TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 71159f45ab8850eafb75a8f5ecb38a871b56a89b / . / tests / suites / test_suite_rsa.function
blob: a2fe6c8ac7e81dfec26b1668dcb925d3d4f18661 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Chris Jones66a4cd42021-03-09 16:04:12 +0000[diff] [blame]3#include "rsa_alt_helpers.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]4
Manuel Pégourié-Gonnard07018f92022-09-15 11:29:35 +0200[diff] [blame]5#include "mbedtls/legacy_or_psa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]6/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]7
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]8/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]9 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]10 * END_DEPENDENCIES
11 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]14void rsa_invalid_param()
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]15{
16 mbedtls_rsa_context ctx;
17 const int invalid_padding = 42;
18 const int invalid_hash_id = 0xff;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]19 unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
20 size_t buf_len = sizeof(buf);
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]21
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]22 mbedtls_rsa_init(&ctx);
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]23
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]24 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
25 invalid_padding,
26 MBEDTLS_MD_NONE),
27 MBEDTLS_ERR_RSA_INVALID_PADDING);
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]28
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]29 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
30 MBEDTLS_RSA_PKCS_V21,
31 invalid_hash_id),
32 MBEDTLS_ERR_RSA_INVALID_PADDING);
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]33
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]34 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL,
35 NULL, MBEDTLS_MD_NONE,
36 buf_len,
37 NULL, buf),
38 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]39
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]40 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL,
41 NULL, MBEDTLS_MD_SHA256,
42 0,
43 NULL, buf),
44 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]45
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]46 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE,
47 buf_len,
48 NULL, buf),
49 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]50
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]51 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256,
52 0,
53 NULL, buf),
54 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]55
Ronald Cron3a0375f2021-06-08 10:22:28 +0200[diff] [blame]56#if !defined(MBEDTLS_PKCS1_V15)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]57 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
58 MBEDTLS_RSA_PKCS_V15,
59 MBEDTLS_MD_NONE),
60 MBEDTLS_ERR_RSA_INVALID_PADDING);
Ronald Cron3a0375f2021-06-08 10:22:28 +0200[diff] [blame]61#endif
62
Tuvshinzaya Erdenekhuufe7524d2022-09-01 16:07:18 +0100[diff] [blame]63#if defined(MBEDTLS_PKCS1_V15)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]64 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
65 NULL, MBEDTLS_MD_NONE,
66 buf_len,
67 NULL, buf),
68 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]69
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]70 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
71 NULL, MBEDTLS_MD_SHA256,
72 0,
73 NULL, buf),
74 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]75
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]76 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE,
77 buf_len,
78 NULL, buf),
79 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]80
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]81 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256,
82 0,
83 NULL, buf),
84 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]85
86
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]87#endif
88
Ronald Cron3a0375f2021-06-08 10:22:28 +0200[diff] [blame]89#if !defined(MBEDTLS_PKCS1_V21)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]90 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
91 MBEDTLS_RSA_PKCS_V21,
92 MBEDTLS_MD_NONE),
93 MBEDTLS_ERR_RSA_INVALID_PADDING);
Ronald Cron3a0375f2021-06-08 10:22:28 +0200[diff] [blame]94#endif
95
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]96#if defined(MBEDTLS_PKCS1_V21)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]97 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
98 MBEDTLS_MD_NONE, buf_len,
99 NULL, buf_len,
100 buf),
101 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]102
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]103 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
104 MBEDTLS_MD_SHA256, 0,
105 NULL, buf_len,
106 buf),
107 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]108
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]109 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE,
110 buf_len, NULL,
111 MBEDTLS_MD_NONE,
112 buf_len, buf),
113 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]114
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]115 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256,
116 0, NULL,
117 MBEDTLS_MD_NONE,
118 buf_len, buf),
119 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu08b22342022-09-01 16:18:00 +0100[diff] [blame]120
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]121 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE,
122 buf_len,
123 NULL, buf),
124 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]125
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]126 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256,
127 0,
128 NULL, buf),
129 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
Tuvshinzaya Erdenekhuu7e2e2a92022-07-26 10:09:24 +0100[diff] [blame]130#endif
131
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]132exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]133 mbedtls_rsa_free(&ctx);
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]134}
135/* END_CASE */
136
137/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]138void rsa_init_free(int reinit)
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]139{
140 mbedtls_rsa_context ctx;
141
142 /* Double free is not explicitly documented to work, but we rely on it
143 * even inside the library so that you can call mbedtls_rsa_free()
144 * unconditionally on an error path without checking whether it has
145 * already been called in the success path. */
146
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]147 mbedtls_rsa_init(&ctx);
148 mbedtls_rsa_free(&ctx);
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]149
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]150 if (reinit) {
151 mbedtls_rsa_init(&ctx);
152 }
153 mbedtls_rsa_free(&ctx);
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]154
155 /* This test case always succeeds, functionally speaking. A plausible
156 * bug might trigger an invalid pointer dereference or a memory leak. */
157 goto exit;
158}
159/* END_CASE */
160
Manuel Pégourié-Gonnard236c4e22022-07-16 08:35:06 +0200[diff] [blame]161/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]162void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
163 int digest, int mod, char *input_P,
164 char *input_Q, char *input_N, char *input_E,
165 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]166{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]167 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]169 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]170 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]171
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]172 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
173 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
174 mbedtls_rsa_init(&ctx);
175 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
176 MBEDTLS_MD_NONE) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]177
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]178 memset(output, 0x00, sizeof(output));
179 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]180
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]181 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
182 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
183 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
184 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]185
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]186 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
187 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
188 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
189 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]190
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]191 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
192 &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info,
193 digest, message_str->len, message_str->x,
194 output) == result);
195 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]196
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]197 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
198 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]199 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]200
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]201exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]202 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
203 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
