Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / suites / test_suite_rsa.function
blob: e82452927ed70028534e6ce9560c1981fb415e80 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/* BEGIN_HEADER */
2#include "mbedtls/rsa.h"
3#include "rsa_alt_helpers.h"
4#include "rsa_internal.h"
5/* END_HEADER */
6
7/* BEGIN_DEPENDENCIES
8 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
9 * END_DEPENDENCIES
10 */
11
12/* BEGIN_CASE */
13void rsa_invalid_param()
14{
15 mbedtls_rsa_context ctx;
16 const int invalid_padding = 42;
17 const int invalid_hash_id = 0xff;
18 unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
19 size_t buf_len = sizeof(buf);
20
21 mbedtls_rsa_init(&ctx);
22
23 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
24 invalid_padding,
25 MBEDTLS_MD_NONE),
26 MBEDTLS_ERR_RSA_INVALID_PADDING);
27
28 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
29 MBEDTLS_RSA_PKCS_V21,
30 invalid_hash_id),
31 MBEDTLS_ERR_RSA_INVALID_PADDING);
32
33 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL,
34 NULL, MBEDTLS_MD_NONE,
35 buf_len,
36 NULL, buf),
37 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
38
39 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL,
40 NULL, MBEDTLS_MD_SHA256,
41 0,
42 NULL, buf),
43 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
44
45 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE,
46 buf_len,
47 NULL, buf),
48 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
49
50 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256,
51 0,
52 NULL, buf),
53 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
54
55#if !defined(MBEDTLS_PKCS1_V15)
56 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
57 MBEDTLS_RSA_PKCS_V15,
58 MBEDTLS_MD_NONE),
59 MBEDTLS_ERR_RSA_INVALID_PADDING);
60#endif
61
62#if defined(MBEDTLS_PKCS1_V15)
63 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
64 NULL, MBEDTLS_MD_NONE,
65 buf_len,
66 NULL, buf),
67 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
68
69 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
70 NULL, MBEDTLS_MD_SHA256,
71 0,
72 NULL, buf),
73 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
74
75 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE,
76 buf_len,
77 NULL, buf),
78 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
79
80 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256,
81 0,
82 NULL, buf),
83 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
84
85
86#endif
87
88#if !defined(MBEDTLS_PKCS1_V21)
89 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx,
90 MBEDTLS_RSA_PKCS_V21,
91 MBEDTLS_MD_NONE),
92 MBEDTLS_ERR_RSA_INVALID_PADDING);
93#endif
94
95#if defined(MBEDTLS_PKCS1_V21)
96 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
97 MBEDTLS_MD_NONE, buf_len,
98 NULL, buf_len,
99 buf),
100 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
101
102 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
103 MBEDTLS_MD_SHA256, 0,
104 NULL, buf_len,
105 buf),
106 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
107
108 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE,
109 buf_len, NULL,
110 MBEDTLS_MD_NONE,
111 buf_len, buf),
112 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
113
114 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256,
115 0, NULL,
116 MBEDTLS_MD_NONE,
117 buf_len, buf),
118 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
119
120 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE,
121 buf_len,
122 NULL, buf),
123 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
124
125 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256,
126 0,
127 NULL, buf),
128 MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
129#endif
130
131exit:
132 mbedtls_rsa_free(&ctx);
133}
134/* END_CASE */
135
136/* BEGIN_CASE */
137void rsa_init_free(int reinit)
138{
139 mbedtls_rsa_context ctx;
140
141 /* Double free is not explicitly documented to work, but we rely on it
142 * even inside the library so that you can call mbedtls_rsa_free()
143 * unconditionally on an error path without checking whether it has
144 * already been called in the success path. */
145
146 mbedtls_rsa_init(&ctx);
147 mbedtls_rsa_free(&ctx);
148
149 if (reinit) {
150 mbedtls_rsa_init(&ctx);
151 }
152 mbedtls_rsa_free(&ctx);
153
154 /* This test case always succeeds, functionally speaking. A plausible
155 * bug might trigger an invalid pointer dereference or a memory leak. */
156 goto exit;
157}
158/* END_CASE */
159
160/* BEGIN_CASE */
161void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
162 int digest, int mod, char *input_P,
163 char *input_Q, char *input_N, char *input_E,
164 data_t *result_str, int result)
165{
166 unsigned char output[256];
167 mbedtls_rsa_context ctx;
168 mbedtls_mpi N, P, Q, E;
169 mbedtls_test_rnd_pseudo_info rnd_info;
170
171 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
172 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
173 mbedtls_rsa_init(&ctx);
174 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
175 MBEDTLS_MD_NONE) == 0);
176
177 memset(output, 0x00, sizeof(output));
178 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
179
180 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
181 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
182 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
183 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
184
185 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
186 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
187 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
188 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
189 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
190
191 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(
192 &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info,
193 digest, message_str->len, message_str->x,
194 output) == result);
195 if (result == 0) {
196
197 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
198 ctx.len, result_str->len) == 0);
199 }
200
201exit:
202 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
203 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
204 mbedtls_rsa_free(&ctx);
205}
206/* END_CASE */
207
208/* BEGIN_CASE */
209void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
210 int digest, int mod,
