TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9079170f6e71cd4b3e6822ee472ecad06b272f32 / . / tests / suites / test_suite_rsa.function
blob: 4d58049dfa21f0d55e61bb1c232f6dc9985e1e9c [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +0100[diff] [blame]3#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]21void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]22 int mod, int radix_P, char *input_P, int radix_Q,
23 char *input_Q, int radix_N, char *input_N, int radix_E,
24 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]25{
26 unsigned char message_str[1000];
27 unsigned char hash_result[1000];
28 unsigned char output[1000];
29 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]31 mbedtls_mpi N, P, Q, E;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]32 int msg_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]33 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]34
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]35 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
36 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]38
39 memset( message_str, 0x00, 1000 );
40 memset( hash_result, 0x00, 1000 );
41 memset( output, 0x00, 1000 );
42 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]43 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]44
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]45 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
47 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
48 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]49
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]50 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
51 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]52 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]53 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]54
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]55 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]56
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 if( mbedtls_md_info_from_type( digest ) != NULL )
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]58 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
59 message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]60
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]61 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
62 MBEDTLS_RSA_PRIVATE, digest, 0,
63 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]64 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]65 {
66 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]67
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]68 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]69 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]70
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]71exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]72 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
73 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]74 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]75}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]76/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]77
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]78/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]80 int mod, int radix_N, char *input_N, int radix_E,
81 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]82{
83 unsigned char message_str[1000];
84 unsigned char hash_result[1000];
85 unsigned char result_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86 mbedtls_rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]87 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]88
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]89 mbedtls_mpi N, E;
90
91 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]93 memset( message_str, 0x00, 1000 );
94 memset( hash_result, 0x00, 1000 );
95 memset( result_str, 0x00, 1000 );
96
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]97 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
98 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
99 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
100 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]102
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]103 msg_len = unhexify( message_str, message_hex_string );
104 unhexify( result_str, result_hex_str );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]105
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]106 if( mbedtls_md_info_from_type( digest ) != NULL )
107 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]108
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]109 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]110
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]111exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]112 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]114}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]115/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]116
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]117
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]118/* BEGIN_CASE */
119void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
120 int padding_mode, int mod, int radix_P, char *input_P,
121 int radix_Q, char *input_Q, int radix_N,
122 char *input_N, int radix_E, char *input_E,
123 char *result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]124{
125 unsigned char message_str[1000];
126 unsigned char hash_result[1000];
127 unsigned char output[1000];
128 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]129 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]130 mbedtls_mpi N, P, Q, E;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000[diff] [blame]131 int hash_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]132 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]133
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]134 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]135 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
136 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]137
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]138 memset( message_str, 0x00, 1000 );
139 memset( hash_result, 0x00, 1000 );
140 memset( output, 0x00, 1000 );
141 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]142 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]143
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]144 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
145 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
146 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
147 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]148
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]149 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
150 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]151 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]152 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]153
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]154 unhexify( message_str, message_hex_string );
155 hash_len = unhexify( hash_result, hash_result_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]156
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]157 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
158 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
159 hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]160
161 hexify( output_str, output, ctx.len );
162
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]163 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]164
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]165#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]166 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]168 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]169 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]170 memset( output, 0x00, 1000 );
171 memset( output_str, 0x00, 1000 );
172
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]173 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]174 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]175 hash_len, hash_result, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]176
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]177#if !defined(MBEDTLS_RSA_ALT)
178 TEST_ASSERT( res == 0 );
179#else
180 TEST_ASSERT( ( res == 0 ) ||
181 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
182#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]183
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]184 if( res == 0 )
185 {
186 hexify( output_str, output, ctx.len );
187 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
188 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]189 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]190#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]191
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]192exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]193 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
194 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]198/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]199
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]200/* BEGIN_CASE */
201void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
202 int padding_mode, int mod, int radix_N,
203 char *input_N, int radix_E, char *input_E,
204 char *result_hex_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205{
206 unsigned char message_str[1000];
207 unsigned char hash_result[1000];
208 unsigned char result_str[1000];
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]209 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210 mbedtls_rsa_context ctx;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]211 size_t hash_len;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]212
