From 786dff670172ad6bcb4eaa0197ed9df4afea1fcc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 24 Apr 2024 16:23:06 +0200
Subject: [PATCH] Use large enough keys when testing parsing of
 non-word-aligned RSA sizes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5
signature, which requires the modulus size in bytes to be at least
tLen + 11 (per RFC 8017 §9.2) where tLen = hLen + oidLen + 6 and
hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead
(3 ASN.1 type-length headers with lengths <128). Replace 512-bit test
cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and
up (good enough for SHA-512).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_pkparse.data | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index bec6f4b901..d170e1e089 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -914,21 +914,23 @@ Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER,
 depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0
 
-Parse RSA Key #100.1 (512-bit)
-depends_on:MBEDTLS_PEM_PARSE_C
-pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0
+# Test keys with non-word-aligned sizes.
+# We use sizes that are large enough to exercise PKCS#1 v1.5 signature with
+# the largest supported hashes (SHA-512 and SHA3-512.)
+Parse RSA Key #100 (768-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_768_clear.der":"":0
 
-Parse RSA Key #100.1 (521-bit)
-depends_on:MBEDTLS_PEM_PARSE_C
-pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0
+Parse RSA Key #100 (769-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_769_clear.der":"":0
 
-Parse RSA Key #100.1 (522-bit)
-depends_on:MBEDTLS_PEM_PARSE_C
-pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0
+Parse RSA Key #100 (770-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_770_clear.der":"":0
 
-Parse RSA Key #100.1 (528-bit)
-depends_on:MBEDTLS_PEM_PARSE_C
-pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0
+Parse RSA Key #100 (776-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_776_clear.der":"":0
+
+Parse RSA Key #100 (784-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_784_clear.der":"":0
 
 Parse Public RSA Key #1 (PKCS#8 wrapped)
 depends_on:MBEDTLS_PEM_PARSE_C