aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-21 08:13:56 -0400
committerJack Lloyd <[email protected]>2018-03-21 08:13:56 -0400
commit2821d60c9c159851c3d236fcc2bdeafd2d733849 (patch)
treeea1a382c8e93f49960b85d32799579fc68b0f385 /src
parent9a35a05781688838b9bf951471c86363deba36cd (diff)
parent13e4658b07f95bef8b48d93c74be25f2d6afde7d (diff)
Merge GH #1503 Support mixed hashes in OAEP
Diffstat (limited to 'src')
-rw-r--r--src/lib/pk_pad/eme.cpp19
-rw-r--r--src/lib/pk_pad/eme_oaep/info.txt2
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.cpp22
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.h13
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp4
-rw-r--r--src/tests/data/pubkey/rsa_decrypt.vec98
-rw-r--r--src/tests/test_pubkey.cpp45
-rw-r--r--src/tests/test_pubkey.h20
-rw-r--r--src/tests/test_rsa.cpp25
9 files changed, 233 insertions, 15 deletions
diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp
index aa62f4196..23c444506 100644
--- a/src/lib/pk_pad/eme.cpp
+++ b/src/lib/pk_pad/eme.cpp
@@ -8,6 +8,7 @@
#include <botan/eme.h>
#include <botan/scan_name.h>
#include <botan/exceptn.h>
+#include <botan/parsing.h>
#if defined(BOTAN_HAS_EME_OAEP)
#include <botan/oaep.h>
@@ -42,12 +43,26 @@ EME* get_eme(const std::string& algo_spec)
req.algo_name() == "EME-OAEP" ||
req.algo_name() == "EME1")
{
- if(req.arg_count() == 1 ||
- (req.arg_count() == 2 && req.arg(1) == "MGF1"))
+ if(req.arg_count() == 1 ||(req.arg_count() == 2 && req.arg(1) == "MGF1"))
{
if(auto hash = HashFunction::create(req.arg(0)))
return new OAEP(hash.release());
}
+ else if(req.arg_count() == 2)
+ {
+ auto mgf_params = parse_algorithm_name(req.arg(1));
+
+ if(mgf_params.size() == 2 && mgf_params[0] == "MGF1")
+ {
+ auto hash = HashFunction::create(req.arg(0));
+ auto mgf1_hash = HashFunction::create(mgf_params[1]);
+
+ if(hash && mgf1_hash)
+ {
+ return new OAEP(hash.release(), mgf1_hash.release());
+ }
+ }
+ }
}
#endif
diff --git a/src/lib/pk_pad/eme_oaep/info.txt b/src/lib/pk_pad/eme_oaep/info.txt
index 0ec01eb32..cabe23fb8 100644
--- a/src/lib/pk_pad/eme_oaep/info.txt
+++ b/src/lib/pk_pad/eme_oaep/info.txt
@@ -1,5 +1,5 @@
<defines>
-EME_OAEP -> 20140118
+EME_OAEP -> 20180305
</defines>
<requires>
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp
index 5e567d0c2..f528dd134 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.cpp
+++ b/src/lib/pk_pad/eme_oaep/oaep.cpp
@@ -1,6 +1,6 @@
/*
* OAEP
-* (C) 1999-2010,2015 Jack Lloyd
+* (C) 1999-2010,2015,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -35,11 +35,11 @@ secure_vector<uint8_t> OAEP::pad(const uint8_t in[], size_t in_length,
out[out.size() - in_length - 1] = 0x01;
buffer_insert(out, out.size() - in_length, in, in_length);
- mgf1_mask(*m_hash,
+ mgf1_mask(*m_mgf1_hash,
out.data(), m_Phash.size(),
&out[m_Phash.size()], out.size() - m_Phash.size());
- mgf1_mask(*m_hash,
+ mgf1_mask(*m_mgf1_hash,
&out[m_Phash.size()], out.size() - m_Phash.size(),
out.data(), m_Phash.size());
@@ -80,11 +80,11 @@ secure_vector<uint8_t> OAEP::unpad(uint8_t& valid_mask,
const size_t hlen = m_Phash.size();
- mgf1_mask(*m_hash,
+ mgf1_mask(*m_mgf1_hash,
&input[hlen], input.size() - hlen,
input.data(), hlen);
- mgf1_mask(*m_hash,
+ mgf1_mask(*m_mgf1_hash,
input.data(), hlen,
&input[hlen], input.size() - hlen);
@@ -136,9 +136,17 @@ size_t OAEP::maximum_input_size(size_t keybits) const
/*
* OAEP Constructor
*/
-OAEP::OAEP(HashFunction* hash, const std::string& P) : m_hash(hash)
+OAEP::OAEP(HashFunction* hash, const std::string& P) : m_mgf1_hash(hash)
{
- m_Phash = m_hash->process(P);
+ m_Phash = m_mgf1_hash->process(P);
+ }
+
+OAEP::OAEP(HashFunction* hash,
+ HashFunction* mgf1_hash,
+ const std::string& P) : m_mgf1_hash(mgf1_hash)
+ {
+ std::unique_ptr<HashFunction> phash(hash); // takes ownership
+ m_Phash = phash->process(P);
}
}
diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h
index 4afa9e13e..461d24f86 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.h
+++ b/src/lib/pk_pad/eme_oaep/oaep.h
@@ -1,6 +1,6 @@
/*
* OAEP
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2007,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -27,6 +27,15 @@ class BOTAN_PUBLIC_API(2,0) OAEP final : public EME
* @param P an optional label. Normally empty.
