TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / af0ccc8fa006c3a806da585f78d9ee6f6449de57 / . / tests / suites / test_suite_rsa.function
blob: 0e7bb650a1c71eb2d9c8e6bc9473593cf3abbeae [file] [log] [blame]
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1BEGIN_HEADER
2#include <polarssl/rsa.h>
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]3#include <polarssl/md2.h>
4#include <polarssl/md4.h>
5#include <polarssl/md5.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]6#include <polarssl/sha1.h>
7#include <polarssl/sha2.h>
8#include <polarssl/sha4.h>
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]9#include <polarssl/entropy.h>
10#include <polarssl/ctr_drbg.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]11END_HEADER
12
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]13BEGIN_DEPENDENCIES
Paul Bakkerd7d8dbe2011-05-26 15:29:38 +0000[diff] [blame]14depends_on:POLARSSL_RSA_C:POLARSSL_BIGNUM_C:POLARSSL_GENPRIME
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]15END_DEPENDENCIES
16
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]17BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]18rsa_pkcs1_sign:message_hex_string:padding_mode:digest:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]19{
20 unsigned char message_str[1000];
21 unsigned char hash_result[1000];
22 unsigned char output[1000];
23 unsigned char output_str[1000];
24 rsa_context ctx;
25 mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]26 int msg_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]27 rnd_pseudo_info rnd_info;
28
29 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]30
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]31 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]32 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]33
34 memset( message_str, 0x00, 1000 );
35 memset( hash_result, 0x00, 1000 );
36 memset( output, 0x00, 1000 );
37 memset( output_str, 0x00, 1000 );
38
39 ctx.len = {mod} / 8;
40 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
41 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
42 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
43 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
44
45 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
46 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
47 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
48 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
49 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
50 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
51 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
52 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
53
54 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
55
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]56 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]57
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]58 switch( {digest} )
59 {
60#ifdef POLARSSL_MD2_C
61 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]62 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]63 break;
64#endif
65#ifdef POLARSSL_MD4_C
66 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]67 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]68 break;
69#endif
70#ifdef POLARSSL_MD5_C
71 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]72 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]73 break;
74#endif
75#ifdef POLARSSL_SHA1_C
76 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]78 break;
79#endif
80#ifdef POLARSSL_SHA2_C
81 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]82 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]83 break;
84 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]85 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]86 break;
87#endif
88#ifdef POLARSSL_SHA4_C
89 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]90 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]91 break;
92 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]93 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]94 break;
95#endif
96 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]97
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]98 TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]99 if( {result} == 0 )
100 {
101 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]102
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]103 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
104 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]105
106 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]107 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]108}
109END_CASE
110
111BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]112rsa_pkcs1_verify:message_hex_string:padding_mode:digest:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]113{
114 unsigned char message_str[1000];
115 unsigned char hash_result[1000];
116 unsigned char result_str[1000];
117 rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]118 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]119
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]120 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]121 memset( message_str, 0x00, 1000 );
122 memset( hash_result, 0x00, 1000 );
123 memset( result_str, 0x00, 1000 );
124
125 ctx.len = {mod} / 8;
126 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
127 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
128
129 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
130
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]131 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]132 unhexify( result_str, {result_hex_str} );
133
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]134 switch( {digest} )
135 {
136#ifdef POLARSSL_MD2_C
137 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]138 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]139 break;
140#endif
141#ifdef POLARSSL_MD4_C
142 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]143 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]144 break;
145#endif
146#ifdef POLARSSL_MD5_C
147 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]148 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]149 break;
150#endif
151#ifdef POLARSSL_SHA1_C
152 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]153 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]154 break;
155#endif
156#ifdef POLARSSL_SHA2_C
157 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]158 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]159 break;
160 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]161 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]162 break;
163#endif
164#ifdef POLARSSL_SHA4_C
165 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]166 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]167 break;
168 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]169 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]170 break;
171#endif
172 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]173
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]174 TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]175
176 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]177}
178END_CASE
179
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]180
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]181BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]182rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]183{
184 unsigned char message_str[1000];
185 unsigned char hash_result[1000];
186 unsigned char output[1000];
187 unsigned char output_str[1000];
