2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_HEADER */
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/rsa.h"
|
|
|
|
#include "mbedtls/md.h"
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_HEADER */
|
|
|
|
|
|
|
|
/* BEGIN_DEPENDENCIES
|
2015-04-08 12:49:31 +02:00
|
|
|
* depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
2013-08-20 11:48:36 +02:00
|
|
|
* END_DEPENDENCIES
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* BEGIN_CASE */
|
2020-12-28 14:39:33 +01:00
|
|
|
void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
|
|
|
|
int hash, data_t * message_str, data_t * rnd_buf,
|
2020-06-26 14:33:03 +02:00
|
|
|
data_t * result_str, int result )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2018-11-22 14:49:49 +01:00
|
|
|
unsigned char output[256];
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context ctx;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_buf_info info;
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi N, E;
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2021-03-24 00:48:57 +01:00
|
|
|
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
|
|
|
|
info.fallback_p_rng = NULL;
|
2017-06-09 05:32:58 +02:00
|
|
|
info.buf = rnd_buf->x;
|
|
|
|
info.length = rnd_buf->len;
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
|
2021-06-05 11:11:14 +02:00
|
|
|
mbedtls_rsa_init( &ctx );
|
2021-06-08 10:03:49 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
|
|
|
|
MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
|
2018-11-22 14:49:49 +01:00
|
|
|
memset( output, 0x00, sizeof( output ) );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2020-12-28 14:39:33 +01:00
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
2017-08-23 07:38:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2018-10-15 16:32:42 +02:00
|
|
|
if( message_str->len == 0 )
|
|
|
|
message_str->x = NULL;
|
2020-06-10 14:08:26 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
|
|
|
|
&mbedtls_test_rnd_buffer_rand,
|
2021-05-13 18:30:32 +02:00
|
|
|
&info, message_str->len,
|
|
|
|
message_str->x,
|
2020-06-10 14:08:26 +02:00
|
|
|
output ) == result );
|
2013-08-20 11:48:36 +02:00
|
|
|
if( result == 0 )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2021-01-10 11:31:12 +01:00
|
|
|
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2013-01-03 11:33:48 +01:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_free( &ctx );
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_CASE */
|
|
|
|
|
|
|
|
/* BEGIN_CASE */
|
2020-12-28 14:39:33 +01:00
|
|
|
void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q,
|
|
|
|
data_t * input_N, data_t * input_E, int hash,
|
|
|
|
data_t * result_str, char * seed, data_t * message_str,
|
2017-06-09 05:32:58 +02:00
|
|
|
int result )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2018-11-22 14:49:49 +01:00
|
|
|
unsigned char output[64];
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context ctx;
|
2011-04-24 17:53:29 +02:00
|
|
|
size_t output_len;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi N, P, Q, E;
|
2013-08-16 13:38:47 +02:00
|
|
|
((void) seed);
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
|
|
|
|
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
|
|
|
|
|
2021-06-05 11:11:14 +02:00
|
|
|
mbedtls_rsa_init( &ctx );
|
2021-06-08 10:03:49 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
|
|
|
|
MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2018-11-22 14:49:49 +01:00
|
|
|
memset( output, 0x00, sizeof( output ) );
|
2020-06-10 12:12:18 +02:00
|
|
|
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2020-12-28 14:39:33 +01:00
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
2015-04-08 12:49:31 +02:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
2017-10-10 17:56:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2020-06-26 14:33:03 +02:00
|
|
|
if( result_str->len == 0 )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2020-06-10 14:08:26 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
&rnd_info,
|
|
|
|
&output_len, message_str->x,
|
|
|
|
NULL, 0 ) == result );
|
2018-10-15 16:32:42 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-06-10 14:08:26 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
&rnd_info,
|
|
|
|
&output_len, message_str->x,
|
|
|
|
output,
|
2018-11-22 14:49:49 +01:00
|
|
|
sizeof( output ) ) == result );
|
2018-10-15 16:32:42 +02:00
|
|
|
if( result == 0 )
|
|
|
|
{
|
2021-01-10 11:31:12 +01:00
|
|
|
ASSERT_COMPARE( output, output_len, result_str->x, result_str->len );
|
2018-10-15 16:32:42 +02:00
|
|
|
}
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2011-05-05 13:49:20 +02:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
|
|
|
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_free( &ctx );
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_CASE */
|
|
|
|
|
|
|
|
/* BEGIN_CASE */
|
2020-12-28 14:39:33 +01:00
|
|
|
void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
|
|
|
|
data_t * input_N, data_t * input_E, int digest,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
int hash, data_t * hash_digest, data_t * rnd_buf,
|
2021-01-10 11:52:39 +01:00
|
|
|
data_t * result_str, int fixed_salt_length,
|
|
|
|
int result )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2021-01-10 11:52:39 +01:00
|
|
|
unsigned char output[512];
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context ctx;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_buf_info info;
