mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 22:25:47 +01:00
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
This commit is contained in:
commit
7bc6a3749c
5
ChangeLog.d/pkcs1_v21_sign_ext.txt
Normal file
5
ChangeLog.d/pkcs1_v21_sign_ext.txt
Normal file
@ -0,0 +1,5 @@
|
||||
Features
|
||||
* Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
|
||||
signature with a specific salt length. This function allows to validate
|
||||
test cases provided in the NIST's CAVP test suite. Contributed by Cédric
|
||||
Meuter in PR #3183.
|
@ -972,6 +972,59 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig );
|
||||
|
||||
/**
|
||||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||
* operation (RSASSA-PSS-SIGN).
|
||||
*
|
||||
* \note The \p hash_id in the RSA context is the one used for the
|
||||
* encoding. \p md_alg in the function call is the type of hash
|
||||
* that is encoded. According to <em>RFC-3447: Public-Key
|
||||
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
|
||||
* Specifications</em> it is advised to keep both hashes the
|
||||
* same.
|
||||
*
|
||||
* \note This function enforces that the provided salt length complies
|
||||
* with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
|
||||
* step 3. The constraint is that the hash length plus the salt
|
||||
* length plus 2 bytes must be at most the key length. If this
|
||||
* constraint is not met, this function returns
|
||||
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. It must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param saltlen The length of the salt that should be used.
|
||||
* If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
|
||||
* the largest possible salt length up to the hash length,
|
||||
* which is the largest permitted by some standards including
|
||||
* FIPS 186-4 §5.5.
|
||||
* \param sig The buffer to hold the signature. This must be a writable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus. A buffer length of
|
||||
* #MBEDTLS_MPI_MAX_SIZE is always safe.
|
||||
*
|
||||
* \return \c 0 if the signing operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
int saltlen,
|
||||
unsigned char *sig );
|
||||
|
||||
/**
|
||||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||
* operation (RSASSA-PSS-SIGN).
|
||||
|
@ -1795,21 +1795,19 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
/*
|
||||
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
int saltlen,
|
||||
unsigned char *sig )
|
||||
{
|
||||
size_t olen;
|
||||
unsigned char *p = sig;
|
||||
unsigned char salt[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char *salt = NULL;
|
||||
size_t slen, min_slen, hlen, offset = 0;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t msb;
|
||||
@ -1847,31 +1845,44 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
|
||||
/* Calculate the largest possible salt length. Normally this is the hash
|
||||
* length, which is the maximum length the salt can have. If there is not
|
||||
* enough room, use the maximum salt length that fits. The constraint is
|
||||
* that the hash length plus the salt length plus 2 bytes must be at most
|
||||
* the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
|
||||
* (PKCS#1 v2.2) §9.1.1 step 3. */
|
||||
min_slen = hlen - 2;
|
||||
if( olen < hlen + min_slen + 2 )
|
||||
if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY)
|
||||
{
|
||||
/* Calculate the largest possible salt length, up to the hash size.
|
||||
* Normally this is the hash length, which is the maximum salt length
|
||||
* according to FIPS 185-4 §5.5 (e) and common practice. If there is not
|
||||
* enough room, use the maximum salt length that fits. The constraint is
|
||||
* that the hash length plus the salt length plus 2 bytes must be at most
|
||||
* the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
|
||||
* (PKCS#1 v2.2) §9.1.1 step 3. */
|
||||
min_slen = hlen - 2;
|
||||
if( olen < hlen + min_slen + 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
else if( olen >= hlen + hlen + 2 )
|
||||
slen = hlen;
|
||||
else
|
||||
slen = olen - hlen - 2;
|
||||
}
|
||||
else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) )
|
||||
{
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
else if( olen >= hlen + hlen + 2 )
|
||||
slen = hlen;
|
||||
}
|
||||
else
|
||||
slen = olen - hlen - 2;
|
||||
{
|
||||
slen = (size_t) saltlen;
|
||||
}
|
||||
|
||||
memset( sig, 0, olen );
|
||||
|
||||
/* Generate salt of length slen */
|
||||
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
|
||||
|
||||
/* Note: EMSA-PSS encoding is over the length of N - 1 bits */
|
||||
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
|
||||
p += olen - hlen - slen - 2;
|
||||
*p++ = 0x01;
|
||||
memcpy( p, salt, slen );
|
||||
|
||||
/* Generate salt of length slen in place in the encoded message */
|
||||
salt = p;
|
||||
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
|
||||
|
||||
p += slen;
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
@ -1905,8 +1916,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
p += hlen;
|
||||
*p++ = 0xBC;
|
||||
|
||||
mbedtls_platform_zeroize( salt, sizeof( salt ) );
|
||||
|
||||
exit:
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
@ -1917,6 +1926,40 @@ exit:
|
||||
? mbedtls_rsa_public( ctx, sig, sig )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
|
||||
* the option to pass in the salt length.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
int saltlen,
|
||||
unsigned char *sig )
|
||||
{
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
|
||||
hashlen, hash, saltlen, sig );
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig )
|
||||
{
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
