TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a47023e4d55bef26a5b25409b266e1dccc77de97 / . / tests / suites / test_suite_rsa.function
blob: 639bcb89dcd475b103117484e9b556239a580f19 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +0100[diff] [blame]3#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]21void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]22 int mod, int radix_P, char *input_P, int radix_Q,
23 char *input_Q, int radix_N, char *input_N, int radix_E,
24 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]25{
26 unsigned char message_str[1000];
27 unsigned char hash_result[1000];
28 unsigned char output[1000];
29 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]31 mbedtls_mpi N, P, Q, E;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]32 int msg_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]33 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]34
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]35 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
36 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]38
39 memset( message_str, 0x00, 1000 );
40 memset( hash_result, 0x00, 1000 );
41 memset( output, 0x00, 1000 );
42 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]43 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]44
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]45 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
47 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
48 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]49
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]50 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
51 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]52 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]53 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]54
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]55 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]56
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 if( mbedtls_md_info_from_type( digest ) != NULL )
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]58 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
59 message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]60
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]61 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
62 MBEDTLS_RSA_PRIVATE, digest, 0,
63 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]64 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]65 {
66 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]67
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]68 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]69 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]70
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]71exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]72 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
73 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]74 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]75}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]76/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]78/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]80 int mod, int radix_N, char *input_N, int radix_E,
81 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]82{
83 unsigned char message_str[1000];
84 unsigned char hash_result[1000];
85 unsigned char result_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86 mbedtls_rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]87 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]88
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]89 mbedtls_mpi N, E;
90
91 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]93 memset( message_str, 0x00, 1000 );
94 memset( hash_result, 0x00, 1000 );
95 memset( result_str, 0x00, 1000 );
96
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]97 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
98 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
99 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
100 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]102
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]103 msg_len = unhexify( message_str, message_hex_string );
104 unhexify( result_str, result_hex_str );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]105
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]106 if( mbedtls_md_info_from_type( digest ) != NULL )
107 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]108
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]109 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]110
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]111exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]112 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]114}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]115/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]116
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]117
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]118/* BEGIN_CASE */
119void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
120 int padding_mode, int mod, int radix_P, char *input_P,
121 int radix_Q, char *input_Q, int radix_N,
122 char *input_N, int radix_E, char *input_E,
123 char *result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]124{
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]125 int res;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]126 unsigned char message_str[1000];
127 unsigned char hash_result[1000];
128 unsigned char output[1000];
129 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]130 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]131 mbedtls_mpi N, P, Q, E;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]132 int hash_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]133 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]134
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]135 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]136 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
137 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]138
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]139 memset( message_str, 0x00, 1000 );
140 memset( hash_result, 0x00, 1000 );
141 memset( output, 0x00, 1000 );
142 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]143 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]144
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]145 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
146 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
147 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
148 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]149
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]150 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
151 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]152 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]153 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]154
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]155 unhexify( message_str, message_hex_string );
156 hash_len = unhexify( hash_result, hash_result_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]157
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]158 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
159 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
160 hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]161
162 hexify( output_str, output, ctx.len );
163
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]164 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]165
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]166 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]168 {
169 memset( output, 0x00, 1000 );
170 memset( output_str, 0x00, 1000 );
171
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]172 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]173 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]174 hash_len, hash_result, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]175
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]176#if !defined(MBEDTLS_RSA_ALT)
177 TEST_ASSERT( res == 0 );
178#else
179 TEST_ASSERT( ( res == 0 ) ||
180 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
181#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]182
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]183 if( res == 0 )
184 {
185 hexify( output_str, output, ctx.len );
186 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
187 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]188 }
189
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]190exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]191 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
192 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
193
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]194 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]195}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]196/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]198/* BEGIN_CASE */
199void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
200 int padding_mode, int mod, int radix_N,
201 char *input_N, int radix_E, char *input_E,
202 char *result_hex_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]203{
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]204 int res;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205 unsigned char message_str[1000];
206 unsigned char hash_result[1000];
207 unsigned char result_str[1000];
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]208 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]209 mbedtls_rsa_context ctx;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]210 size_t hash_len, olen;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]211
