From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 17 Feb 2024 22:10:53 +0000 (+0900)
Subject: crypto-selftests-pk: add test case for RSA-OAEP
X-Git-Tag: 3.8.4~5^2~1
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=146f98fac5a8868d81fa97ca52dcbaebff2dc84d;p=thirdparty%2Fgnutls.git

crypto-selftests-pk: add test case for RSA-OAEP

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
index 5cfd2f4cba..5e63801069 100644
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -223,7 +223,7 @@ static const char gost12_512_privkey[] =
 	"-----END PRIVATE KEY-----\n";
 
 static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits,
-			gnutls_digest_algorithm_t ign)
+			gnutls_digest_algorithm_t dig)
 {
 	int ret;
 	gnutls_datum_t enc = { NULL, 0 };
@@ -233,6 +233,8 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits,
 	gnutls_privkey_t key;
 	gnutls_pubkey_t pub = NULL;
 	unsigned char plaintext2[sizeof(DATASTR) - 1];
+	gnutls_x509_spki_t spki = NULL;
+	gnutls_datum_t oaep_label = { NULL, 0 };
 
 	ret = gnutls_privkey_init(&key);
 	if (ret < 0)
@@ -251,6 +253,27 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits,
 		goto cleanup;
 	}
 
+	if (pk == GNUTLS_PK_RSA_OAEP) {
+		ret = gnutls_x509_spki_init(&spki);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
+		ret = gnutls_x509_spki_set_rsa_oaep_params(spki, dig,
+							   &oaep_label);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
+		ret = gnutls_privkey_set_spki(key, spki, 0);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+	}
+
 	ret = gnutls_pubkey_import_privkey(pub, key, 0, 0);
 	if (ret < 0) {
 		gnutls_assert();
@@ -297,6 +320,8 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits,
 
 	ret = 0;
 cleanup:
+	if (spki != NULL)
+		gnutls_x509_spki_deinit(spki);
 	if (pub != NULL)
 		gnutls_pubkey_deinit(pub);
 	gnutls_privkey_deinit(key);
@@ -973,6 +998,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
 		if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
 			return 0;
 
+		FALLTHROUGH;
+	case GNUTLS_PK_RSA_OAEP:
+		PK_TEST(GNUTLS_PK_RSA_OAEP, test_rsa_enc, 2048,
+			GNUTLS_DIG_SHA256);
+
+		if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
+			return 0;
+
 		FALLTHROUGH;
 	case GNUTLS_PK_DSA:
 		if (is_post || !is_fips140_mode_enabled) {