blob: e305c4337c98476fbd211e5c576a730f1ba80a44 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +01003#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00004#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +010012
Paul Bakker33b43f12013-08-20 11:48:36 +020013/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +000014
Paul Bakker33b43f12013-08-20 11:48:36 +020015/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020016 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +020017 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +000019
Paul Bakker33b43f12013-08-20 11:48:36 +020020/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020021void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020022 int mod, int radix_P, char *input_P, int radix_Q,
23 char *input_Q, int radix_N, char *input_N, int radix_E,
24 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000025{
26 unsigned char message_str[1000];
27 unsigned char hash_result[1000];
28 unsigned char output[1000];
29 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020030 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010031 mbedtls_mpi N, P, Q, E;
Paul Bakker69998dd2009-07-11 19:15:20 +000032 int msg_len;
Paul Bakker548957d2013-08-30 10:30:02 +020033 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +000034
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010035 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
36 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020037 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000038
39 memset( message_str, 0x00, 1000 );
40 memset( hash_result, 0x00, 1000 );
41 memset( output, 0x00, 1000 );
42 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +020043 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +000044
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010045 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
46 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
47 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
48 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000049
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010050 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
51 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +010052 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020053 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000054
Paul Bakker33b43f12013-08-20 11:48:36 +020055 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +000056
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020057 if( mbedtls_md_info_from_type( digest ) != NULL )
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010058 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
59 message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000060
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010061 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
62 MBEDTLS_RSA_PRIVATE, digest, 0,
63 hash_result, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +020064 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +000065 {
66 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +000067
Paul Bakker33b43f12013-08-20 11:48:36 +020068 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +000069 }
Paul Bakker6c591fa2011-05-05 11:49:20 +000070
Paul Bakkerbd51b262014-07-10 15:26:12 +020071exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010072 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
73 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020074 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +000075}
Paul Bakker33b43f12013-08-20 11:48:36 +020076/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +000077
Paul Bakker33b43f12013-08-20 11:48:36 +020078/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020079void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
Paul Bakker33b43f12013-08-20 11:48:36 +020080 int mod, int radix_N, char *input_N, int radix_E,
81 char *input_E, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +000082{
83 unsigned char message_str[1000];
84 unsigned char hash_result[1000];
85 unsigned char result_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020086 mbedtls_rsa_context ctx;
Paul Bakker69998dd2009-07-11 19:15:20 +000087 int msg_len;
Paul Bakker42a29bf2009-07-07 20:18:41 +000088
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010089 mbedtls_mpi N, E;
90
91 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020092 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +000093 memset( message_str, 0x00, 1000 );
94 memset( hash_result, 0x00, 1000 );
95 memset( result_str, 0x00, 1000 );
96
Hanno Beckerceb7a9d2017-08-23 08:33:08 +010097 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
98 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
99 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
100 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200101 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000102
Paul Bakker33b43f12013-08-20 11:48:36 +0200103 msg_len = unhexify( message_str, message_hex_string );
104 unhexify( result_str, result_hex_str );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000105
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200106 if( mbedtls_md_info_from_type( digest ) != NULL )
107 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000108
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200109 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100110
Paul Bakkerbd51b262014-07-10 15:26:12 +0200111exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100112 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200113 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000114}
Paul Bakker33b43f12013-08-20 11:48:36 +0200115/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000116
Paul Bakker821fb082009-07-12 13:26:42 +0000117
Paul Bakker33b43f12013-08-20 11:48:36 +0200118/* BEGIN_CASE */
119void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
120 int padding_mode, int mod, int radix_P, char *input_P,
121 int radix_Q, char *input_Q, int radix_N,
122 char *input_N, int radix_E, char *input_E,
123 char *result_hex_str )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000124{
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100125 int res;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000126 unsigned char message_str[1000];
127 unsigned char hash_result[1000];
128 unsigned char output[1000];
129 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200130 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100131 mbedtls_mpi N, P, Q, E;
Paul Bakkereaf90d92011-07-13 14:21:52 +0000132 int hash_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200133 rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000134
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200135 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100136 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
137 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Paul Bakker821fb082009-07-12 13:26:42 +0000138
Paul Bakker42a29bf2009-07-07 20:18:41 +0000139 memset( message_str, 0x00, 1000 );
140 memset( hash_result, 0x00, 1000 );
141 memset( output, 0x00, 1000 );
142 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200143 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000144
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100145 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
146 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
147 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
148 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000149
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100150 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
151 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100152 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200153 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000154
Paul Bakker33b43f12013-08-20 11:48:36 +0200155 unhexify( message_str, message_hex_string );
156 hash_len = unhexify( hash_result, hash_result_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000157
Hanno Becker8fd55482017-08-23 14:07:48 +0100158 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
159 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
160 hash_len, hash_result, output ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000161
162 hexify( output_str, output, ctx.len );
163
Paul Bakker33b43f12013-08-20 11:48:36 +0200164 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker6c591fa2011-05-05 11:49:20 +0000165
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100166 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200167 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100168 {
169 memset( output, 0x00, 1000 );
170 memset( output_str, 0x00, 1000 );
171
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100172 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200173 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100174 hash_len, hash_result, output );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100175
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100176#if !defined(MBEDTLS_RSA_ALT)
177 TEST_ASSERT( res == 0 );
178#else
179 TEST_ASSERT( ( res == 0 ) ||
180 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
181#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100182
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100183 if( res == 0 )
184 {
185 hexify( output_str, output, ctx.len );
186 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
187 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100188 }
189
Paul Bakkerbd51b262014-07-10 15:26:12 +0200190exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100191 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
192 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
193
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200194 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000195}
Paul Bakker33b43f12013-08-20 11:48:36 +0200196/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000197
Paul Bakker33b43f12013-08-20 11:48:36 +0200198/* BEGIN_CASE */
199void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
200 int padding_mode, int mod, int radix_N,
201 char *input_N, int radix_E, char *input_E,
202 char *result_hex_str, int correct )
Paul Bakker821fb082009-07-12 13:26:42 +0000203{
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100204 int res;
Paul Bakker821fb082009-07-12 13:26:42 +0000205 unsigned char message_str[1000];
206 unsigned char hash_result[1000];
207 unsigned char result_str[1000];