204 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]205}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]206/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]207
Manuel Pégourié-Gonnard236c4e22022-07-16 08:35:06 +0200[diff] [blame]208/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]209void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
210 int digest, int mod,
211 char *input_N, char *input_E,
212 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]213{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]214 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]215 mbedtls_mpi N, E;
216
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]217 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
218 mbedtls_rsa_init(&ctx);
219 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
220 MBEDTLS_MD_NONE) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]221
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]222 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
223 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
224 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
225 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
226 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]227
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]228 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
229 result_str->x) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]230
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]231exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]232 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
233 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]234}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]235/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]236
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]237
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]238/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]239void rsa_pkcs1_sign_raw(data_t *hash_result,
240 int padding_mode, int mod,
241 char *input_P, char *input_Q,
242 char *input_N, char *input_E,
243 data_t *result_str)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]244{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]245 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]247 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]248 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]249
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]250 mbedtls_rsa_init(&ctx);
251 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
252 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]253
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]254 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
255 MBEDTLS_MD_NONE) == 0);
Paul Elliotte57dd2d2021-06-25 11:13:24 +0100[diff] [blame]256
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]257 memset(output, 0x00, sizeof(output));
258 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]259
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]260 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
261 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
262 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
263 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]264
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]265 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
266 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
267 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
268 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]269
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]270
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]271 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
272 &rnd_info, MBEDTLS_MD_NONE,
273 hash_result->len,
274 hash_result->x, output) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]275
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]276
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]277 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
278 ctx.len, result_str->len) == 0);
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]279
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]280exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]281 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
282 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]283
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]284 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]285}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]286/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]287
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]288/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]289void rsa_pkcs1_verify_raw(data_t *hash_result,
290 int padding_mode, int mod,
291 char *input_N, char *input_E,
292 data_t *result_str, int correct)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]293{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]294 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]296
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]297 mbedtls_mpi N, E;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]298 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]299
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]300 mbedtls_rsa_init(&ctx);
301 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
302 MBEDTLS_MD_NONE) == 0);
303 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]304
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]305 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
306 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]307
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]308 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
309 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
310 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]311
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]312
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]313 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x,
314 result_str->x) == correct);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]315
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]316exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]317 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
318 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]319}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]320/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]321
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]322/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]323void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
324 int mod, char *input_N, char *input_E,
325 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]326{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]327 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]328 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]329 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]330
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]331 mbedtls_mpi N, E;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]332 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]333
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]334 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]335
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]336 mbedtls_rsa_init(&ctx);
337 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
338 MBEDTLS_MD_NONE) == 0);
339 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]340
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]341 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
342 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]343
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]344 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
345 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
346 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]348
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]349 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
350 &mbedtls_test_rnd_pseudo_rand,
351 &rnd_info, message_str->len,
352 message_str->x,
353 output) == result);
354 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]355
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]356 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
357 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]358 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]359
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]360exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]361 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
362 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]363}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]364/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]365
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]366/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]367void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
368 int mod, char *input_N, char *input_E,
369 data_t *result_str, int result)
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]370{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]371 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]372 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]373
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]374 mbedtls_mpi N, E;
375
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]376 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
377 mbedtls_rsa_init(&ctx);
378 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
379 MBEDTLS_MD_NONE) == 0);
380 memset(output, 0x00, sizeof(output));
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]381
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]382 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
