Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 2 | #include "mbedtls/rsa.h" |
Janos Follath | 55be79b | 2024-08-21 13:24:01 +0100 | [diff] [blame^] | 3 | #include "bignum_core.h" |
Chris Jones | 66a4cd4 | 2021-03-09 16:04:12 +0000 | [diff] [blame] | 4 | #include "rsa_alt_helpers.h" |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 5 | #include "rsa_internal.h" |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 6 | /* END_HEADER */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 7 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 8 | /* BEGIN_DEPENDENCIES |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 9 | * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 10 | * END_DEPENDENCIES |
| 11 | */ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 12 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 13 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 14 | void rsa_invalid_param() |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 15 | { |
| 16 | mbedtls_rsa_context ctx; |
| 17 | const int invalid_padding = 42; |
| 18 | const int invalid_hash_id = 0xff; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 19 | unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; |
| 20 | size_t buf_len = sizeof(buf); |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 21 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 22 | mbedtls_rsa_init(&ctx); |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 23 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 24 | TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, |
| 25 | invalid_padding, |
| 26 | MBEDTLS_MD_NONE), |
| 27 | MBEDTLS_ERR_RSA_INVALID_PADDING); |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 28 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 29 | TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, |
| 30 | MBEDTLS_RSA_PKCS_V21, |
| 31 | invalid_hash_id), |
| 32 | MBEDTLS_ERR_RSA_INVALID_PADDING); |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 33 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 34 | TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, |
| 35 | NULL, MBEDTLS_MD_NONE, |
| 36 | buf_len, |
| 37 | NULL, buf), |
| 38 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 39 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 40 | TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, |
| 41 | NULL, MBEDTLS_MD_SHA256, |
| 42 | 0, |
| 43 | NULL, buf), |
| 44 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 45 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 46 | TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, |
| 47 | buf_len, |
| 48 | NULL, buf), |
| 49 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 50 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 51 | TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, |
| 52 | 0, |
| 53 | NULL, buf), |
| 54 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 55 | |
Ronald Cron | 3a0375f | 2021-06-08 10:22:28 +0200 | [diff] [blame] | 56 | #if !defined(MBEDTLS_PKCS1_V15) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 57 | TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, |
| 58 | MBEDTLS_RSA_PKCS_V15, |
| 59 | MBEDTLS_MD_NONE), |
| 60 | MBEDTLS_ERR_RSA_INVALID_PADDING); |
Ronald Cron | 3a0375f | 2021-06-08 10:22:28 +0200 | [diff] [blame] | 61 | #endif |
| 62 | |
Tuvshinzaya Erdenekhuu | fe7524d | 2022-09-01 16:07:18 +0100 | [diff] [blame] | 63 | #if defined(MBEDTLS_PKCS1_V15) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 64 | TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, |
| 65 | NULL, MBEDTLS_MD_NONE, |
| 66 | buf_len, |
| 67 | NULL, buf), |
| 68 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 69 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 70 | TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, |
| 71 | NULL, MBEDTLS_MD_SHA256, |
| 72 | 0, |
| 73 | NULL, buf), |
| 74 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 75 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 76 | TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, |
| 77 | buf_len, |
| 78 | NULL, buf), |
| 79 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 80 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 81 | TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, |
| 82 | 0, |
| 83 | NULL, buf), |
| 84 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 85 | |
| 86 | |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 87 | #endif |
| 88 | |
Ronald Cron | 3a0375f | 2021-06-08 10:22:28 +0200 | [diff] [blame] | 89 | #if !defined(MBEDTLS_PKCS1_V21) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 90 | TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, |
| 91 | MBEDTLS_RSA_PKCS_V21, |
| 92 | MBEDTLS_MD_NONE), |
| 93 | MBEDTLS_ERR_RSA_INVALID_PADDING); |
Ronald Cron | 3a0375f | 2021-06-08 10:22:28 +0200 | [diff] [blame] | 94 | #endif |
| 95 | |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 96 | #if defined(MBEDTLS_PKCS1_V21) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 97 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, |
| 98 | MBEDTLS_MD_NONE, buf_len, |
| 99 | NULL, buf_len, |
| 100 | buf), |
| 101 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 102 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 103 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, |
| 104 | MBEDTLS_MD_SHA256, 0, |
| 105 | NULL, buf_len, |
| 106 | buf), |
| 107 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 108 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 109 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, |
| 110 | buf_len, NULL, |
| 111 | MBEDTLS_MD_NONE, |
| 112 | buf_len, buf), |
| 113 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 114 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 115 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, |
| 116 | 0, NULL, |
| 117 | MBEDTLS_MD_NONE, |
| 118 | buf_len, buf), |
| 119 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 08b2234 | 2022-09-01 16:18:00 +0100 | [diff] [blame] | 120 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 121 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, |
| 122 | buf_len, |
| 123 | NULL, buf), |
| 124 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 125 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 126 | TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, |
| 127 | 0, |
| 128 | NULL, buf), |
| 129 | MBEDTLS_ERR_RSA_BAD_INPUT_DATA); |
Tuvshinzaya Erdenekhuu | 7e2e2a9 | 2022-07-26 10:09:24 +0100 | [diff] [blame] | 130 | #endif |
| 131 | |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 132 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 133 | mbedtls_rsa_free(&ctx); |
Ronald Cron | ea7631b | 2021-06-03 18:51:59 +0200 | [diff] [blame] | 134 | } |
| 135 | /* END_CASE */ |
| 136 | |
| 137 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 138 | void rsa_init_free(int reinit) |
Gilles Peskine | 914afe1 | 2021-02-01 17:55:24 +0100 | [diff] [blame] | 139 | { |
| 140 | mbedtls_rsa_context ctx; |
| 141 | |
| 142 | /* Double free is not explicitly documented to work, but we rely on it |
| 143 | * even inside the library so that you can call mbedtls_rsa_free() |
| 144 | * unconditionally on an error path without checking whether it has |
| 145 | * already been called in the success path. */ |
| 146 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 147 | mbedtls_rsa_init(&ctx); |
| 148 | mbedtls_rsa_free(&ctx); |
Gilles Peskine | 914afe1 | 2021-02-01 17:55:24 +0100 | [diff] [blame] | 149 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 150 | if (reinit) { |
| 151 | mbedtls_rsa_init(&ctx); |
| 152 | } |
| 153 | mbedtls_rsa_free(&ctx); |
Gilles Peskine | 914afe1 | 2021-02-01 17:55:24 +0100 | [diff] [blame] | 154 | |
| 155 | /* This test case always succeeds, functionally speaking. A plausible |
| 156 | * bug might trigger an invalid pointer dereference or a memory leak. */ |
| 157 | goto exit; |
| 158 | } |
| 159 | /* END_CASE */ |
| 160 | |
Manuel Pégourié-Gonnard | 236c4e2 | 2022-07-16 08:35:06 +0200 | [diff] [blame] | 161 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 162 | void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, |
| 163 | int digest, int mod, char *input_P, |
| 164 | char *input_Q, char *input_N, char *input_E, |
| 165 | data_t *result_str, int result) |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 166 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 167 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 168 | mbedtls_rsa_context ctx; |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 169 | mbedtls_mpi N, P, Q, E; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 170 | mbedtls_test_rnd_pseudo_info rnd_info; |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 171 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 172 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 173 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| 174 | mbedtls_rsa_init(&ctx); |
| 175 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 176 | MBEDTLS_MD_NONE) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 177 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 178 | memset(output, 0x00, sizeof(output)); |
| 179 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 180 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 181 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 182 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 183 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 184 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 185 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 186 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 187 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 188 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 189 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 190 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 191 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 192 | TEST_ASSERT(mbedtls_rsa_pkcs1_sign( |
| 193 | &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, |
| 194 | digest, message_str->len, message_str->x, |
| 195 | output) == result); |
| 196 | if (result == 0) { |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 197 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 198 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 199 | ctx.len, result_str->len) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 200 | } |
Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 201 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 202 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 203 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 204 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| 205 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 206 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 207 | /* END_CASE */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 208 | |
Manuel Pégourié-Gonnard | 236c4e2 | 2022-07-16 08:35:06 +0200 | [diff] [blame] | 209 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 210 | void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, |
| 211 | int digest, int mod, |
| 212 | char *input_N, char *input_E, |
| 213 | data_t *result_str, int result) |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 214 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 215 | mbedtls_rsa_context ctx; |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 216 | mbedtls_mpi N, E; |
| 217 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 218 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 219 | mbedtls_rsa_init(&ctx); |
| 220 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 221 | MBEDTLS_MD_NONE) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 222 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 223 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 224 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 225 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 226 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 227 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 228 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 229 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 230 | TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, |
| 231 | result_str->x) == result); |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 232 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 233 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 234 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 235 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 236 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 237 | /* END_CASE */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 238 | |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 239 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 240 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 241 | void rsa_pkcs1_sign_raw(data_t *hash_result, |
| 242 | int padding_mode, int mod, |
| 243 | char *input_P, char *input_Q, |
| 244 | char *input_N, char *input_E, |
| 245 | data_t *result_str) |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 246 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 247 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 248 | mbedtls_rsa_context ctx; |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 249 | mbedtls_mpi N, P, Q, E; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 250 | mbedtls_test_rnd_pseudo_info rnd_info; |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 251 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 252 | mbedtls_rsa_init(&ctx); |
| 253 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 254 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 255 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 256 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 257 | MBEDTLS_MD_NONE) == 0); |
Paul Elliott | e57dd2d | 2021-06-25 11:13:24 +0100 | [diff] [blame] | 258 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 259 | memset(output, 0x00, sizeof(output)); |
| 260 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 261 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 262 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 263 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 264 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 265 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 266 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 267 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 268 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 269 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 270 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 271 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 272 | |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 273 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 274 | TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, |
| 275 | &rnd_info, MBEDTLS_MD_NONE, |
| 276 | hash_result->len, |
| 277 | hash_result->x, output) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 278 | |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 279 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 280 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 281 | ctx.len, result_str->len) == 0); |
Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 282 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 283 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 284 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 285 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 286 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 287 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 288 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 289 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 290 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 291 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 292 | void rsa_pkcs1_verify_raw(data_t *hash_result, |
| 293 | int padding_mode, int mod, |
| 294 | char *input_N, char *input_E, |
| 295 | data_t *result_str, int correct) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 296 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 297 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 298 | mbedtls_rsa_context ctx; |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 299 | |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 300 | mbedtls_mpi N, E; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 301 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 302 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 303 | mbedtls_rsa_init(&ctx); |
| 304 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 305 | MBEDTLS_MD_NONE) == 0); |
| 306 | memset(output, 0x00, sizeof(output)); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 307 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 308 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 309 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 310 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 311 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 312 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 313 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 314 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 315 | |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 316 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 317 | TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, |
| 318 | result_str->x) == correct); |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 319 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 320 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 321 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 322 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 323 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 324 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 325 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 326 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 327 | void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, |
| 328 | int mod, char *input_N, char *input_E, |
| 329 | data_t *result_str, int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 330 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 331 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 332 | mbedtls_rsa_context ctx; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 333 | mbedtls_test_rnd_pseudo_info rnd_info; |
Paul Bakker | 997bbd1 | 2011-03-13 15:45:42 +0000 | [diff] [blame] | 334 | |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 335 | mbedtls_mpi N, E; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 336 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 337 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 338 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 339 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 340 | mbedtls_rsa_init(&ctx); |
| 341 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 342 | MBEDTLS_MD_NONE) == 0); |
| 343 | memset(output, 0x00, sizeof(output)); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 344 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 345 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 346 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 347 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 348 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 349 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 350 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 351 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 352 | |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 353 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 354 | TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, |
| 355 | &mbedtls_test_rnd_pseudo_rand, |
| 356 | &rnd_info, message_str->len, |
| 357 | message_str->x, |
| 358 | output) == result); |
| 359 | if (result == 0) { |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 360 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 361 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 362 | ctx.len, result_str->len) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 363 | } |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 364 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 365 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 366 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 367 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 368 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 369 | /* END_CASE */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 370 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 371 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 372 | void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, |
| 373 | int mod, char *input_N, char *input_E, |
| 374 | data_t *result_str, int result) |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 375 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 376 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 377 | mbedtls_rsa_context ctx; |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 378 | |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 379 | mbedtls_mpi N, E; |
| 380 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 381 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 382 | mbedtls_rsa_init(&ctx); |