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100208 unsigned char output[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200209 mbedtls_rsa_context ctx;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100210 size_t hash_len, olen;
Paul Bakker821fb082009-07-12 13:26:42 +0000211
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100212 mbedtls_mpi N, E;
213 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
214
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200215 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000216 memset( message_str, 0x00, 1000 );
217 memset( hash_result, 0x00, 1000 );
218 memset( result_str, 0x00, 1000 );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100219 memset( output, 0x00, sizeof( output ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000220
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100221 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
222 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000223
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100224 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
225 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200226 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000227
Paul Bakker33b43f12013-08-20 11:48:36 +0200228 unhexify( message_str, message_hex_string );
229 hash_len = unhexify( hash_result, hash_result_string );
230 unhexify( result_str, result_hex_str );
Paul Bakker821fb082009-07-12 13:26:42 +0000231
Hanno Becker8fd55482017-08-23 14:07:48 +0100232 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
233 MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
234 hash_len, hash_result,
235 result_str ) == correct );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100236
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100237 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200238 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100239 {
240 int ok;
241
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100242 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200243 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100244 &olen, result_str, output, sizeof( output ) );
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100245
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100246#if !defined(MBEDTLS_RSA_ALT)
247 TEST_ASSERT( res == 0 );
248#else
249 TEST_ASSERT( ( res == 0 ) ||
250 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
251#endif
252
253 if( res == 0 )
254 {
255 ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
256 if( correct == 0 )
257 TEST_ASSERT( ok == 1 );
258 else
259 TEST_ASSERT( ok == 0 );
260 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100261 }
262
Paul Bakkerbd51b262014-07-10 15:26:12 +0200263exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100264 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200265 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000266}
Paul Bakker33b43f12013-08-20 11:48:36 +0200267/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000268
Paul Bakker33b43f12013-08-20 11:48:36 +0200269/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200270void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200271 int radix_N, char *input_N, int radix_E, char *input_E,
272 char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000273{
274 unsigned char message_str[1000];
275 unsigned char output[1000];
276 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200277 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000278 size_t msg_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000279 rnd_pseudo_info rnd_info;
280
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100281 mbedtls_mpi N, E;
282 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
283
Paul Bakker997bbd12011-03-13 15:45:42 +0000284 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000285
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200286 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000287 memset( message_str, 0x00, 1000 );
288 memset( output, 0x00, 1000 );
289 memset( output_str, 0x00, 1000 );
290
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100291 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
292 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000293
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100294 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
295 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200296 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000297
Paul Bakker33b43f12013-08-20 11:48:36 +0200298 msg_len = unhexify( message_str, message_hex_string );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000299
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100300 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
301 MBEDTLS_RSA_PUBLIC, msg_len,
302 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200303 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000304 {
305 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000306
Paul Bakker33b43f12013-08-20 11:48:36 +0200307 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000308 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100309
Paul Bakkerbd51b262014-07-10 15:26:12 +0200310exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100311 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200312 mbedtls_rsa_free( &ctx );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000313}
Paul Bakker33b43f12013-08-20 11:48:36 +0200314/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000315
Paul Bakker33b43f12013-08-20 11:48:36 +0200316/* BEGIN_CASE */
317void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
318 int mod, int radix_N, char *input_N,
319 int radix_E, char *input_E,
320 char *result_hex_str, int result )
Paul Bakkera6656852010-07-18 19:47:14 +0000321{
322 unsigned char message_str[1000];
323 unsigned char output[1000];
324 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200325 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000326 size_t msg_len;
Paul Bakkera6656852010-07-18 19:47:14 +0000327
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100328 mbedtls_mpi N, E;
329
330 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200331 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000332 memset( message_str, 0x00, 1000 );
333 memset( output, 0x00, 1000 );
334 memset( output_str, 0x00, 1000 );
335
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100336 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
337 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000338
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100339 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
340 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200341 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000342
Paul Bakker33b43f12013-08-20 11:48:36 +0200343 msg_len = unhexify( message_str, message_hex_string );
Paul Bakkera6656852010-07-18 19:47:14 +0000344
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100345 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
346 MBEDTLS_RSA_PUBLIC, msg_len,
347 message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200348 if( result == 0 )
Paul Bakkera6656852010-07-18 19:47:14 +0000349 {
350 hexify( output_str, output, ctx.len );
351
Paul Bakker33b43f12013-08-20 11:48:36 +0200352 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakkera6656852010-07-18 19:47:14 +0000353 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100354
Paul Bakkerbd51b262014-07-10 15:26:12 +0200355exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100356 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200357 mbedtls_rsa_free( &ctx );
Paul Bakkera6656852010-07-18 19:47:14 +0000358}
Paul Bakker33b43f12013-08-20 11:48:36 +0200359/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000360
Paul Bakker33b43f12013-08-20 11:48:36 +0200361/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200362void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
Paul Bakker33b43f12013-08-20 11:48:36 +0200363 int radix_P, char *input_P, int radix_Q, char *input_Q,
364 int radix_N, char *input_N, int radix_E, char *input_E,
365 int max_output, char *result_hex_str, int result )
Paul Bakker42a29bf2009-07-07 20:18:41 +0000366{
367 unsigned char message_str[1000];
Paul Bakker42a29bf2009-07-07 20:18:41 +0000368 unsigned char output[1000];
369 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200370 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000371 size_t output_len;
Paul Bakker548957d2013-08-30 10:30:02 +0200372 rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100373 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000374
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100375 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
376 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
377
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200378 mbedtls_rsa_init( &ctx, padding_mode, 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000379
380 memset( message_str, 0x00, 1000 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000381 memset( output, 0x00, 1000 );
382 memset( output_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200383 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000384
Paul Bakker42a29bf2009-07-07 20:18:41 +0000385
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100386 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
387 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
388 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
389 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000390
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100391 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
392 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100393 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200394 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000395
Paul Bakker33b43f12013-08-20 11:48:36 +0200396 unhexify( message_str, message_hex_string );
Paul Bakker69998dd2009-07-11 19:15:20 +0000397 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000398
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200399 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200400 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000401 {
402 hexify( output_str, output, ctx.len );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000403
Paul Bakker33b43f12013-08-20 11:48:36 +0200404 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000405 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000406
