TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 3c17460a1ff97cdf0545c6f2fcb559036f34bedf / . / tests / suites / test_suite_rsa.function
blob: 19b690f88ba1958d0312927abeae742fc12a04fa [file] [log] [blame]
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1BEGIN_HEADER
2#include <polarssl/rsa.h>
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]3#include <polarssl/md2.h>
4#include <polarssl/md4.h>
5#include <polarssl/md5.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]6#include <polarssl/sha1.h>
7#include <polarssl/sha2.h>
8#include <polarssl/sha4.h>
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]9#include <polarssl/entropy.h>
10#include <polarssl/ctr_drbg.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]11END_HEADER
12
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]13BEGIN_DEPENDENCIES
Paul Bakkerd7d8dbe2011-05-26 15:29:38 +0000[diff] [blame]14depends_on:POLARSSL_RSA_C:POLARSSL_BIGNUM_C:POLARSSL_GENPRIME
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]15END_DEPENDENCIES
16
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]17BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]18rsa_pkcs1_sign:message_hex_string:padding_mode:digest:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]19{
20 unsigned char message_str[1000];
21 unsigned char hash_result[1000];
22 unsigned char output[1000];
23 unsigned char output_str[1000];
24 rsa_context ctx;
25 mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]26 int msg_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]27 rnd_pseudo_info rnd_info;
28
29 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]30
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]31 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]32 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]33
34 memset( message_str, 0x00, 1000 );
35 memset( hash_result, 0x00, 1000 );
36 memset( output, 0x00, 1000 );
37 memset( output_str, 0x00, 1000 );
38
39 ctx.len = {mod} / 8;
40 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
41 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
42 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
43 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
44
45 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
46 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
47 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
48 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
49 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
50 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
51 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
52 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
53
54 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
55
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]56 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]57
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]58 switch( {digest} )
59 {
60#ifdef POLARSSL_MD2_C
61 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]62 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]63 break;
64#endif
65#ifdef POLARSSL_MD4_C
66 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]67 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]68 break;
69#endif
70#ifdef POLARSSL_MD5_C
71 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]72 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]73 break;
74#endif
75#ifdef POLARSSL_SHA1_C
76 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]78 break;
79#endif
80#ifdef POLARSSL_SHA2_C
81 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]82 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]83 break;
84 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]85 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]86 break;
87#endif
88#ifdef POLARSSL_SHA4_C
89 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]90 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]91 break;
92 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]93 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]94 break;
95#endif
Manuel Pégourié-Gonnard3c174602014-11-17 11:52:51 +0100[diff] [blame^]96 default:
97 ; /* do nothing */
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]98 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]99
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]100 TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]101 if( {result} == 0 )
102 {
103 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]104
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]105 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
106 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]107
108 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]109 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]110}
111END_CASE
112
113BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]114rsa_pkcs1_verify:message_hex_string:padding_mode:digest:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]115{
116 unsigned char message_str[1000];
117 unsigned char hash_result[1000];
118 unsigned char result_str[1000];
119 rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]120 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]121
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]122 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]123 memset( message_str, 0x00, 1000 );
124 memset( hash_result, 0x00, 1000 );
125 memset( result_str, 0x00, 1000 );
126
127 ctx.len = {mod} / 8;
128 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
129 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
130
131 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
132
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]133 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]134 unhexify( result_str, {result_hex_str} );
135
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]136 switch( {digest} )
137 {
138#ifdef POLARSSL_MD2_C
139 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]140 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]141 break;
142#endif
143#ifdef POLARSSL_MD4_C
144 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]145 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]146 break;
147#endif
148#ifdef POLARSSL_MD5_C
149 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]150 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]151 break;
152#endif
153#ifdef POLARSSL_SHA1_C
154 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]155 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]156 break;
157#endif
158#ifdef POLARSSL_SHA2_C
159 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]160 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]161 break;
162 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]163 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]164 break;
165#endif
166#ifdef POLARSSL_SHA4_C
167 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]168 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]169 break;
170 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]171 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]172 break;
173#endif
Manuel Pégourié-Gonnard3c174602014-11-17 11:52:51 +0100[diff] [blame^]174 default:
175 ; /* do nothing */
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]176 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]177
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]178 TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]179
180 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]181}
182END_CASE
183
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]184
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]185BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]186rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]187{
188 unsigned char message_str[1000];
189 unsigned char hash_result[1000];
190 unsigned char output[1000];
191 unsigned char output_str[1000];
192 rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]193 mpi P1, Q1, H, G;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]194 int hash_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]195 rnd_pseudo_info rnd_info;
196
197 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]198