| 383 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 384 | MBEDTLS_MD_NONE) == 0); |
| 385 | memset(output, 0x00, sizeof(output)); |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 386 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 387 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 388 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 389 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 390 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 391 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 392 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 393 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 394 | |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 395 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 396 | TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand, |
| 397 | NULL, message_str->len, |
| 398 | message_str->x, |
| 399 | output) == result); |
| 400 | if (result == 0) { |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 401 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 402 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 403 | ctx.len, result_str->len) == 0); |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 404 | } |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 405 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 406 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 407 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 408 | mbedtls_rsa_free(&ctx); |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 409 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 410 | /* END_CASE */ |
Paul Bakker | a665685 | 2010-07-18 19:47:14 +0000 | [diff] [blame] | 411 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 412 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 413 | void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, |
| 414 | int mod, char *input_P, |
| 415 | char *input_Q, char *input_N, |
| 416 | char *input_E, int max_output, |
| 417 | data_t *result_str, int result) |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 418 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 419 | unsigned char output[32]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 420 | mbedtls_rsa_context ctx; |
Paul Bakker | f4a3f30 | 2011-04-24 15:53:29 +0000 | [diff] [blame] | 421 | size_t output_len; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 422 | mbedtls_test_rnd_pseudo_info rnd_info; |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 423 | mbedtls_mpi N, P, Q, E; |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 424 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 425 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 426 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 427 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 428 | mbedtls_rsa_init(&ctx); |
| 429 | TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, |
| 430 | MBEDTLS_MD_NONE) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 431 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 432 | memset(output, 0x00, sizeof(output)); |
| 433 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 434 | |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 435 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 436 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 437 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 438 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 439 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 440 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 441 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 442 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 443 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 444 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 445 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 446 | |
Paul Bakker | 69998dd | 2009-07-11 19:15:20 +0000 | [diff] [blame] | 447 | output_len = 0; |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 448 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 449 | TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand, |
| 450 | &rnd_info, |
| 451 | &output_len, message_str->x, output, |
| 452 | max_output) == result); |
| 453 | if (result == 0) { |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 454 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 455 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 456 | output_len, |
| 457 | result_str->len) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 458 | } |
Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 459 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 460 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 461 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 462 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
| 463 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 464 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 465 | /* END_CASE */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 466 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 467 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 468 | void mbedtls_rsa_public(data_t *message_str, int mod, |
| 469 | char *input_N, char *input_E, |
| 470 | data_t *result_str, int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 471 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 472 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 473 | mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 474 | |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 475 | mbedtls_mpi N, E; |
| 476 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 477 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 478 | mbedtls_rsa_init(&ctx); |
| 479 | mbedtls_rsa_init(&ctx2); |
| 480 | memset(output, 0x00, sizeof(output)); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 481 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 482 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 483 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 484 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 485 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
Gilles Peskine | 058d009 | 2021-06-09 16:24:35 +0200 | [diff] [blame] | 486 | |
| 487 | /* Check test data consistency */ |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 488 | TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); |
| 489 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 490 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 491 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 492 | |
Janos Follath | 55be79b | 2024-08-21 13:24:01 +0100 | [diff] [blame^] | 493 | #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) |
| 494 | mbedtls_mpi_optionally_safe_codepath_reset(); |
| 495 | #endif |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 496 | TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); |
Janos Follath | 55be79b | 2024-08-21 13:24:01 +0100 | [diff] [blame^] | 497 | #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) |
| 498 | TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_PUBLIC); |
| 499 | #endif |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 500 | if (result == 0) { |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 501 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 502 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 503 | ctx.len, result_str->len) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 504 | } |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 505 | |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 506 | /* And now with the copy */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 507 | TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 508 | /* clear the original to be sure */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 509 | mbedtls_rsa_free(&ctx); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 510 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 511 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 512 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 513 | memset(output, 0x00, sizeof(output)); |
| 514 | TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result); |
| 515 | if (result == 0) { |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 516 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 517 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 518 | ctx.len, result_str->len) == 0); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 519 | } |
| 520 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 521 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 522 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 523 | mbedtls_rsa_free(&ctx); |
| 524 | mbedtls_rsa_free(&ctx2); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 525 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 526 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 527 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 528 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 529 | void mbedtls_rsa_private(data_t *message_str, int mod, |
| 530 | char *input_P, char *input_Q, |
| 531 | char *input_N, char *input_E, |
| 532 | data_t *result_str, int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 533 | { |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 534 | unsigned char output[256]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 535 | mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 536 | mbedtls_mpi N, P, Q, E; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 537 | mbedtls_test_rnd_pseudo_info rnd_info; |
Manuel Pégourié-Gonnard | 735b8fc | 2013-09-13 12:57:23 +0200 | [diff] [blame] | 538 | int i; |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 539 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 540 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); |
| 541 | mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); |
| 542 | mbedtls_rsa_init(&ctx); |
| 543 | mbedtls_rsa_init(&ctx2); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 544 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 545 | memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 546 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 547 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 548 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 549 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 550 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 551 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 552 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); |
