TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f1aaec9888bfb341f2f80fdf136d108e6887a256 / . / tests / suites / test_suite_rsa.function
blob: e13735b3dd97673522033593652b9fb5677bfb98 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +0100[diff] [blame]3#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]20/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]21void mbedtls_rsa_pkcs1_sign( uint8_t * message_str, uint32_t msg_len,
22 int padding_mode, int digest, int mod,
23 int radix_P, char * input_P, int radix_Q,
24 char * input_Q, int radix_N, char * input_N,
25 int radix_E, char * input_E,
26 uint8_t * result_hex_str,
27 uint32_t result_hex_str_len, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]28{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]29 unsigned char hash_result[1000];
30 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]32 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]33 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]34
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]35 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
36 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]38
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]39 memset( hash_result, 0x00, 1000 );
40 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]41 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]42
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]43 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
44 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
45 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]47
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]48 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
49 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]50 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]51 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]52
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]53
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54 if( mbedtls_md_info_from_type( digest ) != NULL )
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]55 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
56 message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]57
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]58 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
59 MBEDTLS_RSA_PRIVATE, digest, 0,
60 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]61 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]62 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]63
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]64 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]65 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]66
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]67exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]68 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
69 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]71}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]72/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]73
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]74/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]75void mbedtls_rsa_pkcs1_verify( uint8_t * message_str, uint32_t msg_len,
76 int padding_mode, int digest, int mod,
77 int radix_N, char * input_N, int radix_E,
78 char * input_E, uint8_t * result_str,
79 uint32_t result_str_len, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]80{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]81 unsigned char hash_result[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]82 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]83
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]84 mbedtls_mpi N, E;
85
86 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]88 memset( hash_result, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]89
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]90 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
91 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
92 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
93 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]95
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]96
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97 if( mbedtls_md_info_from_type( digest ) != NULL )
98 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]99
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]101
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]102exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]103 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]105}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]106/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]107
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]108
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]109/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]110void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
111 uint8_t * hash_result, uint32_t hash_len,
112 int padding_mode, int mod, int radix_P,
113 char * input_P, int radix_Q, char * input_Q,
114 int radix_N, char * input_N, int radix_E,
115 char * input_E, uint8_t * result_hex_str,
116 uint32_t result_hex_str_len )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]117{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]118 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]119 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]120 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]121 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]122
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]124 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
125 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]126
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]127 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]128 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]129
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]130 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
131 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
132 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
133 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]134
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]135 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
136 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]137 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]138 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]139
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]140
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]141 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
142 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
143 hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]144
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]145
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]146 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]147
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]148#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]149 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]150 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]151 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]152 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]153 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]154
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]155 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]156 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]157 hash_len, hash_result, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]158
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]159#if !defined(MBEDTLS_RSA_ALT)
160 TEST_ASSERT( res == 0 );
161#else
162 TEST_ASSERT( ( res == 0 ) ||
163 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
164#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]165
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]166 if( res == 0 )
167 {
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]168 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]169 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]170 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]171#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]172
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]173exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]174 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
175 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
176
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]178}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]179/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]180
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]181/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]182void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
183 uint8_t * hash_result, uint32_t hash_len,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]184 int padding_mode, int mod, int radix_N,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]185 char * input_N, int radix_E, char * input_E,
186 uint8_t * result_str, uint32_t result_str_len,
187 int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]188{
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]189 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]190 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]191
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]192 mbedtls_mpi N, E;
193 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
194
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]195 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]196 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]197
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]198 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
199 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]200
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]201 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
202 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]203 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]204
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]205
Hanno Becker8fd55482017-08-23 14:07:48 +0100[diff] [blame]206 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
207 MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
208 hash_len, hash_result,
209 result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]210
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]211#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]212 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]213 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]214 {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]215 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]216 int ok;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]217 size_t olen;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]218
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]219 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]220 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]221 &olen, result_str, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]222
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]223#if !defined(MBEDTLS_RSA_ALT)
224 TEST_ASSERT( res == 0 );
225#else
226 TEST_ASSERT( ( res == 0 ) ||
227 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
228#endif
229
230 if( res == 0 )
231 {
232 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
233 if( correct == 0 )
234 TEST_ASSERT( ok == 1 );
235 else
236 TEST_ASSERT( ok == 0 );
237 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]238 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]239#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]240
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]241exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]242 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]244}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]245/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]246
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]247/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]248void mbedtls_rsa_pkcs1_encrypt( uint8_t * message_str, uint32_t msg_len,
249 int padding_mode, int mod, int radix_N,
250 char * input_N, int radix_E, char * input_E,
251 uint8_t * result_hex_str,
252 uint32_t result_hex_str_len, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]253{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]254 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]255 mbedtls_rsa_context ctx;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]256 rnd_pseudo_info rnd_info;
257
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]258 mbedtls_mpi N, E;
259 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