211 char *input_N, char *input_E,
212 data_t *result_str, int result)
213{
214 mbedtls_rsa_context ctx;
215 mbedtls_mpi N, E;
216
217 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
218 mbedtls_rsa_init(&ctx);
219 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
220 MBEDTLS_MD_NONE) == 0);
221
222 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
223 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
224 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
225 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
226 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
227 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
228
229 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
230 result_str->x) == result);
231
232exit:
233 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
234 mbedtls_rsa_free(&ctx);
235}
236/* END_CASE */
237
238
239/* BEGIN_CASE */
240void rsa_pkcs1_sign_raw(data_t *hash_result,
241 int padding_mode, int mod,
242 char *input_P, char *input_Q,
243 char *input_N, char *input_E,
244 data_t *result_str)
245{
246 unsigned char output[256];
247 mbedtls_rsa_context ctx;
248 mbedtls_mpi N, P, Q, E;
249 mbedtls_test_rnd_pseudo_info rnd_info;
250
251 mbedtls_rsa_init(&ctx);
252 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
253 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
254
255 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
256 MBEDTLS_MD_NONE) == 0);
257
258 memset(output, 0x00, sizeof(output));
259 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
260
261 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
262 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
263 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
264 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
265
266 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
267 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
268 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
269 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
270 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
271
272
273 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
274 &rnd_info, MBEDTLS_MD_NONE,
275 hash_result->len,
276 hash_result->x, output) == 0);
277
278
279 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
280 ctx.len, result_str->len) == 0);
281
282exit:
283 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
284 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
285
286 mbedtls_rsa_free(&ctx);
287}
288/* END_CASE */
289
290/* BEGIN_CASE */
291void rsa_pkcs1_verify_raw(data_t *hash_result,
292 int padding_mode, int mod,
293 char *input_N, char *input_E,
294 data_t *result_str, int correct)
295{
296 unsigned char output[256];
297 mbedtls_rsa_context ctx;
298
299 mbedtls_mpi N, E;
300 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
301
302 mbedtls_rsa_init(&ctx);
303 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
304 MBEDTLS_MD_NONE) == 0);
305 memset(output, 0x00, sizeof(output));
306
307 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
308 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
309
310 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
311 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
312 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
313 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
314
315
316 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x,
317 result_str->x) == correct);
318
319exit:
320 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
321 mbedtls_rsa_free(&ctx);
322}
323/* END_CASE */
324
325/* BEGIN_CASE */
326void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
327 int mod, char *input_N, char *input_E,
328 data_t *result_str, int result)
329{
330 unsigned char output[256];
331 mbedtls_rsa_context ctx;
332 mbedtls_test_rnd_pseudo_info rnd_info;
333
334 mbedtls_mpi N, E;
335 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
336
337 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
338
339 mbedtls_rsa_init(&ctx);
340 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
341 MBEDTLS_MD_NONE) == 0);
342 memset(output, 0x00, sizeof(output));
343
344 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
345 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
346
347 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
348 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
349 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
350 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
351
352
353 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
354 &mbedtls_test_rnd_pseudo_rand,
355 &rnd_info, message_str->len,
356 message_str->x,
357 output) == result);
358 if (result == 0) {
359
360 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
361 ctx.len, result_str->len) == 0);
362 }
363
364exit:
365 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
366 mbedtls_rsa_free(&ctx);
367}
368/* END_CASE */
369
370/* BEGIN_CASE */
371void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
372 int mod, char *input_N, char *input_E,
373 data_t *result_str, int result)
374{
375 unsigned char output[256];
376 mbedtls_rsa_context ctx;
377
378 mbedtls_mpi N, E;
379
380 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
381 mbedtls_rsa_init(&ctx);
382 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
383 MBEDTLS_MD_NONE) == 0);
384 memset(output, 0x00, sizeof(output));
385
386 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
387 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
388
389 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
390 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
391 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
392 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
393
394
395 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand,
396 NULL, message_str->len,
397 message_str->x,
398 output) == result);
399 if (result == 0) {
400
401 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
402 ctx.len, result_str->len) == 0);
403 }
404
405exit:
406 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
407 mbedtls_rsa_free(&ctx);
408}
409/* END_CASE */
410
411/* BEGIN_CASE */
412void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
413 int mod, char *input_P,