188 rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]189 mpi P1, Q1, H, G;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]190 int hash_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]191 rnd_pseudo_info rnd_info;
192
193 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]194
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]195 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]196 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]198 memset( message_str, 0x00, 1000 );
199 memset( hash_result, 0x00, 1000 );
200 memset( output, 0x00, 1000 );
201 memset( output_str, 0x00, 1000 );
202
203 ctx.len = {mod} / 8;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]204 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
205 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
206 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
207 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
208
209 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
210 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
211 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
212 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
213 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
214 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
215 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
216 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
217
218 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
219
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]220 unhexify( message_str, {message_hex_string} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]221 hash_len = unhexify( hash_result, {hash_result_string} );
222
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]223 TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]224
225 hexify( output_str, output, ctx.len );
226
227 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]228
229 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]230 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]231}
232END_CASE
233
234BEGIN_CASE
235rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:correct
236{
237 unsigned char message_str[1000];
238 unsigned char hash_result[1000];
239 unsigned char result_str[1000];
240 rsa_context ctx;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]241 size_t hash_len;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]242
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]243 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]244 memset( message_str, 0x00, 1000 );
245 memset( hash_result, 0x00, 1000 );
246 memset( result_str, 0x00, 1000 );
247
248 ctx.len = {mod} / 8;
249 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
250 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
251
252 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
253
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]254 unhexify( message_str, {message_hex_string} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]255 hash_len = unhexify( hash_result, {hash_result_string} );
256 unhexify( result_str, {result_hex_str} );
257
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]258 TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]259
260 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]261}
262END_CASE
263
264BEGIN_CASE
265rsa_pkcs1_encrypt:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
266{
267 unsigned char message_str[1000];
268 unsigned char output[1000];
269 unsigned char output_str[1000];
270 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]271 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]272 rnd_pseudo_info rnd_info;
273
274 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]275
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]276 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]277 memset( message_str, 0x00, 1000 );
278 memset( output, 0x00, 1000 );
279 memset( output_str, 0x00, 1000 );
280
281 ctx.len = {mod} / 8;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]282 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
283 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
284
285 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
286
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]287 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]288
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]289 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]290 if( {result} == 0 )
291 {
292 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]293
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]294 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
295 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]296
297 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]298}
299END_CASE
300
301BEGIN_CASE
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]302rsa_pkcs1_encrypt_bad_rng:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
303{
304 unsigned char message_str[1000];
305 unsigned char output[1000];
306 unsigned char output_str[1000];
307 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]308 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]309
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]310 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]311 memset( message_str, 0x00, 1000 );
312 memset( output, 0x00, 1000 );
313 memset( output_str, 0x00, 1000 );
314
315 ctx.len = {mod} / 8;
316 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
317 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
318
319 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
320
321 msg_len = unhexify( message_str, {message_hex_string} );
322
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]323 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]324 if( {result} == 0 )
325 {
326 hexify( output_str, output, ctx.len );
327
328 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
329 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]330
331 rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]332}
333END_CASE
334
335BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]336rsa_pkcs1_decrypt:message_hex_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:max_output:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]337{
338 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]339 unsigned char output[1000];
340 unsigned char output_str[1000];
341 rsa_context ctx;
342 mpi P1, Q1, H, G;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]343 size_t output_len;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]344 rnd_pseudo_info rnd_info;
345
346 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]348 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]349 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]350
351 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]352 memset( output, 0x00, 1000 );
353 memset( output_str, 0x00, 1000 );
354
355 ctx.len = {mod} / 8;
356 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
357 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
358 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
359 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
360
361 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
362 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
363 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
364 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
365 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
366 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
367 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
368 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
369
370 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
371
372 unhexify( message_str, {message_hex_string} );