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]213 mbedtls_mpi N, E;
214 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
215
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]217 memset( message_str, 0x00, 1000 );
218 memset( hash_result, 0x00, 1000 );
219 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]220 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]221
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]222 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
223 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]224
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]225 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
226 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]228
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]229 unhexify( message_str, message_hex_string );
230 hash_len = unhexify( hash_result, hash_result_string );
231 unhexify( result_str, result_hex_str );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]232
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]233 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
234 MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
235 hash_len, hash_result,
236 result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]237
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]238#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]239 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]240 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]241 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]242 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]243 int ok;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]244 size_t olen;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]245
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]246 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]247 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]248 &olen, result_str, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]249
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]250#if !defined(MBEDTLS_RSA_ALT)
251 TEST_ASSERT( res == 0 );
252#else
253 TEST_ASSERT( ( res == 0 ) ||
254 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
255#endif
256
257 if( res == 0 )
258 {
259 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
260 if( correct == 0 )
261 TEST_ASSERT( ok == 1 );
262 else
263 TEST_ASSERT( ok == 0 );
264 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]265 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]266#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]267
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]268exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]269 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]270 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]271}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]272/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]273
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]274/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]275void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]276 int radix_N, char *input_N, int radix_E, char *input_E,
277 char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]278{
279 unsigned char message_str[1000];
280 unsigned char output[1000];
281 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]283 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]284 rnd_pseudo_info rnd_info;
285
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]286 mbedtls_mpi N, E;
287 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
288
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]289 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]290
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]292 memset( message_str, 0x00, 1000 );
293 memset( output, 0x00, 1000 );
294 memset( output_str, 0x00, 1000 );
295
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]296 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
297 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]298
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]299 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
300 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]301 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]302
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]303 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]304
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]305 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
306 MBEDTLS_RSA_PUBLIC, msg_len,
307 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]308 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]309 {
310 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]311
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]312 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]313 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]314
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]315exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]316 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]317 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]318}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]319/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]320
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]321/* BEGIN_CASE */
322void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
323 int mod, int radix_N, char *input_N,
324 int radix_E, char *input_E,
325 char *result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]326{
327 unsigned char message_str[1000];
328 unsigned char output[1000];
329 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]330 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]331 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]332
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]333 mbedtls_mpi N, E;
334
335 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]336 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]337 memset( message_str, 0x00, 1000 );
338 memset( output, 0x00, 1000 );
339 memset( output_str, 0x00, 1000 );
340
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]341 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
342 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]343
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]344 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
345 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]347
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]348 msg_len = unhexify( message_str, message_hex_string );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]349
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]350 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
351 MBEDTLS_RSA_PUBLIC, msg_len,
352 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]353 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]354 {
355 hexify( output_str, output, ctx.len );
356
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]357 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]358 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]359
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]360exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]361 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]363}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]364/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]365
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]366/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]367void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]368 int radix_P, char *input_P, int radix_Q, char *input_Q,
369 int radix_N, char *input_N, int radix_E, char *input_E,
370 int max_output, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]371{
372 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]373 unsigned char output[1000];
374 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]375 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]376 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]377 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]378 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]379
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]380 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
381 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
382
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]383 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]384
385 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]386 memset( output, 0x00, 1000 );
387 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]388 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]389
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]390
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]391 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
392 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
393 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
394 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]395
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]396 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
397 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]398 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]400
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]401 unhexify( message_str, message_hex_string );
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]402 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]403
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]404 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]405 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]406 {
