TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 266b6d2121eb2bbfb68725fa3b3ba63e9accbcc5 / . / tests / suites / test_suite_rsa.function
blob: 086544401bc0f63b751c1ac4319c8b6c57d8ee54 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Chris Jones66a4cd42021-03-09 16:04:12 +0000[diff] [blame]3#include "rsa_alt_helpers.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]21void rsa_invalid_param( )
22{
23 mbedtls_rsa_context ctx;
24 const int invalid_padding = 42;
25 const int invalid_hash_id = 0xff;
26
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]27 mbedtls_rsa_init( &ctx );
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]28
29 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
30 invalid_padding,
31 MBEDTLS_MD_NONE ),
32 MBEDTLS_ERR_RSA_INVALID_PADDING );
33
34 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
35 MBEDTLS_RSA_PKCS_V21,
36 invalid_hash_id ),
37 MBEDTLS_ERR_RSA_INVALID_PADDING );
38
39exit:
40 mbedtls_rsa_free( &ctx );
41}
42/* END_CASE */
43
44/* BEGIN_CASE */
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]45void rsa_init_free( int reinit )
46{
47 mbedtls_rsa_context ctx;
48
49 /* Double free is not explicitly documented to work, but we rely on it
50 * even inside the library so that you can call mbedtls_rsa_free()
51 * unconditionally on an error path without checking whether it has
52 * already been called in the success path. */
53
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]54 mbedtls_rsa_init( &ctx );
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]55 mbedtls_rsa_free( &ctx );
56
57 if( reinit )
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]58 mbedtls_rsa_init( &ctx );
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]59 mbedtls_rsa_free( &ctx );
60
61 /* This test case always succeeds, functionally speaking. A plausible
62 * bug might trigger an invalid pointer dereference or a memory leak. */
63 goto exit;
64}
65/* END_CASE */
66
67/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]68void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]69 int digest, int mod, int radix_P, char * input_P,
70 int radix_Q, char * input_Q, int radix_N,
71 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]72 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]73{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]74 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
75 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]77 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]78 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]79
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]80 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
81 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]82 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]83 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode,
84 MBEDTLS_MD_NONE ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]85
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]86 memset( hash_result, 0x00, sizeof( hash_result ) );
87 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]88 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]89
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]90 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
91 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
92 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
93 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]94
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]95 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
96 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]97 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]98 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]99
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]100
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]102 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]103
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]104 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]105 &rnd_info, digest, 0, hash_result,
106 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]107 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]108 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]109
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]110 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
111 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]112 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]113
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]114exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]115 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
116 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]117 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]118}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]119/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]120
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]121/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]122void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]123 int digest, int mod, int radix_N,
124 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]125 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]126{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]127 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]128 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]129
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]130 mbedtls_mpi N, E;
131
132 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]133 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]134 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
135 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]136 memset( hash_result, 0x00, sizeof( hash_result ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]137
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]138 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
139 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
140 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
141 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]142 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]143
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]145 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]146 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]147
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]148 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]149
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]150exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]151 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]152 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]153}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]154/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]155
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]156
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]157/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]158void rsa_pkcs1_sign_raw( data_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]159 int padding_mode, int mod, int radix_P,
160 char * input_P, int radix_Q, char * input_Q,
161 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]162 char * input_E, data_t * result_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]163{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]164 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]165 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]166 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]167 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]168
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]169 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]170 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
171 MBEDTLS_MD_NONE ) == 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]172 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
173 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]174
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]175 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]176 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]177
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]178 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
179 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
180 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
181 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]182
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]183 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
184 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]185 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]186 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]187
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]188
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]189 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]190 &rnd_info, MBEDTLS_MD_NONE,
191 hash_result->len,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]192 hash_result->x, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]193
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]194
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]195 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
196 ctx.len, result_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]197
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]198exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]199 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
200 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
201
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]202 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]203}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]204/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]206/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]207void rsa_pkcs1_verify_raw( data_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]208 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]209 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]210 data_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]211{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]212 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]213 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]214
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]215 mbedtls_mpi N, E;
216 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
217
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]218 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]219 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
220 MBEDTLS_MD_NONE ) == 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]221 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]222
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]223 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
224 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]225
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]226 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
227 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]229
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]230
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]231 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]232
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]233exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]234 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]235 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]236}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]237/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]238
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]239/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]240void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]241 int mod, int radix_N, char * input_N,
242 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]243 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]244{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]245 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]247 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]248
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]249 mbedtls_mpi N, E;
250 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
251
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]252 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]253
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]254 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]255 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
256 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]257 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]258
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]259 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
260 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]261
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]262 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
263 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]265