Paul Bakkerbd51b262014-07-10 15:26:12 +0200407exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100408 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
409 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200410 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000411}
Paul Bakker33b43f12013-08-20 11:48:36 +0200412/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000413
Paul Bakker33b43f12013-08-20 11:48:36 +0200414/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200415void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
Paul Bakker33b43f12013-08-20 11:48:36 +0200416 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000417{
418 unsigned char message_str[1000];
419 unsigned char output[1000];
420 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200421 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000422
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100423 mbedtls_mpi N, E;
424
425 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200426 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
427 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000428 memset( message_str, 0x00, 1000 );
429 memset( output, 0x00, 1000 );
430 memset( output_str, 0x00, 1000 );
431
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100432 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
433 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000434
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100435 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
436 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200437 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000438
Paul Bakker33b43f12013-08-20 11:48:36 +0200439 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000440
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200441 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200442 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000443 {
444 hexify( output_str, output, ctx.len );
445
Paul Bakker33b43f12013-08-20 11:48:36 +0200446 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000447 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100448
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100449 /* And now with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200450 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200451 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200452 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100453
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200454 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100455
456 memset( output, 0x00, 1000 );
457 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200458 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100459 if( result == 0 )
460 {
461 hexify( output_str, output, ctx2.len );
462
463 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
464 }
465
Paul Bakkerbd51b262014-07-10 15:26:12 +0200466exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100467 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200468 mbedtls_rsa_free( &ctx );
469 mbedtls_rsa_free( &ctx2 );
Paul Bakker821fb082009-07-12 13:26:42 +0000470}
Paul Bakker33b43f12013-08-20 11:48:36 +0200471/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000472
Paul Bakker33b43f12013-08-20 11:48:36 +0200473/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200474void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
Paul Bakker33b43f12013-08-20 11:48:36 +0200475 int radix_Q, char *input_Q, int radix_N, char *input_N,
476 int radix_E, char *input_E, char *result_hex_str, int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000477{
478 unsigned char message_str[1000];
479 unsigned char output[1000];
480 unsigned char output_str[1000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200481 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100482 mbedtls_mpi N, P, Q, E;
Paul Bakker548957d2013-08-30 10:30:02 +0200483 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200484 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000485
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100486 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
487 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200488 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
489 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000490
491 memset( message_str, 0x00, 1000 );
Paul Bakker548957d2013-08-30 10:30:02 +0200492 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
Paul Bakker821fb082009-07-12 13:26:42 +0000493
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100494 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
495 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
496 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
497 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000498
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100499 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
500 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
Hanno Becker7f25f852017-10-10 16:56:22 +0100501 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200502 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000503
Paul Bakker33b43f12013-08-20 11:48:36 +0200504 unhexify( message_str, message_hex_string );
Paul Bakker821fb082009-07-12 13:26:42 +0000505
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200506 /* repeat three times to test updating of blinding values */
507 for( i = 0; i < 3; i++ )
Paul Bakker821fb082009-07-12 13:26:42 +0000508 {
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200509 memset( output, 0x00, 1000 );
510 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200511 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200512 message_str, output ) == result );
513 if( result == 0 )
514 {
515 hexify( output_str, output, ctx.len );
Paul Bakker821fb082009-07-12 13:26:42 +0000516
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200517 TEST_ASSERT( strcasecmp( (char *) output_str,
518 result_hex_str ) == 0 );
519 }
Paul Bakker821fb082009-07-12 13:26:42 +0000520 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000521
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100522 /* And now one more time with the copy */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200523 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200524 /* clear the original to be sure */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200525 mbedtls_rsa_free( &ctx );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100526
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200527 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100528
529 memset( output, 0x00, 1000 );
530 memset( output_str, 0x00, 1000 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200531 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100532 message_str, output ) == result );
533 if( result == 0 )
534 {
535 hexify( output_str, output, ctx2.len );
536
537 TEST_ASSERT( strcasecmp( (char *) output_str,
538 result_hex_str ) == 0 );
539 }
540
Paul Bakkerbd51b262014-07-10 15:26:12 +0200541exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100542 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
543 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
544
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200545 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
Paul Bakker42a29bf2009-07-07 20:18:41 +0000546}
Paul Bakker33b43f12013-08-20 11:48:36 +0200547/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000548
Paul Bakker33b43f12013-08-20 11:48:36 +0200549/* BEGIN_CASE */
550void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000551{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200552 mbedtls_rsa_context ctx;
553 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000554
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200555 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000556}
Paul Bakker33b43f12013-08-20 11:48:36 +0200557/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000558
Paul Bakker33b43f12013-08-20 11:48:36 +0200559/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200560void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
Paul Bakker33b43f12013-08-20 11:48:36 +0200561 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000562{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200563 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100564 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000565
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100566 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200567 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000568
Paul Bakker33b43f12013-08-20 11:48:36 +0200569 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000570 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100571 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000572 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200573 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000574 {
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100575 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000576 }
577
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100578 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200579 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100580
Paul Bakkerbd51b262014-07-10 15:26:12 +0200581exit:
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100582 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200583 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000584}
Paul Bakker33b43f12013-08-20 11:48:36 +0200585/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000586
Paul Bakker33b43f12013-08-20 11:48:36 +0200587/* BEGIN_CASE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200588void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
Paul Bakker33b43f12013-08-20 11:48:36 +0200589 char *input_Q, int radix_N, char *input_N,
590 int radix_E, char *input_E, int radix_D, char *input_D,
591 int radix_DP, char *input_DP, int radix_DQ,
592 char *input_DQ, int radix_QP, char *input_QP,
593 int result )
Paul Bakker821fb082009-07-12 13:26:42 +0000594{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200595 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000596
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200597 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000598
Paul Bakker33b43f12013-08-20 11:48:36 +0200599 ctx.len = mod / 8;