383 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]384
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]385 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
386 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
387 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]388
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]389
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]390 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand,
391 NULL, message_str->len,
392 message_str->x,
393 output) == result);
394 if (result == 0) {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]395
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]396 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
397 ctx.len, result_str->len) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]398 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]399
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]400exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]401 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
402 mbedtls_rsa_free(&ctx);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]403}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]404/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]405
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]406/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]407void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
408 int mod, char *input_P,
409 char *input_Q, char *input_N,
410 char *input_E, int max_output,
411 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]412{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]413 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]415 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]416 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]417 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]418
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]419 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
420 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]421
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]422 mbedtls_rsa_init(&ctx);
423 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
424 MBEDTLS_MD_NONE) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]425
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]426 memset(output, 0x00, sizeof(output));
427 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]428
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]429
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]430 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
431 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
432 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
433 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]434
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]435 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
436 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
437 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
438 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]439
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]440 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]441
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]442 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand,
443 &rnd_info,
444 &output_len, message_str->x, output,
445 max_output) == result);
446 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]447
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]448 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
449 output_len,
450 result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]451 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]452
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]453exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]454 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
455 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
456 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]457}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]458/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]459
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]460/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]461void mbedtls_rsa_public(data_t *message_str, int mod,
462 char *input_N, char *input_E,
463 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]464{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]465 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]466 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]467
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]468 mbedtls_mpi N, E;
469
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]470 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
471 mbedtls_rsa_init(&ctx);
472 mbedtls_rsa_init(&ctx2);
473 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]474
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]475 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
476 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]477
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]478 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
Gilles Peskine058d0092021-06-09 16:24:35 +0200[diff] [blame]479
480 /* Check test data consistency */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]481 TEST_ASSERT(message_str->len == (size_t) (mod / 8));
482 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
483 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]484
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]485 TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
486 if (result == 0) {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]487
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]488 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
489 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]490 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]491
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]492 /* And now with the copy */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]493 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]494 /* clear the original to be sure */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]495 mbedtls_rsa_free(&ctx);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]496
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]497 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]498
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]499 memset(output, 0x00, sizeof(output));
500 TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result);
501 if (result == 0) {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]502
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]503 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
504 ctx.len, result_str->len) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]505 }
506
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]507exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]508 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
509 mbedtls_rsa_free(&ctx);
510 mbedtls_rsa_free(&ctx2);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]511}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]512/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]513
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]514/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]515void mbedtls_rsa_private(data_t *message_str, int mod,
516 char *input_P, char *input_Q,
517 char *input_N, char *input_E,
518 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]519{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]520 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]521 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]522 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]523 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]524 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]525
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]526 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
527 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
528 mbedtls_rsa_init(&ctx);
529 mbedtls_rsa_init(&ctx2);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]530
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]531 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]532
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]533 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
534 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
535 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
536 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]537
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]538 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
Gilles Peskine058d0092021-06-09 16:24:35 +0200[diff] [blame]539
540 /* Check test data consistency */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]541 TEST_ASSERT(message_str->len == (size_t) (mod / 8));
542 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
543 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
544 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]545
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]546 /* repeat three times to test updating of blinding values */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]547 for (i = 0; i < 3; i++) {
548 memset(output, 0x00, sizeof(output));
549 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand,
550 &rnd_info, message_str->x,
551 output) == result);
552 if (result == 0) {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]553
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]554 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
555 ctx.len,
556 result_str->len) == 0);
