blob: 352169c240cb15805f16b71d5f0f0f81c0b0a1a1 [file] [log] [blame]
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +02001/* BEGIN_HEADER */
2#include <polarssl/pk.h>
3
4static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
5
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +02006#define RSA_KEY_SIZE 512
7#define RSA_KEY_LEN 64
8
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +02009static int pk_genkey( pk_context *pk )
10{
Paul Bakkera5320902013-12-19 17:29:52 +010011 ((void) pk);
12
13#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +020014 if( pk_get_type( pk ) == POLARSSL_PK_RSA )
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +020015 return rsa_gen_key( pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +020016#endif
17#if defined(POLARSSL_ECP_C)
18 if( pk_get_type( pk ) == POLARSSL_PK_ECKEY ||
19 pk_get_type( pk ) == POLARSSL_PK_ECKEY_DH ||
20 pk_get_type( pk ) == POLARSSL_PK_ECDSA )
21 {
22 int ret;
23 if( ( ret = ecp_use_known_dp( &pk_ec( *pk )->grp,
24 POLARSSL_ECP_DP_SECP192R1 ) ) != 0 )
25 return( ret );
26
27 return ecp_gen_keypair( &pk_ec( *pk )->grp, &pk_ec( *pk )->d,
28 &pk_ec( *pk )->Q, rnd_std_rand, NULL );
29 }
30#endif
31 return( -1 );
32}
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +020033
34#if defined(POLARSSL_RSA_C)
35int rsa_decrypt_func( void *ctx, int mode, size_t *olen,
36 const unsigned char *input, unsigned char *output,
37 size_t output_max_len )
38{
39 return( rsa_pkcs1_decrypt( (rsa_context *) ctx, NULL, NULL, mode, olen,
40 input, output, output_max_len ) );
41}
42int rsa_sign_func( void *ctx,
43 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
44 int mode, md_type_t md_alg, unsigned int hashlen,
45 const unsigned char *hash, unsigned char *sig )
46{
47 return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode,
48 md_alg, hashlen, hash, sig ) );
49}
50size_t rsa_key_len_func( void *ctx )
51{
52 return( ((const rsa_context *) ctx)->len );
53}
54#endif /* POLARSSL_RSA_C */
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +020055/* END_HEADER */
56
57/* BEGIN_DEPENDENCIES
58 * depends_on:POLARSSL_PK_C
59 * END_DEPENDENCIES
60 */
61
62/* BEGIN_CASE */
63void pk_utils( int type, int size, int len, char *name )
64{
65 pk_context pk;
66
67 pk_init( &pk );
68
69 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
70 TEST_ASSERT( pk_genkey( &pk ) == 0 );
71
72 TEST_ASSERT( (int) pk_get_type( &pk ) == type );
73 TEST_ASSERT( pk_can_do( &pk, type ) );
74 TEST_ASSERT( pk_get_size( &pk ) == (unsigned) size );
75 TEST_ASSERT( pk_get_len( &pk ) == (unsigned) len );
76 TEST_ASSERT( strcmp( pk_get_name( &pk), name ) == 0 );
77
Paul Bakkerbd51b262014-07-10 15:26:12 +020078exit:
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +020079 pk_free( &pk );
80}
81/* END_CASE */
82
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +010083/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C */
84void pk_check_pair( char *pub_file, char *prv_file, int ret )
85{
86 pk_context pub, prv;
87
88 pk_init( &pub );
89 pk_init( &prv );
90
91 TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
92 TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
93
94 TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
95
96 pk_free( &pub );
97 pk_free( &prv );
98}
99/* END_CASE */
100
Manuel Pégourié-Gonnarddfab4c12014-01-22 15:45:04 +0100101/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
Paul Bakker42099c32014-01-27 11:45:49 +0100102void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200103 int mod, int radix_N, char *input_N, int radix_E,
104 char *input_E, char *result_hex_str, int result )
105{
106 unsigned char message_str[1000];
107 unsigned char hash_result[1000];
108 unsigned char result_str[1000];
Paul Bakker42099c32014-01-27 11:45:49 +0100109 rsa_context *rsa;
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200110 pk_context pk;
111 int msg_len;
112
113 pk_init( &pk );
114
115 memset( message_str, 0x00, 1000 );
116 memset( hash_result, 0x00, 1000 );
117 memset( result_str, 0x00, 1000 );
118
119 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
Paul Bakker42099c32014-01-27 11:45:49 +0100120 rsa = pk_rsa( pk );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200121
Paul Bakker42099c32014-01-27 11:45:49 +0100122 rsa->len = mod / 8;
123 TEST_ASSERT( mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
124 TEST_ASSERT( mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200125
126 msg_len = unhexify( message_str, message_hex_string );
127 unhexify( result_str, result_hex_str );
128
129 if( md_info_from_type( digest ) != NULL )
