1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/legacy_or_psa.h" 4/* END_HEADER */ 5 6/* BEGIN_DEPENDENCIES 7 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C 8 * END_DEPENDENCIES 9 */ 10 11/* BEGIN_CASE */ 12void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, 13 int hash, data_t * message_str, data_t * rnd_buf, 14 data_t * result_str, int result ) 15{ 16 unsigned char output[256]; 17 mbedtls_rsa_context ctx; 18 mbedtls_test_rnd_buf_info info; 19 mbedtls_mpi N, E; 20 21 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 22 info.fallback_p_rng = NULL; 23 info.buf = rnd_buf->x; 24 info.length = rnd_buf->len; 25 26 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 27 mbedtls_rsa_init( &ctx ); 28 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 29 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 30 memset( output, 0x00, sizeof( output ) ); 31 32 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 33 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 34 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 35 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 36 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 37 38 if( message_str->len == 0 ) 39 message_str->x = NULL; 40 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, 41 &mbedtls_test_rnd_buffer_rand, 42 &info, message_str->len, 43 message_str->x, 44 output ) == result ); 45 if( result == 0 ) 46 { 47 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 48 } 49 50exit: 51 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 52 mbedtls_rsa_free( &ctx ); 53} 54/* END_CASE */ 55 56/* BEGIN_CASE */ 57void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, 58 data_t * input_N, data_t * input_E, int hash, 59 data_t * result_str, char * seed, data_t * message_str, 60 int result ) 61{ 62 unsigned char output[64]; 63 mbedtls_rsa_context ctx; 64 size_t output_len; 65 mbedtls_test_rnd_pseudo_info rnd_info; 66 mbedtls_mpi N, P, Q, E; 67 ((void) seed); 68 69 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 70 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 71 72 mbedtls_rsa_init( &ctx ); 73 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 74 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 75 76 memset( output, 0x00, sizeof( output ) ); 77 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 78 79 TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 ); 80 TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 ); 81 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 82 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 83 84 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 85 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 86 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 87 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 88 89 if( result_str->len == 0 ) 90 { 91 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, 92 &mbedtls_test_rnd_pseudo_rand, 93 &rnd_info, 94 &output_len, message_str->x, 95 NULL, 0 ) == result ); 96 } 97 else 98 { 99 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, 100 &mbedtls_test_rnd_pseudo_rand, 101 &rnd_info, 102 &output_len, message_str->x, 103 output, 104 sizeof( output ) ) == result ); 105 if( result == 0 ) 106 { 107 ASSERT_COMPARE( output, output_len, result_str->x, result_str->len ); 108 } 109 } 110 111exit: 112 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 113 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 114 mbedtls_rsa_free( &ctx ); 115} 116/* END_CASE */ 117 118/* BEGIN_CASE */ 119void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, 120 data_t * input_N, data_t * input_E, int digest, 121 int hash, data_t * hash_digest, data_t * rnd_buf, 122 data_t * result_str, int fixed_salt_length, 123 int result ) 124{ 125 unsigned char output[512]; 126 mbedtls_rsa_context ctx; 127 mbedtls_test_rnd_buf_info info; 128 mbedtls_mpi N, P, Q, E; 129 130 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 131 info.fallback_p_rng = NULL; 132 info.buf = rnd_buf->x; 133 info.length = rnd_buf->len; 134 135 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 136 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 137 mbedtls_rsa_init( &ctx ); 138 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 139 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 140 141 memset( output, 0x00, sizeof( output ) ); 142 143 TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 ); 144 TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 ); 145 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 146 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 147 148 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 149 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 150 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 151 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 152 153 if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) 154 { 155 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( 156 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 157 digest, hash_digest->len, hash_digest->x, output ) == result ); 158 if( result == 0 ) 159 { 160 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 161 } 162 163 info.buf = rnd_buf->x; 164 info.length = rnd_buf->len; 165 } 166 167 TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( 168 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 169 digest, hash_digest->len, hash_digest->x, 170 fixed_salt_length, output ) == result ); 171 if( result == 0 ) 172 { 173 ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); 174 } 175 176exit: 177 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 178 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 179 mbedtls_rsa_free( &ctx ); 180} 181/* END_CASE */ 182 183/* BEGIN_CASE */ 184void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, 185 int digest, int hash, data_t * hash_digest, 186 char * salt, data_t * result_str, int result ) 187{ 188 mbedtls_rsa_context ctx; 189 mbedtls_mpi N, E; 190 ((void) salt); 191 192 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 193 mbedtls_rsa_init( &ctx ); 194 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 195 MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); 196 197 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 198 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 199 200 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 201 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 202 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 203 204 205 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, hash_digest->len, hash_digest->x, result_str->x ) == result ); 206 207exit: 208 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 209 mbedtls_rsa_free( &ctx ); 210} 211/* END_CASE */ 212 213/* BEGIN_CASE */ 214void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, 215 int msg_digest_id, int ctx_hash, 216 int mgf_hash, int salt_len, 217 data_t * hash_digest, 218 data_t * result_str, int result_simple, 219 int result_full ) 220{ 221 mbedtls_rsa_context ctx; 222 mbedtls_mpi N, E; 223 224 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 225 mbedtls_rsa_init( &ctx ); 226 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, 227 MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 ); 228 229 TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); 230 TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 ); 231 232 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 233 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); 234 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 235 236 237 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, 238 hash_digest->len, hash_digest->x, 239 result_str->x ) == result_simple ); 240 241 TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_digest->len, 242 hash_digest->x, mgf_hash, salt_len, 243 result_str->x ) == result_full ); 244 245exit: 246 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 247 mbedtls_rsa_free( &ctx ); 248} 249/* END_CASE */ 250