1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/rsa.h" 3*62c56f98SSadaf Ebrahimi#include "rsa_alt_helpers.h" 4*62c56f98SSadaf Ebrahimi/* END_HEADER */ 5*62c56f98SSadaf Ebrahimi 6*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 7*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 8*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 9*62c56f98SSadaf Ebrahimi */ 10*62c56f98SSadaf Ebrahimi 11*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 12*62c56f98SSadaf Ebrahimivoid rsa_invalid_param() 13*62c56f98SSadaf Ebrahimi{ 14*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 15*62c56f98SSadaf Ebrahimi const int invalid_padding = 42; 16*62c56f98SSadaf Ebrahimi const int invalid_hash_id = 0xff; 17*62c56f98SSadaf Ebrahimi unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; 18*62c56f98SSadaf Ebrahimi size_t buf_len = sizeof(buf); 19*62c56f98SSadaf Ebrahimi 20*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 21*62c56f98SSadaf Ebrahimi 22*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 23*62c56f98SSadaf Ebrahimi invalid_padding, 24*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE), 25*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_INVALID_PADDING); 26*62c56f98SSadaf Ebrahimi 27*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 28*62c56f98SSadaf Ebrahimi MBEDTLS_RSA_PKCS_V21, 29*62c56f98SSadaf Ebrahimi invalid_hash_id), 30*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_INVALID_PADDING); 31*62c56f98SSadaf Ebrahimi 32*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 33*62c56f98SSadaf Ebrahimi NULL, MBEDTLS_MD_NONE, 34*62c56f98SSadaf Ebrahimi buf_len, 35*62c56f98SSadaf Ebrahimi NULL, buf), 36*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 37*62c56f98SSadaf Ebrahimi 38*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 39*62c56f98SSadaf Ebrahimi NULL, MBEDTLS_MD_SHA256, 40*62c56f98SSadaf Ebrahimi 0, 41*62c56f98SSadaf Ebrahimi NULL, buf), 42*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 43*62c56f98SSadaf Ebrahimi 44*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, 45*62c56f98SSadaf Ebrahimi buf_len, 46*62c56f98SSadaf Ebrahimi NULL, buf), 47*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 48*62c56f98SSadaf Ebrahimi 49*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, 50*62c56f98SSadaf Ebrahimi 0, 51*62c56f98SSadaf Ebrahimi NULL, buf), 52*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 53*62c56f98SSadaf Ebrahimi 54*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_PKCS1_V15) 55*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 56*62c56f98SSadaf Ebrahimi MBEDTLS_RSA_PKCS_V15, 57*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE), 58*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_INVALID_PADDING); 59*62c56f98SSadaf Ebrahimi#endif 60*62c56f98SSadaf Ebrahimi 61*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_PKCS1_V15) 62*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 63*62c56f98SSadaf Ebrahimi NULL, MBEDTLS_MD_NONE, 64*62c56f98SSadaf Ebrahimi buf_len, 65*62c56f98SSadaf Ebrahimi NULL, buf), 66*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 67*62c56f98SSadaf Ebrahimi 68*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 69*62c56f98SSadaf Ebrahimi NULL, MBEDTLS_MD_SHA256, 70*62c56f98SSadaf Ebrahimi 0, 71*62c56f98SSadaf Ebrahimi NULL, buf), 72*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 73*62c56f98SSadaf Ebrahimi 74*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, 75*62c56f98SSadaf Ebrahimi buf_len, 76*62c56f98SSadaf Ebrahimi NULL, buf), 77*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, 80*62c56f98SSadaf Ebrahimi 0, 81*62c56f98SSadaf Ebrahimi NULL, buf), 82*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 83*62c56f98SSadaf Ebrahimi 84*62c56f98SSadaf Ebrahimi 85*62c56f98SSadaf Ebrahimi#endif 86*62c56f98SSadaf Ebrahimi 87*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_PKCS1_V21) 88*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 89*62c56f98SSadaf Ebrahimi MBEDTLS_RSA_PKCS_V21, 90*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE), 91*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_INVALID_PADDING); 92*62c56f98SSadaf Ebrahimi#endif 93*62c56f98SSadaf Ebrahimi 94*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_PKCS1_V21) 95*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 96*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE, buf_len, 97*62c56f98SSadaf Ebrahimi NULL, buf_len, 98*62c56f98SSadaf Ebrahimi buf), 99*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 100*62c56f98SSadaf Ebrahimi 101*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 102*62c56f98SSadaf Ebrahimi MBEDTLS_MD_SHA256, 0, 103*62c56f98SSadaf Ebrahimi NULL, buf_len, 104*62c56f98SSadaf Ebrahimi buf), 105*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 106*62c56f98SSadaf Ebrahimi 107*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, 108*62c56f98SSadaf Ebrahimi buf_len, NULL, 109*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE, 110*62c56f98SSadaf Ebrahimi buf_len, buf), 111*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 112*62c56f98SSadaf Ebrahimi 113*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, 114*62c56f98SSadaf Ebrahimi 0, NULL, 115*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE, 116*62c56f98SSadaf Ebrahimi buf_len, buf), 