blob: f41b14cc3fed8dcfa0fa52a4b250c15fa0f03398 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/rsa.h"
3#include "mbedtls/md2.h"
4#include "mbedtls/md4.h"
5#include "mbedtls/md5.h"
6#include "mbedtls/sha1.h"
7#include "mbedtls/sha256.h"
8#include "mbedtls/sha512.h"
9#include "mbedtls/entropy.h"
10#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +010011
Paul Bakker33b43f12013-08-20 11:48:36 +020012/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +000013
Paul Bakker33b43f12013-08-20 11:48:36 +020014/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020015 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +020016 * END_DEPENDENCIES
17 */
Paul Bakker5690efc2011-05-26 13:16:06 +000018
Paul Bakker33b43f12013-08-20 11:48:36 +020019/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020020void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020021 int mod, int radix_P, char *input_P, int radix_Q,
22 char *input_Q, int radix_N, char *input_N, int radix_E,
23 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000024{
25 unsigned char message_str[1000];
26 unsigned char hash_result[1000];
27 unsigned char output[1000];
28 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020029 mbedtls_rsa_context ctx;
30 mbedtls_mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +000031 int msg_len;
Paul Bakker548957d2013-08-30 10:30:02 +020032 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +000033
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020034 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
35 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000036
37 memset( message_str, 0x00, 1000 );
38 memset( hash_result, 0x00, 1000 );
39 memset( output, 0x00, 1000 );
40 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +020041 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +000042
Paul Bakker33b43f12013-08-20 11:48:36 +020043 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020044 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
45 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
47 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000048
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020049 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
50 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
51 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
52 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
53 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
54 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
55 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
56 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000057
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020058 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000059
Paul Bakker33b43f12013-08-20 11:48:36 +020060 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +000061
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020062 if( mbedtls_md_info_from_type( digest ) != NULL )
63 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000064
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020065 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +020066 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +000067 {
68 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +000069
Paul Bakker33b43f12013-08-20 11:48:36 +020070 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +000071 }
Paul Bakker6c591fa2011-05-05 11:49:20 +000072
Paul Bakkerbd51b262014-07-10 15:26:12 +020073exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020074 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
75 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +000076}
Paul Bakker33b43f12013-08-20 11:48:36 +020077/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +000078
Paul Bakker33b43f12013-08-20 11:48:36 +020079/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020080void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020081 int mod, int radix_N, char *input_N, int radix_E,
82 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000083{
84 unsigned char message_str[1000];
85 unsigned char hash_result[1000];
86 unsigned char result_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020087 mbedtls_rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +000088 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +000089
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020090 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000091 memset( message_str, 0x00, 1000 );
92 memset( hash_result, 0x00, 1000 );
93 memset( result_str, 0x00, 1000 );
94
Paul Bakker33b43f12013-08-20 11:48:36 +020095 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020096 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
97 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000098
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020099 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000100
Paul Bakker33b43f12013-08-20 11:48:36 +0200101 msg_len = unhexify( message_str, message_hex_string );
102 unhexify( result_str, result_hex_str );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000103
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200104 if( mbedtls_md_info_from_type( digest ) != NULL )
105 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000106
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200107 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100108
Paul Bakkerbd51b262014-07-10 15:26:12 +0200109exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200110 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000111}
Paul Bakker33b43f12013-08-20 11:48:36 +0200112/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000113
Paul Bakker821fb082009-07-12 13:26:42 +0000114
Paul Bakker33b43f12013-08-20 11:48:36 +0200115/* BEGIN_CASE */
116void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
117 int padding_mode, int mod, int radix_P, char *input_P,
118 int radix_Q, char *input_Q, int radix_N,
119 char *input_N, int radix_E, char *input_E,
120 char *result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000121{
122 unsigned char message_str[1000];
123 unsigned char hash_result[1000];
124 unsigned char output[1000];
125 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200126 mbedtls_rsa_context ctx;
127 mbedtls_mpi P1, Q1, H, G;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000128 int hash_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200129 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000130
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200131 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
132 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000133
Paul Bakker42a29bf2009-07-07 20:18:41 +0000134 memset( message_str, 0x00, 1000 );
135 memset( hash_result, 0x00, 1000 );
136 memset( output, 0x00, 1000 );
137 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200138 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000139
Paul Bakker33b43f12013-08-20 11:48:36 +0200140 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200141 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
142 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
143 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
144 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000145
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200146 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
147 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
148 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
149 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
150 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
151 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
152 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
153 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000154
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200155 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000156
Paul Bakker33b43f12013-08-20 11:48:36 +0200157 unhexify( message_str, message_hex_string );
158 hash_len = unhexify( hash_result, hash_result_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200160 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000161
162 hexify( output_str, output, ctx.len );
163
Paul Bakker33b43f12013-08-20 11:48:36 +0200164 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000165
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100166 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200167 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100168 {
169 memset( output, 0x00, 1000 );
170 memset( output_str, 0x00, 1000 );
171
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200172 TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
173 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100174 hash_len, hash_result, output ) == 0 );