414 char *input_Q, char *input_N,
415 char *input_E, int max_output,
416 data_t *result_str, int result)
417{
418 unsigned char output[32];
419 mbedtls_rsa_context ctx;
420 size_t output_len;
421 mbedtls_test_rnd_pseudo_info rnd_info;
422 mbedtls_mpi N, P, Q, E;
423
424 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
425 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
426
427 mbedtls_rsa_init(&ctx);
428 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode,
429 MBEDTLS_MD_NONE) == 0);
430
431 memset(output, 0x00, sizeof(output));
432 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
433
434
435 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
436 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
437 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
438 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
439
440 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
441 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
442 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
443 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
444 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
445
446 output_len = 0;
447
448 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand,
449 &rnd_info,
450 &output_len, message_str->x, output,
451 max_output) == result);
452 if (result == 0) {
453
454 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
455 output_len,
456 result_str->len) == 0);
457 }
458
459exit:
460 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
461 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
462 mbedtls_rsa_free(&ctx);
463}
464/* END_CASE */
465
466/* BEGIN_CASE */
467void mbedtls_rsa_public(data_t *message_str, int mod,
468 char *input_N, char *input_E,
469 data_t *result_str, int result)
470{
471 unsigned char output[256];
472 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
473
474 mbedtls_mpi N, E;
475
476 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
477 mbedtls_rsa_init(&ctx);
478 mbedtls_rsa_init(&ctx2);
479 memset(output, 0x00, sizeof(output));
480
481 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
482 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
483
484 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
485
486 /* Check test data consistency */
487 TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
488 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
489 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
490 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
491
492 TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
493 if (result == 0) {
494
495 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
496 ctx.len, result_str->len) == 0);
497 }
498
499 /* And now with the copy */
500 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
501 /* clear the original to be sure */
502 mbedtls_rsa_free(&ctx);
503
504 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0);
505
506 memset(output, 0x00, sizeof(output));
507 TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result);
508 if (result == 0) {
509
510 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
511 ctx.len, result_str->len) == 0);
512 }
513
514exit:
515 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
516 mbedtls_rsa_free(&ctx);
517 mbedtls_rsa_free(&ctx2);
518}
519/* END_CASE */
520
521/* BEGIN_CASE */
522void mbedtls_rsa_private(data_t *message_str, int mod,
523 char *input_P, char *input_Q,
524 char *input_N, char *input_E,
525 data_t *result_str, int result)
526{
527 unsigned char output[256];
528 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
529 mbedtls_mpi N, P, Q, E;
530 mbedtls_test_rnd_pseudo_info rnd_info;
531 int i;
532
533 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
534 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
535 mbedtls_rsa_init(&ctx);
536 mbedtls_rsa_init(&ctx2);
537
538 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
539
540 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
541 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
542 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
543 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
544
545 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
546
547 /* Check test data consistency */
548 TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
549 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
550 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
551 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
552 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
553
554 /* repeat three times to test updating of blinding values */
555 for (i = 0; i < 3; i++) {
556 memset(output, 0x00, sizeof(output));
557 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand,
558 &rnd_info, message_str->x,
559 output) == result);
560 if (result == 0) {
561
562 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
563 ctx.len,
564 result_str->len) == 0);
565 }
566 }
567
568 /* And now one more time with the copy */
569 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
570 /* clear the original to be sure */
571 mbedtls_rsa_free(&ctx);
572
573 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0);
574
575 memset(output, 0x00, sizeof(output));
576 TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand,
577 &rnd_info, message_str->x,
578 output) == result);
579 if (result == 0) {
580
581 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
582 ctx2.len,
583 result_str->len) == 0);
584 }
585
586exit:
587 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
588 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
589
590 mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2);
591}
592/* END_CASE */
593
594/* BEGIN_CASE */
595void rsa_check_privkey_null()
596{
597 mbedtls_rsa_context ctx;
598 memset(&ctx, 0x00, sizeof(mbedtls_rsa_context));
599
600 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
601}
602/* END_CASE */
603
604/* BEGIN_CASE */
605void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result)
606{
607 mbedtls_rsa_context ctx;
608 mbedtls_mpi N, E;
609
610 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
611 mbedtls_rsa_init(&ctx);
612
613 if (strlen(input_N)) {
614 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
615 }
616 if (strlen(input_E)) {