260
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]261 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]262
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]263 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]264 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]265
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]266 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
267 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]268
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]269 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
270 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]271 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]272
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]273
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]274 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
275 MBEDTLS_RSA_PUBLIC, msg_len,
276 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]277 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]278 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]279
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]280 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]281 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]282
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]283exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]284 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]285 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]286}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]287/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]288
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]289/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]290void rsa_pkcs1_encrypt_bad_rng( uint8_t * message_str, uint32_t msg_len,
291 int padding_mode, int mod, int radix_N,
292 char * input_N, int radix_E, char * input_E,
293 uint8_t * result_hex_str,
294 uint32_t result_hex_str_len, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]295{
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]296 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]297 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]298
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]299 mbedtls_mpi N, E;
300
301 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]303 memset( output, 0x00, 1000 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]304
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]305 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
306 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]307
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]308 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
309 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]310 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]311
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]312
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]313 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
314 MBEDTLS_RSA_PUBLIC, msg_len,
315 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]316 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]317 {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]318
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]319 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]320 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]321
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]322exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]323 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]324 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]325}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]326/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]327
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]328/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]329void mbedtls_rsa_pkcs1_decrypt( uint8_t * message_str,
330 uint32_t message_str_len, int padding_mode,
331 int mod, int radix_P, char * input_P,
332 int radix_Q, char * input_Q, int radix_N,
333 char * input_N, int radix_E, char * input_E,
334 int max_output, uint8_t * result_hex_str,
335 uint32_t result_hex_str_len, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]336{
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]337 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]338 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]339 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]340 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]341 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]342
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]343 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
344 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
345
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]347
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]348 memset( output, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]349 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]350
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]351
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]352 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
353 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
354 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
355 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]356
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]357 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
358 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]359 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]361
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]362 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]363
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]364 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]365 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]366 {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]367
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]368 TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]369 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]370
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]371exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]372 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
373 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]374 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]375}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]376/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]377
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]378/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]379void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
380 int mod, int radix_N, char * input_N, int radix_E,
381 char * input_E, uint8_t * result_hex_str,
382 uint32_t result_hex_str_len, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]383{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]384 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]385 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]386
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]387 mbedtls_mpi N, E;
388
389 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]390 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
391 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]392 memset( output, 0x00, 1000 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]393
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]394 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
395 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]396
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]397 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
398 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]400
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]401
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]402 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]403 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]404 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]405
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]406 TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]407 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]408
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]409 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]410 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]411 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]412 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]415
416 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]417 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]418 if( result == 0 )
419 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]420
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]421 TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]422 }
423
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]424exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]425 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 mbedtls_rsa_free( &ctx );
427 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]428}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]429/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]430
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]431/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]432void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
433 int mod, int radix_P, char * input_P, int radix_Q,
434 char * input_Q, int radix_N, char * input_N,
435 int radix_E, char * input_E,
436 uint8_t * result_hex_str,
437 uint32_t result_hex_str_len, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]438{
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]439 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]441 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]442 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]443 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]444
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]445 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
446 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]447 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
448 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]449
Paul Bakker548957d2013-08-30 10:30:02 +0200[diff] [blame]450 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]451
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]452 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
453 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
454 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
455 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]456
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]457 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
458 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]459 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]460 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]461
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]462
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]463 /* repeat three times to test updating of blinding values */
464 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]465 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]466 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]467 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]468 message_str, output ) == result );
469 if( result == 0 )
470 {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]471
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]472 TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]473 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]474 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]475
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]476 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]477 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]478 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]479 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]480
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]482
483 memset( output, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]484 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]485 message_str, output ) == result );
486 if( result == 0 )
487 {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]488
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]489 TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]490 }
491
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]492exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]493 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
494 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
495
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]496 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]497}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]498/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]499
