Blame - tests/suites/test_suite_rsa.function - mirror/mbed-tls.git

blob: 5ebecc86c0b8a19ef1961a0c461746cc90de5be0 [file] [log] [blame]

Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	1	BEGIN_HEADER
				2	#include <polarssl/rsa.h>
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	3	#include <polarssl/md2.h>
				4	#include <polarssl/md4.h>
				5	#include <polarssl/md5.h>
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	6	#include <polarssl/sha1.h>
				7	#include <polarssl/sha2.h>
				8	#include <polarssl/sha4.h>
Paul Bakker	c0a1a31	2011-12-04 17:12:15 +0000	[diff] [blame]	9	#include <polarssl/entropy.h>
				10	#include <polarssl/ctr_drbg.h>
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	11	END_HEADER
				12
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	13	BEGIN_DEPENDENCIES
Paul Bakker	d7d8dbe	2011-05-26 15:29:38 +0000	[diff] [blame]	14	depends_on:POLARSSL_RSA_C:POLARSSL_BIGNUM_C:POLARSSL_GENPRIME
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	15	END_DEPENDENCIES
				16
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	17	BEGIN_CASE
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	18	rsa_pkcs1_sign:message_hex_string:padding_mode:digest:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	19	{
				20	unsigned char message_str[1000];
				21	unsigned char hash_result[1000];
				22	unsigned char output[1000];
				23	unsigned char output_str[1000];
				24	rsa_context ctx;
				25	mpi P1, Q1, H, G;
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	26	int msg_len;
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	27	rnd_pseudo_info rnd_info;
				28
				29	memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	30
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	31	mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	32	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	33
				34	memset( message_str, 0x00, 1000 );
				35	memset( hash_result, 0x00, 1000 );
				36	memset( output, 0x00, 1000 );
				37	memset( output_str, 0x00, 1000 );
				38
				39	ctx.len = {mod} / 8;
				40	TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
				41	TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
				42	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				43	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				44
				45	TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
				46	TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
				47	TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
				48	TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
				49	TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
				50	TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
				51	TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
				52	TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
				53
				54	TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
				55
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	56	msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	57
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	58	switch( {digest} )
				59	{
				60	#ifdef POLARSSL_MD2_C
				61	case SIG_RSA_MD2:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	62	md2( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	63	break;
				64	#endif
				65	#ifdef POLARSSL_MD4_C
				66	case SIG_RSA_MD4:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	67	md4( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	68	break;
				69	#endif
				70	#ifdef POLARSSL_MD5_C
				71	case SIG_RSA_MD5:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	72	md5( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	73	break;
				74	#endif
				75	#ifdef POLARSSL_SHA1_C
				76	case SIG_RSA_SHA1:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	77	sha1( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	78	break;
				79	#endif
				80	#ifdef POLARSSL_SHA2_C
				81	case SIG_RSA_SHA224:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	82	sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	83	break;
				84	case SIG_RSA_SHA256:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	85	sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	86	break;
				87	#endif
				88	#ifdef POLARSSL_SHA4_C
				89	case SIG_RSA_SHA384:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	90	sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	91	break;
				92	case SIG_RSA_SHA512:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	93	sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	94	break;
				95	#endif
				96	}
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	97
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	98	TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	99	if( {result} == 0 )
				100	{
				101	hexify( output_str, output, ctx.len );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	102
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	103	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				104	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	105
				106	mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	107	rsa_free( &ctx );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	108	}
				109	END_CASE
				110
				111	BEGIN_CASE
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	112	rsa_pkcs1_verify:message_hex_string:padding_mode:digest:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	113	{
				114	unsigned char message_str[1000];
				115	unsigned char hash_result[1000];
				116	unsigned char result_str[1000];
				117	rsa_context ctx;
