AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3725bb2d6d
mbedtls/tests/suites
History
Jaeden Amero 3725bb2d6d rsa: pss: Enable use of big hashes with small keys 
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or
1032-bit RSA key, but with the salt size being always equal to the hash
size, this isn't possible: the key is too small.

To enable use of hashes that are relatively large compared to the key
size, allow reducing the salt size to no less than the hash size minus 2
bytes. We don't allow salt sizes smaller than the hash size minus 2
bytes because that too significantly changes the security guarantees the
library provides compared to the previous implementation which always
used a salt size equal to the hash size. The new calculated salt size
remains compliant with FIPS 186-4.

We also need to update the "hash too large" test, since we now reduce
the salt size when certain key sizes are used. We used to not support
1024-bit keys with SHA-512, but now we support this by reducing the salt
size to 62. Update the "hash too large" test to use a 1016-bit RSA key
with SHA-512, which still has too large of a hash because we will not
reduce the salt size further than 2 bytes shorter than the hash size.

The RSA private key used for the test was generated using "openssl
genrsa 1016" using OpenSSL 1.1.1-pre8.

    $ openssl genrsa 1016
    Generating RSA private key, 1016 bit long modulus (2 primes)
    ..............++++++
    ....++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK
    yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D
    FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC
    gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0
    fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn
    Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk
    YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL
    DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK
    mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89
    5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns
    TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2
    JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS
    SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
..
helpers.function Style fixes 2018-08-06 11:42:56 +01:00
host_test.function Style fixes 2018-08-06 11:42:56 +01:00
main_test.function Less obscure test suites template 2018-08-06 11:42:56 +01:00
target_test.function Style fixes 2018-08-06 11:42:56 +01:00
test_suite_aes.cbc.data Split up largest test suite data files into smaller chunks 2013-04-08 18:09:51 +02:00
test_suite_aes.cfb.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_aes.ecb.data Split up largest test suite data files into smaller chunks 2013-04-08 18:09:51 +02:00
test_suite_aes.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_aes.ofb.data Add test cases for AES OFB block mode 2018-06-11 14:03:22 +01:00
test_suite_aes.rest.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_aes.xts.data tests: Remove NIST AES-XTS test vectors 2018-06-13 12:13:58 +01:00
test_suite_arc4.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_arc4.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_aria.data Remove a redundant dependency clause 2018-06-28 12:58:56 +02:00
test_suite_aria.function Adapt the ARIA test cases for new ECB function 2018-06-05 15:53:06 +01:00
test_suite_asn1write.data Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
test_suite_asn1write.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_base64.data Add test for base64 output length 2015-09-30 16:31:10 +02:00
test_suite_base64.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_blowfish.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_blowfish.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_camellia.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_camellia.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ccm.data Use integer instead of string as test result 2018-08-06 11:42:06 +01:00
test_suite_ccm.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_chacha20.data chacha20: add test for parameter validation 2018-05-24 13:37:31 +02:00
test_suite_chacha20.function chacha20: add test for parameter validation 2018-05-24 13:37:31 +02:00
test_suite_chachapoly.data chachapoly: add test for state flow 2018-05-24 13:37:31 +02:00
test_suite_chachapoly.function chachapoly: force correct mode for integrated API 2018-06-04 12:18:19 +02:00
test_suite_cipher.aes.data cipher: Add wrappers for AES-XTS 2018-06-13 12:13:56 +01:00
test_suite_cipher.arc4.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.blowfish.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.camellia.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.ccm.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_cipher.chacha20.data cipher: add stream test vectors for chacha20(poly1305) 2018-05-24 13:37:31 +02:00
test_suite_cipher.chachapoly.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_cipher.des.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_cipher.gcm.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.null.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.padding.data fix bug in get_one_and_zeros_padding() 2017-12-23 23:40:08 +01:00
test_suite_cmac.data Extend test coverage of CMAC 2016-10-13 13:53:13 +01:00
test_suite_cmac.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ctr_drbg.data Add coverage for CTR-DRBG corner case function behaviours 2016-08-25 15:42:28 +01:00
test_suite_ctr_drbg.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_debug.data Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug 2017-09-04 14:17:10 +02:00
test_suite_debug.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_des.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_des.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_dhm.data tests: dhm: Rename Hallman to Hellman 2018-07-06 13:20:09 +01:00
test_suite_dhm.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_ecdh.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_ecdh.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ecdsa.data Add tests for invalid private parameters in mbedtls_ecdsa_sign() 2017-11-17 17:09:31 +00:00
test_suite_ecdsa.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ecjpake.data Add tests for round 2 2015-09-07 12:43:11 +02:00
test_suite_ecjpake.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ecp.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_ecp.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_entropy.data Move flag indicating presence of strong entropy to test code 2017-07-24 15:31:30 +01:00
test_suite_entropy.function Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
test_suite_error.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_error.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes128_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes128_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes192_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes192_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes256_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes256_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.camellia.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_hkdf.data hkdf: Add negative tests 2018-06-11 13:10:14 +01:00
test_suite_hkdf.function hkdf: Add negative tests 2018-06-11 13:10:14 +01:00
test_suite_hmac_drbg.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_hmac_drbg.misc.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.no_reseed.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.nopr.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_hmac_drbg.pr.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_md.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_md.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_mdx.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_mdx.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_memory_buffer_alloc.data Test corner case uses of memory_buffer_alloc.c 2018-01-23 19:37:44 +00:00
test_suite_memory_buffer_alloc.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_mpi.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_mpi.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_nist_kw.data Enhance nist_kw with some NULL buffers tests 2018-08-13 14:46:45 +03:00
test_suite_nist_kw.function Fix indentation 2018-08-21 16:11:13 +03:00
test_suite_pem.data Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
test_suite_pem.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pk.data Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted 2018-03-05 11:55:38 +01:00
test_suite_pk.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkcs1_v15.data Fix minor code style issues 2018-05-15 09:21:57 +01:00
test_suite_pkcs1_v15.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkcs1_v21.data rsa: pss: Enable use of big hashes with small keys 2018-09-27 18:23:08 +01:00
test_suite_pkcs1_v21.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkcs5.data tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms 2018-02-08 17:18:19 +08:00
test_suite_pkcs5.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkparse.data Change test dependencies to RC4 from DES 2018-07-27 17:15:39 +01:00
test_suite_pkparse.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkwrite.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_pkwrite.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_poly1305.data poly1305: add test for parameter validation 2018-05-24 13:37:31 +02:00
test_suite_poly1305.function poly1305: add test with multiple small fragments 2018-05-24 13:37:31 +02:00
test_suite_rsa.data Combine hex parameters in a struct 2018-08-06 11:40:57 +01:00
test_suite_rsa.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_shax.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_shax.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ssl.data Combine hex parameters in a struct 2018-08-06 11:40:57 +01:00
test_suite_ssl.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_timing.data Unit test for mbedtls_timing_hardclock 2017-12-20 21:57:48 +01:00
test_suite_timing.function Remove git conflict marker from test_suite_timing.function 2018-08-06 11:40:58 +01:00
test_suite_version.data Update version to 2.12.0 2018-07-25 15:42:26 +01:00
test_suite_version.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_x509parse.data Fix some test deps 2018-03-27 14:39:26 +01:00
test_suite_x509parse.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_x509write.data Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
test_suite_x509write.function Add missing headers and fix name change issues 2018-08-06 11:40:57 +01:00
test_suite_xtea.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_xtea.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00