Gilles Peskine | 058d009 | 2021-06-09 16:24:35 +0200 | [diff] [blame] | 553 | |
| 554 | /* Check test data consistency */ |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 555 | TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); |
| 556 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); |
| 557 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 558 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
| 559 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 560 | |
Manuel Pégourié-Gonnard | 735b8fc | 2013-09-13 12:57:23 +0200 | [diff] [blame] | 561 | /* repeat three times to test updating of blinding values */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 562 | for (i = 0; i < 3; i++) { |
| 563 | memset(output, 0x00, sizeof(output)); |
Janos Follath | 55be79b | 2024-08-21 13:24:01 +0100 | [diff] [blame^] | 564 | #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) |
| 565 | mbedtls_mpi_optionally_safe_codepath_reset(); |
| 566 | #endif |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 567 | TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand, |
| 568 | &rnd_info, message_str->x, |
| 569 | output) == result); |
Janos Follath | 55be79b | 2024-08-21 13:24:01 +0100 | [diff] [blame^] | 570 | #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) |
| 571 | TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_SECRET); |
| 572 | #endif |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 573 | if (result == 0) { |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 574 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 575 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 576 | ctx.len, |
| 577 | result_str->len) == 0); |
Manuel Pégourié-Gonnard | 735b8fc | 2013-09-13 12:57:23 +0200 | [diff] [blame] | 578 | } |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 579 | } |
Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 580 | |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 581 | /* And now one more time with the copy */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 582 | TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 583 | /* clear the original to be sure */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 584 | mbedtls_rsa_free(&ctx); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 585 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 586 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 587 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 588 | memset(output, 0x00, sizeof(output)); |
| 589 | TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand, |
| 590 | &rnd_info, message_str->x, |
| 591 | output) == result); |
| 592 | if (result == 0) { |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 593 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 594 | TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| 595 | ctx2.len, |
| 596 | result_str->len) == 0); |
Manuel Pégourié-Gonnard | c4919bc | 2014-02-03 11:16:44 +0100 | [diff] [blame] | 597 | } |
| 598 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 599 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 600 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); |
| 601 | mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 602 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 603 | mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 604 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 605 | /* END_CASE */ |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 606 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 607 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 608 | void rsa_check_privkey_null() |
Paul Bakker | 37940d9f | 2009-07-10 22:38:58 +0000 | [diff] [blame] | 609 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 610 | mbedtls_rsa_context ctx; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 611 | memset(&ctx, 0x00, sizeof(mbedtls_rsa_context)); |
Paul Bakker | 37940d9f | 2009-07-10 22:38:58 +0000 | [diff] [blame] | 612 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 613 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); |
Paul Bakker | 37940d9f | 2009-07-10 22:38:58 +0000 | [diff] [blame] | 614 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 615 | /* END_CASE */ |
Paul Bakker | 37940d9f | 2009-07-10 22:38:58 +0000 | [diff] [blame] | 616 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 617 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 618 | void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 619 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 620 | mbedtls_rsa_context ctx; |
Hanno Becker | ceb7a9d | 2017-08-23 08:33:08 +0100 | [diff] [blame] | 621 | mbedtls_mpi N, E; |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 622 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 623 | mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); |
| 624 | mbedtls_rsa_init(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 625 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 626 | if (strlen(input_N)) { |
| 627 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 628 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 629 | if (strlen(input_E)) { |
| 630 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 631 | } |
| 632 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 633 | TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); |
| 634 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result); |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 635 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 636 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 637 | mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); |
| 638 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 639 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 640 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 641 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 642 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 643 | void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q, |
| 644 | char *input_N, char *input_E, char *input_D, |
| 645 | char *input_DP, char *input_DQ, char *input_QP, |
| 646 | int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 647 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 648 | mbedtls_rsa_context ctx; |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 649 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 650 | mbedtls_rsa_init(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 651 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 652 | ctx.len = mod / 8; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 653 | if (strlen(input_P)) { |
| 654 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 655 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 656 | if (strlen(input_Q)) { |
| 657 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 658 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 659 | if (strlen(input_N)) { |
| 660 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 661 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 662 | if (strlen(input_E)) { |
| 663 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 664 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 665 | if (strlen(input_D)) { |
| 666 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 667 | } |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 668 | #if !defined(MBEDTLS_RSA_NO_CRT) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 669 | if (strlen(input_DP)) { |
| 670 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0); |
Paul Bakker | 31417a7 | 2012-09-27 20:41:37 +0000 | [diff] [blame] | 671 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 672 | if (strlen(input_DQ)) { |
| 673 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0); |
Paul Bakker | 31417a7 | 2012-09-27 20:41:37 +0000 | [diff] [blame] | 674 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 675 | if (strlen(input_QP)) { |
| 676 | TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0); |
Paul Bakker | 31417a7 | 2012-09-27 20:41:37 +0000 | [diff] [blame] | 677 | } |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 678 | #else |
Werner Lewis | f65a327 | 2022-07-07 11:38:44 +0100 | [diff] [blame] | 679 | ((void) input_DP); |
| 680 | ((void) input_DQ); |
| 681 | ((void) input_QP); |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 682 | #endif |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 683 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 684 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result); |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 685 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 686 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 687 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 688 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 689 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 690 | |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 691 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 692 | void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub, |
| 693 | char *input_P, char *input_Q, char *input_N, |
| 694 | char *input_E, char *input_D, char *input_DP, |
| 695 | char *input_DQ, char *input_QP, int result) |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 696 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 697 | mbedtls_rsa_context pub, prv; |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 698 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 699 | mbedtls_rsa_init(&pub); |
| 700 | mbedtls_rsa_init(&prv); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 701 | |
| 702 | pub.len = mod / 8; |
| 703 | prv.len = mod / 8; |
| 704 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 705 | if (strlen(input_Npub)) { |
| 706 | TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 707 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 708 | if (strlen(input_Epub)) { |
| 709 | TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 710 | } |
| 711 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 712 | if (strlen(input_P)) { |
| 713 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 714 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 715 | if (strlen(input_Q)) { |
| 716 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 717 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 718 | if (strlen(input_N)) { |
| 719 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 720 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 721 | if (strlen(input_E)) { |
| 722 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 723 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 724 | if (strlen(input_D)) { |
