1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/legacy_or_psa.h" 4/* END_HEADER */ 5 6/* BEGIN_DEPENDENCIES 7 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C 8 * END_DEPENDENCIES 9 */ 10 11/* BEGIN_CASE */ 12void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, 13 int hash, data_t *message_str, data_t *rnd_buf, 14 data_t *result_str, int result) 15{ 16 unsigned char output[256]; 17 mbedtls_rsa_context ctx; 18 mbedtls_test_rnd_buf_info info; 19 mbedtls_mpi N, E; 20 21 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 22 info.fallback_p_rng = NULL; 23 info.buf = rnd_buf->x; 24 info.length = rnd_buf->len; 25 26 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 27 mbedtls_rsa_init(&ctx); 28 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 29 MBEDTLS_RSA_PKCS_V21, hash) == 0); 30 memset(output, 0x00, sizeof(output)); 31 32 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 33 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 34 35 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 36 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 37 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 38 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 39 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 40 41 if (message_str->len == 0) { 42 message_str->x = NULL; 43 } 44 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 45 &mbedtls_test_rnd_buffer_rand, 46 &info, message_str->len, 47 message_str->x, 48 output) == result); 49 if (result == 0) { 50 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); 51 } 52 53exit: 54 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 55 mbedtls_rsa_free(&ctx); 56} 57/* END_CASE */ 58 59/* BEGIN_CASE */ 60void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, 61 data_t *input_N, data_t *input_E, int hash, 62 data_t *result_str, char *seed, data_t *message_str, 63 int result) 64{ 65 unsigned char output[64]; 66 mbedtls_rsa_context ctx; 67 size_t output_len; 68 mbedtls_test_rnd_pseudo_info rnd_info; 69 mbedtls_mpi N, P, Q, E; 70 ((void) seed); 71 72 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 73 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 74 75 mbedtls_rsa_init(&ctx); 76 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 77 MBEDTLS_RSA_PKCS_V21, hash) == 0); 78 79 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 80 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 81 82 memset(output, 0x00, sizeof(output)); 83 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 84 85 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); 86 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); 87 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 88 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 89 90 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 91 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 92 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 93 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 94 95 if (result_str->len == 0) { 96 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 97 &mbedtls_test_rnd_pseudo_rand, 98 &rnd_info, 99 &output_len, message_str->x, 100 NULL, 0) == result); 101 } else { 102 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 103 &mbedtls_test_rnd_pseudo_rand, 104 &rnd_info, 105 &output_len, message_str->x, 106 output, 107 sizeof(output)) == result); 108 if (result == 0) { 109 ASSERT_COMPARE(output, output_len, result_str->x, result_str->len); 110 } 111 } 112 113exit: 114 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 115 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 116 mbedtls_rsa_free(&ctx); 117} 118/* END_CASE */ 119 120/* BEGIN_CASE */ 121void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, 122 data_t *input_N, data_t *input_E, int digest, 123 int hash, data_t *hash_digest, data_t *rnd_buf, 124 data_t *result_str, int fixed_salt_length, 125 int result) 126{ 127 unsigned char output[512]; 128 mbedtls_rsa_context ctx; 129 mbedtls_test_rnd_buf_info info; 130 mbedtls_mpi N, P, Q, E; 131 132 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 133 info.fallback_p_rng = NULL; 134 info.buf = rnd_buf->x; 135 info.length = rnd_buf->len; 136 137 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 138 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 139 mbedtls_rsa_init(&ctx); 140 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 141 MBEDTLS_RSA_PKCS_V21, hash) == 0); 142 143 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 144 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 145 146 memset(output, 0x00, sizeof(output)); 147 148 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); 149 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); 150 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 151 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 152 153 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 154 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 155 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 156 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 157 158 if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { 159 TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 160 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 161 digest, hash_digest->len, hash_digest->x, output) == result); 162 if (result == 0) { 163 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); 164 } 165 166 info.buf = rnd_buf->x; 167 info.length = rnd_buf->len; 168 } 169 170 TEST_ASSERT(mbedtls_rsa_rsassa_pss_sign_ext( 171 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 172 digest, hash_digest->len, hash_digest->x, 173 fixed_salt_length, output) == result); 174 if (result == 0) { 175 ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); 176 } 177 178exit: 179 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 180 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 181 mbedtls_rsa_free(&ctx); 182} 183/* END_CASE */ 184 185/* BEGIN_CASE */ 186void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E, 187 int digest, int hash, data_t *hash_digest, 188 char *salt, data_t *result_str, int result) 189{ 190 mbedtls_rsa_context ctx; 191 mbedtls_mpi N, E; 192 ((void) salt); 193 194 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 195 mbedtls_rsa_init(&ctx); 196 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 197 MBEDTLS_RSA_PKCS_V21, hash) == 0); 198 199 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 200 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 201 202 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 203 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 204 205 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 206 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 207 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 208 209 210 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, hash_digest->len, hash_digest->x, 211 result_str->x) == result); 212 213exit: 214 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 215 mbedtls_rsa_free(&ctx); 216} 217/* END_CASE */ 218 219/* BEGIN_CASE */ 220void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E, 221 int msg_digest_id, int ctx_hash, 222 int mgf_hash, int salt_len, 223 data_t *hash_digest, 224 data_t *result_str, int result_simple, 225 int result_full) 226{ 227 mbedtls_rsa_context ctx; 228 mbedtls_mpi N, E; 229 230 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 231 mbedtls_rsa_init(&ctx); 232 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 233 MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0); 234 235 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 236 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), ctx_hash); 237 238 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 239 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 240 241 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 242 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 243 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 244 245 246 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, msg_digest_id, 247 hash_digest->len, hash_digest->x, 248 result_str->x) == result_simple); 249 250 TEST_ASSERT(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, msg_digest_id, hash_digest->len, 251 hash_digest->x, mgf_hash, salt_len, 252 result_str->x) == result_full); 253 254exit: 255 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 256 mbedtls_rsa_free(&ctx); 257} 258/* END_CASE */ 259