TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 62a5d7d65a7e902cab39671b0d615f4fd5d30288 / . / tests / suites / test_suite_rsa.function
blob: 83f735321aecf92959132de0ed0533eb2ef898b8 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +0100[diff] [blame]3#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]21void mbedtls_rsa_pkcs1_sign( HexParam_t * message_str, int padding_mode,
22 int digest, int mod, int radix_P, char * input_P,
23 int radix_Q, char * input_Q, int radix_N,
24 char * input_N, int radix_E, char * input_E,
25 HexParam_t * result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]26{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]27 unsigned char hash_result[1000];
28 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]29 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]30 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]31 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]32
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]33 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
34 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]35 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]36
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]37 memset( hash_result, 0x00, 1000 );
38 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]39 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]40
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]41 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
42 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
43 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
44 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]45
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]46 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
47 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]48 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]49 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]50
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]51
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]52 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]53 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]54
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]55 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
56 MBEDTLS_RSA_PRIVATE, digest, 0,
57 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]58 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]59 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]60
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]61 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]62 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]63
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]64exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]65 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
66 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]67 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]68}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]69/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]70
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]71/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]72void mbedtls_rsa_pkcs1_verify( HexParam_t * message_str, int padding_mode,
73 int digest, int mod, int radix_N,
74 char * input_N, int radix_E, char * input_E,
75 HexParam_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]76{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77 unsigned char hash_result[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]79
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]80 mbedtls_mpi N, E;
81
82 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]84 memset( hash_result, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]85
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]86 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
87 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
88 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
89 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]91
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]92
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]93 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]94 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]95
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]96 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]97
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]98exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]99 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]101}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]102/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]103
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]104
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]105/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]106void rsa_pkcs1_sign_raw( HexParam_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]107 int padding_mode, int mod, int radix_P,
108 char * input_P, int radix_Q, char * input_Q,
109 int radix_N, char * input_N, int radix_E,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]110 char * input_E, HexParam_t * result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]111{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]112 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]114 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]115 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]116
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]117 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]118 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
119 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]120
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]121 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]122 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]123
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]124 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
125 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
126 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
127 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]128
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]129 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
130 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]131 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]132 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]133
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]134
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]135 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
136 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]137 hash_result->len, hash_result->x,
138 output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]139
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]140
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]141 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]142
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]143#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]144 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]145 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]146 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]147 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]148 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]149
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]150 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]151 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]152 hash_result->len, hash_result->x, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]153
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]154#if !defined(MBEDTLS_RSA_ALT)
155 TEST_ASSERT( res == 0 );
156#else
157 TEST_ASSERT( ( res == 0 ) ||
158 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
159#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]160
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]161 if( res == 0 )
162 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]163 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]164 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]165 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]166#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]167
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]168exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]169 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
170 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
171
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]172 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]173}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]174/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]175
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]176/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]177void rsa_pkcs1_verify_raw( HexParam_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]178 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]179 char * input_N, int radix_E, char * input_E,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]180 HexParam_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]181{
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]182 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]183 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]184
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]185 mbedtls_mpi N, E;
186 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
187
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]188 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]189 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]190
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]191 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
192 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]193
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]194 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
195 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]198
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]199 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]200
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]201#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]202 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]203 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]204 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]205 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]206 int ok;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]207 size_t olen;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]208
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]209 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]211 &olen, result_str->x, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]212
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]213#if !defined(MBEDTLS_RSA_ALT)
214 TEST_ASSERT( res == 0 );
215#else
216 TEST_ASSERT( ( res == 0 ) ||
217 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
218#endif
219
220 if( res == 0 )
221 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]222 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]223 if( correct == 0 )
224 TEST_ASSERT( ok == 1 );
225 else
226 TEST_ASSERT( ok == 0 );
227 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]228 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]229#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]230
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]231exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]232 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]234}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]235/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]236
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]237/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]238void mbedtls_rsa_pkcs1_encrypt( HexParam_t * message_str, int padding_mode,
239 int mod, int radix_N, char * input_N,
240 int radix_E, char * input_E,
241 HexParam_t * result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]242{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]243 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]244 mbedtls_rsa_context ctx;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]245 rnd_pseudo_info rnd_info;
246
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]247 mbedtls_mpi N, E;
248 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
249
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]250 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]251