| 725 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 726 | } |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 727 | #if !defined(MBEDTLS_RSA_NO_CRT) |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 728 | if (strlen(input_DP)) { |
| 729 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 730 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 731 | if (strlen(input_DQ)) { |
| 732 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 733 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 734 | if (strlen(input_QP)) { |
| 735 | TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 736 | } |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 737 | #else |
Werner Lewis | f65a327 | 2022-07-07 11:38:44 +0100 | [diff] [blame] | 738 | ((void) input_DP); |
| 739 | ((void) input_DQ); |
| 740 | ((void) input_QP); |
Hanno Becker | 131134f | 2017-08-23 08:31:07 +0100 | [diff] [blame] | 741 | #endif |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 742 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 743 | TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 744 | |
| 745 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 746 | mbedtls_rsa_free(&pub); |
| 747 | mbedtls_rsa_free(&prv); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 748 | } |
| 749 | /* END_CASE */ |
| 750 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 751 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 752 | void mbedtls_rsa_gen_key(int nrbits, int exponent, int result) |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 753 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 754 | mbedtls_rsa_context ctx; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 755 | mbedtls_rsa_init(&ctx); |
Paul Bakker | c0a1a31 | 2011-12-04 17:12:15 +0000 | [diff] [blame] | 756 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 757 | /* This test uses an insecure RNG, suitable only for testing. |
| 758 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 759 | TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, |
| 760 | exponent) == result); |
| 761 | if (result == 0) { |
| 762 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); |
| 763 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 764 | } |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 765 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 766 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 767 | mbedtls_rsa_free(&ctx); |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 768 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 769 | /* END_CASE */ |
Paul Bakker | 821fb08 | 2009-07-12 13:26:42 +0000 | [diff] [blame] | 770 | |
Manuel Pégourié-Gonnard | 1d1174a | 2022-07-16 08:41:34 +0200 | [diff] [blame] | 771 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 772 | void mbedtls_rsa_deduce_primes(char *input_N, |
| 773 | char *input_D, |
| 774 | char *input_E, |
| 775 | char *output_P, |
| 776 | char *output_Q, |
| 777 | int corrupt, int result) |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 778 | { |
| 779 | mbedtls_mpi N, P, Pp, Q, Qp, D, E; |
| 780 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 781 | mbedtls_mpi_init(&N); |
| 782 | mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); |
| 783 | mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp); |
| 784 | mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 785 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 786 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 787 | TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); |
| 788 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 789 | TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0); |
| 790 | TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0); |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 791 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 792 | if (corrupt) { |
| 793 | TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0); |
| 794 | } |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 795 | |
| 796 | /* Try to deduce P, Q from N, D, E only. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 797 | TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result); |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 798 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 799 | if (!corrupt) { |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 800 | /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 801 | TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) || |
| 802 | (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0)); |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 803 | } |
| 804 | |
| 805 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 806 | mbedtls_mpi_free(&N); |
| 807 | mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); |
| 808 | mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp); |
| 809 | mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); |
Hanno Becker | e78fd8d | 2017-08-23 11:00:44 +0100 | [diff] [blame] | 810 | } |
| 811 | /* END_CASE */ |
| 812 | |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 813 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 814 | void mbedtls_rsa_deduce_private_exponent(char *input_P, |
| 815 | char *input_Q, |
| 816 | char *input_E, |
| 817 | char *output_D, |
| 818 | int corrupt, int result) |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 819 | { |
| 820 | mbedtls_mpi P, Q, D, Dp, E, R, Rp; |
| 821 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 822 | mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); |
| 823 | mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp); |
| 824 | mbedtls_mpi_init(&E); |
| 825 | mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 826 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 827 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 828 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 829 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 830 | TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 831 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 832 | if (corrupt) { |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 833 | /* Make E even */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 834 | TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 835 | } |
| 836 | |
| 837 | /* Try to deduce D from N, P, Q, E. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 838 | TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q, |
| 839 | &E, &D) == result); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 840 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 841 | if (!corrupt) { |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 842 | /* |
| 843 | * Check that D and Dp agree modulo LCM(P-1, Q-1). |
| 844 | */ |
| 845 | |
| 846 | /* Replace P,Q by P-1, Q-1 */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 847 | TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0); |
| 848 | TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 849 | |
| 850 | /* Check D == Dp modulo P-1 */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 851 | TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0); |
| 852 | TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0); |
| 853 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 854 | |
| 855 | /* Check D == Dp modulo Q-1 */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 856 | TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0); |
| 857 | TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0); |
| 858 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 859 | } |
| 860 | |
| 861 | exit: |
| 862 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 863 | mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); |
| 864 | mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp); |
| 865 | mbedtls_mpi_free(&E); |
| 866 | mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp); |
Hanno Becker | 6b4ce49 | 2017-08-23 11:00:21 +0100 | [diff] [blame] | 867 | } |
| 868 | /* END_CASE */ |
| 869 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 870 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 871 | void mbedtls_rsa_import(char *input_N, |
| 872 | char *input_P, |
| 873 | char *input_Q, |
| 874 | char *input_D, |
| 875 | char *input_E, |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 876 | int bitlen, |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 877 | int successive, |
| 878 | int is_priv, |
| 879 | int res_check, |
| 880 | int res_complete) |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 881 | { |
| 882 | mbedtls_mpi N, P, Q, D, E; |
| 883 | mbedtls_rsa_context ctx; |
| 884 | |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 885 | /* Buffers used for encryption-decryption test */ |
| 886 | unsigned char *buf_orig = NULL; |
| 887 | unsigned char *buf_enc = NULL; |
| 888 | unsigned char *buf_dec = NULL; |
| 889 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 890 | const int have_N = (strlen(input_N) > 0); |
| 891 | const int have_P = (strlen(input_P) > 0); |
| 892 | const int have_Q = (strlen(input_Q) > 0); |
| 893 | const int have_D = (strlen(input_D) > 0); |
| 894 | const int have_E = (strlen(input_E) > 0); |
Hanno Becker | 4d6e834 | 2017-09-29 11:50:18 +0100 | [diff] [blame] | 895 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 896 | mbedtls_rsa_init(&ctx); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 897 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 898 | mbedtls_mpi_init(&N); |
| 899 | mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); |
| 900 | mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 901 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 902 | if (have_N) { |
| 903 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 904 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 905 | |
| 906 | if (have_P) { |
| 907 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 908 | } |
| 909 | |
| 910 | if (have_Q) { |
| 911 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 912 | } |
| 913 | |
| 914 | if (have_D) { |
| 915 | TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); |
| 916 | } |
| 917 | |
| 918 | if (have_E) { |
| 919 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 920 | } |
| 921 | |
| 922 | if (!successive) { |
| 923 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 924 | have_N ? &N : NULL, |
| 925 | have_P ? &P : NULL, |
| 926 | have_Q ? &Q : NULL, |
| 927 | have_D ? &D : NULL, |
| 928 | have_E ? &E : NULL) == 0); |
| 929 | } else { |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 930 | /* Import N, P, Q, D, E separately. |
| 931 | * This should make no functional difference. */ |