617 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
618 }
619
620 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
621 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result);
622
623exit:
624 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
625 mbedtls_rsa_free(&ctx);
626}
627/* END_CASE */
628
629/* BEGIN_CASE */
630void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q,
631 char *input_N, char *input_E, char *input_D,
632 char *input_DP, char *input_DQ, char *input_QP,
633 int result)
634{
635 mbedtls_rsa_context ctx;
636
637 mbedtls_rsa_init(&ctx);
638
639 ctx.len = mod / 8;
640 if (strlen(input_P)) {
641 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0);
642 }
643 if (strlen(input_Q)) {
644 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0);
645 }
646 if (strlen(input_N)) {
647 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0);
648 }
649 if (strlen(input_E)) {
650 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0);
651 }
652 if (strlen(input_D)) {
653 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0);
654 }
655#if !defined(MBEDTLS_RSA_NO_CRT)
656 if (strlen(input_DP)) {
657 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0);
658 }
659 if (strlen(input_DQ)) {
660 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0);
661 }
662 if (strlen(input_QP)) {
663 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0);
664 }
665#else
666 ((void) input_DP);
667 ((void) input_DQ);
668 ((void) input_QP);
669#endif
670
671 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result);
672
673exit:
674 mbedtls_rsa_free(&ctx);
675}
676/* END_CASE */
677
678/* BEGIN_CASE */
679void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub,
680 char *input_P, char *input_Q, char *input_N,
681 char *input_E, char *input_D, char *input_DP,
682 char *input_DQ, char *input_QP, int result)
683{
684 mbedtls_rsa_context pub, prv;
685
686 mbedtls_rsa_init(&pub);
687 mbedtls_rsa_init(&prv);
688
689 pub.len = mod / 8;
690 prv.len = mod / 8;
691
692 if (strlen(input_Npub)) {
693 TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0);
694 }
695 if (strlen(input_Epub)) {
696 TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0);
697 }
698
699 if (strlen(input_P)) {
700 TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0);
701 }
702 if (strlen(input_Q)) {
703 TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0);
704 }
705 if (strlen(input_N)) {
706 TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0);
707 }
708 if (strlen(input_E)) {
709 TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0);
710 }
711 if (strlen(input_D)) {
712 TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0);
713 }
714#if !defined(MBEDTLS_RSA_NO_CRT)
715 if (strlen(input_DP)) {
716 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0);
717 }
718 if (strlen(input_DQ)) {
719 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0);
720 }
721 if (strlen(input_QP)) {
722 TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0);
723 }
724#else
725 ((void) input_DP);
726 ((void) input_DQ);
727 ((void) input_QP);
728#endif
729
730 TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result);
731
732exit:
733 mbedtls_rsa_free(&pub);
734 mbedtls_rsa_free(&prv);
735}
736/* END_CASE */
737
738/* BEGIN_CASE */
739void mbedtls_rsa_gen_key(int nrbits, int exponent, int result)
740{
741 mbedtls_rsa_context ctx;
742 mbedtls_rsa_init(&ctx);
743
744 /* This test uses an insecure RNG, suitable only for testing.
745 * In production, always use a cryptographically strong RNG! */
746 TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits,
747 exponent) == result);
748 if (result == 0) {
749 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
750 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0);
751 }
752
753exit:
754 mbedtls_rsa_free(&ctx);
755}
756/* END_CASE */
757
758/* BEGIN_CASE */
759void mbedtls_rsa_deduce_primes(char *input_N,
760 char *input_D,
761 char *input_E,
762 char *output_P,
763 char *output_Q,
764 int corrupt, int result)
765{
766 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
767
768 mbedtls_mpi_init(&N);
769 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
770 mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp);
771 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
772
773 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
774 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
775 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
776 TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0);
777 TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0);
778
779 if (corrupt) {
780 TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0);
781 }
782
783 /* Try to deduce P, Q from N, D, E only. */
784 TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result);
785
786 if (!corrupt) {
787 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
788 TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) ||
789 (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0));
790 }
791
792exit:
793 mbedtls_mpi_free(&N);
794 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
795 mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp);
796 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
797}
798/* END_CASE */
799
800/* BEGIN_CASE */
801void mbedtls_rsa_deduce_private_exponent(char *input_P,
802 char *input_Q,
803 char *input_E,
804 char *output_D,
805 int corrupt, int result)
806{
807 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
808
809 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
810 mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp);
811 mbedtls_mpi_init(&E);
812 mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp);
813
814 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
815 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
816 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
817 TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0);
818
819 if (corrupt) {
820 /* Make E even */
821 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0);
822 }
823
824 /* Try to deduce D from N, P, Q, E. */
825 TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q,
826 &E, &D) == result);
827
828 if (!corrupt) {
829 /*
830 * Check that D and Dp agree modulo LCM(P-1, Q-1).
