Merge pull request #8826 from valeriosetti/issue8824
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
This commit is contained in:
commit
fc3f980f0f
5 changed files with 183 additions and 64 deletions
7
ChangeLog.d/8824.txt
Normal file
7
ChangeLog.d/8824.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
Bugfix
|
||||||
|
* Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
|
||||||
|
mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
|
||||||
|
the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always
|
||||||
|
used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1
|
||||||
|
(PSS/OAEP). Fixes #8824.
|
||||||
|
|
|
@ -612,14 +612,17 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
|
||||||
* \param sig Signature to verify
|
* \param sig Signature to verify
|
||||||
* \param sig_len Signature length
|
* \param sig_len Signature length
|
||||||
*
|
*
|
||||||
|
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||||
|
* either PKCS#1 v1.5 or PSS (accepting any salt length),
|
||||||
|
* depending on the padding mode in the underlying RSA context.
|
||||||
|
* For a pk object constructed by parsing, this is PKCS#1 v1.5
|
||||||
|
* by default. Use mbedtls_pk_verify_ext() to explicitly select
|
||||||
|
* a different algorithm.
|
||||||
|
*
|
||||||
* \return 0 on success (signature is valid),
|
* \return 0 on success (signature is valid),
|
||||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||||
* signature in \p sig but its length is less than \p sig_len,
|
* signature in \p sig but its length is less than \p sig_len,
|
||||||
* or a specific error code.
|
* or a specific error code.
|
||||||
*
|
|
||||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
|
||||||
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
|
|
||||||
* to verify RSASSA_PSS signatures.
|
|
||||||
*/
|
*/
|
||||||
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
|
@ -706,11 +709,15 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
||||||
* \param f_rng RNG function, must not be \c NULL.
|
* \param f_rng RNG function, must not be \c NULL.
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
* \return 0 on success, or a specific error code.
|
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||||
|
* either PKCS#1 v1.5 or PSS (using the largest possible salt
|
||||||
|
* length up to the hash length), depending on the padding mode
|
||||||
|
* in the underlying RSA context. For a pk object constructed
|
||||||
|
* by parsing, this is PKCS#1 v1.5 by default. Use
|
||||||
|
* mbedtls_pk_verify_ext() to explicitly select a different
|
||||||
|
* algorithm.
|
||||||
*
|
*
|
||||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
* \return 0 on success, or a specific error code.
|
||||||
* There is no interface in the PK module to make RSASSA-PSS
|
|
||||||
* signatures yet.
|
|
||||||
*
|
*
|
||||||
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
|
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
|
||||||
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
|
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
|
||||||
|
@ -806,7 +813,10 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
|
||||||
* \param f_rng RNG function, must not be \c NULL.
|
* \param f_rng RNG function, must not be \c NULL.
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||||
|
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||||
|
* the underlying RSA context. For a pk object constructed by
|
||||||
|
* parsing, this is PKCS#1 v1.5 by default.
|
||||||
*
|
*
|
||||||
* \return 0 on success, or a specific error code.
|
* \return 0 on success, or a specific error code.
|
||||||
*/
|
*/
|
||||||
|
@ -827,9 +837,12 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
|
||||||
* \param f_rng RNG function, must not be \c NULL.
|
* \param f_rng RNG function, must not be \c NULL.
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
* \note \p f_rng is used for padding generation.
|
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||||
|
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||||
|
* the underlying RSA context. For a pk object constructed by
|
||||||
|
* parsing, this is PKCS#1 v1.5 by default.
|
||||||
*
|
*
|
||||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
* \note \p f_rng is used for padding generation.
|
||||||
*
|
*
|
||||||
* \return 0 on success, or a specific error code.