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]266
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]267 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
268 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]269 &rnd_info, message_str->len,
270 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]271 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]272 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]273 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]274
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]275 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
276 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]277 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]278
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]279exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]280 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]281 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]282}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]283/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]284
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]285/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]286void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]287 int mod, int radix_N, char * input_N,
288 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]289 data_t * result_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]290{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]291 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]293
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]294 mbedtls_mpi N, E;
295
296 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]297 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]298 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
299 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]300 memset( output, 0x00, sizeof( output ) );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]301
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]302 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
303 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]304
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]305 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
306 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]308
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]309
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]310 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]311 NULL, message_str->len,
312 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]313 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]314 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]315 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]316
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]317 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
318 ctx.len, result_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]319 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]320
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]321exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]322 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]323 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]324}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]325/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]326
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]327/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]328void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]329 int mod, int radix_P, char * input_P,
330 int radix_Q, char * input_Q, int radix_N,
331 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]332 int max_output, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]333 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]334{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]335 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]336 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]337 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]338 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]339 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]340
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]341 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
342 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
343
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]344 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame^]345 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
346 MBEDTLS_MD_NONE ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]348 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]349 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]350
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]351
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]352 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
353 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
354 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
355 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]356
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]357 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
358 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]359 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]361
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]362 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]363
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]364 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]365 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]366 &output_len, message_str->x, output,
367 max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]368 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]369 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]370
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]371 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]372 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]373 result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]374 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]375
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]376exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]377 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
378 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]379 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]380}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]381/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]382
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]383/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]384void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]385 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]386 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]387{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]388 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]389 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]390
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]391 mbedtls_mpi N, E;
392
393 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]394 mbedtls_rsa_init( &ctx );
395 mbedtls_rsa_init( &ctx2 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]396 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]397
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]398 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
399 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]400
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]401 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
402 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]404
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]405
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]406 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]407 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]408 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]409
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]410 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
411 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]412 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]413
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]414 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]416 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]417 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]418
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]419 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]420
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]421 memset( output, 0x00, sizeof( output ) );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]422 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]423 if( result == 0 )
424 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]425
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]426 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
427 ctx.len, result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]428 }
429
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]430exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]431 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432 mbedtls_rsa_free( &ctx );
433 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]434}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]435/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]436
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]437/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]438void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]439 char * input_P, int radix_Q, char * input_Q,
440 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]441 char * input_E, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]442 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]443{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]444 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]446 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]447 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]448 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]449
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]450 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
451 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]452 mbedtls_rsa_init( &ctx );
453 mbedtls_rsa_init( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]454
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]455 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]456
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]457 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
458 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
459 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
460 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]461
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]462 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
463 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]464 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]465 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]466
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]467
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]468 /* repeat three times to test updating of blinding values */
469 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]470 {
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]471 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]472 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
473 &rnd_info, message_str->x,
474 output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]475 if( result == 0 )
476 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]477
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]478 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]479 ctx.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]480 result_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]481 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]482 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]483
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]484 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]485 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]486 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]487 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]488
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]489 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]490
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]491 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]492 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
493 &rnd_info, message_str->x,
494 output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]495 if( result == 0 )
496 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]497
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]498 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]499 ctx2.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]500 result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]501 }
502