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]373 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]374
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]375 TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]376 if( {result} == 0 )
377 {
378 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]379
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]380 TEST_ASSERT( strncasecmp( (char *) output_str, {result_hex_str}, strlen( {result_hex_str} ) ) == 0 );
381 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]382
383 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]384 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]385}
386END_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]387
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]388BEGIN_CASE
389rsa_public:message_hex_string:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
390{
391 unsigned char message_str[1000];
392 unsigned char output[1000];
393 unsigned char output_str[1000];
394 rsa_context ctx;
395
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]396 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]397 memset( message_str, 0x00, 1000 );
398 memset( output, 0x00, 1000 );
399 memset( output_str, 0x00, 1000 );
400
401 ctx.len = {mod} / 8;
402 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
403 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
404
405 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
406
407 unhexify( message_str, {message_hex_string} );
408
409 TEST_ASSERT( rsa_public( &ctx, message_str, output ) == {result} );
410 if( {result} == 0 )
411 {
412 hexify( output_str, output, ctx.len );
413
414 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
415 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]416
417 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]418}
419END_CASE
420
421BEGIN_CASE
422rsa_private:message_hex_string:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
423{
424 unsigned char message_str[1000];
425 unsigned char output[1000];
426 unsigned char output_str[1000];
427 rsa_context ctx;
428 mpi P1, Q1, H, G;
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]429 rnd_pseudo_info rnd_info;
430
431 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]432
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]433 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]434 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]435
436 memset( message_str, 0x00, 1000 );
437 memset( output, 0x00, 1000 );
438 memset( output_str, 0x00, 1000 );
439
440 ctx.len = {mod} / 8;
441 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
442 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
443 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
444 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
445
446 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
447 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
448 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
449 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
450 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
451 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
452 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
453 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
454
455 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
456
457 unhexify( message_str, {message_hex_string} );
458
Paul Bakker43f97992013-09-23 11:23:31 +0200[diff] [blame]459 TEST_ASSERT( rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, message_str, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]460 if( {result} == 0 )
461 {
462 hexify( output_str, output, ctx.len );
463
464 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
465 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]466
467 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]468 rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]469}
470END_CASE
471
472BEGIN_CASE
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]473rsa_check_privkey_null:
474{
475 rsa_context ctx;
476 memset( &ctx, 0x00, sizeof( rsa_context ) );
477
478 TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
479}
480END_CASE
481
482BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]483rsa_check_pubkey:radix_N:input_N:radix_E:input_E:result
484{
485 rsa_context ctx;
486
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]487 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]488
489 if( strlen( {input_N} ) )
490 {
491 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
492 }
493 if( strlen( {input_E} ) )
494 {
495 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
496 }
497
498 TEST_ASSERT( rsa_check_pubkey( &ctx ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]499
500 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]501}
502END_CASE
503
504BEGIN_CASE
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]505rsa_check_privkey:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:radix_D:input_D:radix_DP:input_DP:radix_DQ:input_DQ:radix_QP:input_QP:result
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]506{
507 rsa_context ctx;
508
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]509 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]510
511 ctx.len = {mod} / 8;
512 if( strlen( {input_P} ) )
513 {
514 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
515 }
516 if( strlen( {input_Q} ) )
517 {
518 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
519 }
520 if( strlen( {input_N} ) )
521 {
522 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
523 }
524 if( strlen( {input_E} ) )
525 {
526 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
527 }
528 if( strlen( {input_D} ) )
529 {
530 TEST_ASSERT( mpi_read_string( &ctx.D, {radix_D}, {input_D} ) == 0 );
531 }
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]532 if( strlen( {input_DP} ) )
533 {
534 TEST_ASSERT( mpi_read_string( &ctx.DP, {radix_DP}, {input_DP} ) == 0 );
535 }
536 if( strlen( {input_DQ} ) )
537 {
538 TEST_ASSERT( mpi_read_string( &ctx.DQ, {radix_DQ}, {input_DQ} ) == 0 );
539 }
540 if( strlen( {input_QP} ) )
541 {
542 TEST_ASSERT( mpi_read_string( &ctx.QP, {radix_QP}, {input_QP} ) == 0 );
543 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]544
545 TEST_ASSERT( rsa_check_privkey( &ctx ) == {result} );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]546
547 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]548}
549END_CASE
550
551BEGIN_CASE
552rsa_gen_key:nrbits:exponent:result
553{
554 rsa_context ctx;
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]555 entropy_context entropy;
556 ctr_drbg_context ctr_drbg;
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]557 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]558
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]559 entropy_init( &entropy );
560 TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]561 (const unsigned char *) pers, strlen( pers ) ) == 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]562
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000[diff] [blame]563 rsa_init( &ctx, 0, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]564
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]565 TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, {nrbits}, {exponent} ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]566 if( {result} == 0 )
567 {
568 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
569 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]570
571 rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]572}
573END_CASE
574
575BEGIN_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]576rsa_selftest:
577{
578 TEST_ASSERT( rsa_self_test( 0 ) == 0 );
579}
580END_CASE