407 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]408
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]409 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]410 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]411
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]412exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]413 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
414 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]416}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]417/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]418
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]419/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]420void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]421 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]422{
423 unsigned char message_str[1000];
424 unsigned char output[1000];
425 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]427
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]428 mbedtls_mpi N, E;
429
430 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
432 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]433 memset( message_str, 0x00, 1000 );
434 memset( output, 0x00, 1000 );
435 memset( output_str, 0x00, 1000 );
436
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]437 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
438 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]439
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]440 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
441 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]442 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]443
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]444 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]445
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]446 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]447 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]448 {
449 hexify( output_str, output, ctx.len );
450
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]451 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]452 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]453
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]454 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]455 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]456 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]457 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]458
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]459 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]460
461 memset( output, 0x00, 1000 );
462 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]463 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]464 if( result == 0 )
465 {
466 hexify( output_str, output, ctx2.len );
467
468 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
469 }
470
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]471exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]472 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]473 mbedtls_rsa_free( &ctx );
474 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]475}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]476/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]477
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]478/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]479void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]480 int radix_Q, char *input_Q, int radix_N, char *input_N,
481 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]482{
483 unsigned char message_str[1000];
484 unsigned char output[1000];
485 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]486 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]487 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]488 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]489 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]490
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]491 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
492 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
494 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]495
496 memset( message_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]497 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]498
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]499 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
500 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
501 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
502 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]503
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]504 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
505 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]506 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]507 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]508
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]509 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]510
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]511 /* repeat three times to test updating of blinding values */
512 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]513 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]514 memset( output, 0x00, 1000 );
515 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]516 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]517 message_str, output ) == result );
518 if( result == 0 )
519 {
520 hexify( output_str, output, ctx.len );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]521
Azim Khan90791702017-05-30 00:57:11 +0100[diff] [blame^]522 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]523 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]524 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]525
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]526 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]528 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]529 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]530
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]532
533 memset( output, 0x00, 1000 );
534 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]535 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]536 message_str, output ) == result );
537 if( result == 0 )
538 {
539 hexify( output_str, output, ctx2.len );
540
Azim Khan90791702017-05-30 00:57:11 +0100[diff] [blame^]541 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]542 }
543
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]544exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]545 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
546 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
547
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]548 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]549}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]550/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]551
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]552/* BEGIN_CASE */
553void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]554{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 mbedtls_rsa_context ctx;
556 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]557
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]559}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]560/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]561
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]562/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]564 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]565{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]566 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]567 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]568
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]569 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]570 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]571
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]572 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]573 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]574 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]575 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]576 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]577 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]578 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]579 }
580
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]581 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]582 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]583
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]584exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]585 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]586 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]587}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]588/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]589
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]590/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]591void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]592 char *input_Q, int radix_N, char *input_N,
593 int radix_E, char *input_E, int radix_D, char *input_D,
594 int radix_DP, char *input_DP, int radix_DQ,
595 char *input_DQ, int radix_QP, char *input_QP,
596 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]597{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]598 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]599
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]600 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]601
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]602 ctx.len = mod / 8;