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]500/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]501void rsa_check_privkey_null( )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]502{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]503 mbedtls_rsa_context ctx;
504 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]505
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]506 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]507}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]508/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]509
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]510/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]511void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
512 char * input_E, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]513{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]515 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]516
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]517 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]518 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]519
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]520 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]521 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]522 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]523 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]524 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]525 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]526 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]527 }
528
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]529 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]530 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]531
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]532exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]533 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]535}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]536/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]537
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]538/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]539void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
540 int radix_Q, char * input_Q, int radix_N,
541 char * input_N, int radix_E, char * input_E,
542 int radix_D, char * input_D, int radix_DP,
543 char * input_DP, int radix_DQ,
544 char * input_DQ, int radix_QP,
545 char * input_QP, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]546{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]547 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]548
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]549 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]550
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]551 ctx.len = mod / 8;
552 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]553 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]554 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]555 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]556 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]557 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]559 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]560 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]561 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]562 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]563 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]564 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]565 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]566 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]567 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]568 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]569 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]570 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]571 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]572#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]573 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]574 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]576 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]577 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]578 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]579 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]580 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]581 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]582 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]584 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]585#else
586 ((void) radix_DP); ((void) input_DP);
587 ((void) radix_DQ); ((void) input_DQ);
588 ((void) radix_QP); ((void) input_QP);
589#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]590
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]591 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]592
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]593exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]594 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]595}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]596/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]597
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]598/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]599void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
600 int radix_Epub, char * input_Epub, int radix_P,
601 char * input_P, int radix_Q, char * input_Q,
602 int radix_N, char * input_N, int radix_E,
603 char * input_E, int radix_D, char * input_D,
604 int radix_DP, char * input_DP, int radix_DQ,
605 char * input_DQ, int radix_QP, char * input_QP,
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]606 int result )
607{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]608 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]609
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]610 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
611 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]612
613 pub.len = mod / 8;
614 prv.len = mod / 8;
615
616 if( strlen( input_Npub ) )
617 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]618 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]619 }
620 if( strlen( input_Epub ) )
621 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]622 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]623 }
624
625 if( strlen( input_P ) )
626 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]627 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]628 }
629 if( strlen( input_Q ) )
630 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]631 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]632 }
633 if( strlen( input_N ) )
634 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]635 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]636 }
637 if( strlen( input_E ) )
638 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]640 }
641 if( strlen( input_D ) )
642 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]643 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]644 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]645#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]646 if( strlen( input_DP ) )
647 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]648 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]649 }
650 if( strlen( input_DQ ) )
651 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]652 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]653 }
654 if( strlen( input_QP ) )
655 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]656 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]657 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]658#else
659 ((void) radix_DP); ((void) input_DP);
660 ((void) radix_DQ); ((void) input_DQ);
661 ((void) radix_QP); ((void) input_QP);
662#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]663
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]665
666exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667 mbedtls_rsa_free( &pub );
668 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]669}
670/* END_CASE */
671
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]672/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]673void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]674{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]675 mbedtls_rsa_context ctx;
676 mbedtls_entropy_context entropy;
677 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]678 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]679
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]680 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]681 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100[diff] [blame]682 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]683
Hanno Beckera47023e2017-12-22 17:08:03 +0000[diff] [blame]684 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
685 &entropy, (const unsigned char *) pers,
686 strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]687
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]688 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]689 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]690 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]691 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100[diff] [blame]692 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]693 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]694
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]695exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696 mbedtls_rsa_free( &ctx );
697 mbedtls_ctr_drbg_free( &ctr_drbg );
698 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]699}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]700/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]701
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]702/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100[diff] [blame]703void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]704 int radix_D, char *input_D,
705 int radix_E, char *input_E,
706 int radix_P, char *output_P,
707 int radix_Q, char *output_Q,
708 int corrupt, int result )
709{
710 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
711
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]712 mbedtls_mpi_init( &N );
713 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
714 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
715 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
716
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]717 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
718 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
719 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
720 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
721 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
722
723 if( corrupt )
724 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
725
726 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100[diff] [blame]727 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]728
729 if( !corrupt )
730 {
731 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
732 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
733 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
734 }
735
736exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]737 mbedtls_mpi_free( &N );
738 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
739 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
740 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]741}
742/* END_CASE */
743
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]744/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]745void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
746 int radix_Q, char *input_Q,
747 int radix_E, char *input_E,
748 int radix_D, char *output_D,
749 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]750{
751 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
752
753 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
754 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
755 mbedtls_mpi_init( &E );
756 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
757
758 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
759 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
760 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
761 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
762
763 if( corrupt )
764 {
765 /* Make E even */
766 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
767 }
768
769 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100[diff] [blame]770 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
771 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]772
773 if( !corrupt )
774 {
775 /*
776 * Check that D and Dp agree modulo LCM(P-1, Q-1).