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]212 mbedtls_mpi N, E;
213 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
214
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]215 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]216 memset( message_str, 0x00, 1000 );
217 memset( hash_result, 0x00, 1000 );
218 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]219 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]220
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]221 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
222 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]223
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]224 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
225 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]226 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]227
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]228 unhexify( message_str, message_hex_string );
229 hash_len = unhexify( hash_result, hash_result_string );
230 unhexify( result_str, result_hex_str );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]231
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]232 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
233 MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
234 hash_len, hash_result,
235 result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]236
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]237 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]238 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]239 {
240 int ok;
241
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]242 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]244 &olen, result_str, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]245
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]246#if !defined(MBEDTLS_RSA_ALT)
247 TEST_ASSERT( res == 0 );
248#else
249 TEST_ASSERT( ( res == 0 ) ||
250 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
251#endif
252
253 if( res == 0 )
254 {
255 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
256 if( correct == 0 )
257 TEST_ASSERT( ok == 1 );
258 else
259 TEST_ASSERT( ok == 0 );
260 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]261 }
262
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]263exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]264 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]265 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]266}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]267/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]268
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]269/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]270void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]271 int radix_N, char *input_N, int radix_E, char *input_E,
272 char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]273{
274 unsigned char message_str[1000];
275 unsigned char output[1000];
276 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]277 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]278 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]279 rnd_pseudo_info rnd_info;
280
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]281 mbedtls_mpi N, E;
282 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
283
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]284 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]285
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]286 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]287 memset( message_str, 0x00, 1000 );
288 memset( output, 0x00, 1000 );
289 memset( output_str, 0x00, 1000 );
290
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]291 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
292 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]293
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]294 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
295 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]296 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]297
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]298 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]299
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]300 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
301 MBEDTLS_RSA_PUBLIC, msg_len,
302 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]303 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]304 {
305 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]306
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]307 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]308 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]309
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]310exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]311 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]312 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]313}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]314/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]315
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]316/* BEGIN_CASE */
317void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
318 int mod, int radix_N, char *input_N,
319 int radix_E, char *input_E,
320 char *result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]321{
322 unsigned char message_str[1000];
323 unsigned char output[1000];
324 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]325 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]326 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]327
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]328 mbedtls_mpi N, E;
329
330 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]331 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]332 memset( message_str, 0x00, 1000 );
333 memset( output, 0x00, 1000 );
334 memset( output_str, 0x00, 1000 );
335
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]336 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
337 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]338
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]339 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
340 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]341 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]342
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]343 msg_len = unhexify( message_str, message_hex_string );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]344
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]345 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
346 MBEDTLS_RSA_PUBLIC, msg_len,
347 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]348 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]349 {
350 hexify( output_str, output, ctx.len );
351
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]352 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]353 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]354
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]355exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]356 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]357 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]358}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]359/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]360
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]361/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]363 int radix_P, char *input_P, int radix_Q, char *input_Q,
364 int radix_N, char *input_N, int radix_E, char *input_E,
365 int max_output, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]366{
367 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]368 unsigned char output[1000];
369 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]370 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]371 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]372 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]373 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]374
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]375 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
376 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
377
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]378 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]379
380 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]381 memset( output, 0x00, 1000 );
382 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]383 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]384
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]385
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]386 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
387 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
388 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
389 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]390
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]391 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
392 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]393 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]394 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]395
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]396 unhexify( message_str, message_hex_string );
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]397 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]398
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]400 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]401 {
402 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]403