117*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 118*62c56f98SSadaf Ebrahimi 119*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, 120*62c56f98SSadaf Ebrahimi buf_len, 121*62c56f98SSadaf Ebrahimi NULL, buf), 122*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 123*62c56f98SSadaf Ebrahimi 124*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, 125*62c56f98SSadaf Ebrahimi 0, 126*62c56f98SSadaf Ebrahimi NULL, buf), 127*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 128*62c56f98SSadaf Ebrahimi#endif 129*62c56f98SSadaf Ebrahimi 130*62c56f98SSadaf Ebrahimiexit: 131*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 132*62c56f98SSadaf Ebrahimi} 133*62c56f98SSadaf Ebrahimi/* END_CASE */ 134*62c56f98SSadaf Ebrahimi 135*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 136*62c56f98SSadaf Ebrahimivoid rsa_init_free(int reinit) 137*62c56f98SSadaf Ebrahimi{ 138*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 139*62c56f98SSadaf Ebrahimi 140*62c56f98SSadaf Ebrahimi /* Double free is not explicitly documented to work, but we rely on it 141*62c56f98SSadaf Ebrahimi * even inside the library so that you can call mbedtls_rsa_free() 142*62c56f98SSadaf Ebrahimi * unconditionally on an error path without checking whether it has 143*62c56f98SSadaf Ebrahimi * already been called in the success path. */ 144*62c56f98SSadaf Ebrahimi 145*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 146*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 147*62c56f98SSadaf Ebrahimi 148*62c56f98SSadaf Ebrahimi if (reinit) { 149*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 150*62c56f98SSadaf Ebrahimi } 151*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 152*62c56f98SSadaf Ebrahimi 153*62c56f98SSadaf Ebrahimi /* This test case always succeeds, functionally speaking. A plausible 154*62c56f98SSadaf Ebrahimi * bug might trigger an invalid pointer dereference or a memory leak. */ 155*62c56f98SSadaf Ebrahimi goto exit; 156*62c56f98SSadaf Ebrahimi} 157*62c56f98SSadaf Ebrahimi/* END_CASE */ 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 160*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, 161*62c56f98SSadaf Ebrahimi int digest, int mod, char *input_P, 162*62c56f98SSadaf Ebrahimi char *input_Q, char *input_N, char *input_E, 163*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 164*62c56f98SSadaf Ebrahimi{ 165*62c56f98SSadaf Ebrahimi unsigned char output[256]; 166*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 167*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, E; 168*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 169*62c56f98SSadaf Ebrahimi 170*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 171*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 172*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 173*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 174*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 175*62c56f98SSadaf Ebrahimi 176*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 177*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 178*62c56f98SSadaf Ebrahimi 179*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 180*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 181*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 182*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 183*62c56f98SSadaf Ebrahimi 184*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 185*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 186*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 187*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 188*62c56f98SSadaf Ebrahimi 189*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 190*62c56f98SSadaf Ebrahimi &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, 191*62c56f98SSadaf Ebrahimi digest, message_str->len, message_str->x, 192*62c56f98SSadaf Ebrahimi output) == result); 193*62c56f98SSadaf Ebrahimi if (result == 0) { 194*62c56f98SSadaf Ebrahimi 195*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 196*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 197*62c56f98SSadaf Ebrahimi } 198*62c56f98SSadaf Ebrahimi 199*62c56f98SSadaf Ebrahimiexit: 200*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 201*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 202*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 203*62c56f98SSadaf Ebrahimi} 204*62c56f98SSadaf Ebrahimi/* END_CASE */ 205*62c56f98SSadaf Ebrahimi 206*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 207*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, 208*62c56f98SSadaf Ebrahimi int digest, int mod, 209*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, 210*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 211*62c56f98SSadaf Ebrahimi{ 212*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 213*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 214*62c56f98SSadaf Ebrahimi 215*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 216*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 217*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 218*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 219*62c56f98SSadaf Ebrahimi 220*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 221*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 222*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 