777 */
778
779 /* Replace P,Q by P-1, Q-1 */
780 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
781 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
782
783 /* Check D == Dp modulo P-1 */
784 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
785 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
786 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
787
788 /* Check D == Dp modulo Q-1 */
789 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
790 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
791 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
792 }
793
794exit:
795
796 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
797 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
798 mbedtls_mpi_free( &E );
799 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
800}
801/* END_CASE */
802
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]803/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]804void mbedtls_rsa_import( int radix_N, char *input_N,
805 int radix_P, char *input_P,
806 int radix_Q, char *input_Q,
807 int radix_D, char *input_D,
808 int radix_E, char *input_E,
809 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]810 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]811 int res_check,
812 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]813{
814 mbedtls_mpi N, P, Q, D, E;
815 mbedtls_rsa_context ctx;
816
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]817 /* Buffers used for encryption-decryption test */
818 unsigned char *buf_orig = NULL;
819 unsigned char *buf_enc = NULL;
820 unsigned char *buf_dec = NULL;
821
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]822 mbedtls_entropy_context entropy;
823 mbedtls_ctr_drbg_context ctr_drbg;
824 const char *pers = "test_suite_rsa";
825
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]826 const int have_N = ( strlen( input_N ) > 0 );
827 const int have_P = ( strlen( input_P ) > 0 );
828 const int have_Q = ( strlen( input_Q ) > 0 );
829 const int have_D = ( strlen( input_D ) > 0 );
830 const int have_E = ( strlen( input_E ) > 0 );
831
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]832 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]833 mbedtls_entropy_init( &entropy );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]834 mbedtls_rsa_init( &ctx, 0, 0 );
835
836 mbedtls_mpi_init( &N );
837 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
838 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
839
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]840 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
841 (const unsigned char *) pers, strlen( pers ) ) == 0 );
842
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]843 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]844 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
845
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]846 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]847 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
848
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]849 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]850 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
851
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]852 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]853 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
854
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]855 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]856 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
857
858 if( !successive )
859 {
860 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]861 have_N ? &N : NULL,
862 have_P ? &P : NULL,
863 have_Q ? &Q : NULL,
864 have_D ? &D : NULL,
865 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]866 }
867 else
868 {
869 /* Import N, P, Q, D, E separately.
870 * This should make no functional difference. */
871
872 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]873 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]874 NULL, NULL, NULL, NULL ) == 0 );
875
876 TEST_ASSERT( mbedtls_rsa_import( &ctx,
877 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]878 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]879 NULL, NULL, NULL ) == 0 );
880
881 TEST_ASSERT( mbedtls_rsa_import( &ctx,
882 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]883 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]884 NULL, NULL ) == 0 );
885
886 TEST_ASSERT( mbedtls_rsa_import( &ctx,
887 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]888 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]889 NULL ) == 0 );
890
891 TEST_ASSERT( mbedtls_rsa_import( &ctx,
892 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]893 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]894 }
895
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]896 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]897
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]898 /* On expected success, perform some public and private