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]404 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]405 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]406
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]407exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]408 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
409 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]410 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]411}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]412/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]413
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]414/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]416 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]417{
418 unsigned char message_str[1000];
419 unsigned char output[1000];
420 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]421 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]422
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]423 mbedtls_mpi N, E;
424
425 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
427 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]428 memset( message_str, 0x00, 1000 );
429 memset( output, 0x00, 1000 );
430 memset( output_str, 0x00, 1000 );
431
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]432 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
433 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]434
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]435 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
436 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]437 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]438
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]439 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]440
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]441 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]442 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]443 {
444 hexify( output_str, output, ctx.len );
445
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]446 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]447 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]448
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]449 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]450 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]451 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]453
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]454 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]455
456 memset( output, 0x00, 1000 );
457 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]458 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]459 if( result == 0 )
460 {
461 hexify( output_str, output, ctx2.len );
462
463 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
464 }
465
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]466exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]467 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]468 mbedtls_rsa_free( &ctx );
469 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]470}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]471/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]472
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]473/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]474void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]475 int radix_Q, char *input_Q, int radix_N, char *input_N,
476 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]477{
478 unsigned char message_str[1000];
479 unsigned char output[1000];
480 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]482 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]483 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]484 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]485
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]486 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
487 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]488 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
489 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]490
491 memset( message_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]492 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]493
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]494 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
495 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
496 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
497 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]498
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]499 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
500 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]501 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]502 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]503
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]504 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]505
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]506 /* repeat three times to test updating of blinding values */
507 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]508 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]509 memset( output, 0x00, 1000 );
510 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]511 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]512 message_str, output ) == result );
513 if( result == 0 )
514 {
515 hexify( output_str, output, ctx.len );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]516
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]517 TEST_ASSERT( strcasecmp( (char *) output_str,
518 result_hex_str ) == 0 );
519 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]520 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]521
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]522 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]523 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]524 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]525 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]526
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]528
529 memset( output, 0x00, 1000 );
530 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]532 message_str, output ) == result );
533 if( result == 0 )
534 {
535 hexify( output_str, output, ctx2.len );
536
537 TEST_ASSERT( strcasecmp( (char *) output_str,
538 result_hex_str ) == 0 );
539 }
540
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]541exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]542 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
543 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
544
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]545 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]546}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]547/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]548
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]549/* BEGIN_CASE */
550void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]551{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]552 mbedtls_rsa_context ctx;
553 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]554
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]556}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]557/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]558
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]559/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]560void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]561 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]562{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]564 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]565
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]566 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]567 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]568
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]569 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]570 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]571 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]572 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]573 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]574 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]575 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]576 }
577
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]578 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]579 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]580
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]581exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]582 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]584}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]585/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]586
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]587/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]588void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]589 char *input_Q, int radix_N, char *input_N,
590 int radix_E, char *input_E, int radix_D, char *input_D,
591 int radix_DP, char *input_DP, int radix_DQ,
592 char *input_DQ, int radix_QP, char *input_QP,
593 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]594{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]596
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]597 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]598
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]599 ctx.len = mod / 8;