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]557 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]558 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]559
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]560 /* And now one more time with the copy */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]561 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]562 /* clear the original to be sure */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]563 mbedtls_rsa_free(&ctx);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]564
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]565 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]566
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]567 memset(output, 0x00, sizeof(output));
568 TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand,
569 &rnd_info, message_str->x,
570 output) == result);
571 if (result == 0) {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]572
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]573 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
574 ctx2.len,
575 result_str->len) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]576 }
577
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]578exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]579 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
580 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]581
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]582 mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]583}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]584/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]585
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]586/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]587void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]588{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]589 mbedtls_rsa_context ctx;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]590 memset(&ctx, 0x00, sizeof(mbedtls_rsa_context));
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]591
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]592 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]593}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]594/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]595
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]596/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]597void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]598{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]599 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]600 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]601
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]602 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
603 mbedtls_rsa_init(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]604
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]605 if (strlen(input_N)) {
606 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]607 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]608 if (strlen(input_E)) {
609 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]610 }
611
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]612 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
613 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]614
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]615exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]616 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
617 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]618}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]619/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]620
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]621/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]622void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q,
623 char *input_N, char *input_E, char *input_D,
624 char *input_DP, char *input_DQ, char *input_QP,
625 int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]626{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]627 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]628
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]629 mbedtls_rsa_init(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]630
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]631 ctx.len = mod / 8;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]632 if (strlen(input_P)) {
633 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]634 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]635 if (strlen(input_Q)) {
636 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]637 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]638 if (strlen(input_N)) {
639 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]640 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]641 if (strlen(input_E)) {
642 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]643 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]644 if (strlen(input_D)) {
645 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]646 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]647#if !defined(MBEDTLS_RSA_NO_CRT)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]648 if (strlen(input_DP)) {
649 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]650 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]651 if (strlen(input_DQ)) {
652 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]653 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]654 if (strlen(input_QP)) {
655 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]656 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]657#else
Werner Lewisf65a3272022-07-07 11:38:44 +0100[diff] [blame]658 ((void) input_DP);
659 ((void) input_DQ);
660 ((void) input_QP);
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]661#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]662
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]663 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]664
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]665exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]666 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]667}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]668/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]669
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]670/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]671void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub,
672 char *input_P, char *input_Q, char *input_N,
673 char *input_E, char *input_D, char *input_DP,
674 char *input_DQ, char *input_QP, int result)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]675{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]676 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]677
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]678 mbedtls_rsa_init(&pub);
679 mbedtls_rsa_init(&prv);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]680
681 pub.len = mod / 8;
682 prv.len = mod / 8;
683
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]684 if (strlen(input_Npub)) {
685 TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]686 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]687 if (strlen(input_Epub)) {
688 TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]689 }
690
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]691 if (strlen(input_P)) {
692 TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]693 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]694 if (strlen(input_Q)) {
695 TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]696 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]697 if (strlen(input_N)) {
698 TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]699 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]700 if (strlen(input_E)) {
701 TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]702 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]703 if (strlen(input_D)) {
704 TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]705 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]706#if !defined(MBEDTLS_RSA_NO_CRT)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]707 if (strlen(input_DP)) {
708 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]709 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]710 if (strlen(input_DQ)) {
711 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]712 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]713 if (strlen(input_QP)) {
714 TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]715 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]716#else
Werner Lewisf65a3272022-07-07 11:38:44 +0100[diff] [blame]717 ((void) input_DP);
718 ((void) input_DQ);
719 ((void) input_QP);
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]720#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]721
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]722 TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]723
724exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]725 mbedtls_rsa_free(&pub);
726 mbedtls_rsa_free(&prv);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]727}
728/* END_CASE */
729
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]730/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]731void mbedtls_rsa_gen_key(int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]732{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]733 mbedtls_rsa_context ctx;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]734 mbedtls_rsa_init(&ctx);
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]735
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]736 /* This test uses an insecure RNG, suitable only for testing.
