blob: 89c84e8ca3e55bff22be07d59f0f6a7aa898ecb2 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +01003#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00004#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +010012
Paul Bakker33b43f12013-08-20 11:48:36 +020013/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +000014
Paul Bakker33b43f12013-08-20 11:48:36 +020015/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020016 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +020017 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +000019
Hanno Becker046d2022018-12-13 18:07:09 +000020/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
21void rsa_invalid_param( )
22{
23 mbedtls_rsa_context ctx;
24 const int valid_padding = MBEDTLS_RSA_PKCS_V21;
25 const int invalid_padding = 42;
26 const int valid_mode = MBEDTLS_RSA_PRIVATE;
27 const int invalid_mode = 42;
28 unsigned char buf[42] = { 0 };
29 size_t olen;
30
Hanno Beckera7ee0022018-12-18 13:30:20 +000031 TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
32 TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
Hanno Becker046d2022018-12-13 18:07:09 +000033 TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
34
35 /* No more variants because only the first argument must be non-NULL. */
36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
37 mbedtls_rsa_import( NULL, NULL, NULL,
38 NULL, NULL, NULL ) );
39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
40 mbedtls_rsa_import_raw( NULL,
41 NULL, 0,
42 NULL, 0,
43 NULL, 0,
44 NULL, 0,
45 NULL, 0 ) );
46
47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
48 mbedtls_rsa_complete( NULL ) );
49
50 /* No more variants because only the first argument must be non-NULL. */
51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
52 mbedtls_rsa_export( NULL, NULL, NULL,
53 NULL, NULL, NULL ) );
54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
Hanno Becker046d2022018-12-13 18:07:09 +000055 mbedtls_rsa_export_raw( NULL,
56 NULL, 0,
57 NULL, 0,
58 NULL, 0,
59 NULL, 0,
60 NULL, 0 ) );
61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
62 mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
63
64 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
65 valid_padding, 0 ) );
66 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
67 invalid_padding, 0 ) );
68
69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
Hanno Beckerf04d9232018-12-18 13:30:42 +000070 mbedtls_rsa_gen_key( NULL, rnd_std_rand,
71 NULL, 0, 0 ) );
72 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
73 mbedtls_rsa_gen_key( &ctx, NULL,
74 NULL, 0, 0 ) );
Hanno Becker046d2022018-12-13 18:07:09 +000075
76 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
77 mbedtls_rsa_check_pubkey( NULL ) );
78 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
79 mbedtls_rsa_check_privkey( NULL ) );
80
81 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
82 mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
84 mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
85
86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
87 mbedtls_rsa_public( NULL, buf, buf ) );
88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
89 mbedtls_rsa_public( &ctx, NULL, buf ) );
90 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
91 mbedtls_rsa_public( &ctx, buf, NULL ) );
92
93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
94 mbedtls_rsa_private( NULL, NULL, NULL,
95 buf, buf ) );
96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
97 mbedtls_rsa_private( &ctx, NULL, NULL,
98 NULL, buf ) );
99 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
100 mbedtls_rsa_private( &ctx, NULL, NULL,
101 buf, NULL ) );
102
103 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
104 mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
105 valid_mode,
106 sizeof( buf ), buf,
107 buf ) );
108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
109 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
110 invalid_mode,
111 sizeof( buf ), buf,
112 buf ) );
113 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
114 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
115 valid_mode,
116 sizeof( buf ), NULL,
117 buf ) );
118 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
119 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
120 valid_mode,
121 sizeof( buf ), buf,
122 NULL ) );
123
124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
125 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
126 NULL,
127 valid_mode,
128 sizeof( buf ), buf,
129 buf ) );
130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
131 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
132 NULL,
133 invalid_mode,
134 sizeof( buf ), buf,
135 buf ) );
136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
137 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
138 NULL,
139 valid_mode,
140 sizeof( buf ), NULL,
141 buf ) );
142 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
143 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
144 NULL,
145 valid_mode,
146 sizeof( buf ), buf,
147 NULL ) );
148
149 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
150 mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
151 valid_mode,
152 buf, sizeof( buf ),
153 sizeof( buf ), buf,
154 buf ) );
155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
156 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
157 invalid_mode,
158 buf, sizeof( buf ),
159 sizeof( buf ), buf,
160 buf ) );
161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
162 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
163 valid_mode,
164 NULL, sizeof( buf ),
165 sizeof( buf ), buf,
166 buf ) );
167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
168 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
169 valid_mode,
170 buf, sizeof( buf ),
171 sizeof( buf ), NULL,
172 buf ) );
173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
174 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
175 valid_mode,
176 buf, sizeof( buf ),
177 sizeof( buf ), buf,
178 NULL ) );
179
180 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
181 mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
182 valid_mode, &olen,
183 buf, buf, 42 ) );
184 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
185 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
186 invalid_mode, &olen,
187 buf, buf, 42 ) );
188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
189 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
190 valid_mode, NULL,
191 buf, buf, 42 ) );
192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
193 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
194 valid_mode, &olen,
195 NULL, buf, 42 ) );
196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
197 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
198 valid_mode, &olen,
199 buf, NULL, 42 ) );
200
201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
202 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
203 NULL,
204 valid_mode, &olen,
205 buf, buf, 42 ) );
206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
207 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
208 NULL,
209 invalid_mode, &olen,
210 buf, buf, 42 ) );
211 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
212 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
213 NULL,
214 valid_mode, NULL,
215 buf, buf, 42 ) );
216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
217 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
218 NULL,
219 valid_mode, &olen,
220 NULL, buf, 42 ) );
221 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
222 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
223 NULL,
224 valid_mode, &olen,
225 buf, NULL, 42 ) );
226
227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
228 mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
229 valid_mode,
230 buf, sizeof( buf ),
231 &olen,
232 buf, buf, 42 ) );
233 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
234 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
235 invalid_mode,
236 buf, sizeof( buf ),
237 &olen,
238 buf, buf, 42 ) );
239 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
240 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
241 valid_mode,
242 NULL, sizeof( buf ),
243 NULL,
244 buf, buf, 42 ) );
245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
246 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
247 valid_mode,
248 buf, sizeof( buf ),
249 &olen,
250 NULL, buf, 42 ) );
251 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
252 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
253 valid_mode,
254 buf, sizeof( buf ),
255 &olen,
256 buf, NULL, 42 ) );
257
258 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
259 mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
260 valid_mode,
261 0, sizeof( buf ), buf,
262 buf ) );
263 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
264 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
265 invalid_mode,
266 0, sizeof( buf ), buf,
267 buf ) );
268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
269 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
270 valid_mode,
271 0, sizeof( buf ), NULL,
272 buf ) );
273 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
274 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
275 valid_mode,
276 0, sizeof( buf ), buf,
277 NULL ) );
Hanno Becker05cf6da2018-12-18 13:33:37 +0000278 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
279 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
280 valid_mode,
281 MBEDTLS_MD_SHA1,
282 0, NULL,
283 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000284
285 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
286 mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
287 valid_mode,
288 0, sizeof( buf ), buf,
289 buf ) );
290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
291 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
292 invalid_mode,
293 0, sizeof( buf ), buf,
294 buf ) );
295 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
296 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
297 valid_mode,
298 0, sizeof( buf ), NULL,
299 buf ) );
300 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
301 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
302 valid_mode,
303 0, sizeof( buf ), buf,
304 NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000305 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
306 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
307 valid_mode,
308 MBEDTLS_MD_SHA1,
309 0, NULL,
310 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000311
312 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
313 mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
314 valid_mode,
315 0, sizeof( buf ), buf,
316 buf ) );
317 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
318 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
319 invalid_mode,
320 0, sizeof( buf ), buf,
321 buf ) );