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]503exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]504 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
505 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
506
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]507 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]508}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]509/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]510
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]511/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]512void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]513{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514 mbedtls_rsa_context ctx;
515 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]516
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]517 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]518}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]519/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]520
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]521/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]522void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
523 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]524{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]525 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]526 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]527
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]528 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]529 mbedtls_rsa_init( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]530
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]531 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]532 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]533 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]534 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]535 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]536 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]537 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]538 }
539
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]540 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]542
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]543exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]544 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]545 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]546}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]547/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]548
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]549/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]550void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
551 int radix_Q, char * input_Q, int radix_N,
552 char * input_N, int radix_E, char * input_E,
553 int radix_D, char * input_D, int radix_DP,
554 char * input_DP, int radix_DQ,
555 char * input_DQ, int radix_QP,
556 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]557{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]559
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]560 mbedtls_rsa_init( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]561
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]562 ctx.len = mod / 8;
563 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]564 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]565 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]566 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]567 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]568 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]570 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]571 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]572 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]573 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]574 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]575 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]576 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]577 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]578 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]579 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]580 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]581 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]582 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]583#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]584 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]585 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]586 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]587 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]588 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]589 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]590 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]591 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]592 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]593 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]594 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]595 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]596#else
597 ((void) radix_DP); ((void) input_DP);
598 ((void) radix_DQ); ((void) input_DQ);
599 ((void) radix_QP); ((void) input_QP);
600#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]601
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]602 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]603
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]604exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]605 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]606}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]607/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]608
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]609/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]610void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
611 int radix_Epub, char * input_Epub, int radix_P,
612 char * input_P, int radix_Q, char * input_Q,
613 int radix_N, char * input_N, int radix_E,
614 char * input_E, int radix_D, char * input_D,
615 int radix_DP, char * input_DP, int radix_DQ,
616 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]617 int result )
618{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]620
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]621 mbedtls_rsa_init( &pub );
622 mbedtls_rsa_init( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]623
624 pub.len = mod / 8;
625 prv.len = mod / 8;
626
627 if( strlen( input_Npub ) )
628 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]629 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]630 }
631 if( strlen( input_Epub ) )
632 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]634 }
635
636 if( strlen( input_P ) )
637 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]638 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]639 }
640 if( strlen( input_Q ) )
641 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]642 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]643 }
644 if( strlen( input_N ) )
645 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]646 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]647 }
648 if( strlen( input_E ) )
649 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]650 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]651 }
652 if( strlen( input_D ) )
653 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]654 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]655 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]656#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]657 if( strlen( input_DP ) )
658 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]660 }
661 if( strlen( input_DQ ) )
662 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]663 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]664 }
665 if( strlen( input_QP ) )
666 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]668 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]669#else
670 ((void) radix_DP); ((void) input_DP);
671 ((void) radix_DQ); ((void) input_DQ);
672 ((void) radix_QP); ((void) input_QP);
673#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]674
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]675 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]676
677exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 mbedtls_rsa_free( &pub );
679 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]680}
681/* END_CASE */
682
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]683/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]685{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]686 mbedtls_rsa_context ctx;
687 mbedtls_entropy_context entropy;
688 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]689 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]690
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]691 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]692 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]693 mbedtls_rsa_init ( &ctx );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]694
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]695 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
696 &entropy, (const unsigned char *) pers,
697 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]698
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]699 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]700 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]701 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]702 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]703 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]704 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]705
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]706exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]707 mbedtls_rsa_free( &ctx );
708 mbedtls_ctr_drbg_free( &ctr_drbg );
709 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]710}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]711/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]712
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]713/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]714void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]715 int radix_D, char *input_D,
716 int radix_E, char *input_E,
717 int radix_P, char *output_P,
718 int radix_Q, char *output_Q,
719 int corrupt, int result )
720{
721 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
722
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]723 mbedtls_mpi_init( &N );
724 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
725 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
726 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
727
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]728 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
729 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
730 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
731 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
732 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
733
734 if( corrupt )
735 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
736
737 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]738 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]739
740 if( !corrupt )
741 {
742 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
743 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
744 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
745 }
746
747exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]748 mbedtls_mpi_free( &N );
749 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
750 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
751 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]752}
753/* END_CASE */
754
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]755/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]756void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
757 int radix_Q, char *input_Q,
758 int radix_E, char *input_E,
759 int radix_D, char *output_D,
760 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]761{
762 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
763
764 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
765 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
766 mbedtls_mpi_init( &E );
767 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
768
769 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
770 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
771 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
772 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
773
774 if( corrupt )
775 {
776 /* Make E even */
777 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
778 }
779
780 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]781 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
782 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]783
784 if( !corrupt )
785 {
786 /*
787 * Check that D and Dp agree modulo LCM(P-1, Q-1).