831 */
832
833 /* Replace P,Q by P-1, Q-1 */
834 TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0);
835 TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0);
836
837 /* Check D == Dp modulo P-1 */
838 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0);
839 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0);
840 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
841
842 /* Check D == Dp modulo Q-1 */
843 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0);
844 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0);
845 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
846 }
847
848exit:
849
850 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
851 mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp);
852 mbedtls_mpi_free(&E);
853 mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp);
854}
855/* END_CASE */
856
857/* BEGIN_CASE */
858void mbedtls_rsa_import(char *input_N,
859 char *input_P,
860 char *input_Q,
861 char *input_D,
862 char *input_E,
863 int bitlen,
864 int successive,
865 int is_priv,
866 int res_check,
867 int res_complete)
868{
869 mbedtls_mpi N, P, Q, D, E;
870 mbedtls_rsa_context ctx;
871
872 /* Buffers used for encryption-decryption test */
873 unsigned char *buf_orig = NULL;
874 unsigned char *buf_enc = NULL;
875 unsigned char *buf_dec = NULL;
876
877 const int have_N = (strlen(input_N) > 0);
878 const int have_P = (strlen(input_P) > 0);
879 const int have_Q = (strlen(input_Q) > 0);
880 const int have_D = (strlen(input_D) > 0);
881 const int have_E = (strlen(input_E) > 0);
882
883 mbedtls_rsa_init(&ctx);
884
885 mbedtls_mpi_init(&N);
886 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
887 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
888
889 if (have_N) {
890 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
891 }
892
893 if (have_P) {
894 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
895 }
896
897 if (have_Q) {
898 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
899 }
900
901 if (have_D) {
902 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
903 }
904
905 if (have_E) {
906 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
907 }
908
909 if (!successive) {
910 TEST_ASSERT(mbedtls_rsa_import(&ctx,
911 have_N ? &N : NULL,
912 have_P ? &P : NULL,
913 have_Q ? &Q : NULL,
914 have_D ? &D : NULL,
915 have_E ? &E : NULL) == 0);
916 } else {
917 /* Import N, P, Q, D, E separately.
918 * This should make no functional difference. */
919
920 TEST_ASSERT(mbedtls_rsa_import(&ctx,
921 have_N ? &N : NULL,
922 NULL, NULL, NULL, NULL) == 0);
923
924 TEST_ASSERT(mbedtls_rsa_import(&ctx,
925 NULL,
926 have_P ? &P : NULL,
927 NULL, NULL, NULL) == 0);
928
929 TEST_ASSERT(mbedtls_rsa_import(&ctx,
930 NULL, NULL,
931 have_Q ? &Q : NULL,
932 NULL, NULL) == 0);
933
934 TEST_ASSERT(mbedtls_rsa_import(&ctx,
935 NULL, NULL, NULL,
936 have_D ? &D : NULL,
937 NULL) == 0);
938
939 TEST_ASSERT(mbedtls_rsa_import(&ctx,
940 NULL, NULL, NULL, NULL,
941 have_E ? &E : NULL) == 0);
942 }
943
944 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
945
946 /* On expected success, perform some public and private
947 * key operations to check if the key is working properly. */
948 if (res_complete == 0) {
949 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen);
950 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8);
951
952 if (is_priv) {
953 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
954 } else {
955 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
956 }
957
958 if (res_check != 0) {
959 goto exit;
960 }
961
962 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
963 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
964 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
965 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
966 goto exit;
967 }
968
969 /* This test uses an insecure RNG, suitable only for testing.
970 * In production, always use a cryptographically strong RNG! */
971 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL,
972 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
973
974 /* Make sure the number we're generating is smaller than the modulus */
975 buf_orig[0] = 0x00;
976
977 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
978
979 if (is_priv) {
980 /* This test uses an insecure RNG, suitable only for testing.