600 if( strlen( input_P ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000601 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200602 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000603 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200604 if( strlen( input_Q ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000605 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200606 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000607 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200608 if( strlen( input_N ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000609 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200610 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000611 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200612 if( strlen( input_E ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000613 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200614 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000615 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200616 if( strlen( input_D ) )
Paul Bakker821fb082009-07-12 13:26:42 +0000617 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200618 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000619 }
Hanno Becker131134f2017-08-23 08:31:07 +0100620#if !defined(MBEDTLS_RSA_NO_CRT)
Paul Bakker33b43f12013-08-20 11:48:36 +0200621 if( strlen( input_DP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000622 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200623 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000624 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200625 if( strlen( input_DQ ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000626 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200627 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000628 }
Paul Bakker33b43f12013-08-20 11:48:36 +0200629 if( strlen( input_QP ) )
Paul Bakker31417a72012-09-27 20:41:37 +0000630 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200631 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
Paul Bakker31417a72012-09-27 20:41:37 +0000632 }
Hanno Becker131134f2017-08-23 08:31:07 +0100633#else
634 ((void) radix_DP); ((void) input_DP);
635 ((void) radix_DQ); ((void) input_DQ);
636 ((void) radix_QP); ((void) input_QP);
637#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000638
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200639 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100640
Paul Bakkerbd51b262014-07-10 15:26:12 +0200641exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200642 mbedtls_rsa_free( &ctx );
Paul Bakker821fb082009-07-12 13:26:42 +0000643}
Paul Bakker33b43f12013-08-20 11:48:36 +0200644/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000645
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100646/* BEGIN_CASE */
647void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
648 int radix_Epub, char *input_Epub,
649 int radix_P, char *input_P, int radix_Q,
650 char *input_Q, int radix_N, char *input_N,
651 int radix_E, char *input_E, int radix_D, char *input_D,
652 int radix_DP, char *input_DP, int radix_DQ,
653 char *input_DQ, int radix_QP, char *input_QP,
654 int result )
655{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200656 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100657
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200658 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
659 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100660
661 pub.len = mod / 8;
662 prv.len = mod / 8;
663
664 if( strlen( input_Npub ) )
665 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200666 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100667 }
668 if( strlen( input_Epub ) )
669 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200670 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100671 }
672
673 if( strlen( input_P ) )
674 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200675 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100676 }
677 if( strlen( input_Q ) )
678 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200679 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100680 }
681 if( strlen( input_N ) )
682 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200683 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100684 }
685 if( strlen( input_E ) )
686 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200687 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100688 }
689 if( strlen( input_D ) )
690 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200691 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100692 }
Hanno Becker131134f2017-08-23 08:31:07 +0100693#if !defined(MBEDTLS_RSA_NO_CRT)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100694 if( strlen( input_DP ) )
695 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200696 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100697 }
698 if( strlen( input_DQ ) )
699 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200700 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100701 }
702 if( strlen( input_QP ) )
703 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200704 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100705 }
Hanno Becker131134f2017-08-23 08:31:07 +0100706#else
707 ((void) radix_DP); ((void) input_DP);
708 ((void) radix_DQ); ((void) input_DQ);
709 ((void) radix_QP); ((void) input_QP);
710#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100711
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200712 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100713
714exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200715 mbedtls_rsa_free( &pub );
716 mbedtls_rsa_free( &prv );
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100717}
718/* END_CASE */
719
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100720/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200721void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000722{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200723 mbedtls_rsa_context ctx;
724 mbedtls_entropy_context entropy;
725 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200726 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000727
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200728 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200729 mbedtls_entropy_init( &entropy );
Hanno Becker7e8e57c2017-07-23 10:19:29 +0100730 mbedtls_rsa_init ( &ctx, 0, 0 );
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000731
Paul Bakker821fb082009-07-12 13:26:42 +0000732 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200733 (const unsigned char *) pers, strlen( pers ) ) == 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000734
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200735 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200736 if( result == 0 )
Paul Bakker821fb082009-07-12 13:26:42 +0000737 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200738 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
Janos Follathef441782016-09-21 13:18:12 +0100739 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
Paul Bakker821fb082009-07-12 13:26:42 +0000740 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100741
Paul Bakkerbd51b262014-07-10 15:26:12 +0200742exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200743 mbedtls_rsa_free( &ctx );
744 mbedtls_ctr_drbg_free( &ctr_drbg );
745 mbedtls_entropy_free( &entropy );
Paul Bakker821fb082009-07-12 13:26:42 +0000746}
Paul Bakker33b43f12013-08-20 11:48:36 +0200747/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000748
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100749/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Becker0f65e0c2017-10-03 14:39:16 +0100750void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100751 int radix_D, char *input_D,
752 int radix_E, char *input_E,
753 int radix_P, char *output_P,
754 int radix_Q, char *output_Q,
755 int corrupt, int result )
756{
757 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
758
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100759 mbedtls_mpi_init( &N );
760 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
761 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
762 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
763
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100764 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
765 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
766 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
767 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
768 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
769
770 if( corrupt )
771 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
772
773 /* Try to deduce P, Q from N, D, E only. */
Hanno Beckerf9e184b2017-10-10 16:49:26 +0100774 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100775
776 if( !corrupt )
777 {
778 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
779 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
780 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
781 }
782
783exit:
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100784 mbedtls_mpi_free( &N );
785 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
786 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
787 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100788}
789/* END_CASE */
790
Hanno Becker6b4ce492017-08-23 11:00:21 +0100791/* BEGIN_CASE */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100792void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
793 int radix_Q, char *input_Q,
794 int radix_E, char *input_E,
795 int radix_D, char *output_D,
796 int corrupt, int result )
Hanno Becker6b4ce492017-08-23 11:00:21 +0100797{
798 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
799
800 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
801 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
802 mbedtls_mpi_init( &E );
803 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
804
805 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
806 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
807 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
808 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
809
810 if( corrupt )
811 {
812 /* Make E even */
813 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
814 }
815
816 /* Try to deduce D from N, P, Q, E. */
Hanno Becker8ba6ce42017-10-03 14:36:26 +0100817 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
818 &E, &D ) == result );
Hanno Becker6b4ce492017-08-23 11:00:21 +0100819
820 if( !corrupt )
821 {
822 /*
823 * Check that D and Dp agree modulo LCM(P-1, Q-1).