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	118	int msg_len;
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	119
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	120	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	121	memset( message_str, 0x00, 1000 );
				122	memset( hash_result, 0x00, 1000 );
				123	memset( result_str, 0x00, 1000 );
				124
				125	ctx.len = {mod} / 8;
				126	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				127	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				128
				129	TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
				130
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	131	msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	132	unhexify( result_str, {result_hex_str} );
				133
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	134	switch( {digest} )
				135	{
				136	#ifdef POLARSSL_MD2_C
				137	case SIG_RSA_MD2:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	138	md2( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	139	break;
				140	#endif
				141	#ifdef POLARSSL_MD4_C
				142	case SIG_RSA_MD4:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	143	md4( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	144	break;
				145	#endif
				146	#ifdef POLARSSL_MD5_C
				147	case SIG_RSA_MD5:
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	148	md5( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	149	break;
				150	#endif
				151	#ifdef POLARSSL_SHA1_C
				152	case SIG_RSA_SHA1:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	153	sha1( message_str, msg_len, hash_result );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	154	break;
				155	#endif
				156	#ifdef POLARSSL_SHA2_C
				157	case SIG_RSA_SHA224:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	158	sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	159	break;
				160	case SIG_RSA_SHA256:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	161	sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	162	break;
				163	#endif
				164	#ifdef POLARSSL_SHA4_C
				165	case SIG_RSA_SHA384:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	166	sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	167	break;
				168	case SIG_RSA_SHA512:
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	169	sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker	76791f7	2009-10-03 20:02:00 +0000	[diff] [blame]	170	break;
				171	#endif
				172	}
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	173
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	174	TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	175
				176	rsa_free( &ctx );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	177	}
				178	END_CASE
				179
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	180
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	181	BEGIN_CASE
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	182	rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	183	{
				184	unsigned char message_str[1000];
				185	unsigned char hash_result[1000];
				186	unsigned char output[1000];
				187	unsigned char output_str[1000];
				188	rsa_context ctx;
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	189	mpi P1, Q1, H, G;
Paul Bakker	eaf90d9	2011-07-13 14:21:52 +0000	[diff] [blame]	190	int hash_len;
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	191	rnd_pseudo_info rnd_info;
				192
				193	memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	194
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	195	mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	196	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	197
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	198	memset( message_str, 0x00, 1000 );
				199	memset( hash_result, 0x00, 1000 );
				200	memset( output, 0x00, 1000 );
				201	memset( output_str, 0x00, 1000 );
				202
				203	ctx.len = {mod} / 8;
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	204	TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
				205	TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
				206	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				207	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				208
				209	TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
				210	TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
				211	TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
				212	TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
				213	TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
				214	TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
				215	TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
				216	TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
				217
				218	TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
				219
Paul Bakker	eaf90d9	2011-07-13 14:21:52 +0000	[diff] [blame]	220	unhexify( message_str, {message_hex_string} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	221	hash_len = unhexify( hash_result, {hash_result_string} );
				222
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	223	TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	224
				225	hexify( output_str, output, ctx.len );
				226
				227	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	228
Manuel Pégourié-Gonnard	c675e4b	2014-02-03 11:58:55 +0100	[diff] [blame]	229	/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
				230	if( {padding_mode} == RSA_PKCS_V15 )
				231	{
				232	memset( output, 0x00, 1000 );
				233	memset( output_str, 0x00, 1000 );
				234
				235	TEST_ASSERT( rsa_rsaes_pkcs1_v15_encrypt( &ctx,