| 932 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 933 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 934 | have_N ? &N : NULL, |
| 935 | NULL, NULL, NULL, NULL) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 936 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 937 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 938 | NULL, |
| 939 | have_P ? &P : NULL, |
| 940 | NULL, NULL, NULL) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 941 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 942 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 943 | NULL, NULL, |
| 944 | have_Q ? &Q : NULL, |
| 945 | NULL, NULL) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 946 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 947 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 948 | NULL, NULL, NULL, |
| 949 | have_D ? &D : NULL, |
| 950 | NULL) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 951 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 952 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 953 | NULL, NULL, NULL, NULL, |
| 954 | have_E ? &E : NULL) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 955 | } |
| 956 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 957 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 958 | |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 959 | /* On expected success, perform some public and private |
| 960 | * key operations to check if the key is working properly. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 961 | if (res_complete == 0) { |
Gilles Peskine | 19f1adf | 2024-02-01 22:17:44 +0100 | [diff] [blame] | 962 | TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen); |
| 963 | TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8); |
| 964 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 965 | if (is_priv) { |
| 966 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); |
| 967 | } else { |
| 968 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); |
| 969 | } |
Hanno Becker | 04877a4 | 2017-10-11 10:01:33 +0100 | [diff] [blame] | 970 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 971 | if (res_check != 0) { |
Hanno Becker | 04877a4 | 2017-10-11 10:01:33 +0100 | [diff] [blame] | 972 | goto exit; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 973 | } |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 974 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 975 | buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 976 | buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 977 | buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 978 | if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 979 | goto exit; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 980 | } |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 981 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 982 | /* This test uses an insecure RNG, suitable only for testing. |
| 983 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 984 | TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, |
| 985 | buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 986 | |
| 987 | /* Make sure the number we're generating is smaller than the modulus */ |
| 988 | buf_orig[0] = 0x00; |
| 989 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 990 | TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 991 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 992 | if (is_priv) { |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 993 | /* This test uses an insecure RNG, suitable only for testing. |
| 994 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 995 | TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, |
| 996 | NULL, buf_enc, |
| 997 | buf_dec) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 998 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 999 | TEST_ASSERT(memcmp(buf_orig, buf_dec, |
| 1000 | mbedtls_rsa_get_len(&ctx)) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1001 | } |
| 1002 | } |
| 1003 | |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1004 | exit: |
| 1005 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1006 | mbedtls_free(buf_orig); |
| 1007 | mbedtls_free(buf_enc); |
| 1008 | mbedtls_free(buf_dec); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1009 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1010 | mbedtls_rsa_free(&ctx); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1011 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1012 | mbedtls_mpi_free(&N); |
| 1013 | mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); |
| 1014 | mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1015 | } |
| 1016 | /* END_CASE */ |
| 1017 | |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1018 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1019 | void mbedtls_rsa_export(char *input_N, |
| 1020 | char *input_P, |
| 1021 | char *input_Q, |
| 1022 | char *input_D, |
| 1023 | char *input_E, |
| 1024 | int is_priv, |
| 1025 | int successive) |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1026 | { |
| 1027 | /* Original MPI's with which we set up the RSA context */ |
| 1028 | mbedtls_mpi N, P, Q, D, E; |
| 1029 | |
| 1030 | /* Exported MPI's */ |
| 1031 | mbedtls_mpi Ne, Pe, Qe, De, Ee; |
| 1032 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1033 | const int have_N = (strlen(input_N) > 0); |
| 1034 | const int have_P = (strlen(input_P) > 0); |
| 1035 | const int have_Q = (strlen(input_Q) > 0); |
| 1036 | const int have_D = (strlen(input_D) > 0); |
| 1037 | const int have_E = (strlen(input_E) > 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1038 | |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1039 | mbedtls_rsa_context ctx; |
| 1040 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1041 | mbedtls_rsa_init(&ctx); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1042 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1043 | mbedtls_mpi_init(&N); |
| 1044 | mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); |
| 1045 | mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1046 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1047 | mbedtls_mpi_init(&Ne); |
| 1048 | mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe); |
| 1049 | mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1050 | |
| 1051 | /* Setup RSA context */ |
| 1052 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1053 | if (have_N) { |
| 1054 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 1055 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1056 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1057 | if (have_P) { |
| 1058 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 1059 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1060 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1061 | if (have_Q) { |
| 1062 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 1063 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1064 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1065 | if (have_D) { |
| 1066 | TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); |
| 1067 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1068 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1069 | if (have_E) { |
| 1070 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 1071 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1072 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1073 | TEST_ASSERT(mbedtls_rsa_import(&ctx, |
| 1074 | strlen(input_N) ? &N : NULL, |
| 1075 | strlen(input_P) ? &P : NULL, |
| 1076 | strlen(input_Q) ? &Q : NULL, |
| 1077 | strlen(input_D) ? &D : NULL, |
| 1078 | strlen(input_E) ? &E : NULL) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1079 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1080 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1081 | |
| 1082 | /* |
| 1083 | * Export parameters and compare to original ones. |
| 1084 | */ |
| 1085 | |
| 1086 | /* N and E must always be present. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1087 | if (!successive) { |
| 1088 | TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0); |
| 1089 | } else { |
| 1090 | TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0); |
| 1091 | TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1092 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1093 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0); |
| 1094 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1095 | |
| 1096 | /* If we were providing enough information to setup a complete private context, |
| 1097 | * we expect to be able to export all core parameters. */ |
| 1098 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1099 | if (is_priv) { |
| 1100 | if (!successive) { |
| 1101 | TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe, |
| 1102 | &De, NULL) == 0); |
| 1103 | } else { |
| 1104 | TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL, |
| 1105 | NULL, NULL) == 0); |
| 1106 | TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe, |
| 1107 | NULL, NULL) == 0); |
| 1108 | TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, |
| 1109 | &De, NULL) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1110 | } |
| 1111 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1112 | if (have_P) { |
| 1113 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0); |
| 1114 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1115 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1116 | if (have_Q) { |
| 1117 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0); |
| 1118 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1119 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1120 | if (have_D) { |
| 1121 | TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0); |
| 1122 | } |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1123 | |
| 1124 | /* While at it, perform a sanity check */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1125 | TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee, |
| 1126 | NULL, NULL) == 0); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1127 | } |
| 1128 | |
| 1129 | exit: |
| 1130 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1131 | mbedtls_rsa_free(&ctx); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1132 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1133 | mbedtls_mpi_free(&N); |
| 1134 | mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); |
| 1135 | mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1136 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1137 | mbedtls_mpi_free(&Ne); |
| 1138 | mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe); |