824 */
825
826 /* Replace P,Q by P-1, Q-1 */
827 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
828 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
829
830 /* Check D == Dp modulo P-1 */
831 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
832 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
833 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
834
835 /* Check D == Dp modulo Q-1 */
836 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
837 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
838 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
839 }
840
841exit:
842
843 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
844 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
845 mbedtls_mpi_free( &E );
846 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
847}
848/* END_CASE */
849
Hanno Beckerc77ab892017-08-23 11:01:06 +0100850/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
851void mbedtls_rsa_import( int radix_N, char *input_N,
852 int radix_P, char *input_P,
853 int radix_Q, char *input_Q,
854 int radix_D, char *input_D,
855 int radix_E, char *input_E,
856 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +0100857 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +0100858 int res_check,
859 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100860{
861 mbedtls_mpi N, P, Q, D, E;
862 mbedtls_rsa_context ctx;
863
Hanno Beckere1582a82017-09-29 11:51:05 +0100864 /* Buffers used for encryption-decryption test */
865 unsigned char *buf_orig = NULL;
866 unsigned char *buf_enc = NULL;
867 unsigned char *buf_dec = NULL;
868
Hanno Beckerc77ab892017-08-23 11:01:06 +0100869 mbedtls_entropy_context entropy;
870 mbedtls_ctr_drbg_context ctr_drbg;
871 const char *pers = "test_suite_rsa";
872
Hanno Becker4d6e8342017-09-29 11:50:18 +0100873 const int have_N = ( strlen( input_N ) > 0 );
874 const int have_P = ( strlen( input_P ) > 0 );
875 const int have_Q = ( strlen( input_Q ) > 0 );
876 const int have_D = ( strlen( input_D ) > 0 );
877 const int have_E = ( strlen( input_E ) > 0 );
878
Hanno Beckerc77ab892017-08-23 11:01:06 +0100879 mbedtls_ctr_drbg_init( &ctr_drbg );
880
881 mbedtls_entropy_init( &entropy );
882 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
883 (const unsigned char *) pers, strlen( pers ) ) == 0 );
884
885 mbedtls_rsa_init( &ctx, 0, 0 );
886
887 mbedtls_mpi_init( &N );
888 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
889 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
890
Hanno Becker4d6e8342017-09-29 11:50:18 +0100891 if( have_N )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100892 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
893
Hanno Becker4d6e8342017-09-29 11:50:18 +0100894 if( have_P )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100895 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
896
Hanno Becker4d6e8342017-09-29 11:50:18 +0100897 if( have_Q )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100898 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
899
Hanno Becker4d6e8342017-09-29 11:50:18 +0100900 if( have_D )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100901 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
902
Hanno Becker4d6e8342017-09-29 11:50:18 +0100903 if( have_E )
Hanno Beckerc77ab892017-08-23 11:01:06 +0100904 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
905
906 if( !successive )
907 {
908 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100909 have_N ? &N : NULL,
910 have_P ? &P : NULL,
911 have_Q ? &Q : NULL,
912 have_D ? &D : NULL,
913 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100914 }
915 else
916 {
917 /* Import N, P, Q, D, E separately.