				236	&rnd_pseudo_rand, &rnd_info, RSA_PRIVATE,
				237	hash_len, hash_result, output ) == 0 );
				238
				239	hexify( output_str, output, ctx.len );
				240
				241	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				242	}
				243
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	244	mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	245	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	246	}
				247	END_CASE
				248
				249	BEGIN_CASE
				250	rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:correct
				251	{
				252	unsigned char message_str[1000];
				253	unsigned char hash_result[1000];
				254	unsigned char result_str[1000];
Manuel Pégourié-Gonnard	c675e4b	2014-02-03 11:58:55 +0100	[diff] [blame]	255	unsigned char output[1000];
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	256	rsa_context ctx;
Manuel Pégourié-Gonnard	c675e4b	2014-02-03 11:58:55 +0100	[diff] [blame]	257	size_t hash_len, olen;
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	258
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	259	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	260	memset( message_str, 0x00, 1000 );
				261	memset( hash_result, 0x00, 1000 );
				262	memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnard	c675e4b	2014-02-03 11:58:55 +0100	[diff] [blame]	263	memset( output, 0x00, sizeof( output ) );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	264
				265	ctx.len = {mod} / 8;
				266	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				267	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				268
				269	TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
				270
Paul Bakker	eaf90d9	2011-07-13 14:21:52 +0000	[diff] [blame]	271	unhexify( message_str, {message_hex_string} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	272	hash_len = unhexify( hash_result, {hash_result_string} );
				273	unhexify( result_str, {result_hex_str} );
				274
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	275	TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	276
Manuel Pégourié-Gonnard	c675e4b	2014-02-03 11:58:55 +0100	[diff] [blame]	277	/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
				278	if( {padding_mode} == RSA_PKCS_V15 )
				279	{
				280	int ok;
				281
				282	TEST_ASSERT( rsa_rsaes_pkcs1_v15_decrypt( &ctx,
				283	NULL, NULL, RSA_PUBLIC,
				284	&olen, result_str, output, sizeof( output ) ) == 0 );
				285
				286	ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
				287	if( {correct} == 0 )
				288	TEST_ASSERT( ok == 1 );
				289	else
				290	TEST_ASSERT( ok == 0 );
				291	}
				292
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	293	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	294	}
				295	END_CASE
				296
				297	BEGIN_CASE
				298	rsa_pkcs1_encrypt:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
				299	{
				300	unsigned char message_str[1000];
				301	unsigned char output[1000];
				302	unsigned char output_str[1000];
				303	rsa_context ctx;
Paul Bakker	f4a3f30	2011-04-24 15:53:29 +0000	[diff] [blame]	304	size_t msg_len;
Paul Bakker	997bbd1	2011-03-13 15:45:42 +0000	[diff] [blame]	305	rnd_pseudo_info rnd_info;
				306
				307	memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	308
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	309	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	310	memset( message_str, 0x00, 1000 );
				311	memset( output, 0x00, 1000 );
				312	memset( output_str, 0x00, 1000 );
				313
				314	ctx.len = {mod} / 8;
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	315	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				316	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				317
				318	TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
				319
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	320	msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	321
Paul Bakker	997bbd1	2011-03-13 15:45:42 +0000	[diff] [blame]	322	TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	323	if( {result} == 0 )
				324	{
				325	hexify( output_str, output, ctx.len );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	326
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	327	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				328	}
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	329
				330	rsa_free( &ctx );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	331	}
				332	END_CASE
				333
				334	BEGIN_CASE
Paul Bakker	a665685	2010-07-18 19:47:14 +0000	[diff] [blame]	335	rsa_pkcs1_encrypt_bad_rng:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
				336	{
				337	unsigned char message_str[1000];
				338	unsigned char output[1000];
				339	unsigned char output_str[1000];
				340	rsa_context ctx;
Paul Bakker	f4a3f30	2011-04-24 15:53:29 +0000	[diff] [blame]	341	size_t msg_len;
Paul Bakker	a665685	2010-07-18 19:47:14 +0000	[diff] [blame]	342
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	343	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	a665685	2010-07-18 19:47:14 +0000	[diff] [blame]	344	memset( message_str, 0x00, 1000 );
				345	memset( output, 0x00, 1000 );
				346	memset( output_str, 0x00, 1000 );
				347
				348	ctx.len = {mod} / 8;
				349	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				350	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				351
				352	TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
				353
				354	msg_len = unhexify( message_str, {message_hex_string} );
				355