|
* \return 0 on success, or a specific error code.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -74,8 +74,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
||||||
int key_len;
|
int key_len;
|
||||||
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
||||||
unsigned char *p = buf + sizeof(buf);
|
unsigned char *p = buf + sizeof(buf);
|
||||||
psa_algorithm_t psa_alg_md =
|
psa_algorithm_t psa_alg_md;
|
||||||
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
|
||||||
size_t rsa_len = mbedtls_rsa_get_len(rsa);
|
size_t rsa_len = mbedtls_rsa_get_len(rsa);
|
||||||
|
|
||||||
#if SIZE_MAX > UINT_MAX
|
#if SIZE_MAX > UINT_MAX
|
||||||
|
@ -84,6 +83,12 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||||
|
psa_alg_md = PSA_ALG_RSA_PSS(mbedtls_md_psa_alg_from_type(md_alg));
|
||||||
|
} else {
|
||||||
|
psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
||||||
|
}
|
||||||
|
|
||||||
if (sig_len < rsa_len) {
|
if (sig_len < rsa_len) {
|
||||||
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||||
}
|
}
|
||||||
|
@ -235,10 +240,14 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
||||||
if (psa_md_alg == 0) {
|
if (psa_md_alg == 0) {
|
||||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
psa_algorithm_t psa_alg;
|
||||||
|
if (mbedtls_rsa_get_padding_mode(mbedtls_pk_rsa(*pk)) == MBEDTLS_RSA_PKCS_V21) {
|
||||||
|
psa_alg = PSA_ALG_RSA_PSS(psa_md_alg);
|
||||||
|
} else {
|
||||||
|
psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg);
|
||||||
|
}
|
||||||
|
|
||||||
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN(
|
return mbedtls_pk_psa_rsa_sign_ext(psa_alg, pk->pk_ctx, hash, hash_len,
|
||||||
psa_md_alg),
|
|
||||||
pk->pk_ctx, hash, hash_len,
|
|
||||||
sig, sig_size, sig_len);
|
sig, sig_size, sig_len);
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
@ -276,6 +285,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
psa_algorithm_t psa_md_alg, decrypt_alg;
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
int key_len;
|
int key_len;
|
||||||
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
||||||
|
@ -284,12 +294,6 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
||||||
((void) f_rng);
|
((void) f_rng);
|
||||||
((void) p_rng);
|
((void) p_rng);
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RSA_ALT)
|
|
||||||
if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
|
|
||||||
return MBEDTLS_ERR_RSA_INVALID_PADDING;
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_RSA_ALT */
|
|
||||||
|
|
||||||
if (ilen != mbedtls_rsa_get_len(rsa)) {
|
if (ilen != mbedtls_rsa_get_len(rsa)) {
|
||||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
@ -301,7 +305,13 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
||||||
|
|
||||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
|
||||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
|
||||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||||
|
psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa));
|
||||||
|
decrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg);
|
||||||
|
} else {
|
||||||
|
decrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
|
||||||
|
}
|
||||||
|
psa_set_key_algorithm(&attributes, decrypt_alg);
|
||||||
|
|
||||||
status = psa_import_key(&attributes,
|
status = psa_import_key(&attributes,
|
||||||
buf + sizeof(buf) - key_len, key_len,
|
buf + sizeof(buf) - key_len, key_len,
|
||||||
|
@ -311,7 +321,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
status = psa_asymmetric_decrypt(key_id, decrypt_alg,
|
||||||
input, ilen,
|
input, ilen,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
output, osize, olen);
|
output, osize, olen);
|
||||||
|
@ -358,6 +368,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
psa_algorithm_t psa_md_alg;
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
int key_len;
|
int key_len;
|
||||||
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
||||||
|
@ -366,12 +377,6 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
||||||
((void) f_rng);
|
((void) f_rng);
|
||||||
((void) p_rng);
|
((void) p_rng);
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RSA_ALT)
|
|
||||||
if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
|
|
||||||
return MBEDTLS_ERR_RSA_INVALID_PADDING;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (mbedtls_rsa_get_len(rsa) > osize) {
|
if (mbedtls_rsa_get_len(rsa) > osize) {
|
||||||
return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
|
return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
|
||||||
}
|
}
|
||||||
|
@ -382,7 +387,12 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
|
||||||
|
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||||
|
psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa));
|
||||||
|
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(psa_md_alg));
|
||||||
|
} else {
|
||||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
||||||
|
}
|
||||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
|
||||||
|
|
||||||
status = psa_import_key(&attributes,
|
status = psa_import_key(&attributes,
|
||||||
|
|
|
@ -326,13 +326,33 @@ PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256)
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||||
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||||
|
|
||||||
RSA verify test vector #1 (good)
|
RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good
|
||||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
||||||