603 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]604 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]605 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]606 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]607 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]608 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]609 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]610 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]611 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]612 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]613 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]614 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]615 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]616 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]617 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]618 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]619 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]620 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]622 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]623#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]624 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]625 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]626 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]627 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]628 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]629 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]630 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]631 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]632 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]633 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]634 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]635 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]636#else
637 ((void) radix_DP); ((void) input_DP);
638 ((void) radix_DQ); ((void) input_DQ);
639 ((void) radix_QP); ((void) input_QP);
640#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]641
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]642 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]643
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]644exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]645 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]646}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]647/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]648
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]649/* BEGIN_CASE */
650void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
651 int radix_Epub, char *input_Epub,
652 int radix_P, char *input_P, int radix_Q,
653 char *input_Q, int radix_N, char *input_N,
654 int radix_E, char *input_E, int radix_D, char *input_D,
655 int radix_DP, char *input_DP, int radix_DQ,
656 char *input_DQ, int radix_QP, char *input_QP,
657 int result )
658{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]660
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]661 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
662 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]663
664 pub.len = mod / 8;
665 prv.len = mod / 8;
666
667 if( strlen( input_Npub ) )
668 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]669 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]670 }
671 if( strlen( input_Epub ) )
672 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]673 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]674 }
675
676 if( strlen( input_P ) )
677 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]679 }
680 if( strlen( input_Q ) )
681 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]682 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]683 }
684 if( strlen( input_N ) )
685 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]686 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]687 }
688 if( strlen( input_E ) )
689 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]690 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]691 }
692 if( strlen( input_D ) )
693 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]694 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]695 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]696#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]697 if( strlen( input_DP ) )
698 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]699 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]700 }
701 if( strlen( input_DQ ) )
702 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]703 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]704 }
705 if( strlen( input_QP ) )
706 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]707 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]708 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]709#else
710 ((void) radix_DP); ((void) input_DP);
711 ((void) radix_DQ); ((void) input_DQ);
712 ((void) radix_QP); ((void) input_QP);
713#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]714
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]716
717exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]718 mbedtls_rsa_free( &pub );
719 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]720}
721/* END_CASE */
722
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]723/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]724void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]725{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]726 mbedtls_rsa_context ctx;
727 mbedtls_entropy_context entropy;
728 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]729 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]730
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]731 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]732 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]733 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]734
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]735 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
736 &entropy, (const unsigned char *) pers,
737 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]738
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]739 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]740 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]741 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]742 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]743 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]744 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]745
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]746exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]747 mbedtls_rsa_free( &ctx );
748 mbedtls_ctr_drbg_free( &ctr_drbg );
749 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]750}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]751/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]752
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]753/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]754void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]755 int radix_D, char *input_D,
756 int radix_E, char *input_E,
757 int radix_P, char *output_P,
758 int radix_Q, char *output_Q,
759 int corrupt, int result )
760{
761 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
762
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]763 mbedtls_mpi_init( &N );
764 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
765 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
766 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
767
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]768 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
769 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
770 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
771 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
772 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
773
774 if( corrupt )
775 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
776
777 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]778 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]779
780 if( !corrupt )
781 {
782 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
783 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
784 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
785 }
786
787exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]788 mbedtls_mpi_free( &N );
789 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
790 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
791 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]792}
793/* END_CASE */
794
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]795/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]796void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
797 int radix_Q, char *input_Q,
798 int radix_E, char *input_E,
799 int radix_D, char *output_D,
800 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]801{
802 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
803
804 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
805 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
806 mbedtls_mpi_init( &E );
807 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
808
809 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
810 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
811 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
812 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
813
814 if( corrupt )
815 {
816 /* Make E even */
817 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
818 }
819
820 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]821 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
822 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]823
824 if( !corrupt )
825 {
826 /*
827 * Check that D and Dp agree modulo LCM(P-1, Q-1).
