Merge branch 'mbedtls-1.3' into mbedtls-1.3

ChangeLog

@@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 1.3.x branch
 
+Security
+   * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt 
+     required by PKCS1 v2.2
+   * Fix a potential integer underflow to buffer overread in 
+     mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
+     SSL/TLS.
+   * Fix potential integer overflow to buffer overflow in
+     mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
+
 Bugfix
    * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
      arguments where the same (in-place doubling). Found and fixed by Janos

library/rsa.c

@@ -525,7 +525,8 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
     olen = ctx->len;
     hlen = md_get_size( md_info );
 
-    if( olen < ilen + 2 * hlen + 2 )
+    // first comparison checks for overflow
+    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     memset( output, 0, olen );
@@ -592,7 +593,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
 
     olen = ctx->len;
 
-    if( olen < ilen + 11 )
+    // first comparison checks for overflow
+    if( ilen + 11 < ilen || olen < ilen + 11 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     nb_pad = olen - 3 - ilen;
@@ -702,6 +704,12 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
     if( md_info == NULL )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
+    hlen = md_get_size( md_info );
+
+    // checking for integer underflow
+    if( 2 * hlen + 2 > ilen )
+        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
     /*
      * RSA operation
      */
@@ -717,6 +725,10 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
      */
     hlen = md_get_size( md_info );
 
+    // checking for integer underflow
+    if( 2 * hlen + 2 > ilen )
+        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
     md_init( &md_ctx );
     md_init_ctx( &md_ctx, md_info );
 
@@ -851,6 +863,8 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
         bad |= *p++; /* Must be zero */
     }
 
+    bad |= ( pad_count < 8 );
+
     if( bad )
         return( POLARSSL_ERR_RSA_INVALID_PADDING );
 

programs/pkey/rsa_decrypt.c

@@ -30,7 +30,9 @@
 #include "polarssl/platform.h"
 #else
 #include <stdio.h>
+#include <stdlib.h>
 #define polarssl_printf     printf
+#define polarssl_exit       exit
 #endif
 
 #if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
@@ -58,7 +60,7 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, c;
+    int return_val, exit_val, c;
     size_t i;
     rsa_context rsa;
     entropy_context entropy;
@@ -69,7 +71,7 @@ int main( int argc, char *argv[] )
     ((void) argv);
 
     memset(result, 0, sizeof( result ) );
-    ret = 1;
+    exit_val = 0;
 
     if( argc != 1 )
     {
@@ -79,18 +81,23 @@ int main( int argc, char *argv[] )
         polarssl_printf( "\n" );
 #endif
 
-        goto exit;
+        polarssl_exit( 1 );
     }
 
     polarssl_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
     entropy_init( &entropy );
-    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+    return_val = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
                                (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
+                               strlen( pers ) );
+    if( return_val != 0 )
     {
-        polarssl_printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! ctr_drbg_init returned %d\n",
+                         return_val );
         goto exit;
     }
 
@@ -99,23 +106,24 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
     {
+        exit_val = 1;
         polarssl_printf( " failed\n  ! Could not open rsa_priv.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
     }
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
-    if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+    if( ( return_val = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
     {
-        polarssl_printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! mpi_read_file returned %d\n\n",
+                         return_val );
         goto exit;
     }
 
@@ -126,10 +134,9 @@ int main( int argc, char *argv[] )
     /*
      * Extract the RSA encrypted value from the text file
      */
-    ret = 1;
-
     if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
     {
+        exit_val = 1;
         polarssl_printf( "\n  ! Could not open %s\n\n", "result-enc.txt" );
         goto exit;
     }
@@ -144,6 +151,7 @@ int main( int argc, char *argv[] )
 
     if( i != rsa.len )
     {
+        exit_val = 1;
         polarssl_printf( "\n  ! Invalid RSA signature format\n\n" );
         goto exit;
     }
@@ -154,11 +162,13 @@ int main( int argc, char *argv[] )
     polarssl_printf( "\n  . Decrypting the encrypted data" );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
-                                   RSA_PRIVATE, &i, buf, result,
-                                   1024 ) ) != 0 )
+    if( ( return_val = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+                                          RSA_PRIVATE, &i, buf, result,
+                                          1024 ) ) != 0 )
     {
-        polarssl_printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n",
+                         return_val );
         goto exit;
     }
 
