1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/rsa.h" 3a8e1175bSopenharmony_ci#include "mbedtls/md.h" 4a8e1175bSopenharmony_ci/* END_HEADER */ 5a8e1175bSopenharmony_ci 6a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 7a8e1175bSopenharmony_ci * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C 8a8e1175bSopenharmony_ci * END_DEPENDENCIES 9a8e1175bSopenharmony_ci */ 10a8e1175bSopenharmony_ci 11a8e1175bSopenharmony_ci/* BEGIN_CASE */ 12a8e1175bSopenharmony_civoid pkcs1_rsaes_v15_encrypt(int mod, char *input_N, 13a8e1175bSopenharmony_ci char *input_E, int hash, 14a8e1175bSopenharmony_ci data_t *message_str, data_t *rnd_buf, 15a8e1175bSopenharmony_ci data_t *result_str, int result) 16a8e1175bSopenharmony_ci{ 17a8e1175bSopenharmony_ci unsigned char output[128]; 18a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 19a8e1175bSopenharmony_ci mbedtls_test_rnd_buf_info info; 20a8e1175bSopenharmony_ci mbedtls_mpi N, E; 21a8e1175bSopenharmony_ci 22a8e1175bSopenharmony_ci info.fallback_f_rng = mbedtls_test_rnd_std_rand; 23a8e1175bSopenharmony_ci info.fallback_p_rng = NULL; 24a8e1175bSopenharmony_ci info.buf = rnd_buf->x; 25a8e1175bSopenharmony_ci info.length = rnd_buf->len; 26a8e1175bSopenharmony_ci 27a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 28a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 29a8e1175bSopenharmony_ci 30a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 31a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), MBEDTLS_MD_NONE); 32a8e1175bSopenharmony_ci 33a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 34a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V15, hash) == 0); 35a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 36a8e1175bSopenharmony_ci 37a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 38a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 39a8e1175bSopenharmony_ci 40a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 41a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 42a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 43a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 44a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 45a8e1175bSopenharmony_ci 46a8e1175bSopenharmony_ci if (message_str->len == 0) { 47a8e1175bSopenharmony_ci message_str->x = NULL; 48a8e1175bSopenharmony_ci } 49a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 50a8e1175bSopenharmony_ci &mbedtls_test_rnd_buffer_rand, 51a8e1175bSopenharmony_ci &info, message_str->len, 52a8e1175bSopenharmony_ci message_str->x, 53a8e1175bSopenharmony_ci output) == result); 54a8e1175bSopenharmony_ci 55a8e1175bSopenharmony_ci if (result == 0) { 56a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 57a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 58a8e1175bSopenharmony_ci } 59a8e1175bSopenharmony_ci 60a8e1175bSopenharmony_ciexit: 61a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 62a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 63a8e1175bSopenharmony_ci} 64a8e1175bSopenharmony_ci/* END_CASE */ 65a8e1175bSopenharmony_ci 66a8e1175bSopenharmony_ci/* BEGIN_CASE */ 67a8e1175bSopenharmony_civoid pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q, 68a8e1175bSopenharmony_ci char *input_N, char *input_E, int hash, 69a8e1175bSopenharmony_ci data_t *result_str, char *seed, 70a8e1175bSopenharmony_ci data_t *message_str, int result) 71a8e1175bSopenharmony_ci{ 72a8e1175bSopenharmony_ci unsigned char output[128]; 73a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 74a8e1175bSopenharmony_ci size_t output_len; 75a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 76a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 77a8e1175bSopenharmony_ci ((void) seed); 78a8e1175bSopenharmony_ci 79a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 80a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 81a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 82a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 83a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V15, hash) == 0); 84a8e1175bSopenharmony_ci 85a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 86a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 87a8e1175bSopenharmony_ci 88a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 89a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 92a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 93a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 94a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 95a8e1175bSopenharmony_ci 96a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 97a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 98a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 99a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 100a8e1175bSopenharmony_ci 101a8e1175bSopenharmony_ci if (result_str->len == 0) { 102a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 103a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 