899 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]900 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]901 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]902 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]903 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
904 else
905 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
906
907 if( res_check != 0 )
908 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]909
910 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
911 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
912 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
913 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
914 goto exit;
915
916 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
917 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
918
919 /* Make sure the number we're generating is smaller than the modulus */
920 buf_orig[0] = 0x00;
921
922 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
923
924 if( is_priv )
925 {
926 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
927 &ctr_drbg, buf_enc,
928 buf_dec ) == 0 );
929
930 TEST_ASSERT( memcmp( buf_orig, buf_dec,
931 mbedtls_rsa_get_len( &ctx ) ) == 0 );
932 }
933 }
934
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]935exit:
936
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]937 mbedtls_free( buf_orig );
938 mbedtls_free( buf_enc );
939 mbedtls_free( buf_dec );
940
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]941 mbedtls_rsa_free( &ctx );
942
943 mbedtls_ctr_drbg_free( &ctr_drbg );
944 mbedtls_entropy_free( &entropy );
945
946 mbedtls_mpi_free( &N );
947 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
948 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
949}
950/* END_CASE */
951
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]952/* BEGIN_CASE */
953void mbedtls_rsa_export( int radix_N, char *input_N,
954 int radix_P, char *input_P,
955 int radix_Q, char *input_Q,
956 int radix_D, char *input_D,
957 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]958 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]959 int successive )
960{
961 /* Original MPI's with which we set up the RSA context */
962 mbedtls_mpi N, P, Q, D, E;
963
964 /* Exported MPI's */
965 mbedtls_mpi Ne, Pe, Qe, De, Ee;
966
967 const int have_N = ( strlen( input_N ) > 0 );
968 const int have_P = ( strlen( input_P ) > 0 );
969 const int have_Q = ( strlen( input_Q ) > 0 );
970 const int have_D = ( strlen( input_D ) > 0 );
971 const int have_E = ( strlen( input_E ) > 0 );
972
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]973 mbedtls_rsa_context ctx;
974
975 mbedtls_rsa_init( &ctx, 0, 0 );
976
977 mbedtls_mpi_init( &N );
978 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
979 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
980
981 mbedtls_mpi_init( &Ne );
982 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
983 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
984
985 /* Setup RSA context */
986
987 if( have_N )
988 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
989
990 if( have_P )
991 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
992
993 if( have_Q )
994 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
995
996 if( have_D )
997 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
998
999 if( have_E )
1000 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1001
1002 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1003 strlen( input_N ) ? &N : NULL,
1004 strlen( input_P ) ? &P : NULL,
1005 strlen( input_Q ) ? &Q : NULL,
1006 strlen( input_D ) ? &D : NULL,
1007 strlen( input_E ) ? &E : NULL ) == 0 );
1008
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1009 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1010
1011 /*
1012 * Export parameters and compare to original ones.
1013 */
1014
1015 /* N and E must always be present. */
1016 if( !successive )
1017 {
1018 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1019 }
1020 else
1021 {
1022 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1023 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1024 }
1025 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1026 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1027
1028 /* If we were providing enough information to setup a complete private context,
1029 * we expect to be able to export all core parameters. */
1030
1031 if( is_priv )
1032 {
1033 if( !successive )
1034 {
1035 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1036 &De, NULL ) == 0 );
1037 }
1038 else
1039 {
1040 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1041 NULL, NULL ) == 0 );
1042 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1043 NULL, NULL ) == 0 );
1044 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1045 &De, NULL ) == 0 );
1046 }
1047
1048 if( have_P )
1049 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1050
1051 if( have_Q )
1052 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1053
