TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ea7631be1c797f8b6363c44535aba7df0c348795 / . / tests / suites / test_suite_rsa.function
blob: e057dfb19bac428fbe9bc076989b1c11858e0a2a [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Chris Jones66a4cd42021-03-09 16:04:12 +0000[diff] [blame]3#include "rsa_alt_helpers.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame^]21void rsa_invalid_param( )
22{
23 mbedtls_rsa_context ctx;
24 const int invalid_padding = 42;
25 const int invalid_hash_id = 0xff;
26
27 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
28
29 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
30 invalid_padding,
31 MBEDTLS_MD_NONE ),
32 MBEDTLS_ERR_RSA_INVALID_PADDING );
33
34 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
35 MBEDTLS_RSA_PKCS_V21,
36 invalid_hash_id ),
37 MBEDTLS_ERR_RSA_INVALID_PADDING );
38
39exit:
40 mbedtls_rsa_free( &ctx );
41}
42/* END_CASE */
43
44/* BEGIN_CASE */
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]45void rsa_init_free( int reinit )
46{
47 mbedtls_rsa_context ctx;
48
49 /* Double free is not explicitly documented to work, but we rely on it
50 * even inside the library so that you can call mbedtls_rsa_free()
51 * unconditionally on an error path without checking whether it has
52 * already been called in the success path. */
53
54 mbedtls_rsa_init( &ctx, 0, 0 );
55 mbedtls_rsa_free( &ctx );
56
57 if( reinit )
58 mbedtls_rsa_init( &ctx, 0, 0 );
59 mbedtls_rsa_free( &ctx );
60
61 /* This test case always succeeds, functionally speaking. A plausible
62 * bug might trigger an invalid pointer dereference or a memory leak. */
63 goto exit;
64}
65/* END_CASE */
66
67/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]68void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]69 int digest, int mod, int radix_P, char * input_P,
70 int radix_Q, char * input_Q, int radix_N,
71 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]72 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]73{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]74 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
75 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]77 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]78 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]79
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]80 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
81 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]82 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]83
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]84 memset( hash_result, 0x00, sizeof( hash_result ) );
85 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]86 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]87
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]88 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
89 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
90 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
91 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]92
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]93 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
94 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]95 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]96 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]97
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]98
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]100 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]101
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]102 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]103 &rnd_info, digest, 0, hash_result,
104 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]105 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]106 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]107
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]108 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
109 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]110 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]111
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]112exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]113 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
114 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]115 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]116}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]117/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]118
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]119/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]120void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]121 int digest, int mod, int radix_N,
122 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]123 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]124{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]125 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]126 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]127
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]128 mbedtls_mpi N, E;
129
130 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]131 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]132 memset( hash_result, 0x00, sizeof( hash_result ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]133
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]134 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
135 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
136 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
137 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]138 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]139
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]140
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]141 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]142 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]143
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]144 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]145
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]146exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]147 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]148 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]149}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]150/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]151
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]152
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]153/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]154void rsa_pkcs1_sign_raw( data_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]155 int padding_mode, int mod, int radix_P,
156 char * input_P, int radix_Q, char * input_Q,
157 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]158 char * input_E, data_t * result_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]159{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]160 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]161 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]162 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]163 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]164
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]165 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]166 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
167 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]168
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]169 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]170 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]171
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]172 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
173 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
174 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
175 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]176
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]177 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
178 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]179 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]180 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]181
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]182
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]183 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]184 &rnd_info, MBEDTLS_MD_NONE,
185 hash_result->len,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]186 hash_result->x, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]187
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]188
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]189 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
190 ctx.len, result_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]191
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]192exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]193 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
194 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]198/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]199
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]200/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]201void rsa_pkcs1_verify_raw( data_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]202 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]203 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]204 data_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]206 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]207 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]208
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]209 mbedtls_mpi N, E;
210 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
211
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]212 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]213 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]214
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]215 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
216 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]217
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]218 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
219 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]220 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]221
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]222
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]223 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]224
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]225exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]226 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]228}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]229/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]230
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]231/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]232void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]233 int mod, int radix_N, char * input_N,
234 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]235 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]236{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]237 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]238 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]239 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]240
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]241 mbedtls_mpi N, E;
242 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
243
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]244 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]245
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]247 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]248
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]249 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
250 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]251
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]252 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
253 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]254 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]255
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]256
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]257 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
258 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]259 &rnd_info, message_str->len,
260 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]261 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]262 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]263 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]264
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]265 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
266 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]267 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]268
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]269exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]270 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]271 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]272}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]273/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]274
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]275/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]276void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]277 int mod, int radix_N, char * input_N,
278 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]279 data_t * result_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]280{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]281 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]283
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]284 mbedtls_mpi N, E;
285
286 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]287 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]288 memset( output, 0x00, sizeof( output ) );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]289
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]290 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
291 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]292
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]293 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
294 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]296
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]297
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]298 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]299 NULL, message_str->len,
300 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]301 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]302 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]303 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]304
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]305 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
306 ctx.len, result_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]307 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]308
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]309exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]310 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]311 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]312}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]313/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]314
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]315/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]316void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]317 int mod, int radix_P, char * input_P,
318 int radix_Q, char * input_Q, int radix_N,
319 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]320 int max_output, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]321 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]322{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]323 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]324 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]325 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]326 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]327 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]328
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]329 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
330 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
331
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]332 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]333
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]334 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]335 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]336
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]337
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]338 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
339 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
340 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
341 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]342
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]343 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
344 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]345 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]348 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]349
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]350 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]351 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]352 &output_len, message_str->x, output,
353 max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]354 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]355 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]356
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]357 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]358 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]359 result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]360 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]361
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]362exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]363 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
364 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]365 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]366}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]367/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]368
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]369/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]370void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]371 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]372 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]373{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]374 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]375 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]376
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]377 mbedtls_mpi N, E;
378
379 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]380 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
381 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]382 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]383
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]384 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
385 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]386
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]387 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
388 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]389 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]390
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]391
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]392 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]393 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]394 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]395
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]396 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
397 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]398 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]399
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]400 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]401 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]402 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]404
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]405 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]406
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]407 memset( output, 0x00, sizeof( output ) );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]408 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]409 if( result == 0 )
410 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]411
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]412 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
413 ctx.len, result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]414 }
415
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]416exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]417 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]418 mbedtls_rsa_free( &ctx );
419 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]420}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]421/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]422
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]423/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]424void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]425 char * input_P, int radix_Q, char * input_Q,
426 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]427 char * input_E, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]428 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]429{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]430 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]432 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]433 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]434 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]435
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]436 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
437 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]438 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
439 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]440
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]441 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]442
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]443 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
444 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
445 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
446 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]447
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]448 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
449 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]450 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]451 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]452
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]453
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]454 /* repeat three times to test updating of blinding values */
455 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]456 {
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]457 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]458 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
459 &rnd_info, message_str->x,
460 output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]461 if( result == 0 )
462 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]463
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]464 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]465 ctx.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]466 result_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]467 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]468 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]469
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]470 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]471 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]472 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]473 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]474
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]476
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]477 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]478 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
479 &rnd_info, message_str->x,
480 output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]481 if( result == 0 )
482 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]483
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]484 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]485 ctx2.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]486 result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]487 }
488
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]489exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]490 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
491 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
492
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]494}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]495/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]496
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]497/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]498void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]499{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]500 mbedtls_rsa_context ctx;
501 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]502
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]503 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]504}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]505/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]506
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]507/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]508void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
509 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]510{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]511 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]512 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]513
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]514 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]515 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]516
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]517 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]518 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]519 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]520 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]521 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]522 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]523 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]524 }
525
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]526 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]528
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]529exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]530 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]532}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]533/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]534
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]535/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]536void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
537 int radix_Q, char * input_Q, int radix_N,
538 char * input_N, int radix_E, char * input_E,
539 int radix_D, char * input_D, int radix_DP,
540 char * input_DP, int radix_DQ,
541 char * input_DQ, int radix_QP,
542 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]543{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]545
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]547
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]548 ctx.len = mod / 8;
549 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]550 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]552 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]553 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]554 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]556 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]557 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]558 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]559 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]560 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]561 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]562 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]564 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]565 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]566 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]567 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]568 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]569#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]570 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]571 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]572 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]573 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]574 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]575 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]576 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]577 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]578 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]579 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]580 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]581 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]582#else
583 ((void) radix_DP); ((void) input_DP);
584 ((void) radix_DQ); ((void) input_DQ);
585 ((void) radix_QP); ((void) input_QP);
586#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]587
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]588 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]589
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]590exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]591 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]592}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]593/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]594
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]595/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]596void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
597 int radix_Epub, char * input_Epub, int radix_P,
598 char * input_P, int radix_Q, char * input_Q,
599 int radix_N, char * input_N, int radix_E,
600 char * input_E, int radix_D, char * input_D,
601 int radix_DP, char * input_DP, int radix_DQ,
602 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]603 int result )
604{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]605 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]606
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
608 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]609
610 pub.len = mod / 8;
611 prv.len = mod / 8;
612
613 if( strlen( input_Npub ) )
614 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]615 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]616 }
617 if( strlen( input_Epub ) )
618 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]620 }
621
622 if( strlen( input_P ) )
623 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]624 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]625 }
626 if( strlen( input_Q ) )
627 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]628 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]629 }
630 if( strlen( input_N ) )
631 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]632 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]633 }
634 if( strlen( input_E ) )
635 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]636 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]637 }
638 if( strlen( input_D ) )
639 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]640 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]641 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]642#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]643 if( strlen( input_DP ) )
644 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]645 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]646 }
647 if( strlen( input_DQ ) )
648 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]649 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]650 }
651 if( strlen( input_QP ) )
652 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]653 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]654 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]655#else
656 ((void) radix_DP); ((void) input_DP);
657 ((void) radix_DQ); ((void) input_DQ);
658 ((void) radix_QP); ((void) input_QP);
659#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]660
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]661 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]662
663exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664 mbedtls_rsa_free( &pub );
665 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]666}
667/* END_CASE */
668
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]669/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]670void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]671{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]672 mbedtls_rsa_context ctx;
673 mbedtls_entropy_context entropy;
674 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]675 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]676
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]677 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]679 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]680
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]681 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
682 &entropy, (const unsigned char *) pers,
683 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]684
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]685 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]686 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]687 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]688 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]689 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]690 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]691
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]692exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]693 mbedtls_rsa_free( &ctx );
694 mbedtls_ctr_drbg_free( &ctr_drbg );
695 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]696}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]697/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]698
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]699/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]700void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]701 int radix_D, char *input_D,
702 int radix_E, char *input_E,
703 int radix_P, char *output_P,
704 int radix_Q, char *output_Q,
705 int corrupt, int result )
706{
707 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
708
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]709 mbedtls_mpi_init( &N );
710 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
711 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
712 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
713
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]714 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
715 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
716 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
717 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
718 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
719
720 if( corrupt )
721 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
722
723 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]724 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]725
726 if( !corrupt )
727 {
728 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
729 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
730 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
731 }
732
733exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]734 mbedtls_mpi_free( &N );
735 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
736 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
737 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]738}
739/* END_CASE */
740
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]741/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]742void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
743 int radix_Q, char *input_Q,
744 int radix_E, char *input_E,
745 int radix_D, char *output_D,
746 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]747{
748 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
749
750 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
751 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
752 mbedtls_mpi_init( &E );
753 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
754
755 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
756 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
757 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
758 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
759
760 if( corrupt )
761 {
762 /* Make E even */
763 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
764 }
765
766 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]767 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
768 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]769
770 if( !corrupt )
771 {
772 /*
773 * Check that D and Dp agree modulo LCM(P-1, Q-1).
774 */
775
776 /* Replace P,Q by P-1, Q-1 */
777 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
778 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
779
780 /* Check D == Dp modulo P-1 */
781 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
782 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
783 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
784
785 /* Check D == Dp modulo Q-1 */
786 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
787 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
788 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
789 }
790
791exit:
792
793 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
794 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
795 mbedtls_mpi_free( &E );
796 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
797}
798/* END_CASE */
799
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]800/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]801void mbedtls_rsa_import( int radix_N, char *input_N,
802 int radix_P, char *input_P,
803 int radix_Q, char *input_Q,
804 int radix_D, char *input_D,
805 int radix_E, char *input_E,
806 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]807 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]808 int res_check,
809 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]810{
811 mbedtls_mpi N, P, Q, D, E;
812 mbedtls_rsa_context ctx;
813
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]814 /* Buffers used for encryption-decryption test */
815 unsigned char *buf_orig = NULL;
816 unsigned char *buf_enc = NULL;
817 unsigned char *buf_dec = NULL;
818
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]819 mbedtls_entropy_context entropy;
820 mbedtls_ctr_drbg_context ctr_drbg;
821 const char *pers = "test_suite_rsa";
822
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]823 const int have_N = ( strlen( input_N ) > 0 );
824 const int have_P = ( strlen( input_P ) > 0 );
825 const int have_Q = ( strlen( input_Q ) > 0 );
826 const int have_D = ( strlen( input_D ) > 0 );
827 const int have_E = ( strlen( input_E ) > 0 );
828
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]829 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]830 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]831 mbedtls_rsa_init( &ctx, 0, 0 );
832
833 mbedtls_mpi_init( &N );
834 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
835 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
836
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]837 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
838 (const unsigned char *) pers, strlen( pers ) ) == 0 );
839
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]840 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]841 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
842
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]843 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]844 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
845
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]846 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]847 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
848
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]849 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]850 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
851
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]852 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]853 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
854
855 if( !successive )
856 {
857 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]858 have_N ? &N : NULL,
859 have_P ? &P : NULL,
860 have_Q ? &Q : NULL,
861 have_D ? &D : NULL,
862 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]863 }
864 else
865 {
866 /* Import N, P, Q, D, E separately.
867 * This should make no functional difference. */
868
869 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]870 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]871 NULL, NULL, NULL, NULL ) == 0 );
872
873 TEST_ASSERT( mbedtls_rsa_import( &ctx,
874 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]875 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]876 NULL, NULL, NULL ) == 0 );
877
878 TEST_ASSERT( mbedtls_rsa_import( &ctx,
879 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]880 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]881 NULL, NULL ) == 0 );
882
883 TEST_ASSERT( mbedtls_rsa_import( &ctx,
884 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]885 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]886 NULL ) == 0 );
887
888 TEST_ASSERT( mbedtls_rsa_import( &ctx,
889 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]890 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]891 }
892
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]893 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]894
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]895 /* On expected success, perform some public and private
896 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]897 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]898 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]899 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]900 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
901 else
902 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
903
904 if( res_check != 0 )
905 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]906
907 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
908 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
909 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
910 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
911 goto exit;
912
913 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
914 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
915
916 /* Make sure the number we're generating is smaller than the modulus */
917 buf_orig[0] = 0x00;
918
919 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
920
921 if( is_priv )
922 {
923 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
924 &ctr_drbg, buf_enc,
925 buf_dec ) == 0 );
926
927 TEST_ASSERT( memcmp( buf_orig, buf_dec,
928 mbedtls_rsa_get_len( &ctx ) ) == 0 );
929 }
930 }
931
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]932exit:
933
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]934 mbedtls_free( buf_orig );
935 mbedtls_free( buf_enc );
936 mbedtls_free( buf_dec );
937
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]938 mbedtls_rsa_free( &ctx );
939
940 mbedtls_ctr_drbg_free( &ctr_drbg );
941 mbedtls_entropy_free( &entropy );
942
943 mbedtls_mpi_free( &N );
944 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
945 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
946}
947/* END_CASE */
948
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]949/* BEGIN_CASE */
950void mbedtls_rsa_export( int radix_N, char *input_N,
951 int radix_P, char *input_P,
952 int radix_Q, char *input_Q,
953 int radix_D, char *input_D,
954 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]955 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]956 int successive )
957{
958 /* Original MPI's with which we set up the RSA context */
959 mbedtls_mpi N, P, Q, D, E;
960
961 /* Exported MPI's */
962 mbedtls_mpi Ne, Pe, Qe, De, Ee;
963
964 const int have_N = ( strlen( input_N ) > 0 );
965 const int have_P = ( strlen( input_P ) > 0 );
966 const int have_Q = ( strlen( input_Q ) > 0 );
967 const int have_D = ( strlen( input_D ) > 0 );
968 const int have_E = ( strlen( input_E ) > 0 );
969
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]970 mbedtls_rsa_context ctx;
971
972 mbedtls_rsa_init( &ctx, 0, 0 );
973
974 mbedtls_mpi_init( &N );
975 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
976 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
977
978 mbedtls_mpi_init( &Ne );
979 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
980 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
981
982 /* Setup RSA context */
983
984 if( have_N )
985 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
986
987 if( have_P )
988 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
989
990 if( have_Q )
991 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
992
993 if( have_D )
994 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
995
996 if( have_E )
997 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
998
999 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1000 strlen( input_N ) ? &N : NULL,
1001 strlen( input_P ) ? &P : NULL,
1002 strlen( input_Q ) ? &Q : NULL,
1003 strlen( input_D ) ? &D : NULL,
1004 strlen( input_E ) ? &E : NULL ) == 0 );
1005
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1006 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1007
1008 /*
1009 * Export parameters and compare to original ones.
1010 */
1011
1012 /* N and E must always be present. */
1013 if( !successive )
1014 {
1015 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1016 }
1017 else
1018 {
1019 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1020 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1021 }
1022 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1023 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1024
1025 /* If we were providing enough information to setup a complete private context,
1026 * we expect to be able to export all core parameters. */
1027
1028 if( is_priv )
1029 {
1030 if( !successive )
1031 {
1032 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1033 &De, NULL ) == 0 );
1034 }
1035 else
1036 {
1037 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1038 NULL, NULL ) == 0 );
1039 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1040 NULL, NULL ) == 0 );
1041 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1042 &De, NULL ) == 0 );
1043 }
1044
1045 if( have_P )
1046 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1047
1048 if( have_Q )
1049 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1050
1051 if( have_D )
1052 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1053
1054 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1055 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1056 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1057 }
1058
1059exit:
1060
1061 mbedtls_rsa_free( &ctx );
1062
1063 mbedtls_mpi_free( &N );
1064 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1065 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1066
1067 mbedtls_mpi_free( &Ne );
1068 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1069 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1070}
1071/* END_CASE */
1072
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1073/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1074void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1075 int radix_P, char *input_P,
1076 int radix_Q, char *input_Q,
1077 int radix_D, char *input_D,
1078 int radix_E, char *input_E,
1079 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1080{
1081 /* Original MPI's with which we set up the RSA context */
1082 mbedtls_mpi N, P, Q, D, E;
1083
1084 const int have_N = ( strlen( input_N ) > 0 );
1085 const int have_P = ( strlen( input_P ) > 0 );
1086 const int have_Q = ( strlen( input_Q ) > 0 );
1087 const int have_D = ( strlen( input_D ) > 0 );
1088 const int have_E = ( strlen( input_E ) > 0 );
1089
1090 mbedtls_entropy_context entropy;
1091 mbedtls_ctr_drbg_context ctr_drbg;
1092 const char *pers = "test_suite_rsa";
1093
1094 mbedtls_mpi_init( &N );
1095 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1096 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1097
1098 mbedtls_ctr_drbg_init( &ctr_drbg );
1099 mbedtls_entropy_init( &entropy );
1100 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1101 &entropy, (const unsigned char *) pers,
1102 strlen( pers ) ) == 0 );
1103
1104 if( have_N )
1105 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1106
1107 if( have_P )
1108 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1109
1110 if( have_Q )
1111 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1112
1113 if( have_D )
1114 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1115
1116 if( have_E )
1117 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1118
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1119 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1120 have_P ? &P : NULL,
1121 have_Q ? &Q : NULL,
1122 have_D ? &D : NULL,
1123 have_E ? &E : NULL,
1124 prng ? mbedtls_ctr_drbg_random : NULL,
1125 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1126exit:
1127
1128 mbedtls_ctr_drbg_free( &ctr_drbg );
1129 mbedtls_entropy_free( &entropy );
1130
1131 mbedtls_mpi_free( &N );
1132 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1133 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1134}
1135/* END_CASE */
1136
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1137/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1138void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1139 data_t *input_Q, data_t *input_D,
1140 data_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1141 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1142{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1143 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1144 unsigned char bufNe[256];
1145 unsigned char bufPe[128];
1146 unsigned char bufQe[128];
1147 unsigned char bufDe[256];
1148 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1149
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1150 mbedtls_rsa_context ctx;
1151
1152 mbedtls_rsa_init( &ctx, 0, 0 );
1153
1154 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1155 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1156 input_N->len ? input_N->x : NULL, input_N->len,
1157 input_P->len ? input_P->x : NULL, input_P->len,
1158 input_Q->len ? input_Q->x : NULL, input_Q->len,
1159 input_D->len ? input_D->x : NULL, input_D->len,
1160 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1161
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1162 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1163
1164 /*
1165 * Export parameters and compare to original ones.
1166 */
1167
1168 /* N and E must always be present. */
1169 if( !successive )
1170 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1171 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1172 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1173 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1174 }
1175 else
1176 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1177 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1178 NULL, 0, NULL, 0, NULL, 0,
1179 NULL, 0 ) == 0 );
1180 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1181 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1182 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1183 }
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1184 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1185 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1186
1187 /* If we were providing enough information to setup a complete private context,
1188 * we expect to be able to export all core parameters. */
1189
1190 if( is_priv )
1191 {
1192 if( !successive )
1193 {
1194 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1195 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1196 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1197 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1198 NULL, 0 ) == 0 );
1199 }
1200 else
1201 {
1202 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1203 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1204 NULL, 0, NULL, 0,
1205 NULL, 0 ) == 0 );
1206
1207 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1208 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1209 NULL, 0, NULL, 0 ) == 0 );
1210
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1211 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1212 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1213 NULL, 0 ) == 0 );
1214 }
1215
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1216 if( input_P->len )
1217 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1218
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1219 if( input_Q->len )
1220 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1221
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1222 if( input_D->len )
1223 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1224
1225 }
1226
1227exit:
1228 mbedtls_rsa_free( &ctx );
1229}
1230/* END_CASE */
1231
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1232/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1233void mbedtls_rsa_import_raw( data_t *input_N,
1234 data_t *input_P, data_t *input_Q,
1235 data_t *input_D, data_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1236 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1237 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1238 int res_check,
1239 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1240{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1241 /* Buffers used for encryption-decryption test */
1242 unsigned char *buf_orig = NULL;
1243 unsigned char *buf_enc = NULL;
1244 unsigned char *buf_dec = NULL;
1245
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1246 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1247 mbedtls_entropy_context entropy;
1248 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1249
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1250 const char *pers = "test_suite_rsa";
1251
1252 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1253 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1254 mbedtls_rsa_init( &ctx, 0, 0 );
1255
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1256 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1257 &entropy, (const unsigned char *) pers,
1258 strlen( pers ) ) == 0 );
1259
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1260 if( !successive )
1261 {
1262 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1263 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1264 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1265 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1266 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1267 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1268 }
1269 else
1270 {
1271 /* Import N, P, Q, D, E separately.
1272 * This should make no functional difference. */
1273
1274 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1275 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1276 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1277
1278 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1279 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1280 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1281 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1282
1283 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1284 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1285 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1286 NULL, 0, NULL, 0 ) == 0 );
1287
1288 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1289 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1290 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1291 NULL, 0 ) == 0 );
1292
1293 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1294 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1295 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1296 }
1297
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1298 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1299
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1300 /* On expected success, perform some public and private
1301 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1302 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1303 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1304 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1305 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1306 else
1307 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1308
1309 if( res_check != 0 )
1310 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1311
1312 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1313 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1314 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1315 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1316 goto exit;
1317
1318 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1319 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1320
1321 /* Make sure the number we're generating is smaller than the modulus */
1322 buf_orig[0] = 0x00;
1323
1324 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1325
1326 if( is_priv )
1327 {
1328 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1329 &ctr_drbg, buf_enc,
1330 buf_dec ) == 0 );
1331
1332 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1333 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1334 }
1335 }
1336
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1337exit:
1338
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1339 mbedtls_free( buf_orig );
1340 mbedtls_free( buf_enc );
1341 mbedtls_free( buf_dec );
1342
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1343 mbedtls_rsa_free( &ctx );
1344
1345 mbedtls_ctr_drbg_free( &ctr_drbg );
1346 mbedtls_entropy_free( &entropy );
1347
1348}
1349/* END_CASE */
1350
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1351/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1352void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1353{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1354 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1355}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1356/* END_CASE */