test_suite_pkcs1_v15.function (14347B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/rsa.h" 3 #include "mbedtls/md.h" 4 /* END_HEADER */ 5 6 /* BEGIN_DEPENDENCIES 7 * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C 8 * END_DEPENDENCIES 9 */ 10 11 /* BEGIN_CASE */ 12 void pkcs1_rsaes_v15_encrypt(int mod, char *input_N, 13 char *input_E, int hash, 14 data_t *message_str, data_t *rnd_buf, 15 data_t *result_str, int result) 16 { 17 unsigned char output[128]; 18 mbedtls_rsa_context ctx; 19 mbedtls_test_rnd_buf_info info; 20 mbedtls_mpi N, E; 21 22 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 23 info.fallback_p_rng = NULL; 24 info.buf = rnd_buf->x; 25 info.length = rnd_buf->len; 26 27 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 28 mbedtls_rsa_init(&ctx); 29 30 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 31 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), MBEDTLS_MD_NONE); 32 33 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 34 MBEDTLS_RSA_PKCS_V15, hash) == 0); 35 memset(output, 0x00, sizeof(output)); 36 37 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 38 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 39 40 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 41 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 42 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 43 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 44 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 45 46 if (message_str->len == 0) { 47 message_str->x = NULL; 48 } 49 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 50 &mbedtls_test_rnd_buffer_rand, 51 &info, message_str->len, 52 message_str->x, 53 output) == result); 54 55 if (result == 0) { 56 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 57 ctx.len, result_str->len) == 0); 58 } 59 60 exit: 61 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 62 mbedtls_rsa_free(&ctx); 63 } 64 /* END_CASE */ 65 66 /* BEGIN_CASE */ 67 void pkcs1_rsaes_v15_decrypt(int mod, char *input_P, char *input_Q, 68 char *input_N, char *input_E, int hash, 69 data_t *result_str, char *seed, 70 data_t *message_str, int result) 71 { 72 unsigned char output[128]; 73 mbedtls_rsa_context ctx; 74 size_t output_len; 75 mbedtls_test_rnd_pseudo_info rnd_info; 76 mbedtls_mpi N, P, Q, E; 77 ((void) seed); 78 79 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 80 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 81 mbedtls_rsa_init(&ctx); 82 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 83 MBEDTLS_RSA_PKCS_V15, hash) == 0); 84 85 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 86 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 87 88 memset(output, 0x00, sizeof(output)); 89 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 90 91 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 92 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 93 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 94 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 95 96 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 97 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 98 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 99 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 100 101 if (result_str->len == 0) { 102 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 103 &mbedtls_test_rnd_pseudo_rand, 104 &rnd_info, 105 &output_len, message_str->x, 106 NULL, 0) == result); 107 } else { 108 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 109 &mbedtls_test_rnd_pseudo_rand, 110 &rnd_info, 111 &output_len, message_str->x, 112 output, 1000) == result); 113 if (result == 0) { 114 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 115 output_len, 116 result_str->len) == 0); 117 } 118 } 119 120 exit: 121 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 122 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 123 mbedtls_rsa_free(&ctx); 124 } 125 /* END_CASE */ 126 127 /* BEGIN_CASE */ 128 void pkcs1_v15_decode(data_t *input, 129 int expected_plaintext_length_arg, 130 int output_size_arg, 131 int expected_result) 132 { 133 size_t expected_plaintext_length = expected_plaintext_length_arg; 134 size_t output_size = output_size_arg; 135 mbedtls_test_rnd_pseudo_info rnd_info; 136 mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi; 137 mbedtls_rsa_context ctx; 138 static unsigned char N[128] = { 139 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5, 140 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec, 141 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5, 142 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73, 143 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5, 144 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde, 145 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d, 146 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e, 147 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2, 148 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1, 149 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46, 150 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec, 151 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33, 152 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11, 153 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12, 154 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb 155 }; 156 static unsigned char E[1] = { 0x03 }; 157 static unsigned char P[64] = { 158 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8, 159 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8, 160 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd, 161 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9, 162 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5, 163 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55, 164 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1, 165 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b 166 }; 167 static unsigned char Q[64] = { 168 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b, 169 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03, 170 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c, 171 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e, 172 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83, 173 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc, 174 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca, 175 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1 176 }; 177 unsigned char original[128]; 178 unsigned char intermediate[128]; 179 static unsigned char default_content[128] = { 180 /* A randomly generated pattern. */ 181 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a, 