mbedtls/tests/suites/test_suite_pkcs1_v21.data

1043 lines
333 KiB
Text
Raw Normal View History

RSAES-OAEP Encryption Test Vector Int
pkcs1_rsaes_oaep_encrypt:1024:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
RSAES-OAEP Encryption Test Vector Data just fits
pkcs1_rsaes_oaep_encrypt:1024:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd":"aafd12f659cae63489b479e5076ddec2f06cb58f":"3082f2288fff275213d53168f0a272573cff81837c249dc1f380a12ac124c8f217b700708a1ce7dce154265f31a126ebdd9ed3ef9145ae29124a25f4e65aa52c5a9ff34f6cf4de9ba937ae406dc7d1f277af4f6fb7ea73bfbab2bd397b6b2c53570e173ffcf3b9f0bb96837623a4f87bd81b41446c59e681a2f3da81239e9bdf":0
RSAES-OAEP Encryption Test Vector Data too long
pkcs1_rsaes_oaep_encrypt:1024:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSAES-OAEP Encryption Test Vector 1_1
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34":"18b776ea21069d69776a33e96bad48e1dda0a5ef":"354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a":0
RSAES-OAEP Encryption Test Vector 1_2
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5":"0cc742ce4a9b7f32f951bcb251efd925fe4fe35f":"640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44":0
RSAES-OAEP Encryption Test Vector 1_3
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051":"2514df4695755a67b288eaf4905c36eec66fd2fd":"423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb":0
RSAES-OAEP Encryption Test Vector 1_4
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85":"c4435a3e1a18a68b6820436290a37cefb85db3fb":"45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755":0
RSAES-OAEP Encryption Test Vector 1_5
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"8da89fd9e5f974a29feffb462b49180f6cf9e802":"b318c42df3be0f83fea823f5a7b47ed5e425a3b5":"36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439":0
RSAES-OAEP Encryption Test Vector 1_6
pkcs1_rsaes_oaep_encrypt:1024:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"26521050844271":"e4ec0982c2336f3a677f6a356174eb0ce887abc2":"42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255":0
RSAES-OAEP Encryption Test Vector 2_1
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7":"8c407b5ec2899e5099c53e8ce793bf94e71b1782":"0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e":0
RSAES-OAEP Encryption Test Vector 2_2
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"2d":"b600cf3c2e506d7f16778c910d3a8b003eee61d5":"018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245":0
RSAES-OAEP Encryption Test Vector 2_3
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e":"a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3":"018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053":0
RSAES-OAEP Encryption Test Vector 2_4
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a":"9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156":"00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641":0
RSAES-OAEP Encryption Test Vector 2_5
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"2ef2b066f854c33f3bdcbb5994a435e73d6c6c":"eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3":"00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec":0
RSAES-OAEP Encryption Test Vector 2_6
pkcs1_rsaes_oaep_encrypt:1025:"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0":"4c45cf4d57c98e3d6d2095adc51c489eb50dff84":"010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a":0
RSAES-OAEP Encryption Example 3_1
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"087820b569e8fa8d":"8ced6b196290805790e909074015e6a20b0c4894":"026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80":0
RSAES-OAEP Encryption Example 3_2
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04":"b4291d6567550848cc156967c809baab6ca507f0":"024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5":0
RSAES-OAEP Encryption Example 3_3
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"d94cd0e08fa404ed89":"ce8928f6059558254008badd9794fadcd2fd1f65":"0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a":0
RSAES-OAEP Encryption Example 3_4
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"6cc641b6b61e6f963974dad23a9013284ef1":"6e2979f52d6814a57d83b090054888f119a5b9a3":"02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0":0
RSAES-OAEP Encryption Example 3_5
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223":"2d760bfe38c59de34cdc8b8c78a38e66284a2d27":"0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60":0
RSAES-OAEP Encryption Example 3_6
pkcs1_rsaes_oaep_encrypt:1026:"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1":"f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e":"00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730":0
RSAES-OAEP Encryption Example 4_1
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2":"1cac19ce993def55f98203f6852896c95ccca1f3":"04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8":0
RSAES-OAEP Encryption Example 4_2
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8":"f545d5897585e3db71aa0cb8da76c51d032ae963":"0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e":0
RSAES-OAEP Encryption Example 4_3
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99":"ad997feef730d6ea7be60d0dc52e72eacbfdd275":"0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065":0
RSAES-OAEP Encryption Example 4_4
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"fb2ef112f5e766eb94019297934794f7be2f6fc1c58e":"136454df5730f73c807a7e40d8c1a312ac5b9dd3":"02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4":0
RSAES-OAEP Encryption Example 4_5
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284":"bca8057f824b2ea257f2861407eef63d33208681":"00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2":0
RSAES-OAEP Encryption Example 4_6
pkcs1_rsaes_oaep_encrypt:1027:"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"f22242751ec6b1":"2e7e1e17f647b5ddd033e15472f90f6812f3ac4e":"00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9":0
RSAES-OAEP Encryption Example 5_1
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8":"44c92e283f77b9499c603d963660c87d2f939461":"036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5":0
RSAES-OAEP Encryption Example 5_2
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399":"cb28f5860659fceee49c3eeafce625a70803bd32":"03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad":0
RSAES-OAEP Encryption Example 5_3
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7":"2285f40d770482f9a9efa2c72cb3ac55716dc0ca":"0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967":0
RSAES-OAEP Encryption Example 5_4
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"15c5b9ee1185":"49fa45d3a78dd10dfd577399d1eb00af7eed5513":"0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf":0
RSAES-OAEP Encryption Example 5_5
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a":"f0287413234cc5034724a094c4586b87aff133fc":"07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723":0
RSAES-OAEP Encryption Example 5_6
pkcs1_rsaes_oaep_encrypt:1028:"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"541e37b68b6c8872b84c02":"d9fba45c96f21e6e26d29eb2cdcb6585be9cb341":"08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a":0
RSAES-OAEP Encryption Example 6_1
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4":"dd0f6cfe415e88e5a469a51fbba6dfd40adb4384":"0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3":0
RSAES-OAEP Encryption Example 6_2
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7":"8d14bd946a1351148f5cae2ed9a0c653e85ebd85":"0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f":0
RSAES-OAEP Encryption Example 6_3
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c":"6c075bc45520f165c0bf5ea4c5df191bc9ef0e44":"0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65":0
RSAES-OAEP Encryption Example 6_4
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"684e3038c5c041f7":"3bbc3bd6637dfe12846901029bf5b0c07103439c":"008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8":0
RSAES-OAEP Encryption Example 6_5
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693":"b46b41893e8bef326f6759383a83071dae7fcabc":"00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab":0
RSAES-OAEP Encryption Example 6_6
pkcs1_rsaes_oaep_encrypt:1029:"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"50ba14be8462720279c306ba":"0a2403312a41e3d52f060fbc13a67de5cf7609a7":"0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470":0
RSAES-OAEP Encryption Example 7_1
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"47aae909":"43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f":"1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1":0
RSAES-OAEP Encryption Example 7_2
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7":"3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b":"1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6":0
RSAES-OAEP Encryption Example 7_3
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"d976fc":"76a75e5b6157a556cf8884bb2e45c293dd545cf5":"2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b":0
RSAES-OAEP Encryption Example 7_4
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb":"7866314a6ad6f2b250a35941db28f5864b585859":"0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac":0
RSAES-OAEP Encryption Example 7_5
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"bb47231ca5ea1d3ad46c99345d9a8a61":"b2166ed472d58db10cab2c6b000cccf10a7dc509":"028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478":0
RSAES-OAEP Encryption Example 7_6
pkcs1_rsaes_oaep_encrypt:1030:"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"2184827095d35c3f86f600e8e59754013296":"52673bde2ca166c2aa46131ac1dc808d67d7d3b1":"14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115":0
RSAES-OAEP Encryption Example 8_1
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967":"7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125":"09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61":0
RSAES-OAEP Encryption Example 8_2
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc":"a3717da143b4dcffbc742665a8fa950585548343":"2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d":0
RSAES-OAEP Encryption Example 8_3
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"8604ac56328c1ab5ad917861":"ee06209073cca026bb264e5185bf8c68b7739f86":"4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f":0
RSAES-OAEP Encryption Example 8_4
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc":"990ad573dc48a973235b6d82543618f2e955105d":"2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0":0
RSAES-OAEP Encryption Example 8_5
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"4a5f4914bee25de3c69341de07":"ecc63b28f0756f22f52ac8e6ec1251a6ec304718":"1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2":0
RSAES-OAEP Encryption Example 8_6
pkcs1_rsaes_oaep_encrypt:1031:"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be":"3925c71b362d40a0a6de42145579ba1e7dd459fc":"3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210":0
RSAES-OAEP Encryption Example 9_1
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6":"8ec965f134a3ec9931e92a1ca0dc8169d5ea705c":"267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72":0
RSAES-OAEP Encryption Example 9_2
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659":"ecb1b8b25fa50cdab08e56042867f4af5826d16c":"93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8":0
RSAES-OAEP Encryption Example 9_3
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"fd326429df9b890e09b54b18b8f34f1e24":"e89bb032c6ce622cbdb53bc9466014ea77f777c0":"81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3":0
RSAES-OAEP Encryption Example 9_4
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e":"606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc":"bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858":0
RSAES-OAEP Encryption Example 9_5
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d":"fcbc421402e9ecabc6082afa40ba5f26522c840e":"232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e":0
RSAES-OAEP Encryption Example 9_6
pkcs1_rsaes_oaep_encrypt:1536:"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"b6b28ea2198d0c1008bc64":"23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2":"438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f":0
