Home Explore Help
Sign In
i0x404
/
torzu
forked from litucks/torzu
Watch 1
Star 0
Fork 0
Files
Branch: master
Branches Tags
torzu
/
externals
/
mbedtls
/
tests
/
suites
/
test_suite_pkcs1_v15.function

test_suite_pkcs1_v15.function 14 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328 
  1. /* BEGIN_HEADER */
    2. 

  2. #include "mbedtls/rsa.h"
    3. 

  3. #include "mbedtls/md.h"
    4. 

  4. /* END_HEADER */
    5. 

  5. 

  6. /* BEGIN_DEPENDENCIES
    7. 

  7.  * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
    8. 

  8.  * END_DEPENDENCIES
    9. 

  9.  */
    10. 

  10. 

  11. /* BEGIN_CASE */
    12. 

  12. void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
    13. 

  13.                               int radix_E, char * input_E, int hash,
    14. 

  14.                               data_t * message_str, data_t * rnd_buf,
    15. 

  15.                               data_t * result_str, int result )
    16. 

  16. {
    17. 

  17.     unsigned char output[128];
    18. 

  18.     mbedtls_rsa_context ctx;
    19. 

  19.     rnd_buf_info info;
    20. 

  20.     mbedtls_mpi N, E;
    21. 

  21. 

  22.     info.buf = rnd_buf->x;
    23. 

  23.     info.length = rnd_buf->len;
    24. 

  24. 

  25.     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    26. 

  26.     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
    27. 

  27.     memset( output, 0x00, sizeof( output ) );
    28. 

  28. 

  29.     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    30. 

  30.     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
    31. 

  31.     TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
    32. 

  32.     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
    33. 

  33.     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
    34. 

  34. 

  35. 

  36.     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
    37. 

  37.     if( result == 0 )
    38. 

  38.     {
    39. 

  39.         TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
    40. 

  40.                                           ctx.len, result_str->len ) == 0 );
    41. 

  41.     }
    42. 

  42. 

  43. exit:
    44. 

  44.     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
    45. 

  45.     mbedtls_rsa_free( &ctx );
    46. 

  46. }
    47. 

  47. /* END_CASE */
    48. 

  48. 

  49. /* BEGIN_CASE */
    50. 

  50. void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
    51. 

  51.                               int radix_Q, char * input_Q, int radix_N,
    52. 

  52.                               char * input_N, int radix_E, char * input_E,
    53. 

  53.                               int hash, data_t * result_str,
    54. 

  54.                               char * seed, data_t * message_str,
    55. 

  55.                               int result )
    56. 

  56. {
    57. 

  57.     unsigned char output[128];
    58. 

  58.     mbedtls_rsa_context ctx;
    59. 

  59.     size_t output_len;
    60. 

  60.     rnd_pseudo_info rnd_info;
    61. 

  61.     mbedtls_mpi N, P, Q, E;
    62. 

  62.     ((void) seed);
    63. 

  63. 

  64.     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
    65. 

  65.     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    66. 

  66.     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
    67. 

  67. 

  68.     memset( output, 0x00, sizeof( output ) );
    69. 

  69.     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    70. 

  70. 

  71.     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
    72. 

  72.     TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
    73. 

  73.     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    74. 

  74.     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
    75. 

  75. 

  76.     TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
    77. 

  77.     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
    78. 

  78.     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
    79. 

  79.     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
    80. 

  80. 

  81.     TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
    82. 

  82.     if( result == 0 )
    83. 

  83.     {
    84. 

  84.         TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
    85. 

  85.                                           output_len,
    86. 

  86.                                           result_str->len) == 0 );
    87. 

  87.     }
    88. 

  88. 

  89. exit:
    90. 

  90.     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
    91. 

  91.     mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
    92. 

  92.     mbedtls_rsa_free( &ctx );
    93. 

  93. }
    94. 

  94. /* END_CASE */
    95. 

  95. 

  96. /* BEGIN_CASE */
    97. 

  97. void pkcs1_v15_decode( int mode,
    98. 

  98.                        data_t *input,
    99. 

  99.                        int expected_plaintext_length_arg,
    100. 

  100.                        int output_size_arg,
    101. 

  101.                        int expected_result )
    102. 

  102. {
    103. 

  103.     size_t expected_plaintext_length = expected_plaintext_length_arg;
    104. 

  104.     size_t output_size = output_size_arg;
    105. 

