rsa: better test rsa encryption padding

tpm2-software · Oct 9, 2023 · e65f0af · e65f0af
1 parent 51b8e3c
commit e65f0af
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 3 deletions.
diff --git a/src/tpm2-provider-asymcipher-rsa.c b/src/tpm2-provider-asymcipher-rsa.c
@@ -139,12 +139,16 @@ rsa_asymcipher_set_ctx_params(void *ctx, const OSSL_PARAM params[])
             if (pad_mode == RSA_PKCS1_PADDING
                     || pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
                 actx->decrypt.scheme = TPM2_ALG_RSAES;
+            else if (pad_mode == RSA_NO_PADDING)
+                actx->decrypt.scheme = TPM2_ALG_NULL;
             else
                 return 0;
             break;
         case OSSL_PARAM_UTF8_STRING:
             if (!strcasecmp(p->data, OSSL_PKEY_RSA_PAD_MODE_PKCSV15))
                 actx->decrypt.scheme = TPM2_ALG_RSAES;
+            else if (!strcasecmp(p->data, OSSL_PKEY_RSA_PAD_MODE_NONE))
+                actx->decrypt.scheme = TPM2_ALG_NULL;
             else
                 return 0;
             break;

diff --git a/test/rsa_create_decrypt.sh b/test/rsa_create_decrypt.sh
@@ -22,14 +22,36 @@ openssl pkey -provider tpm2 -propquery '?provider=tpm2' -in handle:${HANDLE} -pu
 # encrypt data
 openssl pkeyutl -encrypt -pubin -inkey testkey.pub -in testdata -out testdata.crypt
 
-# decrypt data
+# decrypt data, default padding
 openssl pkeyutl -provider tpm2 -propquery '?provider=tpm2' -inkey handle:${HANDLE} \
     -decrypt -in testdata.crypt -out testdata2
 
 # check the decryption
-test "x$(cat testdata2)" = "xabcde12345abcde12345"
+cmp testdata testdata2
+
+# decrypt data, explicit padding specification
+openssl pkeyutl -provider tpm2 -propquery '?provider=tpm2' -inkey handle:${HANDLE} \
+    -decrypt -pkeyopt rsa_padding_mode:pkcs1 -in testdata.crypt -out testdata3
+
+# check the decryption
+cmp testdata testdata3
+
+# generate a random message of 2048 bits
+openssl rand 256 > testdata
+
+# encrypt data, no padding
+openssl pkeyutl -encrypt -pubin -inkey testkey.pub -pkeyopt rsa_padding_mode:none \
+    -in testdata -out testdata.crypt
+
+# decrypt data
+openssl pkeyutl -provider tpm2 -propquery '?provider=tpm2' -inkey handle:${HANDLE} \
+    -decrypt -pkeyopt rsa_padding_mode:none -in testdata.crypt -out testdata2
+
+# check the decryption
+cmp testdata testdata2
 
 # release the persistent key
 tpm2_evictcontrol -c ${HANDLE}
 
-rm primary.ctx key.pub key.priv testkey.ctx testkey.pub testdata testdata.crypt testdata2
+rm primary.ctx key.pub key.priv testkey.ctx testkey.pub testdata testdata.crypt \
+    testdata2 testdata3