RSAES-OAEP Encryption Example 10_1
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee":"47e1ab7119fee56c95ee5eaad86f40d0aa63bd33":"53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc":0
RSAES-OAEP Encryption Example 10_2
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"e6ad181f053b58a904f2457510373e57":"6d17f5b4c1ffac351d195bf7b09d09f09a4079cf":"a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795":0
RSAES-OAEP Encryption Example 10_3
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124":"385387514deccc7c740dd8cdf9daee49a1cbfd54":"9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede":0
RSAES-OAEP Encryption Example 10_4
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9":"5caca6a0f764161a9684f85d92b6e0ef37ca8b65":"6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8":0
RSAES-OAEP Encryption Example 10_5
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9":"95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4":"75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0":0
RSAES-OAEP Encryption Example 10_6
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
RSAES-OAEP Encryption input=NULL with length=0
depends_on:MBEDTLS_SHA1_C
pkcs1_rsaes_oaep_encrypt:2048:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
RSAES-OAEP Decryption Test Vector Int
pkcs1_rsaes_oaep_decrypt:1024:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
RSAES-OAEP Decryption Test Vector 1_1
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34":"18b776ea21069d69776a33e96bad48e1dda0a5ef":"354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a":0
RSAES-OAEP Decryption Test Vector 1_2
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5":"0cc742ce4a9b7f32f951bcb251efd925fe4fe35f":"640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44":0
RSAES-OAEP Decryption Test Vector 1_3
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051":"2514df4695755a67b288eaf4905c36eec66fd2fd":"423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb":0
RSAES-OAEP Decryption Test Vector 1_4
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85":"c4435a3e1a18a68b6820436290a37cefb85db3fb":"45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755":0
RSAES-OAEP Decryption Test Vector 1_5
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"8da89fd9e5f974a29feffb462b49180f6cf9e802":"b318c42df3be0f83fea823f5a7b47ed5e425a3b5":"36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439":0
RSAES-OAEP Decryption Test Vector 1_6
pkcs1_rsaes_oaep_decrypt:1024:"d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d":"cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77":"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":"010001":MBEDTLS_MD_SHA1:"26521050844271":"e4ec0982c2336f3a677f6a356174eb0ce887abc2":"42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255":0
RSAES-OAEP Decryption Test Vector 2_1
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7":"8c407b5ec2899e5099c53e8ce793bf94e71b1782":"0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e":0
RSAES-OAEP Decryption Test Vector 2_2
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"2d":"b600cf3c2e506d7f16778c910d3a8b003eee61d5":"018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245":0
RSAES-OAEP Decryption Test Vector 2_3
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e":"a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3":"018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053":0
RSAES-OAEP Decryption Test Vector 2_4
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a":"9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156":"00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641":0
RSAES-OAEP Decryption Test Vector 2_5
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"2ef2b066f854c33f3bdcbb5994a435e73d6c6c":"eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3":"00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec":0
RSAES-OAEP Decryption Test Vector 2_6
pkcs1_rsaes_oaep_decrypt:1025:"0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43":"012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7":"01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45":"010001":MBEDTLS_MD_SHA1:"8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0":"4c45cf4d57c98e3d6d2095adc51c489eb50dff84":"010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a":0
RSAES-OAEP Decryption Example 3_1
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"087820b569e8fa8d":"8ced6b196290805790e909074015e6a20b0c4894":"026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80":0
RSAES-OAEP Decryption Example 3_2
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04":"b4291d6567550848cc156967c809baab6ca507f0":"024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5":0
RSAES-OAEP Decryption Example 3_3
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"d94cd0e08fa404ed89":"ce8928f6059558254008badd9794fadcd2fd1f65":"0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a":0
RSAES-OAEP Decryption Example 3_4
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"6cc641b6b61e6f963974dad23a9013284ef1":"6e2979f52d6814a57d83b090054888f119a5b9a3":"02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0":0
RSAES-OAEP Decryption Example 3_5
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223":"2d760bfe38c59de34cdc8b8c78a38e66284a2d27":"0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60":0
RSAES-OAEP Decryption Example 3_6
pkcs1_rsaes_oaep_decrypt:1026:"01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf":"018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7":"02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9":"010001":MBEDTLS_MD_SHA1:"3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1":"f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e":"00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730":0
RSAES-OAEP Decryption Example 4_1
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2":"1cac19ce993def55f98203f6852896c95ccca1f3":"04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8":0
RSAES-OAEP Decryption Example 4_2
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8":"f545d5897585e3db71aa0cb8da76c51d032ae963":"0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e":0
RSAES-OAEP Decryption Example 4_3
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99":"ad997feef730d6ea7be60d0dc52e72eacbfdd275":"0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065":0
RSAES-OAEP Decryption Example 4_4
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"fb2ef112f5e766eb94019297934794f7be2f6fc1c58e":"136454df5730f73c807a7e40d8c1a312ac5b9dd3":"02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4":0
RSAES-OAEP Decryption Example 4_5
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284":"bca8057f824b2ea257f2861407eef63d33208681":"00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2":0
RSAES-OAEP Decryption Example 4_6
pkcs1_rsaes_oaep_decrypt:1027:"027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701":"0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139":"051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039":"010001":MBEDTLS_MD_SHA1:"f22242751ec6b1":"2e7e1e17f647b5ddd033e15472f90f6812f3ac4e":"00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9":0
RSAES-OAEP Decryption Example 5_1
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8":"44c92e283f77b9499c603d963660c87d2f939461":"036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5":0
RSAES-OAEP Decryption Example 5_2
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399":"cb28f5860659fceee49c3eeafce625a70803bd32":"03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad":0
RSAES-OAEP Decryption Example 5_3
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7":"2285f40d770482f9a9efa2c72cb3ac55716dc0ca":"0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967":0
RSAES-OAEP Decryption Example 5_4
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"15c5b9ee1185":"49fa45d3a78dd10dfd577399d1eb00af7eed5513":"0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf":0
RSAES-OAEP Decryption Example 5_5
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a":"f0287413234cc5034724a094c4586b87aff133fc":"07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723":0
RSAES-OAEP Decryption Example 5_6
pkcs1_rsaes_oaep_decrypt:1028:"03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707":"02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f":"0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9":"010001":MBEDTLS_MD_SHA1:"541e37b68b6c8872b84c02":"d9fba45c96f21e6e26d29eb2cdcb6585be9cb341":"08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a":0
RSAES-OAEP Decryption Example 6_1
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4":"dd0f6cfe415e88e5a469a51fbba6dfd40adb4384":"0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3":0
RSAES-OAEP Decryption Example 6_2
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7":"8d14bd946a1351148f5cae2ed9a0c653e85ebd85":"0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f":0
RSAES-OAEP Decryption Example 6_3
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c":"6c075bc45520f165c0bf5ea4c5df191bc9ef0e44":"0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65":0
RSAES-OAEP Decryption Example 6_4
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"684e3038c5c041f7":"3bbc3bd6637dfe12846901029bf5b0c07103439c":"008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8":0
RSAES-OAEP Decryption Example 6_5
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693":"b46b41893e8bef326f6759383a83071dae7fcabc":"00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab":0
RSAES-OAEP Decryption Example 6_6
pkcs1_rsaes_oaep_decrypt:1029:"04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b":"0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed":"12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af":"010001":MBEDTLS_MD_SHA1:"50ba14be8462720279c306ba":"0a2403312a41e3d52f060fbc13a67de5cf7609a7":"0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470":0
RSAES-OAEP Decryption Example 7_1
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"47aae909":"43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f":"1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1":0
RSAES-OAEP Decryption Example 7_2
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7":"3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b":"1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6":0
RSAES-OAEP Decryption Example 7_3
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"d976fc":"76a75e5b6157a556cf8884bb2e45c293dd545cf5":"2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b":0
RSAES-OAEP Decryption Example 7_4
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb":"7866314a6ad6f2b250a35941db28f5864b585859":"0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac":0
RSAES-OAEP Decryption Example 7_5
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"bb47231ca5ea1d3ad46c99345d9a8a61":"b2166ed472d58db10cab2c6b000cccf10a7dc509":"028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478":0
RSAES-OAEP Decryption Example 7_6
pkcs1_rsaes_oaep_decrypt:1030:"0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71":"06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023":"311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373":"010001":MBEDTLS_MD_SHA1:"2184827095d35c3f86f600e8e59754013296":"52673bde2ca166c2aa46131ac1dc808d67d7d3b1":"14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115":0
RSAES-OAEP Decryption Example 8_1
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967":"7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125":"09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61":0
RSAES-OAEP Decryption Example 8_2
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc":"a3717da143b4dcffbc742665a8fa950585548343":"2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d":0
RSAES-OAEP Decryption Example 8_3
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"8604ac56328c1ab5ad917861":"ee06209073cca026bb264e5185bf8c68b7739f86":"4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f":0