788 */
789
790 /* Replace P,Q by P-1, Q-1 */
791 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
792 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
793
794 /* Check D == Dp modulo P-1 */
795 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
796 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
797 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
798
799 /* Check D == Dp modulo Q-1 */
800 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
801 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
802 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
803 }
804
805exit:
806
807 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
808 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
809 mbedtls_mpi_free( &E );
810 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
811}
812/* END_CASE */
813
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]814/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]815void mbedtls_rsa_import( int radix_N, char *input_N,
816 int radix_P, char *input_P,
817 int radix_Q, char *input_Q,
818 int radix_D, char *input_D,
819 int radix_E, char *input_E,
820 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]821 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]822 int res_check,
823 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]824{
825 mbedtls_mpi N, P, Q, D, E;
826 mbedtls_rsa_context ctx;
827
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]828 /* Buffers used for encryption-decryption test */
829 unsigned char *buf_orig = NULL;
830 unsigned char *buf_enc = NULL;
831 unsigned char *buf_dec = NULL;
832
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]833 mbedtls_entropy_context entropy;
834 mbedtls_ctr_drbg_context ctr_drbg;
835 const char *pers = "test_suite_rsa";
836
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]837 const int have_N = ( strlen( input_N ) > 0 );
838 const int have_P = ( strlen( input_P ) > 0 );
839 const int have_Q = ( strlen( input_Q ) > 0 );
840 const int have_D = ( strlen( input_D ) > 0 );
841 const int have_E = ( strlen( input_E ) > 0 );
842
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]843 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]844 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]845 mbedtls_rsa_init( &ctx );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]846
847 mbedtls_mpi_init( &N );
848 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
849 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
850
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]851 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
852 (const unsigned char *) pers, strlen( pers ) ) == 0 );
853
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]854 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]855 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
856
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]857 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]858 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
859
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]860 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]861 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
862
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]863 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]864 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
865
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]866 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]867 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
868
869 if( !successive )
870 {
871 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]872 have_N ? &N : NULL,
873 have_P ? &P : NULL,
874 have_Q ? &Q : NULL,
875 have_D ? &D : NULL,
876 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]877 }
878 else
879 {
880 /* Import N, P, Q, D, E separately.
881 * This should make no functional difference. */
882
883 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]884 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]885 NULL, NULL, NULL, NULL ) == 0 );
886
887 TEST_ASSERT( mbedtls_rsa_import( &ctx,
888 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]889 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]890 NULL, NULL, NULL ) == 0 );
891
892 TEST_ASSERT( mbedtls_rsa_import( &ctx,
893 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]894 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]895 NULL, NULL ) == 0 );
896
897 TEST_ASSERT( mbedtls_rsa_import( &ctx,
898 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]899 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]900 NULL ) == 0 );
901
902 TEST_ASSERT( mbedtls_rsa_import( &ctx,
903 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]904 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]905 }
906
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]907 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]908
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]909 /* On expected success, perform some public and private
910 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]911 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]912 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]913 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]914 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
915 else
916 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
917
918 if( res_check != 0 )
919 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]920
921 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
922 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
923 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
924 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
925 goto exit;
926
927 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
928 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
929
930 /* Make sure the number we're generating is smaller than the modulus */
931 buf_orig[0] = 0x00;
932
933 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
934
935 if( is_priv )
936 {
937 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
938 &ctr_drbg, buf_enc,
939 buf_dec ) == 0 );
940
941 TEST_ASSERT( memcmp( buf_orig, buf_dec,
942 mbedtls_rsa_get_len( &ctx ) ) == 0 );
943 }
944 }
945
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]946exit:
947
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]948 mbedtls_free( buf_orig );
949 mbedtls_free( buf_enc );
950 mbedtls_free( buf_dec );
951
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]952 mbedtls_rsa_free( &ctx );
953
954 mbedtls_ctr_drbg_free( &ctr_drbg );
955 mbedtls_entropy_free( &entropy );
956
957 mbedtls_mpi_free( &N );
958 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
959 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
960}
961/* END_CASE */
962
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]963/* BEGIN_CASE */
964void mbedtls_rsa_export( int radix_N, char *input_N,
965 int radix_P, char *input_P,
966 int radix_Q, char *input_Q,
967 int radix_D, char *input_D,
968 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]969 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]970 int successive )
971{
972 /* Original MPI's with which we set up the RSA context */
973 mbedtls_mpi N, P, Q, D, E;
974
975 /* Exported MPI's */
976 mbedtls_mpi Ne, Pe, Qe, De, Ee;
977
978 const int have_N = ( strlen( input_N ) > 0 );
979 const int have_P = ( strlen( input_P ) > 0 );
980 const int have_Q = ( strlen( input_Q ) > 0 );
981 const int have_D = ( strlen( input_D ) > 0 );
982 const int have_E = ( strlen( input_E ) > 0 );
983
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]984 mbedtls_rsa_context ctx;
985
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]986 mbedtls_rsa_init( &ctx );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]987
988 mbedtls_mpi_init( &N );
989 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
990 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
991
992 mbedtls_mpi_init( &Ne );
993 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
994 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
995
996 /* Setup RSA context */
997
998 if( have_N )
999 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1000
1001 if( have_P )
1002 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1003
1004 if( have_Q )
1005 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1006
1007 if( have_D )
1008 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1009
1010 if( have_E )
1011 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1012
1013 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1014 strlen( input_N ) ? &N : NULL,
1015 strlen( input_P ) ? &P : NULL,
1016 strlen( input_Q ) ? &Q : NULL,
1017 strlen( input_D ) ? &D : NULL,
1018 strlen( input_E ) ? &E : NULL ) == 0 );
1019
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1020 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1021
1022 /*
1023 * Export parameters and compare to original ones.