1054 if( have_D )
1055 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1056
1057 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1058 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1059 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1060 }
1061
1062exit:
1063
1064 mbedtls_rsa_free( &ctx );
1065
1066 mbedtls_mpi_free( &N );
1067 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1068 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1069
1070 mbedtls_mpi_free( &Ne );
1071 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1072 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1073}
1074/* END_CASE */
1075
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1076/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1077void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1078 int radix_P, char *input_P,
1079 int radix_Q, char *input_Q,
1080 int radix_D, char *input_D,
1081 int radix_E, char *input_E,
1082 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1083{
1084 /* Original MPI's with which we set up the RSA context */
1085 mbedtls_mpi N, P, Q, D, E;
1086
1087 const int have_N = ( strlen( input_N ) > 0 );
1088 const int have_P = ( strlen( input_P ) > 0 );
1089 const int have_Q = ( strlen( input_Q ) > 0 );
1090 const int have_D = ( strlen( input_D ) > 0 );
1091 const int have_E = ( strlen( input_E ) > 0 );
1092
1093 mbedtls_entropy_context entropy;
1094 mbedtls_ctr_drbg_context ctr_drbg;
1095 const char *pers = "test_suite_rsa";
1096
1097 mbedtls_mpi_init( &N );
1098 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1099 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1100
1101 mbedtls_ctr_drbg_init( &ctr_drbg );
1102 mbedtls_entropy_init( &entropy );
1103 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1104 &entropy, (const unsigned char *) pers,
1105 strlen( pers ) ) == 0 );
1106
1107 if( have_N )
1108 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1109
1110 if( have_P )
1111 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1112
1113 if( have_Q )
1114 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1115
1116 if( have_D )
1117 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1118
1119 if( have_E )
1120 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1121
Hanno Becker750e8b42017-08-25 07:54:27 +0100[diff] [blame]1122 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1123 have_P ? &P : NULL,
1124 have_Q ? &Q : NULL,
1125 have_D ? &D : NULL,
1126 have_E ? &E : NULL,
1127 prng ? mbedtls_ctr_drbg_random : NULL,
1128 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1129exit:
1130
1131 mbedtls_ctr_drbg_free( &ctr_drbg );
1132 mbedtls_entropy_free( &entropy );
1133
1134 mbedtls_mpi_free( &N );
1135 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1136 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1137}
1138/* END_CASE */
1139
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1140/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1141void mbedtls_rsa_export_raw( char *input_N, char *input_P,
1142 char *input_Q, char *input_D,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1143 char *input_E, int is_priv,
1144 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1145{
1146 /* Original raw buffers with which we set up the RSA context */
1147 unsigned char bufN[1000];
1148 unsigned char bufP[1000];
1149 unsigned char bufQ[1000];
1150 unsigned char bufD[1000];
1151 unsigned char bufE[1000];
1152
1153 size_t lenN = 0;
1154 size_t lenP = 0;
1155 size_t lenQ = 0;
1156 size_t lenD = 0;
1157 size_t lenE = 0;
1158
1159 /* Exported buffers */
1160 unsigned char bufNe[ sizeof( bufN ) ];
1161 unsigned char bufPe[ sizeof( bufP ) ];
1162 unsigned char bufQe[ sizeof( bufQ ) ];
1163 unsigned char bufDe[ sizeof( bufD ) ];
1164 unsigned char bufEe[ sizeof( bufE ) ];
1165
1166 const int have_N = ( strlen( input_N ) > 0 );
1167 const int have_P = ( strlen( input_P ) > 0 );
1168 const int have_Q = ( strlen( input_Q ) > 0 );
1169 const int have_D = ( strlen( input_D ) > 0 );
1170 const int have_E = ( strlen( input_E ) > 0 );
1171
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1172 mbedtls_rsa_context ctx;
1173
1174 mbedtls_rsa_init( &ctx, 0, 0 );
1175
1176 /* Setup RSA context */
1177
1178 if( have_N )
1179 lenN = unhexify( bufN, input_N );
1180
1181 if( have_P )
1182 lenP = unhexify( bufP, input_P );
1183
1184 if( have_Q )
1185 lenQ = unhexify( bufQ, input_Q );
1186
1187 if( have_D )
1188 lenD = unhexify( bufD, input_D );
1189
1190 if( have_E )
1191 lenE = unhexify( bufE, input_E );
1192
1193 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1194 have_N ? bufN : NULL, lenN,
1195 have_P ? bufP : NULL, lenP,
1196 have_Q ? bufQ : NULL, lenQ,
1197 have_D ? bufD : NULL, lenD,
1198 have_E ? bufE : NULL, lenE ) == 0 );
1199
Hanno Becker7f25f852017-10-10 16:56:22 +0100[diff] [blame]1200 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1201
1202 /*
1203 * Export parameters and compare to original ones.