  105.     rnd_pseudo_info rnd_info;
    106. 

  106.     mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
    107. 

  107.     mbedtls_rsa_context ctx;
    108. 

  108.     static unsigned char N[128] = {
    109. 

  109.         0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
    110. 

  110.         0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
    111. 

  111.         0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
    112. 

  112.         0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
    113. 

  113.         0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
    114. 

  114.         0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
    115. 

  115.         0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
    116. 

  116.         0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
    117. 

  117.         0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
    118. 

  118.         0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
    119. 

  119.         0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
    120. 

  120.         0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
    121. 

  121.         0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
    122. 

  122.         0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
    123. 

  123.         0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
    124. 

  124.         0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
    125. 

  125.     };
    126. 

  126.     static unsigned char E[1] = { 0x03 };
    127. 

  127.     static unsigned char P[64] = {
    128. 

  128.         0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
    129. 

  129.         0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
    130. 

  130.         0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
    131. 

  131.         0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
    132. 

  132.         0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
    133. 

  133.         0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
    134. 

  134.         0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
    135. 

  135.         0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
    136. 

  136.     };
    137. 

  137.     static unsigned char Q[64] = {
    138. 

  138.         0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
    139. 

  139.         0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
    140. 

  140.         0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
    141. 

  141.         0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
    142. 

  142.         0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
    143. 

  143.         0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
    144. 

  144.         0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
    145. 

  145.         0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
    146. 

  146.     };
    147. 

  147.     unsigned char original[128];
    148. 

  148.     unsigned char intermediate[128];
    149. 

  149.     static unsigned char default_content[128] = {
    150. 

  150.         /* A randomly generated pattern. */
    151. 

  151.         0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
    152. 

  152.         0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
    153. 

  153.         0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
    154. 

  154.         0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
    155. 

  155.         0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
    156. 

  156.         0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
    157. 

  157.         0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
    158. 

  158.         0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
    159. 

  159.         0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
    160. 

  160.         0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
    161. 

  161.         0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
    162. 

  162.         0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
    163. 

  163.         0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
    164. 

  164.         0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
    165. 

  165.         0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
    166. 

  166.         0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
    167. 

  167.     };
    168. 

  168.     unsigned char final[128];
    169. 

  169.     size_t output_length = 0x7EA0;
    170. 

  170. 

  171.     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    172. 

  172.     mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
    173. 

  173.     mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
    174. 

  174.     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
    175. 

  175. 

  176.     TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
    177. 

  177.     TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
    178. 

  178.     TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
    179. 

  179.     TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
    180. 

  180. 

  181.     TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
    182. 

  182.                                      NULL, &Empi ) == 0 );
    183. 

  183.     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
    184. 

  184. 

  185.     TEST_ASSERT( input->len <= sizeof( N ) );
    186. 

  186.     memcpy( original, input->x, input->len );
    187. 

  187.     memset( original + input->len, 'd', sizeof( original ) - input->len );
    188. 

  188.     if( mode == MBEDTLS_RSA_PRIVATE )
    189. 

  189.         TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
    190. 

  190.     else
    191. 

  191.         TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info,
    192. 

  192.                                           original, intermediate ) == 0 );
    193. 

  193. 

  194.     memcpy( final, default_content, sizeof( final ) );
    195. 

  195.     TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
    196. 

  196.                                             &rnd_pseudo_rand, &rnd_info,
    197. 

  197.                                             mode,
    198. 

  198.                                             &output_length,
    199. 

  199.                                             intermediate,
    200. 

  200.                                             final,
    201. 

  201.                                             output_size ) == expected_result );
    202. 

  202.     if( expected_result == 0 )
    203. 

  203.     {
    204. 

  204.         TEST_ASSERT( output_length == expected_plaintext_length );
    205. 

  205.         TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
    206. 

  206.                              final,
    207. 

  207.                              output_length ) == 0 );
    208. 

  208.     }
    209. 

  209.     else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
    210. 

  210.              expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
    211. 

  211.     {
    212. 

  212.         size_t max_payload_length =
    213. 

  213.             output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
    214. 

  214.         size_t i;
    215. 

  215.         size_t count = 0;
    216. 

  216. 

  217. #if !defined(MBEDTLS_RSA_ALT)
    218. 

  218.         /* Check that the output in invalid cases is what the default
    219. 

  219.          * implementation currently does. Alternative implementations
    220. 

  220.          * may produce different output, so we only perform these precise
    221. 