Paul Bakker	997bbd1	2011-03-13 15:45:42 +0000	[diff] [blame]	356	TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakker	a665685	2010-07-18 19:47:14 +0000	[diff] [blame]	357	if( {result} == 0 )
				358	{
				359	hexify( output_str, output, ctx.len );
				360
				361	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				362	}
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	363
				364	rsa_free( &ctx );
Paul Bakker	a665685	2010-07-18 19:47:14 +0000	[diff] [blame]	365	}
				366	END_CASE
				367
				368	BEGIN_CASE
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	369	rsa_pkcs1_decrypt:message_hex_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:max_output:result_hex_str:result
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	370	{
				371	unsigned char message_str[1000];
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	372	unsigned char output[1000];
				373	unsigned char output_str[1000];
				374	rsa_context ctx;
				375	mpi P1, Q1, H, G;
Paul Bakker	f4a3f30	2011-04-24 15:53:29 +0000	[diff] [blame]	376	size_t output_len;
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	377	rnd_pseudo_info rnd_info;
				378
				379	memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	380
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	381	mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	382	rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	383
				384	memset( message_str, 0x00, 1000 );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	385	memset( output, 0x00, 1000 );
				386	memset( output_str, 0x00, 1000 );
				387
				388	ctx.len = {mod} / 8;
				389	TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
				390	TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
				391	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				392	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				393
				394	TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
				395	TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
				396	TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
				397	TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
				398	TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
				399	TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
				400	TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
				401	TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
				402
				403	TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
				404
				405	unhexify( message_str, {message_hex_string} );
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	406	output_len = 0;
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	407
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	408	TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	409	if( {result} == 0 )
				410	{
				411	hexify( output_str, output, ctx.len );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	412
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	413	TEST_ASSERT( strncasecmp( (char *) output_str, {result_hex_str}, strlen( {result_hex_str} ) ) == 0 );
				414	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	415
				416	mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	417	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	418	}
				419	END_CASE
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	420
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	421	BEGIN_CASE
				422	rsa_public:message_hex_string:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
				423	{
				424	unsigned char message_str[1000];
				425	unsigned char output[1000];
				426	unsigned char output_str[1000];
				427	rsa_context ctx;
				428
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	429	rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	430	memset( message_str, 0x00, 1000 );
				431	memset( output, 0x00, 1000 );
				432	memset( output_str, 0x00, 1000 );
				433
				434	ctx.len = {mod} / 8;
				435	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				436	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				437
				438	TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
				439
				440	unhexify( message_str, {message_hex_string} );
				441
				442	TEST_ASSERT( rsa_public( &ctx, message_str, output ) == {result} );
				443	if( {result} == 0 )
				444	{
				445	hexify( output_str, output, ctx.len );
				446
				447	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				448	}
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	449
				450	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	451	}
				452	END_CASE
				453
				454	BEGIN_CASE
				455	rsa_private:message_hex_string:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
				456	{
				457	unsigned char message_str[1000];
				458	unsigned char output[1000];
				459	unsigned char output_str[1000];
				460	rsa_context ctx;
				461	mpi P1, Q1, H, G;
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	462	rnd_pseudo_info rnd_info;
				463
				464	memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	465
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	466	mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	467	rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	468
				469	memset( message_str, 0x00, 1000 );
				470	memset( output, 0x00, 1000 );
				471	memset( output_str, 0x00, 1000 );
				472
				473	ctx.len = {mod} / 8;
				474	TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
				475	TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
				476	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				477	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				478