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]252 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]253 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]254
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]255 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
256 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]257
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]258 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
259 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]260 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]261
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]262
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]263 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]264 MBEDTLS_RSA_PUBLIC, message_str->len,
265 message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]266 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]267 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]268
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]269 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]270 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]271
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]272exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]273 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]274 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]275}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]276/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]277
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]278/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]279void rsa_pkcs1_encrypt_bad_rng( HexParam_t * message_str, int padding_mode,
280 int mod, int radix_N, char * input_N,
281 int radix_E, char * input_E,
282 HexParam_t * result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]283{
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]284 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]285 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]286
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]287 mbedtls_mpi N, E;
288
289 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]290 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]291 memset( output, 0x00, 1000 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]292
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]293 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
294 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]295
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]296 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
297 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]298 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]299
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]300
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]301 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]302 MBEDTLS_RSA_PUBLIC, message_str->len,
303 message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]304 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]305 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]306
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]307 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]308 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]309
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]310exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]311 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]312 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]313}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]314/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]315
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]316/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]317void mbedtls_rsa_pkcs1_decrypt( HexParam_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]318 int mod, int radix_P, char * input_P,
319 int radix_Q, char * input_Q, int radix_N,
320 char * input_N, int radix_E, char * input_E,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]321 int max_output, HexParam_t * result_hex_str,
322 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]323{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]324 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]325 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]326 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]327 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]328 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]329
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]330 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
331 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
332
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]333 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]334
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]335 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]336 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]337
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]338
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]339 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
340 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
341 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
342 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]343
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]344 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
345 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]346 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]347 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]348
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]349 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]350
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]351 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]352 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]353 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]354
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]355 TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]356 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]357
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]358exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]359 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
360 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]361 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]362}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]363/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]364
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]365/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]366void mbedtls_rsa_public( HexParam_t * message_str, int mod, int radix_N,
367 char * input_N, int radix_E, char * input_E,
368 HexParam_t * result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]369{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]370 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]372
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]373 mbedtls_mpi N, E;
374
375 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]376 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
377 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]378 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]379
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]380 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
381 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]382
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]383 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
384 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]385 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]386
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]387
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]388 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]389 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]390 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]391
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]392 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]393 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]394
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]395 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]396 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]397 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]398 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]399
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]400 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]401
402 memset( output, 0x00, 1000 );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]403 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]404 if( result == 0 )
405 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]406
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]407 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]408 }
409
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]410exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]411 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]412 mbedtls_rsa_free( &ctx );
413 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]414}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]415/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]416
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]417/* BEGIN_CASE */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]418void mbedtls_rsa_private( HexParam_t * message_str, int mod, int radix_P,
419 char * input_P, int radix_Q, char * input_Q,
420 int radix_N, char * input_N, int radix_E,
421 char * input_E, HexParam_t * result_hex_str,
422 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]423{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]424 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]426 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]427 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]428 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]429
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]430 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
431 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
433 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]434
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]435 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]436
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]437 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
438 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
439 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
440 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]441
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]442 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
443 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]444 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]446
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]447
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]448 /* repeat three times to test updating of blinding values */
449 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]450 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]451 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]453 message_str->x, output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]454 if( result == 0 )
455 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]456
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]457 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]458 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]459 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]460
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]461 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]462 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]463 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]464 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]465
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]466 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]467
468 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]470 message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]471 if( result == 0 )
472 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]473
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]474 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]475 }
476
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]477exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]478 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
479 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
480
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]482}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]483/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]484