600 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]601 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]602 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]603 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]604 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]605 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]606 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]607 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]608 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]609 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]610 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]611 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]612 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]613 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]614 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]615 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]616 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]617 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]618 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]619 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]620#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]621 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]622 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]623 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]624 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]625 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]626 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]627 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]628 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]629 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]630 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]631 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]632 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]633#else
634 ((void) radix_DP); ((void) input_DP);
635 ((void) radix_DQ); ((void) input_DQ);
636 ((void) radix_QP); ((void) input_QP);
637#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]638
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]640
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]641exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]642 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]643}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]644/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]645
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]646/* BEGIN_CASE */
647void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
648 int radix_Epub, char *input_Epub,
649 int radix_P, char *input_P, int radix_Q,
650 char *input_Q, int radix_N, char *input_N,
651 int radix_E, char *input_E, int radix_D, char *input_D,
652 int radix_DP, char *input_DP, int radix_DQ,
653 char *input_DQ, int radix_QP, char *input_QP,
654 int result )
655{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]656 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]657
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]658 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
659 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]660
661 pub.len = mod / 8;
662 prv.len = mod / 8;
663
664 if( strlen( input_Npub ) )
665 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]666 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]667 }
668 if( strlen( input_Epub ) )
669 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]670 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]671 }
672
673 if( strlen( input_P ) )
674 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]675 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]676 }
677 if( strlen( input_Q ) )
678 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]679 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]680 }
681 if( strlen( input_N ) )
682 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]683 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]684 }
685 if( strlen( input_E ) )
686 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]687 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]688 }
689 if( strlen( input_D ) )
690 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]691 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]692 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]693#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]694 if( strlen( input_DP ) )
695 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]697 }
698 if( strlen( input_DQ ) )
699 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]700 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]701 }
702 if( strlen( input_QP ) )
703 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]704 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]705 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]706#else
707 ((void) radix_DP); ((void) input_DP);
708 ((void) radix_DQ); ((void) input_DQ);
709 ((void) radix_QP); ((void) input_QP);
710#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]711
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]712 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]713
714exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715 mbedtls_rsa_free( &pub );
716 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]717}
718/* END_CASE */
719
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]720/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]721void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]722{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]723 mbedtls_rsa_context ctx;
724 mbedtls_entropy_context entropy;
725 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]726 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]727
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]728 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]729 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]730 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]731
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame^]732 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
733 &entropy, (const unsigned char *) pers,
734 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]735
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]736 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]737 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]738 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]739 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]740 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]741 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]742
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]743exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]744 mbedtls_rsa_free( &ctx );
745 mbedtls_ctr_drbg_free( &ctr_drbg );
746 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]747}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]748/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]749
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]750/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]751void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]752 int radix_D, char *input_D,
753 int radix_E, char *input_E,
754 int radix_P, char *output_P,
755 int radix_Q, char *output_Q,
756 int corrupt, int result )
757{
758 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
759
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]760 mbedtls_mpi_init( &N );
761 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
762 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
763 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
764
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]765 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
766 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
767 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
768 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
769 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
770
771 if( corrupt )
772 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
773
774 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]775 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]776
777 if( !corrupt )
778 {
779 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
780 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
781 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
782 }
783
784exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]785 mbedtls_mpi_free( &N );
786 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
787 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
788 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]789}
790/* END_CASE */
791
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]792/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]793void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
794 int radix_Q, char *input_Q,
795 int radix_E, char *input_E,
796 int radix_D, char *output_D,
797 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]798{
799 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
800
801 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
802 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
803 mbedtls_mpi_init( &E );
804 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
805
806 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
807 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
808 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
809 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
810
811 if( corrupt )
812 {
813 /* Make E even */
814 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
815 }
816
817 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]818 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
819 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]820
821 if( !corrupt )
822 {
823 /*
824 * Check that D and Dp agree modulo LCM(P-1, Q-1).