130 TEST_ASSERT( md( md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
131
132 TEST_ASSERT( pk_verify( &pk, digest, hash_result, 0,
133 result_str, pk_get_len( &pk ) ) == result );
134
Paul Bakkerbd51b262014-07-10 15:26:12 +0200135exit:
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200136 pk_free( &pk );
137}
138/* END_CASE */
139
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200140/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
141void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
142 int mod, int radix_N, char *input_N, int radix_E,
143 char *input_E, char *result_hex_str,
144 int pk_type, int mgf1_hash_id, int salt_len,
145 int result )
146{
147 unsigned char message_str[1000];
148 unsigned char hash_result[1000];
149 unsigned char result_str[1000];
150 rsa_context *rsa;
151 pk_context pk;
152 pk_rsassa_pss_options pss_opts;
153 void *options;
154 int msg_len;
155 size_t hash_len;
156
157 pk_init( &pk );
158
159 memset( message_str, 0x00, 1000 );
160 memset( hash_result, 0x00, 1000 );
161 memset( result_str, 0x00, 1000 );
162
163 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
164 rsa = pk_rsa( pk );
165
166 rsa->len = mod / 8;
167 TEST_ASSERT( mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
168 TEST_ASSERT( mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
169
170 msg_len = unhexify( message_str, message_hex_string );
171 unhexify( result_str, result_hex_str );
172
173 if( digest != POLARSSL_MD_NONE )
174 {
175 TEST_ASSERT( md( md_info_from_type( digest ),
176 message_str, msg_len, hash_result ) == 0 );
177 hash_len = 0;
178 }
179 else
180 {
181 memcpy( hash_result, message_str, msg_len );
182 hash_len = msg_len;
183 }
184
185 if( mgf1_hash_id < 0 )
186 {
187 options = NULL;
188 }
189 else
190 {
191 options = &pss_opts;
192
193 pss_opts.mgf1_hash_id = mgf1_hash_id;
194 pss_opts.expected_salt_len = salt_len;
195 }
196
197 TEST_ASSERT( pk_verify_ext( pk_type, options, &pk,
198 digest, hash_result, hash_len,
199 result_str, pk_get_len( &pk ) ) == result );
200
Paul Bakkerbd51b262014-07-10 15:26:12 +0200201exit:
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200202 pk_free( &pk );
203}
204/* END_CASE */
205
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200206/* BEGIN_CASE depends_on:POLARSSL_ECDSA_C */
207void pk_ec_test_vec( int type, int id, char *key_str,
208 char *hash_str, char * sig_str, int ret )
209{
210 pk_context pk;
211 ecp_keypair *eckey;
212 unsigned char hash[100], sig[500], key[500];
213 size_t hash_len, sig_len, key_len;
214
215 pk_init( &pk );
216
217 memset( hash, 0, sizeof( hash ) ); hash_len = unhexify(hash, hash_str);
218 memset( sig, 0, sizeof( sig ) ); sig_len = unhexify(sig, sig_str);
219 memset( key, 0, sizeof( key ) ); key_len = unhexify(key, key_str);
220
221 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
222
223 TEST_ASSERT( pk_can_do( &pk, POLARSSL_PK_ECDSA ) );
224 eckey = pk_ec( pk );
225
226 TEST_ASSERT( ecp_use_known_dp( &eckey->grp, id ) == 0 );
227 TEST_ASSERT( ecp_point_read_binary( &eckey->grp, &eckey->Q,
228 key, key_len ) == 0 );
229
230 TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE,
231 hash, hash_len, sig, sig_len ) == ret );
232
Paul Bakkerbd51b262014-07-10 15:26:12 +0200233exit:
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200234 pk_free( &pk );
235}
236/* END_CASE */
237
238/* BEGIN_CASE */
239void pk_sign_verify( int type, int sign_ret, int verify_ret )
240{
241 pk_context pk;
242 unsigned char hash[50], sig[5000];
243 size_t sig_len;
244
245 pk_init( &pk );
246
247 memset( hash, 0x2a, sizeof hash );
248 memset( sig, 0, sizeof sig );
249
250 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
251 TEST_ASSERT( pk_genkey( &pk ) == 0 );
252
253 TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, hash, sizeof hash,
254 sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
255
256 TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE,
257 hash, sizeof hash, sig, sig_len ) == verify_ret );
258
Paul Bakkerbd51b262014-07-10 15:26:12 +0200259exit:
Manuel Pégourié-Gonnardb0a467f2013-09-21 12:31:05 +0200260 pk_free( &pk );
261}
262/* END_CASE */
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200263
264/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
265void pk_rsa_encrypt_test_vec( char *message_hex, int mod,
266 int radix_N, char *input_N,
267 int radix_E, char *input_E,
268 char *result_hex, int ret )
269{
270 unsigned char message[1000];
271 unsigned char output[1000];
272 unsigned char result[1000];
273 size_t msg_len, olen, res_len;