175
176 hexify( output_str, output, ctx.len );
177
178 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
179 }
180
Paul Bakkerbd51b262014-07-10 15:26:12 +0200181exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200182 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
183 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000184}
Paul Bakker33b43f12013-08-20 11:48:36 +0200185/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000186
Paul Bakker33b43f12013-08-20 11:48:36 +0200187/* BEGIN_CASE */
188void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
189 int padding_mode, int mod, int radix_N,
190 char *input_N, int radix_E, char *input_E,
191 char *result_hex_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000192{
193 unsigned char message_str[1000];
194 unsigned char hash_result[1000];
195 unsigned char result_str[1000];
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100196 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200197 mbedtls_rsa_context ctx;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100198 size_t hash_len, olen;
Paul Bakker821fb082009-07-12 13:26:42 +0000199
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200200 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000201 memset( message_str, 0x00, 1000 );
202 memset( hash_result, 0x00, 1000 );
203 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100204 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000205
Paul Bakker33b43f12013-08-20 11:48:36 +0200206 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200207 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
208 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000209
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200210 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000211
Paul Bakker33b43f12013-08-20 11:48:36 +0200212 unhexify( message_str, message_hex_string );
213 hash_len = unhexify( hash_result, hash_result_string );
214 unhexify( result_str, result_hex_str );
Paul Bakker821fb082009-07-12 13:26:42 +0000215
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200216 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_len, hash_result, result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100217
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100218 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200219 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100220 {
221 int ok;
222
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200223 TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
224 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100225 &olen, result_str, output, sizeof( output ) ) == 0 );
226
227 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
228 if( correct == 0 )
229 TEST_ASSERT( ok == 1 );
230 else
231 TEST_ASSERT( ok == 0 );
232 }
233
Paul Bakkerbd51b262014-07-10 15:26:12 +0200234exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200235 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000236}
Paul Bakker33b43f12013-08-20 11:48:36 +0200237/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000238
Paul Bakker33b43f12013-08-20 11:48:36 +0200239/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200240void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200241 int radix_N, char *input_N, int radix_E, char *input_E,
242 char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000243{
244 unsigned char message_str[1000];
245 unsigned char output[1000];
246 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200247 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000248 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000249 rnd_pseudo_info rnd_info;
250
251 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000252
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200253 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000254 memset( message_str, 0x00, 1000 );
255 memset( output, 0x00, 1000 );
256 memset( output_str, 0x00, 1000 );
257
Paul Bakker33b43f12013-08-20 11:48:36 +0200258 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200259 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
260 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000261
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200262 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000263
Paul Bakker33b43f12013-08-20 11:48:36 +0200264 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000265
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200266 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200267 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000268 {
269 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000270
Paul Bakker33b43f12013-08-20 11:48:36 +0200271 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000272 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100273
Paul Bakkerbd51b262014-07-10 15:26:12 +0200274exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200275 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000276}
Paul Bakker33b43f12013-08-20 11:48:36 +0200277/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000278
Paul Bakker33b43f12013-08-20 11:48:36 +0200279/* BEGIN_CASE */
280void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
281 int mod, int radix_N, char *input_N,
282 int radix_E, char *input_E,
283 char *result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000284{
285 unsigned char message_str[1000];
286 unsigned char output[1000];
287 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200288 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000289 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000290
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200291 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000292 memset( message_str, 0x00, 1000 );
293 memset( output, 0x00, 1000 );
294 memset( output_str, 0x00, 1000 );
295
Paul Bakker33b43f12013-08-20 11:48:36 +0200296 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200297 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
298 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000299
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200300 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000301
Paul Bakker33b43f12013-08-20 11:48:36 +0200302 msg_len = unhexify( message_str, message_hex_string );
Paul Bakkera6656852010-07-18 19:47:14 +0000303
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200304 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200305 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000306 {
307 hexify( output_str, output, ctx.len );
308
Paul Bakker33b43f12013-08-20 11:48:36 +0200309 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000310 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100311
Paul Bakkerbd51b262014-07-10 15:26:12 +0200312exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200313 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000314}
Paul Bakker33b43f12013-08-20 11:48:36 +0200315/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000316
Paul Bakker33b43f12013-08-20 11:48:36 +0200317/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200318void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200319 int radix_P, char *input_P, int radix_Q, char *input_Q,
320 int radix_N, char *input_N, int radix_E, char *input_E,
321 int max_output, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000322{
323 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000324 unsigned char output[1000];
325 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200326 mbedtls_rsa_context ctx;
327 mbedtls_mpi P1, Q1, H, G;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000328 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200329 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000330
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200331 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
332 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000333
334 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000335 memset( output, 0x00, 1000 );
336 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200337 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000338
Paul Bakker33b43f12013-08-20 11:48:36 +0200339 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200340 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
341 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
342 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
343 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000344
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200345 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
346 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
347 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
348 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