@@ -166,17 +176,16 @@ int main( int argc, char *argv[] )
 
     polarssl_printf( "The decrypted result is: '%s'\n\n", result );
 
-    ret = 0;
-
 exit:
     ctr_drbg_free( &ctr_drbg );
     entropy_free( &entropy );
+    rsa_free( &rsa );
 
 #if defined(_WIN32)
     polarssl_printf( "  + Press Enter to exit this program.\n" );
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_val );
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_FS_IO */

programs/pkey/rsa_encrypt.c

@@ -30,8 +30,10 @@
 #include "polarssl/platform.h"
 #else
 #include <stdio.h>
+#include <stdlib.h>
 #define polarssl_fprintf    fprintf
 #define polarssl_printf     printf
+#define polarssl_exit       exit
 #endif
 
 #if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
@@ -59,7 +61,7 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret;
+    int return_val, exit_val;
     size_t i;
     rsa_context rsa;
     entropy_context entropy;
@@ -68,7 +70,7 @@ int main( int argc, char *argv[] )
     unsigned char buf[512];
     const char *pers = "rsa_encrypt";
 
-    ret = 1;
+    exit_val = 0;
 
     if( argc != 2 )
     {
@@ -78,18 +80,24 @@ int main( int argc, char *argv[] )
         polarssl_printf( "\n" );
 #endif
 
-        goto exit;
+        polarssl_exit( 1 );
     }
 
     polarssl_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
     entropy_init( &entropy );
-    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+    return_val = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                                (const unsigned char *) pers,
+                                strlen( pers ) );
+
+    if( return_val != 0 )
     {
-        polarssl_printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! ctr_drbg_init returned %d\n",
+                         return_val );
         goto exit;
     }
 
@@ -98,18 +106,18 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
     {
-        ret = 1;
+        exit_val = 1;
         polarssl_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
-                "  ! Please run rsa_genkey first\n\n" );
+                         "  ! Please run rsa_genkey first\n\n" );
         goto exit;
     }
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
-    if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
-        ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+    if( ( return_val = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+        ( return_val = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
     {
-        polarssl_printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! mpi_read_file returned %d\n\n",
+                         return_val );
         goto exit;
     }
 
@@ -119,6 +127,7 @@ int main( int argc, char *argv[] )
 
     if( strlen( argv[1] ) > 100 )
     {
+        exit_val = 1;
         polarssl_printf( " Input data larger than 100 characters.\n\n" );
         goto exit;
     }
@@ -131,11 +140,13 @@ int main( int argc, char *argv[] )
     polarssl_printf( "\n  . Generating the RSA encrypted value" );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg,
-                                   RSA_PUBLIC, strlen( argv[1] ),
-                                   input, buf ) ) != 0 )
+    if( ( return_val = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+                                          RSA_PUBLIC, strlen( argv[1] ),
+                                          input, buf ) ) != 0 )
     {
-        polarssl_printf( " failed\n  ! rsa_pkcs1_encrypt returned %d\n\n", ret );
+        exit_val = 1;
+        polarssl_printf( " failed\n  ! rsa_pkcs1_encrypt returned %d\n\n",
+                         return_val );
         goto exit;
     }
 
@@ -144,7 +155,7 @@ int main( int argc, char *argv[] )
      */
     if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
     {
-        ret = 1;
+        exit_val = 1;
         polarssl_printf( " failed\n  ! Could not create %s\n\n", "result-enc.txt" );
         goto exit;
     }
@@ -160,13 +171,14 @@ int main( int argc, char *argv[] )
 exit:
     ctr_drbg_free( &ctr_drbg );
     entropy_free( &entropy );
+    rsa_free( &rsa );
 
 #if defined(_WIN32)
     polarssl_printf( "  + Press Enter to exit this program.\n" );
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_val );
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_ENTROPY_C &&
           POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

programs/pkey/rsa_sign.c

@@ -67,6 +67,7 @@ int main( int argc, char *argv[] )
     unsigned char buf[POLARSSL_MPI_MAX_SIZE];
     char filename[512];
 
