From a05cbecc909e1ab95a68056d4c45eacec340c780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Meuter?= Date: Sat, 25 Apr 2020 15:02:34 +0200 Subject: [PATCH] Added tests for mbedtls_rsa_rsassa_pss_sign_ext() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - added some invalid param tests in test_suite_rsa - added functional tests in test_suite_pkcs1_v21 Signed-off-by: Cédric Meuter --- library/rsa.c | 4 +++- tests/suites/test_suite_pkcs1_v21.function | 11 +++++++++ tests/suites/test_suite_rsa.function | 28 ++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 2b4b0fd52..02423c027 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1812,6 +1812,8 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( saltlen == MBEDTLS_RSA_SALT_LEN_ANY || + saltlen > 0 ); if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1854,7 +1856,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, else slen = olen - hlen - 2; } - else if ( (saltlen < 0) || ((size_t) saltlen > olen - hlen - 2) ) + else if ( ( (size_t) saltlen ) > olen - hlen - 2 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c28cf08e2..b928e806c 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -159,7 +159,18 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, hash_result, output ) == result ); if( result == 0 ) { + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); + } + info.buf = rnd_buf->x; + info.length = rnd_buf->len; + + TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, digest, 0, hash_result, + MBEDTLS_RSA_SALT_LEN_ANY, output ) == result ); + if( result == 0 ) + { TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, result_str->len ) == 0 ); } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6c73e3947..bbe23608c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -25,6 +25,7 @@ void rsa_invalid_param( ) const int invalid_padding = 42; const int valid_mode = MBEDTLS_RSA_PRIVATE; const int invalid_mode = 42; + const int negative_salt_length = -2; unsigned char buf[42] = { 0 }; size_t olen; @@ -337,6 +338,33 @@ void rsa_invalid_param( ) 0, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), buf, + negative_salt_length, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL, + 0, sizeof( buf ), buf, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), NULL, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), buf, + MBEDTLS_RSA_SALT_LEN_ANY, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + MBEDTLS_MD_SHA1, + 0, NULL, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, valid_mode,