1024 */
1025
1026 /* N and E must always be present. */
1027 if( !successive )
1028 {
1029 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1030 }
1031 else
1032 {
1033 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1034 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1035 }
1036 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1037 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1038
1039 /* If we were providing enough information to setup a complete private context,
1040 * we expect to be able to export all core parameters. */
1041
1042 if( is_priv )
1043 {
1044 if( !successive )
1045 {
1046 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1047 &De, NULL ) == 0 );
1048 }
1049 else
1050 {
1051 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1052 NULL, NULL ) == 0 );
1053 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1054 NULL, NULL ) == 0 );
1055 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1056 &De, NULL ) == 0 );
1057 }
1058
1059 if( have_P )
1060 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1061
1062 if( have_Q )
1063 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1064
1065 if( have_D )
1066 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1067
1068 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1069 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1070 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1071 }
1072
1073exit:
1074
1075 mbedtls_rsa_free( &ctx );
1076
1077 mbedtls_mpi_free( &N );
1078 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1079 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1080
1081 mbedtls_mpi_free( &Ne );
1082 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1083 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1084}
1085/* END_CASE */
1086
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1087/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1088void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1089 int radix_P, char *input_P,
1090 int radix_Q, char *input_Q,
1091 int radix_D, char *input_D,
1092 int radix_E, char *input_E,
1093 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1094{
1095 /* Original MPI's with which we set up the RSA context */
1096 mbedtls_mpi N, P, Q, D, E;
1097
1098 const int have_N = ( strlen( input_N ) > 0 );
1099 const int have_P = ( strlen( input_P ) > 0 );
1100 const int have_Q = ( strlen( input_Q ) > 0 );
1101 const int have_D = ( strlen( input_D ) > 0 );
1102 const int have_E = ( strlen( input_E ) > 0 );
1103
1104 mbedtls_entropy_context entropy;
1105 mbedtls_ctr_drbg_context ctr_drbg;
1106 const char *pers = "test_suite_rsa";
1107
1108 mbedtls_mpi_init( &N );
1109 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1110 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1111
1112 mbedtls_ctr_drbg_init( &ctr_drbg );
1113 mbedtls_entropy_init( &entropy );
1114 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1115 &entropy, (const unsigned char *) pers,
1116 strlen( pers ) ) == 0 );
1117
1118 if( have_N )
1119 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1120
1121 if( have_P )
1122 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1123
1124 if( have_Q )
1125 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1126
1127 if( have_D )
1128 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1129
1130 if( have_E )
1131 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1132
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1133 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1134 have_P ? &P : NULL,
1135 have_Q ? &Q : NULL,
1136 have_D ? &D : NULL,
1137 have_E ? &E : NULL,
1138 prng ? mbedtls_ctr_drbg_random : NULL,
1139 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1140exit:
1141
1142 mbedtls_ctr_drbg_free( &ctr_drbg );
1143 mbedtls_entropy_free( &entropy );
1144
1145 mbedtls_mpi_free( &N );
1146 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1147 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1148}
1149/* END_CASE */
1150
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1151/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1152void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1153 data_t *input_Q, data_t *input_D,
1154 data_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1155 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1156{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1157 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1158 unsigned char bufNe[256];
1159 unsigned char bufPe[128];
1160 unsigned char bufQe[128];
1161 unsigned char bufDe[256];
1162 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1163
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1164 mbedtls_rsa_context ctx;
1165
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]1166 mbedtls_rsa_init( &ctx );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1167
1168 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1169 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1170 input_N->len ? input_N->x : NULL, input_N->len,
1171 input_P->len ? input_P->x : NULL, input_P->len,
1172 input_Q->len ? input_Q->x : NULL, input_Q->len,
1173 input_D->len ? input_D->x : NULL, input_D->len,
1174 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1175
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1176 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1177
1178 /*
1179 * Export parameters and compare to original ones.