828 */
829
830 /* Replace P,Q by P-1, Q-1 */
831 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
832 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
833
834 /* Check D == Dp modulo P-1 */
835 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
836 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
837 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
838
839 /* Check D == Dp modulo Q-1 */
840 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
841 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
842 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
843 }
844
845exit:
846
847 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
848 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
849 mbedtls_mpi_free( &E );
850 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
851}
852/* END_CASE */
853
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]854/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]855void mbedtls_rsa_import( int radix_N, char *input_N,
856 int radix_P, char *input_P,
857 int radix_Q, char *input_Q,
858 int radix_D, char *input_D,
859 int radix_E, char *input_E,
860 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]861 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]862 int res_check,
863 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]864{
865 mbedtls_mpi N, P, Q, D, E;
866 mbedtls_rsa_context ctx;
867
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]868 /* Buffers used for encryption-decryption test */
869 unsigned char *buf_orig = NULL;
870 unsigned char *buf_enc = NULL;
871 unsigned char *buf_dec = NULL;
872
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]873 mbedtls_entropy_context entropy;
874 mbedtls_ctr_drbg_context ctr_drbg;
875 const char *pers = "test_suite_rsa";
876
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]877 const int have_N = ( strlen( input_N ) > 0 );
878 const int have_P = ( strlen( input_P ) > 0 );
879 const int have_Q = ( strlen( input_Q ) > 0 );
880 const int have_D = ( strlen( input_D ) > 0 );
881 const int have_E = ( strlen( input_E ) > 0 );
882
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]883 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]884 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]885 mbedtls_rsa_init( &ctx, 0, 0 );
886
887 mbedtls_mpi_init( &N );
888 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
889 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
890
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]891 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
892 (const unsigned char *) pers, strlen( pers ) ) == 0 );
893
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]894 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]895 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
896
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]897 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]898 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
899
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]900 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]901 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
902
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]903 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]904 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
905
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]906 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]907 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
908
909 if( !successive )
910 {
911 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]912 have_N ? &N : NULL,
913 have_P ? &P : NULL,
914 have_Q ? &Q : NULL,
915 have_D ? &D : NULL,
916 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]917 }
918 else
919 {
920 /* Import N, P, Q, D, E separately.
921 * This should make no functional difference. */
922
923 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]924 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]925 NULL, NULL, NULL, NULL ) == 0 );
926
927 TEST_ASSERT( mbedtls_rsa_import( &ctx,
928 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]929 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]930 NULL, NULL, NULL ) == 0 );
931
932 TEST_ASSERT( mbedtls_rsa_import( &ctx,
933 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]934 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]935 NULL, NULL ) == 0 );
936
937 TEST_ASSERT( mbedtls_rsa_import( &ctx,
938 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]939 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]940 NULL ) == 0 );
941
942 TEST_ASSERT( mbedtls_rsa_import( &ctx,
943 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]944 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]945 }
946
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]947 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]948
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]949 /* On expected success, perform some public and private
950 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]951 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]952 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]953 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]954 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
955 else
956 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
957
958 if( res_check != 0 )
959 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]960
961 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
962 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
963 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
964 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
965 goto exit;
966
967 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
968 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
969
970 /* Make sure the number we're generating is smaller than the modulus */
971 buf_orig[0] = 0x00;
972
973 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
974
975 if( is_priv )
976 {
977 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
978 &ctr_drbg, buf_enc,
979 buf_dec ) == 0 );
980
981 TEST_ASSERT( memcmp( buf_orig, buf_dec,
982 mbedtls_rsa_get_len( &ctx ) ) == 0 );
983 }
984 }
985
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]986exit:
987
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]988 mbedtls_free( buf_orig );
989 mbedtls_free( buf_enc );
990 mbedtls_free( buf_dec );
991
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]992 mbedtls_rsa_free( &ctx );
993
994 mbedtls_ctr_drbg_free( &ctr_drbg );
995 mbedtls_entropy_free( &entropy );
996
997 mbedtls_mpi_free( &N );
998 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
999 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1000}
1001/* END_CASE */
1002
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1003/* BEGIN_CASE */
1004void mbedtls_rsa_export( int radix_N, char *input_N,
1005 int radix_P, char *input_P,
1006 int radix_Q, char *input_Q,
1007 int radix_D, char *input_D,
1008 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1009 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1010 int successive )
1011{
1012 /* Original MPI's with which we set up the RSA context */
1013 mbedtls_mpi N, P, Q, D, E;
1014
1015 /* Exported MPI's */
1016 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1017
1018 const int have_N = ( strlen( input_N ) > 0 );
1019 const int have_P = ( strlen( input_P ) > 0 );
1020 const int have_Q = ( strlen( input_Q ) > 0 );
1021 const int have_D = ( strlen( input_D ) > 0 );
1022 const int have_E = ( strlen( input_E ) > 0 );
1023
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1024 mbedtls_rsa_context ctx;
1025
1026 mbedtls_rsa_init( &ctx, 0, 0 );
1027
1028 mbedtls_mpi_init( &N );
1029 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1030 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1031
1032 mbedtls_mpi_init( &Ne );
1033 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1034 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1035
1036 /* Setup RSA context */
1037
1038 if( have_N )
1039 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1040
1041 if( have_P )
1042 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1043
1044 if( have_Q )
1045 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1046
1047 if( have_D )
1048 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1049
1050 if( have_E )
1051 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1052
1053 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1054 strlen( input_N ) ? &N : NULL,
1055 strlen( input_P ) ? &P : NULL,
1056 strlen( input_Q ) ? &Q : NULL,
1057 strlen( input_D ) ? &D : NULL,
1058 strlen( input_E ) ? &E : NULL ) == 0 );
1059
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1060 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1061
1062 /*
1063 * Export parameters and compare to original ones.