737 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]738 TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits,
739 exponent) == result);
740 if (result == 0) {
741 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
742 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]743 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]744
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]745exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]746 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]747}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]748/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]749
Manuel Pégourié-Gonnard1d1174a2022-07-16 08:41:34 +0200[diff] [blame]750/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]751void mbedtls_rsa_deduce_primes(char *input_N,
752 char *input_D,
753 char *input_E,
754 char *output_P,
755 char *output_Q,
756 int corrupt, int result)
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]757{
758 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
759
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]760 mbedtls_mpi_init(&N);
761 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
762 mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp);
763 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]764
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]765 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
766 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
767 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
768 TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0);
769 TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]770
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]771 if (corrupt) {
772 TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0);
773 }
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]774
775 /* Try to deduce P, Q from N, D, E only. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]776 TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]777
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]778 if (!corrupt) {
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]779 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]780 TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) ||
781 (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0));
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]782 }
783
784exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]785 mbedtls_mpi_free(&N);
786 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
787 mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp);
788 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]789}
790/* END_CASE */
791
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]792/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]793void mbedtls_rsa_deduce_private_exponent(char *input_P,
794 char *input_Q,
795 char *input_E,
796 char *output_D,
797 int corrupt, int result)
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]798{
799 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
800
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]801 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
802 mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp);
803 mbedtls_mpi_init(&E);
804 mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]805
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]806 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
807 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
808 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
809 TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]810
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]811 if (corrupt) {
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]812 /* Make E even */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]813 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]814 }
815
816 /* Try to deduce D from N, P, Q, E. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]817 TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q,
818 &E, &D) == result);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]819
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]820 if (!corrupt) {
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]821 /*
822 * Check that D and Dp agree modulo LCM(P-1, Q-1).
823 */
824
825 /* Replace P,Q by P-1, Q-1 */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]826 TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0);
827 TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]828
829 /* Check D == Dp modulo P-1 */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]830 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0);
831 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0);
832 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]833
834 /* Check D == Dp modulo Q-1 */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]835 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0);
836 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0);
837 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]838 }
839
840exit:
841
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]842 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
843 mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp);
844 mbedtls_mpi_free(&E);
845 mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]846}
847/* END_CASE */
848
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]849/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]850void mbedtls_rsa_import(char *input_N,
851 char *input_P,
852 char *input_Q,
853 char *input_D,
854 char *input_E,
855 int successive,
856 int is_priv,
857 int res_check,
858 int res_complete)
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]859{
860 mbedtls_mpi N, P, Q, D, E;
861 mbedtls_rsa_context ctx;
862
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]863 /* Buffers used for encryption-decryption test */
864 unsigned char *buf_orig = NULL;
865 unsigned char *buf_enc = NULL;
866 unsigned char *buf_dec = NULL;
867
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]868 const int have_N = (strlen(input_N) > 0);
869 const int have_P = (strlen(input_P) > 0);
870 const int have_Q = (strlen(input_Q) > 0);
871 const int have_D = (strlen(input_D) > 0);
872 const int have_E = (strlen(input_E) > 0);
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]873
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]874 mbedtls_rsa_init(&ctx);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]875
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]876 mbedtls_mpi_init(&N);
877 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
878 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]879
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]880 if (have_N) {
881 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]882 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]883
884 if (have_P) {
885 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
886 }
887
888 if (have_Q) {
889 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
890 }
891
892 if (have_D) {
893 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
894 }
895
896 if (have_E) {
897 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
898 }
899
900 if (!successive) {
901 TEST_ASSERT(mbedtls_rsa_import(&ctx,
902 have_N ? &N : NULL,
903 have_P ? &P : NULL,
904 have_Q ? &Q : NULL,
905 have_D ? &D : NULL,
906 have_E ? &E : NULL) == 0);
907 } else {
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]908 /* Import N, P, Q, D, E separately.