104a8e1175bSopenharmony_ci &rnd_info, 105a8e1175bSopenharmony_ci &output_len, message_str->x, 106a8e1175bSopenharmony_ci NULL, 0) == result); 107a8e1175bSopenharmony_ci } else { 108a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 109a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 110a8e1175bSopenharmony_ci &rnd_info, 111a8e1175bSopenharmony_ci &output_len, message_str->x, 112a8e1175bSopenharmony_ci output, 1000) == result); 113a8e1175bSopenharmony_ci if (result == 0) { 114a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 115a8e1175bSopenharmony_ci output_len, 116a8e1175bSopenharmony_ci result_str->len) == 0); 117a8e1175bSopenharmony_ci } 118a8e1175bSopenharmony_ci } 119a8e1175bSopenharmony_ci 120a8e1175bSopenharmony_ciexit: 121a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 122a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 123a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 124a8e1175bSopenharmony_ci} 125a8e1175bSopenharmony_ci/* END_CASE */ 126a8e1175bSopenharmony_ci 127a8e1175bSopenharmony_ci/* BEGIN_CASE */ 128a8e1175bSopenharmony_civoid pkcs1_v15_decode(data_t *input, 129a8e1175bSopenharmony_ci int expected_plaintext_length_arg, 130a8e1175bSopenharmony_ci int output_size_arg, 131a8e1175bSopenharmony_ci int expected_result) 132a8e1175bSopenharmony_ci{ 133a8e1175bSopenharmony_ci size_t expected_plaintext_length = expected_plaintext_length_arg; 134a8e1175bSopenharmony_ci size_t output_size = output_size_arg; 135a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 136a8e1175bSopenharmony_ci mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi; 137a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 138a8e1175bSopenharmony_ci static unsigned char N[128] = { 139a8e1175bSopenharmony_ci 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5, 140a8e1175bSopenharmony_ci 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec, 141a8e1175bSopenharmony_ci 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5, 142a8e1175bSopenharmony_ci 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73, 143a8e1175bSopenharmony_ci 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5, 144a8e1175bSopenharmony_ci 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde, 145a8e1175bSopenharmony_ci 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d, 146a8e1175bSopenharmony_ci 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e, 147a8e1175bSopenharmony_ci 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2, 148a8e1175bSopenharmony_ci 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1, 149a8e1175bSopenharmony_ci 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46, 150a8e1175bSopenharmony_ci 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec, 151a8e1175bSopenharmony_ci 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33, 152a8e1175bSopenharmony_ci 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11, 153a8e1175bSopenharmony_ci 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12, 154a8e1175bSopenharmony_ci 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb 155a8e1175bSopenharmony_ci }; 156a8e1175bSopenharmony_ci static unsigned char E[1] = { 0x03 }; 157a8e1175bSopenharmony_ci static unsigned char P[64] = { 158a8e1175bSopenharmony_ci 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8, 159a8e1175bSopenharmony_ci 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8, 160a8e1175bSopenharmony_ci 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd, 161a8e1175bSopenharmony_ci 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9, 162a8e1175bSopenharmony_ci 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5, 163a8e1175bSopenharmony_ci 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55, 164a8e1175bSopenharmony_ci 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1, 165a8e1175bSopenharmony_ci 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b 166a8e1175bSopenharmony_ci }; 167a8e1175bSopenharmony_ci static unsigned char Q[64] = { 168a8e1175bSopenharmony_ci 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b, 169a8e1175bSopenharmony_ci 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03, 170a8e1175bSopenharmony_ci 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c, 171a8e1175bSopenharmony_ci 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e, 172a8e1175bSopenharmony_ci 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83, 173a8e1175bSopenharmony_ci 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc, 174a8e1175bSopenharmony_ci 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca, 175a8e1175bSopenharmony_ci 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1 176a8e1175bSopenharmony_ci }; 177a8e1175bSopenharmony_ci unsigned char original[128]; 178a8e1175bSopenharmony_ci unsigned char intermediate[128]; 179a8e1175bSopenharmony_ci static unsigned char default_content[128] = { 180a8e1175bSopenharmony_ci /* A randomly generated pattern. */ 