*/
OAEP(HashFunction* hash, const std::string& P = "");
+
+ /**
+ * @param hash function to use for hashing (takes ownership)
+ * @param mgf1_hash function to use for MGF1 (takes ownership)
+ * @param P an optional label. Normally empty.
+ */
+ OAEP(HashFunction* hash,
+ HashFunction* mgf1_hash,
+ const std::string& P = "");
private:
secure_vector<uint8_t> pad(const uint8_t in[],
size_t in_length,
@@ -38,7 +47,7 @@ class BOTAN_PUBLIC_API(2,0) OAEP final : public EME
size_t in_len) const override;
secure_vector<uint8_t> m_Phash;
- std::unique_ptr<HashFunction> m_hash;
+ std::unique_ptr<HashFunction> m_mgf1_hash;
};
}
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index e1c3e49db..aa315aabf 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -422,7 +422,7 @@ RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/,
* to the normal version.
*/
if(provider == "openssl")
- throw Exception("OpenSSL RSA provider rejected key:", e.what());
+ throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
}
}
#endif
@@ -476,7 +476,7 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng,
catch(Exception& e)
{
if(provider == "openssl")
- throw Exception("OpenSSL RSA provider rejected key:", e.what());
+ throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
}
}
#endif
diff --git a/src/tests/data/pubkey/rsa_decrypt.vec b/src/tests/data/pubkey/rsa_decrypt.vec
new file mode 100644
index 000000000..9af5e4b5b
--- /dev/null
+++ b/src/tests/data/pubkey/rsa_decrypt.vec
@@ -0,0 +1,98 @@
+
+# From pyca/cryptography
+
+[OAEP(SHA-256,MGF1(SHA-1))]
+E = 0x10001
+P = 0xff9e0292f5409327e7facc2ac663d1727f7002a9186d5f21c1e63c190a39da43c928fd023c80ecbf1ed90810626d1b01ef78f10c784534d0479c36a780514e95cef3e6af9764265a7d7950950d318bc4b37b5b0ba8beb84c6b696e1ca40f3334885ad79b615b7ff473346d65a277d5c8b242d5cda4c58ade65a89da26d45e591
+Q = 0xcea44faca82077997e45d4c03e313cf123291da1baee2164d9842e20287d02596b0fa4471af95cc9526870e4c265654eae30d79196448b1804ccf0135a4d06f477f3bb9effed0697f345f4470ef566a44424f708fa86f901846acdea28a60180fa7446877912fc369e90b882e24d8697329bdbf44e003d5eba6cc2fde71622d7
+
+Ciphertext = bedcb1a91fd19cf7722f800f62fe5aa1d1477bec1f6c9b46c4c08679684a8d104c1069292d0d6869880ddf0a1b2fae77fc7d4f0aa9def102709ac47e43eff79bf83b7a6e65ea4a2c36dbdd85d873041e39b971f17e34f1b40b22c29eba07d4972c62019719505d61214a577fc0a6071f5149e34fc94eac5ca48799fb17aafcdbf7ef3978f48974c3ad8e7bb2c960bb7421dcc16ee46e8af90b4856a9d702097f85b774af1814f0dcae9a597d10e68f92caffb9f58fce8627692e19f7ec9eddb587ab2c17bc952fb791297895c6d08c11503c80bdbfbf8a866f3d22cfc1efecec0a43e16504485271a176ab63846e55afa5e78ab6c86a4bf2e13ab9daec1e42c2
+Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+
+
+Ciphertext = 73b866949ece69781f20ce20cd7e8db494599fd5512b71f10dd8f629ca508312a2511e211b9bf0faf9c77df1f460e549c6f0ab4c10de3cb0d9b854c347cc7379b029c08a9304a664028c18bf170513d86f3dd4bc56ea0a8b2f80033c5bda198eef4558f4f6b96cc7d28a0f32c3c723180378a25c11ff400a843a767115975d607c7744f2f2fe5900954e4dda778a18e781b04a4c47d6877b64c860a1d929860db7aca91c6f2143279bc76751460a619d1befe8a88a584b227dd4a076517431162ecf3f8fc6fb178a9400e580815ac1f29f4a6fbec080468ec0c7c088ecda1029481e701c8d1a2482e880e80e07d25bd52d9e1dd4aa7e37fe5e85640db4035107
+Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+
+Ciphertext = 659f2777a6e4c0d30f88efdd58633a6a90e8fc13dcf8df000bba4dcacf0cf9249a3b94c598455eb7c8b50bd708ed40d7ce9faab7b55b51a3aef9380ccfb325a9ca78ae1453acce8ba6bbf716d4720d4d92ec45e620786b99fe8bd0e2bd0f72a073813753260596a603e62ab27a48dacf4119a4a4e386e08884eac02053b857cedb48109e79418fe98de8cf922e9233401925450c4a4a81372a0020d73c92de9c8bc6fc01231c52db9395b36ab618a2fc9027bce245ad551b2fc1df7a7f6c602f5d814ac1e5abbacd7f8a7c03eb6dbd54baf9361823803d429b584e73912b663355e604f61bbdc6a586c2345db1c52b6ccb9f1f0b1085188c66f77d5865633a0f
+Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+
+Ciphertext = 2271fcd65aadd30522fdafffbcdad8fac41fad4b38ed616ffcd5fa3e636a8082e858b94320706603f1cdfa5a6e1ed64ca652d1667a516494771edc58f7f3f832ab0a7a8ace440fa9de740b650576442b03427d1313c21e51f712a035454cb49fa1c5a939832418ac067a80d4d58d66f0bafcaf847db304a75ca828cc031b8b148f189287a59925b861dbe0bbc02770c65fcb5ee8e57c5f1cf67367b3e1f3641e7b825667f234641ae59baacb1b6e23ee7464ead85089596f24b2577bbff4ae5934cd49d636c6a922af867067b16b155bd7e65f4d4ec0d7e9f9fb2ac1cd613daf00645e646bf530a3d8f13127dcf2894572ee1cbb8ad76a46121837eb002ac8c2
+Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+
+Ciphertext = a1f127d2ccc597fdd072bd80433373cbe72aa7cd096ae63fc928033cbabaf6c5b380e1496dc550253cdf3389c26d6e926e44da5851538ea7ff58bea06206b08cb98af1d2cd20e6dd5ffb967a49e4d5d6d7169fb842f6a892fe04858ef3447bc24771a4093562011360cd9fd4f5c40d1a94fbdc8eb14be7c4a23d9af1d0c18217fb8cddb28d815767695d196e64b8484debe7f667b5d1f2217be31cd957b9046db1826fe7b7f66eaafca4f93dc26e99b3b9941e52c277d618f10ca458a85ab05d8a919032fe2ab215600ae55e8fda74781745744bc875282e84affe8966390318bd85e70d9145a26a4b77c2271ab15e1315758159e04377521f2ad0bd0e69014a
+Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802
+
+Ciphertext = b8b49bfd9406d36631ff734c7c58c74779b311f13b3079c27c3f4cfccccf3ef33e8e01592d382ee8bf281c52999d9d9d0095e66bc469f82aff29931d2a5a36278dcf011e9620342e77a9e4b0509bad0ae816abc6d15c371f8200da1c217ae3c8540be0c45b54410e8a3de95f3637cca7be5d9ac6c948e54968722ce1375b09a6d42efabe50e007cbec401e8869c8830e27bc32059986c63978f65b17f6e4fa2310b0f35ed80e5c0d538fa7d197ab07f4fde928ab3cdb19e10e34fbf8b8ddf968161447938cdbad89bd258187e4379b5b6ab0b373231cb8cdabacd5a6e2ce89103141394b06c2b22597c389687ca380352c6eb007acf013a4cb02933ea6b82b65
+Msg = 26521050844271
+
+[OAEP(SHA-512,MGF1(SHA-1))]
+E = 0x10001
+P = 0xdff7f39ab9d93b17acd1fe7dc56dc4f2c8884712f7b3742d2ac831f7ea8789e61eeac8dcd7445d09ac349cebf394fe5380cd6c7d91354ebbd64f61ab26ed08d8eb2d820fab23f9e05186c864209d1383f91121db260c5b05438a88ba2749d7fc14f45fb9624674e5221b765c90805d649b9e34648325476b17557330f6694ab7
+Q = 0xd652c384f17808663cafa22028db596c586d831c9867cb86c1c608978652e744bd154c2ba67dfbf05529988dc28307a70339ce4692948e25becb6f7b595133e5fba04c22aeaed9e7db90a5fd0ce8c600170f5e771ae36e5b9c07d61752ded1aee17435dfc7846ab837093f95cc428d9be27689e42a5eb280c9aac0416d79a7e5
+