909 * This should make no functional difference. */
910
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]911 TEST_ASSERT(mbedtls_rsa_import(&ctx,
912 have_N ? &N : NULL,
913 NULL, NULL, NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]914
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]915 TEST_ASSERT(mbedtls_rsa_import(&ctx,
916 NULL,
917 have_P ? &P : NULL,
918 NULL, NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]919
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]920 TEST_ASSERT(mbedtls_rsa_import(&ctx,
921 NULL, NULL,
922 have_Q ? &Q : NULL,
923 NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]924
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]925 TEST_ASSERT(mbedtls_rsa_import(&ctx,
926 NULL, NULL, NULL,
927 have_D ? &D : NULL,
928 NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]929
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]930 TEST_ASSERT(mbedtls_rsa_import(&ctx,
931 NULL, NULL, NULL, NULL,
932 have_E ? &E : NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]933 }
934
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]935 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]936
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]937 /* On expected success, perform some public and private
938 * key operations to check if the key is working properly. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]939 if (res_complete == 0) {
940 if (is_priv) {
941 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
942 } else {
943 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
944 }
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]945
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]946 if (res_check != 0) {
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]947 goto exit;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]948 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]949
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]950 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
951 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
952 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
953 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]954 goto exit;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]955 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]956
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]957 /* This test uses an insecure RNG, suitable only for testing.
958 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]959 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL,
960 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]961
962 /* Make sure the number we're generating is smaller than the modulus */
963 buf_orig[0] = 0x00;
964
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]965 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]966
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]967 if (is_priv) {
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]968 /* This test uses an insecure RNG, suitable only for testing.
969 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]970 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand,
971 NULL, buf_enc,
972 buf_dec) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]973
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]974 TEST_ASSERT(memcmp(buf_orig, buf_dec,
975 mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]976 }
977 }
978
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]979exit:
980
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]981 mbedtls_free(buf_orig);
982 mbedtls_free(buf_enc);
983 mbedtls_free(buf_dec);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]984
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]985 mbedtls_rsa_free(&ctx);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]986
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]987 mbedtls_mpi_free(&N);
988 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
989 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]990}
991/* END_CASE */
992
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]993/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]994void mbedtls_rsa_export(char *input_N,
995 char *input_P,
996 char *input_Q,
997 char *input_D,
998 char *input_E,
999 int is_priv,
1000 int successive)
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1001{
1002 /* Original MPI's with which we set up the RSA context */
1003 mbedtls_mpi N, P, Q, D, E;
1004
1005 /* Exported MPI's */
1006 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1007
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1008 const int have_N = (strlen(input_N) > 0);
1009 const int have_P = (strlen(input_P) > 0);
1010 const int have_Q = (strlen(input_Q) > 0);
1011 const int have_D = (strlen(input_D) > 0);
1012 const int have_E = (strlen(input_E) > 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1013
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1014 mbedtls_rsa_context ctx;
1015
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1016 mbedtls_rsa_init(&ctx);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1017
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1018 mbedtls_mpi_init(&N);
1019 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1020 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1021
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1022 mbedtls_mpi_init(&Ne);
1023 mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe);
1024 mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1025
1026 /* Setup RSA context */
1027
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1028 if (have_N) {
1029 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1030 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1031
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1032 if (have_P) {
1033 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1034 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1035
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1036 if (have_Q) {
1037 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1038 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1039
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1040 if (have_D) {
1041 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1042 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1043
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1044 if (have_E) {
1045 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1046 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1047
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1048 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1049 strlen(input_N) ? &N : NULL,
1050 strlen(input_P) ? &P : NULL,
1051 strlen(input_Q) ? &Q : NULL,
1052 strlen(input_D) ? &D : NULL,
1053 strlen(input_E) ? &E : NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1054
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1055 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1056
1057 /*
1058 * Export parameters and compare to original ones.