223*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 224*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 225*62c56f98SSadaf Ebrahimi 226*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, 227*62c56f98SSadaf Ebrahimi result_str->x) == result); 228*62c56f98SSadaf Ebrahimi 229*62c56f98SSadaf Ebrahimiexit: 230*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 231*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 232*62c56f98SSadaf Ebrahimi} 233*62c56f98SSadaf Ebrahimi/* END_CASE */ 234*62c56f98SSadaf Ebrahimi 235*62c56f98SSadaf Ebrahimi 236*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 237*62c56f98SSadaf Ebrahimivoid rsa_pkcs1_sign_raw(data_t *hash_result, 238*62c56f98SSadaf Ebrahimi int padding_mode, int mod, 239*62c56f98SSadaf Ebrahimi char *input_P, char *input_Q, 240*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, 241*62c56f98SSadaf Ebrahimi data_t *result_str) 242*62c56f98SSadaf Ebrahimi{ 243*62c56f98SSadaf Ebrahimi unsigned char output[256]; 244*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 245*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, E; 246*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 247*62c56f98SSadaf Ebrahimi 248*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 249*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 250*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 251*62c56f98SSadaf Ebrahimi 252*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 253*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 254*62c56f98SSadaf Ebrahimi 255*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 256*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 257*62c56f98SSadaf Ebrahimi 258*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 259*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 260*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 261*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 262*62c56f98SSadaf Ebrahimi 263*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 264*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 265*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 266*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 267*62c56f98SSadaf Ebrahimi 268*62c56f98SSadaf Ebrahimi 269*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, 270*62c56f98SSadaf Ebrahimi &rnd_info, MBEDTLS_MD_NONE, 271*62c56f98SSadaf Ebrahimi hash_result->len, 272*62c56f98SSadaf Ebrahimi hash_result->x, output) == 0); 273*62c56f98SSadaf Ebrahimi 274*62c56f98SSadaf Ebrahimi 275*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 276*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 277*62c56f98SSadaf Ebrahimi 278*62c56f98SSadaf Ebrahimiexit: 279*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 280*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 281*62c56f98SSadaf Ebrahimi 282*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 283*62c56f98SSadaf Ebrahimi} 284*62c56f98SSadaf Ebrahimi/* END_CASE */ 285*62c56f98SSadaf Ebrahimi 286*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 287*62c56f98SSadaf Ebrahimivoid rsa_pkcs1_verify_raw(data_t *hash_result, 288*62c56f98SSadaf Ebrahimi int padding_mode, int mod, 289*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, 290*62c56f98SSadaf Ebrahimi data_t *result_str, int correct) 291*62c56f98SSadaf Ebrahimi{ 292*62c56f98SSadaf Ebrahimi unsigned char output[256]; 293*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 294*62c56f98SSadaf Ebrahimi 295*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 296*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 297*62c56f98SSadaf Ebrahimi 298*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 299*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 300*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 301*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 302*62c56f98SSadaf Ebrahimi 303*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 304*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 305*62c56f98SSadaf Ebrahimi 306*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 307*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 308*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 309*62c56f98SSadaf Ebrahimi 310*62c56f98SSadaf Ebrahimi 311*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, 312*62c56f98SSadaf Ebrahimi result_str->x) == correct); 313*62c56f98SSadaf Ebrahimi 314*62c56f98SSadaf Ebrahimiexit: 315*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 316*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 317*62c56f98SSadaf Ebrahimi} 318*62c56f98SSadaf Ebrahimi/* END_CASE */ 319*62c56f98SSadaf Ebrahimi 320*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 321*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, 322*62c56f98SSadaf Ebrahimi int mod, char *input_N, char *input_E, 323*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 324*62c56f98SSadaf Ebrahimi{ 325*62c56f98SSadaf Ebrahimi unsigned char output[256]; 326*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 327*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 328*62c56f98SSadaf Ebrahimi 329*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 330*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 331*62c56f98SSadaf Ebrahimi 332*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 333*62c56f98SSadaf