349 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
350 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
351 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
352 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000353
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200354 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000355
Paul Bakker33b43f12013-08-20 11:48:36 +0200356 unhexify( message_str, message_hex_string );
Paul Bakker69998dd2009-07-11 19:15:20 +0000357 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000358
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200359 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200360 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000361 {
362 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000363
Paul Bakker33b43f12013-08-20 11:48:36 +0200364 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000365 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000366
Paul Bakkerbd51b262014-07-10 15:26:12 +0200367exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200368 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
369 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000370}
Paul Bakker33b43f12013-08-20 11:48:36 +0200371/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000372
Paul Bakker33b43f12013-08-20 11:48:36 +0200373/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200374void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
Paul Bakker33b43f12013-08-20 11:48:36 +0200375 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000376{
377 unsigned char message_str[1000];
378 unsigned char output[1000];
379 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200380 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000381
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200382 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
383 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000384 memset( message_str, 0x00, 1000 );
385 memset( output, 0x00, 1000 );
386 memset( output_str, 0x00, 1000 );
387
Paul Bakker33b43f12013-08-20 11:48:36 +0200388 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200389 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
390 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000391
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200392 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000393
Paul Bakker33b43f12013-08-20 11:48:36 +0200394 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000395
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200396 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200397 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000398 {
399 hexify( output_str, output, ctx.len );
400
Paul Bakker33b43f12013-08-20 11:48:36 +0200401 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000402 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100403
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100404 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200405 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200406 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200407 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100408
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200409 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100410
411 memset( output, 0x00, 1000 );
412 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200413 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100414 if( result == 0 )
415 {
416 hexify( output_str, output, ctx2.len );
417
418 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
419 }
420
Paul Bakkerbd51b262014-07-10 15:26:12 +0200421exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200422 mbedtls_rsa_free( &ctx );
423 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000424}
Paul Bakker33b43f12013-08-20 11:48:36 +0200425/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000426
Paul Bakker33b43f12013-08-20 11:48:36 +0200427/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200428void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
Paul Bakker33b43f12013-08-20 11:48:36 +0200429 int radix_Q, char *input_Q, int radix_N, char *input_N,
430 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000431{
432 unsigned char message_str[1000];
433 unsigned char output[1000];
434 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200435 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
436 mbedtls_mpi P1, Q1, H, G;
Paul Bakker548957d2013-08-30 10:30:02 +0200437 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200438 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000439
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200440 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
441 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
442 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000443
444 memset( message_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200445 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000446
Paul Bakker33b43f12013-08-20 11:48:36 +0200447 ctx.len = mod / 8;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200448 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
449 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
450 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
451 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000452
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200453 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
454 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
455 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
456 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 );
457 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
458 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
459 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
460 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000461
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200462 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000463
Paul Bakker33b43f12013-08-20 11:48:36 +0200464 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000465
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200466 /* repeat three times to test updating of blinding values */
467 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000468 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200469 memset( output, 0x00, 1000 );
470 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200471 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200472 message_str, output ) == result );
473 if( result == 0 )
474 {
475 hexify( output_str, output, ctx.len );
Paul Bakker821fb082009-07-12 13:26:42 +0000476
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200477 TEST_ASSERT( strcasecmp( (char *) output_str,
478 result_hex_str ) == 0 );
479 }
Paul Bakker821fb082009-07-12 13:26:42 +0000480 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000481
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100482 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200483 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200484 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200485 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100486
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200487 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100488
489 memset( output, 0x00, 1000 );
490 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200491 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100492 message_str, output ) == result );
493 if( result == 0 )
494 {
495 hexify( output_str, output, ctx2.len );
496
497 TEST_ASSERT( strcasecmp( (char *) output_str,
498 result_hex_str ) == 0 );
499 }
500
Paul Bakkerbd51b262014-07-10 15:26:12 +0200501exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200502 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
503 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000504}
Paul Bakker33b43f12013-08-20 11:48:36 +0200505/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000506
Paul Bakker33b43f12013-08-20 11:48:36 +0200507/* BEGIN_CASE */
508void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000509{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200510 mbedtls_rsa_context ctx;
511 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000512
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200513 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000514}
Paul Bakker33b43f12013-08-20 11:48:36 +0200515/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000516
Paul Bakker33b43f12013-08-20 11:48:36 +0200517/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200518void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