| 1139 | mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee); |
Hanno Becker | 417f2d6 | 2017-08-23 11:44:51 +0100 | [diff] [blame] | 1140 | } |
| 1141 | /* END_CASE */ |
| 1142 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1143 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1144 | void mbedtls_rsa_validate_params(char *input_N, |
| 1145 | char *input_P, |
| 1146 | char *input_Q, |
| 1147 | char *input_D, |
| 1148 | char *input_E, |
| 1149 | int prng, int result) |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1150 | { |
| 1151 | /* Original MPI's with which we set up the RSA context */ |
| 1152 | mbedtls_mpi N, P, Q, D, E; |
| 1153 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1154 | const int have_N = (strlen(input_N) > 0); |
| 1155 | const int have_P = (strlen(input_P) > 0); |
| 1156 | const int have_Q = (strlen(input_Q) > 0); |
| 1157 | const int have_D = (strlen(input_D) > 0); |
| 1158 | const int have_E = (strlen(input_E) > 0); |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1159 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1160 | mbedtls_mpi_init(&N); |
| 1161 | mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); |
| 1162 | mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1163 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1164 | if (have_N) { |
| 1165 | TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); |
| 1166 | } |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1167 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1168 | if (have_P) { |
| 1169 | TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); |
| 1170 | } |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1171 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1172 | if (have_Q) { |
| 1173 | TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); |
| 1174 | } |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1175 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1176 | if (have_D) { |
| 1177 | TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); |
| 1178 | } |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1179 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1180 | if (have_E) { |
| 1181 | TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); |
| 1182 | } |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1183 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1184 | /* This test uses an insecure RNG, suitable only for testing. |
| 1185 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1186 | TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL, |
| 1187 | have_P ? &P : NULL, |
| 1188 | have_Q ? &Q : NULL, |
| 1189 | have_D ? &D : NULL, |
| 1190 | have_E ? &E : NULL, |
| 1191 | prng ? mbedtls_test_rnd_std_rand : NULL, |
| 1192 | prng ? NULL : NULL) == result); |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1193 | |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1194 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1195 | mbedtls_mpi_free(&N); |
| 1196 | mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); |
| 1197 | mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); |
Hanno Becker | ce00263 | 2017-08-23 13:22:36 +0100 | [diff] [blame] | 1198 | } |
| 1199 | /* END_CASE */ |
| 1200 | |
Manuel Pégourié-Gonnard | 1d1174a | 2022-07-16 08:41:34 +0200 | [diff] [blame] | 1201 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1202 | void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P, |
| 1203 | data_t *input_Q, data_t *input_D, |
| 1204 | data_t *input_E, int is_priv, |
| 1205 | int successive) |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1206 | { |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1207 | /* Exported buffers */ |
Ron Eldor | fdc15bd | 2018-11-22 15:47:51 +0200 | [diff] [blame] | 1208 | unsigned char bufNe[256]; |
| 1209 | unsigned char bufPe[128]; |
| 1210 | unsigned char bufQe[128]; |
| 1211 | unsigned char bufDe[256]; |
| 1212 | unsigned char bufEe[1]; |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1213 | |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1214 | mbedtls_rsa_context ctx; |
| 1215 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1216 | mbedtls_rsa_init(&ctx); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1217 | |
| 1218 | /* Setup RSA context */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1219 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1220 | input_N->len ? input_N->x : NULL, input_N->len, |
| 1221 | input_P->len ? input_P->x : NULL, input_P->len, |
| 1222 | input_Q->len ? input_Q->x : NULL, input_Q->len, |
| 1223 | input_D->len ? input_D->x : NULL, input_D->len, |
| 1224 | input_E->len ? input_E->x : NULL, input_E->len) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1225 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1226 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1227 | |
| 1228 | /* |
| 1229 | * Export parameters and compare to original ones. |
| 1230 | */ |
| 1231 | |
| 1232 | /* N and E must always be present. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1233 | if (!successive) { |
| 1234 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, |
| 1235 | NULL, 0, NULL, 0, NULL, 0, |
| 1236 | bufEe, input_E->len) == 0); |
| 1237 | } else { |
| 1238 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, |
| 1239 | NULL, 0, NULL, 0, NULL, 0, |
| 1240 | NULL, 0) == 0); |
| 1241 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, |
| 1242 | NULL, 0, NULL, 0, NULL, 0, |
| 1243 | bufEe, input_E->len) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1244 | } |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1245 | TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0); |
| 1246 | TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1247 | |
| 1248 | /* If we were providing enough information to setup a complete private context, |
| 1249 | * we expect to be able to export all core parameters. */ |
| 1250 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1251 | if (is_priv) { |
| 1252 | if (!successive) { |
| 1253 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, |
| 1254 | bufPe, input_P->len ? input_P->len : sizeof(bufPe), |
| 1255 | bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), |
| 1256 | bufDe, input_D->len ? input_D->len : sizeof(bufDe), |
| 1257 | NULL, 0) == 0); |
| 1258 | } else { |
| 1259 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, |
| 1260 | bufPe, input_P->len ? input_P->len : sizeof(bufPe), |
| 1261 | NULL, 0, NULL, 0, |
| 1262 | NULL, 0) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1263 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1264 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, |
| 1265 | bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), |
| 1266 | NULL, 0, NULL, 0) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1267 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1268 | TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0, |
| 1269 | bufDe, input_D->len ? input_D->len : sizeof(bufDe), |
| 1270 | NULL, 0) == 0); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1271 | } |
| 1272 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1273 | if (input_P->len) { |
| 1274 | TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0); |
| 1275 | } |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1276 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1277 | if (input_Q->len) { |
| 1278 | TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0); |
| 1279 | } |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1280 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1281 | if (input_D->len) { |
| 1282 | TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0); |
| 1283 | } |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1284 | |
| 1285 | } |
| 1286 | |
| 1287 | exit: |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1288 | mbedtls_rsa_free(&ctx); |
Hanno Becker | f1b9a2c | 2017-08-23 11:49:22 +0100 | [diff] [blame] | 1289 | } |
| 1290 | /* END_CASE */ |
| 1291 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1292 | /* BEGIN_CASE */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1293 | void mbedtls_rsa_import_raw(data_t *input_N, |
| 1294 | data_t *input_P, data_t *input_Q, |
| 1295 | data_t *input_D, data_t *input_E, |
| 1296 | int successive, |
| 1297 | int is_priv, |
| 1298 | int res_check, |
| 1299 | int res_complete) |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1300 | { |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1301 | /* Buffers used for encryption-decryption test */ |
| 1302 | unsigned char *buf_orig = NULL; |
| 1303 | unsigned char *buf_enc = NULL; |
| 1304 | unsigned char *buf_dec = NULL; |
| 1305 | |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1306 | mbedtls_rsa_context ctx; |
Hanno Becker | 3f3ae85 | 2017-10-02 10:08:39 +0100 | [diff] [blame] | 1307 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1308 | mbedtls_rsa_init(&ctx); |
Hanno Becker | 3f3ae85 | 2017-10-02 10:08:39 +0100 | [diff] [blame] | 1309 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1310 | if (!successive) { |
| 1311 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1312 | (input_N->len > 0) ? input_N->x : NULL, input_N->len, |
| 1313 | (input_P->len > 0) ? input_P->x : NULL, input_P->len, |
| 1314 | (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, |
| 1315 | (input_D->len > 0) ? input_D->x : NULL, input_D->len, |
| 1316 | (input_E->len > 0) ? input_E->x : NULL, |
| 1317 | input_E->len) == 0); |
| 1318 | } else { |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1319 | /* Import N, P, Q, D, E separately. |
| 1320 | * This should make no functional difference. */ |
| 1321 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1322 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1323 | (input_N->len > 0) ? input_N->x : NULL, input_N->len, |
| 1324 | NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1325 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1326 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1327 | NULL, 0, |
| 1328 | (input_P->len > 0) ? input_P->x : NULL, input_P->len, |
| 1329 | NULL, 0, NULL, 0, NULL, 0) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1330 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1331 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1332 | NULL, 0, NULL, 0, |
| 1333 | (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, |
| 1334 | NULL, 0, NULL, 0) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1335 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1336 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1337 | NULL, 0, NULL, 0, NULL, 0, |
| 1338 | (input_D->len > 0) ? input_D->x : NULL, input_D->len, |