Ebrahimi 334*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 335*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 336*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 337*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 338*62c56f98SSadaf Ebrahimi 339*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 340*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 341*62c56f98SSadaf Ebrahimi 342*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 343*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 344*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 345*62c56f98SSadaf Ebrahimi 346*62c56f98SSadaf Ebrahimi 347*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 348*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 349*62c56f98SSadaf Ebrahimi &rnd_info, message_str->len, 350*62c56f98SSadaf Ebrahimi message_str->x, 351*62c56f98SSadaf Ebrahimi output) == result); 352*62c56f98SSadaf Ebrahimi if (result == 0) { 353*62c56f98SSadaf Ebrahimi 354*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 355*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 356*62c56f98SSadaf Ebrahimi } 357*62c56f98SSadaf Ebrahimi 358*62c56f98SSadaf Ebrahimiexit: 359*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 360*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 361*62c56f98SSadaf Ebrahimi} 362*62c56f98SSadaf Ebrahimi/* END_CASE */ 363*62c56f98SSadaf Ebrahimi 364*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 365*62c56f98SSadaf Ebrahimivoid rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, 366*62c56f98SSadaf Ebrahimi int mod, char *input_N, char *input_E, 367*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 368*62c56f98SSadaf Ebrahimi{ 369*62c56f98SSadaf Ebrahimi unsigned char output[256]; 370*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 371*62c56f98SSadaf Ebrahimi 372*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 373*62c56f98SSadaf Ebrahimi 374*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 375*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 376*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 377*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 378*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 379*62c56f98SSadaf Ebrahimi 380*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 381*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 382*62c56f98SSadaf Ebrahimi 383*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 384*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 385*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 386*62c56f98SSadaf Ebrahimi 387*62c56f98SSadaf Ebrahimi 388*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand, 389*62c56f98SSadaf Ebrahimi NULL, message_str->len, 390*62c56f98SSadaf Ebrahimi message_str->x, 391*62c56f98SSadaf Ebrahimi output) == result); 392*62c56f98SSadaf Ebrahimi if (result == 0) { 393*62c56f98SSadaf Ebrahimi 394*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 395*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 396*62c56f98SSadaf Ebrahimi } 397*62c56f98SSadaf Ebrahimi 398*62c56f98SSadaf Ebrahimiexit: 399*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 400*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 401*62c56f98SSadaf Ebrahimi} 402*62c56f98SSadaf Ebrahimi/* END_CASE */ 403*62c56f98SSadaf Ebrahimi 404*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 405*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, 406*62c56f98SSadaf Ebrahimi int mod, char *input_P, 407*62c56f98SSadaf Ebrahimi char *input_Q, char *input_N, 408*62c56f98SSadaf Ebrahimi char *input_E, int max_output, 409*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 410*62c56f98SSadaf Ebrahimi{ 411*62c56f98SSadaf Ebrahimi unsigned char output[32]; 412*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 413*62c56f98SSadaf Ebrahimi size_t output_len; 414*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 415*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, E; 416*62c56f98SSadaf Ebrahimi 417*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 418*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 419*62c56f98SSadaf Ebrahimi 420*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 421*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 422*62c56f98SSadaf Ebrahimi MBEDTLS_MD_NONE) == 0); 423*62c56f98SSadaf Ebrahimi 424*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 425*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 426*62c56f98SSadaf Ebrahimi 427*62c56f98SSadaf Ebrahimi 428*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 429*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 430*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 431*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 432*62c56f98SSadaf Ebrahimi 433*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 434*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 435*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 436*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 437*62c56f98SSadaf Ebrahimi 438*62c56f98SSadaf Ebrahimi output_len = 0; 439*62c56f98SSadaf Ebrahimi 440*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand, 441*62c56f98SSadaf Ebrahimi &rnd_info, 442*62c56f98SSadaf Ebrahimi &output_len, message_str->x, output, 443*62c56f98SSadaf Ebrahimi max_output) == result); 