|
||||
hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -9,9 +9,8 @@
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
|
||||
int radix_E, char * input_E, int hash,
|
||||
data_t * message_str, data_t * rnd_buf,
|
||||
void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
|
||||
int hash, data_t * message_str, data_t * rnd_buf,
|
||||
data_t * result_str, int result )
|
||||
{
|
||||
unsigned char output[256];
|
||||
@ -26,8 +25,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
|
||||
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
|
||||
memset( output, 0x00, sizeof( output ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
||||
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
|
||||
@ -41,8 +40,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
|
||||
ctx.len, result_str->len ) == 0 );
|
||||
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
||||
}
|
||||
|
||||
exit:
|
||||
@ -52,11 +50,9 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
|
||||
int radix_Q, char * input_Q, int radix_N,
|
||||
char * input_N, int radix_E, char * input_E,
|
||||
int hash, data_t * result_str,
|
||||
char * seed, data_t * message_str,
|
||||
void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q,
|
||||
data_t * input_N, data_t * input_E, int hash,
|
||||
data_t * result_str, char * seed, data_t * message_str,
|
||||
int result )
|
||||
{
|
||||
unsigned char output[64];
|
||||
@ -74,10 +70,10 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
|
||||
memset( output, 0x00, sizeof( output ) );
|
||||
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
||||
@ -104,9 +100,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
|
||||
sizeof( output ) ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
|
||||
output_len,
|
||||
result_str->len ) == 0 );
|
||||
ASSERT_COMPARE( output, output_len, result_str->x, result_str->len );
|
||||
}
|
||||
}
|
||||
|
||||
@ -118,14 +112,14 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
|
||||
char * input_Q, int radix_N, char * input_N,
|
||||
int radix_E, char * input_E, int digest, int hash,
|
||||
data_t * message_str, data_t * rnd_buf,
|
||||
data_t * result_str, int result )
|
||||
void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
|
||||
data_t * input_N, data_t * input_E, int digest,
|
||||
int hash, data_t * message_str, data_t * rnd_buf,
|
||||
data_t * result_str, int fixed_salt_length,
|
||||
int result )
|
||||
{
|
||||
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char output[256];
|
||||
unsigned char output[512];
|
||||
mbedtls_rsa_context ctx;
|
||||
mbedtls_test_rnd_buf_info info;
|
||||
mbedtls_mpi N, P, Q, E;
|
||||
@ -140,28 +134,39 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
|
||||
memset( hash_result, 0x00, sizeof( hash_result ) );
|
||||
memset( output, 0x00, sizeof( output ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &P, input_P->x, input_P->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &Q, input_Q->x, input_Q->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
||||
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
||||
|
||||
|
||||
if( mbedtls_md_info_from_type( digest ) != NULL )
|
||||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PRIVATE, digest, 0,
|
||||
hash_result, output ) == result );
|
||||
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
|
||||
{
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PRIVATE, digest, 0,
|
||||
hash_result, output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
||||
}
|
||||
|
||||
info.buf = rnd_buf->x;
|
||||
info.length = rnd_buf->len;
|
||||
}
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand,
|
||||
&info, digest, 0, hash_result,
|
||||
fixed_salt_length, output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
|
||||
ctx.len, result_str->len ) == 0 );
|
||||
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
||||
}
|
||||
|
||||
exit:
|
||||
@ -172,10 +177,9 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
|
||||
int radix_E, char * input_E, int digest,
|
||||
int hash, data_t * message_str, char * salt,
|
||||
data_t * result_str, int result )
|
||||
void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E,
|
||||
int digest, int hash, data_t * message_str,
|
||||
char * salt, data_t * result_str, int result )
|
||||
{
|
||||
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
|
||||
mbedtls_rsa_context ctx;
|
||||
@ -186,8 +190,8 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
|
||||
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
|
||||
memset( hash_result, 0x00, sizeof( hash_result ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
||||
@ -206,8 +210,7 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
|
||||
int radix_E, char * input_E,
|
||||
void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E,
|
||||
int msg_digest_id, int ctx_hash,
|
||||
int mgf_hash, int salt_len,
|
||||
data_t * message_str,
|
||||
@ -223,8 +226,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
|
||||
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
|
||||
memset( hash_result, 0x00, sizeof( hash_result ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_binary( &E, input_E->x, input_E->len ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
|
||||
|
@ -337,6 +337,28 @@ void rsa_invalid_param( )
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL,
|
||||
0, sizeof( buf ), buf,
|
||||
MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
|
||||
0, sizeof( buf ), NULL,
|
||||
MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
|
||||
0, sizeof( buf ), buf,
|
||||
MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
|
Loading…
Reference in New Issue
Block a user