1180 */
1181
1182 /* N and E must always be present. */
1183 if( !successive )
1184 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1185 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1186 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1187 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1188 }
1189 else
1190 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1191 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1192 NULL, 0, NULL, 0, NULL, 0,
1193 NULL, 0 ) == 0 );
1194 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1195 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1196 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1197 }
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1198 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1199 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1200
1201 /* If we were providing enough information to setup a complete private context,
1202 * we expect to be able to export all core parameters. */
1203
1204 if( is_priv )
1205 {
1206 if( !successive )
1207 {
1208 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1209 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1210 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1211 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1212 NULL, 0 ) == 0 );
1213 }
1214 else
1215 {
1216 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1217 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1218 NULL, 0, NULL, 0,
1219 NULL, 0 ) == 0 );
1220
1221 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1222 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1223 NULL, 0, NULL, 0 ) == 0 );
1224
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1225 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1226 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1227 NULL, 0 ) == 0 );
1228 }
1229
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1230 if( input_P->len )
1231 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1232
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1233 if( input_Q->len )
1234 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1235
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1236 if( input_D->len )
1237 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1238
1239 }
1240
1241exit:
1242 mbedtls_rsa_free( &ctx );
1243}
1244/* END_CASE */
1245
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1246/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1247void mbedtls_rsa_import_raw( data_t *input_N,
1248 data_t *input_P, data_t *input_Q,
1249 data_t *input_D, data_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1250 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1251 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1252 int res_check,
1253 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1254{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1255 /* Buffers used for encryption-decryption test */
1256 unsigned char *buf_orig = NULL;
1257 unsigned char *buf_enc = NULL;
1258 unsigned char *buf_dec = NULL;
1259
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1260 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1261 mbedtls_entropy_context entropy;
1262 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1263
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1264 const char *pers = "test_suite_rsa";
1265
1266 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1267 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]1268 mbedtls_rsa_init( &ctx );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1269
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1270 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1271 &entropy, (const unsigned char *) pers,
1272 strlen( pers ) ) == 0 );
1273
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1274 if( !successive )
1275 {
1276 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1277 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1278 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1279 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1280 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1281 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1282 }
1283 else
1284 {
1285 /* Import N, P, Q, D, E separately.
1286 * This should make no functional difference. */
1287
1288 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1289 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1290 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1291
1292 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1293 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1294 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1295 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1296
1297 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1298 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1299 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1300 NULL, 0, NULL, 0 ) == 0 );
1301
1302 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1303 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1304 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1305 NULL, 0 ) == 0 );
1306
1307 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1308 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1309 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1310 }
1311
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1312 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1313
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1314 /* On expected success, perform some public and private
1315 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1316 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1317 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1318 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1319 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1320 else
1321 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1322
1323 if( res_check != 0 )
1324 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1325
1326 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1327 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1328 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1329 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1330 goto exit;
1331
1332 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1333 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1334
1335 /* Make sure the number we're generating is smaller than the modulus */
1336 buf_orig[0] = 0x00;
1337
1338 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1339
1340 if( is_priv )
1341 {
1342 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1343 &ctr_drbg, buf_enc,
1344 buf_dec ) == 0 );
1345
1346 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1347 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1348 }
1349 }
1350
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1351exit:
1352
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1353 mbedtls_free( buf_orig );
1354 mbedtls_free( buf_enc );
1355 mbedtls_free( buf_dec );
1356
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1357 mbedtls_rsa_free( &ctx );
1358
1359 mbedtls_ctr_drbg_free( &ctr_drbg );
1360 mbedtls_entropy_free( &entropy );
1361
1362}
1363/* END_CASE */
1364
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1365/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1366void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1367{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1368 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1369}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1370/* END_CASE */