322 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
323 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
324 valid_mode,
325 0, sizeof( buf ), NULL,
326 buf ) );
327 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
328 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
329 valid_mode,
330 0, sizeof( buf ), buf,
331 NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000332 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
333 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
334 valid_mode,
335 MBEDTLS_MD_SHA1,
336 0, NULL,
337 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000338
339 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
340 mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
341 valid_mode,
342 0, sizeof( buf ), buf,
343 buf ) );
344 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
345 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
346 invalid_mode,
347 0, sizeof( buf ), buf,
348 buf ) );
349 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
350 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
351 valid_mode,
352 0, sizeof( buf ), NULL,
353 buf ) );
354 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
355 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
356 valid_mode,
357 0, sizeof( buf ), buf,
358 NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000359 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
360 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
361 valid_mode,
362 MBEDTLS_MD_SHA1, 0, NULL,
363 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000364
365 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
366 mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
367 NULL,
368 valid_mode,
369 0, sizeof( buf ), buf,
370 buf ) );
371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
372 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
373 NULL,
374 invalid_mode,
375 0, sizeof( buf ), buf,
376 buf ) );
377 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
378 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
379 NULL,
380 valid_mode,
381 0, sizeof( buf ),
382 NULL, buf ) );
383 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
384 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
385 NULL,
386 valid_mode,
387 0, sizeof( buf ), buf,
388 NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
390 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
391 NULL,
392 valid_mode,
393 MBEDTLS_MD_SHA1,
394 0, NULL,
395 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000396
397 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
398 mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
399 valid_mode,
400 0, sizeof( buf ),
401 buf, buf ) );
402 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
403 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
404 invalid_mode,
405 0, sizeof( buf ),
406 buf, buf ) );
407 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
408 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
409 valid_mode,
410 0, sizeof( buf ),
411 NULL, buf ) );
412 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
413 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
414 valid_mode,
415 0, sizeof( buf ),
416 buf, NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000417 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
418 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
419 valid_mode,
420 MBEDTLS_MD_SHA1,
421 0, NULL,
422 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000423
424 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
425 mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
426 valid_mode,
427 0, sizeof( buf ),
428 buf,
429 0, 0,
430 buf ) );
431 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
432 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
433 invalid_mode,
434 0, sizeof( buf ),
435 buf,
436 0, 0,
437 buf ) );
438 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
439 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
440 valid_mode,
441 0, sizeof( buf ),
442 NULL, 0, 0,
443 buf ) );
444 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
445 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
446 valid_mode,
447 0, sizeof( buf ),
448 buf, 0, 0,
449 NULL ) );
Hanno Beckerb06f1932018-12-18 14:04:28 +0000450 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
451 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
452 valid_mode,
453 MBEDTLS_MD_SHA1,
454 0, NULL,
455 0, 0,
456 buf ) );
Hanno Becker046d2022018-12-13 18:07:09 +0000457
458 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
459 mbedtls_rsa_copy( NULL, &ctx ) );
460 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
461 mbedtls_rsa_copy( &ctx, NULL ) );
462
463exit:
464 return;
465}
466/* END_CASE */
467
Paul Bakker33b43f12013-08-20 11:48:36 +0200468/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100469void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100470 int digest, int mod, int radix_P, char * input_P,
471 int radix_Q, char * input_Q, int radix_N,
472 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100473 data_t * result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000474{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000475 unsigned char hash_result[1000];
476 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200477 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100478 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200479 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000480
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100481 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
482 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200483 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000484
Paul Bakker42a29bf2009-07-07 20:18:41 +0000485 memset( hash_result, 0x00, 1000 );
486 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200487 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000488
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100489 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
490 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
491 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
492 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000493
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100494 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
495 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100496 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200497 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000498
Paul Bakker42a29bf2009-07-07 20:18:41 +0000499
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200500 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100501 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000502
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100503 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
504 MBEDTLS_RSA_PRIVATE, digest, 0,
505 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200506 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000507 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000508
Azim Khand30ca132017-06-09 04:32:58 +0100509 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000510 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000511
Paul Bakkerbd51b262014-07-10 15:26:12 +0200512exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100513 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
514 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200515 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000516}
Paul Bakker33b43f12013-08-20 11:48:36 +0200517/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000518
Paul Bakker33b43f12013-08-20 11:48:36 +0200519/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100520void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100521 int digest, int mod, int radix_N,
522 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100523 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000524{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000525 unsigned char hash_result[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200526 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000527
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100528 mbedtls_mpi N, E;
529
530 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200531 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000532 memset( hash_result, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000533
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100534 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
535 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
536 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
537 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200538 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000539
Paul Bakker42a29bf2009-07-07 20:18:41 +0000540
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200541 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100542 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000543
Azim Khand30ca132017-06-09 04:32:58 +0100544 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100545
Paul Bakkerbd51b262014-07-10 15:26:12 +0200546exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100547 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200548 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000549}
Paul Bakker33b43f12013-08-20 11:48:36 +0200550/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000551
Paul Bakker821fb082009-07-12 13:26:42 +0000552
Paul Bakker33b43f12013-08-20 11:48:36 +0200553/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100554void rsa_pkcs1_sign_raw( data_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100555 int padding_mode, int mod, int radix_P,
556 char * input_P, int radix_Q, char * input_Q,
557 int radix_N, char * input_N, int radix_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100558 char * input_E, data_t * result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000559{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000560 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200561 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100562 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200563 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000564
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200565 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100566 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
567 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000568
Paul Bakker42a29bf2009-07-07 20:18:41 +0000569 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200570 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000571
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100572 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
573 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
574 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
