blob: 9dfd664608c116ffda3591d93d64e7563ebf3a5d [file] [log] [blame]
Paul Bakker42a29bf2009-07-07 20:18:41 +00001BEGIN_HEADER
2#include <polarssl/rsa.h>
Paul Bakker821fb082009-07-12 13:26:42 +00003#include <polarssl/md2.h>
4#include <polarssl/md4.h>
5#include <polarssl/md5.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +00006#include <polarssl/sha1.h>
7#include <polarssl/sha2.h>
8#include <polarssl/sha4.h>
Paul Bakker821fb082009-07-12 13:26:42 +00009#include <polarssl/havege.h>
Paul Bakker42a29bf2009-07-07 20:18:41 +000010END_HEADER
11
Paul Bakker5690efc2011-05-26 13:16:06 +000012BEGIN_DEPENDENCIES
Paul Bakkerd7d8dbe2011-05-26 15:29:38 +000013depends_on:POLARSSL_RSA_C:POLARSSL_BIGNUM_C:POLARSSL_GENPRIME
Paul Bakker5690efc2011-05-26 13:16:06 +000014END_DEPENDENCIES
15
Paul Bakker42a29bf2009-07-07 20:18:41 +000016BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +000017rsa_pkcs1_sign:message_hex_string:padding_mode:digest:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +000018{
19 unsigned char message_str[1000];
20 unsigned char hash_result[1000];
21 unsigned char output[1000];
22 unsigned char output_str[1000];
23 rsa_context ctx;
24 mpi P1, Q1, H, G;
Paul Bakker69998dd2009-07-11 19:15:20 +000025 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +000026
Paul Bakker6c591fa2011-05-05 11:49:20 +000027 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +000028 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000029
30 memset( message_str, 0x00, 1000 );
31 memset( hash_result, 0x00, 1000 );
32 memset( output, 0x00, 1000 );
33 memset( output_str, 0x00, 1000 );
34
35 ctx.len = {mod} / 8;
36 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
37 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
38 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
39 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
40
41 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
42 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
43 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
44 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
45 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
46 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
47 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
48 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
49
50 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
51
Paul Bakker69998dd2009-07-11 19:15:20 +000052 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +000053
Paul Bakker76791f72009-10-03 20:02:00 +000054 switch( {digest} )
55 {
56#ifdef POLARSSL_MD2_C
57 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +000058 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +000059 break;
60#endif
61#ifdef POLARSSL_MD4_C
62 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +000063 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +000064 break;
65#endif
66#ifdef POLARSSL_MD5_C
67 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +000068 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +000069 break;
70#endif
71#ifdef POLARSSL_SHA1_C
72 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +000073 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +000074 break;
75#endif
76#ifdef POLARSSL_SHA2_C
77 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +000078 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +000079 break;
80 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +000081 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +000082 break;
83#endif
84#ifdef POLARSSL_SHA4_C
85 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +000086 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +000087 break;
88 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +000089 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +000090 break;
91#endif
92 }
Paul Bakker42a29bf2009-07-07 20:18:41 +000093
Paul Bakker9dcc3222011-03-08 14:16:06 +000094 TEST_ASSERT( rsa_pkcs1_sign( &ctx, NULL, NULL, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +000095 if( {result} == 0 )
96 {
97 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +000098
Paul Bakker821fb082009-07-12 13:26:42 +000099 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
100 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000101
102 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000103}
104END_CASE
105
106BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000107rsa_pkcs1_verify:message_hex_string:padding_mode:digest:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000108{
109 unsigned char message_str[1000];
110 unsigned char hash_result[1000];
111 unsigned char result_str[1000];
112 rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000113 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000114
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000115 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000116 memset( message_str, 0x00, 1000 );
117 memset( hash_result, 0x00, 1000 );
118 memset( result_str, 0x00, 1000 );
119
120 ctx.len = {mod} / 8;
121 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
122 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
123
124 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
125