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]199 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]200 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]201
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]202 memset( message_str, 0x00, 1000 );
203 memset( hash_result, 0x00, 1000 );
204 memset( output, 0x00, 1000 );
205 memset( output_str, 0x00, 1000 );
206
207 ctx.len = {mod} / 8;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]208 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
209 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
210 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
211 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
212
213 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
214 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
215 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
216 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
217 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
218 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
219 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
220 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
221
222 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
223
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]224 unhexify( message_str, {message_hex_string} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]225 hash_len = unhexify( hash_result, {hash_result_string} );
226
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]227 TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]228
229 hexify( output_str, output, ctx.len );
230
231 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]232
Manuel Pégourié-Gonnardc675e4b2014-02-03 11:58:55 +0100[diff] [blame]233 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
234 if( {padding_mode} == RSA_PKCS_V15 )
235 {
236 memset( output, 0x00, 1000 );
237 memset( output_str, 0x00, 1000 );
238
239 TEST_ASSERT( rsa_rsaes_pkcs1_v15_encrypt( &ctx,
240 &rnd_pseudo_rand, &rnd_info, RSA_PRIVATE,
241 hash_len, hash_result, output ) == 0 );
242
243 hexify( output_str, output, ctx.len );
244
245 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
246 }
247
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]248 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]249 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]250}
251END_CASE
252
253BEGIN_CASE
254rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:correct
255{
256 unsigned char message_str[1000];
257 unsigned char hash_result[1000];
258 unsigned char result_str[1000];
Manuel Pégourié-Gonnardc675e4b2014-02-03 11:58:55 +0100[diff] [blame]259 unsigned char output[1000];
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]260 rsa_context ctx;
Manuel Pégourié-Gonnardc675e4b2014-02-03 11:58:55 +0100[diff] [blame]261 size_t hash_len, olen;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]262
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]263 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]264 memset( message_str, 0x00, 1000 );
265 memset( hash_result, 0x00, 1000 );
266 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardc675e4b2014-02-03 11:58:55 +0100[diff] [blame]267 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]268
269 ctx.len = {mod} / 8;
270 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
271 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
272
273 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
274
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]275 unhexify( message_str, {message_hex_string} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]276 hash_len = unhexify( hash_result, {hash_result_string} );
277 unhexify( result_str, {result_hex_str} );
278
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]279 TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]280
Manuel Pégourié-Gonnardc675e4b2014-02-03 11:58:55 +0100[diff] [blame]281 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
282 if( {padding_mode} == RSA_PKCS_V15 )
283 {
284 int ok;
285
286 TEST_ASSERT( rsa_rsaes_pkcs1_v15_decrypt( &ctx,
287 NULL, NULL, RSA_PUBLIC,
288 &olen, result_str, output, sizeof( output ) ) == 0 );
289
290 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
291 if( {correct} == 0 )
292 TEST_ASSERT( ok == 1 );
293 else
294 TEST_ASSERT( ok == 0 );
295 }
296
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]297 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]298}
299END_CASE
300
301BEGIN_CASE
302rsa_pkcs1_encrypt:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
303{
304 unsigned char message_str[1000];
305 unsigned char output[1000];
306 unsigned char output_str[1000];
307 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]308 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]309 rnd_pseudo_info rnd_info;
310
311 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]312
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]313 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]314 memset( message_str, 0x00, 1000 );
315 memset( output, 0x00, 1000 );
316 memset( output_str, 0x00, 1000 );
317
318 ctx.len = {mod} / 8;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]319 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
320 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
321
322 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
323
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]324 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]325
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]326 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]327 if( {result} == 0 )
328 {
329 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]330
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]331 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
332 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]333
334 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]335}
336END_CASE
337
338BEGIN_CASE
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]339rsa_pkcs1_encrypt_bad_rng:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
340{
341 unsigned char message_str[1000];
342 unsigned char output[1000];
343 unsigned char output_str[1000];
344 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]345 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]346
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]347 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]348 memset( message_str, 0x00, 1000 );
349 memset( output, 0x00, 1000 );
350 memset( output_str, 0x00, 1000 );
351
352 ctx.len = {mod} / 8;
353 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
354 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
355
356 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
357
358 msg_len = unhexify( message_str, {message_hex_string} );
359
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]360 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]361 if( {result} == 0 )
362 {
363 hexify( output_str, output, ctx.len );
364
365 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
366 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]367
368 rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]369}
370END_CASE
371
372BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]373rsa_pkcs1_decrypt:message_hex_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:max_output:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]374{
375 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]376 unsigned char output[1000];
377 unsigned char output_str[1000];
378 rsa_context ctx;
379 mpi P1, Q1, H, G;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]380 size_t output_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]381 rnd_pseudo_info rnd_info;
382
383 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]384
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]385 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]386 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]387
388 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]389 memset( output, 0x00, 1000 );
390 memset( output_str, 0x00, 1000 );
391
392 ctx.len = {mod} / 8;
393 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
394 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
395 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
396 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