981 * In production, always use a cryptographically strong RNG! */
982 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand,
983 NULL, buf_enc,
984 buf_dec) == 0);
985
986 TEST_ASSERT(memcmp(buf_orig, buf_dec,
987 mbedtls_rsa_get_len(&ctx)) == 0);
988 }
989 }
990
991exit:
992
993 mbedtls_free(buf_orig);
994 mbedtls_free(buf_enc);
995 mbedtls_free(buf_dec);
996
997 mbedtls_rsa_free(&ctx);
998
999 mbedtls_mpi_free(&N);
1000 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1001 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
1002}
1003/* END_CASE */
1004
1005/* BEGIN_CASE */
1006void mbedtls_rsa_export(char *input_N,
1007 char *input_P,
1008 char *input_Q,
1009 char *input_D,
1010 char *input_E,
1011 int is_priv,
1012 int successive)
1013{
1014 /* Original MPI's with which we set up the RSA context */
1015 mbedtls_mpi N, P, Q, D, E;
1016
1017 /* Exported MPI's */
1018 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1019
1020 const int have_N = (strlen(input_N) > 0);
1021 const int have_P = (strlen(input_P) > 0);
1022 const int have_Q = (strlen(input_Q) > 0);
1023 const int have_D = (strlen(input_D) > 0);
1024 const int have_E = (strlen(input_E) > 0);
1025
1026 mbedtls_rsa_context ctx;
1027
1028 mbedtls_rsa_init(&ctx);
1029
1030 mbedtls_mpi_init(&N);
1031 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1032 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
1033
1034 mbedtls_mpi_init(&Ne);
1035 mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe);
1036 mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee);
1037
1038 /* Setup RSA context */
1039
1040 if (have_N) {
1041 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1042 }
1043
1044 if (have_P) {
1045 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1046 }
1047
1048 if (have_Q) {
1049 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1050 }
1051
1052 if (have_D) {
1053 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1054 }
1055
1056 if (have_E) {
1057 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1058 }
1059
1060 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1061 strlen(input_N) ? &N : NULL,
1062 strlen(input_P) ? &P : NULL,
1063 strlen(input_Q) ? &Q : NULL,
1064 strlen(input_D) ? &D : NULL,
1065 strlen(input_E) ? &E : NULL) == 0);
1066
1067 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
1068
1069 /*
1070 * Export parameters and compare to original ones.
1071 */
1072
1073 /* N and E must always be present. */
1074 if (!successive) {
1075 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0);
1076 } else {
1077 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0);
1078 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0);
1079 }
1080 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0);
1081 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0);
1082
1083 /* If we were providing enough information to setup a complete private context,
1084 * we expect to be able to export all core parameters. */
1085
1086 if (is_priv) {
1087 if (!successive) {
1088 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe,
1089 &De, NULL) == 0);
1090 } else {
1091 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL,
1092 NULL, NULL) == 0);
1093 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe,
1094 NULL, NULL) == 0);
1095 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL,
1096 &De, NULL) == 0);
1097 }
1098
1099 if (have_P) {
1100 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0);
1101 }
1102
1103 if (have_Q) {
1104 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0);
1105 }
1106
1107 if (have_D) {
1108 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0);
1109 }
1110
1111 /* While at it, perform a sanity check */
1112 TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee,
1113 NULL, NULL) == 0);
1114 }
1115
1116exit:
1117
1118 mbedtls_rsa_free(&ctx);
1119
1120 mbedtls_mpi_free(&N);
1121 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1122 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
1123
1124 mbedtls_mpi_free(&Ne);
1125 mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe);
1126 mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee);
1127}
1128/* END_CASE */
1129
1130/* BEGIN_CASE */
1131void mbedtls_rsa_validate_params(char *input_N,
1132 char *input_P,
1133 char *input_Q,
1134 char *input_D,
1135 char *input_E,
1136 int prng, int result)
1137{
1138 /* Original MPI's with which we set up the RSA context */
1139 mbedtls_mpi N, P, Q, D, E;
1140
1141 const int have_N = (strlen(input_N) > 0);
1142 const int have_P = (strlen(input_P) > 0);
1143 const int have_Q = (strlen(input_Q) > 0);
1144 const int have_D = (strlen(input_D) > 0);
1145 const int have_E = (strlen(input_E) > 0);
1146
1147 mbedtls_mpi_init(&N);
1148 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1149 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
1150
1151 if (have_N) {
1152 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1153 }
1154
1155 if (have_P) {
1156 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1157 }
1158
1159 if (have_Q) {
1160 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1161 }
1162
1163 if (have_D) {
1164 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1165 }
1166
1167 if (have_E) {
1168 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1169 }
1170
1171 /* This test uses an insecure RNG, suitable only for testing.
