TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a665685abf7ebc0ff83e0667bcf1d15c57cfef1d / . / tests / suites / test_suite_rsa.function
blob: 6b5c0ac05398514c318ca3726d03eae65fb151f0 [file] [log] [blame]
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1BEGIN_HEADER
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]2#include <polarssl/config.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]3#include <polarssl/rsa.h>
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]4#include <polarssl/md2.h>
5#include <polarssl/md4.h>
6#include <polarssl/md5.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]7#include <polarssl/sha1.h>
8#include <polarssl/sha2.h>
9#include <polarssl/sha4.h>
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]10#include <polarssl/havege.h>
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]11
12static int myrand( void *rng_state )
13{
14 if( rng_state != NULL )
15 rng_state = NULL;
16
17 return( rand() );
18}
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame^]19
20static int badrand( void *rng_state )
21{
22 if( rng_state != NULL )
23 rng_state = NULL;
24
25 return( 0 );
26}
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]27END_HEADER
28
29BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]30rsa_pkcs1_sign:message_hex_string:padding_mode:digest:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]31{
32 unsigned char message_str[1000];
33 unsigned char hash_result[1000];
34 unsigned char output[1000];
35 unsigned char output_str[1000];
36 rsa_context ctx;
37 mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]38 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]39
40 mpi_init( &P1, &Q1, &H, &G, NULL );
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]41 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]42
43 memset( message_str, 0x00, 1000 );
44 memset( hash_result, 0x00, 1000 );
45 memset( output, 0x00, 1000 );
46 memset( output_str, 0x00, 1000 );
47
48 ctx.len = {mod} / 8;
49 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
50 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
51 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
52 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
53
54 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
55 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
56 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
57 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
58 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
59 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
60 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
61 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
62
63 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
64
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]65 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]66
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]67 switch( {digest} )
68 {
69#ifdef POLARSSL_MD2_C
70 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]71 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]72 break;
73#endif
74#ifdef POLARSSL_MD4_C
75 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]76 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]77 break;
78#endif
79#ifdef POLARSSL_MD5_C
80 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]81 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]82 break;
83#endif
84#ifdef POLARSSL_SHA1_C
85 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]86 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]87 break;
88#endif
89#ifdef POLARSSL_SHA2_C
90 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]91 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]92 break;
93 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]94 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]95 break;
96#endif
97#ifdef POLARSSL_SHA4_C
98 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]99 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]100 break;
101 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]102 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]103 break;
104#endif
105 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]106
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]107 TEST_ASSERT( rsa_pkcs1_sign( &ctx, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
108 if( {result} == 0 )
109 {
110 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]111
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]112 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
113 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]114}
115END_CASE
116
117BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]118rsa_pkcs1_verify:message_hex_string:padding_mode:digest:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]119{
120 unsigned char message_str[1000];
121 unsigned char hash_result[1000];
122 unsigned char result_str[1000];
123 rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]124 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]125
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]126 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]127 memset( message_str, 0x00, 1000 );
128 memset( hash_result, 0x00, 1000 );
129 memset( result_str, 0x00, 1000 );
130
131 ctx.len = {mod} / 8;
132 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
133 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
134
135 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
136
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]137 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]138 unhexify( result_str, {result_hex_str} );
139
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]140 switch( {digest} )
141 {
142#ifdef POLARSSL_MD2_C
143 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]144 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]145 break;
146#endif
147#ifdef POLARSSL_MD4_C
148 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]149 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]150 break;
151#endif
152#ifdef POLARSSL_MD5_C
153 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]154 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]155 break;
156#endif
157#ifdef POLARSSL_SHA1_C
158 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]159 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]160 break;
161#endif
162#ifdef POLARSSL_SHA2_C
163 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]164 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]165 break;
166 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]167 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]168 break;