Paul Bakker33b43f12013-08-20 11:48:36 +0200519 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000520{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200521 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000522
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200523 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000524
Paul Bakker33b43f12013-08-20 11:48:36 +0200525 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000526 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200527 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000528 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200529 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000530 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200531 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000532 }
533
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200534 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100535
Paul Bakkerbd51b262014-07-10 15:26:12 +0200536exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200537 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000538}
Paul Bakker33b43f12013-08-20 11:48:36 +0200539/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000540
Paul Bakker33b43f12013-08-20 11:48:36 +0200541/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200542void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
Paul Bakker33b43f12013-08-20 11:48:36 +0200543 char *input_Q, int radix_N, char *input_N,
544 int radix_E, char *input_E, int radix_D, char *input_D,
545 int radix_DP, char *input_DP, int radix_DQ,
546 char *input_DQ, int radix_QP, char *input_QP,
547 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000548{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200549 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000550
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200551 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000552
Paul Bakker33b43f12013-08-20 11:48:36 +0200553 ctx.len = mod / 8;
554 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000555 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200556 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000557 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200558 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000559 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200560 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000561 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200562 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000563 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200564 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000565 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200566 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000567 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200568 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000569 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200570 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000571 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200572 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000573 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200574 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000575 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200576 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000577 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200578 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000579 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200580 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000581 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200582 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000583 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200584 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000585 }
Paul Bakker821fb082009-07-12 13:26:42 +0000586
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200587 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100588
Paul Bakkerbd51b262014-07-10 15:26:12 +0200589exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200590 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000591}
Paul Bakker33b43f12013-08-20 11:48:36 +0200592/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000593
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100594/* BEGIN_CASE */
595void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
596 int radix_Epub, char *input_Epub,
597 int radix_P, char *input_P, int radix_Q,
598 char *input_Q, int radix_N, char *input_N,
599 int radix_E, char *input_E, int radix_D, char *input_D,
600 int radix_DP, char *input_DP, int radix_DQ,
601 char *input_DQ, int radix_QP, char *input_QP,
602 int result )
603{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200604 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100605
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200606 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
607 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100608
609 pub.len = mod / 8;
610 prv.len = mod / 8;
611
612 if( strlen( input_Npub ) )
613 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200614 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100615 }
616 if( strlen( input_Epub ) )
617 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200618 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100619 }
620
621 if( strlen( input_P ) )
622 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200623 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100624 }
625 if( strlen( input_Q ) )
626 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200627 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100628 }
629 if( strlen( input_N ) )
630 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200631 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100632 }
633 if( strlen( input_E ) )
634 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200635 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100636 }
637 if( strlen( input_D ) )
638 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200639 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100640 }
641 if( strlen( input_DP ) )
642 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200643 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100644 }
645 if( strlen( input_DQ ) )
646 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200647 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100648 }
649 if( strlen( input_QP ) )
650 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200651 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100652 }
653
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200654 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100655
656exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200657 mbedtls_rsa_free( &pub );
658 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100659}
660/* END_CASE */
661
Hanno Beckerc6deafc2017-07-23 14:06:42 +0100662/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200663void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000664{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200665 mbedtls_rsa_context ctx;
666 mbedtls_entropy_context entropy;
667 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200668 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000669
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200670 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200671 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100672 mbedtls_rsa_init ( &ctx, 0, 0 );
673
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200674 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200675 (const unsigned char *) pers, strlen( pers ) ) == 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000676
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200677 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200678 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000679 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200680 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100681 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000682 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100683
Paul Bakkerbd51b262014-07-10 15:26:12 +0200684exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200685 mbedtls_rsa_free( &ctx );
686 mbedtls_ctr_drbg_free( &ctr_drbg );
687 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000688}
Paul Bakker33b43f12013-08-20 11:48:36 +0200689/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000690
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200691/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +0200692void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +0000693{
Andres AG93012e82016-09-09 09:10:28 +0100694 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000695}
Paul Bakker33b43f12013-08-20 11:48:36 +0200696/* END_CASE */