RSAES-OAEP Decryption Example 8_4
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc":"990ad573dc48a973235b6d82543618f2e955105d":"2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0":0
RSAES-OAEP Decryption Example 8_5
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"4a5f4914bee25de3c69341de07":"ecc63b28f0756f22f52ac8e6ec1251a6ec304718":"1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2":0
RSAES-OAEP Decryption Example 8_6
pkcs1_rsaes_oaep_decrypt:1031:"0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f":"092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9":"5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7":"010001":MBEDTLS_MD_SHA1:"8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be":"3925c71b362d40a0a6de42145579ba1e7dd459fc":"3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210":0
RSAES-OAEP Decryption Example 9_1
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6":"8ec965f134a3ec9931e92a1ca0dc8169d5ea705c":"267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72":0
RSAES-OAEP Decryption Example 9_2
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659":"ecb1b8b25fa50cdab08e56042867f4af5826d16c":"93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8":0
RSAES-OAEP Decryption Example 9_3
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"fd326429df9b890e09b54b18b8f34f1e24":"e89bb032c6ce622cbdb53bc9466014ea77f777c0":"81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3":0
RSAES-OAEP Decryption Example 9_4
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e":"606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc":"bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858":0
RSAES-OAEP Decryption Example 9_5
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d":"fcbc421402e9ecabc6082afa40ba5f26522c840e":"232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e":0
RSAES-OAEP Decryption Example 9_6
pkcs1_rsaes_oaep_decrypt:1536:"fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd":"d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1":"cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d":"010001":MBEDTLS_MD_SHA1:"b6b28ea2198d0c1008bc64":"23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2":"438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f":0
RSAES-OAEP Decryption Example 10_1
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee":"47e1ab7119fee56c95ee5eaad86f40d0aa63bd33":"53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc":0
RSAES-OAEP Decryption Example 10_2
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"e6ad181f053b58a904f2457510373e57":"6d17f5b4c1ffac351d195bf7b09d09f09a4079cf":"a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795":0
RSAES-OAEP Decryption Example 10_3
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124":"385387514deccc7c740dd8cdf9daee49a1cbfd54":"9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede":0
RSAES-OAEP Decryption Example 10_4
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9":"5caca6a0f764161a9684f85d92b6e0ef37ca8b65":"6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8":0
RSAES-OAEP Decryption Example 10_5
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9":"95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4":"75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0":0
RSAES-OAEP Decryption Example 10_6
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
RSAES-OAEP Decryption empty output with NULL buffer
depends_on:MBEDTLS_SHA1_C
pkcs1_rsaes_oaep_decrypt:2048:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
RSASSA-PSS Signing Test Vector Int
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Verification Test Vector Int
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
rsa: pss: Enable use of big hashes with small keys It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or 1032-bit RSA key, but with the salt size being always equal to the hash size, this isn't possible: the key is too small. To enable use of hashes that are relatively large compared to the key size, allow reducing the salt size to no less than the hash size minus 2 bytes. We don't allow salt sizes smaller than the hash size minus 2 bytes because that too significantly changes the security guarantees the library provides compared to the previous implementation which always used a salt size equal to the hash size. The new calculated salt size remains compliant with FIPS 186-4. We also need to update the "hash too large" test, since we now reduce the salt size when certain key sizes are used. We used to not support 1024-bit keys with SHA-512, but now we support this by reducing the salt size to 62. Update the "hash too large" test to use a 1016-bit RSA key with SHA-512, which still has too large of a hash because we will not reduce the salt size further than 2 bytes shorter than the hash size. The RSA private key used for the test was generated using "openssl genrsa 1016" using OpenSSL 1.1.1-pre8. $ openssl genrsa 1016 Generating RSA private key, 1016 bit long modulus (2 primes) ..............++++++ ....++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0 fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89 5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2 JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2 -----END RSA PRIVATE KEY-----
2018-09-07 20:12:36 +02:00
RSASSA-PSS Signature RSA-1016, SHA-512: minimum salt size not met
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1016:"0e3cb6845e528229e19cfb24611e6859ac1cea7d35992b6e2e796823c52affa03400e42830f90697f084499c3e3587defc19e749e72433dd7b70c28b0c8280b7":"0c48f9e45ae38fdb4a5143be37d79a10cd4f1f9782ef26a4848a4449c72cfd712c68350818736385cb4a9ab6db5aef8e96c551039cfcc8915821aee069ed660d":"00aee7874a4db2f1510044405db29f14df0f37bbcf61fcbcc994a3d31caaf858a74cc8f2a40ac9a9ce7aa9a0680f62cf9d8d4b827114533fdbf86f16fc9dfe5cbf857d86135519a4611ffc59cb7473861619a78e3ec314715e804cff82d6f32e9f57ddf390563629883bd34f40e8db413209b151cee97d817a5d65c7da54734b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
rsa: pss: Add no possible salt size tests Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These selections of key and hash size should lead to an error returned, as there is not enough room for our chosen minimum salt size of two bytes less than the hash size. These test the boundary around an available salt length of 0 or -1 bytes. The RSA keys were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 520 Generating RSA private key, 520 bit long modulus (2 primes) .............++++++++++++ .................++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ= -----END RSA PRIVATE KEY----- $ openssl genrsa 528 Generating RSA private key, 528 bit long modulus (2 primes) .........++++++++++++ ....++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/ ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8= -----END RSA PRIVATE KEY-----
2018-09-11 15:05:42 +02:00
RSASSA-PSS Signature RSA-520, SHA-512: no possible salt size
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:520:"0feea5f6220fac291b9508ec2ba8ed281eb39aee4d5dc693254106816ebc700ecf":"0d68918785c3aafe31eaaa2d8d8156dce645940ff7734a457337a51bd00bc88811":"00d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
rsa: pss: Add no possible salt size tests Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These selections of key and hash size should lead to an error returned, as there is not enough room for our chosen minimum salt size of two bytes less than the hash size. These test the boundary around an available salt length of 0 or -1 bytes. The RSA keys were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 520 Generating RSA private key, 520 bit long modulus (2 primes) .............++++++++++++ .................++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ= -----END RSA PRIVATE KEY----- $ openssl genrsa 528 Generating RSA private key, 528 bit long modulus (2 primes) .........++++++++++++ ....++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/ ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8= -----END RSA PRIVATE KEY-----
2018-09-11 15:05:42 +02:00
RSASSA-PSS Signature RSA-528, SHA-512: zero salt size
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:528:"00d272aa28ed2085ac6df3c05c6719eed5deb618afa2e4ca4a6f7330b430ad48672d":"00c578836bab27145db9dd66f17470b62d4a6100f8ca0dedf457ee3639c3b9596325":"00a2554eba715bf66e5ecdf3d6d718e3e5d907e8666e7bf5a76b415106e04eb827ec4cb2199cff66491d45419082059aa5b54b0cf5eef4443402f3047c0b0e6f025081":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature Example 1_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"cd8b6538cb8e8de566b68bd067569dbf1ee2718e":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"cd8b6538cb8e8de566b68bd067569dbf1ee2718e":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0
RSASSA-PSS Signature Example 1_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd":"ef2869fa40c346cb183dab3d7bffc98fd56df42d":"3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd":"ef2869fa40c346cb183dab3d7bffc98fd56df42d":"3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843":0
RSASSA-PSS Signature Example 1_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0652ec67bcee30f9d2699122b91c19abdba89f91":"710b9c4747d800d4de87f12afdce6df18107cc77":"666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0652ec67bcee30f9d2699122b91c19abdba89f91":"710b9c4747d800d4de87f12afdce6df18107cc77":"666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1":0
RSASSA-PSS Signature Example 1_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"39c21c4cceda9c1adf839c744e1212a6437575ec":"056f00985de14d8ef5cea9e82f8c27bef720335e":"4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"39c21c4cceda9c1adf839c744e1212a6437575ec":"056f00985de14d8ef5cea9e82f8c27bef720335e":"4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87":0
RSASSA-PSS Signature Example 1_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"36dae913b77bd17cae6e7b09453d24544cebb33c":"80e70ff86a08de3ec60972b39b4fbfdcea67ae8e":"1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"36dae913b77bd17cae6e7b09453d24544cebb33c":"80e70ff86a08de3ec60972b39b4fbfdcea67ae8e":"1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad":0
RSASSA-PSS Signature Example 1_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"45eef191f4f79c31fe5d2ede7e5098994e929d2d":"a8ab69dd801f0074c2a1fc60649836c616d99681":"2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 1_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1024:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"45eef191f4f79c31fe5d2ede7e5098994e929d2d":"a8ab69dd801f0074c2a1fc60649836c616d99681":"2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58":0
RSASSA-PSS Signature Example 2_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"5c81a3e2a658246628cd0ee8b00bb4c012bc9739":"57bf160bcb02bb1dc7280cf0458530b7d2832ff7":"014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"5c81a3e2a658246628cd0ee8b00bb4c012bc9739":"57bf160bcb02bb1dc7280cf0458530b7d2832ff7":"014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3":0
RSASSA-PSS Signature Example 2_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"27f71611446aa6eabf037f7dedeede3203244991":"7f6dd359e604e60870e898e47b19bf2e5a7b2a90":"010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"27f71611446aa6eabf037f7dedeede3203244991":"7f6dd359e604e60870e898e47b19bf2e5a7b2a90":"010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea":0
RSASSA-PSS Signature Example 2_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"03ecc2c33e93f05fc7224fcc0d461356cb897217":"fca862068bce2246724b708a0519da17e648688c":"007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"03ecc2c33e93f05fc7224fcc0d461356cb897217":"fca862068bce2246724b708a0519da17e648688c":"007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4":0
RSASSA-PSS Signature Example 2_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"246c727b4b9494849dddb068d582e179ac20999c":"8070ef2de945c02387684ba0d33096732235d440":"009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"246c727b4b9494849dddb068d582e179ac20999c":"8070ef2de945c02387684ba0d33096732235d440":"009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b":0