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi N, P, Q, E;
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2021-03-24 00:48:57 +01:00
|
|
|
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
|
|
|
|
info.fallback_p_rng = NULL;
|
2017-06-09 05:32:58 +02:00
|
|
|
info.buf = rnd_buf->x;
|
|
|
|
info.length = rnd_buf->len;
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
|
|
|
|
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
|
2021-06-05 11:11:14 +02:00
|
|
|
mbedtls_rsa_init( &ctx );
|
2021-06-08 10:03:49 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
|
|
|
|
MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2018-11-22 14:49:49 +01:00
|
|
|
memset( output, 0x00, sizeof( output ) );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2020-12-28 14:39:33 +01:00
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
2015-04-08 12:49:31 +02:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
2017-10-10 17:56:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2021-01-10 11:52:39 +01:00
|
|
|
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2021-06-22 18:39:53 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
|
|
|
|
&ctx, &mbedtls_test_rnd_buffer_rand, &info,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
digest, hash_digest->len, hash_digest->x, output ) == result );
|
2021-01-10 11:52:39 +01:00
|
|
|
if( result == 0 )
|
|
|
|
{
|
|
|
|
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
|
|
|
}
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2021-01-10 11:52:39 +01:00
|
|
|
info.buf = rnd_buf->x;
|
|
|
|
info.length = rnd_buf->len;
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2011-05-05 13:49:20 +02:00
|
|
|
|
2021-06-22 18:39:53 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext(
|
|
|
|
&ctx, &mbedtls_test_rnd_buffer_rand, &info,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
digest, hash_digest->len, hash_digest->x,
|
2021-06-22 18:39:53 +02:00
|
|
|
fixed_salt_length, output ) == result );
|
2020-04-30 11:57:04 +02:00
|
|
|
if( result == 0 )
|
|
|
|
{
|
2021-01-10 11:31:12 +01:00
|
|
|
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
2020-04-30 11:57:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
exit:
|
|
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
|
|
|
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
|
|
|
mbedtls_rsa_free( &ctx );
|
|
|
|
}
|
|
|
|
/* END_CASE */
|
|
|
|
|
2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_CASE */
|
2020-12-28 14:39:33 +01:00
|
|
|
void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
int digest, int hash, data_t * hash_digest,
|
2020-12-28 14:39:33 +01:00
|
|
|
char * salt, data_t * result_str, int result )
|
2011-03-08 15:16:06 +01:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context ctx;
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi N, E;
|
2013-08-16 13:38:47 +02:00
|
|
|
((void) salt);
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
|
2021-06-05 11:11:14 +02:00
|
|
|
mbedtls_rsa_init( &ctx );
|
2021-06-08 10:03:49 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
|
|
|
|
MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2020-12-28 14:39:33 +01:00
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
|
2011-03-08 15:16:06 +01:00
|
|
|
|
|
|
|
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, hash_digest->len, hash_digest->x, result_str->x ) == result );
|
2013-01-03 11:33:48 +01:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_free( &ctx );
|
2011-03-08 15:16:06 +01:00
|
|
|
}
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_CASE */
|
2014-06-03 11:44:06 +02:00
|
|
|
|
|
|
|
/* BEGIN_CASE */
|
2020-12-28 14:39:33 +01:00
|
|
|
void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E,
|
2014-06-03 11:44:06 +02:00
|
|
|
int msg_digest_id, int ctx_hash,
|
|
|
|
int mgf_hash, int salt_len,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
data_t * hash_digest,
|
2018-06-29 12:05:32 +02:00
|
|
|
data_t * result_str, int result_simple,
|
2014-06-03 11:44:06 +02:00
|
|
|
int result_full )
|
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_context ctx;
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi N, E;
|
2014-06-03 11:44:06 +02:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
|
2021-06-05 11:11:14 +02:00
|
|
|
mbedtls_rsa_init( &ctx );
|
2021-06-08 10:03:49 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
|
|
|
|
MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 );
|
2014-06-03 11:44:06 +02:00
|
|
|
|
2020-12-28 14:39:33 +01:00
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
2014-06-03 11:44:06 +02:00
|
|
|
|
2017-08-23 07:38:22 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
|
2014-06-03 11:44:06 +02:00
|
|
|
|
|
|
|
|
2021-05-18 19:45:09 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id,
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
hash_digest->len, hash_digest->x,
|
2021-05-18 19:45:09 +02:00
|
|
|
result_str->x ) == result_simple );
|
2014-06-03 11:44:06 +02:00
|
|
|
|
Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
|
|
|
TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_digest->len,
|
|
|
|
hash_digest->x, mgf_hash, salt_len,
|
2021-05-19 13:27:35 +02:00
|
|
|
result_str->x ) == result_full );
|
2014-06-03 11:44:06 +02:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2017-08-23 07:38:22 +02:00
|
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_free( &ctx );
|
2014-06-03 11:44:06 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|