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
     ret = 1;
 
     if( argc != 2 )
@@ -91,8 +92,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
     if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
         ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
         ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
@@ -160,6 +159,8 @@ int main( int argc, char *argv[] )
 
 exit:
 
+    rsa_free( &rsa );
+
 #if defined(_WIN32)
     polarssl_printf( "  + Press Enter to exit this program.\n" );
     fflush( stdout ); getchar();

programs/pkey/rsa_verify.c

@@ -66,7 +66,9 @@ int main( int argc, char *argv[] )
     unsigned char buf[POLARSSL_MPI_MAX_SIZE];
     char filename[512];
 
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
     ret = 1;
+
     if( argc != 2 )
     {
         polarssl_printf( "usage: rsa_verify <filename>\n" );
@@ -88,8 +90,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
     if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
         ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
     {
@@ -152,6 +152,8 @@ int main( int argc, char *argv[] )
 
 exit:
 
+    rsa_free( &rsa );
+
 #if defined(_WIN32)
     polarssl_printf( "  + Press Enter to exit this program.\n" );
     fflush( stdout ); getchar();

tests/CMakeLists.txt

@@ -77,6 +77,7 @@ add_test_suite(memory_buffer_alloc)
 add_test_suite(mpi)
 add_test_suite(pbkdf2)
 add_test_suite(pem)
+add_test_suite(pkcs1_v15)
 add_test_suite(pkcs1_v21)
 add_test_suite(pkcs5)
 add_test_suite(pk)

tests/Makefile

@@ -75,7 +75,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_md$(EXEXT)		test_suite_mdx$(EXEXT)		\
 	test_suite_memory_buffer_alloc$(EXEXT)				\
 	test_suite_mpi$(EXEXT)		test_suite_pbkdf2$(EXEXT)	\
-	test_suite_pem$(EXEXT)						\
+	test_suite_pem$(EXEXT)		test_suite_pkcs1_v15$(EXEXT)	\
 	test_suite_pkcs1_v21$(EXEXT)	test_suite_pkcs5$(EXEXT)	\
 	test_suite_pkparse$(EXEXT)	test_suite_pkwrite$(EXEXT)	\
 	test_suite_pk$(EXEXT)						\
@@ -367,6 +367,10 @@ test_suite_pem$(EXEXT): test_suite_pem.c $(DEP)
 	echo   "  CC    	$<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP)
+	echo   "  CC    	$<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP)
 	echo   "  CC    	$<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

tests/suites/test_suite_pkcs1_v15.data

@@ -0,0 +1,35 @@
+RSAES-V15 Encryption Test Vector Int
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0
+
+RSAES-V15 Decryption Test Vector Int
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0
+
+RSAES-V15 Encryption Test Vector Data just fits
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0
+
+RSAES-V15 Decryption Test Vector Data just fits
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0
+
+RSAES-V15 Encryption Test Vector Data too long 1
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":POLARSSL_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 7 
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":POLARSSL_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 Encryption Test Vector Data too long 3
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":POLARSSL_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 5 
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":POLARSSL_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 Encryption Test Vector Data too long 8
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":POLARSSL_ERR_RSA_BAD_INPUT_DATA
+
+RSAES-V15 Decryption Test Vector Padding too short 0 
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":POLARSSL_ERR_RSA_INVALID_PADDING
+
+RSASSA-V15 Signing Test Vector Int
+pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
+
+RSASSA-V15 Verification Test Vector Int
+pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0