RSASSA-PSS Signature Example 2_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912":"17639a4e88d722c4fca24d079a8b29c32433b0c9":"00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912":"17639a4e88d722c4fca24d079a8b29c32433b0c9":"00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf":0
RSASSA-PSS Signature Example 2_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1025:"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1":"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079":"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7a6fdc1a4e434ecbc35d657ad49a2f4fafd43bc8":"37810def1055ed922b063df798de5d0aabf886ee":"00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 2_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1025:"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7a6fdc1a4e434ecbc35d657ad49a2f4fafd43bc8":"37810def1055ed922b063df798de5d0aabf886ee":"00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6":0
RSASSA-PSS Signature Example 3_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3552be69dd74bdc56d2cf8c38ef7bafe269040fe":"f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa":"0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3552be69dd74bdc56d2cf8c38ef7bafe269040fe":"f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa":"0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f":0
RSASSA-PSS Signature Example 3_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"609143ff7240e55c062aba8b9e4426a781919bc9":"fcf9f0e1f199a3d1d0da681c5b8606fc642939f7":"02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"609143ff7240e55c062aba8b9e4426a781919bc9":"fcf9f0e1f199a3d1d0da681c5b8606fc642939f7":"02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af":0
RSASSA-PSS Signature Example 3_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0afd22f879a9cda7c584f4135f8f1c961db114c0":"986e7c43dbb671bd41b9a7f4b6afc80e805f2423":"0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0afd22f879a9cda7c584f4135f8f1c961db114c0":"986e7c43dbb671bd41b9a7f4b6afc80e805f2423":"0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c":0
RSASSA-PSS Signature Example 3_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"405dd56d395ef0f01b555c48f748cc32b210650b":"f8312d9c8eea13ec0a4c7b98120c87509087c478":"0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"405dd56d395ef0f01b555c48f748cc32b210650b":"f8312d9c8eea13ec0a4c7b98120c87509087c478":"0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8":0
RSASSA-PSS Signature Example 3_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"a2c313b0440c8a0c47233b87f0a160c61af3eae7":"50327efec6292f98019fc67a2a6638563e9b6e2d":"021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"a2c313b0440c8a0c47233b87f0a160c61af3eae7":"50327efec6292f98019fc67a2a6638563e9b6e2d":"021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83":0
RSASSA-PSS Signature Example 3_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1026:"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853":"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651":"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f1bf6ca7b4bbdbb6bf20a4bf55728725d177154a":"b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3":"012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 3_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1026:"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f1bf6ca7b4bbdbb6bf20a4bf55728725d177154a":"b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3":"012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce":0
RSASSA-PSS Signature Example 4_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd":"ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d":"0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd":"ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d":"0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948":0
RSASSA-PSS Signature Example 4_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"04a10944bfe11ab801e77889f3fd3d7f4ff0b629":"22d71d54363a4217aa55113f059b3384e3e57e44":"049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"04a10944bfe11ab801e77889f3fd3d7f4ff0b629":"22d71d54363a4217aa55113f059b3384e3e57e44":"049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598":0
RSASSA-PSS Signature Example 4_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ba01243db223eb97fb86d746c3148adaaa0ca344":"4af870fbc6516012ca916c70ba862ac7e8243617":"03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ba01243db223eb97fb86d746c3148adaaa0ca344":"4af870fbc6516012ca916c70ba862ac7e8243617":"03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad":0
RSASSA-PSS Signature Example 4_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"934bb0d38d6836daec9de82a9648d4593da67cd2":"40d2e180fae1eac439c190b56c2c0e14ddf9a226":"0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"934bb0d38d6836daec9de82a9648d4593da67cd2":"40d2e180fae1eac439c190b56c2c0e14ddf9a226":"0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f":0
RSASSA-PSS Signature Example 4_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ec35d81abd1cceac425a935758b683465c8bd879":"2497dc2b4615dfae5a663d49ffd56bf7efc11304":"022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ec35d81abd1cceac425a935758b683465c8bd879":"2497dc2b4615dfae5a663d49ffd56bf7efc11304":"022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a":0
RSASSA-PSS Signature Example 4_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1027:"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995":"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1":"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"72ce251d17b04dd3970d6ff1fbe3624899e9e941":"a334db6faebf11081a04f87c2d621cdec7930b9b":"00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 4_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1027:"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"72ce251d17b04dd3970d6ff1fbe3624899e9e941":"a334db6faebf11081a04f87c2d621cdec7930b9b":"00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e":0
RSASSA-PSS Signature Example 5_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"d98b7061943510bc3dd9162f7169aabdbdcd0222":"081b233b43567750bd6e78f396a88b9f6a445151":"0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"d98b7061943510bc3dd9162f7169aabdbdcd0222":"081b233b43567750bd6e78f396a88b9f6a445151":"0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d":0
RSASSA-PSS Signature Example 5_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7ae8e699f754988f4fd645e463302e49a2552072":"bd0ce19549d0700120cbe51077dbbbb00a8d8b09":"08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7ae8e699f754988f4fd645e463302e49a2552072":"bd0ce19549d0700120cbe51077dbbbb00a8d8b09":"08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e":0
RSASSA-PSS Signature Example 5_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"8d46c7c05534c1ba2cc7624500d48a4531604bff":"815779a91b3a8bd049bf2aeb920142772222c9ca":"05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"8d46c7c05534c1ba2cc7624500d48a4531604bff":"815779a91b3a8bd049bf2aeb920142772222c9ca":"05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979":0
RSASSA-PSS Signature Example 5_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ee3de96783fd0a157c8b20bf5566124124dcfe65":"9aec4a7480d5bbc42920d7ca235db674989c9aac":"0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ee3de96783fd0a157c8b20bf5566124124dcfe65":"9aec4a7480d5bbc42920d7ca235db674989c9aac":"0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1":0
RSASSA-PSS Signature Example 5_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"1204df0b03c2724e2709c23fc71789a21b00ae4c":"e20c1e9878512c39970f58375e1549a68b64f31d":"0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"1204df0b03c2724e2709c23fc71789a21b00ae4c":"e20c1e9878512c39970f58375e1549a68b64f31d":"0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd":0
RSASSA-PSS Signature Example 5_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1028:"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f":"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839":"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"29926bc3280c841f601acd0d6f17ea38023eddbc":"23291e4a3307e8bbb776623ab34e4a5f4cc8a8db":"02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 5_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1028:"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"29926bc3280c841f601acd0d6f17ea38023eddbc":"23291e4a3307e8bbb776623ab34e4a5f4cc8a8db":"02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f":0
RSASSA-PSS Signature Example 6_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6":"5b4ea2ef629cc22f3b538e016904b47b1e40bfd5":"04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6":"5b4ea2ef629cc22f3b538e016904b47b1e40bfd5":"04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1":0
RSASSA-PSS Signature Example 6_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"92d0bcae82b641f578f040f5151be8eda6d42299":"83146a9e782722c28b014f98b4267bda2ac9504f":"0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"92d0bcae82b641f578f040f5151be8eda6d42299":"83146a9e782722c28b014f98b4267bda2ac9504f":"0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773":0
RSASSA-PSS Signature Example 6_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3569bd8fd2e28f2443375efa94f186f6911ffc2b":"a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8":"086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3569bd8fd2e28f2443375efa94f186f6911ffc2b":"a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8":"086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456":0
RSASSA-PSS Signature Example 6_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7abbb7b42de335730a0b641f1e314b6950b84f98":"a37932f8a7494a942d6f767438e724d6d0c0ef18":"0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7abbb7b42de335730a0b641f1e314b6950b84f98":"a37932f8a7494a942d6f767438e724d6d0c0ef18":"0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f":0
RSASSA-PSS Signature Example 6_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"55b7eb27be7a787a59eb7e5fac468db8917a7725":"7b790c1d62f7b84e94df6af28917cf571018110e":"02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"55b7eb27be7a787a59eb7e5fac468db8917a7725":"7b790c1d62f7b84e94df6af28917cf571018110e":"02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b":0
RSASSA-PSS Signature Example 6_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1029:"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543":"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b":"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"de2fa0367ef49083ff89b9905d3fd646fcc12c38":"fbbe059025b69b89fb14ae2289e7aaafe60c0fcd":"0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 6_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1029:"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"de2fa0367ef49083ff89b9905d3fd646fcc12c38":"fbbe059025b69b89fb14ae2289e7aaafe60c0fcd":"0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef":0
RSASSA-PSS Signature Example 7_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d":"b7867a59958cb54328f8775e6546ec06d27eaa50":"187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d":"b7867a59958cb54328f8775e6546ec06d27eaa50":"187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823":0
RSASSA-PSS Signature Example 7_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"402140dc605b2f5c5ec0d15bce9f9ba8857fe117":"0c09582266df086310821ba7e18df64dfee6de09":"10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"402140dc605b2f5c5ec0d15bce9f9ba8857fe117":"0c09582266df086310821ba7e18df64dfee6de09":"10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8":0
RSASSA-PSS Signature Example 7_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20":"28039dcfe106d3b8296611258c4a56651c9e92dd":"2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20":"28039dcfe106d3b8296611258c4a56651c9e92dd":"2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1":0