1064 */
1065
1066 /* N and E must always be present. */
1067 if( !successive )
1068 {
1069 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1070 }
1071 else
1072 {
1073 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1074 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1075 }
1076 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1077 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1078
1079 /* If we were providing enough information to setup a complete private context,
1080 * we expect to be able to export all core parameters. */
1081
1082 if( is_priv )
1083 {
1084 if( !successive )
1085 {
1086 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1087 &De, NULL ) == 0 );
1088 }
1089 else
1090 {
1091 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1092 NULL, NULL ) == 0 );
1093 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1094 NULL, NULL ) == 0 );
1095 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1096 &De, NULL ) == 0 );
1097 }
1098
1099 if( have_P )
1100 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1101
1102 if( have_Q )
1103 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1104
1105 if( have_D )
1106 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1107
1108 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1109 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1110 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1111 }
1112
1113exit:
1114
1115 mbedtls_rsa_free( &ctx );
1116
1117 mbedtls_mpi_free( &N );
1118 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1119 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1120
1121 mbedtls_mpi_free( &Ne );
1122 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1123 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1124}
1125/* END_CASE */
1126
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1127/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1128void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1129 int radix_P, char *input_P,
1130 int radix_Q, char *input_Q,
1131 int radix_D, char *input_D,
1132 int radix_E, char *input_E,
1133 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1134{
1135 /* Original MPI's with which we set up the RSA context */
1136 mbedtls_mpi N, P, Q, D, E;
1137
1138 const int have_N = ( strlen( input_N ) > 0 );
1139 const int have_P = ( strlen( input_P ) > 0 );
1140 const int have_Q = ( strlen( input_Q ) > 0 );
1141 const int have_D = ( strlen( input_D ) > 0 );
1142 const int have_E = ( strlen( input_E ) > 0 );
1143
1144 mbedtls_entropy_context entropy;
1145 mbedtls_ctr_drbg_context ctr_drbg;
1146 const char *pers = "test_suite_rsa";
1147
1148 mbedtls_mpi_init( &N );
1149 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1150 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1151
1152 mbedtls_ctr_drbg_init( &ctr_drbg );
1153 mbedtls_entropy_init( &entropy );
1154 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1155 &entropy, (const unsigned char *) pers,
1156 strlen( pers ) ) == 0 );
1157
1158 if( have_N )
1159 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1160
1161 if( have_P )
1162 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1163
1164 if( have_Q )
1165 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1166
1167 if( have_D )
1168 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1169
1170 if( have_E )
1171 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1172
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1173 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1174 have_P ? &P : NULL,
1175 have_Q ? &Q : NULL,
1176 have_D ? &D : NULL,
1177 have_E ? &E : NULL,
1178 prng ? mbedtls_ctr_drbg_random : NULL,
1179 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1180exit:
1181
1182 mbedtls_ctr_drbg_free( &ctr_drbg );
1183 mbedtls_entropy_free( &entropy );
1184
1185 mbedtls_mpi_free( &N );
1186 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1187 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1188}
1189/* END_CASE */
1190
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1191/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1192void mbedtls_rsa_export_raw( char *input_N, char *input_P,
1193 char *input_Q, char *input_D,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1194 char *input_E, int is_priv,
1195 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1196{
1197 /* Original raw buffers with which we set up the RSA context */
1198 unsigned char bufN[1000];
1199 unsigned char bufP[1000];