918 * This should make no functional difference. */
919
920 TEST_ASSERT( mbedtls_rsa_import( &ctx,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100921 have_N ? &N : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100922 NULL, NULL, NULL, NULL ) == 0 );
923
924 TEST_ASSERT( mbedtls_rsa_import( &ctx,
925 NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100926 have_P ? &P : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100927 NULL, NULL, NULL ) == 0 );
928
929 TEST_ASSERT( mbedtls_rsa_import( &ctx,
930 NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100931 have_Q ? &Q : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100932 NULL, NULL ) == 0 );
933
934 TEST_ASSERT( mbedtls_rsa_import( &ctx,
935 NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100936 have_D ? &D : NULL,
Hanno Beckerc77ab892017-08-23 11:01:06 +0100937 NULL ) == 0 );
938
939 TEST_ASSERT( mbedtls_rsa_import( &ctx,
940 NULL, NULL, NULL, NULL,
Hanno Becker4d6e8342017-09-29 11:50:18 +0100941 have_E ? &E : NULL ) == 0 );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100942 }
943
Hanno Becker04877a42017-10-11 10:01:33 +0100944 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +0100945
Hanno Beckere1582a82017-09-29 11:51:05 +0100946 /* On expected success, perform some public and private
947 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +0100948 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +0100949 {
Hanno Beckere1582a82017-09-29 11:51:05 +0100950 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +0100951 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
952 else
953 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
954
955 if( res_check != 0 )
956 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +0100957
958 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
959 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
960 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
961 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
962 goto exit;
963
964 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
965 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
966
967 /* Make sure the number we're generating is smaller than the modulus */
968 buf_orig[0] = 0x00;
969
970 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
971
972 if( is_priv )
973 {
974 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
975 &ctr_drbg, buf_enc,
976 buf_dec ) == 0 );
977
978 TEST_ASSERT( memcmp( buf_orig, buf_dec,
979 mbedtls_rsa_get_len( &ctx ) ) == 0 );
980 }
981 }
982
Hanno Beckerc77ab892017-08-23 11:01:06 +0100983exit:
984
Hanno Beckere1582a82017-09-29 11:51:05 +0100985 mbedtls_free( buf_orig );
986 mbedtls_free( buf_enc );
987 mbedtls_free( buf_dec );
988
Hanno Beckerc77ab892017-08-23 11:01:06 +0100989 mbedtls_rsa_free( &ctx );
990
991 mbedtls_ctr_drbg_free( &ctr_drbg );
992 mbedtls_entropy_free( &entropy );
993
994 mbedtls_mpi_free( &N );
995 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
996 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
997}
998/* END_CASE */
999
Hanno Becker417f2d62017-08-23 11:44:51 +01001000/* BEGIN_CASE */
1001void mbedtls_rsa_export( int radix_N, char *input_N,
1002 int radix_P, char *input_P,
1003 int radix_Q, char *input_Q,
1004 int radix_D, char *input_D,
1005 int radix_E, char *input_E,
Hanno Beckere1582a82017-09-29 11:51:05 +01001006 int is_priv,
Hanno Becker417f2d62017-08-23 11:44:51 +01001007 int successive )
1008{
1009 /* Original MPI's with which we set up the RSA context */
1010 mbedtls_mpi N, P, Q, D, E;
1011
1012 /* Exported MPI's */
1013 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1014
1015 const int have_N = ( strlen( input_N ) > 0 );
1016 const int have_P = ( strlen( input_P ) > 0 );
1017 const int have_Q = ( strlen( input_Q ) > 0 );
1018 const int have_D = ( strlen( input_D ) > 0 );
1019 const int have_E = ( strlen( input_E ) > 0 );
1020
Hanno Becker417f2d62017-08-23 11:44:51 +01001021 mbedtls_rsa_context ctx;
1022
1023 mbedtls_rsa_init( &ctx, 0, 0 );
1024
1025 mbedtls_mpi_init( &N );
1026 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1027 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1028
1029 mbedtls_mpi_init( &Ne );
1030 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1031 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1032
1033 /* Setup RSA context */
1034
1035 if( have_N )
1036 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1037
1038 if( have_P )
1039 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1040
1041 if( have_Q )
1042 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1043
1044 if( have_D )
1045 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1046
1047 if( have_E )
1048 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1049
1050 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1051 strlen( input_N ) ? &N : NULL,
1052 strlen( input_P ) ? &P : NULL,
1053 strlen( input_Q ) ? &Q : NULL,
1054 strlen( input_D ) ? &D : NULL,
1055 strlen( input_E ) ? &E : NULL ) == 0 );
1056
Hanno Becker7f25f852017-10-10 16:56:22 +01001057 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +01001058
1059 /*
1060 * Export parameters and compare to original ones.
1061 */
1062
1063 /* N and E must always be present. */
1064 if( !successive )
1065 {
1066 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1067 }
1068 else
1069 {
1070 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1071 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1072 }
1073 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1074 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1075
1076 /* If we were providing enough information to setup a complete private context,