1204 */
1205
1206 /* N and E must always be present. */
1207 if( !successive )
1208 {
1209 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1210 NULL, 0, NULL, 0, NULL, 0,
1211 bufEe, lenE ) == 0 );
1212 }
1213 else
1214 {
1215 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1216 NULL, 0, NULL, 0, NULL, 0,
1217 NULL, 0 ) == 0 );
1218 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1219 NULL, 0, NULL, 0, NULL, 0,
1220 bufEe, lenE ) == 0 );
1221 }
1222 TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
1223 TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
1224
1225 /* If we were providing enough information to setup a complete private context,
1226 * we expect to be able to export all core parameters. */
1227
1228 if( is_priv )
1229 {
1230 if( !successive )
1231 {
1232 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1233 bufPe, lenP ? lenP : sizeof( bufPe ),
1234 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1235 bufDe, lenD ? lenD : sizeof( bufDe ),
1236 NULL, 0 ) == 0 );
1237 }
1238 else
1239 {
1240 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1241 bufPe, lenP ? lenP : sizeof( bufPe ),
1242 NULL, 0, NULL, 0,
1243 NULL, 0 ) == 0 );
1244
1245 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1246 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1247 NULL, 0, NULL, 0 ) == 0 );
1248
1249 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1250 NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
1251 NULL, 0 ) == 0 );
1252 }
1253
1254 if( have_P )
1255 TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
1256
1257 if( have_Q )
1258 TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
1259
1260 if( have_D )
1261 TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
1262
1263 }
1264
1265exit:
1266 mbedtls_rsa_free( &ctx );
1267}
1268/* END_CASE */
1269
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1270/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1271void mbedtls_rsa_import_raw( char *input_N,
1272 char *input_P, char *input_Q,
1273 char *input_D, char *input_E,
1274 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1275 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1276 int res_check,
1277 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1278{
1279 unsigned char bufN[1000];
1280 unsigned char bufP[1000];
1281 unsigned char bufQ[1000];
1282 unsigned char bufD[1000];
1283 unsigned char bufE[1000];
1284
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1285 /* Buffers used for encryption-decryption test */
1286 unsigned char *buf_orig = NULL;
1287 unsigned char *buf_enc = NULL;
1288 unsigned char *buf_dec = NULL;
1289
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1290 size_t lenN = 0;
1291 size_t lenP = 0;
1292 size_t lenQ = 0;
1293 size_t lenD = 0;
1294 size_t lenE = 0;
1295
1296 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1297 mbedtls_entropy_context entropy;
1298 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1299
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1300 const char *pers = "test_suite_rsa";
1301
1302 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1303 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1304 mbedtls_rsa_init( &ctx, 0, 0 );
1305
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1306 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1307 &entropy, (const unsigned char *) pers,
1308 strlen( pers ) ) == 0 );
1309
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1310 if( strlen( input_N ) )
1311 lenN = unhexify( bufN, input_N );
1312
1313 if( strlen( input_P ) )
1314 lenP = unhexify( bufP, input_P );
1315
1316 if( strlen( input_Q ) )
1317 lenQ = unhexify( bufQ, input_Q );
1318
1319 if( strlen( input_D ) )
1320 lenD = unhexify( bufD, input_D );
1321
1322 if( strlen( input_E ) )
1323 lenE = unhexify( bufE, input_E );
1324
1325 if( !successive )
1326 {
1327 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1328 ( lenN > 0 ) ? bufN : NULL, lenN,
1329 ( lenP > 0 ) ? bufP : NULL, lenP,
1330 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1331 ( lenD > 0 ) ? bufD : NULL, lenD,
1332 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1333 }
1334 else
1335 {
1336 /* Import N, P, Q, D, E separately.
1337 * This should make no functional difference. */
1338
1339 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1340 ( lenN > 0 ) ? bufN : NULL, lenN,
1341 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1342
1343 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1344 NULL, 0,
1345 ( lenP > 0 ) ? bufP : NULL, lenP,
1346 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1347
1348 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1349 NULL, 0, NULL, 0,
1350 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1351 NULL, 0, NULL, 0 ) == 0 );
1352
1353 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1354 NULL, 0, NULL, 0, NULL, 0,
1355 ( lenD > 0 ) ? bufD : NULL, lenD,
1356 NULL, 0 ) == 0 );
1357
1358 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1359 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1360 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1361 }
1362
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1363 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1364
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1365 /* On expected success, perform some public and private
1366 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1367 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1368 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1369 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1370 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1371 else
1372 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1373
1374 if( res_check != 0 )
1375 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1376
1377 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1378 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1379 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1380 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1381 goto exit;
1382
1383 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1384 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1385
1386 /* Make sure the number we're generating is smaller than the modulus */
1387 buf_orig[0] = 0x00;
1388
1389 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1390
1391 if( is_priv )
1392 {
1393 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1394 &ctr_drbg, buf_enc,
1395 buf_dec ) == 0 );
1396
1397 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1398 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1399 }
1400 }
1401
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1402exit:
1403
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1404 mbedtls_free( buf_orig );
1405 mbedtls_free( buf_enc );
1406 mbedtls_free( buf_dec );
1407
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1408 mbedtls_rsa_free( &ctx );
1409
1410 mbedtls_ctr_drbg_free( &ctr_drbg );
1411 mbedtls_entropy_free( &entropy );
1412
1413}
1414/* END_CASE */
1415
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1416/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame^]1417void rsa_selftest( )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1418{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]1419 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1420}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1421/* END_CASE */