1200 unsigned char bufQ[1000];
1201 unsigned char bufD[1000];
1202 unsigned char bufE[1000];
1203
1204 size_t lenN = 0;
1205 size_t lenP = 0;
1206 size_t lenQ = 0;
1207 size_t lenD = 0;
1208 size_t lenE = 0;
1209
1210 /* Exported buffers */
1211 unsigned char bufNe[ sizeof( bufN ) ];
1212 unsigned char bufPe[ sizeof( bufP ) ];
1213 unsigned char bufQe[ sizeof( bufQ ) ];
1214 unsigned char bufDe[ sizeof( bufD ) ];
1215 unsigned char bufEe[ sizeof( bufE ) ];
1216
1217 const int have_N = ( strlen( input_N ) > 0 );
1218 const int have_P = ( strlen( input_P ) > 0 );
1219 const int have_Q = ( strlen( input_Q ) > 0 );
1220 const int have_D = ( strlen( input_D ) > 0 );
1221 const int have_E = ( strlen( input_E ) > 0 );
1222
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1223 mbedtls_rsa_context ctx;
1224
1225 mbedtls_rsa_init( &ctx, 0, 0 );
1226
1227 /* Setup RSA context */
1228
1229 if( have_N )
1230 lenN = unhexify( bufN, input_N );
1231
1232 if( have_P )
1233 lenP = unhexify( bufP, input_P );
1234
1235 if( have_Q )
1236 lenQ = unhexify( bufQ, input_Q );
1237
1238 if( have_D )
1239 lenD = unhexify( bufD, input_D );
1240
1241 if( have_E )
1242 lenE = unhexify( bufE, input_E );
1243
1244 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1245 have_N ? bufN : NULL, lenN,
1246 have_P ? bufP : NULL, lenP,
1247 have_Q ? bufQ : NULL, lenQ,
1248 have_D ? bufD : NULL, lenD,
1249 have_E ? bufE : NULL, lenE ) == 0 );
1250
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1251 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1252
1253 /*
1254 * Export parameters and compare to original ones.
1255 */
1256
1257 /* N and E must always be present. */
1258 if( !successive )
1259 {
1260 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1261 NULL, 0, NULL, 0, NULL, 0,
1262 bufEe, lenE ) == 0 );
1263 }
1264 else
1265 {
1266 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1267 NULL, 0, NULL, 0, NULL, 0,
1268 NULL, 0 ) == 0 );
1269 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1270 NULL, 0, NULL, 0, NULL, 0,
1271 bufEe, lenE ) == 0 );
1272 }
1273 TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
1274 TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
1275
1276 /* If we were providing enough information to setup a complete private context,
1277 * we expect to be able to export all core parameters. */
1278
1279 if( is_priv )
1280 {
1281 if( !successive )
1282 {
1283 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1284 bufPe, lenP ? lenP : sizeof( bufPe ),
1285 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1286 bufDe, lenD ? lenD : sizeof( bufDe ),
1287 NULL, 0 ) == 0 );
1288 }
1289 else
1290 {
1291 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1292 bufPe, lenP ? lenP : sizeof( bufPe ),
1293 NULL, 0, NULL, 0,
1294 NULL, 0 ) == 0 );
1295
1296 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1297 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1298 NULL, 0, NULL, 0 ) == 0 );
1299
1300 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1301 NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
1302 NULL, 0 ) == 0 );
1303 }
1304
1305 if( have_P )
1306 TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
1307
1308 if( have_Q )
1309 TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
1310
1311 if( have_D )
1312 TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
1313
1314 }
1315
1316exit:
1317 mbedtls_rsa_free( &ctx );
1318}
1319/* END_CASE */
1320
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1321/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1322void mbedtls_rsa_import_raw( char *input_N,
1323 char *input_P, char *input_Q,
1324 char *input_D, char *input_E,
1325 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1326 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1327 int res_check,
1328 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1329{
1330 unsigned char bufN[1000];
1331 unsigned char bufP[1000];
1332 unsigned char bufQ[1000];
1333 unsigned char bufD[1000];
1334 unsigned char bufE[1000];
1335
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1336 /* Buffers used for encryption-decryption test */
1337 unsigned char *buf_orig = NULL;
1338 unsigned char *buf_enc = NULL;
1339 unsigned char *buf_dec = NULL;
1340
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1341 size_t lenN = 0;
1342 size_t lenP = 0;
1343 size_t lenQ = 0;
1344 size_t lenD = 0;
1345 size_t lenE = 0;
1346
1347 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1348 mbedtls_entropy_context entropy;