1077 * we expect to be able to export all core parameters. */
1078
1079 if( is_priv )
1080 {
1081 if( !successive )
1082 {
1083 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1084 &De, NULL ) == 0 );
1085 }
1086 else
1087 {
1088 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1089 NULL, NULL ) == 0 );
1090 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1091 NULL, NULL ) == 0 );
1092 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1093 &De, NULL ) == 0 );
1094 }
1095
1096 if( have_P )
1097 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1098
1099 if( have_Q )
1100 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1101
1102 if( have_D )
1103 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1104
1105 /* While at it, perform a sanity check */
Hanno Becker750e8b42017-08-25 07:54:27 +01001106 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1107 NULL, NULL ) == 0 );
Hanno Becker417f2d62017-08-23 11:44:51 +01001108 }
1109
1110exit:
1111
1112 mbedtls_rsa_free( &ctx );
1113
1114 mbedtls_mpi_free( &N );
1115 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1116 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1117
1118 mbedtls_mpi_free( &Ne );
1119 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1120 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1121}
1122/* END_CASE */
1123
Hanno Beckerce002632017-08-23 13:22:36 +01001124/* BEGIN_CASE */
Hanno Becker750e8b42017-08-25 07:54:27 +01001125void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1126 int radix_P, char *input_P,
1127 int radix_Q, char *input_Q,
1128 int radix_D, char *input_D,
1129 int radix_E, char *input_E,
1130 int prng, int result )
Hanno Beckerce002632017-08-23 13:22:36 +01001131{
1132 /* Original MPI's with which we set up the RSA context */
1133 mbedtls_mpi N, P, Q, D, E;
1134
1135 const int have_N = ( strlen( input_N ) > 0 );
1136 const int have_P = ( strlen( input_P ) > 0 );
1137 const int have_Q = ( strlen( input_Q ) > 0 );
1138 const int have_D = ( strlen( input_D ) > 0 );
1139 const int have_E = ( strlen( input_E ) > 0 );
1140
1141 mbedtls_entropy_context entropy;
1142 mbedtls_ctr_drbg_context ctr_drbg;
1143 const char *pers = "test_suite_rsa";
1144
1145 mbedtls_mpi_init( &N );
1146 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1147 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1148
1149 mbedtls_ctr_drbg_init( &ctr_drbg );
1150 mbedtls_entropy_init( &entropy );
1151 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1152 &entropy, (const unsigned char *) pers,
1153 strlen( pers ) ) == 0 );
1154
1155 if( have_N )
1156 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1157
1158 if( have_P )
1159 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1160
1161 if( have_Q )
1162 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1163
1164 if( have_D )
1165 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1166
1167 if( have_E )
1168 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1169
Hanno Becker750e8b42017-08-25 07:54:27 +01001170 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1171 have_P ? &P : NULL,
1172 have_Q ? &Q : NULL,
1173 have_D ? &D : NULL,
1174 have_E ? &E : NULL,
1175 prng ? mbedtls_ctr_drbg_random : NULL,
1176 prng ? &ctr_drbg : NULL ) == result );
Hanno Beckerce002632017-08-23 13:22:36 +01001177exit:
1178
1179 mbedtls_ctr_drbg_free( &ctr_drbg );
1180 mbedtls_entropy_free( &entropy );
1181
1182 mbedtls_mpi_free( &N );
1183 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1184 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1185}
1186/* END_CASE */
1187
Hanno Beckerc77ab892017-08-23 11:01:06 +01001188/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001189void mbedtls_rsa_export_raw( char *input_N, char *input_P,
1190 char *input_Q, char *input_D,
Hanno Beckere1582a82017-09-29 11:51:05 +01001191 char *input_E, int is_priv,
1192 int successive )
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001193{
1194 /* Original raw buffers with which we set up the RSA context */
1195 unsigned char bufN[1000];
1196 unsigned char bufP[1000];
1197 unsigned char bufQ[1000];
1198 unsigned char bufD[1000];
1199 unsigned char bufE[1000];
1200
1201 size_t lenN = 0;
1202 size_t lenP = 0;
1203 size_t lenQ = 0;
1204 size_t lenD = 0;
1205 size_t lenE = 0;
1206
1207 /* Exported buffers */
1208 unsigned char bufNe[ sizeof( bufN ) ];
1209 unsigned char bufPe[ sizeof( bufP ) ];
1210 unsigned char bufQe[ sizeof( bufQ ) ];
1211 unsigned char bufDe[ sizeof( bufD ) ];
1212 unsigned char bufEe[ sizeof( bufE ) ];
1213
1214 const int have_N = ( strlen( input_N ) > 0 );
1215 const int have_P = ( strlen( input_P ) > 0 );
1216 const int have_Q = ( strlen( input_Q ) > 0 );
1217 const int have_D = ( strlen( input_D ) > 0 );
1218 const int have_E = ( strlen( input_E ) > 0 );
1219
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001220 mbedtls_rsa_context ctx;
1221
1222 mbedtls_rsa_init( &ctx, 0, 0 );
1223
1224 /* Setup RSA context */
1225
1226 if( have_N )
1227 lenN = unhexify( bufN, input_N );
1228
1229 if( have_P )
1230 lenP = unhexify( bufP, input_P );
1231
1232 if( have_Q )
1233 lenQ = unhexify( bufQ, input_Q );
1234
1235 if( have_D )
1236 lenD = unhexify( bufD, input_D );
1237
1238 if( have_E )
1239 lenE = unhexify( bufE, input_E );
1240
1241 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1242 have_N ? bufN : NULL, lenN,
1243 have_P ? bufP : NULL, lenP,
1244 have_Q ? bufQ : NULL, lenQ,
1245 have_D ? bufD : NULL, lenD,
1246 have_E ? bufE : NULL, lenE ) == 0 );
1247
Hanno Becker7f25f852017-10-10 16:56:22 +01001248 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +01001249
1250 /*
1251 * Export parameters and compare to original ones.