274 rnd_pseudo_info rnd_info;
275 rsa_context *rsa;
276 pk_context pk;
277
278 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
279 memset( message, 0, sizeof( message ) );
280 memset( output, 0, sizeof( output ) );
281 memset( result, 0, sizeof( result ) );
282
283 msg_len = unhexify( message, message_hex );
284 res_len = unhexify( result, result_hex );
285
286 pk_init( &pk );
287 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
288 rsa = pk_rsa( pk );
289
290 rsa->len = mod / 8;
291 TEST_ASSERT( mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
292 TEST_ASSERT( mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
293
294 TEST_ASSERT( pk_encrypt( &pk, message, msg_len,
295 output, &olen, sizeof( output ),
296 rnd_pseudo_rand, &rnd_info ) == ret );
297 TEST_ASSERT( olen == res_len );
298 TEST_ASSERT( memcmp( output, result, olen ) == 0 );
299
Paul Bakkerbd51b262014-07-10 15:26:12 +0200300exit:
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200301 pk_free( &pk );
302}
303/* END_CASE */
304
305/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
306void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod,
307 int radix_P, char *input_P,
308 int radix_Q, char *input_Q,
309 int radix_N, char *input_N,
310 int radix_E, char *input_E,
311 char *clear_hex, int ret )
312{
313 unsigned char clear[1000];
314 unsigned char output[1000];
315 unsigned char cipher[1000];
316 size_t clear_len, olen, cipher_len;
317 rnd_pseudo_info rnd_info;
318 mpi P1, Q1, H, G;
319 rsa_context *rsa;
320 pk_context pk;
321
322 pk_init( &pk );
323 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
324
325 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
326 memset( clear, 0, sizeof( clear ) );
327 memset( cipher, 0, sizeof( cipher ) );
328
329 clear_len = unhexify( clear, clear_hex );
330 cipher_len = unhexify( cipher, cipher_hex );
331
332 /* init pk-rsa context */
333 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
334 rsa = pk_rsa( pk );
335
336 /* load public key */
337 rsa->len = mod / 8;
338 TEST_ASSERT( mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
339 TEST_ASSERT( mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
340
341 /* load private key */
342 TEST_ASSERT( mpi_read_string( &rsa->P, radix_P, input_P ) == 0 );
343 TEST_ASSERT( mpi_read_string( &rsa->Q, radix_Q, input_Q ) == 0 );
344 TEST_ASSERT( mpi_sub_int( &P1, &rsa->P, 1 ) == 0 );
345 TEST_ASSERT( mpi_sub_int( &Q1, &rsa->Q, 1 ) == 0 );
346 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
347 TEST_ASSERT( mpi_gcd( &G, &rsa->E, &H ) == 0 );
348 TEST_ASSERT( mpi_inv_mod( &rsa->D , &rsa->E, &H ) == 0 );
349 TEST_ASSERT( mpi_mod_mpi( &rsa->DP, &rsa->D, &P1 ) == 0 );
350 TEST_ASSERT( mpi_mod_mpi( &rsa->DQ, &rsa->D, &Q1 ) == 0 );
351 TEST_ASSERT( mpi_inv_mod( &rsa->QP, &rsa->Q, &rsa->P ) == 0 );
352
353 /* decryption test */
354 memset( output, 0, sizeof( output ) );
355 olen = 0;
356 TEST_ASSERT( pk_decrypt( &pk, cipher, cipher_len,
357 output, &olen, sizeof( output ),
358 rnd_pseudo_rand, &rnd_info ) == ret );
359 if( ret == 0 )
360 {
361 TEST_ASSERT( olen == clear_len );
362 TEST_ASSERT( memcmp( output, clear, olen ) == 0 );
363 }
364
Paul Bakkerbd51b262014-07-10 15:26:12 +0200365exit:
Manuel Pégourié-Gonnard67d45832013-10-17 12:34:16 +0200366 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
367 pk_free( &pk );
368}
369/* END_CASE */
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200370
371/* BEGIN_CASE */
372void pk_ec_nocrypt( int type )
373{
374 pk_context pk;
375 unsigned char output[100];
376 unsigned char input[100];
377 rnd_pseudo_info rnd_info;
378 size_t olen = 0;
379 int ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
380
381 pk_init( &pk );
382
383 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
384 memset( output, 0, sizeof( output ) );
385 memset( input, 0, sizeof( input ) );
386
387 TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
388
389 TEST_ASSERT( pk_encrypt( &pk, input, sizeof( input ),
390 output, &olen, sizeof( output ),
391 rnd_pseudo_rand, &rnd_info ) == ret );
392
393 TEST_ASSERT( pk_decrypt( &pk, input, sizeof( input ),
394 output, &olen, sizeof( output ),
395 rnd_pseudo_rand, &rnd_info ) == ret );
396
Paul Bakkerbd51b262014-07-10 15:26:12 +0200397exit:
Manuel Pégourié-Gonnard75c78822013-10-17 12:46:39 +0200398 pk_free( &pk );
399}
400/* END_CASE */
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200401
402/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
403void pk_rsa_alt( )
404{
405 /*
406 * An rsa_alt context can only do private operations (decrypt, sign).