1349 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1350
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1351 const char *pers = "test_suite_rsa";
1352
1353 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1354 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1355 mbedtls_rsa_init( &ctx, 0, 0 );
1356
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1357 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1358 &entropy, (const unsigned char *) pers,
1359 strlen( pers ) ) == 0 );
1360
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1361 if( strlen( input_N ) )
1362 lenN = unhexify( bufN, input_N );
1363
1364 if( strlen( input_P ) )
1365 lenP = unhexify( bufP, input_P );
1366
1367 if( strlen( input_Q ) )
1368 lenQ = unhexify( bufQ, input_Q );
1369
1370 if( strlen( input_D ) )
1371 lenD = unhexify( bufD, input_D );
1372
1373 if( strlen( input_E ) )
1374 lenE = unhexify( bufE, input_E );
1375
1376 if( !successive )
1377 {
1378 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1379 ( lenN > 0 ) ? bufN : NULL, lenN,
1380 ( lenP > 0 ) ? bufP : NULL, lenP,
1381 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1382 ( lenD > 0 ) ? bufD : NULL, lenD,
1383 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1384 }
1385 else
1386 {
1387 /* Import N, P, Q, D, E separately.
1388 * This should make no functional difference. */
1389
1390 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1391 ( lenN > 0 ) ? bufN : NULL, lenN,
1392 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1393
1394 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1395 NULL, 0,
1396 ( lenP > 0 ) ? bufP : NULL, lenP,
1397 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1398
1399 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1400 NULL, 0, NULL, 0,
1401 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1402 NULL, 0, NULL, 0 ) == 0 );
1403
1404 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1405 NULL, 0, NULL, 0, NULL, 0,
1406 ( lenD > 0 ) ? bufD : NULL, lenD,
1407 NULL, 0 ) == 0 );
1408
1409 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1410 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1411 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1412 }
1413
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1414 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1415
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1416 /* On expected success, perform some public and private
1417 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1418 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1419 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1420 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1421 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1422 else
1423 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1424
1425 if( res_check != 0 )
1426 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1427
1428 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1429 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1430 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1431 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1432 goto exit;
1433
1434 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1435 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1436
1437 /* Make sure the number we're generating is smaller than the modulus */
1438 buf_orig[0] = 0x00;
1439
1440 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1441
1442 if( is_priv )
1443 {
1444 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1445 &ctr_drbg, buf_enc,
1446 buf_dec ) == 0 );
1447
1448 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1449 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1450 }
1451 }
1452
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1453exit:
1454
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1455 mbedtls_free( buf_orig );
1456 mbedtls_free( buf_enc );
1457 mbedtls_free( buf_dec );
1458
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1459 mbedtls_rsa_free( &ctx );
1460
1461 mbedtls_ctr_drbg_free( &ctr_drbg );
1462 mbedtls_entropy_free( &entropy );
1463
1464}
1465/* END_CASE */
1466
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1467/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1468void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1469{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1470 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1471}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1472/* END_CASE */