  221.          * checks when using the default implementation. */
    222. 

  222.         TEST_ASSERT( output_length == max_payload_length );
    223. 

  223.         for( i = 0; i < max_payload_length; i++ )
    224. 

  224.             TEST_ASSERT( final[i] == 0 );
    225. 

  225. #endif
    226. 

  226.         /* Even in alternative implementations, the outputs must have
    227. 

  227.          * changed, otherwise it indicates at least a timing vulnerability
    228. 

  228.          * because no write to the outputs is performed in the bad case. */
    229. 

  229.         TEST_ASSERT( output_length != 0x7EA0 );
    230. 

  230.         for( i = 0; i < max_payload_length; i++ )
    231. 

  231.             count += ( final[i] == default_content[i] );
    232. 

  232.         /* If more than 16 bytes are unchanged in final, that's evidence
    233. 

  233.          * that final wasn't overwritten. */
    234. 

  234.         TEST_ASSERT( count < 16 );
    235. 

  235.     }
    236. 

  236. 

  237. exit:
    238. 

  238.     mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
    239. 

  239.     mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
    240. 

  240.     mbedtls_rsa_free( &ctx );
    241. 

  241. }
    242. 

  242. /* END_CASE */
    243. 

  243. 

  244. /* BEGIN_CASE */
    245. 

  245. void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
    246. 

  246.                             char * input_Q, int radix_N, char * input_N,
    247. 

  247.                             int radix_E, char * input_E, int digest, int hash,
    248. 

  248.                             data_t * message_str, data_t * rnd_buf,
    249. 

  249.                             data_t * result_str, int result )
    250. 

  250. {
    251. 

  251.     unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
    252. 

  252.     unsigned char output[128];
    253. 

  253.     mbedtls_rsa_context ctx;
    254. 

  254.     mbedtls_mpi N, P, Q, E;
    255. 

  255.     rnd_buf_info info;
    256. 

  256. 

  257.     info.buf = rnd_buf->x;
    258. 

  258.     info.length = rnd_buf->len;
    259. 

  259. 

  260.     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
    261. 

  261.     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    262. 

  262.     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
    263. 

  263. 

  264.     memset( hash_result, 0x00, sizeof( hash_result ) );
    265. 

  265.     memset( output, 0x00, sizeof( output ) );
    266. 

  266. 

  267.     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
    268. 

  268.     TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
    269. 

  269.     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    270. 

  270.     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
    271. 

  271. 

  272.     TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
    273. 

  273.     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
    274. 

  274.     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
    275. 

  275.     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
    276. 

  276. 

  277. 

  278.     if( mbedtls_md_info_from_type( digest ) != NULL )
    279. 

  279.         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
    280. 

  280. 

  281.     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
    282. 

  282.     if( result == 0 )
    283. 

  283.     {
    284. 

  284. 

  285.         TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
    286. 

  286.                                           ctx.len, result_str->len ) == 0 );
    287. 

  287.     }
    288. 

  288. 

  289. exit:
    290. 

  290.     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
    291. 

  291.     mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
    292. 

  292.     mbedtls_rsa_free( &ctx );
    293. 

  293. }
    294. 

  294. /* END_CASE */
    295. 

  295. 

  296. /* BEGIN_CASE */
    297. 

  297. void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
    298. 

  298.                               int radix_E, char * input_E, int digest,
    299. 

  299.                               int hash, data_t * message_str, char * salt,
    300. 

  300.                               data_t * result_str, int result )
    301. 

  301. {
    302. 

  302.     unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
    303. 

  303.     mbedtls_rsa_context ctx;
    304. 

  304.     mbedtls_mpi N, E;
    305. 

  305.     ((void) salt);
    306. 

  306. 

  307.     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    308. 

  308.     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
    309. 

  309.     memset( hash_result, 0x00, sizeof( hash_result ) );
    310. 

  310. 

  311.     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    312. 

  312.     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
    313. 

  313.     TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
    314. 

  314.     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
    315. 

  315.     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
    316. 

  316. 

  317. 

  318.     if( mbedtls_md_info_from_type( digest ) != NULL )
    319. 

  319.         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
    320. 

  320. 

  321.     TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
    322. 

  322. 

  323. exit:
    324. 

  324.     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
    325. 

  325.     mbedtls_rsa_free( &ctx );
    326. 

  326. }
    327. 

  327. /* END_CASE */
    328. 

  328.