+Ciphertext = 43b9da9b62e232b20877dc7ee2326d0edfe6006591d87454d5af96e393b49fa74d18eea299fb60c7234a913b0f346b68da0e3e15cc30bf11003a3727758ce76f7bb18fe50d3216b0f20872dd325981c6fdd760567be95d699c72f632481a9369596409bb34af4bfa506e2d6e09a95017e78b37f93110ab97f236908e6c9933b1085b9d5e6e599bdac949d7d488ab9aa7f03c986f34a71cfbb8ca1a8df82d558abd024fc45450624b6bfca7dd1eb40afc2830d6948ccc9f63ac49cd841ca90e560e6fd5d0f3a580736546f3818442b7dae14dc07ac20d92b425412d403ffcd3d9aed3ea09833c01bac246691523c55e3f22da6eb1dd28c953d7ea5c9c9e5d7bea
+Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+
+Ciphertext = 590448a55e0f867f4d0bae3551a145a499bec42fd965bd7e0816a974d2a23c00c24b291a96d43fdf0ee2f89b7517927c829ff8543cee98661c354d1e653edbb26c0f24ea8769ec98f62f90c96604e9a4835b4520e830d1280bfd7306cd5c21fe26e43611e8b7e9a5c9daf6e9f8e4aabf4da00862ba5901d3913c4b738f51df578886606f7454f004dc4f7bf3a42dc95e0da3095e9d7647e5f502c079ab176603b16aaab253fe9c0467313be3dd866b25777440fbbbfb4a095fb1f2449c15406e433f701561ca617185a3467a88ef433a48f5619d8501d41a61ffae0ee0ec4fb4f538bcb3b446c63ee9f1c393a07ec4202b3e5d61d38074d1d2516cb66cdc646f
+Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+
+Ciphertext = 418e519bfbbf1e13c08f7a56d9338af40ce06493662c64cd20d5a9dfec4c97ca527ff07f499d5afd8dc0788f6ee9d015fd18b8f4a296a82a6c11e8e6d4f3dd347ea94c63330125c1cc57607d4b6ddb03d7776b83bd36b3c03c49562cdfd1e30a46e962f162ce242a0130b6e84a7628a8f7af1aae69860b420be873ab22f285998a9ff2cd8252d33314e52dac39219c71b23785914a1469db79d5fc32a0465a7a88cbfaf611735056c636ea3a30cab77dd7ea2c0b7d7602cd5e017a101cdb77b21730730f81b1affe9f5cfacef24c684986d0c9d7ef010fec828854b36b0fa8b4b7c70294a4c37a2fea592f4476a7197fe2de56ca67b9830c3387b58dce4b24c0
+Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+
+Ciphertext = ade0f43d1920f8e3a055b1e2eb0615bcd9b6f1803cae79b14277fec28cb659b28a352e4af71dd960ebed948079874dd1041fe1896b86270d727a47d385e7e2eaca5cbb6163f81144463de3058d0a77928c5b373d8d65c800342e63d1166874f3b0903f9d29f5049aabe55d3e7e37e8191f38a57fcc709e92b0bcdbfdc0d4f8068970143d694da1f0e7e7c0e0e9e1ffeb835d5b43944ea01ce7f3409a3abd1794a526bbb756e26884cb1596a077732c0904837b4acb4fa35b8ee7941168ab1d936eb17339ff00b727642a4f55d0b91ac1b4f688215956f2552b1088629abbdf946a58b5bd842452ac167544635a1b5084dc09b3e3d516f3e74b087bf1241ad7a2
+Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+
+Ciphertext = 25496cd16bee5f4dc2ca91b08e32f307c07894874b486f904176325e2e041a3db8ea6175190d69bd9789ecbc7c5876e7f2bf9b89fb203508bf05f4afbacecd8715bbd44edb0a706f53e8566beec0fc7838a9e8ffa2a8f98be9d2fc0542a1a260972239f86de8d219dfc29ba431c2aa80e133dad15806c0874c4841dfb871c0474f58430547bcc0aafb17f90588ec7076eb1bc5edfe5ac3058aedb2ebc32ca6ceb1b6aeffb757f812c128b2feb07c1a87afb475369ebeca04892735e054c6f5467cb9fb3d2e0782778dc1daf133a0b59139520fe1b54645a5bd340ab1817c5bf7fa374af8c6eade24fb158ac0f8f688ce0649ae6528998f9add28748c9e88f1e9
+Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802
+
+Ciphertext = 238ba2288b3f1f9da5b16ca4ab5ea7348f918140fb767cc3a8df93b7d03f0a1cd86cdabee00ad147e329d10ff932de9aa2fa5359b96c96d349749af1e70302bbe6aaa5892ca58c3051393f9a793db5beca2e15c84972c5b3206581b781e3e3517953cd90394f29d7a383cb20ad59d34836c12900647534fbf32f57aa3b639523a548230210da4e2ef288d3269ae8173cdf8eec745bf6cd741b009411afd17e8717a638a128fcd5001cc85a6a2c9fead7759352f14a6c2773d94327fbe3bbb717388fc17cab477da0afa9ee9d5d8a5b94fbf415045e975fa9fe1b05a326643d41ff19150c59a2724f529876550b8473949f3153fe687bd5e3e0b0b2e5ed44bb95