825 */
826
827 /* Replace P,Q by P-1, Q-1 */
828 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
829 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
830
831 /* Check D == Dp modulo P-1 */
832 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
833 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
834 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
835
836 /* Check D == Dp modulo Q-1 */
837 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
838 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
839 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
840 }
841
842exit:
843
844 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
845 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
846 mbedtls_mpi_free( &E );
847 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
848}
849/* END_CASE */
850
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]851/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]852void mbedtls_rsa_import( int radix_N, char *input_N,
853 int radix_P, char *input_P,
854 int radix_Q, char *input_Q,
855 int radix_D, char *input_D,
856 int radix_E, char *input_E,
857 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]858 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]859 int res_check,
860 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]861{
862 mbedtls_mpi N, P, Q, D, E;
863 mbedtls_rsa_context ctx;
864
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]865 /* Buffers used for encryption-decryption test */
866 unsigned char *buf_orig = NULL;
867 unsigned char *buf_enc = NULL;
868 unsigned char *buf_dec = NULL;
869
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]870 mbedtls_entropy_context entropy;
871 mbedtls_ctr_drbg_context ctr_drbg;
872 const char *pers = "test_suite_rsa";
873
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]874 const int have_N = ( strlen( input_N ) > 0 );
875 const int have_P = ( strlen( input_P ) > 0 );
876 const int have_Q = ( strlen( input_Q ) > 0 );
877 const int have_D = ( strlen( input_D ) > 0 );
878 const int have_E = ( strlen( input_E ) > 0 );
879
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]880 mbedtls_ctr_drbg_init( &ctr_drbg );
881
882 mbedtls_entropy_init( &entropy );
883 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
884 (const unsigned char *) pers, strlen( pers ) ) == 0 );
885
886 mbedtls_rsa_init( &ctx, 0, 0 );
887
888 mbedtls_mpi_init( &N );
889 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
890 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
891
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]892 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]893 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
894
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]895 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]896 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
897
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]898 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]899 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
900
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]901 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]902 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
903
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]904 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]905 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
906
907 if( !successive )
908 {
909 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]910 have_N ? &N : NULL,
911 have_P ? &P : NULL,
912 have_Q ? &Q : NULL,
913 have_D ? &D : NULL,
914 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]915 }
916 else
917 {
918 /* Import N, P, Q, D, E separately.
919 * This should make no functional difference. */
920
921 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]922 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]923 NULL, NULL, NULL, NULL ) == 0 );
924
925 TEST_ASSERT( mbedtls_rsa_import( &ctx,
926 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]927 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]928 NULL, NULL, NULL ) == 0 );
929
930 TEST_ASSERT( mbedtls_rsa_import( &ctx,
931 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]932 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]933 NULL, NULL ) == 0 );
934
935 TEST_ASSERT( mbedtls_rsa_import( &ctx,
936 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]937 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]938 NULL ) == 0 );
939
940 TEST_ASSERT( mbedtls_rsa_import( &ctx,
941 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]942 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]943 }
944
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]945 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]946
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]947 /* On expected success, perform some public and private
948 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]949 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]950 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]951 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]952 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
953 else
954 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
955
956 if( res_check != 0 )
957 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]958
959 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
960 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
961 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
962 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
963 goto exit;
964
965 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
966 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
967
968 /* Make sure the number we're generating is smaller than the modulus */
969 buf_orig[0] = 0x00;
970
971 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
972
973 if( is_priv )
974 {
975 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
976 &ctr_drbg, buf_enc,
977 buf_dec ) == 0 );
978
979 TEST_ASSERT( memcmp( buf_orig, buf_dec,
980 mbedtls_rsa_get_len( &ctx ) ) == 0 );
981 }
982 }
983
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]984exit:
985
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]986 mbedtls_free( buf_orig );
987 mbedtls_free( buf_enc );
988 mbedtls_free( buf_dec );
989
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]990 mbedtls_rsa_free( &ctx );
991
992 mbedtls_ctr_drbg_free( &ctr_drbg );
993 mbedtls_entropy_free( &entropy );
994
995 mbedtls_mpi_free( &N );
996 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
997 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
998}
999/* END_CASE */
1000
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1001/* BEGIN_CASE */
1002void mbedtls_rsa_export( int radix_N, char *input_N,
1003 int radix_P, char *input_P,
1004 int radix_Q, char *input_Q,
1005 int radix_D, char *input_D,
1006 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1007 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1008 int successive )
1009{
1010 /* Original MPI's with which we set up the RSA context */
1011 mbedtls_mpi N, P, Q, D, E;
1012
1013 /* Exported MPI's */
1014 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1015
1016 const int have_N = ( strlen( input_N ) > 0 );
1017 const int have_P = ( strlen( input_P ) > 0 );
1018 const int have_Q = ( strlen( input_Q ) > 0 );
1019 const int have_D = ( strlen( input_D ) > 0 );
1020 const int have_E = ( strlen( input_E ) > 0 );
1021
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1022 mbedtls_rsa_context ctx;
1023
1024 mbedtls_rsa_init( &ctx, 0, 0 );
1025
1026 mbedtls_mpi_init( &N );
1027 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1028 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1029
1030 mbedtls_mpi_init( &Ne );
1031 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1032 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1033
1034 /* Setup RSA context */
1035
1036 if( have_N )
1037 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1038
1039 if( have_P )
1040 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1041
1042 if( have_Q )
1043 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1044
1045 if( have_D )
1046 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1047
1048 if( have_E )
1049 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1050
1051 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1052 strlen( input_N ) ? &N : NULL,
1053 strlen( input_P ) ? &P : NULL,
1054 strlen( input_Q ) ? &Q : NULL,
1055 strlen( input_D ) ? &D : NULL,
1056 strlen( input_E ) ? &E : NULL ) == 0 );
1057
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1058 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1059
1060 /*
1061 * Export parameters and compare to original ones.