575 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000576
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100577 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
578 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100579 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200580 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000581
Paul Bakker821fb082009-07-12 13:26:42 +0000582
Hanno Becker8fd55482017-08-23 14:07:48 +0100583 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
584 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
Azim Khand30ca132017-06-09 04:32:58 +0100585 hash_result->len, hash_result->x,
586 output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000587
Paul Bakker821fb082009-07-12 13:26:42 +0000588
Azim Khand30ca132017-06-09 04:32:58 +0100589 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000590
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200591#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100592 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200593 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100594 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100595 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100596 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100597
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100598 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200599 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Azim Khand30ca132017-06-09 04:32:58 +0100600 hash_result->len, hash_result->x, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100601
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100602#if !defined(MBEDTLS_RSA_ALT)
603 TEST_ASSERT( res == 0 );
604#else
605 TEST_ASSERT( ( res == 0 ) ||
606 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
607#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100608
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100609 if( res == 0 )
610 {
Azim Khand30ca132017-06-09 04:32:58 +0100611 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100612 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100613 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200614#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100615
Paul Bakkerbd51b262014-07-10 15:26:12 +0200616exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100617 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
618 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
619
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200620 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000621}
Paul Bakker33b43f12013-08-20 11:48:36 +0200622/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000623
Paul Bakker33b43f12013-08-20 11:48:36 +0200624/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100625void rsa_pkcs1_verify_raw( data_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200626 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100627 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100628 data_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000629{
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100630 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200631 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000632
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100633 mbedtls_mpi N, E;
634 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
635
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200636 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100637 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000638
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100639 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
640 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000641
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100642 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
643 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200644 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000645
Paul Bakker821fb082009-07-12 13:26:42 +0000646
Azim Khand30ca132017-06-09 04:32:58 +0100647 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100648
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200649#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100650 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200651 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100652 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100653 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100654 int ok;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200655 size_t olen;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100656
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100657 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200658 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Azim Khand30ca132017-06-09 04:32:58 +0100659 &olen, result_str->x, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100660
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100661#if !defined(MBEDTLS_RSA_ALT)
662 TEST_ASSERT( res == 0 );
663#else
664 TEST_ASSERT( ( res == 0 ) ||
665 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
666#endif
667
668 if( res == 0 )
669 {
Azim Khand30ca132017-06-09 04:32:58 +0100670 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100671 if( correct == 0 )
672 TEST_ASSERT( ok == 1 );
673 else
674 TEST_ASSERT( ok == 0 );
675 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100676 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200677#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100678
Paul Bakkerbd51b262014-07-10 15:26:12 +0200679exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100680 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200681 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000682}
Paul Bakker33b43f12013-08-20 11:48:36 +0200683/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000684
Paul Bakker33b43f12013-08-20 11:48:36 +0200685/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100686void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100687 int mod, int radix_N, char * input_N,
688 int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100689 data_t * result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000690{
Paul Bakker821fb082009-07-12 13:26:42 +0000691 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200692 mbedtls_rsa_context ctx;
Paul Bakker997bbd12011-03-13 15:45:42 +0000693 rnd_pseudo_info rnd_info;
694
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100695 mbedtls_mpi N, E;
696 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
697
Paul Bakker997bbd12011-03-13 15:45:42 +0000698 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000699
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200700 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000701 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000702
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100703 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
704 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000705
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100706 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
707 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200708 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000709
Paul Bakker42a29bf2009-07-07 20:18:41 +0000710
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100711 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100712 MBEDTLS_RSA_PUBLIC, message_str->len,
713 message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200714 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000715 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000716
Azim Khand30ca132017-06-09 04:32:58 +0100717 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000718 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100719
Paul Bakkerbd51b262014-07-10 15:26:12 +0200720exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100721 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200722 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000723}
Paul Bakker33b43f12013-08-20 11:48:36 +0200724/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000725
Paul Bakker33b43f12013-08-20 11:48:36 +0200726/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100727void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100728 int mod, int radix_N, char * input_N,
729 int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100730 data_t * result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000731{
Paul Bakkera6656852010-07-18 19:47:14 +0000732 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200733 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000734
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100735 mbedtls_mpi N, E;
736
737 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200738 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000739 memset( output, 0x00, 1000 );
Paul Bakkera6656852010-07-18 19:47:14 +0000740
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100741 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
742 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000743
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100744 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
745 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200746 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000747
Paul Bakkera6656852010-07-18 19:47:14 +0000748
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100749 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
Azim Khand30ca132017-06-09 04:32:58 +0100750 MBEDTLS_RSA_PUBLIC, message_str->len,
751 message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200752 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000753 {
Paul Bakkera6656852010-07-18 19:47:14 +0000754
Azim Khand30ca132017-06-09 04:32:58 +0100755 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000756 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100757
Paul Bakkerbd51b262014-07-10 15:26:12 +0200758exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100759 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200760 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000761}
Paul Bakker33b43f12013-08-20 11:48:36 +0200762/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000763
Paul Bakker33b43f12013-08-20 11:48:36 +0200764/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100765void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100766 int mod, int radix_P, char * input_P,
767 int radix_Q, char * input_Q, int radix_N,
768 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100769 int max_output, data_t * result_hex_str,
Azim Khand30ca132017-06-09 04:32:58 +0100770 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000771{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000772 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200773 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000774 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200775 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100776 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000777