|
|
||||||
RSA verify test vector #2 (bad)
|
RSA verify test vector: PKCS1v1.5 (default), SHA1, good
|
||||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||||
pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":-1:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
||||||
|
|
||||||
|
RSA verify test vector: PKCS1v1.5, SHA1, wrong signature
|
||||||
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||||
|
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b8":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||||
|
|
||||||
|
RSA verify test vector: PSS, SHA1, good
|
||||||
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||||
|
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
|
||||||
|
|
||||||
|
RSA verify test vector: PSS, SHA1, wrong signature
|
||||||
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||||
|
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747f":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||||
|
|
||||||
|
RSA verify test vector: PSS, SHA1, signature is PKCS1v1.5
|
||||||
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||||
|
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||||
|
|
||||||
|
RSA verify test vector: PKCS1v1.5, SHA1, signature is PSS
|
||||||
|
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||||
|
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||||
|
|
||||||
ECDSA verify test vector #1 (good)
|
ECDSA verify test vector #1 (good)
|
||||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||||
|
@ -384,51 +404,79 @@ pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723e
|
||||||
|
|
||||||
ECDSA sign-verify: SECP192R1
|
ECDSA sign-verify: SECP192R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0
|
||||||
|
|
||||||
ECDSA sign-verify: SECP256R1
|
ECDSA sign-verify: SECP256R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0:0:0
|
||||||
|
|
||||||
ECDSA sign-verify: SECP384R1
|
ECDSA sign-verify: SECP384R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0
|
||||||
|
|
||||||
ECDSA sign-verify: SECP521R1
|
ECDSA sign-verify: SECP521R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0
|
||||||
|
|
||||||
ECDSA sign-verify: BP256R1
|
ECDSA sign-verify: BP256R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0:0:0
|
||||||
|
|
||||||
ECDSA sign-verify: BP512R1
|
ECDSA sign-verify: BP512R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0:0:0
|
||||||
|
|
||||||
EC(DSA) sign-verify: SECP192R1
|
EC(DSA) sign-verify: SECP192R1
|
||||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
|
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0
|
||||||
|
|
||||||
EC_DH (no) sign-verify: SECP192R1
|
EC_DH (no) sign-verify: SECP192R1
|
||||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||||
|
|
||||||
RSA sign-verify
|
RSA sign-verify, PKCS1v1.5, SHA1
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
|
||||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0
|
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0
|
||||||
|
|
||||||
|
RSA sign-verify, PKCS1v2.1, SHA1
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
|
||||||
|
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0
|
||||||
|
|
||||||
|
RSA sign-verify, PKCS1v1.5, SHA256
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
|
||||||
|
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0
|
||||||
|
|
||||||
|
RSA sign-verify, PKCS1v2.1, SHA256
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
|
||||||
|
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0
|
||||||
|
|
||||||
RSA encrypt-decrypt test
|
RSA encrypt-decrypt test
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":0
|
pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":0
|
||||||
|
|
||||||
RSA decrypt test vector #1
|
RSA decrypt test vector - PKCS1v1.5
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0
|
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0
|
||||||
|
|
||||||
RSA decrypt test vector #2
|
RSA decrypt test vector - PKCS1v1.5, corrupted encrypted data
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
|
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||||
|
|
||||||
|
RSA decrypt test vector - PKCS1v2.1
|
||||||
|
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||||
|
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0
|
||||||
|
|
||||||
|
RSA decrypt test vector - PKCS1v2.1, corrupted encrypted data
|
||||||
|
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||||
|
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||||
|
|
||||||
|
RSA decrypt test vector - PKCS1v1.5, but data is PKCS1v2.1 encrypted
|
||||||
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
|
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||||
|
|
||||||
|
RSA decrypt test vector - PKCS1v2.1, but data is PKCS1v1.5 encrypted
|
||||||
|
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||||
|
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||||
|
|
||||||
RSA Opaque decrypt test vector #1
|
RSA Opaque decrypt test vector #1
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
|
|
|
@ -800,9 +800,9 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||||
void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
|
void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest,
|
||||||
char *input_N, char *input_E,
|
int mod, char *input_N, char *input_E,
|
||||||
data_t *result_str, int result)
|
data_t *result_str, int expected_result)
|
||||||
{
|
{
|
||||||
mbedtls_rsa_context *rsa;