1062 */
1063
1064 /* N and E must always be present. */
1065 if( !successive )
1066 {
1067 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1068 }
1069 else
1070 {
1071 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1072 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1073 }
1074 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1075 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1076
1077 /* If we were providing enough information to setup a complete private context,
1078 * we expect to be able to export all core parameters. */
1079
1080 if( is_priv )
1081 {
1082 if( !successive )
1083 {
1084 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1085 &De, NULL ) == 0 );
1086 }
1087 else
1088 {
1089 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1090 NULL, NULL ) == 0 );
1091 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1092 NULL, NULL ) == 0 );
1093 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1094 &De, NULL ) == 0 );
1095 }
1096
1097 if( have_P )
1098 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1099
1100 if( have_Q )
1101 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1102
1103 if( have_D )
1104 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1105
1106 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1107 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1108 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1109 }
1110
1111exit:
1112
1113 mbedtls_rsa_free( &ctx );
1114
1115 mbedtls_mpi_free( &N );
1116 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1117 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1118
1119 mbedtls_mpi_free( &Ne );
1120 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1121 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1122}
1123/* END_CASE */
1124
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1125/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1126void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1127 int radix_P, char *input_P,
1128 int radix_Q, char *input_Q,
1129 int radix_D, char *input_D,
1130 int radix_E, char *input_E,
1131 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1132{
1133 /* Original MPI's with which we set up the RSA context */
1134 mbedtls_mpi N, P, Q, D, E;
1135
1136 const int have_N = ( strlen( input_N ) > 0 );
1137 const int have_P = ( strlen( input_P ) > 0 );
1138 const int have_Q = ( strlen( input_Q ) > 0 );
1139 const int have_D = ( strlen( input_D ) > 0 );
1140 const int have_E = ( strlen( input_E ) > 0 );
1141
1142 mbedtls_entropy_context entropy;
1143 mbedtls_ctr_drbg_context ctr_drbg;
1144 const char *pers = "test_suite_rsa";
1145
1146 mbedtls_mpi_init( &N );
1147 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1148 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1149
1150 mbedtls_ctr_drbg_init( &ctr_drbg );
1151 mbedtls_entropy_init( &entropy );
1152 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1153 &entropy, (const unsigned char *) pers,
1154 strlen( pers ) ) == 0 );
1155
1156 if( have_N )
1157 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1158
1159 if( have_P )
1160 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1161
1162 if( have_Q )
1163 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1164
1165 if( have_D )
1166 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1167
1168 if( have_E )
1169 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1170
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1171 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1172 have_P ? &P : NULL,
1173 have_Q ? &Q : NULL,
1174 have_D ? &D : NULL,
1175 have_E ? &E : NULL,
1176 prng ? mbedtls_ctr_drbg_random : NULL,
1177 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1178exit:
1179
1180 mbedtls_ctr_drbg_free( &ctr_drbg );
1181 mbedtls_entropy_free( &entropy );
1182
1183 mbedtls_mpi_free( &N );
1184 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1185 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1186}
1187/* END_CASE */
1188
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1189/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1190void mbedtls_rsa_export_raw( char *input_N, char *input_P,
1191 char *input_Q, char *input_D,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1192 char *input_E, int is_priv,
1193 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1194{
1195 /* Original raw buffers with which we set up the RSA context */
1196 unsigned char bufN[1000];
1197 unsigned char bufP[1000];
1198 unsigned char bufQ[1000];
1199 unsigned char bufD[1000];
1200 unsigned char bufE[1000];
1201
1202 size_t lenN = 0;
1203 size_t lenP = 0;
1204 size_t lenQ = 0;
1205 size_t lenD = 0;
1206 size_t lenE = 0;
1207
1208 /* Exported buffers */
1209 unsigned char bufNe[ sizeof( bufN ) ];
1210 unsigned char bufPe[ sizeof( bufP ) ];
1211 unsigned char bufQe[ sizeof( bufQ ) ];
1212 unsigned char bufDe[ sizeof( bufD ) ];
1213 unsigned char bufEe[ sizeof( bufE ) ];
1214
1215 const int have_N = ( strlen( input_N ) > 0 );
1216 const int have_P = ( strlen( input_P ) > 0 );
1217 const int have_Q = ( strlen( input_Q ) > 0 );
1218 const int have_D = ( strlen( input_D ) > 0 );
1219 const int have_E = ( strlen( input_E ) > 0 );
1220
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1221 mbedtls_rsa_context ctx;
1222
1223 mbedtls_rsa_init( &ctx, 0, 0 );
1224
1225 /* Setup RSA context */
1226
1227 if( have_N )
1228 lenN = unhexify( bufN, input_N );
1229
1230 if( have_P )
1231 lenP = unhexify( bufP, input_P );
1232
1233 if( have_Q )
1234 lenQ = unhexify( bufQ, input_Q );
1235
1236 if( have_D )
1237 lenD = unhexify( bufD, input_D );
1238
1239 if( have_E )
1240 lenE = unhexify( bufE, input_E );
1241
1242 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1243 have_N ? bufN : NULL, lenN,
1244 have_P ? bufP : NULL, lenP,
1245 have_Q ? bufQ : NULL, lenQ,
1246 have_D ? bufD : NULL, lenD,
1247 have_E ? bufE : NULL, lenE ) == 0 );
1248
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1249 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1250
1251 /*
1252 * Export parameters and compare to original ones.
1253 */
1254
1255 /* N and E must always be present. */
1256 if( !successive )
1257 {
1258 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1259 NULL, 0, NULL, 0, NULL, 0,
1260 bufEe, lenE ) == 0 );
1261 }
1262 else
1263 {
1264 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1265 NULL, 0, NULL, 0, NULL, 0,
1266 NULL, 0 ) == 0 );
1267 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1268 NULL, 0, NULL, 0, NULL, 0,
1269 bufEe, lenE ) == 0 );
1270 }
1271 TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
1272 TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
1273
1274 /* If we were providing enough information to setup a complete private context,
1275 * we expect to be able to export all core parameters. */
1276
1277 if( is_priv )
1278 {
1279 if( !successive )
1280 {
1281 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1282 bufPe, lenP ? lenP : sizeof( bufPe ),
1283 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1284 bufDe, lenD ? lenD : sizeof( bufDe ),
1285 NULL, 0 ) == 0 );
1286 }
1287 else
1288 {
1289 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1290 bufPe, lenP ? lenP : sizeof( bufPe ),
1291 NULL, 0, NULL, 0,
1292 NULL, 0 ) == 0 );
1293
1294 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1295 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1296 NULL, 0, NULL, 0 ) == 0 );
1297
1298 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1299 NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
1300 NULL, 0 ) == 0 );
1301 }
1302
1303 if( have_P )
1304 TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
1305
1306 if( have_Q )
1307 TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
1308
1309 if( have_D )
1310 TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
1311
1312 }
1313
1314exit:
1315 mbedtls_rsa_free( &ctx );
1316}
1317/* END_CASE */
1318
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1319/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1320void mbedtls_rsa_import_raw( char *input_N,
1321 char *input_P, char *input_Q,
1322 char *input_D, char *input_E,
1323 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1324 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1325 int res_check,
1326 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1327{
1328 unsigned char bufN[1000];
1329 unsigned char bufP[1000];
1330 unsigned char bufQ[1000];
1331 unsigned char bufD[1000];
1332 unsigned char bufE[1000];
1333
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1334 /* Buffers used for encryption-decryption test */
1335 unsigned char *buf_orig = NULL;
1336 unsigned char *buf_enc = NULL;
1337 unsigned char *buf_dec = NULL;
1338
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1339 size_t lenN = 0;
1340 size_t lenP = 0;
1341 size_t lenQ = 0;
1342 size_t lenD = 0;
1343 size_t lenE = 0;
1344
1345 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1346 mbedtls_entropy_context entropy;