RSASSA-PSS Signature Example 7_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"1fc2201d0c442a4736cd8b2cd00c959c47a3bf42":"a77821ebbbef24628e4e12e1d0ea96de398f7b0f":"32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"1fc2201d0c442a4736cd8b2cd00c959c47a3bf42":"a77821ebbbef24628e4e12e1d0ea96de398f7b0f":"32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19":0
RSASSA-PSS Signature Example 7_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e4351b66819e5a31501f89acc7faf57030e9aac5":"9d5ad8eb452134b65dc3a98b6a73b5f741609cd6":"07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"e4351b66819e5a31501f89acc7faf57030e9aac5":"9d5ad8eb452134b65dc3a98b6a73b5f741609cd6":"07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1":0
RSASSA-PSS Signature Example 7_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1030:"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535":"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547":"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"49f6cc58365e514e1a3f301f4de16f9fb5347ff2":"3f2efc595880a7d47fcf3cba04983ea54c4b73fb":"18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 7_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1030:"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"49f6cc58365e514e1a3f301f4de16f9fb5347ff2":"3f2efc595880a7d47fcf3cba04983ea54c4b73fb":"18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33":0
RSASSA-PSS Signature Example 8_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"a1dd230d8ead860199b6277c2ecfe3d95f6d9160":"1d65491d79c864b373009be6f6f2467bac4c78fa":"0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"a1dd230d8ead860199b6277c2ecfe3d95f6d9160":"1d65491d79c864b373009be6f6f2467bac4c78fa":"0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5":0
RSASSA-PSS Signature Example 8_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f6e68e53c602c5c65fa67b5aa6d786e5524b12ab":"435c098aa9909eb2377f1248b091b68987ff1838":"2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"f6e68e53c602c5c65fa67b5aa6d786e5524b12ab":"435c098aa9909eb2377f1248b091b68987ff1838":"2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e":0
RSASSA-PSS Signature Example 8_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"d6f9fcd3ae27f32bb2c7c93536782eba52af1f76":"c6ebbe76df0c4aea32c474175b2f136862d04529":"2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"d6f9fcd3ae27f32bb2c7c93536782eba52af1f76":"c6ebbe76df0c4aea32c474175b2f136862d04529":"2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96":0
RSASSA-PSS Signature Example 8_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7ff2a53ce2e2d900d468e498f230a5f5dd0020de":"021fdcc6ebb5e19b1cb16e9c67f27681657fe20a":"1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"7ff2a53ce2e2d900d468e498f230a5f5dd0020de":"021fdcc6ebb5e19b1cb16e9c67f27681657fe20a":"1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7":0
RSASSA-PSS Signature Example 8_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"4eb309f7022ba0b03bb78601b12931ec7c1be8d3":"c558d7167cbb4508ada042971e71b1377eea4269":"33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"4eb309f7022ba0b03bb78601b12931ec7c1be8d3":"c558d7167cbb4508ada042971e71b1377eea4269":"33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee":0
RSASSA-PSS Signature Example 8_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1031:"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb":"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d":"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"65033bc2f67d6aba7d526acb873b8d9241e5e4d9":"76fd4e64fdc98eb927a0403e35a084e76ba9f92a":"1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 8_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1031:"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"65033bc2f67d6aba7d526acb873b8d9241e5e4d9":"76fd4e64fdc98eb927a0403e35a084e76ba9f92a":"1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e":0
RSASSA-PSS Signature Example 9_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"2715a49b8b0012cd7aee84c116446e6dfe3faec0":"c0a425313df8d7564bd2434d311523d5257eed80":"586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"2715a49b8b0012cd7aee84c116446e6dfe3faec0":"c0a425313df8d7564bd2434d311523d5257eed80":"586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e":0
RSASSA-PSS Signature Example 9_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"2dac956d53964748ac364d06595827c6b4f143cd":"b307c43b4850a8dac2f15f32e37839ef8c5c0e91":"80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"2dac956d53964748ac364d06595827c6b4f143cd":"b307c43b4850a8dac2f15f32e37839ef8c5c0e91":"80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958":0
RSASSA-PSS Signature Example 9_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"28d98c46cccafbd3bc04e72f967a54bd3ea12298":"9a2b007e80978bbb192c354eb7da9aedfc74dbf5":"484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"28d98c46cccafbd3bc04e72f967a54bd3ea12298":"9a2b007e80978bbb192c354eb7da9aedfc74dbf5":"484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca":0
RSASSA-PSS Signature Example 9_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0866d2ff5a79f25ef668cd6f31b42dee421e4c0e":"70f382bddf4d5d2dd88b3bc7b7308be632b84045":"84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"0866d2ff5a79f25ef668cd6f31b42dee421e4c0e":"70f382bddf4d5d2dd88b3bc7b7308be632b84045":"84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e":0
RSASSA-PSS Signature Example 9_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"6a5b4be4cd36cc97dfde9995efbf8f097a4a991a":"d689257a86effa68212c5e0c619eca295fb91b67":"82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"6a5b4be4cd36cc97dfde9995efbf8f097a4a991a":"d689257a86effa68212c5e0c619eca295fb91b67":"82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c":0
RSASSA-PSS Signature Example 9_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367":"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d":"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"b9dfd1df76a461c51e6576c6c8ed0a923d1c50e7":"c25f13bf67d081671a0481a1f1820d613bba2276":"a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 9_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1536:"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"b9dfd1df76a461c51e6576c6c8ed0a923d1c50e7":"c25f13bf67d081671a0481a1f1820d613bba2276":"a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f":0
RSASSA-PSS Signature Example 10_1
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"9596bb630cf6a8d4ea4600422b9eba8b13675dd4":"04e215ee6ff934b9da70d7730c8734abfcecde89":"82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_1 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"9596bb630cf6a8d4ea4600422b9eba8b13675dd4":"04e215ee6ff934b9da70d7730c8734abfcecde89":"82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666":0
RSASSA-PSS Signature Example 10_2
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"b503319399277fd6c1c8f1033cbf04199ea21716":"8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b":"14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_2 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"b503319399277fd6c1c8f1033cbf04199ea21716":"8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b":"14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3":0
RSASSA-PSS Signature Example 10_3
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"50aaede8536b2c307208b275a67ae2df196c7628":"4e96fc1b398f92b44671010c0dc3efd6e20c2d73":"6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_3 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"50aaede8536b2c307208b275a67ae2df196c7628":"4e96fc1b398f92b44671010c0dc3efd6e20c2d73":"6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb":0
RSASSA-PSS Signature Example 10_4
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"aa0b72b8b371ddd10c8ae474425ccccf8842a294":"c7cd698d84b65128d8835e3a8b1eb0e01cb541ec":"34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_4 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"aa0b72b8b371ddd10c8ae474425ccccf8842a294":"c7cd698d84b65128d8835e3a8b1eb0e01cb541ec":"34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb":0
RSASSA-PSS Signature Example 10_5
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"fad3902c9750622a2bc672622c48270cc57d3ea8":"efa8bff96212b2f4a3f371a10d574152655f5dfb":"7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_5 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"fad3902c9750622a2bc672622c48270cc57d3ea8":"efa8bff96212b2f4a3f371a10d574152655f5dfb":"7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc":0
RSASSA-PSS Signature Example 10_6
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb":"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf":"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"122196deb5d122bd8c6fc781ff6924d7c695aade":"ad8b1523703646224b660b550885917ca2d1df28":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":MBEDTLS_RSA_SALT_LEN_ANY:0
RSASSA-PSS Signature Example 10_6 (verify)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"122196deb5d122bd8c6fc781ff6924d7c695aade":"ad8b1523703646224b660b550885917ca2d1df28":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #1 (OK)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #2 (ctx_hash none)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_NONE:MBEDTLS_MD_SHA1:20:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #3 (ctx_hash diverging)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":MBEDTLS_ERR_RSA_INVALID_PADDING:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #4 (mgf1_hash diverging)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0:MBEDTLS_ERR_RSA_INVALID_PADDING
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #5 (wrong msg_hash)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:"6a38f6327be8fb5334639c621937dd95958cc3e07da6ba29dd6a7bbd94c1e4bc":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":MBEDTLS_ERR_RSA_VERIFY_FAILED:MBEDTLS_ERR_RSA_VERIFY_FAILED
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #6 (wrong expected_salt_len)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:21:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0:MBEDTLS_ERR_RSA_INVALID_PADDING
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #7 (wrong expected_salt_len)
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:2048:"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05":"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:19:"122196deb5d122bd8c6fc781ff6924d7c695aade":"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f":0:MBEDTLS_ERR_RSA_INVALID_PADDING
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #8 (non-default salt_len: max)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:94:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #9 (non-default salt_len: 0)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #10 (non-default salt_len: 0, ANY)
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #11 (MGF1 alg != MSG hash alg)
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #12 (MGF1 alg != MSG hash alg, ctx wrong)
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":MBEDTLS_ERR_RSA_INVALID_PADDING:0
2014-06-03 11:44:06 +02:00
RSASSA-PSS Signature verify options #13 (MGF1 alg != MSG hash alg, arg wrong)
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:MBEDTLS_ERR_RSA_INVALID_PADDING
2014-06-03 11:44:06 +02:00
RSASSA-PSS verify ext, 512-bit key, empty salt, good signature
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:512:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":0:0
RSASSA-PSS verify ext, 512-bit key, empty salt, bad signature
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:512:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf247":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
RSASSA-PSS verify ext, 522-bit key, SHA-512, empty salt, good signature
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:522:"02d302753e3dda28f42f4d9f92c8647420ea6fbc97c10f8498b966a953f357698d6581060dfe32c8ab98db4bc5ce2acdf0c1e6e404a75a13282550c1aa37d3cdc8bf":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"016752ae0b5dfbade6bbd3dd37868d48c8d741f92dca41c360aeda553204c2212a117b1a3d77e0d3f48723503c46e16c8a64de00f1dee3e37e478417452630859486":0:0