169#endif
170#ifdef POLARSSL_SHA4_C
171 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]172 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]173 break;
174 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]175 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000[diff] [blame]176 break;
177#endif
178 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]179
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]180 TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]181}
182END_CASE
183
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]184
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]185BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]186rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]187{
188 unsigned char message_str[1000];
189 unsigned char hash_result[1000];
190 unsigned char output[1000];
191 unsigned char output_str[1000];
192 rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]193 mpi P1, Q1, H, G;
194 int msg_len, hash_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]195
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]196 mpi_init( &P1, &Q1, &H, &G, NULL );
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]197 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]198
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]199 memset( message_str, 0x00, 1000 );
200 memset( hash_result, 0x00, 1000 );
201 memset( output, 0x00, 1000 );
202 memset( output_str, 0x00, 1000 );
203
204 ctx.len = {mod} / 8;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
206 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
207 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
208 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
209
210 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
211 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
212 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
213 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
214 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
215 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
216 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
217 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
218
219 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
220
221 msg_len = unhexify( message_str, {message_hex_string} );
222 hash_len = unhexify( hash_result, {hash_result_string} );
223
Paul Bakkerfc22c442009-07-19 20:36:27 +0000[diff] [blame]224 TEST_ASSERT( rsa_pkcs1_sign( &ctx, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]225
226 hexify( output_str, output, ctx.len );
227
228 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
229}
230END_CASE
231
232BEGIN_CASE
233rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:correct
234{
235 unsigned char message_str[1000];
236 unsigned char hash_result[1000];
237 unsigned char result_str[1000];
238 rsa_context ctx;
239 int msg_len, hash_len;
240
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]241 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]242 memset( message_str, 0x00, 1000 );
243 memset( hash_result, 0x00, 1000 );
244 memset( result_str, 0x00, 1000 );
245
246 ctx.len = {mod} / 8;
247 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
248 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
249
250 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
251
252 msg_len = unhexify( message_str, {message_hex_string} );
253 hash_len = unhexify( hash_result, {hash_result_string} );
254 unhexify( result_str, {result_hex_str} );
255
Paul Bakkerfc22c442009-07-19 20:36:27 +0000[diff] [blame]256 TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]257}
258END_CASE
259
260BEGIN_CASE
261rsa_pkcs1_encrypt:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
262{
263 unsigned char message_str[1000];
264 unsigned char output[1000];
265 unsigned char output_str[1000];
266 rsa_context ctx;
267 int msg_len;
268
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]269 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]270 memset( message_str, 0x00, 1000 );
271 memset( output, 0x00, 1000 );
272 memset( output_str, 0x00, 1000 );
273
274 ctx.len = {mod} / 8;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]275 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
276 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
277
278 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
279
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]280 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]281
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]282 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
283 if( {result} == 0 )
284 {
285 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]286
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]287 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
288 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]289}
290END_CASE
291
292BEGIN_CASE
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame^]293rsa_pkcs1_encrypt_bad_rng:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
294{
295 unsigned char message_str[1000];
296 unsigned char output[1000];
297 unsigned char output_str[1000];
298 rsa_context ctx;
299 int msg_len;
300 int res;
301
302 rsa_init( &ctx, {padding_mode}, 0, &badrand, NULL );
303 memset( message_str, 0x00, 1000 );
304 memset( output, 0x00, 1000 );
305 memset( output_str, 0x00, 1000 );
306
307 ctx.len = {mod} / 8;
308 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
309 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
310
311 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
312
313 msg_len = unhexify( message_str, {message_hex_string} );
314
315 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
316 if( {result} == 0 )
317 {
318 hexify( output_str, output, ctx.len );
319
320 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
321 }
322}
323END_CASE
324
325BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]326rsa_pkcs1_decrypt:message_hex_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:max_output:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]327{
328 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]329 unsigned char output[1000];
330 unsigned char output_str[1000];
331 rsa_context ctx;
332 mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]333 int output_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]334
335 mpi_init( &P1, &Q1, &H, &G, NULL );
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]336 rsa_init( &ctx, {padding_mode}, 0, &myrand, NULL );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]337