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100778 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
779 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
780
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200781 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000782
Paul Bakker42a29bf2009-07-07 20:18:41 +0000783 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200784 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000785
Paul Bakker42a29bf2009-07-07 20:18:41 +0000786
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100787 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
788 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
789 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
790 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000791
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100792 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
793 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100794 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200795 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000796
Paul Bakker69998dd2009-07-11 19:15:20 +0000797 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000798
Azim Khand30ca132017-06-09 04:32:58 +0100799 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200800 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000801 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000802
Azim Khand30ca132017-06-09 04:32:58 +0100803 TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000804 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000805
Paul Bakkerbd51b262014-07-10 15:26:12 +0200806exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100807 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
808 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200809 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000810}
Paul Bakker33b43f12013-08-20 11:48:36 +0200811/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000812
Paul Bakker33b43f12013-08-20 11:48:36 +0200813/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100814void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100815 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100816 data_t * result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000817{
Paul Bakker821fb082009-07-12 13:26:42 +0000818 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200819 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000820
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100821 mbedtls_mpi N, E;
822
823 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200824 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
825 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000826 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000827
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100828 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
829 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000830
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100831 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
832 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200833 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000834
Paul Bakker821fb082009-07-12 13:26:42 +0000835
Azim Khand30ca132017-06-09 04:32:58 +0100836 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200837 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000838 {
Paul Bakker821fb082009-07-12 13:26:42 +0000839
Azim Khand30ca132017-06-09 04:32:58 +0100840 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000841 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100842
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100843 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200844 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200845 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200846 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100847
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200848 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100849
850 memset( output, 0x00, 1000 );
Azim Khand30ca132017-06-09 04:32:58 +0100851 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100852 if( result == 0 )
853 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100854
Azim Khand30ca132017-06-09 04:32:58 +0100855 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100856 }
857
Paul Bakkerbd51b262014-07-10 15:26:12 +0200858exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100859 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200860 mbedtls_rsa_free( &ctx );
861 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000862}
Paul Bakker33b43f12013-08-20 11:48:36 +0200863/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000864
Paul Bakker33b43f12013-08-20 11:48:36 +0200865/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100866void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100867 char * input_P, int radix_Q, char * input_Q,
868 int radix_N, char * input_N, int radix_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100869 char * input_E, data_t * result_hex_str,
Azim Khand30ca132017-06-09 04:32:58 +0100870 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000871{
Paul Bakker821fb082009-07-12 13:26:42 +0000872 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200873 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100874 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200875 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200876 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000877
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100878 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
879 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200880 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
881 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000882
Paul Bakker548957d2013-08-30 10:30:02 +0200883 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000884
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100885 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
886 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
887 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
888 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000889
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100890 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
891 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100892 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200893 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000894
Paul Bakker821fb082009-07-12 13:26:42 +0000895
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200896 /* repeat three times to test updating of blinding values */
897 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000898 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200899 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200900 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100901 message_str->x, output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200902 if( result == 0 )
903 {
Paul Bakker821fb082009-07-12 13:26:42 +0000904
Azim Khand30ca132017-06-09 04:32:58 +0100905 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200906 }
Paul Bakker821fb082009-07-12 13:26:42 +0000907 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000908
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100909 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200910 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200911 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200912 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100913
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200914 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100915
916 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200917 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100918 message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100919 if( result == 0 )
920 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100921
Azim Khand30ca132017-06-09 04:32:58 +0100922 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100923 }
924
Paul Bakkerbd51b262014-07-10 15:26:12 +0200925exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100926 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
927 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
928
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200929 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000930}
Paul Bakker33b43f12013-08-20 11:48:36 +0200931/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000932
Paul Bakker33b43f12013-08-20 11:48:36 +0200933/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100934void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000935{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200936 mbedtls_rsa_context ctx;
937 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000938
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200939 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000940}
Paul Bakker33b43f12013-08-20 11:48:36 +0200941/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000942
Paul Bakker33b43f12013-08-20 11:48:36 +0200943/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100944void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
945 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000946{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200947 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100948 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000949
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100950 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200951 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000952
Paul Bakker33b43f12013-08-20 11:48:36 +0200953 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000954 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100955 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000956 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200957 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000958 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100959 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000960 }
961
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100962 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200963 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100964
Paul Bakkerbd51b262014-07-10 15:26:12 +0200965exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100966 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200967 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000968}
Paul Bakker33b43f12013-08-20 11:48:36 +0200969/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000970
Paul Bakker33b43f12013-08-20 11:48:36 +0200971/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100972void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
