Implement PSS encoding functions

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 118 insertions, 0 deletions

diff --git a/testsuite/pss-test.c b/testsuite/pss-test.c
new file mode 100644
index 00000000..81226554
--- /dev/null
+++ b/testsuite/pss-test.c
@@ -0,0 +1,118 @@
+#include "testutils.h"
+
+#include "pss.h"
+
+#if HAVE_VALGRIND_MEMCHECK_H
+# include <valgrind/memcheck.h>
+
+static void
+test_unmark_mpz(mpz_t m)
+{
+  VALGRIND_MAKE_MEM_DEFINED (m, sizeof(*m));
+  VALGRIND_MAKE_MEM_DEFINED (&m->_mp_d, sizeof(mp_limb_t) * mpz_size(m));
+}
+
+static int
+pss_encode_mgf1_for_test(mpz_t m, size_t bits,
+			 const struct nettle_hash *hash,
+			 size_t salt_length, const uint8_t *salt,
+			 const uint8_t *digest)
+{
+  int res;
+
+  /* Makes valgrind trigger on any branches depending on the input
+     data. */
+  VALGRIND_MAKE_MEM_UNDEFINED (salt, salt_length);
+  VALGRIND_MAKE_MEM_UNDEFINED (digest, hash->digest_size);
+
+  res = pss_encode_mgf1 (m, bits, hash, salt_length, salt, digest);
+  VALGRIND_MAKE_MEM_DEFINED (&res, sizeof(res));
+  test_unmark_mpz (m);
+  return res;
+}
+#else
+#define pss_encode_mgf1_for_test pss_encode_mgf1
+#endif
+
+void
+test_main(void)
+{
+  struct tstring *salt;
+  struct tstring *digest;
+  mpz_t m;
+  mpz_t expected;
+
+  /* From ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1d2-vec.zip */
+  mpz_init(m);
+  mpz_init(expected);
+
+  salt = SHEX("e3b5d5d002c1bce50c2b65ef88a188d83bce7e61");
+  digest = SHEX("37b66ae0445843353d47ecb0b4fd14c110e62d6a");
+  ASSERT(pss_encode_mgf1(m, 1024, &nettle_sha1,
+			 salt->length, salt->data, digest->data));
+
+  mpz_set_str(expected,
+	      "66e4672e836ad121ba244bed6576b867d9a447c28a6e66a5b87dee"
+	      "7fbc7e65af5057f86fae8984d9ba7f969ad6fe02a4d75f7445fefd"
+	      "d85b6d3a477c28d24ba1e3756f792dd1dce8ca94440ecb5279ecd3"
+	      "183a311fc896da1cb39311af37ea4a75e24bdbfd5c1da0de7cecdf"
+	      "1a896f9d8bc816d97cd7a2c43bad546fbe8cfebc", 16);
+
+  ASSERT(mpz_cmp(m, expected) == 0);
+
+  mpz_add_ui(m, m, 2);
+  ASSERT(!pss_verify_mgf1(m, 1024, &nettle_sha1, salt->length, digest->data));
+
+  mpz_sub_ui(m, m, 2);
+  ASSERT(pss_verify_mgf1(m, 1024, &nettle_sha1, salt->length, digest->data));
+
+  mpz_clear(m);
+  mpz_clear(expected);
+
+  /* Test with our own data.  */
+  mpz_init(m);
+  mpz_init(expected);
+
+  salt = SHEX("11223344556677889900");
+  /* From sha256-test.c */
+  digest = SHEX("ba7816bf8f01cfea 414140de5dae2223"
+		"b00361a396177a9c b410ff61f20015ad");
+
+  mpz_set_str(expected,
+	      "76b9a52705c8382c5367732f993184eff340b6305c9f73e7e308c8"
+	      "004fcc15cbbaab01e976bae4b774628595379a2d448a36b3ea6fa8"
+	      "353b97eeea7bdac93b4b7807ac98cd4b3bebfb31f3718e1dd3625f"
+	      "227fbb8696606498e7070e21c3cbbd7386ea20eb81ac7927e0c6d1"
+	      "d7788826a63af767f301bcc05dd65b00da862cbc", 16);
+
+  /* Try bad salt */
+  salt->data[6] = 0x00;
+  ASSERT(pss_encode_mgf1(m, 1024, &nettle_sha256,
+			 salt->length, salt->data, digest->data));
+  ASSERT(mpz_cmp(m, expected) != 0);
+
+  /* Try the good salt */
+  salt->data[6] = 0x77;
+  ASSERT(pss_encode_mgf1(m, 1024, &nettle_sha256,
+			 salt->length, salt->data, digest->data));
+  ASSERT(mpz_cmp(m, expected) == 0);
+
+  /* Try bad message */
+  mpz_add_ui(m, m, 2);
+  ASSERT(!pss_verify_mgf1(m, 1024, &nettle_sha256, salt->length, digest->data));
+
+  /* Try the good message */
+  mpz_sub_ui(m, m, 2);
+  ASSERT(pss_verify_mgf1(m, 1024, &nettle_sha256, salt->length, digest->data));
+
+  /* Try bad digest */
+  digest->data[17] = 0x00;
+  ASSERT(!pss_verify_mgf1(m, 1024, &nettle_sha256, salt->length, digest->data));
+
+  /* Try the good digest */
+  digest->data[17] = 0x03;
+  ASSERT(pss_verify_mgf1(m, 1024, &nettle_sha256, salt->length, digest->data));
+
+  mpz_clear(m);
+  mpz_clear(expected);
+}