181a8e1175bSopenharmony_ci 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a, 182a8e1175bSopenharmony_ci 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19, 183a8e1175bSopenharmony_ci 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58, 184a8e1175bSopenharmony_ci 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4, 185a8e1175bSopenharmony_ci 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50, 186a8e1175bSopenharmony_ci 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa, 187a8e1175bSopenharmony_ci 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08, 188a8e1175bSopenharmony_ci 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf, 189a8e1175bSopenharmony_ci 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70, 190a8e1175bSopenharmony_ci 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef, 191a8e1175bSopenharmony_ci 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a, 192a8e1175bSopenharmony_ci 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2, 193a8e1175bSopenharmony_ci 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b, 194a8e1175bSopenharmony_ci 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde, 195a8e1175bSopenharmony_ci 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d, 196a8e1175bSopenharmony_ci 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42 197a8e1175bSopenharmony_ci }; 198a8e1175bSopenharmony_ci unsigned char final[128]; 199a8e1175bSopenharmony_ci size_t output_length = 0x7EA0; 200a8e1175bSopenharmony_ci 201a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 202a8e1175bSopenharmony_ci mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi); 203a8e1175bSopenharmony_ci mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi); 204a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 205a8e1175bSopenharmony_ci 206a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0); 207a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0); 208a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0); 209a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0); 210a8e1175bSopenharmony_ci 211a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi, 212a8e1175bSopenharmony_ci NULL, &Empi) == 0); 213a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 214a8e1175bSopenharmony_ci 215a8e1175bSopenharmony_ci TEST_ASSERT(input->len <= sizeof(N)); 216a8e1175bSopenharmony_ci memcpy(original, input->x, input->len); 217a8e1175bSopenharmony_ci memset(original + input->len, 'd', sizeof(original) - input->len); 218a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0); 219a8e1175bSopenharmony_ci 220a8e1175bSopenharmony_ci memcpy(final, default_content, sizeof(final)); 221a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 222a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 223a8e1175bSopenharmony_ci &rnd_info, &output_length, 224a8e1175bSopenharmony_ci intermediate, final, 225a8e1175bSopenharmony_ci output_size) == expected_result); 226a8e1175bSopenharmony_ci if (expected_result == 0) { 227a8e1175bSopenharmony_ci TEST_ASSERT(output_length == expected_plaintext_length); 228a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(original + sizeof(N) - output_length, 229a8e1175bSopenharmony_ci final, 230a8e1175bSopenharmony_ci output_length) == 0); 231a8e1175bSopenharmony_ci } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING || 232a8e1175bSopenharmony_ci expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) { 233a8e1175bSopenharmony_ci size_t max_payload_length = 234a8e1175bSopenharmony_ci output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size; 235a8e1175bSopenharmony_ci size_t i; 236a8e1175bSopenharmony_ci size_t count = 0; 237a8e1175bSopenharmony_ci 238a8e1175bSopenharmony_ci#if !defined(MBEDTLS_RSA_ALT) 239a8e1175bSopenharmony_ci /* Check that the output in invalid cases is what the default 240a8e1175bSopenharmony_ci * implementation currently does. Alternative implementations 241a8e1175bSopenharmony_ci * may produce different output, so we only perform these precise 242a8e1175bSopenharmony_ci * checks when using the default implementation. */ 243a8e1175bSopenharmony_ci TEST_ASSERT(output_length == max_payload_length); 244a8e1175bSopenharmony_ci for (i = 0; i < max_payload_length; i++) { 245a8e1175bSopenharmony_ci TEST_ASSERT(final[i] == 0); 246a8e1175bSopenharmony_ci } 247a8e1175bSopenharmony_ci#endif 248a8e1175bSopenharmony_ci /* Even in alternative implementations, the outputs must have 249a8e1175bSopenharmony_ci * changed, otherwise it indicates at least a timing vulnerability 250a8e1175bSopenharmony_ci * because no write to the outputs is performed in the bad case. */ 251a8e1175bSopenharmony_ci TEST_ASSERT(output_length != 0x7EA0); 252a8e1175bSopenharmony_ci for (i = 0; i < max_payload_length; i++) { 253a8e1175bSopenharmony_ci count += (final[i] == default_content[i]); 254a8e1175bSopenharmony_ci } 255a8e1175bSopenharmony_ci /* If more than 16 