RSASSA-PSS verify ext, 522-bit key, SHA-512, saltlen=64, good signature with saltlen=0
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:522:"02d302753e3dda28f42f4d9f92c8647420ea6fbc97c10f8498b966a953f357698d6581060dfe32c8ab98db4bc5ce2acdf0c1e6e404a75a13282550c1aa37d3cdc8bf":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"016752ae0b5dfbade6bbd3dd37868d48c8d741f92dca41c360aeda553204c2212a117b1a3d77e0d3f48723503c46e16c8a64de00f1dee3e37e478417452630859486":0:MBEDTLS_ERR_RSA_INVALID_PADDING
RSASSA-PSS verify ext, 528-bit key, SHA-512, empty salt, good signature
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:528:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:0
RSASSA-PSS verify ext, 528-bit key, SHA-512, saltlen=64, good signature with saltlen=0
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:528:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:MBEDTLS_ERR_RSA_INVALID_PADDING
RSASSA-PSS verify ext, 512-bit key, SHA-512 (hash too large)
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:512:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:521:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, good signature
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:521:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd":"009c4941157fa36288e467310b198ab0c615c40963d611ffeef03000549ded809235955ecc57adba44782e9497c004f480ba2b3d58db8335fe0b391075c02c843a6d":0:0
RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, flipped-highest-bit signature
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify_ext:521:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd":"00e11a2403df681c44a1f73f014b6c9ad17847d0b673f7c2a801cee208d10ab5792c10cd0cd495a4b331aaa521409fca7cb1b0d978b3a84cd67e28078b98753e9466":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS verify ext, all-zero padding, automatic salt length
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:512:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Signature RSA-1024, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"00e8f95a716c127d5147dcc241a7c1fe8d5487b3e8b6e95e48a83334d21d00c79ad0a90e29941c0c53065b20059de95e9e406061416f7ac12edca1983b9ee28cc3":"00d72348b297e7e5dc4329f6ab874b17982584e0ab43174070a9be983c0f040320d6f893c40d2717cb3044380cb3230b7133621eb1c55a3ea56d0e7cee694b5df3":"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":MBEDTLS_RSA_SALT_LEN_ANY:0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Verification RSA-1024, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1022:"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Signature RSA-1032, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1032:"0dfaedb709ada2105223e5e7764a5f31d07ae7a37bdc7b4a56c2499e1173147bcdcb165b8fb01a2528190cb6874656a936491898fca330db8af5a9ed5417268ed7":"0c339c56797a90c641292560d0ef675f71ac2c99fcaba6260c38e4f167dfd179eb7a9e255f9bdbc549e4181f9a2a19b1f30a80b292d5ef1ad75b9e658eaa6fb0bb":"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":MBEDTLS_RSA_SALT_LEN_ANY:0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Verification RSA-1032, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1032:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Verification of OpenSSL-generated signature RSA-1032, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1032:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"1de40b1c452691dfd8ceb42ecf5f0cbda944d871141b4407c1e30a6657c58c2e496b2a3ad10e025d45ca9606d25602ac1de04af8e0d24aa06e57ec3fea5c961ecf1e0a4e442fda0cdaba42469288cde5d7d0c223facceaf4c7caabe93505acd5664c9b4fae64272af4d5b74326a01724a25fabdb10b177821d2273650a84426dbd":0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Signature RSA-1040, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1040:"00fc7f4b490b4d3ef729db23fb5afbb5f2fc620a472342d8b8ff310cfdc124be76dc22ab6f4be35a38ddd31f24d7f64d310f67ab3a375e83f4e0559e4cb5dc43e875":"00d51e8680ab71dc01e1a8a68a298636bb1658cfab8d73ce528a62697722d485ab90cdafc5e27768b761839ff93420458ae55f15a69465dbc0c7b524dc9a385ff925":"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":MBEDTLS_RSA_SALT_LEN_ANY:0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Verification RSA-1040, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1040:"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Signature RSA-1048, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1048:"0f39b79809516becc2e3481b6b47584aa2299bd2027ab8a303b9de5b0adcb4a5d38e38edb8c1fac3ea1dbd7e1d50b84323e362cff4df3f5a5182dafa9bb9217a73d7":"0d18164f8bd0d58d019998c8cb17c4c0354e62b8a9462acca30816894f982c2ae114e73993e30698930437b4eec44adec24d32ccbcbae7cc4c9f8911b1eb2100685b":"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":MBEDTLS_RSA_SALT_LEN_ANY:0
rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY-----
2018-09-07 16:19:33 +02:00
RSASSA-PSS Verification RSA-1048, SHA-512
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_verify:1048:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0
RSASSA-PSS Signature RSA-1024, SHA-224, Salt Length 20
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"1698b7da13806451366b9658e44e2c7dc15dc96c588c720c4d5f454c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"53d859c9f10abf1c00284a4b55bf2bd84d8e313b4f3c35b8dec7bc3afe39b9b8a155418ead1931895769ce2340be2091f2385bbcf10d9e92bcf5d0e2960d10e792e7d865c64e50d19ffa13e52817d7d8d8db34392c2374a2e9b69184f92a4ad9b1b8bae99ca614d204b65a438e38dbbfc8c7cc44ed5677af70ce6c4f951f0244":20:0
RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length 20
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7b1d37278e549898d4084e2210c4a9961edfe7b5963550cca1904248c8681513539017820f0e9bd074b9f8a067b9fefff7f1fa20bf2d0c75015ff020b2210cc7f79034fedf68e8d44a007abf4dd82c26e8b00393723aea15abfbc22941c8cf79481718c008da713fb8f54cb3fca890bde1137314334b9b0a18515bfa48e5ccd0":20:0
RSASSA-PSS Signature RSA-1024, SHA-384, Salt Length 20
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"8e75cb3239b2b4ebf15bf74e8017340305c99d2fc1a97384257bf91cae15d57c80d7f78a487c3e16a5d1cf894da90fcb":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8f16c807bef3ed6f74ee7ff5c360a5428c6c2f105178b58ff7d073e566dad6e7718d3129c768cd5a9666de2b6c947177b45709dc7cd0f43b0ba6fc75578e1196acc15ca3afe4a78c144cb6885c1cc815f7f98925bc04ad2ff20fc1068b045d9450e2a1dcf5a161ceabba2b0b66c7354fdb80fa1d729e5f976387f24a697a7e56":20:0
RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length 20
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"a833ba31634f8773e4fe6ea0c69e1a23766a939d34b32fc78b774b22e46a646c25e6e1062d234ed48b1aba0f830529ff6afc296cc8dc207bbc15391623beac5f6c3db557ca49d0e42c962de95b5ff548cff970f5c73f439cfe82d3907be60240f56b6a4259cc96dfd8fe02a0bfa26e0223f68214428fff0ae40162198cc5cbd1":20:0
RSASSA-PSS Signature RSA-1536, SHA-224, Salt Length 20
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"5c69f2cc59e63b6f9ee0c954d2b7db7e4d63b7e2347f8791f1353d31":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"1d85cec0da1a74825ab796480c6e1235808387106ac1411d68f313246c65040111d74a9a45ebae10ac7686fddf4a340c4f9d24685d708bbf7b0ab4563794f5f90e0405b5d7d56c998e996b8bde2b022ae45fecf29a21836fcf362042e77e13cbf67b8a4da3f1e378dfcab2143aa8b9a145c2ee7d593e31626baa47fe623a3c3f859bb63e9336e11c5ff398a6597623318e098230b09e553ba0a4257692a0bc0a1ce1c17b2d541b52d134627229c141d351c16f1bdfe33384a9e163ecaa13e2fa":20:0
RSASSA-PSS Signature RSA-1536, SHA-256, Salt Length 20
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"f19c43966938402a6e5145088e65ea888f3792373983d359a7e864864bc25e3c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8eb2ba2367b8f0b36b566c938b4d9948b4a0a87dd1c8300a160ec024ad0fa37174d1bba2ae6ee8c7fdbb4d172ac9615f1428599030a33515e2925a268b87c867242ccddcce6c9c03045eccbfee5eeb6e0ce2d89a9c51f40c1732927a6c7d283627dd87eca27270b117e658a3cc9d2ca7da46a76097213a7f3e2a58d7c9d306e796eee94809042bc6768d6cca4e003a40529bffa267914a232f315ddedd2768c60877bdcb05c8f2026179713084a0daf8b494959c347fb65a4414034d21c7a750":20:0
RSASSA-PSS Signature RSA-1536, SHA-384, Salt Length 20
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1412b9f046aeba0a7c63e744a4f30a3656d41300726e66d8825a1043f08285b7e6e250efcc9a0405c6da019d042a7e14":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9fa4e64bab336017e19015ee7ea1e267bf426633fb2ac5f4d65bc754aba17f7a9f0f1ee2bf0a3b9f2dd354ed8eba596f5ca3e26495ef268658bd247474d3524b11a2953f591f8abb14ef4bcd44dadc36a41f9daef1bf88b7e441160278c8a39945524557b84ce5cdcb79eecbad63658e8470d8dc94b44aad1f04b05400ea04e5f959dd18f6f718311f6dfec98a7e1aaa7ba11771f61448b12d7901a2530e830dccc531fd0dbe222215b3f7b9dafa5fc20d5af15ab312b621d71b2106150a801b":20:0
RSASSA-PSS Signature RSA-1536, SHA-512, Salt Length 20
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"9a89e38ce0fe8b008f58c3c07621fcf18e76ca5d304f17fbb52d82d8368425ec305e20b70b839fcad3511a194e99e907e3f0e2a801c0b9cd4497c4a0bdf1ea49":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"32e688063ea24ccb2ca998fb7091877c103ce6576b11a175bc896af454042a5731b91c1c58b4d8e38f0619f6ddc8ced6b5397545f9571a4c90767593d11c00b75eb58a0ae4932265f0ab1790be2c83dff65357a301b3b3e2ee2e3683afe0b4b35ee8b6e58a96b4009c98d8faba75f86ffb548f0501884f3528d8eabad353e28d0132c4c01fa3af5dec922f02eff22020481615e4cd35b9eccfd711cb3b0d65af95c0637d79aaa2433f2854de3560adb284248bac8cbd4717317011a5159c93ed":20:0
RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 20
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"b777a83dd25a4fa36a5ea663aa16403c67368e4711e8c121b01f83ac":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"cd1fe0acb89969ae139c178bfef1cc982993521b3a020ec847c89c0cc6c869d970f43f018d495b9e991457e7501a344c33c376fd2efcf05ad6eb2bd0b3c0e7cc3c88a4124398ca16585490a0817a36149cc82cdc01b20e9026261215dd06f9db4e13613c6a569c2187a0e00bc63c281149433ac7f061bd218e79f8eca9dd9c93ebc3cc013bf27aa0bf286e124593e76d3c7012f97ae1d0c4bf5823cf17fe76d505a54cef174add58ae616f47de825049e9916bf2ab7de4d443745763b0c314cfae3a6e57ad475cc5fae47cddcad7b526c2154a15f9ee8eab02f4c36f7a41d7a19b23c5996b627270ceb2c0dbed1a6b6dd2ff94868e073cb7b1a1fa3429e487ae":20:0
RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length 20
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6375755eff8d48afb3263b3b96988a2afd181ba061793ea009783bb1599d03944d987620a2668ac9714d6f2a21f7e5200d63923f42cb32e63301c8de58c70a203910640da967d03f4f6292f6cb199759822790c0c5bcfb1d4faa59465c3db2ea1fffd5e543335632b74745bf1e18473c0a8b4a89def6b27edf0d7d735ee13f887041c9d8a91e62186a9a1e0b1afb48e577f6887ca61b7c1bb26b4a8e2cc464a9af03444b3da5bed08b73f1262bd3d61f4c78f49fac6a3bfc9e8548b4bbe64cce6a6090fc480efd1f36c18c10bc09be9d957a79f707a10577a1bf6e9e2d4849693fa58d8877c8f1e55181955d6c2b94b1d6d9401b5fb80cc32b358934fec2aedb":20:0
RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 20
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"41f2bf25c2544062c78b59886eea442c884e4b9bb87f643abcb4d5c1c661a0fb0dd592107f6173438c34f67ec9f6c97a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"b43d87deefa7df127a717f4065f831c58cd84bf78c916ba52ed32769abd541df52233b8583507c539b1d51e0437ab1a41e17fc1599b92aabdb5b040dc79027c60c9cc3ed3de36aeea28f20360635be5bf654d6c1b7fe6da77d0c45b9ea2802ad22eba182cbed95d33da7f78ac844f4891cebc0396caa2f8daaf55254fdafe98b5fe6c4dd3967d23ea99497060820e108e818cd0aa94e65770bde892c62233b96d87fe545162d6ba077f110274bddacb2a7cbf17d437bfe004b34c3ea24fb46e5ed9cce4de96b0694efd73832ec76e19e5a25c49c5843393ce6b919ea35e4d264e0a0855f518a63c008c183798ca612cd8f75688a09210413e0a23cafcf2d4158":20:0
RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 20
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"7641739d2f4fc0eba07e212218af4d77e78ae3a225ef253a7ec96215a1197e681a93fd534288cda156f216d21f02b2dc60b49c41874c26c0a2be0aca13babc53":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2cdb0d5ea5f0aad1f7af8108bff56eec5c0dcd0522c5dc6ae4c6e0f66821cdf698ccfeace65fd6e47f95febd879e580e5ee648972cc265f9a117fc720db4f2545a432eae24a367b0aaa70a011ac8fdec94a95c3cd48cfa7102de8dc26c877e974688b3919de6cf06e27028995ac85da88cb3851a5761e17f215e5c593e13e481088c7d747ecb34d3ce61a5b56eb2a65be5363363294eb365f83c4c709644d857e2ccb14a5851724420fc81178144ef3f9e1138b5750eb7196eba3319d799c3494a7e399115a62b1ca4f1d5da079b495d35fd651a1de78d54000b06bdd3122d7404013f2ed8fdf8a7d012f9812b8e4c2e0b24192d5f899d70a3cc5c7e08c81be7":20:0
