ); 244 245 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 246 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 247 248 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 249 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 250 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 251 252 253 if( msg_digest_id != MBEDTLS_MD_NONE ) 254 { 255 const mbedtls_md_info_t *md_info = 256 mbedtls_md_info_from_type( msg_digest_id ); 257 TEST_ASSERT( mbedtls_md( md_info, 258 message_str->x, message_str->len, 259 hash_result ) == 0 ); 260 hash_len = mbedtls_md_get_size( md_info ); 261 } 262 else 263 { 264 memcpy( hash_result, message_str->x, message_str->len ); 265 hash_len = message_str->len; 266 } 267 268 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, 269 hash_len, hash_result, 270 result_str->x ) == result_simple ); 271 272 TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len, 273 hash_result, mgf_hash, salt_len, 274 result_str->x ) == result_full ); 275 276exit: 277 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 278 mbedtls_rsa_free( &ctx ); 279} 280/* END_CASE */ 281