1059 */
1060
1061 /* N and E must always be present. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1062 if (!successive) {
1063 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0);
1064 } else {
1065 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0);
1066 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1067 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1068 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0);
1069 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1070
1071 /* If we were providing enough information to setup a complete private context,
1072 * we expect to be able to export all core parameters. */
1073
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1074 if (is_priv) {
1075 if (!successive) {
1076 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe,
1077 &De, NULL) == 0);
1078 } else {
1079 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL,
1080 NULL, NULL) == 0);
1081 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe,
1082 NULL, NULL) == 0);
1083 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL,
1084 &De, NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1085 }
1086
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1087 if (have_P) {
1088 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0);
1089 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1090
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1091 if (have_Q) {
1092 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0);
1093 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1094
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1095 if (have_D) {
1096 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0);
1097 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1098
1099 /* While at it, perform a sanity check */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1100 TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee,
1101 NULL, NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1102 }
1103
1104exit:
1105
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1106 mbedtls_rsa_free(&ctx);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1107
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1108 mbedtls_mpi_free(&N);
1109 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1110 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1111
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1112 mbedtls_mpi_free(&Ne);
1113 mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe);
1114 mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1115}
1116/* END_CASE */
1117
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1118/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1119void mbedtls_rsa_validate_params(char *input_N,
1120 char *input_P,
1121 char *input_Q,
1122 char *input_D,
1123 char *input_E,
1124 int prng, int result)
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1125{
1126 /* Original MPI's with which we set up the RSA context */
1127 mbedtls_mpi N, P, Q, D, E;
1128
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1129 const int have_N = (strlen(input_N) > 0);
1130 const int have_P = (strlen(input_P) > 0);
1131 const int have_Q = (strlen(input_Q) > 0);
1132 const int have_D = (strlen(input_D) > 0);
1133 const int have_E = (strlen(input_E) > 0);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1134
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1135 mbedtls_mpi_init(&N);
1136 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1137 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1138
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1139 if (have_N) {
1140 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1141 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1142
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1143 if (have_P) {
1144 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1145 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1146
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1147 if (have_Q) {
1148 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1149 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1150
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1151 if (have_D) {
1152 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1153 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1154
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1155 if (have_E) {
1156 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1157 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1158
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1159 /* This test uses an insecure RNG, suitable only for testing.
1160 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1161 TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL,
1162 have_P ? &P : NULL,
1163 have_Q ? &Q : NULL,
1164 have_D ? &D : NULL,
1165 have_E ? &E : NULL,
1166 prng ? mbedtls_test_rnd_std_rand : NULL,
1167 prng ? NULL : NULL) == result);
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1168
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1169exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1170 mbedtls_mpi_free(&N);
1171 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1172 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1173}
1174/* END_CASE */
1175
Manuel Pégourié-Gonnard1d1174a2022-07-16 08:41:34 +0200[diff] [blame]1176/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1177void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P,
1178 data_t *input_Q, data_t *input_D,
1179 data_t *input_E, int is_priv,
1180 int successive)
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1181{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1182 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1183 unsigned char bufNe[256];
1184 unsigned char bufPe[128];
1185 unsigned char bufQe[128];
1186 unsigned char bufDe[256];
1187 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1188
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1189 mbedtls_rsa_context ctx;
1190
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1191 mbedtls_rsa_init(&ctx);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1192
1193 /* Setup RSA context */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1194 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1195 input_N->len ? input_N->x : NULL, input_N->len,
1196 input_P->len ? input_P->x : NULL, input_P->len,
1197 input_Q->len ? input_Q->x : NULL, input_Q->len,
1198 input_D->len ? input_D->x : NULL, input_D->len,
1199 input_E->len ? input_E->x : NULL, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1200
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1201 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1202
1203 /*
1204 * Export parameters and compare to original ones.