RSASSA-PSS Signature RSA-3072, SHA-224, Salt Length 20
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"f145387c7a70e478968e238037e8d561b1665e0e15ac547ed4a72ea1":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7171c74df24272dfe6b34db78f24507a68062bd791f68796d5001be354de6fddab81e9252e151884f4cc1f3cd3e7760e263c0c34e63c557eb32c8336e0cef40855c5e279dbba3170da5a14ac60e4cc8d402633a383b88709f3306fb02708e39f3039e7e614edcb89609c8c71137de5211659a41e9e5682cfe0463f3bc97558d3bf77bd798976f09db69153123923835ac9bbd7648c2773e38b5228640fde6df005e9f44819eca31f41ccddbd45d61ae7e1ed0640f0736f52bf5fc1c62f5430de6a96d5aabccfcfef508ac299c7f3f0f7d222ef1f19b288273690b3275b68f874301afa95d243316284ed117bded69da11f5ce1435dd67717bae82ed468ff1b6ac7f2483397d310ffe91775189f671a82b493039d8c233830d20e290bc9be880a47f0b36bf2e1da2c1f23dafeb9f42d9f084feb808a98e894e8501937ba932594a6d202e20a0afddcef8fa48c1682d3179edebf8ea44ea1216a2f55c305cdf487249010909fa8a21d9ba9e3dbbeec046a823922390b7d902d77ec176bb447b05d":20:0
RSASSA-PSS Signature RSA-3072, SHA-256, Salt Length 20
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"14ea4dca3559976c7d8943a51d69c1322c7860d496f742b9c0c2d03ce629613b":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3a0622ddff5a0c1f5b545d684054e46211786a2e40627e0cb6795ea0d176f3c97e6536fb64c5eca7b28b7ac52e48e3d50b916d2fccb87d70cd8eda7c15c2308734254716e5b400592cc2e5e033ba27866cb14fefbdcbc35d5d85d4eee8ba6bc2da995e8ebcc27d50c48aa988bf45fde27311a9e2ec029d0fa6fa6d3efea460fc1a90e443d807d209a4c06bf3022d529ab2e4a877325fcccb3f86ac16200ab95628bf0c1c8c70f6fe1a9f288bbc0162a392f40ad1109cdbbaf03d9b2d514a60983874350be9aef886c3c481a66325f137aecb4c82a8a73046dbc1dd8598ffbdb828a3d638f9dd8139a768dcd8d30d79740ef345c1644d03e6fb86a46367f6d82a7a819057ae490e1b100b5842ed385845f379101e37ce604531c61de423df66200d45b7229662fd0ec3572593b09a5213ec14c1d7b2338ca9c763c0d18946f04eaaf57ea2ebc79e093f2fd4c64cb1c1a7f0e888dc2d87a15eb769f56dc180cfe1597cc3e4e1811d4e27852fa188c8fec4fc917d4724d33ce5f3211895cf7e8b8c":20:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 20
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3f90aeabfa9a5f00e241f3f65dfe61baf67c1356353042c3566edacb11c7649737e5adf94cfb05f2619aecc8895db45190fbdf35dab01144e207b6f0923927a6148d3f16eaad05e73bccb562dc087e2d82db3dce130a83e8303bd7c3447b3ae4d3700d4763ba6981d82618ac82a6e66423f294781a59b20cc978c79e2d5c103bfb9d47119294c3c85b1d3c45a36897d42e183514cc8edbbfa1be9ef17b78280b5b6214dad79d60db057f22506515b6843ce7d4dd6bd861a889b36164c325147baeed714d7a3f55ae51ef6e6d4ae9e862d677caba1a2df369c23d3ffe33dd42fe707e1fd8ba6283aaa0b570353b48a8e39ff72a09f700e024150ce87c044a3ec745b212ae81aa5743b981a8bb95deb6b3e15c2487f7900178d5840f8e794662706dcdb19bc0bdd56cb7fdf0e21d10b03adac41b749f31bd3e7c4d07d5d4ec8e79d424812b6e83f1c7b59779e58029f9b07da3e77795fcff6ae8bb098b1c00d1d2a5bc0cb005ef3d8aab63ddd883d38bacdc64307e911c6e51946744f361fe978d":20:0
RSASSA-PSS Signature RSA-3072, SHA-512, Salt Length 20
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c57911bf353ef106479bd0ac85a4f70b6d3298f8e5882c5d0bfb28cb6f27129ae53b4fab702ccd3d5457d5fd662d29f34b445e60fc5da3c0c943cee17b81e255":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"607b7731ecb232f9b8e9ea03be28cc1e948acc3ec12a1222ba0f63935440c3effeaf460d7066d260d174d0ed18a9193550000c2fa0119712fb1ab1e27b4e6f5f84be9b63a1ede17a01174060e2d9e46121cc5d10515a342a26649539341eb1b44b82e346a0102e7ca45be3149b5f1444bd7fdf43da441c59deb37da9a223bcd7a8244237bb5404ea532eb470e80891c0fe9403d12734100284e99cfd96de2ab4058529d91bf348c6cbdb7fcfeea3f9925e93efd6adb3ef6946008738f4577a49c42ac0203a2d982fd77cb421ae030b81b97dd04490605179626903471cf68835dd5e4ac41acfe54e048878df89db9c2de5f1e822266c325e0be0991c7f18cd3de4b2110e14f56100e45f8ba19edf917150c2074f379293f73cb587ff77ad63e4cbec9eeaed77ca90261b2813ae8e6533b09b223a68abe2beeec888088ff91fea5c63de3b55238aef018c368f98651572bc7b8cf3d14c15b24bb5534ae07a6c4c9d5ecd0b86961b550859036ba6fa8e50d06228d89bcc943581b26e302795d1e3":20:0
RSASSA-PSS Signature RSA-4096, SHA-224, Salt Length 20
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"bb21ead0163de468ab3580ab57c7959cc1db437d6f2f47a878dc19bc":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3742d8a9627e2e10145c31a3548977f87f8019b1d9093c42f806c8df5ef7fad8330e2a05846c346cb64d9e8af2cd3806eb0df40cd097b3f8841525786ed53746498aa565f8945cf55e24944e8e3d86eb219f65c3385e1e7d45fe3a403773f3057bf22839d5903cd64c95a417c00b429ee068f0fe8ec17305a122979cabee8c3ad31b597da7c71fa1db3da842f7f7048f4396e1768197ccd84c5d9a0450d66f0bc88da7605cc8cdfe52bce60793704dafea504349ff14c481bea73dd761c848387d12f2d1b9227a959fec8b9eef0e9780cb6a427af946597d7e6059a07d50e878d7ae14eed8b571ac88e1c5d1a00d16c0de1c5148ec5781036676c6355e0cbca06346eebaf6c7de938cedd47a244f908ba1189bfbd97bd2667e8eba95e007a64b165dbfc4bf35878cd606732fd469f922ec141e5bc6a7d5c1875233cff612d336c28466c271764ef94e9c07e701923f1f68f39e2f003487dbe41d5505862eb4e90402e50f7b3cb918ef3eff893d0f00b203e2a511cfea4ca54c043ed0598d022c947cad5129fc47f5e79db97a0eea5afd7bb801a367a7bb8d929de1c12a54865e1e183ed926bb8da9d454c7a52b30cfcfe9ed3479799276f4a65b30f430e61fcf520e46e4eb9bea59ba064e7c9c72c9b58bf4ff633897d3ea46d989cec31ce4fc32e46e5a3d1805c35a30b387fb77afe20dba19be37252e40b252d346b69d3cf2":20:0
RSASSA-PSS Signature RSA-4096, SHA-256, Salt Length 20
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"480aa96e4b3a710d9924a84998e46b7246e26671e7d11efa6c6ec34919eac963":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2e512f73d198e623afe019bd4cea9192ff8b24ab555099d31bd52d705fc808229a269bf749c8061a3dc7ffae9ef7c6bdcd8c34910f92f0a0fcd6d73017ca3388ca5e99a1735e005ff5d5eade3ec0ea0c2436f0e78b197c2d999ba4351b9e37a09195504b63a42762bea22d307a0328fc9c80acdc28fc8f4050e25fbd5890233028f97ea3a2669ff4d5f4232c1e48571499af28ed6f5a92e7936de39d913e12c5cef51e25f90a1e903f3f60a6a9cddbc56564b146aca6af6236b899c2cb7223a6941f0beaa3aa787b2333e4f3e66b334b99b90825153ebd0095f27691880f44e4e77135f26df376e261adfe0d8354cfa15b49138d624d9f62a9751221ee0598097891c9864ad3651e89723bc9ec6086f571e199619ceb6720ab5a4998254cb807dce75a5a5203d38a9f5d56adee4239ff50cefe3e927eba91de7e1f8e1ae8b0505c077788372af7d8ef00735cc531fd46dbe86702ac49171f0a921f4626442ae960e972a5594ee3bcbfbf687cd96ed300aa9df1b9487607b5bae0f1abecbc1d2291fe93b9f8a091ffac8469b0f00ba561f0628f5e004ed1fd8713650e147c4b2cab7f4d69a4ad57b145c1e5e4c1412e86fbbda5a6096f66293203207e35098bf94dafff75ed094d10e6034cd22179d94655004fa4bf4de774807b6f5cd27d90255468cf01db7b6f82607df597f72d1f9c9c91d17740a14a4816ae65e63fde480d":20:0
RSASSA-PSS Signature RSA-4096, SHA-384, Salt Length 20
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"c6e4881e3f76394a6d8cfb1786e1757f78d66cf048ba1a8aaaa28be02430097e30d92e459257f8f571c6389d1d94b0d5":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"364ad106da2cec6ce94e141e16af855f6d6e31ac6d7bdb2649695645a3d7f176a9b55f60b861776d49077dcfda4db42bb584767606f90de7289e71f188ff139b138bbd24f7a7f50192a137f2c648e19fe78a836bd2a01d31b248857cd29dbf3d1251c2d4cb339f2ff78add26304fbc3e44f8a2f04b47dc754b984169fba4a091d70f956074880c709ee849a05f8f2dcffee09b221078e98b6e28a965a2d44fcde72c6b27ff0a3def818d80aaba17915d37ad1d72755548310062e73da15a8d2544b311060b404683c00394666dc3a890f60ec9d85b2d0fca8a76fc96c4cfd0e3c4a83594957bac42866c395f8feab3b40c9bc9a675f47a1cd62fc43ebe0fff2bbd239130bbbe5257c5c3756044eb2190db7a309cddc4ef410e9abccd0f93158e0edfab2f0a50e80d814a428f61c531b2b747e64feb41523c5802a53c374f35df21abe67a877d062f56a001b47ee6ab571b0bbe7141e0b49cfdc97a15dc19138863d140cc772074c12b3d751985b7852fe76932be1f44a165f4fe58a341d28c3f86924defab4cf2458ba4cc3fb92558511ceee6d91c672b24b8727b867132bf6b8d7af714ab668f06f046448c1e854ae98e59cf21f2b7370c9378ee0eb34b031f9f4795057557773af0f7fc18ddeec7e95c2ccdd5f66ed224d08fbdfb37995e87f4df9691e499d77afaa8d5b93f3275c43f69edbe37672cf192f94509df0a4e9b":20:0
RSASSA-PSS Signature RSA-4096, SHA-512, Salt Length 20
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"ebbca26fb18da6226cc47dea14c57d9f3c935cb449462cc9446689577031ebc915fdd09cdb79d4703a53eb5dd447852f3bc72f974487ffb998cbe996d206c80c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6edfb6bfb20da2621e7ca0b8e13bfc3801d8bcb43ef3822be960b96a67d3e8afbbe2ef22e206b328ce99dd8f9758052d42a8ee93e16d8e160a50687e8ffce72d258610064ebde4c4cc2ab96c8e516ec2c1eed816c8e6ac537a0570c9eff81a38147bcd8f4747390676f9d755f613687ac59dbac14f69ca6e56a26727699fa11c200eb77339ead56fc6883acf9b92c6deb6f4d79f82ccdc493fedc6165f78c174adcf32941eeb237a4ae369dbbafb4553c98e413823f6f46da0d47d47a164b792aaf1324a8be4f01601bceb809f8c08f3458b1de2c6378cf93fb293212f6bd4a7b1fd1bfa14a1af29575a5ecc4281420179758e96b4465ec07f6cce4e5e5c2307d531e400e494725eb7dceb1d8dac1000d92f62f319534063c01aec9c6ec0c7675351f2883e462b0454db364f03700d6593c9be195fbea5800ebb81578c765409ac2c37f78fabe8783c5d324fa4dfabe4f192866e34037901615304237f08028a75f00a3904bea03219ef9dbfeb48d10ec59d481eb0429cfc9ae835cc578377e61023d5ceedfd3d0a05aceddb274c13782dda9299d6197519e14791208f8d86d63e0ab7fb42a1e14f8f37f49732e23d4b7d4f07cd0bc828649a12748e8d70f53683580bca87290992a349730370bbed6ed743e705759734872c54ff03c1a97037a7b9ee3c8c42d12c3ebe0c1bf3b42854d04a9177d1a24000bd388fa289fd77d5":20:0
RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 15
depends_on:MBEDTLS_SHA224_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"3be4397c9467ec90f5d5640834f6e9febee4ce2477aa3f385cab9435":"463729b3eaf43502d9cff129925681":"7e628bcbe6ff83a937b8961197d8bdbb322818aa8bdf30cdfb67ca6bf025ef6f09a99dba4c3ee2807d0b7c77776cfeff33b68d7e3fa859c4688626b2441897d26e5d6b559dd72a596e7dad7def9278419db375f7c67cee0740394502212ebdd4a6c8d3af6ee2fd696d8523de6908492b7cbf2254f15a348956c19840dc15a3d732ef862b62ede022290de3af11ca5e79a3392fff06f75aca8c88a2de1858b35a216d8f73fd70e9d67958ed39a6f8976fb94ec6e61f238a52f9d42241e8354f89e3ece94d6fa5bfbba1eeb70e1698bff31a685fbe799fb44efe21338ed6eea2129155aabc0943bc9f69a8e58897db6a8abcc2879d5d0c5d3e6dc5eb48cf16dac8":15:0
RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 25
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1c389ed84b9f252bedde76a9a694986fa130906633047674c9a44e887f359e1cfc19d2d9a53a8fdfb2f826d813ca7a58":"b750587671afd76886e8ffb7865e78f706641b2e4251b48706":"2ca37a3d6abd28c1eaf9bde5e7ac17f1fa799ce1b4b899d19985c2ff7c8ba959fe54e5afb8bc4021a1f1c687eebb8cba800d1c51636b1f68dc3e48f63e2da6bc6d09c6668f68e508c5d8c19bef154759e2f89ade152717370a8944f537578296380d1fe6be809e8b113d2b9d89e6a46f5c333d4fd48770fc1ea1c548104575b84cf071042bfe5acf496392be8351a41c46a2cab0864c4c1c5b5e0c7b27e7b88c69f37ffa7e1a8cd98f343ac84a4ad67025a40ed8f664e9d630337de6e48bb2125e2552123609491f183afd92634487f0b2cf971f2626e88858879d45a29b0fefb66cd41b2e4e968385bd9fc8c7211976bc6bd3e1ad6df60856985a825f4726d2":25:0
RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 30
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"2f2d33aab9c36773ce676a4c61c1e50fbd4f40bcea18eb45f83e5ee9d693bdbb8cffce61a91e0b11ff88c49ce778dada0d367c7fb6205d26cee33b19aa85c969":"aa10fec3f83b7a97e092877a5bf9081283f502a0a46b50e395ab983a49ac":"5e0712bb363e5034ef6b23c119e3b498644445faab5a4c0b4e217e4c832ab34c142d7f81dbf8affdb2dacefabb2f83524c5aa883fc5f06e528b232d90fbea9ca08ae5ac180d477eaed27d137e2b51bd613b69c543d555bfc7cd81a4f795753c8c64c6b5d2acd9e26d6225f5b26e4e66a945fd6477a277b580dbeaa46d0be498df9a093392926c905641945ec5b9597525e449af3743f80554788fc358bc0401a968ff98aaf34e50b352751f32274750ff5c1fba503050204cec9c77deede7f8fa20845d95f5177030bc91d51f26f29d2a65b870dc72b81e5ef9eeef990d7c7145bbf1a3bc7aedd19fa7cbb020756525f1802216c13296fd6aac11bf2d2d90494":30:0
RSASSA-PSS Signature RSA-3072, SHA-512, Salt Length 62