182 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19, 183 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58, 184 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4, 185 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50, 186 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa, 187 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08, 188 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf, 189 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70, 190 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef, 191 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a, 192 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2, 193 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b, 194 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde, 195 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d, 196 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42 197 }; 198 unsigned char final[128]; 199 size_t output_length = 0x7EA0; 200 201 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 202 mbedtls_mpi_init(&Nmpi); mbedtls_mpi_init(&Empi); 203 mbedtls_mpi_init(&Pmpi); mbedtls_mpi_init(&Qmpi); 204 mbedtls_rsa_init(&ctx); 205 206 TEST_ASSERT(mbedtls_mpi_read_binary(&Nmpi, N, sizeof(N)) == 0); 207 TEST_ASSERT(mbedtls_mpi_read_binary(&Empi, E, sizeof(E)) == 0); 208 TEST_ASSERT(mbedtls_mpi_read_binary(&Pmpi, P, sizeof(P)) == 0); 209 TEST_ASSERT(mbedtls_mpi_read_binary(&Qmpi, Q, sizeof(Q)) == 0); 210 211 TEST_ASSERT(mbedtls_rsa_import(&ctx, &Nmpi, &Pmpi, &Qmpi, 212 NULL, &Empi) == 0); 213 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 214 215 TEST_ASSERT(input->len <= sizeof(N)); 216 memcpy(original, input->x, input->len); 217 memset(original + input->len, 'd', sizeof(original) - input->len); 218 TEST_ASSERT(mbedtls_rsa_public(&ctx, original, intermediate) == 0); 219 220 memcpy(final, default_content, sizeof(final)); 221 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, 222 &mbedtls_test_rnd_pseudo_rand, 223 &rnd_info, &output_length, 224 intermediate, final, 225 output_size) == expected_result); 226 if (expected_result == 0) { 227 TEST_ASSERT(output_length == expected_plaintext_length); 228 TEST_ASSERT(memcmp(original + sizeof(N) - output_length, 229 final, 230 output_length) == 0); 231 } else if (expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING || 232 expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) { 233 size_t max_payload_length = 234 output_size > sizeof(N) - 11 ? sizeof(N) - 11 : output_size; 235 size_t i; 236 size_t count = 0; 237 238 #if !defined(MBEDTLS_RSA_ALT) 239 /* Check that the output in invalid cases is what the default 240 * implementation currently does. Alternative implementations 241 * may produce different output, so we only perform these precise 242 * checks when using the default implementation. */ 243 TEST_ASSERT(output_length == max_payload_length); 244 for (i = 0; i < max_payload_length; i++) { 245 TEST_ASSERT(final[i] == 0); 246 } 247 #endif 248 /* Even in alternative implementations, the outputs must have 249 * changed, otherwise it indicates at least a timing vulnerability 250 * because no write to the outputs is performed in the bad case. */ 251 TEST_ASSERT(output_length != 0x7EA0); 252 for (i = 0; i < max_payload_length; i++) { 253 count += (final[i] == default_content[i]); 254 } 255 /* If more than 16 bytes are unchanged in final, that's evidence 256 * that final wasn't overwritten. */ 257 TEST_ASSERT(count < 16); 258 } 259 260 exit: 261 mbedtls_mpi_free(&Nmpi); mbedtls_mpi_free(&Empi); 262 mbedtls_mpi_free(&Pmpi); mbedtls_mpi_free(&Qmpi); 263 mbedtls_rsa_free(&ctx); 264 } 265 /* END_CASE */ 266 267 /* BEGIN_CASE */ 268 void pkcs1_rsassa_v15_sign(int mod, char *input_P, 269 char *input_Q, char *input_N, 270 char *input_E, int digest, int hash, 271 data_t *message_str, data_t *rnd_buf, 272 data_t *result_str, int result) 273 { 274 unsigned char output[128]; 275 mbedtls_rsa_context ctx; 276 mbedtls_mpi N, P, Q, E; 277 mbedtls_test_rnd_buf_info info; 278 279 info.fallback_f_rng = mbedtls_test_rnd_std_rand; 280 info.fallback_p_rng = NULL; 281 info.buf = rnd_buf->x; 282 info.length = rnd_buf->len; 283 284 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 285 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 286 mbedtls_rsa_init(&ctx); 287 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 288 MBEDTLS_RSA_PKCS_V15, hash) == 0); 289 290 memset(output, 0x00, sizeof(output)); 291 292 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 293 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 294 295 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 296 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 297 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 298 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 299 300 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 301 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 302 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 303 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 304 305 TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 306 &ctx, &mbedtls_test_rnd_buffer_rand, &info, 307 digest, message_str->len, message_str->x, 308 output) == result); 309 if (result == 0) { 310 311 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 312 ctx.len, result_str->len) == 0); 313 } 314 315 exit: 316 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 317 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 318 mbedtls_rsa_free(&ctx); 319 } 320 /* END_CASE */ 321 322 /* BEGIN_CASE */ 323 void pkcs1_rsassa_v15_verify(int mod, char *input_N, char *input_E, 324 int digest, int hash, data_t *message_str, 325 char *salt, data_t *result_str, int result) 326 { 327 mbedtls_rsa_context ctx; 328 mbedtls_mpi N, E; 329 ((void) salt); 330 331 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 332 mbedtls_rsa_init(&ctx); 333 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, 334 MBEDTLS_RSA_PKCS_V15, hash) == 0); 335 336 TEST_EQUAL(mbedtls_rsa_get_padding_mode(&ctx), MBEDTLS_RSA_PKCS_V15); 337 TEST_EQUAL(mbedtls_rsa_get_md_alg(&ctx), hash); 338 339 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 340 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 341 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 342 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) ((mod + 7) / 8)); 343 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 344 345 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, 346 result_str->x) == result); 347 348 exit: 349 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 350 mbedtls_rsa_free(&ctx); 351 } 352 /* END_CASE */