| 1339 | NULL, 0) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1340 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1341 | TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, |
| 1342 | NULL, 0, NULL, 0, NULL, 0, NULL, 0, |
| 1343 | (input_E->len > 0) ? input_E->x : NULL, |
| 1344 | input_E->len) == 0); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1345 | } |
| 1346 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1347 | TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1348 | |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1349 | /* On expected success, perform some public and private |
| 1350 | * key operations to check if the key is working properly. */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1351 | if (res_complete == 0) { |
| 1352 | if (is_priv) { |
| 1353 | TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); |
| 1354 | } else { |
| 1355 | TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); |
| 1356 | } |
Hanno Becker | 04877a4 | 2017-10-11 10:01:33 +0100 | [diff] [blame] | 1357 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1358 | if (res_check != 0) { |
Hanno Becker | 04877a4 | 2017-10-11 10:01:33 +0100 | [diff] [blame] | 1359 | goto exit; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1360 | } |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1361 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1362 | buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 1363 | buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 1364 | buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); |
| 1365 | if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1366 | goto exit; |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1367 | } |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1368 | |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1369 | /* This test uses an insecure RNG, suitable only for testing. |
| 1370 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1371 | TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, |
| 1372 | buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1373 | |
| 1374 | /* Make sure the number we're generating is smaller than the modulus */ |
| 1375 | buf_orig[0] = 0x00; |
| 1376 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1377 | TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1378 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1379 | if (is_priv) { |
Manuel Pégourié-Gonnard | 5ef4e8d | 2022-07-16 08:57:19 +0200 | [diff] [blame] | 1380 | /* This test uses an insecure RNG, suitable only for testing. |
| 1381 | * In production, always use a cryptographically strong RNG! */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1382 | TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, |
| 1383 | NULL, buf_enc, |
| 1384 | buf_dec) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1385 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1386 | TEST_ASSERT(memcmp(buf_orig, buf_dec, |
| 1387 | mbedtls_rsa_get_len(&ctx)) == 0); |
Hanno Becker | e1582a8 | 2017-09-29 11:51:05 +0100 | [diff] [blame] | 1388 | } |
| 1389 | } |
| 1390 | |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1391 | exit: |
| 1392 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1393 | mbedtls_free(buf_orig); |
| 1394 | mbedtls_free(buf_enc); |
| 1395 | mbedtls_free(buf_dec); |
Hanno Becker | 3f3ae85 | 2017-10-02 10:08:39 +0100 | [diff] [blame] | 1396 | |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1397 | mbedtls_rsa_free(&ctx); |
Hanno Becker | c77ab89 | 2017-08-23 11:01:06 +0100 | [diff] [blame] | 1398 | } |
| 1399 | /* END_CASE */ |
| 1400 | |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1401 | /* BEGIN_CASE */ |
Valerio Setti | 6d597f1 | 2024-01-24 13:44:41 +0100 | [diff] [blame] | 1402 | void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) |
Valerio Setti | 6def24c | 2024-01-24 12:33:04 +0100 | [diff] [blame] | 1403 | { |
| 1404 | mbedtls_rsa_context rsa_ctx; |
Valerio Setti | 6d597f1 | 2024-01-24 13:44:41 +0100 | [diff] [blame] | 1405 | |
Valerio Setti | 6def24c | 2024-01-24 12:33:04 +0100 | [diff] [blame] | 1406 | mbedtls_rsa_init(&rsa_ctx); |
| 1407 | |
Valerio Setti | 6d597f1 | 2024-01-24 13:44:41 +0100 | [diff] [blame] | 1408 | if (is_public) { |
Valerio Setti | 201e643 | 2024-02-01 17:19:37 +0100 | [diff] [blame] | 1409 | TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val); |
Valerio Setti | 6d597f1 | 2024-01-24 13:44:41 +0100 | [diff] [blame] | 1410 | } else { |
Valerio Setti | 135ebde | 2024-02-01 17:00:29 +0100 | [diff] [blame] | 1411 | TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); |
Valerio Setti | 6d597f1 | 2024-01-24 13:44:41 +0100 | [diff] [blame] | 1412 | } |
Valerio Setti | 6def24c | 2024-01-24 12:33:04 +0100 | [diff] [blame] | 1413 | |
| 1414 | exit: |
| 1415 | mbedtls_rsa_free(&rsa_ctx); |
| 1416 | } |
| 1417 | /* END_CASE */ |
| 1418 | |
| 1419 | /* BEGIN_CASE */ |
Valerio Setti | 1533c3f | 2024-01-24 11:24:20 +0100 | [diff] [blame] | 1420 | void rsa_parse_write_pkcs1_key(int is_public, data_t *input) |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1421 | { |
| 1422 | mbedtls_rsa_context rsa_ctx; |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1423 | unsigned char *output_buf = NULL; |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1424 | unsigned char *output_end, *output_p; |
| 1425 | size_t output_len; |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1426 | |
| 1427 | mbedtls_rsa_init(&rsa_ctx); |
| 1428 | |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1429 | TEST_CALLOC(output_buf, input->len); |
| 1430 | output_end = output_buf + input->len; |
| 1431 | output_p = output_end; |
| 1432 | |
Valerio Setti | 1533c3f | 2024-01-24 11:24:20 +0100 | [diff] [blame] | 1433 | /* Parse the key and write it back to output_buf. */ |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1434 | if (is_public) { |
Valerio Setti | 201e643 | 2024-02-01 17:19:37 +0100 | [diff] [blame] | 1435 | TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1436 | TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len); |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1437 | } else { |
Valerio Setti | 135ebde | 2024-02-01 17:00:29 +0100 | [diff] [blame] | 1438 | TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1439 | TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len); |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1440 | } |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1441 | output_len = output_end - output_p; |
Valerio Setti | 1533c3f | 2024-01-24 11:24:20 +0100 | [diff] [blame] | 1442 | |
| 1443 | /* Check that the written key matches with the one provided in input. */ |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1444 | TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len); |
Valerio Setti | 8e6093d | 2024-01-23 15:19:07 +0100 | [diff] [blame] | 1445 | |
| 1446 | exit: |
| 1447 | mbedtls_free(output_buf); |
| 1448 | mbedtls_rsa_free(&rsa_ctx); |
| 1449 | } |
| 1450 | /* END_CASE */ |
| 1451 | |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1452 | /* BEGIN_CASE */ |
| 1453 | void rsa_key_write_incremental(int is_public, data_t *input) |
| 1454 | { |
| 1455 | mbedtls_rsa_context rsa_ctx; |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1456 | unsigned char *buf = NULL, *end, *p; |
| 1457 | size_t i, written_data; |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1458 | |
| 1459 | mbedtls_rsa_init(&rsa_ctx); |
| 1460 | |
| 1461 | /* This is supposed to succeed as the real target of this test are the |
| 1462 | * write attempt below. */ |
| 1463 | if (is_public) { |
Valerio Setti | 201e643 | 2024-02-01 17:19:37 +0100 | [diff] [blame] | 1464 | TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1465 | } else { |
Valerio Setti | 135ebde | 2024-02-01 17:00:29 +0100 | [diff] [blame] | 1466 | TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1467 | } |
| 1468 | |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1469 | /* Test with an output buffer smaller than required. */ |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1470 | for (i = 1; i < input->len; i++) { |
| 1471 | TEST_CALLOC(buf, i); |
| 1472 | end = buf + i; |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1473 | p = end; |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1474 | /* We don't care much about the return value as long as it fails. */ |
| 1475 | if (is_public) { |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1476 | TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0); |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1477 | } else { |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1478 | TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0); |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1479 | } |
| 1480 | mbedtls_free(buf); |
| 1481 | buf = NULL; |
| 1482 | } |
| 1483 | |
Valerio Setti | c701cb2 | 2024-02-02 11:09:37 +0100 | [diff] [blame] | 1484 | /* Test with an output buffer equal or larger than what it is strictly required. */ |
| 1485 | for (i = input->len; i < (2 * input->len); i++) { |
| 1486 | TEST_CALLOC(buf, i); |
| 1487 | end = buf + i; |
| 1488 | p = end; |
| 1489 | /* This time all write functions must succeed. */ |
| 1490 | if (is_public) { |
| 1491 | TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0); |
| 1492 | } else { |
| 1493 | TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0); |
| 1494 | } |
| 1495 | written_data = (end - p); |
| 1496 | TEST_MEMORY_COMPARE(p, written_data, input->x, input->len); |
| 1497 | mbedtls_free(buf); |
| 1498 | buf = NULL; |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1499 | } |
| 1500 | |
| 1501 | exit: |
Valerio Setti | 56cfe2f | 2024-02-01 17:53:26 +0100 | [diff] [blame] | 1502 | mbedtls_free(buf); |
Valerio Setti | a888645 | 2024-01-30 17:35:49 +0100 | [diff] [blame] | 1503 | mbedtls_rsa_free(&rsa_ctx); |
| 1504 | } |
| 1505 | /* END_CASE */ |
| 1506 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1507 | /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1508 | void rsa_selftest() |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 1509 | { |
Manuel Pégourié-Gonnard | fb8d90a | 2023-03-16 10:47:59 +0100 | [diff] [blame] | 1510 | MD_PSA_INIT(); |
Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 1511 | TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); |
Manuel Pégourié-Gonnard | fb8d90a | 2023-03-16 10:47:59 +0100 | [diff] [blame] | 1512 | |
| 1513 | exit: |
| 1514 | MD_PSA_DONE(); |
Paul Bakker | 42a29bf | 2009-07-07 20:18:41 +0000 | [diff] [blame] | 1515 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1516 | /* END_CASE */ |