1252 */
1253
1254 /* N and E must always be present. */
1255 if( !successive )
1256 {
1257 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1258 NULL, 0, NULL, 0, NULL, 0,
1259 bufEe, lenE ) == 0 );
1260 }
1261 else
1262 {
1263 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
1264 NULL, 0, NULL, 0, NULL, 0,
1265 NULL, 0 ) == 0 );
1266 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1267 NULL, 0, NULL, 0, NULL, 0,
1268 bufEe, lenE ) == 0 );
1269 }
1270 TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
1271 TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
1272
1273 /* If we were providing enough information to setup a complete private context,
1274 * we expect to be able to export all core parameters. */
1275
1276 if( is_priv )
1277 {
1278 if( !successive )
1279 {
1280 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1281 bufPe, lenP ? lenP : sizeof( bufPe ),
1282 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1283 bufDe, lenD ? lenD : sizeof( bufDe ),
1284 NULL, 0 ) == 0 );
1285 }
1286 else
1287 {
1288 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1289 bufPe, lenP ? lenP : sizeof( bufPe ),
1290 NULL, 0, NULL, 0,
1291 NULL, 0 ) == 0 );
1292
1293 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1294 bufQe, lenQ ? lenQ : sizeof( bufQe ),
1295 NULL, 0, NULL, 0 ) == 0 );
1296
1297 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1298 NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
1299 NULL, 0 ) == 0 );
1300 }
1301
1302 if( have_P )
1303 TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
1304
1305 if( have_Q )
1306 TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
1307
1308 if( have_D )
1309 TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
1310
1311 }
1312
1313exit:
1314 mbedtls_rsa_free( &ctx );
1315}
1316/* END_CASE */
1317
1318/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Hanno Beckerc77ab892017-08-23 11:01:06 +01001319void mbedtls_rsa_import_raw( char *input_N,
1320 char *input_P, char *input_Q,
1321 char *input_D, char *input_E,
1322 int successive,
Hanno Beckere1582a82017-09-29 11:51:05 +01001323 int is_priv,
Hanno Becker04877a42017-10-11 10:01:33 +01001324 int res_check,
1325 int res_complete )
Hanno Beckerc77ab892017-08-23 11:01:06 +01001326{
1327 unsigned char bufN[1000];
1328 unsigned char bufP[1000];
1329 unsigned char bufQ[1000];
1330 unsigned char bufD[1000];
1331 unsigned char bufE[1000];
1332
Hanno Beckere1582a82017-09-29 11:51:05 +01001333 /* Buffers used for encryption-decryption test */
1334 unsigned char *buf_orig = NULL;
1335 unsigned char *buf_enc = NULL;
1336 unsigned char *buf_dec = NULL;
1337
Hanno Beckerc77ab892017-08-23 11:01:06 +01001338 size_t lenN = 0;
1339 size_t lenP = 0;
1340 size_t lenQ = 0;
1341 size_t lenD = 0;
1342 size_t lenE = 0;
1343
1344 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +01001345 mbedtls_entropy_context entropy;
1346 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +01001347
Hanno Beckerc77ab892017-08-23 11:01:06 +01001348 const char *pers = "test_suite_rsa";
1349
1350 mbedtls_ctr_drbg_init( &ctr_drbg );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001351 mbedtls_entropy_init( &entropy );
Hanno Becker3f3ae852017-10-02 10:08:39 +01001352 mbedtls_rsa_init( &ctx, 0, 0 );
1353
Hanno Beckerc77ab892017-08-23 11:01:06 +01001354 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1355 &entropy, (const unsigned char *) pers,
1356 strlen( pers ) ) == 0 );
1357
Hanno Beckerc77ab892017-08-23 11:01:06 +01001358 if( strlen( input_N ) )
1359 lenN = unhexify( bufN, input_N );
1360
1361 if( strlen( input_P ) )
1362 lenP = unhexify( bufP, input_P );
1363
1364 if( strlen( input_Q ) )
1365 lenQ = unhexify( bufQ, input_Q );
1366
1367 if( strlen( input_D ) )
1368 lenD = unhexify( bufD, input_D );
1369
1370 if( strlen( input_E ) )
1371 lenE = unhexify( bufE, input_E );
1372
1373 if( !successive )
1374 {
1375 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1376 ( lenN > 0 ) ? bufN : NULL, lenN,
1377 ( lenP > 0 ) ? bufP : NULL, lenP,
1378 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1379 ( lenD > 0 ) ? bufD : NULL, lenD,
1380 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1381 }
1382 else
1383 {
1384 /* Import N, P, Q, D, E separately.
1385 * This should make no functional difference. */
1386
1387 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1388 ( lenN > 0 ) ? bufN : NULL, lenN,
1389 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1390
1391 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1392 NULL, 0,
1393 ( lenP > 0 ) ? bufP : NULL, lenP,
1394 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1395
1396 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1397 NULL, 0, NULL, 0,
1398 ( lenQ > 0 ) ? bufQ : NULL, lenQ,
1399 NULL, 0, NULL, 0 ) == 0 );
1400
1401 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1402 NULL, 0, NULL, 0, NULL, 0,
1403 ( lenD > 0 ) ? bufD : NULL, lenD,
1404 NULL, 0 ) == 0 );
1405
1406 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1407 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1408 ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
1409 }
1410
Hanno Becker04877a42017-10-11 10:01:33 +01001411 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
Hanno Beckerc77ab892017-08-23 11:01:06 +01001412
Hanno Beckere1582a82017-09-29 11:51:05 +01001413 /* On expected success, perform some public and private
1414 * key operations to check if the key is working properly. */
Hanno Becker04877a42017-10-11 10:01:33 +01001415 if( res_complete == 0 )
Hanno Beckere1582a82017-09-29 11:51:05 +01001416 {
Hanno Beckere1582a82017-09-29 11:51:05 +01001417 if( is_priv )
Hanno Becker04877a42017-10-11 10:01:33 +01001418 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1419 else
1420 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1421
1422 if( res_check != 0 )
1423 goto exit;
Hanno Beckere1582a82017-09-29 11:51:05 +01001424
1425 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1426 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1427 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1428 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1429 goto exit;
1430
1431 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1432 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1433
1434 /* Make sure the number we're generating is smaller than the modulus */
1435 buf_orig[0] = 0x00;
1436
1437 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1438
1439 if( is_priv )
1440 {
1441 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1442 &ctr_drbg, buf_enc,
1443 buf_dec ) == 0 );
1444
1445 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1446 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1447 }
1448 }
1449
Hanno Beckerc77ab892017-08-23 11:01:06 +01001450exit:
1451
Hanno Becker3f3ae852017-10-02 10:08:39 +01001452 mbedtls_free( buf_orig );
1453 mbedtls_free( buf_enc );
1454 mbedtls_free( buf_dec );
1455
Hanno Beckerc77ab892017-08-23 11:01:06 +01001456 mbedtls_rsa_free( &ctx );
1457
1458 mbedtls_ctr_drbg_free( &ctr_drbg );
1459 mbedtls_entropy_free( &entropy );
1460
1461}
1462/* END_CASE */
1463
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001464/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +02001465void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +00001466{
Andres AG93012e82016-09-09 09:10:28 +01001467 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
Paul Bakker42a29bf2009-07-07 20:18:41 +00001468}
Paul Bakker33b43f12013-08-20 11:48:36 +02001469/* END_CASE */