tests/suites/test_suite_pkcs1_v15.function

@@ -0,0 +1,211 @@
+/* BEGIN_HEADER */
+#include "polarssl/rsa.h"
+#include "polarssl/md.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:POLARSSL_PKCS1_V15:POLARSSL_RSA_C:POLARSSL_SHA1_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
+                               char *input_E, int hash,
+                               char *message_hex_string, char *seed,
+                               char *result_hex_str, int result )
+{
+    unsigned char message_str[1000];
+    unsigned char output[1000];
+    unsigned char output_str[1000];
+    unsigned char rnd_buf[1000];
+    rsa_context ctx;
+    size_t msg_len;
+    rnd_buf_info info;
+
+    info.length = unhexify( rnd_buf, seed );
+    info.buf = rnd_buf;
+
+    rsa_init( &ctx, RSA_PKCS_V15, hash );
+    memset( message_str, 0x00, 1000 );
+    memset( output, 0x00, 1000 );
+    memset( output_str, 0x00, 1000 );
+
+    ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+    TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
+
+    msg_len = unhexify( message_str, message_hex_string );
+
+    TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == result );
+    if( result == 0 )
+    {
+        hexify( output_str, output, ctx.len );
+
+        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+    }
+
+exit:
+    rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
+                               int radix_Q, char *input_Q, int radix_N,
+                               char *input_N, int radix_E, char *input_E,
+                               int hash, char *result_hex_str, char *seed,
+                               char *message_hex_string, int result )
+{
+    unsigned char message_str[1000];
+    unsigned char output[1000];
+    unsigned char output_str[1000];
+    rsa_context ctx;
+    mpi P1, Q1, H, G;
+    size_t output_len;
+    rnd_pseudo_info rnd_info;
+    ((void) seed);
+
+    mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
+    rsa_init( &ctx, RSA_PKCS_V15, hash );
+
+    memset( message_str, 0x00, 1000 );
+    memset( output, 0x00, 1000 );
+    memset( output_str, 0x00, 1000 );
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+
+    ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+    TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
+    TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
+    TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
+    TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
+    TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
+    TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
+    TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
+    TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
+
+    TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
+
+    unhexify( message_str, message_hex_string );
+
+    TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+    if( result == 0 )
+    {
+        hexify( output_str, output, ctx.len );
+
+        TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+    }
+
+exit:
+    mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
+    rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
+                            char *input_Q, int radix_N, char *input_N,
+                            int radix_E, char *input_E, int digest, int hash,
+                            char *message_hex_string, char *salt,
+                            char *result_hex_str, int result )
+{
+    unsigned char message_str[1000];
+    unsigned char hash_result[1000];
+    unsigned char output[1000];
+    unsigned char output_str[1000];
+    unsigned char rnd_buf[1000];
+    rsa_context ctx;
+    mpi P1, Q1, H, G;
+    size_t msg_len;
+    rnd_buf_info info;
+
+    info.length = unhexify( rnd_buf, salt );
+    info.buf = rnd_buf;
+
+    mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
+    rsa_init( &ctx, RSA_PKCS_V15, hash );
+
+    memset( message_str, 0x00, 1000 );
+    memset( hash_result, 0x00, 1000 );
+    memset( output, 0x00, 1000 );
+    memset( output_str, 0x00, 1000 );
+
+    ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+    TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
+    TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
+    TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
+    TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
+    TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
+    TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
+    TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
+    TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
+
+    TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
+
+    msg_len = unhexify( message_str, message_hex_string );
+
+    if( md_info_from_type( digest ) != NULL )
+        TEST_ASSERT( md( md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+
+    TEST_ASSERT( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, digest, 0, hash_result, output ) == result );
+    if( result == 0 )
+    {
+        hexify( output_str, output, ctx.len);
+
+        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+    }
+
+exit:
+    mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
+    rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
+                              char *input_E, int digest, int hash,
+                              char *message_hex_string, char *salt,
+                              char *result_hex_str, int result )
+{
+    unsigned char message_str[1000];
+    unsigned char hash_result[1000];
+    unsigned char result_str[1000];
+    rsa_context ctx;
+    size_t msg_len;
+    ((void) salt);
+
+    rsa_init( &ctx, RSA_PKCS_V15, hash );
+    memset( message_str, 0x00, 1000 );
+    memset( hash_result, 0x00, 1000 );
+    memset( result_str, 0x00, 1000 );
+
+    ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+    TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+
+    TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
+
+    msg_len = unhexify( message_str, message_hex_string );
+    unhexify( result_str, result_hex_str );
+
+    if( md_info_from_type( digest ) != NULL )
+        TEST_ASSERT( md( md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+
+    TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
+
+exit:
+    rsa_free( &ctx );
+}
+/* END_CASE */
+