973 int radix_Q, char * input_Q, int radix_N,
974 char * input_N, int radix_E, char * input_E,
975 int radix_D, char * input_D, int radix_DP,
976 char * input_DP, int radix_DQ,
977 char * input_DQ, int radix_QP,
978 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000979{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200980 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000981
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200982 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000983
Paul Bakker33b43f12013-08-20 11:48:36 +0200984 ctx.len = mod / 8;
985 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000986 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200987 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000988 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200989 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000990 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200991 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000992 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200993 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000994 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200995 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000996 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200997 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000998 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200999 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +00001000 }
Paul Bakker33b43f12013-08-20 11:48:36 +02001001 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +00001002 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001003 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +00001004 }
Hanno Becker131134f2017-08-23 08:31:07 +01001005#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +02001006 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +00001007 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001008 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +00001009 }
Paul Bakker33b43f12013-08-20 11:48:36 +02001010 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +00001011 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001012 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +00001013 }
Paul Bakker33b43f12013-08-20 11:48:36 +02001014 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +00001015 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001016 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +00001017 }
Hanno Becker131134f2017-08-23 08:31:07 +01001018#else
1019 ((void) radix_DP); ((void) input_DP);
1020 ((void) radix_DQ); ((void) input_DQ);
1021 ((void) radix_QP); ((void) input_QP);
1022#endif
Paul Bakker821fb082009-07-12 13:26:42 +00001023
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001024 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +01001025
Paul Bakkerbd51b262014-07-10 15:26:12 +02001026exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001027 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +00001028}
Paul Bakker33b43f12013-08-20 11:48:36 +02001029/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +00001030
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001031/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +01001032void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
1033 int radix_Epub, char * input_Epub, int radix_P,
1034 char * input_P, int radix_Q, char * input_Q,
1035 int radix_N, char * input_N, int radix_E,
1036 char * input_E, int radix_D, char * input_D,
1037 int radix_DP, char * input_DP, int radix_DQ,
1038 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001039 int result )
1040{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001041 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001042
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001043 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
1044 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001045
1046 pub.len = mod / 8;
1047 prv.len = mod / 8;
1048
1049 if( strlen( input_Npub ) )
1050 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001051 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001052 }
1053 if( strlen( input_Epub ) )
1054 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001055 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001056 }
1057
1058 if( strlen( input_P ) )
1059 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001060 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001061 }
1062 if( strlen( input_Q ) )
1063 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001064 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001065 }
1066 if( strlen( input_N ) )
1067 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001068 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001069 }
1070 if( strlen( input_E ) )
1071 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001072 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001073 }
1074 if( strlen( input_D ) )
1075 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001076 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001077 }
Hanno Becker131134f2017-08-23 08:31:07 +01001078#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001079 if( strlen( input_DP ) )
1080 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001081 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001082 }
1083 if( strlen( input_DQ ) )
1084 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001085 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001086 }
1087 if( strlen( input_QP ) )
1088 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001089 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001090 }
Hanno Becker131134f2017-08-23 08:31:07 +01001091#else
1092 ((void) radix_DP); ((void) input_DP);
1093 ((void) radix_DQ); ((void) input_DQ);
1094 ((void) radix_QP); ((void) input_QP);
1095#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001096
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001097 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001098
1099exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001100 mbedtls_rsa_free( &pub );
1101 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +01001102}
1103/* END_CASE */
1104
Hanno Beckerd4a872e2017-09-07 08:09:33 +01001105/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001106void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +00001107{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001108 mbedtls_rsa_context ctx;
1109 mbedtls_entropy_context entropy;
1110 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +02001111 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +00001112
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +02001113 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001114 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +01001115 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +00001116
Hanno Beckera47023e2017-12-22 17:08:03 +00001117 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1118 &entropy, (const unsigned char *) pers,
1119 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +00001120
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001121 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +02001122 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +00001123 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001124 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +01001125 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +00001126 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +01001127
Paul Bakkerbd51b262014-07-10 15:26:12 +02001128exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001129 mbedtls_rsa_free( &ctx );
1130 mbedtls_ctr_drbg_free( &ctr_drbg );
1131 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +00001132}
Paul Bakker33b43f12013-08-20 11:48:36 +02001133/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +00001134
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001135/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +01001136void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001137 int radix_D, char *input_D,
1138 int radix_E, char *input_E,
1139 int radix_P, char *output_P,
1140 int radix_Q, char *output_Q,
1141 int corrupt, int result )
1142{
1143 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
1144
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001145 mbedtls_mpi_init( &N );
1146 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1147 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
1148 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1149
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001150 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1151 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1152 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1153 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
1154 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
1155
1156 if( corrupt )
1157 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
1158
1159 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +01001160 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001161
1162 if( !corrupt )
1163 {
1164 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
1165 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
1166 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
1167 }
1168
1169exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001170 mbedtls_mpi_free( &N );
1171 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1172 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
1173 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +01001174}
1175/* END_CASE */
1176
Hanno Becker6b4ce492017-08-23 11:00:21 +01001177/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +01001178void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
1179 int radix_Q, char *input_Q,
1180 int radix_E, char *input_E,
1181 int radix_D, char *output_D,
1182 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +01001183{
1184 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
1185
1186 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1187 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
1188 mbedtls_mpi_init( &E );
1189 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
1190
1191 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1192 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1193 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1194 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
1195
1196 if( corrupt )
1197 {
1198 /* Make E even */
1199 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
1200 }
1201
1202 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +01001203 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
1204 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +01001205
1206 if( !corrupt )
1207 {
1208 /*
1209 * Check that D and Dp agree modulo LCM(P-1, Q-1).