1347 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1348
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1349 const char *pers = "test_suite_rsa";
1350
1351 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1352 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1353 mbedtls_rsa_init( &ctx, 0, 0 );
1354
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1355 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1356 &entropy, (const unsigned char *) pers,
1357 strlen( pers ) ) == 0 );
1358
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1359 if( strlen( input_N ) )
1360 lenN = unhexify( bufN, input_N );
1361
1362 if( strlen( input_P ) )
1363 lenP = unhexify( bufP, input_P );
1364
1365 if( strlen( input_Q ) )
1366 lenQ = unhexify( bufQ, input_Q );
1367
1368 if( strlen( input_D ) )
1369 lenD = unhexify( bufD, input_D );
1370
1371 if( strlen( input_E ) )
1372 lenE = unhexify( bufE, input_E );
1373
1374 if( !successive )
1375 {
1376 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1377 ( lenN > 0 ) ? bufN : NULL, lenN,
1378 ( lenP > 0 ) ? bufP : NULL, lenP,
1379 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1380 ( lenD > 0 ) ? bufD : NULL, lenD,
1381 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1382 }
1383 else
1384 {
1385 /* Import N, P, Q, D, E separately.
1386 * This should make no functional difference. */
1387
1388 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1389 ( lenN > 0 ) ? bufN : NULL, lenN,
1390 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1391
1392 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1393 NULL, 0,
1394 ( lenP > 0 ) ? bufP : NULL, lenP,
1395 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1396
1397 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1398 NULL, 0, NULL, 0,
1399 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1400 NULL, 0, NULL, 0 ) == 0 );
1401
1402 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1403 NULL, 0, NULL, 0, NULL, 0,
1404 ( lenD > 0 ) ? bufD : NULL, lenD,
1405 NULL, 0 ) == 0 );
1406
1407 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1408 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1409 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1410 }
1411
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1412 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1413
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1414 /* On expected success, perform some public and private
1415 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1416 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1417 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1418 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1419 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1420 else
1421 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1422
1423 if( res_check != 0 )
1424 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1425
1426 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1427 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1428 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1429 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1430 goto exit;
1431
1432 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1433 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1434
1435 /* Make sure the number we're generating is smaller than the modulus */
1436 buf_orig[0] = 0x00;
1437
1438 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1439
1440 if( is_priv )
1441 {
1442 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1443 &ctr_drbg, buf_enc,
1444 buf_dec ) == 0 );
1445
1446 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1447 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1448 }
1449 }
1450
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1451exit:
1452
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1453 mbedtls_free( buf_orig );
1454 mbedtls_free( buf_enc );
1455 mbedtls_free( buf_dec );
1456
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1457 mbedtls_rsa_free( &ctx );
1458
1459 mbedtls_ctr_drbg_free( &ctr_drbg );
1460 mbedtls_entropy_free( &entropy );
1461
1462}
1463/* END_CASE */
1464
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1465/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1466void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1467{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1468 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1469}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1470/* END_CASE */