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]485/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]486void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]487{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]488 mbedtls_rsa_context ctx;
489 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]490
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]491 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]492}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]493/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]494
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]495/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]496void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
497 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]498{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]499 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]500 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]501
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]502 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]503 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]504
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]505 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]506 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]507 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]508 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]509 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]510 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]511 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]512 }
513
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]514 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]515 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]516
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]517exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]518 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]519 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]520}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]521/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]522
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]523/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]524void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
525 int radix_Q, char * input_Q, int radix_N,
526 char * input_N, int radix_E, char * input_E,
527 int radix_D, char * input_D, int radix_DP,
528 char * input_DP, int radix_DQ,
529 char * input_DQ, int radix_QP,
530 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]531{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]532 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]533
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]535
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]536 ctx.len = mod / 8;
537 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]538 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]539 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]540 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]541 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]542 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]543 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]544 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]545 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]546 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]547 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]548 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]549 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]550 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]552 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]553 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]554 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]556 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]557#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]558 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]559 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]560 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]561 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]562 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]563 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]564 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]565 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]566 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]567 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]568 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]569 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]570#else
571 ((void) radix_DP); ((void) input_DP);
572 ((void) radix_DQ); ((void) input_DQ);
573 ((void) radix_QP); ((void) input_QP);
574#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]575
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]576 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]577
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]578exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]579 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]580}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]581/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]582
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]583/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]584void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
585 int radix_Epub, char * input_Epub, int radix_P,
586 char * input_P, int radix_Q, char * input_Q,
587 int radix_N, char * input_N, int radix_E,
588 char * input_E, int radix_D, char * input_D,
589 int radix_DP, char * input_DP, int radix_DQ,
590 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]591 int result )
592{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]593 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]594
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
596 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]597
598 pub.len = mod / 8;
599 prv.len = mod / 8;
600
601 if( strlen( input_Npub ) )
602 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]603 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]604 }
605 if( strlen( input_Epub ) )
606 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]608 }
609
610 if( strlen( input_P ) )
611 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]612 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]613 }
614 if( strlen( input_Q ) )
615 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]617 }
618 if( strlen( input_N ) )
619 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]620 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]621 }
622 if( strlen( input_E ) )
623 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]624 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]625 }
626 if( strlen( input_D ) )
627 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]628 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]629 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]630#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]631 if( strlen( input_DP ) )
632 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]634 }
635 if( strlen( input_DQ ) )
636 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]637 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]638 }
639 if( strlen( input_QP ) )
640 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]641 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]642 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]643#else
644 ((void) radix_DP); ((void) input_DP);
645 ((void) radix_DQ); ((void) input_DQ);
646 ((void) radix_QP); ((void) input_QP);
647#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]648
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]649 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]650
651exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]652 mbedtls_rsa_free( &pub );
653 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]654}
655/* END_CASE */
656
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]657/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]658void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]659{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]660 mbedtls_rsa_context ctx;
661 mbedtls_entropy_context entropy;
662 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]663 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]664
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]665 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]666 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]667 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]668
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]669 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
670 &entropy, (const unsigned char *) pers,
671 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]672
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]673 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]674 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]675 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]676 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]677 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]678 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]679
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]680exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]681 mbedtls_rsa_free( &ctx );
682 mbedtls_ctr_drbg_free( &ctr_drbg );
683 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]684}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]685/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]686
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]687/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]688void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]689 int radix_D, char *input_D,
690 int radix_E, char *input_E,
691 int radix_P, char *output_P,
692 int radix_Q, char *output_Q,
693 int corrupt, int result )
694{
695 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
696
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]697 mbedtls_mpi_init( &N );
698 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
699 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
700 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
701
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]702 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
703 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
704 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
705 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
706 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
707
708 if( corrupt )
709 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
710
711 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]712 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]713
714 if( !corrupt )
715 {
716 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
717 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
718 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
719 }
720
721exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]722 mbedtls_mpi_free( &N );
723 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
724 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
725 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]726}
727/* END_CASE */
728
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]729/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]730void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
731 int radix_Q, char *input_Q,
732 int radix_E, char *input_E,
733 int radix_D, char *output_D,
734 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]735{
736 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
737
738 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
739 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
740 mbedtls_mpi_init( &E );
741 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
742
743 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
744 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
745 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
746 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
747
748 if( corrupt )
749 {
750 /* Make E even */
751 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
752 }
753
754 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]755 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
756 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]757
758 if( !corrupt )
759 {
760 /*
761 * Check that D and Dp agree modulo LCM(P-1, Q-1).
