1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE */ 11void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, 12 int hash, data_t *message_str, data_t *rnd_buf, 13 data_t *result_str, int result) 14{ 15 unsigned char output[256]; 16 mbedtls_rsa_context ctx; 17 mbedtls_test_rnd_buf_info info; 18 mbedtls_mpi N, E; 19 20 MD_PSA_INIT(); 21 22 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 23 info.fallback_p_rng = NULL; 24 info.buf = rnd_buf->x; 25 info.length = rnd_buf->len; 26 27 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 28 mbedtls_rsa_init(&ctx); 29 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 30 MBEDTLS_RSA_PKCS_V21, hash) == 0); 31 memset(output, 0x00, sizeof(output)); 32 33 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 34 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 35 36 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 37 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 38 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 39 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 40 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 41 42 if (message_str->len == 0) { 43 message_str->x = NULL; 44 } 45 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 46 &mbedtls_test_rnd_buffer_rand, 47 &info, message_str->len, 48 message_str->x, 49 output) == result); 50 if (result == 0) { 51 TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); 52 } 53 54exit: 55 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 56 mbedtls_rsa_free(&ctx); 57 MD_PSA_DONE(); 58} 59/* END_CASE */ 60 61/* BEGIN_CASE */ 62void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, 63 data_t *input_N, data_t *input_E, int hash, 64 data_t *result_str, char *seed, data_t *message_str, 65 int result) 66{ 67 unsigned char output[64]; 68 mbedtls_rsa_context ctx; 69 size_t output_len; 70 mbedtls_test_rnd_pseudo_info rnd_info; 71 mbedtls_mpi N, P, Q, E; 72 ((void) seed); 73 74 MD_PSA_INIT(); 75 76 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 77 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 78 79 mbedtls_rsa_init(&ctx); 80 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 81 MBEDTLS_RSA_PKCS_V21, hash) == 0); 82 83 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 84 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 85 86 memset(output, 0x00, sizeof(output)); 87 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 88 89 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); 90 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); 91 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 92 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 93 94 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 95 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 96 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 97 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 98 99 if (result_str->len == 0) { 100 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 101 &mbedtls_test_rnd_pseudo_rand, 102 &rnd_info, 103 &output_len, message_str->x, 104 NULL, 0) == result); 105 } else { 106 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 107 &mbedtls_test_rnd_pseudo_rand, 108 &rnd_info, 109 &output_len, message_str->x, 110 output, 111 sizeof(output)) == result); 112 if (result == 0) { 113 TEST_MEMORY_COMPARE(output, output_len, result_str->x, result_str->len); 114 } 115 } 116 117exit: 118 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 119 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 120 mbedtls_rsa_free(&ctx); 121 MD_PSA_DONE(); 122} 123/* END_CASE */ 124 125/* BEGIN_CASE */ 126void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, 127 data_t *input_N, data_t *input_E, int digest, 128 int hash, data_t *hash_digest, data_t *rnd_buf, 129 data_t *result_str, int fixed_salt_length, 130 int result) 131{ 132 unsigned char output[512]; 133 mbedtls_rsa_context ctx; 134 mbedtls_test_rnd_buf_info info; 135 mbedtls_mpi N, P, Q, E; 136 137 MD_PSA_INIT(); 138 139 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 140 info.fallback_p_rng = NULL; 141 info.buf = rnd_buf->x; 142 info.length = rnd_buf->len; 143 144 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 145 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 146 mbedtls_rsa_init(&ctx); 147 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 148 MBEDTLS_RSA_PKCS_V21, hash) == 0); 149 150 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 151 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 152 153 memset(output, 0x00, sizeof(output)); 154 155 TEST_ASSERT(mbedtls_mpi_read_binary(&P, input_P->x, input_P->len) == 0); 156 TEST_ASSERT(mbedtls_mpi_read_binary(&Q, input_Q->x, input_Q->len) == 0); 157 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 158 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 159 160 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 161 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 162 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 163 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 164 165 if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { 166 TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 167 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 168 digest, hash_digest->len, hash_digest->x, output) == result); 169 if (result == 0) { 170 TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); 171 } 172 173 info.buf = rnd_buf->x; 174 info.length = rnd_buf->len; 175 } 176 177 TEST_ASSERT(mbedtls_rsa_rsassa_pss_sign_ext( 178 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 179 digest, hash_digest->len, hash_digest->x, 180 fixed_salt_length, output) == result); 181 if (result == 0) { 182 TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); 183 } 184 185exit: 186 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 187 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 188 mbedtls_rsa_free(&ctx); 189 MD_PSA_DONE(); 190} 191/* END_CASE */ 192 193/* BEGIN_CASE */ 194void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E, 195 int digest, int hash, data_t *hash_digest, 196 char *salt, data_t *result_str, int result) 197{ 198 mbedtls_rsa_context ctx; 199 mbedtls_mpi N, E; 200 ((void) salt); 201 202 MD_PSA_INIT(); 203 204 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 205 mbedtls_rsa_init(&ctx); 206 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 207 MBEDTLS_RSA_PKCS_V21, hash) == 0); 208 209 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 210 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 211 212 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 213 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 214 215 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 216 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 217 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 218 219 220 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, hash_digest->len, hash_digest->x, 221 result_str->x) == result); 222 223exit: 224 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 225 mbedtls_rsa_free(&ctx); 226 MD_PSA_DONE(); 227} 228/* END_CASE */ 229 230/* BEGIN_CASE */ 231void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E, 232 int msg_digest_id, int ctx_hash, 233 int mgf_hash, int salt_len, 234 data_t *hash_digest, 235 data_t *result_str, int result_simple, 236 int result_full) 237{ 238 mbedtls_rsa_context ctx; 239 mbedtls_mpi N, E; 240 241 MD_PSA_INIT(); 242 243 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 244 mbedtls_rsa_init(&ctx); 245 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 246 MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0); 247 248 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V21); 249 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), ctx_hash); 250 251 TEST_ASSERT(mbedtls_mpi_read_binary(&N, input_N->x, input_N->len) == 0); 252 TEST_ASSERT(mbedtls_mpi_read_binary(&E, input_E->x, input_E->len) == 0); 253 254 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 255 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 256 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 257 258 259 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, msg_digest_id, 260 hash_digest->len, hash_digest->x, 261 result_str->x) == result_simple); 262 263 TEST_ASSERT(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, msg_digest_id, hash_digest->len, 264 hash_digest->x, mgf_hash, salt_len, 265 result_str->x) == result_full); 266 267exit: 268 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 269 mbedtls_rsa_free(&ctx); 270 MD_PSA_DONE(); 271} 272/* END_CASE */ 273