1210 */
1211
1212 /* Replace P,Q by P-1, Q-1 */
1213 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
1214 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
1215
1216 /* Check D == Dp modulo P-1 */
1217 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
1218 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
1219 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
1220
1221 /* Check D == Dp modulo Q-1 */
1222 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
1223 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
1224 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
1225 }
1226
1227exit:
1228
1229 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1230 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
1231 mbedtls_mpi_free( &E );
1232 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
1233}
1234/* END_CASE */
1235
Hanno Beckerf40cdf92017-12-22 11:03:27 +00001236/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +01001237void mbedtls_rsa_import( int radix_N, char *input_N,
1238 int radix_P, char *input_P,
1239 int radix_Q, char *input_Q,
1240 int radix_D, char *input_D,
1241 int radix_E, char *input_E,
1242 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +01001243 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +01001244 int res_check,
1245 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001246{
1247 mbedtls_mpi N, P, Q, D, E;
1248 mbedtls_rsa_context ctx;
1249
Hanno Beckere1582a82017-09-29 11:51:05 +01001250 /* Buffers used for encryption-decryption test */
1251 unsigned char *buf_orig = NULL;
1252 unsigned char *buf_enc = NULL;
1253 unsigned char *buf_dec = NULL;
1254
Hanno Beckerc77ab892017-08-23 11:01:06 +01001255 mbedtls_entropy_context entropy;
1256 mbedtls_ctr_drbg_context ctr_drbg;
1257 const char *pers = "test_suite_rsa";
1258
Hanno Becker4d6e8342017-09-29 11:50:18 +01001259 const int have_N = ( strlen( input_N ) > 0 );
1260 const int have_P = ( strlen( input_P ) > 0 );
1261 const int have_Q = ( strlen( input_Q ) > 0 );
1262 const int have_D = ( strlen( input_D ) > 0 );
1263 const int have_E = ( strlen( input_E ) > 0 );
1264
Hanno Beckerc77ab892017-08-23 11:01:06 +01001265 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001266 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001267 mbedtls_rsa_init( &ctx, 0, 0 );
1268
1269 mbedtls_mpi_init( &N );
1270 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1271 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1272
Hanno Beckerd4d60572018-01-10 07:12:01 +00001273 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
1274 (const unsigned char *) pers, strlen( pers ) ) == 0 );
1275
Hanno Becker4d6e8342017-09-29 11:50:18 +01001276 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001277 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1278
Hanno Becker4d6e8342017-09-29 11:50:18 +01001279 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001280 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1281
Hanno Becker4d6e8342017-09-29 11:50:18 +01001282 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001283 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1284
Hanno Becker4d6e8342017-09-29 11:50:18 +01001285 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001286 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1287
Hanno Becker4d6e8342017-09-29 11:50:18 +01001288 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001289 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1290
1291 if( !successive )
1292 {
1293 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001294 have_N ? &N : NULL,
1295 have_P ? &P : NULL,
1296 have_Q ? &Q : NULL,
1297 have_D ? &D : NULL,
1298 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001299 }
1300 else
1301 {
1302 /* Import N, P, Q, D, E separately.
1303 * This should make no functional difference. */
1304
1305 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001306 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001307 NULL, NULL, NULL, NULL ) == 0 );
1308
1309 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1310 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001311 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001312 NULL, NULL, NULL ) == 0 );
1313
1314 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1315 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001316 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001317 NULL, NULL ) == 0 );
1318
1319 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1320 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001321 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001322 NULL ) == 0 );
1323
1324 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1325 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +01001326 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001327 }
1328
Hanno Becker04877a42017-10-11 10:01:33 +01001329 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001330
Hanno Beckere1582a82017-09-29 11:51:05 +01001331 /* On expected success, perform some public and private
1332 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +01001333 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +01001334 {
Hanno Beckere1582a82017-09-29 11:51:05 +01001335 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +01001336 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1337 else
1338 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1339
1340 if( res_check != 0 )
1341 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +01001342
1343 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1344 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1345 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1346 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1347 goto exit;
1348
1349 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1350 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1351
1352 /* Make sure the number we're generating is smaller than the modulus */
1353 buf_orig[0] = 0x00;
1354
1355 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1356
1357 if( is_priv )
1358 {
1359 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1360 &ctr_drbg, buf_enc,
1361 buf_dec ) == 0 );
1362
1363 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1364 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1365 }
1366 }
1367
Hanno Beckerc77ab892017-08-23 11:01:06 +01001368exit:
1369
Hanno Beckere1582a82017-09-29 11:51:05 +01001370 mbedtls_free( buf_orig );
1371 mbedtls_free( buf_enc );
1372 mbedtls_free( buf_dec );
1373
Hanno Beckerc77ab892017-08-23 11:01:06 +01001374 mbedtls_rsa_free( &ctx );
1375
1376 mbedtls_ctr_drbg_free( &ctr_drbg );
1377 mbedtls_entropy_free( &entropy );
1378
1379 mbedtls_mpi_free( &N );
1380 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1381 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1382}
1383/* END_CASE */
1384
Hanno Becker417f2d62017-08-23 11:44:51 +01001385/* BEGIN_CASE */
1386void mbedtls_rsa_export( int radix_N, char *input_N,
1387 int radix_P, char *input_P,
1388 int radix_Q, char *input_Q,
1389 int radix_D, char *input_D,
1390 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +01001391 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +01001392 int successive )