762 */
763
764 /* Replace P,Q by P-1, Q-1 */
765 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
766 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
767
768 /* Check D == Dp modulo P-1 */
769 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
770 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
771 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
772
773 /* Check D == Dp modulo Q-1 */
774 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
775 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
776 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
777 }
778
779exit:
780
781 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
782 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
783 mbedtls_mpi_free( &E );
784 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
785}
786/* END_CASE */
787
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]788/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]789void mbedtls_rsa_import( int radix_N, char *input_N,
790 int radix_P, char *input_P,
791 int radix_Q, char *input_Q,
792 int radix_D, char *input_D,
793 int radix_E, char *input_E,
794 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]795 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]796 int res_check,
797 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]798{
799 mbedtls_mpi N, P, Q, D, E;
800 mbedtls_rsa_context ctx;
801
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]802 /* Buffers used for encryption-decryption test */
803 unsigned char *buf_orig = NULL;
804 unsigned char *buf_enc = NULL;
805 unsigned char *buf_dec = NULL;
806
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]807 mbedtls_entropy_context entropy;
808 mbedtls_ctr_drbg_context ctr_drbg;
809 const char *pers = "test_suite_rsa";
810
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]811 const int have_N = ( strlen( input_N ) > 0 );
812 const int have_P = ( strlen( input_P ) > 0 );
813 const int have_Q = ( strlen( input_Q ) > 0 );
814 const int have_D = ( strlen( input_D ) > 0 );
815 const int have_E = ( strlen( input_E ) > 0 );
816
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]817 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]818 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]819 mbedtls_rsa_init( &ctx, 0, 0 );
820
821 mbedtls_mpi_init( &N );
822 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
823 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
824
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]825 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
826 (const unsigned char *) pers, strlen( pers ) ) == 0 );
827
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]828 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]829 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
830
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]831 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]832 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
833
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]834 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]835 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
836
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]837 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]838 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
839
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]840 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]841 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
842
843 if( !successive )
844 {
845 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]846 have_N ? &N : NULL,
847 have_P ? &P : NULL,
848 have_Q ? &Q : NULL,
849 have_D ? &D : NULL,
850 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]851 }
852 else
853 {
854 /* Import N, P, Q, D, E separately.
855 * This should make no functional difference. */
856
857 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]858 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]859 NULL, NULL, NULL, NULL ) == 0 );
860
861 TEST_ASSERT( mbedtls_rsa_import( &ctx,
862 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]863 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]864 NULL, NULL, NULL ) == 0 );
865
866 TEST_ASSERT( mbedtls_rsa_import( &ctx,
867 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]868 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]869 NULL, NULL ) == 0 );
870
871 TEST_ASSERT( mbedtls_rsa_import( &ctx,
872 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]873 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]874 NULL ) == 0 );
875
876 TEST_ASSERT( mbedtls_rsa_import( &ctx,
877 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]878 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]879 }
880
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]881 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]882
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]883 /* On expected success, perform some public and private
884 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]885 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]886 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]887 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]888 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
889 else
890 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
891
892 if( res_check != 0 )
893 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]894
895 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
896 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
897 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
898 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
899 goto exit;
900
901 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
902 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
903
904 /* Make sure the number we're generating is smaller than the modulus */
905 buf_orig[0] = 0x00;
906
907 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
908
909 if( is_priv )
910 {
911 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
912 &ctr_drbg, buf_enc,
913 buf_dec ) == 0 );
914
915 TEST_ASSERT( memcmp( buf_orig, buf_dec,
916 mbedtls_rsa_get_len( &ctx ) ) == 0 );
917 }
918 }
919
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]920exit:
921
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]922 mbedtls_free( buf_orig );
923 mbedtls_free( buf_enc );
924 mbedtls_free( buf_dec );
925
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]926 mbedtls_rsa_free( &ctx );
927
928 mbedtls_ctr_drbg_free( &ctr_drbg );
929 mbedtls_entropy_free( &entropy );
930
931 mbedtls_mpi_free( &N );
932 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
933 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
934}
935/* END_CASE */
936
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]937/* BEGIN_CASE */
938void mbedtls_rsa_export( int radix_N, char *input_N,
939 int radix_P, char *input_P,
940 int radix_Q, char *input_Q,
941 int radix_D, char *input_D,
942 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]943 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]944 int successive )
945{
946 /* Original MPI's with which we set up the RSA context */
947 mbedtls_mpi N, P, Q, D, E;
948
949 /* Exported MPI's */
950 mbedtls_mpi Ne, Pe, Qe, De, Ee;
951
952 const int have_N = ( strlen( input_N ) > 0 );
953 const int have_P = ( strlen( input_P ) > 0 );
954 const int have_Q = ( strlen( input_Q ) > 0 );
955 const int have_D = ( strlen( input_D ) > 0 );
956 const int have_E = ( strlen( input_E ) > 0 );
957
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]958 mbedtls_rsa_context ctx;
959
960 mbedtls_rsa_init( &ctx, 0, 0 );
961
962 mbedtls_mpi_init( &N );
963 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
964 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
965
966 mbedtls_mpi_init( &Ne );
967 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
968 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
969
970 /* Setup RSA context */
971
972 if( have_N )
973 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
974
975 if( have_P )
976 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
977
978 if( have_Q )
979 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
980
981 if( have_D )
982 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
983
984 if( have_E )
985 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
986
987 TEST_ASSERT( mbedtls_rsa_import( &ctx,
988 strlen( input_N ) ? &N : NULL,
989 strlen( input_P ) ? &P : NULL,
990 strlen( input_Q ) ? &Q : NULL,
991 strlen( input_D ) ? &D : NULL,
992 strlen( input_E ) ? &E : NULL ) == 0 );
993
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]994 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]995
996 /*
997 * Export parameters and compare to original ones.