1172 * In production, always use a cryptographically strong RNG! */
1173 TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL,
1174 have_P ? &P : NULL,
1175 have_Q ? &Q : NULL,
1176 have_D ? &D : NULL,
1177 have_E ? &E : NULL,
1178 prng ? mbedtls_test_rnd_std_rand : NULL,
1179 prng ? NULL : NULL) == result);
1180
1181exit:
1182 mbedtls_mpi_free(&N);
1183 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1184 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
1185}
1186/* END_CASE */
1187
1188/* BEGIN_CASE */
1189void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P,
1190 data_t *input_Q, data_t *input_D,
1191 data_t *input_E, int is_priv,
1192 int successive)
1193{
1194 /* Exported buffers */
1195 unsigned char bufNe[256];
1196 unsigned char bufPe[128];
1197 unsigned char bufQe[128];
1198 unsigned char bufDe[256];
1199 unsigned char bufEe[1];
1200
1201 mbedtls_rsa_context ctx;
1202
1203 mbedtls_rsa_init(&ctx);
1204
1205 /* Setup RSA context */
1206 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1207 input_N->len ? input_N->x : NULL, input_N->len,
1208 input_P->len ? input_P->x : NULL, input_P->len,
1209 input_Q->len ? input_Q->x : NULL, input_Q->len,
1210 input_D->len ? input_D->x : NULL, input_D->len,
1211 input_E->len ? input_E->x : NULL, input_E->len) == 0);
1212
1213 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
1214
1215 /*
1216 * Export parameters and compare to original ones.
1217 */
1218
1219 /* N and E must always be present. */
1220 if (!successive) {
1221 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1222 NULL, 0, NULL, 0, NULL, 0,
1223 bufEe, input_E->len) == 0);
1224 } else {
1225 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1226 NULL, 0, NULL, 0, NULL, 0,
1227 NULL, 0) == 0);
1228 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1229 NULL, 0, NULL, 0, NULL, 0,
1230 bufEe, input_E->len) == 0);
1231 }
1232 TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0);
1233 TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0);
1234
1235 /* If we were providing enough information to setup a complete private context,
1236 * we expect to be able to export all core parameters. */
1237
1238 if (is_priv) {
1239 if (!successive) {
1240 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1241 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1242 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1243 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1244 NULL, 0) == 0);
1245 } else {
1246 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1247 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1248 NULL, 0, NULL, 0,
1249 NULL, 0) == 0);
1250
1251 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0,
1252 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1253 NULL, 0, NULL, 0) == 0);
1254
1255 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0,
1256 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1257 NULL, 0) == 0);
1258 }
1259
1260 if (input_P->len) {
1261 TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0);
1262 }
1263
1264 if (input_Q->len) {
1265 TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0);
1266 }
1267
1268 if (input_D->len) {
1269 TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0);
1270 }
1271
1272 }
1273
1274exit:
1275 mbedtls_rsa_free(&ctx);
1276}
1277/* END_CASE */
1278
1279/* BEGIN_CASE */
1280void mbedtls_rsa_import_raw(data_t *input_N,
1281 data_t *input_P, data_t *input_Q,
1282 data_t *input_D, data_t *input_E,
1283 int successive,
1284 int is_priv,
1285 int res_check,
1286 int res_complete)
1287{
1288 /* Buffers used for encryption-decryption test */
1289 unsigned char *buf_orig = NULL;
1290 unsigned char *buf_enc = NULL;
1291 unsigned char *buf_dec = NULL;
1292
1293 mbedtls_rsa_context ctx;
1294
1295 mbedtls_rsa_init(&ctx);
1296
1297 if (!successive) {
1298 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1299 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1300 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1301 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1302 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1303 (input_E->len > 0) ? input_E->x : NULL,
1304 input_E->len) == 0);
1305 } else {
1306 /* Import N, P, Q, D, E separately.
1307 * This should make no functional difference. */
1308
1309 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1310 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1311 NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0);
1312
1313 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1314 NULL, 0,
1315 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1316 NULL, 0, NULL, 0, NULL, 0) == 0);
1317
1318 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1319 NULL, 0, NULL, 0,
1320 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1321 NULL, 0, NULL, 0) == 0);
1322
1323 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1324 NULL, 0, NULL, 0, NULL, 0,
1325 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1326 NULL, 0) == 0);
1327
1328 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1329 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1330 (input_E->len > 0) ? input_E->x : NULL,
1331 input_E->len) == 0);
1332 }
1333
1334 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
1335
1336 /* On expected success, perform some public and private
1337 * key operations to check if the key is working properly. */
1338 if (res_complete == 0) {
1339 if (is_priv) {
1340 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
1341 } else {
1342 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
1343 }
1344
1345 if (res_check != 0) {
1346 goto exit;
1347 }
1348
1349 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1350 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1351 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1352 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
1353 goto exit;
1354 }
1355
1356 /* This test uses an insecure RNG, suitable only for testing.