1393{
1394 /* Original MPI's with which we set up the RSA context */
1395 mbedtls_mpi N, P, Q, D, E;
1396
1397 /* Exported MPI's */
1398 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1399
1400 const int have_N = ( strlen( input_N ) > 0 );
1401 const int have_P = ( strlen( input_P ) > 0 );
1402 const int have_Q = ( strlen( input_Q ) > 0 );
1403 const int have_D = ( strlen( input_D ) > 0 );
1404 const int have_E = ( strlen( input_E ) > 0 );
1405
Hanno Becker417f2d62017-08-23 11:44:51 +01001406 mbedtls_rsa_context ctx;
1407
1408 mbedtls_rsa_init( &ctx, 0, 0 );
1409
1410 mbedtls_mpi_init( &N );
1411 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1412 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1413
1414 mbedtls_mpi_init( &Ne );
1415 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1416 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1417
1418 /* Setup RSA context */
1419
1420 if( have_N )
1421 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1422
1423 if( have_P )
1424 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1425
1426 if( have_Q )
1427 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1428
1429 if( have_D )
1430 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1431
1432 if( have_E )
1433 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1434
1435 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1436 strlen( input_N ) ? &N : NULL,
1437 strlen( input_P ) ? &P : NULL,
1438 strlen( input_Q ) ? &Q : NULL,
1439 strlen( input_D ) ? &D : NULL,
1440 strlen( input_E ) ? &E : NULL ) == 0 );
1441
Hanno Becker7f25f852017-10-10 16:56:22 +01001442 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +01001443
1444 /*
1445 * Export parameters and compare to original ones.
1446 */
1447
1448 /* N and E must always be present. */
1449 if( !successive )
1450 {
1451 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1452 }
1453 else
1454 {
1455 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1456 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1457 }
1458 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1459 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1460
1461 /* If we were providing enough information to setup a complete private context,
1462 * we expect to be able to export all core parameters. */
1463
1464 if( is_priv )
1465 {
1466 if( !successive )
1467 {
1468 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1469 &De, NULL ) == 0 );
1470 }
1471 else
1472 {
1473 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1474 NULL, NULL ) == 0 );
1475 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1476 NULL, NULL ) == 0 );
1477 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1478 &De, NULL ) == 0 );
1479 }
1480
1481 if( have_P )
1482 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1483
1484 if( have_Q )
1485 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1486
1487 if( have_D )
1488 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1489
1490 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +01001491 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1492 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +01001493 }
1494
1495exit:
1496
1497 mbedtls_rsa_free( &ctx );
1498
1499 mbedtls_mpi_free( &N );
1500 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1501 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1502
1503 mbedtls_mpi_free( &Ne );
1504 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1505 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1506}
1507/* END_CASE */
1508
Hanno Beckerf40cdf92017-12-22 11:03:27 +00001509/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Becker750e8b42017-08-25 07:54:27 +01001510void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1511 int radix_P, char *input_P,
1512 int radix_Q, char *input_Q,
1513 int radix_D, char *input_D,
1514 int radix_E, char *input_E,
1515 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +01001516{
1517 /* Original MPI's with which we set up the RSA context */
1518 mbedtls_mpi N, P, Q, D, E;
1519
1520 const int have_N = ( strlen( input_N ) > 0 );
1521 const int have_P = ( strlen( input_P ) > 0 );
1522 const int have_Q = ( strlen( input_Q ) > 0 );
1523 const int have_D = ( strlen( input_D ) > 0 );
1524 const int have_E = ( strlen( input_E ) > 0 );
1525
1526 mbedtls_entropy_context entropy;
1527 mbedtls_ctr_drbg_context ctr_drbg;
1528 const char *pers = "test_suite_rsa";
1529
1530 mbedtls_mpi_init( &N );
1531 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1532 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1533
1534 mbedtls_ctr_drbg_init( &ctr_drbg );
1535 mbedtls_entropy_init( &entropy );
1536 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1537 &entropy, (const unsigned char *) pers,
1538 strlen( pers ) ) == 0 );
1539
1540 if( have_N )
1541 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1542
1543 if( have_P )
1544 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1545
1546 if( have_Q )
1547 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1548
1549 if( have_D )
1550 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1551
1552 if( have_E )
1553 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1554
Hanno Becker750e8b42017-08-25 07:54:27 +01001555 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1556 have_P ? &P : NULL,
1557 have_Q ? &Q : NULL,
1558 have_D ? &D : NULL,
1559 have_E ? &E : NULL,
1560 prng ? mbedtls_ctr_drbg_random : NULL,
1561 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +01001562exit:
1563
1564 mbedtls_ctr_drbg_free( &ctr_drbg );
1565 mbedtls_entropy_free( &entropy );
1566
1567 mbedtls_mpi_free( &N );
1568 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1569 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1570}
1571/* END_CASE */
1572
Hanno Beckerc77ab892017-08-23 11:01:06 +01001573/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khan5fcca462018-06-29 11:05:32 +01001574void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1575 data_t *input_Q, data_t *input_D,
1576 data_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +01001577 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001578{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001579 /* Exported buffers */
Azim Khand30ca132017-06-09 04:32:58 +01001580 unsigned char bufNe[1000];
1581 unsigned char bufPe[1000];
1582 unsigned char bufQe[1000];
1583 unsigned char bufDe[1000];
1584 unsigned char bufEe[1000];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001585
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001586 mbedtls_rsa_context ctx;
1587
1588 mbedtls_rsa_init( &ctx, 0, 0 );
1589
1590 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001591 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +01001592 input_N->len ? input_N->x : NULL, input_N->len,
1593 input_P->len ? input_P->x : NULL, input_P->len,
1594 input_Q->len ? input_Q->x : NULL, input_Q->len,
1595 input_D->len ? input_D->x : NULL, input_D->len,
1596 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001597
Hanno Becker7f25f852017-10-10 16:56:22 +01001598 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001599
1600 /*
1601 * Export parameters and compare to original ones.