397
398 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
399 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
400 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
401 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
402 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
403 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
404 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
405 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
406
407 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
408
409 unhexify( message_str, {message_hex_string} );
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]410 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]411
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]412 TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]413 if( {result} == 0 )
414 {
415 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]416
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]417 TEST_ASSERT( strncasecmp( (char *) output_str, {result_hex_str}, strlen( {result_hex_str} ) ) == 0 );
418 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]419
420 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]421 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]422}
423END_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]424
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]425BEGIN_CASE
426rsa_public:message_hex_string:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
427{
428 unsigned char message_str[1000];
429 unsigned char output[1000];
430 unsigned char output_str[1000];
431 rsa_context ctx;
432
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]433 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]434 memset( message_str, 0x00, 1000 );
435 memset( output, 0x00, 1000 );
436 memset( output_str, 0x00, 1000 );
437
438 ctx.len = {mod} / 8;
439 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
440 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
441
442 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
443
444 unhexify( message_str, {message_hex_string} );
445
446 TEST_ASSERT( rsa_public( &ctx, message_str, output ) == {result} );
447 if( {result} == 0 )
448 {
449 hexify( output_str, output, ctx.len );
450
451 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
452 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]453
454 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]455}
456END_CASE
457
458BEGIN_CASE
459rsa_private:message_hex_string:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
460{
461 unsigned char message_str[1000];
462 unsigned char output[1000];
463 unsigned char output_str[1000];
464 rsa_context ctx;
465 mpi P1, Q1, H, G;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]466 rnd_pseudo_info rnd_info;
467
468 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]469
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]470 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]471 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]472
473 memset( message_str, 0x00, 1000 );
474 memset( output, 0x00, 1000 );
475 memset( output_str, 0x00, 1000 );
476
477 ctx.len = {mod} / 8;
478 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
479 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
480 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
481 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
482
483 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
484 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
485 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
486 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
487 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
488 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
489 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
490 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
491
492 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
493
494 unhexify( message_str, {message_hex_string} );
495
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]496 TEST_ASSERT( rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, message_str, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]497 if( {result} == 0 )
498 {
499 hexify( output_str, output, ctx.len );
500
501 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
502 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]503
504 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]505 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]506}
507END_CASE
508
509BEGIN_CASE
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]510rsa_check_privkey_null:
511{
512 rsa_context ctx;
513 memset( &ctx, 0x00, sizeof( rsa_context ) );
514
515 TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
516}
517END_CASE
518
519BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]520rsa_check_pubkey:radix_N:input_N:radix_E:input_E:result
521{
522 rsa_context ctx;
523
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]524 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]525
526 if( strlen( {input_N} ) )
527 {
528 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
529 }
530 if( strlen( {input_E} ) )
531 {
532 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
533 }
534
535 TEST_ASSERT( rsa_check_pubkey( &ctx ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]536
537 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]538}
539END_CASE
540
541BEGIN_CASE
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]542rsa_check_privkey:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:radix_D:input_D:radix_DP:input_DP:radix_DQ:input_DQ:radix_QP:input_QP:result
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]543{
544 rsa_context ctx;
545
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]546 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]547
548 ctx.len = {mod} / 8;
549 if( strlen( {input_P} ) )
550 {
551 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
552 }
553 if( strlen( {input_Q} ) )
554 {
555 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
556 }
557 if( strlen( {input_N} ) )
558 {
559 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
560 }
561 if( strlen( {input_E} ) )
562 {
563 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
564 }
565 if( strlen( {input_D} ) )
566 {
567 TEST_ASSERT( mpi_read_string( &ctx.D, {radix_D}, {input_D} ) == 0 );
568 }
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]569 if( strlen( {input_DP} ) )
570 {
571 TEST_ASSERT( mpi_read_string( &ctx.DP, {radix_DP}, {input_DP} ) == 0 );
572 }
573 if( strlen( {input_DQ} ) )
574 {
575 TEST_ASSERT( mpi_read_string( &ctx.DQ, {radix_DQ}, {input_DQ} ) == 0 );
576 }
577 if( strlen( {input_QP} ) )
578 {
579 TEST_ASSERT( mpi_read_string( &ctx.QP, {radix_QP}, {input_QP} ) == 0 );
580 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]581
582 TEST_ASSERT( rsa_check_privkey( &ctx ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]583
584 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]585}
586END_CASE
587
588BEGIN_CASE
589rsa_gen_key:nrbits:exponent:result
590{
591 rsa_context ctx;
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]592 entropy_context entropy;
593 ctr_drbg_context ctr_drbg;
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]594 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]595
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]596 entropy_init( &entropy );
597 TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]598 (const unsigned char *) pers, strlen( pers ) ) == 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]599
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]600 rsa_init( &ctx, 0, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]601
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]602 TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, {nrbits}, {exponent} ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]603 if( {result} == 0 )
604 {
605 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
606 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]607
608 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]609}
610END_CASE
611
612BEGIN_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]613rsa_selftest:
614{
615 TEST_ASSERT( rsa_self_test( 0 ) == 0 );
616}
617END_CASE