1357 * In production, always use a cryptographically strong RNG! */
1358 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL,
1359 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
1360
1361 /* Make sure the number we're generating is smaller than the modulus */
1362 buf_orig[0] = 0x00;
1363
1364 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
1365
1366 if (is_priv) {
1367 /* This test uses an insecure RNG, suitable only for testing.
1368 * In production, always use a cryptographically strong RNG! */
1369 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand,
1370 NULL, buf_enc,
1371 buf_dec) == 0);
1372
1373 TEST_ASSERT(memcmp(buf_orig, buf_dec,
1374 mbedtls_rsa_get_len(&ctx)) == 0);
1375 }
1376 }
1377
1378exit:
1379
1380 mbedtls_free(buf_orig);
1381 mbedtls_free(buf_enc);
1382 mbedtls_free(buf_dec);
1383
1384 mbedtls_rsa_free(&ctx);
1385}
1386/* END_CASE */
1387
1388/* BEGIN_CASE */
1389void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val)
1390{
1391 mbedtls_rsa_context rsa_ctx;
1392
1393 mbedtls_rsa_init(&rsa_ctx);
1394
1395 if (is_public) {
1396 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val);
1397 } else {
1398 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val);
1399 }
1400
1401exit:
1402 mbedtls_rsa_free(&rsa_ctx);
1403}
1404/* END_CASE */
1405
1406/* BEGIN_CASE */
1407void rsa_parse_write_pkcs1_key(int is_public, data_t *input)
1408{
1409 mbedtls_rsa_context rsa_ctx;
1410 unsigned char *output_buf = NULL;
1411 unsigned char *output_end, *output_p;
1412 size_t output_len;
1413
1414 mbedtls_rsa_init(&rsa_ctx);
1415
1416 TEST_CALLOC(output_buf, input->len);
1417 output_end = output_buf + input->len;
1418 output_p = output_end;
1419
1420 /* Parse the key and write it back to output_buf. */
1421 if (is_public) {
1422 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0);
1423 TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len);
1424 } else {
1425 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0);
1426 TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len);
1427 }
1428 output_len = output_end - output_p;
1429
1430 /* Check that the written key matches with the one provided in input. */
1431 TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len);
1432
1433exit:
1434 mbedtls_free(output_buf);
1435 mbedtls_rsa_free(&rsa_ctx);
1436}
1437/* END_CASE */
1438
1439/* BEGIN_CASE */
1440void rsa_key_write_incremental(int is_public, data_t *input)
1441{
1442 mbedtls_rsa_context rsa_ctx;
1443 unsigned char *buf = NULL, *end, *p;
1444 size_t i, written_data;
1445
1446 mbedtls_rsa_init(&rsa_ctx);
1447
1448 /* This is supposed to succeed as the real target of this test are the
1449 * write attempt below. */
1450 if (is_public) {
1451 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0);
1452 } else {
1453 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0);
1454 }
1455
1456 /* Test with an output buffer smaller than required. */
1457 for (i = 1; i < input->len; i++) {
1458 TEST_CALLOC(buf, i);
1459 end = buf + i;
1460 p = end;
1461 /* We don't care much about the return value as long as it fails. */
1462 if (is_public) {
1463 TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0);
1464 } else {
1465 TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0);
1466 }
1467 mbedtls_free(buf);
1468 buf = NULL;
1469 }
1470
1471 /* Test with an output buffer equal or larger than what it is strictly required. */
1472 for (i = input->len; i < (2 * input->len); i++) {
1473 TEST_CALLOC(buf, i);
1474 end = buf + i;
1475 p = end;
1476 /* This time all write functions must succeed. */
1477 if (is_public) {
1478 TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0);
1479 } else {
1480 TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0);
1481 }
1482 written_data = (end - p);
1483 TEST_MEMORY_COMPARE(p, written_data, input->x, input->len);
1484 mbedtls_free(buf);
1485 buf = NULL;
1486 }
1487
1488exit:
1489 mbedtls_free(buf);
1490 mbedtls_rsa_free(&rsa_ctx);
1491}
1492/* END_CASE */
1493
1494/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
1495void rsa_selftest()
1496{
1497 MD_PSA_INIT();
1498 TEST_ASSERT(mbedtls_rsa_self_test(1) == 0);
1499
1500exit:
1501 MD_PSA_DONE();
1502}
1503/* END_CASE */