TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e57dd2d4500c9d994dde97fc10c5eeb6e1b211db / . / tests / suites / test_suite_rsa.function
blob: f5f515908e96487604b514e44580f8afd9a0f5b0 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Chris Jones66a4cd42021-03-09 16:04:12 +0000[diff] [blame]3#include "rsa_alt_helpers.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md5.h"
5#include "mbedtls/sha1.h"
6#include "mbedtls/sha256.h"
7#include "mbedtls/sha512.h"
8#include "mbedtls/entropy.h"
9#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]10
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]11/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]14 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15 * END_DEPENDENCIES
16 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]17
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]18/* BEGIN_CASE */
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]19void rsa_invalid_param( )
20{
21 mbedtls_rsa_context ctx;
22 const int invalid_padding = 42;
23 const int invalid_hash_id = 0xff;
24
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]25 mbedtls_rsa_init( &ctx );
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]26
27 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
28 invalid_padding,
29 MBEDTLS_MD_NONE ),
30 MBEDTLS_ERR_RSA_INVALID_PADDING );
31
32 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
33 MBEDTLS_RSA_PKCS_V21,
34 invalid_hash_id ),
35 MBEDTLS_ERR_RSA_INVALID_PADDING );
36
Ronald Cron3a0375f2021-06-08 10:22:28 +0200[diff] [blame]37#if !defined(MBEDTLS_PKCS1_V15)
38 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
39 MBEDTLS_RSA_PKCS_V15,
40 MBEDTLS_MD_NONE ),
41 MBEDTLS_ERR_RSA_INVALID_PADDING );
42#endif
43
44#if !defined(MBEDTLS_PKCS1_V21)
45 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
46 MBEDTLS_RSA_PKCS_V21,
47 MBEDTLS_MD_NONE ),
48 MBEDTLS_ERR_RSA_INVALID_PADDING );
49#endif
50
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]51exit:
52 mbedtls_rsa_free( &ctx );
53}
54/* END_CASE */
55
56/* BEGIN_CASE */
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]57void rsa_init_free( int reinit )
58{
59 mbedtls_rsa_context ctx;
60
61 /* Double free is not explicitly documented to work, but we rely on it
62 * even inside the library so that you can call mbedtls_rsa_free()
63 * unconditionally on an error path without checking whether it has
64 * already been called in the success path. */
65
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]66 mbedtls_rsa_init( &ctx );
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]67 mbedtls_rsa_free( &ctx );
68
69 if( reinit )
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]70 mbedtls_rsa_init( &ctx );
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]71 mbedtls_rsa_free( &ctx );
72
73 /* This test case always succeeds, functionally speaking. A plausible
74 * bug might trigger an invalid pointer dereference or a memory leak. */
75 goto exit;
76}
77/* END_CASE */
78
79/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]80void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]81 int digest, int mod, int radix_P, char * input_P,
82 int radix_Q, char * input_Q, int radix_N,
83 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]84 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]85{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]86 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]87 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]88 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]90 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]91 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]92
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]93 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
94 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]95 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]96 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode,
97 MBEDTLS_MD_NONE ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]98
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]99 memset( hash_result, 0x00, sizeof( hash_result ) );
100 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]101 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]102
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]103 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
104 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
105 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
106 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]107
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]108 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
109 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]110 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]111 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]112
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]113 if( md_info != NULL )
114 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]115
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]116 TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
117 &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info,
118 digest, mbedtls_md_get_size( md_info ), hash_result,
119 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]120 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]121 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]122
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]123 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
124 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]125 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]126
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]127exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]128 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
129 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]130 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]131}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]132/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]133
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]134/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]135void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]136 int digest, int mod, int radix_N,
137 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]138 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]139{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]140 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]141 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]142 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]143 mbedtls_mpi N, E;
144
145 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]146 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]147 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
148 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]149 memset( hash_result, 0x00, sizeof( hash_result ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]150
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]151 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
152 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]153 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
154 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]155 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]156
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]157 if( md_info != NULL )
158 TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]159
Gilles Peskine6e3187b2021-06-22 18:39:53 +0200[diff] [blame]160 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]161
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]162exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]163 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]164 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]165}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]166/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]167
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]168
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]169/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]170void rsa_pkcs1_sign_raw( data_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]171 int padding_mode, int mod, int radix_P,
172 char * input_P, int radix_Q, char * input_Q,
173 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]174 char * input_E, data_t * result_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]175{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]176 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]178 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]179 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]180
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]181 mbedtls_rsa_init( &ctx );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]182 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
183 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]184
Paul Elliotte57dd2d2021-06-25 11:13:24 +0100[diff] [blame^]185 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
186 MBEDTLS_MD_NONE ) == 0 );
187
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]188 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]189 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]190
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]191 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
192 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
193 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
194 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]195
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]196 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
197 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]198 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]199 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]200
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]201
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]202 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]203 &rnd_info, MBEDTLS_MD_NONE,
204 hash_result->len,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]205 hash_result->x, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]206
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]207
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]208 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
209 ctx.len, result_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]210
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]211exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]212 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
213 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
214
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]215 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]216}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]217/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]218
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]219/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]220void rsa_pkcs1_verify_raw( data_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]221 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]222 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]223 data_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]224{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]225 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]226 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]227
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]228 mbedtls_mpi N, E;
229 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
230
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]231 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]232 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
233 MBEDTLS_MD_NONE ) == 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]234 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]235
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]236 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
237 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]238
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]239 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
240 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]241 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]242
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]243
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]244 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]245
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]246exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]247 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]248 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]249}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]250/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]251
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]252/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]253void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]254 int mod, int radix_N, char * input_N,
255 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]256 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]257{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]258 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]259 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]260 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]261
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]262 mbedtls_mpi N, E;
263 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
264
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]265 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]266
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]267 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]268 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
269 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]270 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]271
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]272 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
273 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]274
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]275 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
276 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]277 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]278
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]279
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]280 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
281 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]282 &rnd_info, message_str->len,
283 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]284 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]285 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]286 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]287
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]288 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
289 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]290 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]291
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]292exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]293 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]294 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]295}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]296/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]297
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]298/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]299void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]300 int mod, int radix_N, char * input_N,
301 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]302 data_t * result_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]303{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]304 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]305 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]306
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]307 mbedtls_mpi N, E;
308
309 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]310 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]311 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
312 MBEDTLS_MD_NONE ) == 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]313 memset( output, 0x00, sizeof( output ) );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]314
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]315 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
316 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]317
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]318 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
319 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]320 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]321
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]322
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]323 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]324 NULL, message_str->len,
325 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]326 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]327 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]328 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]329
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]330 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
331 ctx.len, result_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]332 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]333
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]334exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]335 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]336 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]337}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]338/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]339
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]340/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]341void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]342 int mod, int radix_P, char * input_P,
343 int radix_Q, char * input_Q, int radix_N,
344 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]345 int max_output, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]346 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]348 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]349 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]350 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]351 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]352 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]353
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]354 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
355 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
356
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]357 mbedtls_rsa_init( &ctx );
Ronald Cron266b6d22021-06-08 10:03:49 +0200[diff] [blame]358 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
359 MBEDTLS_MD_NONE ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]360
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]361 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]362 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]363
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]364
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]365 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
366 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
367 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
368 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]369
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]370 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
371 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]372 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]373 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]374
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]375 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]376
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]377 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]378 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]379 &output_len, message_str->x, output,
380 max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]381 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]382 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]383
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]384 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]385 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]386 result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]387 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]388
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]389exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]390 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
391 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]392 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]393}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]394/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]395
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]396/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]397void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]398 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]399 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]400{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]401 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]402 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]403
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]404 mbedtls_mpi N, E;
405
406 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]407 mbedtls_rsa_init( &ctx );
408 mbedtls_rsa_init( &ctx2 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]409 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]410
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]411 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
412 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]413
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]414 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Gilles Peskine058d0092021-06-09 16:24:35 +0200[diff] [blame]415
416 /* Check test data consistency */
417 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]418 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]419 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]420
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]421 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]422 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]423 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]424
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]425 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
426 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]427 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]428
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]429 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]430 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]431 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]433
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]434 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]435
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]436 memset( output, 0x00, sizeof( output ) );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]437 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]438 if( result == 0 )
439 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]440
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]441 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
442 ctx.len, result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]443 }
444
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]445exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]446 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]447 mbedtls_rsa_free( &ctx );
448 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]449}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]450/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]451
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]452/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]453void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]454 char * input_P, int radix_Q, char * input_Q,
455 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]456 char * input_E, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]457 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]458{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]459 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]460 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]461 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]462 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]463 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]464
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]465 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
466 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]467 mbedtls_rsa_init( &ctx );
468 mbedtls_rsa_init( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]469
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]470 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]471
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]472 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
473 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
474 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
475 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]476
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]477 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
Gilles Peskine058d0092021-06-09 16:24:35 +0200[diff] [blame]478
479 /* Check test data consistency */
480 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]481 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]482 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]483 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]484
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]485 /* repeat three times to test updating of blinding values */
486 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]487 {
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]488 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]489 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
490 &rnd_info, message_str->x,
491 output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]492 if( result == 0 )
493 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]494
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]495 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]496 ctx.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]497 result_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]498 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]499 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]500
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]501 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]502 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]503 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]504 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]505
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]506 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]507
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]508 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]509 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
510 &rnd_info, message_str->x,
511 output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]512 if( result == 0 )
513 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]514
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]515 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]516 ctx2.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]517 result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]518 }
519
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]520exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]521 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
522 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
523
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]524 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]525}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]526/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]527
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]528/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]529void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]530{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 mbedtls_rsa_context ctx;
532 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]533
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]535}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]536/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]537
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]538/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]539void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
540 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]541{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]542 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]543 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]544
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]545 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]546 mbedtls_rsa_init( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]547
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]548 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]549 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]550 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]551 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]552 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]553 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]554 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]555 }
556
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]557 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]559
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]560exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]561 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]562 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]563}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]564/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]565
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]566/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]567void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
568 int radix_Q, char * input_Q, int radix_N,
569 char * input_N, int radix_E, char * input_E,
570 int radix_D, char * input_D, int radix_DP,
571 char * input_DP, int radix_DQ,
572 char * input_DQ, int radix_QP,
573 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]574{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]576
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]577 mbedtls_rsa_init( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]578
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]579 ctx.len = mod / 8;
580 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]581 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]582 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]583 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]584 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]585 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]586 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]587 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]588 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]589 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]590 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]591 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]592 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]593 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]594 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]595 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]596 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]597 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]598 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]599 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]600#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]601 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]602 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]603 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]604 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]605 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]606 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]607 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]608 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]609 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]610 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]611 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]612 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]613#else
614 ((void) radix_DP); ((void) input_DP);
615 ((void) radix_DQ); ((void) input_DQ);
616 ((void) radix_QP); ((void) input_QP);
617#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]618
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]620
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]621exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]622 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]623}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]624/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]625
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]626/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]627void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
628 int radix_Epub, char * input_Epub, int radix_P,
629 char * input_P, int radix_Q, char * input_Q,
630 int radix_N, char * input_N, int radix_E,
631 char * input_E, int radix_D, char * input_D,
632 int radix_DP, char * input_DP, int radix_DQ,
633 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]634 int result )
635{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]636 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]637
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]638 mbedtls_rsa_init( &pub );
639 mbedtls_rsa_init( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]640
641 pub.len = mod / 8;
642 prv.len = mod / 8;
643
644 if( strlen( input_Npub ) )
645 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]646 TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]647 }
648 if( strlen( input_Epub ) )
649 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]650 TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]651 }
652
653 if( strlen( input_P ) )
654 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]655 TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]656 }
657 if( strlen( input_Q ) )
658 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]659 TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]660 }
661 if( strlen( input_N ) )
662 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]663 TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]664 }
665 if( strlen( input_E ) )
666 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]667 TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]668 }
669 if( strlen( input_D ) )
670 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]671 TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]672 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]673#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]674 if( strlen( input_DP ) )
675 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]676 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]677 }
678 if( strlen( input_DQ ) )
679 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]680 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]681 }
682 if( strlen( input_QP ) )
683 {
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]684 TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]685 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]686#else
687 ((void) radix_DP); ((void) input_DP);
688 ((void) radix_DQ); ((void) input_DQ);
689 ((void) radix_QP); ((void) input_QP);
690#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]691
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]692 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]693
694exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]695 mbedtls_rsa_free( &pub );
696 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]697}
698/* END_CASE */
699
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]700/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]701void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]702{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]703 mbedtls_rsa_context ctx;
704 mbedtls_entropy_context entropy;
705 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]706 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]707
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]708 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]709 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]710 mbedtls_rsa_init ( &ctx );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]711
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]712 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
713 &entropy, (const unsigned char *) pers,
714 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]715
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]717 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]718 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]719 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]720 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]721 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]722
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]723exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]724 mbedtls_rsa_free( &ctx );
725 mbedtls_ctr_drbg_free( &ctr_drbg );
726 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]727}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]728/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]729
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]730/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]731void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]732 int radix_D, char *input_D,
733 int radix_E, char *input_E,
734 int radix_P, char *output_P,
735 int radix_Q, char *output_Q,
736 int corrupt, int result )
737{
738 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
739
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]740 mbedtls_mpi_init( &N );
741 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
742 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
743 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
744
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]745 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
746 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
747 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
748 TEST_ASSERT( mbedtls_test_read_mpi( &Qp, radix_P, output_P ) == 0 );
749 TEST_ASSERT( mbedtls_test_read_mpi( &Pp, radix_Q, output_Q ) == 0 );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]750
751 if( corrupt )
752 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
753
754 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]755 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]756
757 if( !corrupt )
758 {
759 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
760 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
761 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
762 }
763
764exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]765 mbedtls_mpi_free( &N );
766 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
767 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
768 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]769}
770/* END_CASE */
771
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]772/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]773void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
774 int radix_Q, char *input_Q,
775 int radix_E, char *input_E,
776 int radix_D, char *output_D,
777 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]778{
779 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
780
781 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
782 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
783 mbedtls_mpi_init( &E );
784 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
785
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]786 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
787 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
788 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
789 TEST_ASSERT( mbedtls_test_read_mpi( &Dp, radix_D, output_D ) == 0 );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]790
791 if( corrupt )
792 {
793 /* Make E even */
794 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
795 }
796
797 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]798 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
799 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]800
801 if( !corrupt )
802 {
803 /*
804 * Check that D and Dp agree modulo LCM(P-1, Q-1).
805 */
806
807 /* Replace P,Q by P-1, Q-1 */
808 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
809 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
810
811 /* Check D == Dp modulo P-1 */
812 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
813 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
814 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
815
816 /* Check D == Dp modulo Q-1 */
817 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
818 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
819 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
820 }
821
822exit:
823
824 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
825 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
826 mbedtls_mpi_free( &E );
827 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
828}
829/* END_CASE */
830
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]831/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]832void mbedtls_rsa_import( int radix_N, char *input_N,
833 int radix_P, char *input_P,
834 int radix_Q, char *input_Q,
835 int radix_D, char *input_D,
836 int radix_E, char *input_E,
837 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]838 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]839 int res_check,
840 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]841{
842 mbedtls_mpi N, P, Q, D, E;
843 mbedtls_rsa_context ctx;
844
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]845 /* Buffers used for encryption-decryption test */
846 unsigned char *buf_orig = NULL;
847 unsigned char *buf_enc = NULL;
848 unsigned char *buf_dec = NULL;
849
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]850 mbedtls_entropy_context entropy;
851 mbedtls_ctr_drbg_context ctr_drbg;
852 const char *pers = "test_suite_rsa";
853
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]854 const int have_N = ( strlen( input_N ) > 0 );
855 const int have_P = ( strlen( input_P ) > 0 );
856 const int have_Q = ( strlen( input_Q ) > 0 );
857 const int have_D = ( strlen( input_D ) > 0 );
858 const int have_E = ( strlen( input_E ) > 0 );
859
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]860 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]861 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]862 mbedtls_rsa_init( &ctx );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]863
864 mbedtls_mpi_init( &N );
865 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
866 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
867
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]868 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
869 (const unsigned char *) pers, strlen( pers ) ) == 0 );
870
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]871 if( have_N )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]872 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]873
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]874 if( have_P )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]875 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]876
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]877 if( have_Q )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]878 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]879
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]880 if( have_D )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]881 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]882
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]883 if( have_E )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]884 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]885
886 if( !successive )
887 {
888 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]889 have_N ? &N : NULL,
890 have_P ? &P : NULL,
891 have_Q ? &Q : NULL,
892 have_D ? &D : NULL,
893 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]894 }
895 else
896 {
897 /* Import N, P, Q, D, E separately.
898 * This should make no functional difference. */
899
900 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]901 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]902 NULL, NULL, NULL, NULL ) == 0 );
903
904 TEST_ASSERT( mbedtls_rsa_import( &ctx,
905 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]906 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]907 NULL, NULL, NULL ) == 0 );
908
909 TEST_ASSERT( mbedtls_rsa_import( &ctx,
910 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]911 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]912 NULL, NULL ) == 0 );
913
914 TEST_ASSERT( mbedtls_rsa_import( &ctx,
915 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]916 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]917 NULL ) == 0 );
918
919 TEST_ASSERT( mbedtls_rsa_import( &ctx,
920 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]921 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]922 }
923
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]924 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]925
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]926 /* On expected success, perform some public and private
927 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]928 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]929 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]930 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]931 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
932 else
933 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
934
935 if( res_check != 0 )
936 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]937
938 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
939 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
940 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
941 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
942 goto exit;
943
944 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
945 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
946
947 /* Make sure the number we're generating is smaller than the modulus */
948 buf_orig[0] = 0x00;
949
950 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
951
952 if( is_priv )
953 {
954 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
955 &ctr_drbg, buf_enc,
956 buf_dec ) == 0 );
957
958 TEST_ASSERT( memcmp( buf_orig, buf_dec,
959 mbedtls_rsa_get_len( &ctx ) ) == 0 );
960 }
961 }
962
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]963exit:
964
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]965 mbedtls_free( buf_orig );
966 mbedtls_free( buf_enc );
967 mbedtls_free( buf_dec );
968
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]969 mbedtls_rsa_free( &ctx );
970
971 mbedtls_ctr_drbg_free( &ctr_drbg );
972 mbedtls_entropy_free( &entropy );
973
974 mbedtls_mpi_free( &N );
975 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
976 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
977}
978/* END_CASE */
979
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]980/* BEGIN_CASE */
981void mbedtls_rsa_export( int radix_N, char *input_N,
982 int radix_P, char *input_P,
983 int radix_Q, char *input_Q,
984 int radix_D, char *input_D,
985 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]986 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]987 int successive )
988{
989 /* Original MPI's with which we set up the RSA context */
990 mbedtls_mpi N, P, Q, D, E;
991
992 /* Exported MPI's */
993 mbedtls_mpi Ne, Pe, Qe, De, Ee;
994
995 const int have_N = ( strlen( input_N ) > 0 );
996 const int have_P = ( strlen( input_P ) > 0 );
997 const int have_Q = ( strlen( input_Q ) > 0 );
998 const int have_D = ( strlen( input_D ) > 0 );
999 const int have_E = ( strlen( input_E ) > 0 );
1000
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1001 mbedtls_rsa_context ctx;
1002
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]1003 mbedtls_rsa_init( &ctx );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1004
1005 mbedtls_mpi_init( &N );
1006 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1007 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1008
1009 mbedtls_mpi_init( &Ne );
1010 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1011 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1012
1013 /* Setup RSA context */
1014
1015 if( have_N )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1016 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1017
1018 if( have_P )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1019 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1020
1021 if( have_Q )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1022 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1023
1024 if( have_D )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1025 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1026
1027 if( have_E )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1028 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1029
1030 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1031 strlen( input_N ) ? &N : NULL,
1032 strlen( input_P ) ? &P : NULL,
1033 strlen( input_Q ) ? &Q : NULL,
1034 strlen( input_D ) ? &D : NULL,
1035 strlen( input_E ) ? &E : NULL ) == 0 );
1036
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1037 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1038
1039 /*
1040 * Export parameters and compare to original ones.
1041 */
1042
1043 /* N and E must always be present. */
1044 if( !successive )
1045 {
1046 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1047 }
1048 else
1049 {
1050 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1051 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1052 }
1053 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1054 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1055
1056 /* If we were providing enough information to setup a complete private context,
1057 * we expect to be able to export all core parameters. */
1058
1059 if( is_priv )
1060 {
1061 if( !successive )
1062 {
1063 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1064 &De, NULL ) == 0 );
1065 }
1066 else
1067 {
1068 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1069 NULL, NULL ) == 0 );
1070 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1071 NULL, NULL ) == 0 );
1072 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1073 &De, NULL ) == 0 );
1074 }
1075
1076 if( have_P )
1077 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1078
1079 if( have_Q )
1080 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1081
1082 if( have_D )
1083 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1084
1085 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1086 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1087 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1088 }
1089
1090exit:
1091
1092 mbedtls_rsa_free( &ctx );
1093
1094 mbedtls_mpi_free( &N );
1095 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1096 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1097
1098 mbedtls_mpi_free( &Ne );
1099 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1100 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1101}
1102/* END_CASE */
1103
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1104/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1105void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1106 int radix_P, char *input_P,
1107 int radix_Q, char *input_Q,
1108 int radix_D, char *input_D,
1109 int radix_E, char *input_E,
1110 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1111{
1112 /* Original MPI's with which we set up the RSA context */
1113 mbedtls_mpi N, P, Q, D, E;
1114
1115 const int have_N = ( strlen( input_N ) > 0 );
1116 const int have_P = ( strlen( input_P ) > 0 );
1117 const int have_Q = ( strlen( input_Q ) > 0 );
1118 const int have_D = ( strlen( input_D ) > 0 );
1119 const int have_E = ( strlen( input_E ) > 0 );
1120
1121 mbedtls_entropy_context entropy;
1122 mbedtls_ctr_drbg_context ctr_drbg;
1123 const char *pers = "test_suite_rsa";
1124
1125 mbedtls_mpi_init( &N );
1126 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1127 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1128
1129 mbedtls_ctr_drbg_init( &ctr_drbg );
1130 mbedtls_entropy_init( &entropy );
1131 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1132 &entropy, (const unsigned char *) pers,
1133 strlen( pers ) ) == 0 );
1134
1135 if( have_N )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1136 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1137
1138 if( have_P )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1139 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1140
1141 if( have_Q )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1142 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1143
1144 if( have_D )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1145 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1146
1147 if( have_E )
Gilles Peskine20edee72021-06-10 23:18:39 +0200[diff] [blame]1148 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1149
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1150 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1151 have_P ? &P : NULL,
1152 have_Q ? &Q : NULL,
1153 have_D ? &D : NULL,
1154 have_E ? &E : NULL,
1155 prng ? mbedtls_ctr_drbg_random : NULL,
1156 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1157exit:
1158
1159 mbedtls_ctr_drbg_free( &ctr_drbg );
1160 mbedtls_entropy_free( &entropy );
1161
1162 mbedtls_mpi_free( &N );
1163 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1164 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1165}
1166/* END_CASE */
1167
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1168/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1169void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1170 data_t *input_Q, data_t *input_D,
1171 data_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1172 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1173{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1174 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1175 unsigned char bufNe[256];
1176 unsigned char bufPe[128];
1177 unsigned char bufQe[128];
1178 unsigned char bufDe[256];
1179 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1180
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1181 mbedtls_rsa_context ctx;
1182
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]1183 mbedtls_rsa_init( &ctx );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1184
1185 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1186 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1187 input_N->len ? input_N->x : NULL, input_N->len,
1188 input_P->len ? input_P->x : NULL, input_P->len,
1189 input_Q->len ? input_Q->x : NULL, input_Q->len,
1190 input_D->len ? input_D->x : NULL, input_D->len,
1191 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1192
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1193 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1194
1195 /*
1196 * Export parameters and compare to original ones.
1197 */
1198
1199 /* N and E must always be present. */
1200 if( !successive )
1201 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1202 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1203 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1204 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1205 }
1206 else
1207 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1208 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1209 NULL, 0, NULL, 0, NULL, 0,
1210 NULL, 0 ) == 0 );
1211 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1212 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1213 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1214 }
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1215 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1216 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1217
1218 /* If we were providing enough information to setup a complete private context,
1219 * we expect to be able to export all core parameters. */
1220
1221 if( is_priv )
1222 {
1223 if( !successive )
1224 {
1225 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1226 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1227 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1228 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1229 NULL, 0 ) == 0 );
1230 }
1231 else
1232 {
1233 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1234 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1235 NULL, 0, NULL, 0,
1236 NULL, 0 ) == 0 );
1237
1238 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1239 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1240 NULL, 0, NULL, 0 ) == 0 );
1241
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1242 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1243 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1244 NULL, 0 ) == 0 );
1245 }
1246
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1247 if( input_P->len )
1248 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1249
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1250 if( input_Q->len )
1251 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1252
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1253 if( input_D->len )
1254 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1255
1256 }
1257
1258exit:
1259 mbedtls_rsa_free( &ctx );
1260}
1261/* END_CASE */
1262
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1263/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1264void mbedtls_rsa_import_raw( data_t *input_N,
1265 data_t *input_P, data_t *input_Q,
1266 data_t *input_D, data_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1267 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1268 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1269 int res_check,
1270 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1271{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1272 /* Buffers used for encryption-decryption test */
1273 unsigned char *buf_orig = NULL;
1274 unsigned char *buf_enc = NULL;
1275 unsigned char *buf_dec = NULL;
1276
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1277 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1278 mbedtls_entropy_context entropy;
1279 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1280
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1281 const char *pers = "test_suite_rsa";
1282
1283 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1284 mbedtls_entropy_init( &entropy );
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame]1285 mbedtls_rsa_init( &ctx );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1286
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1287 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1288 &entropy, (const unsigned char *) pers,
1289 strlen( pers ) ) == 0 );
1290
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1291 if( !successive )
1292 {
1293 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1294 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1295 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1296 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1297 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1298 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1299 }
1300 else
1301 {
1302 /* Import N, P, Q, D, E separately.
1303 * This should make no functional difference. */
1304
1305 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1306 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1307 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1308
1309 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1310 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1311 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1312 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1313
1314 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1315 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1316 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1317 NULL, 0, NULL, 0 ) == 0 );
1318
1319 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1320 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1321 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1322 NULL, 0 ) == 0 );
1323
1324 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1325 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1326 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1327 }
1328
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1329 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1330
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1331 /* On expected success, perform some public and private
1332 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1333 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1334 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1335 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1336 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1337 else
1338 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1339
1340 if( res_check != 0 )
1341 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1342
1343 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1344 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1345 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1346 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1347 goto exit;
1348
1349 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1350 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1351
1352 /* Make sure the number we're generating is smaller than the modulus */
1353 buf_orig[0] = 0x00;
1354
1355 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1356
1357 if( is_priv )
1358 {
1359 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1360 &ctr_drbg, buf_enc,
1361 buf_dec ) == 0 );
1362
1363 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1364 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1365 }
1366 }
1367
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1368exit:
1369
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1370 mbedtls_free( buf_orig );
1371 mbedtls_free( buf_enc );
1372 mbedtls_free( buf_dec );
1373
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1374 mbedtls_rsa_free( &ctx );
1375
1376 mbedtls_ctr_drbg_free( &ctr_drbg );
1377 mbedtls_entropy_free( &entropy );
1378
1379}
1380/* END_CASE */
1381
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1382/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1383void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1384{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1385 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1386}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1387/* END_CASE */