1205 */
1206
1207 /* N and E must always be present. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1208 if (!successive) {
1209 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1210 NULL, 0, NULL, 0, NULL, 0,
1211 bufEe, input_E->len) == 0);
1212 } else {
1213 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1214 NULL, 0, NULL, 0, NULL, 0,
1215 NULL, 0) == 0);
1216 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1217 NULL, 0, NULL, 0, NULL, 0,
1218 bufEe, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1219 }
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1220 TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0);
1221 TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1222
1223 /* If we were providing enough information to setup a complete private context,
1224 * we expect to be able to export all core parameters. */
1225
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1226 if (is_priv) {
1227 if (!successive) {
1228 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1229 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1230 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1231 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1232 NULL, 0) == 0);
1233 } else {
1234 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1235 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1236 NULL, 0, NULL, 0,
1237 NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1238
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1239 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0,
1240 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1241 NULL, 0, NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1242
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1243 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0,
1244 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1245 NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1246 }
1247
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1248 if (input_P->len) {
1249 TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0);
1250 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1251
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1252 if (input_Q->len) {
1253 TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0);
1254 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1255
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1256 if (input_D->len) {
1257 TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0);
1258 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1259
1260 }
1261
1262exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1263 mbedtls_rsa_free(&ctx);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1264}
1265/* END_CASE */
1266
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1267/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1268void mbedtls_rsa_import_raw(data_t *input_N,
1269 data_t *input_P, data_t *input_Q,
1270 data_t *input_D, data_t *input_E,
1271 int successive,
1272 int is_priv,
1273 int res_check,
1274 int res_complete)
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1275{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1276 /* Buffers used for encryption-decryption test */
1277 unsigned char *buf_orig = NULL;
1278 unsigned char *buf_enc = NULL;
1279 unsigned char *buf_dec = NULL;
1280
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1281 mbedtls_rsa_context ctx;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1282
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1283 mbedtls_rsa_init(&ctx);
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1284
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1285 if (!successive) {
1286 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1287 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1288 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1289 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1290 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1291 (input_E->len > 0) ? input_E->x : NULL,
1292 input_E->len) == 0);
1293 } else {
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1294 /* Import N, P, Q, D, E separately.
1295 * This should make no functional difference. */
1296
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1297 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1298 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1299 NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1300
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1301 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1302 NULL, 0,
1303 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1304 NULL, 0, NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1305
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1306 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1307 NULL, 0, NULL, 0,
1308 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1309 NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1310
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1311 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1312 NULL, 0, NULL, 0, NULL, 0,
1313 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1314 NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1315
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1316 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1317 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1318 (input_E->len > 0) ? input_E->x : NULL,
1319 input_E->len) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1320 }
1321
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1322 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1323
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1324 /* On expected success, perform some public and private
1325 * key operations to check if the key is working properly. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1326 if (res_complete == 0) {
1327 if (is_priv) {
1328 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
1329 } else {
1330 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
1331 }
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1332
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1333 if (res_check != 0) {
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1334 goto exit;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1335 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1336
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1337 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1338 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1339 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1340 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1341 goto exit;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1342 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1343
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1344 /* This test uses an insecure RNG, suitable only for testing.
1345 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1346 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL,
1347 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1348
1349 /* Make sure the number we're generating is smaller than the modulus */
1350 buf_orig[0] = 0x00;
1351
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1352 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1353
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1354 if (is_priv) {
Manuel Pégourié-Gonnard5ef4e8d2022-07-16 08:57:19 +0200[diff] [blame]1355 /* This test uses an insecure RNG, suitable only for testing.
1356 * In production, always use a cryptographically strong RNG! */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1357 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand,
1358 NULL, buf_enc,
1359 buf_dec) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1360
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1361 TEST_ASSERT(memcmp(buf_orig, buf_dec,
1362 mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1363 }
1364 }
1365
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1366exit:
1367
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1368 mbedtls_free(buf_orig);
1369 mbedtls_free(buf_enc);
1370 mbedtls_free(buf_dec);
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1371
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1372 mbedtls_rsa_free(&ctx);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1373}
1374/* END_CASE */
1375
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1376/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1377void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1378{
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]1379 TEST_ASSERT(mbedtls_rsa_self_test(1) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1380}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1381/* END_CASE */