|
mbedtls_rsa_context *rsa;
|
||||||
mbedtls_pk_context pk;
|
mbedtls_pk_context pk;
|
||||||
|
@ -817,28 +817,54 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_pk_init(&pk);
|
mbedtls_pk_init(&pk);
|
||||||
USE_PSA_INIT();
|
MD_OR_USE_PSA_INIT();
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
|
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
|
||||||
rsa = mbedtls_pk_rsa(pk);
|
rsa = mbedtls_pk_rsa(pk);
|
||||||
|
|
||||||
rsa->len = (mod + 7) / 8;
|
rsa->len = (mod + 7) / 8;
|
||||||
|
if (padding >= 0) {
|
||||||
|
TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0);
|
||||||
|
}
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
|
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
|
||||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
|
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_verify(&pk, digest, message_str->x, 0,
|
int actual_result;
|
||||||
result_str->x, mbedtls_pk_get_len(&pk)) == result);
|
actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0,
|
||||||
|
result_str->x, mbedtls_pk_get_len(&pk));
|
||||||
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING &&
|
||||||
|
expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) {
|
||||||
|
/* Tolerate INVALID_PADDING error for an invalid signature with
|
||||||
|
* the legacy API (but not with PSA). */
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
TEST_EQUAL(actual_result, expected_result);
|
||||||
|
}
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0,
|
actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0,
|
||||||
result_str->x, mbedtls_pk_get_len(
|
result_str->x,
|
||||||
&pk), rs_ctx) == result);
|
mbedtls_pk_get_len(&pk),
|
||||||
|
rs_ctx);
|
||||||
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING &&
|
||||||
|
expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) {
|
||||||
|
/* Tolerate INVALID_PADDING error for an invalid signature with
|
||||||
|
* the legacy API (but not with PSA). */
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
TEST_EQUAL(actual_result, expected_result);
|
||||||
|
}
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
mbedtls_pk_restart_free(rs_ctx);
|
mbedtls_pk_restart_free(rs_ctx);
|
||||||
#endif
|
#endif
|
||||||
mbedtls_pk_free(&pk);
|
mbedtls_pk_free(&pk);
|
||||||
USE_PSA_DONE();
|
MD_OR_USE_PSA_DONE();
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
@ -1027,7 +1053,8 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */
|
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */
|
||||||
void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret)
|
void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg,
|
||||||
|
int sign_ret, int verify_ret)
|
||||||
{
|
{
|
||||||
mbedtls_pk_context pk;
|
mbedtls_pk_context pk;
|
||||||
size_t sig_len;
|
size_t sig_len;
|
||||||
|
@ -1055,6 +1082,15 @@ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret
|
||||||
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
|
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
|
||||||
TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
|
TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
if (type == MBEDTLS_PK_RSA) {
|
||||||
|
TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0);
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
(void) rsa_padding;
|
||||||
|
(void) rsa_md_alg;
|
||||||
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256,
|
||||||
hash, hash_len,
|
hash, hash_len,
|
||||||
sig, sizeof(sig), &sig_len,
|
sig, sizeof(sig), &sig_len,
|
||||||
|
@ -1194,7 +1230,7 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||||
void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg,
|
||||||
char *input_P, char *input_Q,
|
char *input_P, char *input_Q,
|
||||||
char *input_N, char *input_E,
|
char *input_N, char *input_E,
|
||||||
data_t *clear, int ret)
|
data_t *clear, int ret)
|
||||||
|
@ -1209,7 +1245,7 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
||||||
mbedtls_pk_init(&pk);
|
mbedtls_pk_init(&pk);
|
||||||
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
|
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
|
||||||
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
|
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
|
||||||
USE_PSA_INIT();
|
MD_OR_USE_PSA_INIT();
|
||||||
|
|
||||||
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
|
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||||
|
|
||||||
|
@ -1231,6 +1267,11 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
||||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||||
TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8);
|
TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8);
|
||||||
|
|
||||||
|
/* set padding mode */
|
||||||
|
if (padding >= 0) {
|
||||||
|
TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0);
|
||||||
|
}
|
||||||
|
|
||||||
/* decryption test */
|
/* decryption test */
|
||||||
memset(output, 0, sizeof(output));
|
memset(output, 0, sizeof(output));
|
||||||
olen = 0;
|
olen = 0;
|
||||||
|
@ -1246,7 +1287,7 @@ exit:
|
||||||
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
|
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
|
||||||
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
|
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
|
||||||
mbedtls_pk_free(&pk);
|
mbedtls_pk_free(&pk);
|
||||||
USE_PSA_DONE();
|
MD_OR_USE_PSA_DONE();
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue