TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 41377d66800cda1ab18fdad89a6e3c7e6c210446 / . / tests / suites / test_suite_rsa.function
blob: 9cf2fcf3480abc47f19e65130793b95ab0f68319 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Chris Jones66a4cd42021-03-09 16:04:12 +0000[diff] [blame]3#include "rsa_alt_helpers.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]21void rsa_init_free( int reinit )
22{
23 mbedtls_rsa_context ctx;
24
25 /* Double free is not explicitly documented to work, but we rely on it
26 * even inside the library so that you can call mbedtls_rsa_free()
27 * unconditionally on an error path without checking whether it has
28 * already been called in the success path. */
29
30 mbedtls_rsa_init( &ctx, 0, 0 );
31 mbedtls_rsa_free( &ctx );
32
33 if( reinit )
34 mbedtls_rsa_init( &ctx, 0, 0 );
35 mbedtls_rsa_free( &ctx );
36
37 /* This test case always succeeds, functionally speaking. A plausible
38 * bug might trigger an invalid pointer dereference or a memory leak. */
39 goto exit;
40}
41/* END_CASE */
42
43/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]44void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]45 int digest, int mod, int radix_P, char * input_P,
46 int radix_Q, char * input_Q, int radix_N,
47 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]48 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]49{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]50 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
51 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]52 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]53 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]54 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]55
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]56 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
57 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]58 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]59
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]60 memset( hash_result, 0x00, sizeof( hash_result ) );
61 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]62 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]63
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]64 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
65 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
66 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
67 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]68
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]69 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
70 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]71 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]73
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]74
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]75 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]76 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]78 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]79 &rnd_info, digest, 0, hash_result,
80 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]81 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]82 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]83
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]84 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
85 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]86 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]87
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]88exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]89 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
90 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]91 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]92}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]93/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]94
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]95/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]96void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]97 int digest, int mod, int radix_N,
98 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]99 data_t * result_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]100{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]101 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]103
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]104 mbedtls_mpi N, E;
105
106 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]107 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]108 memset( hash_result, 0x00, sizeof( hash_result ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]109
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]110 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
111 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
112 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
113 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]115
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]116
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]117 if( mbedtls_md_info_from_type( digest ) != NULL )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]118 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]119
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]120 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]121
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]122exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]123 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]125}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]126/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]127
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]128
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]129/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]130void rsa_pkcs1_sign_raw( data_t * hash_result,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]131 int padding_mode, int mod, int radix_P,
132 char * input_P, int radix_Q, char * input_Q,
133 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]134 char * input_E, data_t * result_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]135{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]136 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]137 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]138 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]139 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]140
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]141 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]142 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
143 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]144
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]145 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]146 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]147
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]148 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
149 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
150 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
151 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]152
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]153 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
154 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]155 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]156 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]157
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]158
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]159 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney140184d2021-05-18 16:04:07 +0100[diff] [blame]160 &rnd_info, MBEDTLS_MD_NONE,
161 hash_result->len,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]162 hash_result->x, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]163
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]164
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]165 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
166 ctx.len, result_str->len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]167
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]168exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]169 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
170 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
171
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]172 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]173}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]174/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]175
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]176/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]177void rsa_pkcs1_verify_raw( data_t * hash_result,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]178 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]179 char * input_N, int radix_E, char * input_E,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]180 data_t * result_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]181{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]182 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]183 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]184
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]185 mbedtls_mpi N, E;
186 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
187
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]188 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]189 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]190
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]191 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
192 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]193
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]194 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
195 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]198
Thomas Daubney68d9cbc2021-05-18 18:45:09 +0100[diff] [blame]199 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]200
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]201exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]202 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]203 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]204}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]205/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]206
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]207/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]208void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]209 int mod, int radix_N, char * input_N,
210 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]211 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]212{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]213 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]214 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]215 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]216
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]217 mbedtls_mpi N, E;
218 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
219
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]220 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]221
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]222 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]223 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]224
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]225 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
226 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]227
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]228 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
229 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]230 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]231
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]232
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]233 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
234 &mbedtls_test_rnd_pseudo_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]235 &rnd_info, message_str->len,
236 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]237 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]238 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]239 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]240
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]241 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
242 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]243 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]244
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]245exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]246 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]247 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]248}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]249/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]250
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]251/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]252void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]253 int mod, int radix_N, char * input_N,
254 int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]255 data_t * result_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]256{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]257 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]258 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]259
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]260 mbedtls_mpi N, E;
261
262 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]263 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]264 memset( output, 0x00, sizeof( output ) );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]265
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]266 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
267 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]268
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]269 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
270 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]271 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]272
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]273
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]274 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
Thomas Daubney21772772021-05-13 17:30:32 +0100[diff] [blame]275 NULL, message_str->len,
276 message_str->x,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]277 output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]278 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]279 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]280
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]281 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
282 ctx.len, result_str->len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]283 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]284
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]285exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]286 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]287 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]288}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]289/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]290
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]291/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]292void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]293 int mod, int radix_P, char * input_P,
294 int radix_Q, char * input_Q, int radix_N,
295 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]296 int max_output, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]297 int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]298{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]299 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]300 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]301 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]302 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]303 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]304
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]305 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
306 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
307
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]308 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]309
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]310 memset( output, 0x00, sizeof( output ) );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]311 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]312
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]313
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]314 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
315 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
316 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
317 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]318
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]319 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
320 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]321 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]322 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]323
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]324 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]325
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]326 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
Thomas Daubneyc7feaf32021-05-07 14:02:43 +0100[diff] [blame]327 &rnd_info,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]328 &output_len, message_str->x, output,
329 max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]330 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]331 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]332
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]333 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]334 output_len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]335 result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]336 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]337
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]338exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]339 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
340 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]341 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]342}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]343/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]344
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]345/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]346void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]347 char * input_N, int radix_E, char * input_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]348 data_t * result_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]349{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]350 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]351 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]352
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]353 mbedtls_mpi N, E;
354
355 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]356 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
357 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]358 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]359
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]360 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
361 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]362
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]363 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
364 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]365 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]366
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]367
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]368 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]369 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]370 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]371
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]372 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
373 ctx.len, result_str->len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]374 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]375
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]376 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]377 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]378 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]379 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]380
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]381 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]382
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]383 memset( output, 0x00, sizeof( output ) );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]384 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]385 if( result == 0 )
386 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]387
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]388 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
389 ctx.len, result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]390 }
391
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]392exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]393 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]394 mbedtls_rsa_free( &ctx );
395 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]396}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]397/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]398
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]399/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]400void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]401 char * input_P, int radix_Q, char * input_Q,
402 int radix_N, char * input_N, int radix_E,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]403 char * input_E, data_t * result_str,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]404 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]405{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]406 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]408 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]409 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]410 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]411
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]412 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
413 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
415 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]416
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]417 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]418
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]419 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
420 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
421 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
422 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]423
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]424 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
425 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]426 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]427 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]428
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]429
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]430 /* repeat three times to test updating of blinding values */
431 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]432 {
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]433 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]434 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
435 &rnd_info, message_str->x,
436 output ) == result );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]437 if( result == 0 )
438 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]439
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]440 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]441 ctx.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]442 result_str->len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]443 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]444 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]445
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]446 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]447 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]448 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]449 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]450
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]451 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]452
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]453 memset( output, 0x00, sizeof( output ) );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]454 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
455 &rnd_info, message_str->x,
456 output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]457 if( result == 0 )
458 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]459
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]460 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
Ronald Cron2dbba992020-06-10 11:42:32 +0200[diff] [blame]461 ctx2.len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]462 result_str->len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]463 }
464
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]465exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]466 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
467 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
468
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]470}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]471/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]472
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]473/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]474void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]475{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]476 mbedtls_rsa_context ctx;
477 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]478
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]479 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]480}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]481/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]482
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]483/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]484void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
485 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]486{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]487 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]488 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]489
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]490 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]491 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]492
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]493 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]494 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]495 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]496 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]497 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]498 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]499 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]500 }
501
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]502 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]503 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]504
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]505exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]506 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]507 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]508}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]509/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]510
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]511/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]512void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
513 int radix_Q, char * input_Q, int radix_N,
514 char * input_N, int radix_E, char * input_E,
515 int radix_D, char * input_D, int radix_DP,
516 char * input_DP, int radix_DQ,
517 char * input_DQ, int radix_QP,
518 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]519{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]520 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]521
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]522 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]523
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]524 ctx.len = mod / 8;
525 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]526 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]528 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]529 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]530 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]532 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]533 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]534 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]535 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]536 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]537 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]538 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]539 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]540 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]541 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]542 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]543 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]544 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]545#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]546 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]547 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]548 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]549 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]550 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]551 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]552 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]553 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]554 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]555 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]556 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]557 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]558#else
559 ((void) radix_DP); ((void) input_DP);
560 ((void) radix_DQ); ((void) input_DQ);
561 ((void) radix_QP); ((void) input_QP);
562#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]563
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]564 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]565
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]566exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]567 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]568}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]569/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]570
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]571/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]572void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
573 int radix_Epub, char * input_Epub, int radix_P,
574 char * input_P, int radix_Q, char * input_Q,
575 int radix_N, char * input_N, int radix_E,
576 char * input_E, int radix_D, char * input_D,
577 int radix_DP, char * input_DP, int radix_DQ,
578 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]579 int result )
580{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]581 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]582
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
584 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]585
586 pub.len = mod / 8;
587 prv.len = mod / 8;
588
589 if( strlen( input_Npub ) )
590 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]591 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]592 }
593 if( strlen( input_Epub ) )
594 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]596 }
597
598 if( strlen( input_P ) )
599 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]600 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]601 }
602 if( strlen( input_Q ) )
603 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]604 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]605 }
606 if( strlen( input_N ) )
607 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]608 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]609 }
610 if( strlen( input_E ) )
611 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]612 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]613 }
614 if( strlen( input_D ) )
615 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]617 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]618#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]619 if( strlen( input_DP ) )
620 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]622 }
623 if( strlen( input_DQ ) )
624 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]626 }
627 if( strlen( input_QP ) )
628 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]629 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]630 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]631#else
632 ((void) radix_DP); ((void) input_DP);
633 ((void) radix_DQ); ((void) input_DQ);
634 ((void) radix_QP); ((void) input_QP);
635#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]636
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]637 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]638
639exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]640 mbedtls_rsa_free( &pub );
641 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]642}
643/* END_CASE */
644
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]645/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]646void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]647{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]648 mbedtls_rsa_context ctx;
649 mbedtls_entropy_context entropy;
650 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]651 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]652
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]653 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]654 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]655 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]656
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]657 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
658 &entropy, (const unsigned char *) pers,
659 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]660
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]661 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]662 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]663 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]665 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]666 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]667
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]668exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]669 mbedtls_rsa_free( &ctx );
670 mbedtls_ctr_drbg_free( &ctr_drbg );
671 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]672}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]673/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]674
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]675/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]676void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]677 int radix_D, char *input_D,
678 int radix_E, char *input_E,
679 int radix_P, char *output_P,
680 int radix_Q, char *output_Q,
681 int corrupt, int result )
682{
683 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
684
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]685 mbedtls_mpi_init( &N );
686 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
687 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
688 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
689
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]690 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
691 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
692 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
693 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
694 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
695
696 if( corrupt )
697 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
698
699 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]700 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]701
702 if( !corrupt )
703 {
704 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
705 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
706 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
707 }
708
709exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]710 mbedtls_mpi_free( &N );
711 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
712 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
713 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]714}
715/* END_CASE */
716
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]717/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]718void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
719 int radix_Q, char *input_Q,
720 int radix_E, char *input_E,
721 int radix_D, char *output_D,
722 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]723{
724 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
725
726 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
727 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
728 mbedtls_mpi_init( &E );
729 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
730
731 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
732 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
733 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
734 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
735
736 if( corrupt )
737 {
738 /* Make E even */
739 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
740 }
741
742 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]743 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
744 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]745
746 if( !corrupt )
747 {
748 /*
749 * Check that D and Dp agree modulo LCM(P-1, Q-1).
750 */
751
752 /* Replace P,Q by P-1, Q-1 */
753 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
754 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
755
756 /* Check D == Dp modulo P-1 */
757 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
758 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
759 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
760
761 /* Check D == Dp modulo Q-1 */
762 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
763 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
764 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
765 }
766
767exit:
768
769 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
770 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
771 mbedtls_mpi_free( &E );
772 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
773}
774/* END_CASE */
775
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]776/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]777void mbedtls_rsa_import( int radix_N, char *input_N,
778 int radix_P, char *input_P,
779 int radix_Q, char *input_Q,
780 int radix_D, char *input_D,
781 int radix_E, char *input_E,
782 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]783 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]784 int res_check,
785 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]786{
787 mbedtls_mpi N, P, Q, D, E;
788 mbedtls_rsa_context ctx;
789
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]790 /* Buffers used for encryption-decryption test */
791 unsigned char *buf_orig = NULL;
792 unsigned char *buf_enc = NULL;
793 unsigned char *buf_dec = NULL;
794
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]795 mbedtls_entropy_context entropy;
796 mbedtls_ctr_drbg_context ctr_drbg;
797 const char *pers = "test_suite_rsa";
798
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]799 const int have_N = ( strlen( input_N ) > 0 );
800 const int have_P = ( strlen( input_P ) > 0 );
801 const int have_Q = ( strlen( input_Q ) > 0 );
802 const int have_D = ( strlen( input_D ) > 0 );
803 const int have_E = ( strlen( input_E ) > 0 );
804
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]805 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]806 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]807 mbedtls_rsa_init( &ctx, 0, 0 );
808
809 mbedtls_mpi_init( &N );
810 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
811 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
812
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]813 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
814 (const unsigned char *) pers, strlen( pers ) ) == 0 );
815
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]816 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]817 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
818
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]819 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]820 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
821
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]822 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]823 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
824
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]825 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]826 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
827
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]828 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]829 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
830
831 if( !successive )
832 {
833 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]834 have_N ? &N : NULL,
835 have_P ? &P : NULL,
836 have_Q ? &Q : NULL,
837 have_D ? &D : NULL,
838 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]839 }
840 else
841 {
842 /* Import N, P, Q, D, E separately.
843 * This should make no functional difference. */
844
845 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]846 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]847 NULL, NULL, NULL, NULL ) == 0 );
848
849 TEST_ASSERT( mbedtls_rsa_import( &ctx,
850 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]851 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]852 NULL, NULL, NULL ) == 0 );
853
854 TEST_ASSERT( mbedtls_rsa_import( &ctx,
855 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]856 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]857 NULL, NULL ) == 0 );
858
859 TEST_ASSERT( mbedtls_rsa_import( &ctx,
860 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]861 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]862 NULL ) == 0 );
863
864 TEST_ASSERT( mbedtls_rsa_import( &ctx,
865 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]866 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]867 }
868
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]869 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]870
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]871 /* On expected success, perform some public and private
872 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]873 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]874 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]875 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]876 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
877 else
878 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
879
880 if( res_check != 0 )
881 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]882
883 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
884 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
885 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
886 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
887 goto exit;
888
889 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
890 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
891
892 /* Make sure the number we're generating is smaller than the modulus */
893 buf_orig[0] = 0x00;
894
895 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
896
897 if( is_priv )
898 {
899 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
900 &ctr_drbg, buf_enc,
901 buf_dec ) == 0 );
902
903 TEST_ASSERT( memcmp( buf_orig, buf_dec,
904 mbedtls_rsa_get_len( &ctx ) ) == 0 );
905 }
906 }
907
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]908exit:
909
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]910 mbedtls_free( buf_orig );
911 mbedtls_free( buf_enc );
912 mbedtls_free( buf_dec );
913
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]914 mbedtls_rsa_free( &ctx );
915
916 mbedtls_ctr_drbg_free( &ctr_drbg );
917 mbedtls_entropy_free( &entropy );
918
919 mbedtls_mpi_free( &N );
920 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
921 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
922}
923/* END_CASE */
924
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]925/* BEGIN_CASE */
926void mbedtls_rsa_export( int radix_N, char *input_N,
927 int radix_P, char *input_P,
928 int radix_Q, char *input_Q,
929 int radix_D, char *input_D,
930 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]931 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]932 int successive )
933{
934 /* Original MPI's with which we set up the RSA context */
935 mbedtls_mpi N, P, Q, D, E;
936
937 /* Exported MPI's */
938 mbedtls_mpi Ne, Pe, Qe, De, Ee;
939
940 const int have_N = ( strlen( input_N ) > 0 );
941 const int have_P = ( strlen( input_P ) > 0 );
942 const int have_Q = ( strlen( input_Q ) > 0 );
943 const int have_D = ( strlen( input_D ) > 0 );
944 const int have_E = ( strlen( input_E ) > 0 );
945
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]946 mbedtls_rsa_context ctx;
947
948 mbedtls_rsa_init( &ctx, 0, 0 );
949
950 mbedtls_mpi_init( &N );
951 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
952 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
953
954 mbedtls_mpi_init( &Ne );
955 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
956 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
957
958 /* Setup RSA context */
959
960 if( have_N )
961 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
962
963 if( have_P )
964 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
965
966 if( have_Q )
967 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
968
969 if( have_D )
970 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
971
972 if( have_E )
973 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
974
975 TEST_ASSERT( mbedtls_rsa_import( &ctx,
976 strlen( input_N ) ? &N : NULL,
977 strlen( input_P ) ? &P : NULL,
978 strlen( input_Q ) ? &Q : NULL,
979 strlen( input_D ) ? &D : NULL,
980 strlen( input_E ) ? &E : NULL ) == 0 );
981
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]982 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]983
984 /*
985 * Export parameters and compare to original ones.
986 */
987
988 /* N and E must always be present. */
989 if( !successive )
990 {
991 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
992 }
993 else
994 {
995 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
996 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
997 }
998 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
999 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1000
1001 /* If we were providing enough information to setup a complete private context,
1002 * we expect to be able to export all core parameters. */
1003
1004 if( is_priv )
1005 {
1006 if( !successive )
1007 {
1008 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1009 &De, NULL ) == 0 );
1010 }
1011 else
1012 {
1013 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1014 NULL, NULL ) == 0 );
1015 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1016 NULL, NULL ) == 0 );
1017 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1018 &De, NULL ) == 0 );
1019 }
1020
1021 if( have_P )
1022 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1023
1024 if( have_Q )
1025 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1026
1027 if( have_D )
1028 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1029
1030 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1031 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1032 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1033 }
1034
1035exit:
1036
1037 mbedtls_rsa_free( &ctx );
1038
1039 mbedtls_mpi_free( &N );
1040 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1041 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1042
1043 mbedtls_mpi_free( &Ne );
1044 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1045 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1046}
1047/* END_CASE */
1048
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1049/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1050void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1051 int radix_P, char *input_P,
1052 int radix_Q, char *input_Q,
1053 int radix_D, char *input_D,
1054 int radix_E, char *input_E,
1055 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1056{
1057 /* Original MPI's with which we set up the RSA context */
1058 mbedtls_mpi N, P, Q, D, E;
1059
1060 const int have_N = ( strlen( input_N ) > 0 );
1061 const int have_P = ( strlen( input_P ) > 0 );
1062 const int have_Q = ( strlen( input_Q ) > 0 );
1063 const int have_D = ( strlen( input_D ) > 0 );
1064 const int have_E = ( strlen( input_E ) > 0 );
1065
1066 mbedtls_entropy_context entropy;
1067 mbedtls_ctr_drbg_context ctr_drbg;
1068 const char *pers = "test_suite_rsa";
1069
1070 mbedtls_mpi_init( &N );
1071 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1072 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1073
1074 mbedtls_ctr_drbg_init( &ctr_drbg );
1075 mbedtls_entropy_init( &entropy );
1076 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1077 &entropy, (const unsigned char *) pers,
1078 strlen( pers ) ) == 0 );
1079
1080 if( have_N )
1081 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1082
1083 if( have_P )
1084 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1085
1086 if( have_Q )
1087 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1088
1089 if( have_D )
1090 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1091
1092 if( have_E )
1093 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1094
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1095 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1096 have_P ? &P : NULL,
1097 have_Q ? &Q : NULL,
1098 have_D ? &D : NULL,
1099 have_E ? &E : NULL,
1100 prng ? mbedtls_ctr_drbg_random : NULL,
1101 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1102exit:
1103
1104 mbedtls_ctr_drbg_free( &ctr_drbg );
1105 mbedtls_entropy_free( &entropy );
1106
1107 mbedtls_mpi_free( &N );
1108 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1109 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1110}
1111/* END_CASE */
1112
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1113/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1114void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1115 data_t *input_Q, data_t *input_D,
1116 data_t *input_E, int is_priv,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1117 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1118{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1119 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1120 unsigned char bufNe[256];
1121 unsigned char bufPe[128];
1122 unsigned char bufQe[128];
1123 unsigned char bufDe[256];
1124 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1125
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1126 mbedtls_rsa_context ctx;
1127
1128 mbedtls_rsa_init( &ctx, 0, 0 );
1129
1130 /* Setup RSA context */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1131 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1132 input_N->len ? input_N->x : NULL, input_N->len,
1133 input_P->len ? input_P->x : NULL, input_P->len,
1134 input_Q->len ? input_Q->x : NULL, input_Q->len,
1135 input_D->len ? input_D->x : NULL, input_D->len,
1136 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1137
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1138 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1139
1140 /*
1141 * Export parameters and compare to original ones.
1142 */
1143
1144 /* N and E must always be present. */
1145 if( !successive )
1146 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1147 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1148 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1149 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1150 }
1151 else
1152 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1153 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1154 NULL, 0, NULL, 0, NULL, 0,
1155 NULL, 0 ) == 0 );
1156 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1157 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1158 bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1159 }
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1160 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1161 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1162
1163 /* If we were providing enough information to setup a complete private context,
1164 * we expect to be able to export all core parameters. */
1165
1166 if( is_priv )
1167 {
1168 if( !successive )
1169 {
1170 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1171 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1172 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1173 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1174 NULL, 0 ) == 0 );
1175 }
1176 else
1177 {
1178 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1179 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1180 NULL, 0, NULL, 0,
1181 NULL, 0 ) == 0 );
1182
1183 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1184 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1185 NULL, 0, NULL, 0 ) == 0 );
1186
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1187 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1188 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1189 NULL, 0 ) == 0 );
1190 }
1191
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1192 if( input_P->len )
1193 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1194
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1195 if( input_Q->len )
1196 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1197
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1198 if( input_D->len )
1199 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1200
1201 }
1202
1203exit:
1204 mbedtls_rsa_free( &ctx );
1205}
1206/* END_CASE */
1207
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1208/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1209void mbedtls_rsa_import_raw( data_t *input_N,
1210 data_t *input_P, data_t *input_Q,
1211 data_t *input_D, data_t *input_E,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1212 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1213 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1214 int res_check,
1215 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1216{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1217 /* Buffers used for encryption-decryption test */
1218 unsigned char *buf_orig = NULL;
1219 unsigned char *buf_enc = NULL;
1220 unsigned char *buf_dec = NULL;
1221
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1222 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1223 mbedtls_entropy_context entropy;
1224 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1225
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1226 const char *pers = "test_suite_rsa";
1227
1228 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1229 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1230 mbedtls_rsa_init( &ctx, 0, 0 );
1231
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1232 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1233 &entropy, (const unsigned char *) pers,
1234 strlen( pers ) ) == 0 );
1235
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1236 if( !successive )
1237 {
1238 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1239 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1240 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1241 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1242 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1243 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1244 }
1245 else
1246 {
1247 /* Import N, P, Q, D, E separately.
1248 * This should make no functional difference. */
1249
1250 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1251 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1252 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1253
1254 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1255 NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1256 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1257 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1258
1259 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1260 NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1261 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1262 NULL, 0, NULL, 0 ) == 0 );
1263
1264 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1265 NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1266 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1267 NULL, 0 ) == 0 );
1268
1269 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1270 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1271 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1272 }
1273
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1274 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1275
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1276 /* On expected success, perform some public and private
1277 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1278 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1279 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1280 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1281 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1282 else
1283 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1284
1285 if( res_check != 0 )
1286 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1287
1288 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1289 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1290 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1291 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1292 goto exit;
1293
1294 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1295 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1296
1297 /* Make sure the number we're generating is smaller than the modulus */
1298 buf_orig[0] = 0x00;
1299
1300 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1301
1302 if( is_priv )
1303 {
1304 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1305 &ctr_drbg, buf_enc,
1306 buf_dec ) == 0 );
1307
1308 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1309 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1310 }
1311 }
1312
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1313exit:
1314
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1315 mbedtls_free( buf_orig );
1316 mbedtls_free( buf_enc );
1317 mbedtls_free( buf_dec );
1318
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1319 mbedtls_rsa_free( &ctx );
1320
1321 mbedtls_ctr_drbg_free( &ctr_drbg );
1322 mbedtls_entropy_free( &entropy );
1323
1324}
1325/* END_CASE */
1326
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1327/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1328void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1329{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1330 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1331}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1332/* END_CASE */