Paul Bakker69998dd2009-07-11 19:15:20 +0000126 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000127 unhexify( result_str, {result_hex_str} );
128
Paul Bakker76791f72009-10-03 20:02:00 +0000129 switch( {digest} )
130 {
131#ifdef POLARSSL_MD2_C
132 case SIG_RSA_MD2:
Paul Bakker821fb082009-07-12 13:26:42 +0000133 md2( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000134 break;
135#endif
136#ifdef POLARSSL_MD4_C
137 case SIG_RSA_MD4:
Paul Bakker821fb082009-07-12 13:26:42 +0000138 md4( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000139 break;
140#endif
141#ifdef POLARSSL_MD5_C
142 case SIG_RSA_MD5:
Paul Bakker821fb082009-07-12 13:26:42 +0000143 md5( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000144 break;
145#endif
146#ifdef POLARSSL_SHA1_C
147 case SIG_RSA_SHA1:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000148 sha1( message_str, msg_len, hash_result );
Paul Bakker76791f72009-10-03 20:02:00 +0000149 break;
150#endif
151#ifdef POLARSSL_SHA2_C
152 case SIG_RSA_SHA224:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000153 sha2( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000154 break;
155 case SIG_RSA_SHA256:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000156 sha2( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000157 break;
158#endif
159#ifdef POLARSSL_SHA4_C
160 case SIG_RSA_SHA384:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000161 sha4( message_str, msg_len, hash_result, 1 );
Paul Bakker76791f72009-10-03 20:02:00 +0000162 break;
163 case SIG_RSA_SHA512:
Paul Bakker42a29bf2009-07-07 20:18:41 +0000164 sha4( message_str, msg_len, hash_result, 0 );
Paul Bakker76791f72009-10-03 20:02:00 +0000165 break;
166#endif
167 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000168
Paul Bakker821fb082009-07-12 13:26:42 +0000169 TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000170}
171END_CASE
172
Paul Bakker821fb082009-07-12 13:26:42 +0000173
Paul Bakker42a29bf2009-07-07 20:18:41 +0000174BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000175rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str
Paul Bakker42a29bf2009-07-07 20:18:41 +0000176{
177 unsigned char message_str[1000];
178 unsigned char hash_result[1000];
179 unsigned char output[1000];
180 unsigned char output_str[1000];
181 rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000182 mpi P1, Q1, H, G;
183 int msg_len, hash_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000184
Paul Bakker6c591fa2011-05-05 11:49:20 +0000185 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000186 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000187
Paul Bakker42a29bf2009-07-07 20:18:41 +0000188 memset( message_str, 0x00, 1000 );
189 memset( hash_result, 0x00, 1000 );
190 memset( output, 0x00, 1000 );
191 memset( output_str, 0x00, 1000 );
192
193 ctx.len = {mod} / 8;
Paul Bakker821fb082009-07-12 13:26:42 +0000194 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
195 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
196 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
197 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
198
199 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
200 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
201 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
202 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
203 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
204 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
205 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
206 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
207
208 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
209
210 msg_len = unhexify( message_str, {message_hex_string} );
211 hash_len = unhexify( hash_result, {hash_result_string} );
212
Paul Bakker9dcc3222011-03-08 14:16:06 +0000213 TEST_ASSERT( rsa_pkcs1_sign( &ctx, NULL, NULL, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000214
215 hexify( output_str, output, ctx.len );
216
217 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000218
219 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker821fb082009-07-12 13:26:42 +0000220}
221END_CASE
222
223BEGIN_CASE
224rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:correct
225{
226 unsigned char message_str[1000];
227 unsigned char hash_result[1000];
228 unsigned char result_str[1000];
229 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000230 size_t msg_len, hash_len;
Paul Bakker821fb082009-07-12 13:26:42 +0000231
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000232 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000233 memset( message_str, 0x00, 1000 );
234 memset( hash_result, 0x00, 1000 );
235 memset( result_str, 0x00, 1000 );
236
237 ctx.len = {mod} / 8;
238 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
239 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
240
241 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
242
243 msg_len = unhexify( message_str, {message_hex_string} );
244 hash_len = unhexify( hash_result, {hash_result_string} );
245 unhexify( result_str, {result_hex_str} );
246
Paul Bakkerfc22c442009-07-19 20:36:27 +0000247 TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
Paul Bakker821fb082009-07-12 13:26:42 +0000248}
249END_CASE
250
251BEGIN_CASE
252rsa_pkcs1_encrypt:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
253{
254 unsigned char message_str[1000];
255 unsigned char output[1000];
256 unsigned char output_str[1000];
257 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000258 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000259 rnd_pseudo_info rnd_info;
260
261 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000262
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000263 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000264 memset( message_str, 0x00, 1000 );
265 memset( output, 0x00, 1000 );
266 memset( output_str, 0x00, 1000 );
267
268 ctx.len = {mod} / 8;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000269 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
270 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
271
272 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
273
Paul Bakker69998dd2009-07-11 19:15:20 +0000274 msg_len = unhexify( message_str, {message_hex_string} );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000275
Paul Bakker997bbd12011-03-13 15:45:42 +0000276 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000277 if( {result} == 0 )
278 {
279 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000280
Paul Bakker821fb082009-07-12 13:26:42 +0000281 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
282 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000283}
284END_CASE
285
286BEGIN_CASE
Paul Bakkera6656852010-07-18 19:47:14 +0000287rsa_pkcs1_encrypt_bad_rng:message_hex_string:padding_mode:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
288{
289 unsigned char message_str[1000];
290 unsigned char output[1000];
291 unsigned char output_str[1000];
292 rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000293 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000294
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000295 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000296 memset( message_str, 0x00, 1000 );
297 memset( output, 0x00, 1000 );
298 memset( output_str, 0x00, 1000 );
299
300 ctx.len = {mod} / 8;
301 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
302 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
303
304 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
305
306 msg_len = unhexify( message_str, {message_hex_string} );
307
Paul Bakker997bbd12011-03-13 15:45:42 +0000308 TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, RSA_PUBLIC, msg_len, message_str, output ) == {result} );
Paul Bakkera6656852010-07-18 19:47:14 +0000309 if( {result} == 0 )
310 {
311 hexify( output_str, output, ctx.len );
312
313 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
314 }
315}
316END_CASE
317
318BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000319rsa_pkcs1_decrypt:message_hex_string:padding_mode:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:max_output:result_hex_str:result
Paul Bakker42a29bf2009-07-07 20:18:41 +0000320{
321 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000322 unsigned char output[1000];
323 unsigned char output_str[1000];
324 rsa_context ctx;
325 mpi P1, Q1, H, G;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000326 size_t output_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000327
Paul Bakker6c591fa2011-05-05 11:49:20 +0000328 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000329 rsa_init( &ctx, {padding_mode}, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000330
331 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000332 memset( output, 0x00, 1000 );
333 memset( output_str, 0x00, 1000 );
334
335 ctx.len = {mod} / 8;
336 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
337 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
338 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
339 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
340
341 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
342 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
343 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
344 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
345 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
346 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
347 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
348 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
349
350 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
351
352 unhexify( message_str, {message_hex_string} );
Paul Bakker69998dd2009-07-11 19:15:20 +0000353 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000354
Paul Bakker821fb082009-07-12 13:26:42 +0000355 TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
356 if( {result} == 0 )
357 {
358 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000359
Paul Bakker821fb082009-07-12 13:26:42 +0000360 TEST_ASSERT( strncasecmp( (char *) output_str, {result_hex_str}, strlen( {result_hex_str} ) ) == 0 );
361 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000362
363 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker821fb082009-07-12 13:26:42 +0000364}
365END_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000366
Paul Bakker821fb082009-07-12 13:26:42 +0000367BEGIN_CASE
368rsa_public:message_hex_string:mod:radix_N:input_N:radix_E:input_E:result_hex_str:result
369{
370 unsigned char message_str[1000];
371 unsigned char output[1000];
372 unsigned char output_str[1000];
373 rsa_context ctx;
374
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000375 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000376 memset( message_str, 0x00, 1000 );
377 memset( output, 0x00, 1000 );
378 memset( output_str, 0x00, 1000 );
379
380 ctx.len = {mod} / 8;
381 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
382 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
383
384 TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 );
385
386 unhexify( message_str, {message_hex_string} );
387
388 TEST_ASSERT( rsa_public( &ctx, message_str, output ) == {result} );
389 if( {result} == 0 )
390 {
391 hexify( output_str, output, ctx.len );
392
393 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
394 }
395}
396END_CASE
397
398BEGIN_CASE
399rsa_private:message_hex_string:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:result_hex_str:result
400{
401 unsigned char message_str[1000];
402 unsigned char output[1000];
403 unsigned char output_str[1000];
404 rsa_context ctx;
405 mpi P1, Q1, H, G;
406
Paul Bakker6c591fa2011-05-05 11:49:20 +0000407 mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000408 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000409
410 memset( message_str, 0x00, 1000 );
411 memset( output, 0x00, 1000 );
412 memset( output_str, 0x00, 1000 );
413
414 ctx.len = {mod} / 8;
415 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
416 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
417 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
418 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
419
420 TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
421 TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
422 TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
423 TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 );
424 TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
425 TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
426 TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
427 TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
428
429 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
430
431 unhexify( message_str, {message_hex_string} );
432
433 TEST_ASSERT( rsa_private( &ctx, message_str, output ) == {result} );
434 if( {result} == 0 )
435 {
436 hexify( output_str, output, ctx.len );
437
438 TEST_ASSERT( strcasecmp( (char *) output_str, {result_hex_str} ) == 0 );
439 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000440
441 mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000442}
443END_CASE
444
445BEGIN_CASE
Paul Bakker37940d9f2009-07-10 22:38:58 +0000446rsa_check_privkey_null:
447{
448 rsa_context ctx;
449 memset( &ctx, 0x00, sizeof( rsa_context ) );
450
451 TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
452}
453END_CASE
454
455BEGIN_CASE
Paul Bakker821fb082009-07-12 13:26:42 +0000456rsa_check_pubkey:radix_N:input_N:radix_E:input_E:result
457{
458 rsa_context ctx;
459
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000460 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000461
462 if( strlen( {input_N} ) )
463 {
464 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
465 }
466 if( strlen( {input_E} ) )
467 {
468 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
469 }
470
471 TEST_ASSERT( rsa_check_pubkey( &ctx ) == {result} );
472}
473END_CASE
474
475BEGIN_CASE
476rsa_check_privkey:mod:radix_P:input_P:radix_Q:input_Q:radix_N:input_N:radix_E:input_E:radix_D:input_D:result
477{
478 rsa_context ctx;
479
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000480 rsa_init( &ctx, RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000481
482 ctx.len = {mod} / 8;
483 if( strlen( {input_P} ) )
484 {
485 TEST_ASSERT( mpi_read_string( &ctx.P, {radix_P}, {input_P} ) == 0 );
486 }
487 if( strlen( {input_Q} ) )
488 {
489 TEST_ASSERT( mpi_read_string( &ctx.Q, {radix_Q}, {input_Q} ) == 0 );
490 }
491 if( strlen( {input_N} ) )
492 {
493 TEST_ASSERT( mpi_read_string( &ctx.N, {radix_N}, {input_N} ) == 0 );
494 }
495 if( strlen( {input_E} ) )
496 {
497 TEST_ASSERT( mpi_read_string( &ctx.E, {radix_E}, {input_E} ) == 0 );
498 }
499 if( strlen( {input_D} ) )
500 {
501 TEST_ASSERT( mpi_read_string( &ctx.D, {radix_D}, {input_D} ) == 0 );
502 }
503
504 TEST_ASSERT( rsa_check_privkey( &ctx ) == {result} );
505}
506END_CASE
507
508BEGIN_CASE
509rsa_gen_key:nrbits:exponent:result
510{
511 rsa_context ctx;
512 havege_state hs;
513
514 havege_init( &hs );
Paul Bakkerebcef6d2010-08-16 11:10:49 +0000515 rsa_init( &ctx, 0, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000516
Paul Bakkera802e1a2010-08-16 11:56:45 +0000517 TEST_ASSERT( rsa_gen_key( &ctx, havege_rand, &hs, {nrbits}, {exponent} ) == {result} );
Paul Bakker821fb082009-07-12 13:26:42 +0000518 if( {result} == 0 )
519 {
520 TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );
521 }
522}
523END_CASE
524
525BEGIN_CASE
Paul Bakker42a29bf2009-07-07 20:18:41 +0000526rsa_selftest:
527{
528 TEST_ASSERT( rsa_self_test( 0 ) == 0 );
529}
530END_CASE