+Msg = 26521050844271
+
+[OAEP(SHA-256,MGF1(SHA-512))]
+E = 0x10001
+P = 0xde5a73cab864a56c34b0e1a50c141ef82f0eab6bfdd5189956883d8f0c34f3c163b99a85818cc240761dac1d66ffb79947f7ad20cdd7f4606e0a927622a70956d2c0ac627531a8121717d9346a5e85804599cf25435a85898754c15f9ec81d35e7b59371a30351415387c96640b933be4e7fb74dac19070eba884c3e1dbe5d2b
+Q = 0xd5d67f750047dd3649465ed4ad373221232b72e9f8ee72dc262e639fbf1749cd22f75991fd9cc15ccc66def601f93483fa7a6ff1ac1141b510eed1002e6350d5f360382ded0e66fbcad54f69ffb69ebc1d0f47b3bb6f95bf63ec5f3f9ec13ca4dbd20c6da8f8a76d18eef4bce3daf4773dd60a3d9da6d973ceee2706a136844b
+
+Ciphertext = b4986d79525e3de8d0cd90bbd76668e935d8e730f8fb1d0246ad9c3cc7fd4e9f5418141321359daebf35622142664f6b74716605adf042cf46b7588ee4d7fb5277122347d32d4dc5e3c9501dbb54cf23341e3d02e415dc7e8aecfff07b0cbee8985502f68477c3d5c24722b8984891a33ac9a2d9fe64c338ad35f040e5457846f0746708fd73bf2f32d9b4d680ebfea854a43c7d01d927c89283b021ad01d6ea7b546bdbf05bc10d0034386e544926d350d4899532e78736562f72e891039f52a7d9a1ebbce568517b694475b90ab729f38df5bbde3f17c97afdf9a23841145d02fdc3560149e5ec104813822885867af283bea064c40953b4b66fea26e66b5f
+Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+
+Ciphertext = a9168d0c3067d390617046263be2d50baea6a4ad09f781f0c054374b38ecc20a1f56576dcead79e073869340b0a04ccee6c5dc2e633da90b4e309e09f74ef3ed3a5ac0ba23fbf8663c66a52d980596f7e09e771c8b7b3a649f0d0a67a2cee2f82770e6dd99c9bb8399bb7b537ccd2f210fe61c4186d7af36b0c01ee7f74743dc07215083b4de6eb53eb97f95e7d3af7d6bfa6eaec42b18262d5a5ffe98c1d9913e757c6fc7f353a44e128c23a0b53d678410fd14cd12faf8aba5d187f20cb7adfd222ed977ef8d509a4720d486b23c4d33c891281ce9bcbc10a87f167f5eb722e45cf944b976430462640bb788904ac81ac6b63c3171b38f2533b3fbb83e735e
+Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+
+Ciphertext = 76370f425ebfb6d8695ea282eb4843933243a8afd4664ad2f08a0e33b0aeb790637547a7fa3dc4ec3709a26b2976fd14212df884cd6b13d836f2d3b2e754a61032ce3ac6bc65252c2bcac39418c5752b65575c9b3761835e6ce00eda2666db24eda332a7c336b17efe7dd335a652f33532da2f2022dec5daca010b024be2f5b0246ea6c847842baa16545e831c526f6d39caad0bb90be41b6949d6df0b0cd4378cba2d267206d8fb11823be38a38867600d26079023c7a599728aba450a6a11a3f0142e4dfdcbc478bd0db73dcf417e0472f72ba7db8ac906d2ae9d57ccba4ab311d1bf89a9609ba551cdf5a59f99bdabd3252443aefd3ff5893084c2a56ad4b
+Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+
+Ciphertext = 77d6c435963981f55849ccdf319a09dc51c66de72a29e3875e5e32be3c576f903d801d0bd5fa2782caabb32200c07bfd0d4471f84aa2f892dc3111e5f5ccde6b34bffa46f20c0c815f349dfc581e330d19e01e4e306206c63c889e803501f13044a8e2ef149173b44a726f37ba557da38b4234cbfcd7283d250266ddefcf2979e062e1d005c7d0a202927ddfaa7810a1b427b2d487c5561b9afe36c950226a8b9c4cf5da09567ac56d6f299de0ef2545f21aa5480f48c6b4d607c724e50afbedf696e2c2ecccbad6c04a72e04eec5812f1cc0c408fd2bf0c99e1060134bc7702aef15a6579026107b22a042f5ebcad6f27d105a1e2062a26e8d8dcfe92e1441c
+Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+
+Ciphertext = 6ea02e093471b25b501755ed81aacf2d66e334542ac7bebda689bc67e1f7314f58ce3e86b5a9618d6f7cca834482698a0a533026b55bc7e626d5048b2d2bd9802e247b73d9bace8bae450a2e6fc49d94d50ebb1b5779f66e7175e551913d82a1541a3715378ef9ddec52360150508f2ff189353fb6574977c1ed42aa1f265a919444a0c5ed7c60c1d8eac8e96ad748c43c5099d7884f564ee15147409a45b7b46895b985787b5aea49a86b34db0e86e56f8645c70ad8edc134a079512324952dd9e8b4f904f86e9b963bf2fa399223e69f147f2b5e41b359fb5372283e3843b7e6c04741b22f15df7f6d3fd76b8ffc9926c04fa636421b9182166ee0eb5b7877
+Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802
+
+Ciphertext = b284b2eead8c689ce69b91ba2af9e266e69af7b8b74f6b6d4f19607b4450f108260f51d4a5318c795e533383d03d56341d5266e5b1826e3d053323f6a6bd4bf0b6e751f65a996e1066644a2291648946bce3e882cd28fbbd0cf8df97a03b2a0a9f5952ee4e9c2c2d02f44be1a65505e833331dedad4eeffac8db8d08546fffd9d12c3c881a03d47870fc8a78ce70483dbd4cae266348448da0d4a2e64ea60a1f2d9f8a0d63cb773a1d1c6f7099ae2d2a4fc1131191c23459838666e41fa49cb20ae97201e4b4cc4fdf4c87cdec986238fc097024ce8fb7777ae081a3a8fdbd1d986a8582e42204ca62efc87e2b734b1443635fc0004fdfb6616fce21471b84ae
+Msg = 26521050844271
+
+[OAEP(SHA-224,MGF1(SHA-256))]
+
+E = 0x10001
+P = 0xf5acfed65a3d3a5a8e94bd3bb9bc12e40206f0c1c34d0d0b23f93c0ba30a846d1eb44cb4d7d63a969dccb5a9a0f625af031a3047a6560cfc5208f4e46149585db17e36ac691cfcc0c929f54ece2eab4cea721eb6b37f04dd8ec4335b12594a99664d52a141d0246a8a578af8b5d09d40c32801589877995d7fbf26800fbfa135
+Q = 0xe338648147d0ed99bfa43ef764fcbe517e5b2a1e5e1d4d69ce75e36a23e96bdb94cc615a5410890c5878ce222fbf0b312689abed40906fe1825edbb5d70cbb54ceefcd8981745a45264ba71d0ed78fad35818ec3a3c31a226ba62aa154b305483b099368d421ff5931f0804ed271196588c6a22cd5ac7546f04175f53a949fa9
+
+Ciphertext = 9f875db7a85ddd48b41d10eb4e54fc9995333f96b6873b53fdef61f7fa1eb447722de6d98db629e1a257d231c96c7fbf1db55ed92b939236edc7a9cc04dbbba4977c5b3a15be249d6c4a983c63f75362b5ad4948fed751854dc295a0718f28f07e7d49d14f3e4a875df59987df25f345be02422827d326d58ad1fe8e2c1e9bd38bd3de329198ff819c84c8a9515de0238b5c627299597d4dd239bfd67ed24b98f902ee2d878fbade42c96ebeaafbbd3004a94ef949b640118600673b4841db2269434a6893f5d131ced87ace50d4fc67090f5f19c17acc632e55acf4dd3ea833a30ced04e6939ba2a08cf9e0088b12e3f68d95f988abe582c02d2ac80e4a50c0
+Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+
+Ciphertext = a33526c11d6c1a4b97625154e41b594392e50548f3e266381732b4a4d1b6cc5464b91fbe849847328f19d5a3fafc1c038936da9ee95d5153345b307ba5380fa574abde9b354cfb736063ccb87339a4972ca4780861e90c6409a81fe09404b05c9afdf7728f4133f309e5089c3e7b2e134cfca5fc739a801fe195eabf9aad50d1c7f7bee4de9c9e01f8d2a0320e619447ca154a3557a42894bdec940de6182e85df625b7946ee304450ab80a13f2881b7ede0f996862b0a554515793e405f553863d85fbceee3b3e4e591eaa1060130ff2c790e7877c87ec62674959c73328c6d35c368c475f121c91ebf558b47c77f5c684ac2ba24b778dd03e93fb803542acd
+Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+