407 * Test it against the public operations (encrypt, verify) of a
408 * corresponding rsa context.
409 */
410 rsa_context raw;
411 pk_context rsa, alt;
412 pk_debug_item dbg_items[10];
413 unsigned char hash[50], sig[1000];
414 unsigned char msg[50], ciph[1000], test[1000];
415 size_t sig_len, ciph_len, test_len;
416 int ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
417
418 rsa_init( &raw, RSA_PKCS_V15, POLARSSL_MD_NONE );
419 pk_init( &rsa ); pk_init( &alt );
420
421 memset( hash, 0x2a, sizeof hash );
422 memset( sig, 0, sizeof sig );
423 memset( msg, 0x2a, sizeof msg );
424 memset( ciph, 0, sizeof ciph );
425 memset( test, 0, sizeof test );
426
427 /* Initiliaze PK RSA context with random key */
428 TEST_ASSERT( pk_init_ctx( &rsa,
429 pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 );
430 TEST_ASSERT( pk_genkey( &rsa ) == 0 );
431
432 /* Extract key to the raw rsa context */
433 TEST_ASSERT( rsa_copy( &raw, pk_rsa( rsa ) ) == 0 );
434
435 /* Initialize PK RSA_ALT context */
436 TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, (void *) &raw,
437 rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 );
438
439 /* Test administrative functions */
440 TEST_ASSERT( pk_can_do( &alt, POLARSSL_PK_RSA ) );
441 TEST_ASSERT( pk_get_size( &alt ) == RSA_KEY_SIZE );
442 TEST_ASSERT( pk_get_len( &alt ) == RSA_KEY_LEN );
443 TEST_ASSERT( pk_get_type( &alt ) == POLARSSL_PK_RSA_ALT );
444 TEST_ASSERT( strcmp( pk_get_name( &alt ), "RSA-alt" ) == 0 );
445
446 /* Test signature */
447 TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, sizeof hash,
448 sig, &sig_len, rnd_std_rand, NULL ) == 0 );
449 TEST_ASSERT( sig_len == RSA_KEY_LEN );
450 TEST_ASSERT( pk_verify( &rsa, POLARSSL_MD_NONE,
451 hash, sizeof hash, sig, sig_len ) == 0 );
452
453 /* Test decrypt */
454 TEST_ASSERT( pk_encrypt( &rsa, msg, sizeof msg,
455 ciph, &ciph_len, sizeof ciph,
456 rnd_std_rand, NULL ) == 0 );
457 TEST_ASSERT( pk_decrypt( &alt, ciph, ciph_len,
458 test, &test_len, sizeof test,
459 rnd_std_rand, NULL ) == 0 );
460 TEST_ASSERT( test_len == sizeof msg );
461 TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
462
463 /* Test forbidden operations */
464 TEST_ASSERT( pk_encrypt( &alt, msg, sizeof msg,
465 ciph, &ciph_len, sizeof ciph,
466 rnd_std_rand, NULL ) == ret );
467 TEST_ASSERT( pk_verify( &alt, POLARSSL_MD_NONE,
468 hash, sizeof hash, sig, sig_len ) == ret );
469 TEST_ASSERT( pk_debug( &alt, dbg_items ) == ret );
470
Paul Bakkerbd51b262014-07-10 15:26:12 +0200471exit:
Manuel Pégourié-Gonnard01488752014-04-03 22:09:18 +0200472 rsa_free( &raw );
473 pk_free( &rsa ); pk_free( &alt );
474}
475/* END_CASE */