1602 */
1603
1604 /* N and E must always be present. */
1605 if( !successive )
1606 {
Azim Khand30ca132017-06-09 04:32:58 +01001607 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001608 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001609 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001610 }
1611 else
1612 {
Azim Khand30ca132017-06-09 04:32:58 +01001613 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001614 NULL, 0, NULL, 0, NULL, 0,
1615 NULL, 0 ) == 0 );
1616 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1617 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001618 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001619 }
Azim Khand30ca132017-06-09 04:32:58 +01001620 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1621 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001622
1623 /* If we were providing enough information to setup a complete private context,
1624 * we expect to be able to export all core parameters. */
1625
1626 if( is_priv )
1627 {
1628 if( !successive )
1629 {
1630 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001631 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1632 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1633 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001634 NULL, 0 ) == 0 );
1635 }
1636 else
1637 {
1638 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001639 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001640 NULL, 0, NULL, 0,
1641 NULL, 0 ) == 0 );
1642
1643 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001644 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001645 NULL, 0, NULL, 0 ) == 0 );
1646
Azim Khand30ca132017-06-09 04:32:58 +01001647 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1648 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001649 NULL, 0 ) == 0 );
1650 }
1651
Azim Khand30ca132017-06-09 04:32:58 +01001652 if( input_P->len )
1653 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001654
Azim Khand30ca132017-06-09 04:32:58 +01001655 if( input_Q->len )
1656 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001657
Azim Khand30ca132017-06-09 04:32:58 +01001658 if( input_D->len )
1659 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001660
1661 }
1662
1663exit:
1664 mbedtls_rsa_free( &ctx );
1665}
1666/* END_CASE */
1667
Hanno Beckerf40cdf92017-12-22 11:03:27 +00001668/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khan5fcca462018-06-29 11:05:32 +01001669void mbedtls_rsa_import_raw( data_t *input_N,
1670 data_t *input_P, data_t *input_Q,
1671 data_t *input_D, data_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001672 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +01001673 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +01001674 int res_check,
1675 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001676{
Hanno Beckere1582a82017-09-29 11:51:05 +01001677 /* Buffers used for encryption-decryption test */
1678 unsigned char *buf_orig = NULL;
1679 unsigned char *buf_enc = NULL;
1680 unsigned char *buf_dec = NULL;
1681
Hanno Beckerc77ab892017-08-23 11:01:06 +01001682 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +01001683 mbedtls_entropy_context entropy;
1684 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +01001685
Hanno Beckerc77ab892017-08-23 11:01:06 +01001686 const char *pers = "test_suite_rsa";
1687
1688 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001689 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +01001690 mbedtls_rsa_init( &ctx, 0, 0 );
1691
Hanno Beckerc77ab892017-08-23 11:01:06 +01001692 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1693 &entropy, (const unsigned char *) pers,
1694 strlen( pers ) ) == 0 );
1695
Hanno Beckerc77ab892017-08-23 11:01:06 +01001696 if( !successive )
1697 {
1698 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +01001699 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1700 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1701 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1702 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1703 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001704 }
1705 else
1706 {
1707 /* Import N, P, Q, D, E separately.
1708 * This should make no functional difference. */
1709
1710 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +01001711 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001712 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1713
1714 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1715 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001716 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001717 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1718
1719 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1720 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001721 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001722 NULL, 0, NULL, 0 ) == 0 );
1723
1724 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1725 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001726 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +01001727 NULL, 0 ) == 0 );
1728
1729 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1730 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +01001731 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001732 }
1733
Hanno Becker04877a42017-10-11 10:01:33 +01001734 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001735
Hanno Beckere1582a82017-09-29 11:51:05 +01001736 /* On expected success, perform some public and private
1737 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +01001738 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +01001739 {
Hanno Beckere1582a82017-09-29 11:51:05 +01001740 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +01001741 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1742 else
1743 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1744
1745 if( res_check != 0 )
1746 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +01001747
1748 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1749 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1750 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1751 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1752 goto exit;
1753
1754 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1755 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1756
1757 /* Make sure the number we're generating is smaller than the modulus */
1758 buf_orig[0] = 0x00;
1759
1760 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1761
1762 if( is_priv )
1763 {
1764 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1765 &ctr_drbg, buf_enc,
1766 buf_dec ) == 0 );
1767
1768 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1769 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1770 }
1771 }
1772
Hanno Beckerc77ab892017-08-23 11:01:06 +01001773exit:
1774
Hanno Becker3f3ae852017-10-02 10:08:39 +01001775 mbedtls_free( buf_orig );
1776 mbedtls_free( buf_enc );
1777 mbedtls_free( buf_dec );
1778
Hanno Beckerc77ab892017-08-23 11:01:06 +01001779 mbedtls_rsa_free( &ctx );
1780
1781 mbedtls_ctr_drbg_free( &ctr_drbg );
1782 mbedtls_entropy_free( &entropy );
1783
1784}
1785/* END_CASE */
1786
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001787/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +01001788void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +00001789{
Andres AG93012e82016-09-09 09:10:28 +01001790 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +00001791}
Paul Bakker33b43f12013-08-20 11:48:36 +02001792/* END_CASE */