+Ciphertext = 5081a1888b13f7affedb056d0b76afce7720b33c1bca45515f030ac3b0b2ed061448f4e26f04134bfbfa16e5c009a8c5d057e635c0e9079cafb93440f161bb1b7e825f170d2c6a2579e58dac2cd5aa71374ab728a9d84be5a9fadb35d458fa68fcf6f80f0251d93d4c3cbafd95a67e1f5ac6eefc6748d2747e940f8f6d2641859168aaee77e38059b1b86e108e525aa140b460b00f6e5bf4fae106019e2e4d9950276240645f18384cd7b0e8eb79a8b7e4c62e76c4c062c823d39e55809ea9d099e8349b133b6878168d216daa37f0254d3b57bb54645180936feee9eaeca643df6bdde81bea2e77b96f000ab647bace02be4d3792ac76ff4ec975ff2ee97be1
+Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+
+Ciphertext = 030b8b0c6367a4e19e2f4c61bf3af17ec6f4f71c5791c2c413f8d2d5df1540d60bb0f04329a4e155866098480e91681806d3747adbf4f632aa871f89d049ab691efa75d1a48255c836a47fd6e7f005aa25cc74b3d0abf9dcb6b84528d3e78e565bcfc438f8799a52207171dfd61c646f0cbd0f4ce3bbe69f4bd4328bb253d19061ca3b1a4efc3929aa139020af8b417fe1de2de6e5708748e7c4061eb2649090787f7423747ef90b2395bea8faaa147a4b8da5182fb0702dc99611ec9cf7d18c7cb7ecd209d09f4b5a649a744849475429d42f360ea366a9c25194df01104bbde977006c1178b8d278347c5275ba0818284208b502f7d3fb5cfccef46559ce85
+Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+
+Ciphertext = 04cf931efdef42a0e998c292785518614a511a878361674f1163af4c49f8b0d5015f718697cb52793884b2eaefe209dc3e492ab52b1c6a083eca89231c4b279f9a40e9a325327deb15c90fba118bfc14f704c67162dbd6c5137df83d8cbeea3658d6091c9a6cd173fc4f61f9d4f7de7f8b59d631204aa533e28d1b2ffe79dd9f1e893f64246a59b25ffea69e19b85eeb746e4a6a6675bb9f0bc921c407f09bd28dee9ea82de98ab299cfa1d0ec0b8d9ef58c282fa619e56ce2ae024e2eb3838ae22a324dd4af67002e47ed85d075016690c43512840cb864d572f850c793fb6f3f9557e6485a3cfb3850ef7a5b84d0d9049282eb58e5bd48e6cb4ca1ac3dc61e
+Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802
+
+Ciphertext = 9230e0034ae35f8e3d182d3b354cbc3a35a0d5c6ef4f2160f54dce86f9def8218d9f670d43900a4192ef1420a48968d7df7e157a533e3d839471ff0f2d523b8a5b2f4c3e69be7986d910f77886d1b6bb314d05b940ea2cee1ab4735d303af6e6f6ec442facc604654eeeb37b380bf2813376665a7ca31d8251a7af7d71fcd74311cc4ee99d4525983abcb3929f3c25051f23e06be5dff023e4359e2e574dbe1fc6ac6d5290ab4324b7ad9f99dfa2fcebb07ef35a578b2bab98c4d7108a24ef11c45bc78a141ee8ad7aaf91aa1f9da27ead96efe8241f7752337b8a2b03de84df8f18b9316fdafbe6472a7c61fde7621e8dbf8c268d8be8b3e8b645d82785b9ce
+Msg = 26521050844271
+
+
diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp
index 666650969..722056b2f 100644
--- a/src/tests/test_pubkey.cpp
+++ b/src/tests/test_pubkey.cpp
@@ -250,7 +250,7 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const Va
const std::vector<uint8_t> ciphertext = get_req_bin(vars, "Ciphertext");
const std::string padding = choose_padding(vars, pad_hdr);
- Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption");
+ Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " encryption");
std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
@@ -344,6 +344,49 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const Va
return result;
}
+Test::Result
+PK_Decryption_Test::run_one_test(const std::string& pad_hdr, const VarMap& vars)
+ {
+ const std::vector<uint8_t> plaintext = get_req_bin(vars, "Msg");
+ const std::vector<uint8_t> ciphertext = get_req_bin(vars, "Ciphertext");
+ const std::string padding = choose_padding(vars, pad_hdr);
+
+ Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption");
+
+ std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
+
+ std::vector<std::unique_ptr<Botan::PK_Decryptor>> decryptors;
+
+ for(auto const& dec_provider : possible_providers(algo_name()))
+ {
+ std::unique_ptr<Botan::PK_Decryptor> decryptor;
+
+ try
+ {
+ decryptor.reset(new Botan::PK_Decryptor_EME(*privkey, Test::rng(), padding, dec_provider));
+ }
+ catch(Botan::Lookup_Error&)
+ {
+ continue;
+ }
+
+ Botan::secure_vector<uint8_t> decrypted;
+ try
+ {
+ decrypted = decryptor->decrypt(ciphertext);
+ }
+ catch(Botan::Exception& e)
+ {
+ result.test_failure("Failed to decrypt KAT ciphertext", e.what());
+ }
+
+ result.test_eq(dec_provider, "decryption of KAT", decrypted, plaintext);
+ check_invalid_ciphertexts(result, *decryptor, plaintext, ciphertext);
+ }
+
+ return result;
+ }
+
Test::Result PK_KEM_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> K = get_req_bin(vars, "K");
diff --git a/src/tests/test_pubkey.h b/src/tests/test_pubkey.h
index d43909f14..2fde5de3c 100644
--- a/src/tests/test_pubkey.h
+++ b/src/tests/test_pubkey.h
@@ -125,6 +125,26 @@ class PK_Encryption_Decryption_Test : public PK_Test
Test::Result run_one_test(const std::string& header, const VarMap& vars) override final;
};
+class PK_Decryption_Test : public PK_Test
+ {
+ public:
+ PK_Decryption_Test(const std::string& algo,
+ const std::string& test_src,
+ const std::string& required_keys,
+ const std::string& optional_keys = "")
+ : PK_Test(algo, test_src, required_keys, optional_keys) {}
+
+ virtual std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) = 0;
+
+ std::string default_padding(const VarMap&) const override
+ {
+ return "Raw";
+ }
+
+ private:
+ Test::Result run_one_test(const std::string& header, const VarMap& vars) override final;
+ };
+
class PK_Key_Agreement_Test : public PK_Test
{
public:
diff --git a/src/tests/test_rsa.cpp b/src/tests/test_rsa.cpp
index 9dfde7e14..652d5cafd 100644
--- a/src/tests/test_rsa.cpp
+++ b/src/tests/test_rsa.cpp
@@ -39,6 +39,30 @@ class RSA_ES_KAT_Tests final : public PK_Encryption_Decryption_Test
}
};
+class RSA_Decryption_KAT_Tests final : public PK_Decryption_Test
+ {
+ public:
+ RSA_Decryption_KAT_Tests() :
+ PK_Decryption_Test("RSA",
+ "pubkey/rsa_decrypt.vec",
+ "E,P,Q,Ciphertext,Msg") {}
+
+ bool clear_between_callbacks() const override
+ {
+ return false;
+ }
+
+ std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override
+ {
+ const BigInt p = get_req_bn(vars, "P");
+ const BigInt q = get_req_bn(vars, "Q");
+ const BigInt e = get_req_bn(vars, "E");
+
+ std::unique_ptr<Botan::Private_Key> key(new Botan::RSA_PrivateKey(p, q, e));
+ return key;
+ }
+ };
+
class RSA_KEM_Tests final : public PK_KEM_Test
{
public:
@@ -300,6 +324,7 @@ class RSA_Blinding_Tests final : public Test
};
BOTAN_REGISTER_TEST("rsa_encrypt", RSA_ES_KAT_Tests);
+BOTAN_REGISTER_TEST("rsa_decrypt", RSA_Decryption_KAT_Tests);
BOTAN_REGISTER_TEST("rsa_sign", RSA_Signature_KAT_Tests);
BOTAN_REGISTER_TEST("rsa_pss", RSA_PSS_KAT_Tests);
BOTAN_REGISTER_TEST("rsa_pss_raw", RSA_PSS_Raw_KAT_Tests);