998 */
999
1000 /* N and E must always be present. */
1001 if( !successive )
1002 {
1003 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1004 }
1005 else
1006 {
1007 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1008 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1009 }
1010 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1011 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1012
1013 /* If we were providing enough information to setup a complete private context,
1014 * we expect to be able to export all core parameters. */
1015
1016 if( is_priv )
1017 {
1018 if( !successive )
1019 {
1020 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1021 &De, NULL ) == 0 );
1022 }
1023 else
1024 {
1025 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1026 NULL, NULL ) == 0 );
1027 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1028 NULL, NULL ) == 0 );
1029 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1030 &De, NULL ) == 0 );
1031 }
1032
1033 if( have_P )
1034 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1035
1036 if( have_Q )
1037 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1038
1039 if( have_D )
1040 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1041
1042 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1043 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1044 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1045 }
1046
1047exit:
1048
1049 mbedtls_rsa_free( &ctx );
1050
1051 mbedtls_mpi_free( &N );
1052 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1053 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1054
1055 mbedtls_mpi_free( &Ne );
1056 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1057 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1058}
1059/* END_CASE */
1060
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1061/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1062void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1063 int radix_P, char *input_P,
1064 int radix_Q, char *input_Q,
1065 int radix_D, char *input_D,
1066 int radix_E, char *input_E,
1067 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1068{
1069 /* Original MPI's with which we set up the RSA context */
1070 mbedtls_mpi N, P, Q, D, E;
1071
1072 const int have_N = ( strlen( input_N ) > 0 );
1073 const int have_P = ( strlen( input_P ) > 0 );
1074 const int have_Q = ( strlen( input_Q ) > 0 );
1075 const int have_D = ( strlen( input_D ) > 0 );
1076 const int have_E = ( strlen( input_E ) > 0 );
1077
1078 mbedtls_entropy_context entropy;
1079 mbedtls_ctr_drbg_context ctr_drbg;
1080 const char *pers = "test_suite_rsa";
1081
1082 mbedtls_mpi_init( &N );
1083 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1084 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1085
1086 mbedtls_ctr_drbg_init( &ctr_drbg );
1087 mbedtls_entropy_init( &entropy );
1088 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1089 &entropy, (const unsigned char *) pers,
1090 strlen( pers ) ) == 0 );
1091
1092 if( have_N )
1093 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1094
1095 if( have_P )
1096 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1097
1098 if( have_Q )
1099 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1100
1101 if( have_D )
1102 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1103
1104 if( have_E )
1105 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1106
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1107 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1108 have_P ? &P : NULL,
1109 have_Q ? &Q : NULL,
1110 have_D ? &D : NULL,
1111 have_E ? &E : NULL,
1112 prng ? mbedtls_ctr_drbg_random : NULL,
1113 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1114exit:
1115
1116 mbedtls_ctr_drbg_free( &ctr_drbg );
1117 mbedtls_entropy_free( &entropy );
1118
1119 mbedtls_mpi_free( &N );
1120 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1121 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1122}
1123/* END_CASE */
1124
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1125/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1126void mbedtls_rsa_export_raw( HexParam_t *input_N, HexParam_t *input_P,
1127 HexParam_t *input_Q, HexParam_t *input_D,
1128 HexParam_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1129 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1130{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1131 /* Exported buffers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1132 unsigned char bufNe[1000];
1133 unsigned char bufPe[1000];
1134 unsigned char bufQe[1000];
1135 unsigned char bufDe[1000];
1136 unsigned char bufEe[1000];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1137
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1138 mbedtls_rsa_context ctx;
1139
1140 mbedtls_rsa_init( &ctx, 0, 0 );
1141
1142 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1143 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1144 input_N->len ? input_N->x : NULL, input_N->len,
1145 input_P->len ? input_P->x : NULL, input_P->len,
1146 input_Q->len ? input_Q->x : NULL, input_Q->len,
1147 input_D->len ? input_D->x : NULL, input_D->len,
1148 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1149
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1150 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1151
1152 /*
1153 * Export parameters and compare to original ones.