				479	TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
				480	TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
				481	TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
				482	TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
				483	TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
				484	TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
				485	TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
				486	TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
				487
				488	TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
				489
				490	unhexify( message_str, {message_hex_string} );
				491
Paul Bakker	43f9799	2013-09-23 11:23:31 +0200	[diff] [blame]	492	TEST_ASSERT( rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, message_str, output ) == {result} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	493	if( {result} == 0 )
				494	{
				495	hexify( output_str, output, ctx.len );
				496
				497	TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
				498	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	499
				500	mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	501	rsa_free( &ctx );
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	502	}
				503	END_CASE
				504
				505	BEGIN_CASE
Paul Bakker	37940d9f	2009-07-10 22:38:58 +0000	[diff] [blame]	506	rsa_check_privkey_null:
				507	{
				508	rsa_context ctx;
				509	memset( &ctx, 0x00, sizeof( rsa_context ) );
				510
				511	TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
				512	}
				513	END_CASE
				514
				515	BEGIN_CASE
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	516	rsa_check_pubkey:radix_N:input_N:radix_E:input_E:result
				517	{
				518	rsa_context ctx;
				519
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	520	rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	521
				522	if( strlen( {input_N} ) )
				523	{
				524	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				525	}
				526	if( strlen( {input_E} ) )
				527	{
				528	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				529	}
				530
				531	TEST_ASSERT( rsa_check_pubkey( &ctx ) == {result} );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	532
				533	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	534	}
				535	END_CASE
				536
				537	BEGIN_CASE
Paul Bakker	31417a7	2012-09-27 20:41:37 +0000	[diff] [blame]	538	rsa_check_privkey:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:radix_D:input_D:radix_DP:input_DP:radix_DQ:input_DQ:radix_QP:input_QP:result
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	539	{
				540	rsa_context ctx;
				541
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	542	rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	543
				544	ctx.len = {mod} / 8;
				545	if( strlen( {input_P} ) )
				546	{
				547	TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
				548	}
				549	if( strlen( {input_Q} ) )
				550	{
				551	TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
				552	}
				553	if( strlen( {input_N} ) )
				554	{
				555	TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
				556	}
				557	if( strlen( {input_E} ) )
				558	{
				559	TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
				560	}
				561	if( strlen( {input_D} ) )
				562	{
				563	TEST_ASSERT( mpi_read_string( &ctx.D, {radix_D}, {input_D} ) == 0 );
				564	}
Paul Bakker	31417a7	2012-09-27 20:41:37 +0000	[diff] [blame]	565	if( strlen( {input_DP} ) )
				566	{
				567	TEST_ASSERT( mpi_read_string( &ctx.DP, {radix_DP}, {input_DP} ) == 0 );
				568	}
				569	if( strlen( {input_DQ} ) )
				570	{
				571	TEST_ASSERT( mpi_read_string( &ctx.DQ, {radix_DQ}, {input_DQ} ) == 0 );
				572	}
				573	if( strlen( {input_QP} ) )
				574	{
				575	TEST_ASSERT( mpi_read_string( &ctx.QP, {radix_QP}, {input_QP} ) == 0 );
				576	}
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	577
				578	TEST_ASSERT( rsa_check_privkey( &ctx ) == {result} );
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	579
				580	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	581	}
				582	END_CASE
				583
				584	BEGIN_CASE
				585	rsa_gen_key:nrbits:exponent:result
				586	{
				587	rsa_context ctx;
Paul Bakker	c0a1a31	2011-12-04 17:12:15 +0000	[diff] [blame]	588	entropy_context entropy;
				589	ctr_drbg_context ctr_drbg;
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	590	const char *pers = "test_suite_rsa";
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	591
Paul Bakker	c0a1a31	2011-12-04 17:12:15 +0000	[diff] [blame]	592	entropy_init( &entropy );
				593	TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	594	(const unsigned char *) pers, strlen( pers ) ) == 0 );
Paul Bakker	c0a1a31	2011-12-04 17:12:15 +0000	[diff] [blame]	595
Paul Bakker	ebcef6d	2010-08-16 11:10:49 +0000	[diff] [blame]	596	rsa_init( &ctx, 0, 0 );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	597
Paul Bakker	c0a1a31	2011-12-04 17:12:15 +0000	[diff] [blame]	598	TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, {nrbits}, {exponent} ) == {result} );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	599	if( {result} == 0 )
				600	{
				601	TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
				602	}
Paul Bakker	58ef6ec	2013-01-03 11:33:48 +0100	[diff] [blame]	603
				604	rsa_free( &ctx );
Paul Bakker	821fb08	2009-07-12 13:26:42 +0000	[diff] [blame]	605	}
				606	END_CASE
				607
				608	BEGIN_CASE
Paul Bakker	42a29bf	2009-07-07 20:18:41 +0000	[diff] [blame]	609	rsa_selftest:
				610	{
				611	TEST_ASSERT( rsa_self_test( 0 ) == 0 );
				612	}
				613	END_CASE