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"dd553696db8ccb107609b8917e688bdd8373a8926bc9d114c1c77f7958070e236ca1bd2025ded59a71093b63afbfce39e92bde9ffca983959e7c3e18d75650612258c24eebb61a1b4a68603a2721e3e2483d6da27475a228b1341c78f140948b5c922822ccaed76dae338dddec1e4c5c34b9c53f34a09ff0b2b61a62254e73e6f0ac8013edc2cfa7ecbeb86fcc7309cb0f5b5eddb707af4b9337d34d672af413f3b6efd11e3b49c978f06a356f6f4e0ea50a90797fe32ccaa983547ff18ea167":"c1e3089e1bea1141638ca912da01c134f67231a2f737d97e28486e004a43e9c5592ff968ee18109fc71aa4c1a97aa88ece5c4734352bc0c1f67726bc4aac59c19301f23a705be5b3f7825fb284e58a950d795f63d18fe72231eaba9d6a5f90866f8dd34b2b0dfc132db8348efa5a62634e5584a788aebbf073ccb4f3e9f5cde8d0c2e831412485c7f8cf1473abffabcc5d51d8a2a87a22f39d1a250b3cb66d90c573669071aeba9b1080dc079243094a9ae0e5a62e4e8b653cb57f54f4eeaf3d":"a7a1882a7fb896786034d07fb1b9f6327c27bdd7ce6fe39c285ae3b6c34259adc0dc4f7b9c7dec3ca4a20d3407339eedd7a12a421da18f5954673cac2ff059156ecc73c6861ec761e6a0f2a5a033a6768c6a42d8b459e1b4932349e84efd92df59b45935f3d0e30817c66201aa99d07ae36c5d74f408d69cc08f044151ff4960e531360cb19077833adf7bce77ecfaa133c0ccc63c93b856814569e0b9884ee554061b9a20ab46c38263c094dae791aa61a17f8d16f0e85b7e5ce3b067ece89e20bc4e8f1ae814b276d234e04f4e766f501da74ea7e3817c24ea35d016676cece652b823b051625573ca92757fc720d254ecf1dcbbfd21d98307561ecaab545480c7c52ad7e9fa6b597f5fe550559c2fe923205ac1761a99737ca02d7b19822e008a8969349c87fb874c81620e38f613c8521f0381fe5ba55b74827dad3e1cf2aa29c6933629f2b286ad11be88fa6436e7e3f64a75e3595290dc0d1cd5eee7aaac54959cc53bd5a934a365e72dd81a2bd4fb9a67821bffedf2ef2bd94913de8b":"1415a7":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"08ccc9fa3166cf6815240e0dbb886ea054210fa9faeb57d3efb0d310ad93ad693c07211872ebc33b7a8e4dfeac5ffae0ec1d393e78905bdf3ba6984af5904d3a":"2d0c49b20789f39502eefd092a2b6a9b2757c1456147569a685fca4492a8d5b0e6234308385d3d629644ca37e3399616c266f199b6521a9987b2be9ee783":"8f47abc2326e22cf62404508b442e81ad45afff7274096b9a13e478cdd0a72f99a76bf517f1bb0f872a523d8c588d4402569e948fd6a108ae1a45c65830828a10e94d432765314ba82ead310fc87ac99a5b39f30ab8820bf69e6934a9c1c915c19f36ea7717eaff7af67b4991315b1873ba929bedf18a975be808e7aa14a6726126c79cc93f69541c5cefdeb5b67ec279d8f5a446583e4b4faed1685140ee4b3b757c8ff4a1ef9cd76a88e05319ee62003d2d77290c94c579b0ca2ab0deb3176ef10a3fdb85c80ffbc9e2a665a23744fc836f9a9a103cd9fb756952356a2f1acdd68a645e20179006558b5d4d0b9b0bd3adf5e290f49dae60b9d19920953ea8bb237d5b3dcfe149a60f12a4ee3a889b33bcd3a3b753d610757cbcd093dd5a734255333689695ab636963e3d215a8e77ff31973718a4944a1e9e44f45754d39f6fa431c53f9a2ef36e16a5f70636eb5fba54e15c20a714f2809a7cff4b8dc1165f836607eb5a5a3bb0c4567eee26941fef46fb41e73b565c0cf8c72e404221264":62:0
RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length 0
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3af3c4bd6d4cfcad8a03290e237b0cb3f05a4640d4ff655aa36fd36b4089817a7d4538ea9134971c37c12a5b3c360e2c90546c6553d2bff7419262821ce3fc99283483b9691ad5a0dbff":"ac777fd1f72fb4598b30ec1d343488e83bc03cac3380492225efad8c0d7e2c15a0031b8e027bf4e80747ce3de188b405dfeec2b4b5439599bef733a120fd80532e0fcc0629f86cc990e312b2b73ee1f3586198bf81f3af05ef0cfbed3d1b5c620927d2084f31847784c2ba8d55a0f038a5eaf8c2ea85ea81eebdc0fe1f0d75c1":0:0
RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length = max
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3af3c4bd6d4cfcad8a03290e237b0cb3f05a4640d4ff655aa36fd36b4089817a7d4538ea9134971c37c12a5b3c360e2c90546c6553d2bff7419262821ce3fc99283483b9691ad5a0dbff":"6708ae77c8c32056d89d8186f1d74d84a02cf69a084516c3525901e7c2c8359c1e8939f95b1184ca8e57508a28673243f1580f0eaef13a8eb64c9b78c8a5c2249f7601faa9a55743d056c08bbf213bd5d461e134078b11458a76707fe80df58ca477c2455665734cb498dde2a87065d8bdb8851f7943f4c38ae243752dc79da3":94:0
RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length = max+1
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3af3c4bd6d4cfcad8a03290e237b0cb3f05a4640d4ff655aa36fd36b4089817a7d4538ea9134971c37c12a5b3c360e2c90546c6553d2bff7419262821ce3fc99283483b9691ad5a0dbff":"":95:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length = 0
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"293c65933fb46e6bc50d9c34a266a5e1b9e3b3ff3c99c691a88eb2d1b652ab28144e9e6a18468995febb5ce84b38efb295b1ebf1b7b4b7bce29c35dfbdc81b0944bdb3cdba914215de4380cf5226c6c7af172bf82dbebade614d710be5b4256d588d12d3a0f4494b863b09e8962bbc1d97cdaebd92d40a0485476178acbb943d1bec59aabfb60a15b1cb8f17f600fc10ec1f97148ecacca4b3715ec173e641525a1331b1b5b504bc9f930b7061f10e63509d2223c49c3050bab6edba11dc426a8b5dbfdb31b43ab3dedc392f3d4d0401f67b83cdb59e592dbedad5ed407854310e1304b4e998b8e4074caafba6fb006335c64666758401a508813d307f466e3a":0:0
RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length = max
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3f04e3159073f7ad2fe70738168779091facbabfc4df54d6f49c7c7849a2e888a6cb9d363e94e46d7ceba692721f9b92cc56519035a5662941e2a18a8489122b55af6193444501c030a752a3c6ed3592438623782c89a16d6c42f8f0cc0a1b21ba7db4fec2b5bef35c109623fdcbb54151d8b97d625bebce9de3be69edda8aa7573fa519f4630c5173a274716d29b2bf026b3c64c62732640af0cdf8ca589f2197453b8ba847dc1cea508d577a3f167caa53e0717a12d58502a27dcdfa1cee9161291d0a71f9265b4ab3":"558dcb8c4ed92d22618fb2169a552bf5ada493ad66890639caecce025839f44d2f8b7004d70586296fd94278e478dfbb63a6867f3fd909a558cca1fba1b329a3f230c2874886eb0b5a3de01e02100a939f216a07a445f9e8f7279b8cc31966de23c912c477bed5ac99996f09ec817bd02acb671310b33d5a9bf79bfc14a0e38abef9169c01e7743a408868f42705743023ec7892c2e437b918b40d873d99c56faa58543a8eb41d91d38ab8ca5165b95ac84b30624a6517b2893f432c63d34352059c9a6ad3353fe3859d0b51a971e3d58a287612b1a7b6eeb76b7101850f809960c1c137ea396ede4c570817bef93b2ff901c2d175909f48a6b6a73dc3aa6cef":222:0
RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length = max+1
depends_on:MBEDTLS_SHA256_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":223:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length 0
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7289bf65540f4925c608e62c8d077789828560945a27fd3f3918e4258b38be488d54b546bfe46d56e519583e77fbf3988538e26fd05793cea925934d714e748a23c429356d3c09e51e08d425923e4237c0f00c3c9f77d8544b8e089d265497a683c2f19b80776671ad36d1cadd38e24c3049461f3d3d964ddc9afdf1d4b9022a":0:0
RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length max
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13bc5bd8f242a193ead499173ae97c2313d53874c791b13e0adda0ee89fef3668b5f3f7d91d1117cb5aa93e":"a063080224f2659a25ce69417f3240779712d93a69461eb7712c137ed5d4ed7c8490b3e4e7e70e560921da59899a542d1f28db68c1247fd7a0db983ded9f6db9a8d9445c28ba3e4afffb4ed6fd4c93e774082a6dadc8052f3d48cb899d63b9a82f34315f999deb065da600207ea78bfd199e2249f86a55c79761933ee87337aa":62:0
RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length max+1
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":63:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 0
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9110b39c1ffc2d8a5f24e965e3985b06871c2be23e677bb3ea879b7b6b25c327ebdd9434387cfe5f64bcb6900a5c8395549e3681390583786b709257ff0ad90507a02ec6abb40e33dec80097322876a84ee98b1fe79ced62ba4f983bb9b52758bf9856098af527924ea83291762b179894f1fab6d8c9867b0244393fa32b5871836fa4446b247153bc117ccaf7cd51c5ec026bcaf9b634182cd19a0eb95ec40dd5e4274750c9ee3b1379fb339fa4ed8348b104936396355bea0a00337b83f47d2fd7e7353f3009752f970eebc1bbade601b912f7b0984bccc68941ed23bd31fcd23a7d0f2b0cfaabdb3d361969f485e5d198442661ee71eef258ae9fc27a19d995a5695c668f9ab78622486d6ccfe4ae11de9240588fafbc75f8bd0d04de5f2959c126b7c672eac8bb65031ea22ebb4a4e36c12f427d2dc4619eb30ef1c90ec951337a364566f0d2e32f311b425a68fd5277a85dc8d8041ab2a0165c39fd4e39160498d5eae98965e8745b77390e5ddeff0aeffc0fb18839455d524826a1f366":0:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3fe26ee600cfb2d187384e529f280485cf84830af8cb015878cb7c4c74ad6ab38fd8998fa74b612e84af8123d785a8a60a2bb002f7b15a6f7cd6bbf18325a412fd3ea2a48903d30db2543089d9d82fe304dfe5fb903f6a0d1625fe994aa2ac47e04eeb6a51be770312a88cec80bbcf849ab57f2af4e9370a0e35a458d8509fb89e8b22ef499af25c427e48c2391747d3ccc6fdc1b035cbbe6a6f1742bfb6fb5d411d4c8bb73ee7f9bc2fbcf54603c813c9c6d479fb9f38650f4fa8ce05a32c47c078d278b7b97173e82d692e303141faf71573f2b5ab58c4fa009200a3be47633719dbeed24d61ba7acae8abfc2aa5f33f18e6f4c43eb8be3e4bbee1090544401e202ef06d90aae75a939256bd374afc5030f1146ea9d2acf4918dfe96d13eb5f16da55efd504657e3d8aea010f89c60288d74963746422bd7cf":"57a5511992b30d39e150b6a7a760a74136db0a24bc635f3a700a74f865a7c9c0ed2e2e196022a6d17ad7c2d3f12946828458015beffb0c0652de2cc9c3366aaeb7634c5d6ccbdf6c7c93b8feff21a7d2831ac3ee73fd98f9c972dcb833ac61323b77ec249db0e4fb9bf33c71aef9d2aaef40aafab2cb3870f0224c8d0c3ada2abb9d3dd601a038594d290177277a8b791ebcc211d7e5379323a633c62fe9cc2394bd7a977a604122ee9799e5368cc17e1af1795046e76899aa6e7be8f27b1a3e96daa81784d967e9a36cf1912936d7ae11f80aed79c27c53237e7fa009daf9240fb205f83e8c6f8f57d3c3520e0e60213a203432c18d92979b13555ce6eab075ddb38b6d820e378ac4e3afcb3d57e5c6d3c11f165745996fdb61e36b842c6ec81d6437073fe9fc96a4dbc3b188ca766a7f7ef786f39729cadcc5700fb0fffeca0eb0bc47243783f129917948df9bee23da83fadadfa87708e0a839a62965a5d2b9a7cd16b4675cef6afc8fbc2615d97d11ede47f4dfd83e74847dc184ccdc4fd":334:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max + 1
depends_on:MBEDTLS_SHA384_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":335:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Sign. RSA-520 SHA-512: Salt Len. 0, no possible salt size
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:520:"0feea5f6220fac291b9508ec2ba8ed281eb39aee4d5dc693254106816ebc700ecf":"0d68918785c3aafe31eaaa2d8d8156dce645940ff7734a457337a51bd00bc88811":"00d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Sign. RSA-528 SHA-512: Salt Len. 0, only room for empty salt
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:528:"00d272aa28ed2085ac6df3c05c6719eed5deb618afa2e4ca4a6f7330b430ad48672d":"00c578836bab27145db9dd66f17470b62d4a6100f8ca0dedf457ee3639c3b9596325":"00a2554eba715bf66e5ecdf3d6d718e3e5d907e8666e7bf5a76b415106e04eb827ec4cb2199cff66491d45419082059aa5b54b0cf5eef4443402f3047c0b0e6f025081":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"5bf02a1ff652052be266d0630fb802bde71d363904e2e001267dba592c88e755befb9b8004ecf1c5de07ad8cd260ede04971b201d524434e657396d6bfd8917def84":0:0
RSASSA-PSS Sign. RSA-528 SHA-512: Salt Len. 1, only room for empty salt
depends_on:MBEDTLS_SHA512_C
Rm useless use of MD in PKCS#1v2.1 test functions We had a message in the data file, and were computing its hash in the test function. It is more efficient (and simpler when it comes to dependencies) to directly have the message hash in the data file. It was probably this way because some test vectors provide the message for the sake of all-in-one implementation that hash-and-sign at once. But our API gets a hash as the input and signs it. In unit tests, this should be reflected in the signature of the test function, which should take a hash as input. The changes to the .data file were done using the following python script: import hashlib suite = 'pkcs1_v21' functions = { 'pkcs1_rsassa_pss_sign': (6, 8), 'pkcs1_rsassa_pss_verify': (4, 6), 'pkcs1_rsassa_pss_verify_ext': (4, 8), } def hash_ctx(s): if s == 'MBEDTLS_MD_MD5': return hashlib.md5() if s == 'MBEDTLS_MD_SHA1': return hashlib.sha1() if s == 'MBEDTLS_MD_SHA224': return hashlib.sha224() if s == 'MBEDTLS_MD_SHA256': return hashlib.sha256() if s == 'MBEDTLS_MD_SHA384': return hashlib.sha384() if s == 'MBEDTLS_MD_SHA512': return hashlib.sha512() def fix(l): parts = l.rstrip().split(":") fun = parts[0] if fun not in functions: return l (digest_idx, msg_idx) = functions[fun] alg_str = parts[digest_idx] if alg_str == "MBEDTLS_MD_NONE": return l h = hash_ctx(alg_str) msg_str = parts[msg_idx] msg_hex = msg_str[1:-1] msg = bytes.fromhex(msg_hex) h.update(msg) msg_hash = h.hexdigest() msg_hash_str = '"' + msg_hash + '"' parts[msg_idx] = msg_hash_str return ":".join(parts) + '\n' filename = 'tests/suites/test_suite_' + suite + '.data' with open(filename) as f: lines = f.readlines() lines = [fix(l) for l in lines] with open(filename, 'w') as f: f.writelines(lines) Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 17:49:25 +02:00
pkcs1_rsassa_pss_sign:528:"00d272aa28ed2085ac6df3c05c6719eed5deb618afa2e4ca4a6f7330b430ad48672d":"00c578836bab27145db9dd66f17470b62d4a6100f8ca0dedf457ee3639c3b9596325":"00a2554eba715bf66e5ecdf3d6d718e3e5d907e8666e7bf5a76b415106e04eb827ec4cb2199cff66491d45419082059aa5b54b0cf5eef4443402f3047c0b0e6f025081":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"391cad6ca7e43059db25e85e9055b00a1087dd8709b40e07fd2b20327ba5dbe1eaac18bc4ddc9d9fd27572895a05553c613d7fe57da7543b19eba91860e1ca12":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA