blob: e3952d8f3099b074e26e20982843d278df9c5933 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/rsa.h"
3#include "mbedtls/md2.h"
4#include "mbedtls/md4.h"
5#include "mbedtls/md5.h"
6#include "mbedtls/sha1.h"
7#include "mbedtls/sha256.h"
8#include "mbedtls/sha512.h"
9#include "mbedtls/entropy.h"
10#include "mbedtls/ctr_drbg.h"
Paul Bakker33b43f12013-08-20 11:48:36 +020011/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +000012
Paul Bakker33b43f12013-08-20 11:48:36 +020013/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020014 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +020015 * END_DEPENDENCIES
16 */
Paul Bakker5690efc2011-05-26 13:16:06 +000017
Paul Bakker33b43f12013-08-20 11:48:36 +020018/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020019void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020020 int mod, int radix_P, char *input_P, int radix_Q,
21 char *input_Q, int radix_N, char *input_N, int radix_E,
22 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000023{
24 unsigned char message_str[1000];
25 unsigned char hash_result[1000];
26 unsigned char output[1000];
27 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020028 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010029 mbedtls_mpi N, P, Q, E;
Paul Bakker69998dd2009-07-11 19:15:20 +000030 int msg_len;
Paul Bakker548957d2013-08-30 10:30:02 +020031 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +000032
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010033 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
34 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020035 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000036
37 memset( message_str, 0x00, 1000 );
38 memset( hash_result, 0x00, 1000 );
39 memset( output, 0x00, 1000 );
40 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +020041 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +000042
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010043 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
44 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
45 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000047
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010048 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
49 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
50 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020051 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000052
Paul Bakker33b43f12013-08-20 11:48:36 +020053 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +000054
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020055 if( mbedtls_md_info_from_type( digest ) != NULL )
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010056 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
57 message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000058
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010059 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
60 MBEDTLS_RSA_PRIVATE, digest, 0,
61 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +020062 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +000063 {
64 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +000065
Paul Bakker33b43f12013-08-20 11:48:36 +020066 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +000067 }
Paul Bakker6c591fa2011-05-05 11:49:20 +000068
Paul Bakkerbd51b262014-07-10 15:26:12 +020069exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010070 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
71 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020072 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +000073}
Paul Bakker33b43f12013-08-20 11:48:36 +020074/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +000075
Paul Bakker33b43f12013-08-20 11:48:36 +020076/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020077void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020078 int mod, int radix_N, char *input_N, int radix_E,
79 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000080{
81 unsigned char message_str[1000];
82 unsigned char hash_result[1000];
83 unsigned char result_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020084 mbedtls_rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +000085 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +000086
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010087 mbedtls_mpi N, E;
88
89 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020090 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000091 memset( message_str, 0x00, 1000 );
92 memset( hash_result, 0x00, 1000 );
93 memset( result_str, 0x00, 1000 );
94
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010095 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
96 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
97 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
98 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020099 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000100
Paul Bakker33b43f12013-08-20 11:48:36 +0200101 msg_len = unhexify( message_str, message_hex_string );
102 unhexify( result_str, result_hex_str );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000103
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200104 if( mbedtls_md_info_from_type( digest ) != NULL )
105 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000106
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200107 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100108
Paul Bakkerbd51b262014-07-10 15:26:12 +0200109exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100110 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200111 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000112}
Paul Bakker33b43f12013-08-20 11:48:36 +0200113/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000114
Paul Bakker821fb082009-07-12 13:26:42 +0000115
Paul Bakker33b43f12013-08-20 11:48:36 +0200116/* BEGIN_CASE */
117void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
118 int padding_mode, int mod, int radix_P, char *input_P,
119 int radix_Q, char *input_Q, int radix_N,
120 char *input_N, int radix_E, char *input_E,
121 char *result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000122{
123 unsigned char message_str[1000];
124 unsigned char hash_result[1000];
125 unsigned char output[1000];
126 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200127 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100128 mbedtls_mpi N, P, Q, E;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000129 int hash_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200130 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000131
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200132 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100133 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
134 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000135
Paul Bakker42a29bf2009-07-07 20:18:41 +0000136 memset( message_str, 0x00, 1000 );
137 memset( hash_result, 0x00, 1000 );
138 memset( output, 0x00, 1000 );
139 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200140 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000141
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100142 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
143 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
144 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
145 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000146
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100147 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
148 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
149 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200150 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000151
Paul Bakker33b43f12013-08-20 11:48:36 +0200152 unhexify( message_str, message_hex_string );
153 hash_len = unhexify( hash_result, hash_result_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000154
Hanno Becker8fd55482017-08-23 14:07:48 +0100155 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
156 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
157 hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000158
159 hexify( output_str, output, ctx.len );
160
Paul Bakker33b43f12013-08-20 11:48:36 +0200161 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000162
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100163 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200164 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100165 {
166 memset( output, 0x00, 1000 );
167 memset( output_str, 0x00, 1000 );
168
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200169 TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
170 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100171 hash_len, hash_result, output ) == 0 );
172
173 hexify( output_str, output, ctx.len );
174
175 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
176 }
177
Paul Bakkerbd51b262014-07-10 15:26:12 +0200178exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100179 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
180 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
181
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200182 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000183}
Paul Bakker33b43f12013-08-20 11:48:36 +0200184/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000185
Paul Bakker33b43f12013-08-20 11:48:36 +0200186/* BEGIN_CASE */
187void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
188 int padding_mode, int mod, int radix_N,
189 char *input_N, int radix_E, char *input_E,
190 char *result_hex_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000191{
192 unsigned char message_str[1000];
193 unsigned char hash_result[1000];
194 unsigned char result_str[1000];
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100195 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200196 mbedtls_rsa_context ctx;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100197 size_t hash_len, olen;
Paul Bakker821fb082009-07-12 13:26:42 +0000198
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100199 mbedtls_mpi N, E;
200 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
201
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200202 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000203 memset( message_str, 0x00, 1000 );
204 memset( hash_result, 0x00, 1000 );
205 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100206 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000207
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100208 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
209 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000210
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100211 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
212 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200213 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000214
Paul Bakker33b43f12013-08-20 11:48:36 +0200215 unhexify( message_str, message_hex_string );
216 hash_len = unhexify( hash_result, hash_result_string );
217 unhexify( result_str, result_hex_str );
Paul Bakker821fb082009-07-12 13:26:42 +0000218
Hanno Becker8fd55482017-08-23 14:07:48 +0100219 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
220 MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
221 hash_len, hash_result,
222 result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100223
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100224 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200225 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100226 {
227 int ok;
228
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200229 TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
230 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100231 &olen, result_str, output, sizeof( output ) ) == 0 );
232
233 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
234 if( correct == 0 )
235 TEST_ASSERT( ok == 1 );
236 else
237 TEST_ASSERT( ok == 0 );
238 }
239
Paul Bakkerbd51b262014-07-10 15:26:12 +0200240exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100241 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200242 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000243}
Paul Bakker33b43f12013-08-20 11:48:36 +0200244/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000245
Paul Bakker33b43f12013-08-20 11:48:36 +0200246/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200247void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200248 int radix_N, char *input_N, int radix_E, char *input_E,
249 char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000250{
251 unsigned char message_str[1000];
252 unsigned char output[1000];
253 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200254 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000255 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000256 rnd_pseudo_info rnd_info;
257
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100258 mbedtls_mpi N, E;
259 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
260
Paul Bakker997bbd12011-03-13 15:45:42 +0000261 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000262
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200263 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000264 memset( message_str, 0x00, 1000 );
265 memset( output, 0x00, 1000 );
266 memset( output_str, 0x00, 1000 );
267
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100268 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
269 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000270
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100271 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
272 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200273 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000274
Paul Bakker33b43f12013-08-20 11:48:36 +0200275 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000276
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200277 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200278 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000279 {
280 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000281
Paul Bakker33b43f12013-08-20 11:48:36 +0200282 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000283 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100284
Paul Bakkerbd51b262014-07-10 15:26:12 +0200285exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100286 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200287 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000288}
Paul Bakker33b43f12013-08-20 11:48:36 +0200289/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000290
Paul Bakker33b43f12013-08-20 11:48:36 +0200291/* BEGIN_CASE */
292void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
293 int mod, int radix_N, char *input_N,
294 int radix_E, char *input_E,
295 char *result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000296{
297 unsigned char message_str[1000];
298 unsigned char output[1000];
299 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200300 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000301 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000302
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100303 mbedtls_mpi N, E;
304
305 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200306 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000307 memset( message_str, 0x00, 1000 );
308 memset( output, 0x00, 1000 );
309 memset( output_str, 0x00, 1000 );
310
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100311 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
312 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000313
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100314 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
315 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200316 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000317
Paul Bakker33b43f12013-08-20 11:48:36 +0200318 msg_len = unhexify( message_str, message_hex_string );
Paul Bakkera6656852010-07-18 19:47:14 +0000319
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200320 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200321 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000322 {
323 hexify( output_str, output, ctx.len );
324
Paul Bakker33b43f12013-08-20 11:48:36 +0200325 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000326 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100327
Paul Bakkerbd51b262014-07-10 15:26:12 +0200328exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100329 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200330 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000331}
Paul Bakker33b43f12013-08-20 11:48:36 +0200332/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000333
Paul Bakker33b43f12013-08-20 11:48:36 +0200334/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200335void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200336 int radix_P, char *input_P, int radix_Q, char *input_Q,
337 int radix_N, char *input_N, int radix_E, char *input_E,
338 int max_output, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000339{
340 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000341 unsigned char output[1000];
342 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200343 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000344 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200345 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100346 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000347
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100348 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
349 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
350
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200351 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000352
353 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000354 memset( output, 0x00, 1000 );
355 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200356 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000357
Paul Bakker42a29bf2009-07-07 20:18:41 +0000358
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100359 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
360 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
361 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
362 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000363
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100364 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
365 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
366 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200367 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000368
Paul Bakker33b43f12013-08-20 11:48:36 +0200369 unhexify( message_str, message_hex_string );
Paul Bakker69998dd2009-07-11 19:15:20 +0000370 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000371
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200372 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200373 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000374 {
375 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000376
Paul Bakker33b43f12013-08-20 11:48:36 +0200377 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000378 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000379
Paul Bakkerbd51b262014-07-10 15:26:12 +0200380exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100381 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
382 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200383 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000384}
Paul Bakker33b43f12013-08-20 11:48:36 +0200385/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000386
Paul Bakker33b43f12013-08-20 11:48:36 +0200387/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200388void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
Paul Bakker33b43f12013-08-20 11:48:36 +0200389 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000390{
391 unsigned char message_str[1000];
392 unsigned char output[1000];
393 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200394 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000395
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100396 mbedtls_mpi N, E;
397
398 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200399 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
400 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000401 memset( message_str, 0x00, 1000 );
402 memset( output, 0x00, 1000 );
403 memset( output_str, 0x00, 1000 );
404
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100405 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
406 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000407
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100408 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
409 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200410 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000411
Paul Bakker33b43f12013-08-20 11:48:36 +0200412 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200414 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200415 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000416 {
417 hexify( output_str, output, ctx.len );
418
Paul Bakker33b43f12013-08-20 11:48:36 +0200419 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000420 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100421
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100422 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200423 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200424 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200425 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100426
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200427 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100428
429 memset( output, 0x00, 1000 );
430 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200431 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100432 if( result == 0 )
433 {
434 hexify( output_str, output, ctx2.len );
435
436 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
437 }
438
Paul Bakkerbd51b262014-07-10 15:26:12 +0200439exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100440 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200441 mbedtls_rsa_free( &ctx );
442 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000443}
Paul Bakker33b43f12013-08-20 11:48:36 +0200444/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000445
Paul Bakker33b43f12013-08-20 11:48:36 +0200446/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200447void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
Paul Bakker33b43f12013-08-20 11:48:36 +0200448 int radix_Q, char *input_Q, int radix_N, char *input_N,
449 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000450{
451 unsigned char message_str[1000];
452 unsigned char output[1000];
453 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200454 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100455 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200456 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200457 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000458
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100459 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
460 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200461 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
462 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000463
464 memset( message_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200465 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000466
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100467 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
468 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
469 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
470 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000471
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100472 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
473 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
474 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200475 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000476
Paul Bakker33b43f12013-08-20 11:48:36 +0200477 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000478
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200479 /* repeat three times to test updating of blinding values */
480 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000481 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200482 memset( output, 0x00, 1000 );
483 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200484 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200485 message_str, output ) == result );
486 if( result == 0 )
487 {
488 hexify( output_str, output, ctx.len );
Paul Bakker821fb082009-07-12 13:26:42 +0000489
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200490 TEST_ASSERT( strcasecmp( (char *) output_str,
491 result_hex_str ) == 0 );
492 }
Paul Bakker821fb082009-07-12 13:26:42 +0000493 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000494
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100495 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200496 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200497 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200498 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100499
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200500 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100501
502 memset( output, 0x00, 1000 );
503 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200504 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100505 message_str, output ) == result );
506 if( result == 0 )
507 {
508 hexify( output_str, output, ctx2.len );
509
510 TEST_ASSERT( strcasecmp( (char *) output_str,
511 result_hex_str ) == 0 );
512 }
513
Paul Bakkerbd51b262014-07-10 15:26:12 +0200514exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100515 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
516 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
517
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200518 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000519}
Paul Bakker33b43f12013-08-20 11:48:36 +0200520/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000521
Paul Bakker33b43f12013-08-20 11:48:36 +0200522/* BEGIN_CASE */
523void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000524{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200525 mbedtls_rsa_context ctx;
526 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000527
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200528 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000529}
Paul Bakker33b43f12013-08-20 11:48:36 +0200530/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000531
Paul Bakker33b43f12013-08-20 11:48:36 +0200532/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200533void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
Paul Bakker33b43f12013-08-20 11:48:36 +0200534 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000535{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200536 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100537 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000538
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100539 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200540 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000541
Paul Bakker33b43f12013-08-20 11:48:36 +0200542 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000543 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100544 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000545 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200546 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000547 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100548 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000549 }
550
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100551 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200552 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100553
Paul Bakkerbd51b262014-07-10 15:26:12 +0200554exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100555 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200556 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000557}
Paul Bakker33b43f12013-08-20 11:48:36 +0200558/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000559
Paul Bakker33b43f12013-08-20 11:48:36 +0200560/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200561void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
Paul Bakker33b43f12013-08-20 11:48:36 +0200562 char *input_Q, int radix_N, char *input_N,
563 int radix_E, char *input_E, int radix_D, char *input_D,
564 int radix_DP, char *input_DP, int radix_DQ,
565 char *input_DQ, int radix_QP, char *input_QP,
566 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000567{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200568 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000569
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200570 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000571
Paul Bakker33b43f12013-08-20 11:48:36 +0200572 ctx.len = mod / 8;
573 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000574 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200575 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000576 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200577 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000578 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200579 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000580 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200581 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000582 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200583 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000584 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200585 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000586 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200587 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000588 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200589 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000590 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200591 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000592 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200593 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000594 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200595 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000596 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200597 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000598 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200599 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000600 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200601 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000602 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200603 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000604 }
Paul Bakker821fb082009-07-12 13:26:42 +0000605
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200606 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100607
Paul Bakkerbd51b262014-07-10 15:26:12 +0200608exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200609 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000610}
Paul Bakker33b43f12013-08-20 11:48:36 +0200611/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000612
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100613/* BEGIN_CASE */
614void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
615 int radix_Epub, char *input_Epub,
616 int radix_P, char *input_P, int radix_Q,
617 char *input_Q, int radix_N, char *input_N,
618 int radix_E, char *input_E, int radix_D, char *input_D,
619 int radix_DP, char *input_DP, int radix_DQ,
620 char *input_DQ, int radix_QP, char *input_QP,
621 int result )
622{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200623 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100624
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200625 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
626 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100627
628 pub.len = mod / 8;
629 prv.len = mod / 8;
630
631 if( strlen( input_Npub ) )
632 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200633 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100634 }
635 if( strlen( input_Epub ) )
636 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200637 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100638 }
639
640 if( strlen( input_P ) )
641 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200642 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100643 }
644 if( strlen( input_Q ) )
645 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200646 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100647 }
648 if( strlen( input_N ) )
649 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200650 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100651 }
652 if( strlen( input_E ) )
653 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200654 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100655 }
656 if( strlen( input_D ) )
657 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200658 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100659 }
660 if( strlen( input_DP ) )
661 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200662 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100663 }
664 if( strlen( input_DQ ) )
665 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200666 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100667 }
668 if( strlen( input_QP ) )
669 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200670 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100671 }
672
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200673 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100674
675exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200676 mbedtls_rsa_free( &pub );
677 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100678}
679/* END_CASE */
680
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200681/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
682void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000683{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200684 mbedtls_rsa_context ctx;
685 mbedtls_entropy_context entropy;
686 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200687 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000688
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200689 mbedtls_ctr_drbg_init( &ctr_drbg );
690
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200691 mbedtls_entropy_init( &entropy );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100692 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
693 &entropy, (const unsigned char *) pers,
694 strlen( pers ) ) == 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000695
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200696 mbedtls_rsa_init( &ctx, 0, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000697
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100698 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random,
699 &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200700 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000701 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200702 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100703 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000704 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100705
Paul Bakkerbd51b262014-07-10 15:26:12 +0200706exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200707 mbedtls_rsa_free( &ctx );
708 mbedtls_ctr_drbg_free( &ctr_drbg );
709 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000710}
Paul Bakker33b43f12013-08-20 11:48:36 +0200711/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000712
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100713/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
714void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N,
715 int radix_D, char *input_D,
716 int radix_E, char *input_E,
717 int radix_P, char *output_P,
718 int radix_Q, char *output_Q,
719 int corrupt, int result )
720{
721 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
722
723 mbedtls_entropy_context entropy;
724 mbedtls_ctr_drbg_context ctr_drbg;
725 const char *pers = "test_suite_rsa";
726
727 mbedtls_mpi_init( &N );
728 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
729 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
730 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
731
732 mbedtls_ctr_drbg_init( &ctr_drbg );
733 mbedtls_entropy_init( &entropy );
734 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
735 (const unsigned char *) pers, strlen( pers ) ) == 0 );
736
737 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
738 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
739 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
740 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
741 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
742
743 if( corrupt )
744 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
745
746 /* Try to deduce P, Q from N, D, E only. */
747 TEST_ASSERT( mbedtls_rsa_deduce_moduli( &N, &D, &E, mbedtls_ctr_drbg_random,
748 &ctr_drbg, &P, &Q ) == result );
749
750 if( !corrupt )
751 {
752 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
753 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
754 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
755 }
756
757exit:
758
759 mbedtls_mpi_free( &N );
760 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
761 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
762 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
763
764 mbedtls_ctr_drbg_free( &ctr_drbg );
765 mbedtls_entropy_free( &entropy );
766}
767/* END_CASE */
768
Hanno Becker6b4ce492017-08-23 11:00:21 +0100769/* BEGIN_CASE */
770void mbedtls_rsa_deduce_private( int radix_P, char *input_P,
771 int radix_Q, char *input_Q,
772 int radix_E, char *input_E,
773 int radix_D, char *output_D,
774 int corrupt, int result )
775{
776 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
777
778 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
779 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
780 mbedtls_mpi_init( &E );
781 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
782
783 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
784 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
785 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
786 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
787
788 if( corrupt )
789 {
790 /* Make E even */
791 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
792 }
793
794 /* Try to deduce D from N, P, Q, E. */
795 TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result );
796
797 if( !corrupt )
798 {
799 /*
800 * Check that D and Dp agree modulo LCM(P-1, Q-1).
801 */
802
803 /* Replace P,Q by P-1, Q-1 */
804 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
805 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
806
807 /* Check D == Dp modulo P-1 */
808 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
809 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
810 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
811
812 /* Check D == Dp modulo Q-1 */
813 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
814 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
815 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
816 }
817
818exit:
819
820 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
821 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
822 mbedtls_mpi_free( &E );
823 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
824}
825/* END_CASE */
826
Hanno Beckerc77ab892017-08-23 11:01:06 +0100827/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
828void mbedtls_rsa_import( int radix_N, char *input_N,
829 int radix_P, char *input_P,
830 int radix_Q, char *input_Q,
831 int radix_D, char *input_D,
832 int radix_E, char *input_E,
833 int successive,
834 int result )
835{
836 mbedtls_mpi N, P, Q, D, E;
837 mbedtls_rsa_context ctx;
838
839 mbedtls_entropy_context entropy;
840 mbedtls_ctr_drbg_context ctr_drbg;
841 const char *pers = "test_suite_rsa";
842
843 mbedtls_ctr_drbg_init( &ctr_drbg );
844
845 mbedtls_entropy_init( &entropy );
846 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
847 (const unsigned char *) pers, strlen( pers ) ) == 0 );
848
849 mbedtls_rsa_init( &ctx, 0, 0 );
850
851 mbedtls_mpi_init( &N );
852 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
853 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
854
855 if( strlen( input_N ) )
856 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
857
858 if( strlen( input_P ) )
859 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
860
861 if( strlen( input_Q ) )
862 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
863
864 if( strlen( input_D ) )
865 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
866
867 if( strlen( input_E ) )
868 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
869
870 if( !successive )
871 {
872 TEST_ASSERT( mbedtls_rsa_import( &ctx,
873 strlen( input_N ) ? &N : NULL,
874 strlen( input_P ) ? &P : NULL,
875 strlen( input_Q ) ? &Q : NULL,
876 strlen( input_D ) ? &D : NULL,
877 strlen( input_E ) ? &E : NULL ) == 0 );
878 }
879 else
880 {
881 /* Import N, P, Q, D, E separately.
882 * This should make no functional difference. */
883
884 TEST_ASSERT( mbedtls_rsa_import( &ctx,
885 strlen( input_N ) ? &N : NULL,
886 NULL, NULL, NULL, NULL ) == 0 );
887
888 TEST_ASSERT( mbedtls_rsa_import( &ctx,
889 NULL,
890 strlen( input_P ) ? &P : NULL,
891 NULL, NULL, NULL ) == 0 );
892
893 TEST_ASSERT( mbedtls_rsa_import( &ctx,
894 NULL, NULL,
895 strlen( input_Q ) ? &Q : NULL,
896 NULL, NULL ) == 0 );
897
898 TEST_ASSERT( mbedtls_rsa_import( &ctx,
899 NULL, NULL, NULL,
900 strlen( input_D ) ? &D : NULL,
901 NULL ) == 0 );
902
903 TEST_ASSERT( mbedtls_rsa_import( &ctx,
904 NULL, NULL, NULL, NULL,
905 strlen( input_E ) ? &E : NULL ) == 0 );
906 }
907
908 TEST_ASSERT( mbedtls_rsa_complete( &ctx,
909 mbedtls_ctr_drbg_random,
910 &ctr_drbg ) == result );
911
912exit:
913
914 mbedtls_rsa_free( &ctx );
915
916 mbedtls_ctr_drbg_free( &ctr_drbg );
917 mbedtls_entropy_free( &entropy );
918
919 mbedtls_mpi_free( &N );
920 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
921 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
922}
923/* END_CASE */
924
Hanno Becker417f2d62017-08-23 11:44:51 +0100925/* BEGIN_CASE */
926void mbedtls_rsa_export( int radix_N, char *input_N,
927 int radix_P, char *input_P,
928 int radix_Q, char *input_Q,
929 int radix_D, char *input_D,
930 int radix_E, char *input_E,
931 int successive )
932{
933 /* Original MPI's with which we set up the RSA context */
934 mbedtls_mpi N, P, Q, D, E;
935
936 /* Exported MPI's */
937 mbedtls_mpi Ne, Pe, Qe, De, Ee;
938
939 const int have_N = ( strlen( input_N ) > 0 );
940 const int have_P = ( strlen( input_P ) > 0 );
941 const int have_Q = ( strlen( input_Q ) > 0 );
942 const int have_D = ( strlen( input_D ) > 0 );
943 const int have_E = ( strlen( input_E ) > 0 );
944
945 const int is_priv = have_P || have_Q || have_D;
946
947 mbedtls_rsa_context ctx;
948
949 mbedtls_rsa_init( &ctx, 0, 0 );
950
951 mbedtls_mpi_init( &N );
952 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
953 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
954
955 mbedtls_mpi_init( &Ne );
956 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
957 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
958
959 /* Setup RSA context */
960
961 if( have_N )
962 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
963
964 if( have_P )
965 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
966
967 if( have_Q )
968 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
969
970 if( have_D )
971 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
972
973 if( have_E )
974 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
975
976 TEST_ASSERT( mbedtls_rsa_import( &ctx,
977 strlen( input_N ) ? &N : NULL,
978 strlen( input_P ) ? &P : NULL,
979 strlen( input_Q ) ? &Q : NULL,
980 strlen( input_D ) ? &D : NULL,
981 strlen( input_E ) ? &E : NULL ) == 0 );
982
983 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
984
985 /*
986 * Export parameters and compare to original ones.
987 */
988
989 /* N and E must always be present. */
990 if( !successive )
991 {
992 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
993 }
994 else
995 {
996 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
997 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
998 }
999 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1000 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1001
1002 /* If we were providing enough information to setup a complete private context,
1003 * we expect to be able to export all core parameters. */
1004
1005 if( is_priv )
1006 {
1007 if( !successive )
1008 {
1009 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1010 &De, NULL ) == 0 );
1011 }
1012 else
1013 {
1014 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1015 NULL, NULL ) == 0 );
1016 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1017 NULL, NULL ) == 0 );
1018 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1019 &De, NULL ) == 0 );
1020 }
1021
1022 if( have_P )
1023 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1024
1025 if( have_Q )
1026 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1027
1028 if( have_D )
1029 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1030
1031 /* While at it, perform a sanity check */
1032 TEST_ASSERT( mbedtls_rsa_check_params( &Ne, &Pe, &Qe, &De, &Ee,
1033 NULL, NULL ) == 0 );
1034 }
1035
1036exit:
1037
1038 mbedtls_rsa_free( &ctx );
1039
1040 mbedtls_mpi_free( &N );
1041 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1042 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1043
1044 mbedtls_mpi_free( &Ne );
1045 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1046 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1047}
1048/* END_CASE */
1049
Hanno Beckerce002632017-08-23 13:22:36 +01001050/* BEGIN_CASE */
1051void mbedtls_rsa_check_params( int radix_N, char *input_N,
1052 int radix_P, char *input_P,
1053 int radix_Q, char *input_Q,
1054 int radix_D, char *input_D,
1055 int radix_E, char *input_E,
1056 int prng, int result )
1057{
1058 /* Original MPI's with which we set up the RSA context */
1059 mbedtls_mpi N, P, Q, D, E;
1060
1061 const int have_N = ( strlen( input_N ) > 0 );
1062 const int have_P = ( strlen( input_P ) > 0 );
1063 const int have_Q = ( strlen( input_Q ) > 0 );
1064 const int have_D = ( strlen( input_D ) > 0 );
1065 const int have_E = ( strlen( input_E ) > 0 );
1066
1067 mbedtls_entropy_context entropy;
1068 mbedtls_ctr_drbg_context ctr_drbg;
1069 const char *pers = "test_suite_rsa";
1070
1071 mbedtls_mpi_init( &N );
1072 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1073 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1074
1075 mbedtls_ctr_drbg_init( &ctr_drbg );
1076 mbedtls_entropy_init( &entropy );
1077 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1078 &entropy, (const unsigned char *) pers,
1079 strlen( pers ) ) == 0 );
1080
1081 if( have_N )
1082 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1083
1084 if( have_P )
1085 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1086
1087 if( have_Q )
1088 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1089
1090 if( have_D )
1091 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1092
1093 if( have_E )
1094 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1095
1096 TEST_ASSERT( mbedtls_rsa_check_params( have_N ? &N : NULL,
1097 have_P ? &P : NULL,
1098 have_Q ? &Q : NULL,
1099 have_D ? &D : NULL,
1100 have_E ? &E : NULL,
1101 prng ? mbedtls_ctr_drbg_random : NULL,
1102 prng ? &ctr_drbg : NULL ) == result );
1103exit:
1104
1105 mbedtls_ctr_drbg_free( &ctr_drbg );
1106 mbedtls_entropy_free( &entropy );
1107
1108 mbedtls_mpi_free( &N );
1109 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1110 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1111}
1112/* END_CASE */
1113
Hanno Beckerc77ab892017-08-23 11:01:06 +01001114/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001115void mbedtls_rsa_export_raw( char *input_N, char *input_P,
1116 char *input_Q, char *input_D,
1117 char *input_E, int successive )
1118{
1119 /* Original raw buffers with which we set up the RSA context */
1120 unsigned char bufN[1000];
1121 unsigned char bufP[1000];
1122 unsigned char bufQ[1000];
1123 unsigned char bufD[1000];
1124 unsigned char bufE[1000];
1125
1126 size_t lenN = 0;
1127 size_t lenP = 0;
1128 size_t lenQ = 0;
1129 size_t lenD = 0;
1130 size_t lenE = 0;
1131
1132 /* Exported buffers */
1133 unsigned char bufNe[ sizeof( bufN ) ];
1134 unsigned char bufPe[ sizeof( bufP ) ];
1135 unsigned char bufQe[ sizeof( bufQ ) ];
1136 unsigned char bufDe[ sizeof( bufD ) ];
1137 unsigned char bufEe[ sizeof( bufE ) ];
1138
1139 const int have_N = ( strlen( input_N ) > 0 );
1140 const int have_P = ( strlen( input_P ) > 0 );
1141 const int have_Q = ( strlen( input_Q ) > 0 );
1142 const int have_D = ( strlen( input_D ) > 0 );
1143 const int have_E = ( strlen( input_E ) > 0 );
1144
1145 const int is_priv = have_P || have_Q || have_D;
1146
1147 mbedtls_rsa_context ctx;
1148
1149 mbedtls_rsa_init( &ctx, 0, 0 );
1150
1151 /* Setup RSA context */
1152
1153 if( have_N )
1154 lenN = unhexify( bufN, input_N );
1155
1156 if( have_P )
1157 lenP = unhexify( bufP, input_P );
1158
1159 if( have_Q )
1160 lenQ = unhexify( bufQ, input_Q );
1161
1162 if( have_D )
1163 lenD = unhexify( bufD, input_D );
1164
1165 if( have_E )
1166 lenE = unhexify( bufE, input_E );
1167
1168 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1169 have_N ? bufN : NULL, lenN,
1170 have_P ? bufP : NULL, lenP,
1171 have_Q ? bufQ : NULL, lenQ,
1172 have_D ? bufD : NULL, lenD,
1173 have_E ? bufE : NULL, lenE ) == 0 );
1174
1175 TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 );
1176
1177 /*
1178 * Export parameters and compare to original ones.
1179 */
1180
1181 /* N and E must always be present. */
1182 if( !successive )
1183 {
1184 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1185 NULL, 0, NULL, 0, NULL, 0,
1186 bufEe, lenE ) == 0 );
1187 }
1188 else
1189 {
1190 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1191 NULL, 0, NULL, 0, NULL, 0,
1192 NULL, 0 ) == 0 );
1193 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1194 NULL, 0, NULL, 0, NULL, 0,
1195 bufEe, lenE ) == 0 );
1196 }
1197 TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
1198 TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
1199
1200 /* If we were providing enough information to setup a complete private context,
1201 * we expect to be able to export all core parameters. */
1202
1203 if( is_priv )
1204 {
1205 if( !successive )
1206 {
1207 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1208 bufPe, lenP ? lenP : sizeof( bufPe ),
1209 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1210 bufDe, lenD ? lenD : sizeof( bufDe ),
1211 NULL, 0 ) == 0 );
1212 }
1213 else
1214 {
1215 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1216 bufPe, lenP ? lenP : sizeof( bufPe ),
1217 NULL, 0, NULL, 0,
1218 NULL, 0 ) == 0 );
1219
1220 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1221 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1222 NULL, 0, NULL, 0 ) == 0 );
1223
1224 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1225 NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
1226 NULL, 0 ) == 0 );
1227 }
1228
1229 if( have_P )
1230 TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
1231
1232 if( have_Q )
1233 TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
1234
1235 if( have_D )
1236 TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
1237
1238 }
1239
1240exit:
1241 mbedtls_rsa_free( &ctx );
1242}
1243/* END_CASE */
1244
1245/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerc77ab892017-08-23 11:01:06 +01001246void mbedtls_rsa_import_raw( char *input_N,
1247 char *input_P, char *input_Q,
1248 char *input_D, char *input_E,
1249 int successive,
1250 int result )
1251{
1252 unsigned char bufN[1000];
1253 unsigned char bufP[1000];
1254 unsigned char bufQ[1000];
1255 unsigned char bufD[1000];
1256 unsigned char bufE[1000];
1257
1258 size_t lenN = 0;
1259 size_t lenP = 0;
1260 size_t lenQ = 0;
1261 size_t lenD = 0;
1262 size_t lenE = 0;
1263
1264 mbedtls_rsa_context ctx;
1265
1266 mbedtls_entropy_context entropy;
1267 mbedtls_ctr_drbg_context ctr_drbg;
1268 const char *pers = "test_suite_rsa";
1269
1270 mbedtls_ctr_drbg_init( &ctr_drbg );
1271
1272 mbedtls_entropy_init( &entropy );
1273 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1274 &entropy, (const unsigned char *) pers,
1275 strlen( pers ) ) == 0 );
1276
1277 mbedtls_rsa_init( &ctx, 0, 0 );
1278
1279 if( strlen( input_N ) )
1280 lenN = unhexify( bufN, input_N );
1281
1282 if( strlen( input_P ) )
1283 lenP = unhexify( bufP, input_P );
1284
1285 if( strlen( input_Q ) )
1286 lenQ = unhexify( bufQ, input_Q );
1287
1288 if( strlen( input_D ) )
1289 lenD = unhexify( bufD, input_D );
1290
1291 if( strlen( input_E ) )
1292 lenE = unhexify( bufE, input_E );
1293
1294 if( !successive )
1295 {
1296 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1297 ( lenN > 0 ) ? bufN : NULL, lenN,
1298 ( lenP > 0 ) ? bufP : NULL, lenP,
1299 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1300 ( lenD > 0 ) ? bufD : NULL, lenD,
1301 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1302 }
1303 else
1304 {
1305 /* Import N, P, Q, D, E separately.
1306 * This should make no functional difference. */
1307
1308 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1309 ( lenN > 0 ) ? bufN : NULL, lenN,
1310 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1311
1312 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1313 NULL, 0,
1314 ( lenP > 0 ) ? bufP : NULL, lenP,
1315 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1316
1317 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1318 NULL, 0, NULL, 0,
1319 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1320 NULL, 0, NULL, 0 ) == 0 );
1321
1322 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1323 NULL, 0, NULL, 0, NULL, 0,
1324 ( lenD > 0 ) ? bufD : NULL, lenD,
1325 NULL, 0 ) == 0 );
1326
1327 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1328 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1329 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1330 }
1331
1332 TEST_ASSERT( mbedtls_rsa_complete( &ctx,
1333 mbedtls_ctr_drbg_random,
1334 &ctr_drbg ) == result );
1335
1336exit:
1337
1338 mbedtls_rsa_free( &ctx );
1339
1340 mbedtls_ctr_drbg_free( &ctr_drbg );
1341 mbedtls_entropy_free( &entropy );
1342
1343}
1344/* END_CASE */
1345
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001346/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +02001347void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +00001348{
Andres AG93012e82016-09-09 09:10:28 +01001349 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +00001350}
Paul Bakker33b43f12013-08-20 11:48:36 +02001351/* END_CASE */