1154 */
1155
1156 /* N and E must always be present. */
1157 if( !successive )
1158 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1159 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1160 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1161 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1162 }
1163 else
1164 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1165 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1166 NULL, 0, NULL, 0, NULL, 0,
1167 NULL, 0 ) == 0 );
1168 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1169 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1170 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1171 }
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1172 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1173 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1174
1175 /* If we were providing enough information to setup a complete private context,
1176 * we expect to be able to export all core parameters. */
1177
1178 if( is_priv )
1179 {
1180 if( !successive )
1181 {
1182 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1183 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1184 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1185 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1186 NULL, 0 ) == 0 );
1187 }
1188 else
1189 {
1190 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1191 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1192 NULL, 0, NULL, 0,
1193 NULL, 0 ) == 0 );
1194
1195 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1196 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1197 NULL, 0, NULL, 0 ) == 0 );
1198
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1199 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1200 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1201 NULL, 0 ) == 0 );
1202 }
1203
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1204 if( input_P->len )
1205 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1206
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1207 if( input_Q->len )
1208 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1209
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1210 if( input_D->len )
1211 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1212
1213 }
1214
1215exit:
1216 mbedtls_rsa_free( &ctx );
1217}
1218/* END_CASE */
1219
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1220/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1221void mbedtls_rsa_import_raw( HexParam_t *input_N,
1222 HexParam_t *input_P, HexParam_t *input_Q,
1223 HexParam_t *input_D, HexParam_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1224 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1225 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1226 int res_check,
1227 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1228{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1229 /* Buffers used for encryption-decryption test */
1230 unsigned char *buf_orig = NULL;
1231 unsigned char *buf_enc = NULL;
1232 unsigned char *buf_dec = NULL;
1233
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1234 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1235 mbedtls_entropy_context entropy;
1236 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1237
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1238 const char *pers = "test_suite_rsa";
1239
1240 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1241 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1242 mbedtls_rsa_init( &ctx, 0, 0 );
1243
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1244 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1245 &entropy, (const unsigned char *) pers,
1246 strlen( pers ) ) == 0 );
1247
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1248 if( !successive )
1249 {
1250 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1251 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1252 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1253 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1254 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1255 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1256 }
1257 else
1258 {
1259 /* Import N, P, Q, D, E separately.
1260 * This should make no functional difference. */
1261
1262 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1263 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1264 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1265
1266 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1267 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1268 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1269 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1270
1271 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1272 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1273 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1274 NULL, 0, NULL, 0 ) == 0 );
1275
1276 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1277 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1278 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1279 NULL, 0 ) == 0 );
1280
1281 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1282 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1283 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1284 }
1285
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1286 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1287
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1288 /* On expected success, perform some public and private
1289 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1290 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1291 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1292 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1293 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1294 else
1295 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1296
1297 if( res_check != 0 )
1298 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1299
1300 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1301 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1302 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1303 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1304 goto exit;
1305
1306 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1307 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1308
1309 /* Make sure the number we're generating is smaller than the modulus */
1310 buf_orig[0] = 0x00;
1311
1312 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1313
1314 if( is_priv )
1315 {
1316 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1317 &ctr_drbg, buf_enc,
1318 buf_dec ) == 0 );
1319
1320 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1321 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1322 }
1323 }
1324
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1325exit:
1326
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1327 mbedtls_free( buf_orig );
1328 mbedtls_free( buf_enc );
1329 mbedtls_free( buf_dec );
1330
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1331 mbedtls_rsa_free( &ctx );
1332
1333 mbedtls_ctr_drbg_free( &ctr_drbg );
1334 mbedtls_entropy_free( &entropy );
1335
1336}
1337/* END_CASE */
1338
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1339/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1340void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1341{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1342 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1343}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1344/* END_CASE */