338 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]339 memset( output, 0x00, 1000 );
340 memset( output_str, 0x00, 1000 );
341
342 ctx.len = {mod} / 8;
343 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
344 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
345 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
346 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
347
348 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
349 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
350 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
351 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
352 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
353 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
354 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
355 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
356
357 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
358
359 unhexify( message_str, {message_hex_string} );
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]360 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]361
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]362 TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
363 if( {result} == 0 )
364 {
365 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]366
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]367 TEST_ASSERT( strncasecmp( (char *) output_str, {result_hex_str}, strlen( {result_hex_str} ) ) == 0 );
368 }
369}
370END_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]371
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]372BEGIN_CASE
373rsa_public:message_hex_string:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
374{
375 unsigned char message_str[1000];
376 unsigned char output[1000];
377 unsigned char output_str[1000];
378 rsa_context ctx;
379
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]380 rsa_init( &ctx, RSA_PKCS_V15, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]381 memset( message_str, 0x00, 1000 );
382 memset( output, 0x00, 1000 );
383 memset( output_str, 0x00, 1000 );
384
385 ctx.len = {mod} / 8;
386 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
387 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
388
389 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
390
391 unhexify( message_str, {message_hex_string} );
392
393 TEST_ASSERT( rsa_public( &ctx, message_str, output ) == {result} );
394 if( {result} == 0 )
395 {
396 hexify( output_str, output, ctx.len );
397
398 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
399 }
400}
401END_CASE
402
403BEGIN_CASE
404rsa_private:message_hex_string:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
405{
406 unsigned char message_str[1000];
407 unsigned char output[1000];
408 unsigned char output_str[1000];
409 rsa_context ctx;
410 mpi P1, Q1, H, G;
411
412 mpi_init( &P1, &Q1, &H, &G, NULL );
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]413 rsa_init( &ctx, RSA_PKCS_V15, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]414
415 memset( message_str, 0x00, 1000 );
416 memset( output, 0x00, 1000 );
417 memset( output_str, 0x00, 1000 );
418
419 ctx.len = {mod} / 8;
420 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
421 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
422 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
423 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
424
425 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
426 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
427 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
428 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
429 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
430 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
431 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
432 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
433
434 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
435
436 unhexify( message_str, {message_hex_string} );
437
438 TEST_ASSERT( rsa_private( &ctx, message_str, output ) == {result} );
439 if( {result} == 0 )
440 {
441 hexify( output_str, output, ctx.len );
442
443 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
444 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]445}
446END_CASE
447
448BEGIN_CASE
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]449rsa_check_privkey_null:
450{
451 rsa_context ctx;
452 memset( &ctx, 0x00, sizeof( rsa_context ) );
453
454 TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
455}
456END_CASE
457
458BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]459rsa_check_pubkey:radix_N:input_N:radix_E:input_E:result
460{
461 rsa_context ctx;
462
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]463 rsa_init( &ctx, RSA_PKCS_V15, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]464
465 if( strlen( {input_N} ) )
466 {
467 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
468 }
469 if( strlen( {input_E} ) )
470 {
471 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
472 }
473
474 TEST_ASSERT( rsa_check_pubkey( &ctx ) == {result} );
475}
476END_CASE
477
478BEGIN_CASE
479rsa_check_privkey:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:radix_D:input_D:result
480{
481 rsa_context ctx;
482
Paul Bakker545570e2010-07-18 09:00:25 +0000[diff] [blame]483 rsa_init( &ctx, RSA_PKCS_V15, 0, &myrand, NULL );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]484
485 ctx.len = {mod} / 8;
486 if( strlen( {input_P} ) )
487 {
488 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
489 }
490 if( strlen( {input_Q} ) )
491 {
492 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
493 }
494 if( strlen( {input_N} ) )
495 {
496 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
497 }
498 if( strlen( {input_E} ) )
499 {
500 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
501 }
502 if( strlen( {input_D} ) )
503 {
504 TEST_ASSERT( mpi_read_string( &ctx.D, {radix_D}, {input_D} ) == 0 );
505 }
506
507 TEST_ASSERT( rsa_check_privkey( &ctx ) == {result} );
508}
509END_CASE
510
511BEGIN_CASE
512rsa_gen_key:nrbits:exponent:result
513{
514 rsa_context ctx;
515 havege_state hs;
516
517 havege_init( &hs );
518 rsa_init( &ctx, 0, 0, havege_rand, &hs );
519
520 TEST_ASSERT( rsa_gen_key( &ctx, {nrbits}, {exponent} ) == {result} );
521 if( {result} == 0 )
522 {
523 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
524 }
525}
526END_CASE
527
528BEGIN_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]529rsa_selftest:
530{
531 TEST_ASSERT( rsa_self_test( 0 ) == 0 );
532}
533END_CASE