bytes are unchanged in final, that's evidence 256a8e1175bSopenharmony_ci * that final wasn't overwritten. */ 257a8e1175bSopenharmony_ci TEST_ASSERT(count < 16); 258a8e1175bSopenharmony_ci } 259a8e1175bSopenharmony_ci 260a8e1175bSopenharmony_ciexit: 261a8e1175bSopenharmony_ci mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi); 262a8e1175bSopenharmony_ci mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi); 263a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 264a8e1175bSopenharmony_ci} 265a8e1175bSopenharmony_ci/* END_CASE */ 266a8e1175bSopenharmony_ci 267a8e1175bSopenharmony_ci/* BEGIN_CASE */ 268a8e1175bSopenharmony_civoid pkcs1_rsassa_v15_sign(int mod, char *input_P, 269a8e1175bSopenharmony_ci char *input_Q, char *input_N, 270a8e1175bSopenharmony_ci char *input_E, int digest, int hash, 271a8e1175bSopenharmony_ci data_t *message_str, data_t *rnd_buf, 272a8e1175bSopenharmony_ci data_t *result_str, int result) 273a8e1175bSopenharmony_ci{ 274a8e1175bSopenharmony_ci unsigned char output[128]; 275a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 276a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 277a8e1175bSopenharmony_ci mbedtls_test_rnd_buf_info info; 278a8e1175bSopenharmony_ci 279a8e1175bSopenharmony_ci info.fallback_f_rng = mbedtls_test_rnd_std_rand; 280a8e1175bSopenharmony_ci info.fallback_p_rng = NULL; 281a8e1175bSopenharmony_ci info.buf = rnd_buf->x; 282a8e1175bSopenharmony_ci info.length = rnd_buf->len; 283a8e1175bSopenharmony_ci 284a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 285a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 286a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 287a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 288a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V15, hash) == 0); 289a8e1175bSopenharmony_ci 290a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 291a8e1175bSopenharmony_ci 292a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 293a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 294a8e1175bSopenharmony_ci 295a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 296a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 297a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 298a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 299a8e1175bSopenharmony_ci 300a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 301a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 302a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 303a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 304a8e1175bSopenharmony_ci 305a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 306a8e1175bSopenharmony_ci &ctx, &mbedtls_test_rnd_buffer_rand, &info, 307a8e1175bSopenharmony_ci digest, message_str->len, message_str->x, 308a8e1175bSopenharmony_ci output) == result); 309a8e1175bSopenharmony_ci if (result == 0) { 310a8e1175bSopenharmony_ci 311a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 312a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 313a8e1175bSopenharmony_ci } 314a8e1175bSopenharmony_ci 315a8e1175bSopenharmony_ciexit: 316a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 317a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 318a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 319a8e1175bSopenharmony_ci} 320a8e1175bSopenharmony_ci/* END_CASE */ 321a8e1175bSopenharmony_ci 322a8e1175bSopenharmony_ci/* BEGIN_CASE */ 323a8e1175bSopenharmony_civoid pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E, 324a8e1175bSopenharmony_ci int digest, int hash, data_t *message_str, 325a8e1175bSopenharmony_ci char *salt, data_t *result_str, int result) 326a8e1175bSopenharmony_ci{ 327a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 328a8e1175bSopenharmony_ci mbedtls_mpi N, E; 329a8e1175bSopenharmony_ci ((void) salt); 330a8e1175bSopenharmony_ci 331a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 332a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 333a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 334a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V15, hash) == 0); 335a8e1175bSopenharmony_ci 336a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 337a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 338a8e1175bSopenharmony_ci 339a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 340a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 341a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 342a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 343a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 344a8e1175bSopenharmony_ci 345a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, 346a8e1175bSopenharmony_ci result_str->x) == result); 347a8e1175bSopenharmony_ci 348a8e1175bSopenharmony_ciexit: 349a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 350a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 351a8e1175bSopenharmony_ci} 352a8e1175bSopenharmony_ci/* END_CASE */ 353