444*62c56f98SSadaf Ebrahimi if (result == 0) { 445*62c56f98SSadaf Ebrahimi 446*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 447*62c56f98SSadaf Ebrahimi output_len, 448*62c56f98SSadaf Ebrahimi result_str->len) == 0); 449*62c56f98SSadaf Ebrahimi } 450*62c56f98SSadaf Ebrahimi 451*62c56f98SSadaf Ebrahimiexit: 452*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 453*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 454*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 455*62c56f98SSadaf Ebrahimi} 456*62c56f98SSadaf Ebrahimi/* END_CASE */ 457*62c56f98SSadaf Ebrahimi 458*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 459*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_public(data_t *message_str, int mod, 460*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, 461*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 462*62c56f98SSadaf Ebrahimi{ 463*62c56f98SSadaf Ebrahimi unsigned char output[256]; 464*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 465*62c56f98SSadaf Ebrahimi 466*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 467*62c56f98SSadaf Ebrahimi 468*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 469*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 470*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx2); 471*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 472*62c56f98SSadaf Ebrahimi 473*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 474*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 475*62c56f98SSadaf Ebrahimi 476*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 477*62c56f98SSadaf Ebrahimi 478*62c56f98SSadaf Ebrahimi /* Check test data consistency */ 479*62c56f98SSadaf Ebrahimi TEST_ASSERT(message_str->len == (size_t) (mod / 8)); 480*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 481*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 482*62c56f98SSadaf Ebrahimi 483*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); 484*62c56f98SSadaf Ebrahimi if (result == 0) { 485*62c56f98SSadaf Ebrahimi 486*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 487*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 488*62c56f98SSadaf Ebrahimi } 489*62c56f98SSadaf Ebrahimi 490*62c56f98SSadaf Ebrahimi /* And now with the copy */ 491*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 492*62c56f98SSadaf Ebrahimi /* clear the original to be sure */ 493*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 494*62c56f98SSadaf Ebrahimi 495*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0); 496*62c56f98SSadaf Ebrahimi 497*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 498*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result); 499*62c56f98SSadaf Ebrahimi if (result == 0) { 500*62c56f98SSadaf Ebrahimi 501*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 502*62c56f98SSadaf Ebrahimi ctx.len, result_str->len) == 0); 503*62c56f98SSadaf Ebrahimi } 504*62c56f98SSadaf Ebrahimi 505*62c56f98SSadaf Ebrahimiexit: 506*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 507*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 508*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx2); 509*62c56f98SSadaf Ebrahimi} 510*62c56f98SSadaf Ebrahimi/* END_CASE */ 511*62c56f98SSadaf Ebrahimi 512*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 513*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_private(data_t *message_str, int mod, 514*62c56f98SSadaf Ebrahimi char *input_P, char *input_Q, 515*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, 516*62c56f98SSadaf Ebrahimi data_t *result_str, int result) 517*62c56f98SSadaf Ebrahimi{ 518*62c56f98SSadaf Ebrahimi unsigned char output[256]; 519*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 520*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, E; 521*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 522*62c56f98SSadaf Ebrahimi int i; 523*62c56f98SSadaf Ebrahimi 524*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 525*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 526*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 527*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx2); 528*62c56f98SSadaf Ebrahimi 529*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 530*62c56f98SSadaf Ebrahimi 531*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 532*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 533*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 534*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 535*62c56f98SSadaf Ebrahimi 536*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 537*62c56f98SSadaf Ebrahimi 538*62c56f98SSadaf Ebrahimi /* Check test data consistency */ 539*62c56f98SSadaf Ebrahimi TEST_ASSERT(message_str->len == (size_t) (mod / 8)); 540*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 541*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 542*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 543*62c56f98SSadaf Ebrahimi 544*62c56f98SSadaf Ebrahimi /* repeat three times to test updating of blinding values */ 545*62c56f98SSadaf Ebrahimi for (i = 0; i < 3; i++) { 546*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 547*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand, 548*62c56f98SSadaf Ebrahimi &rnd_info, message_str->x, 549*62c56f98SSadaf Ebrahimi output) == result); 550*62c56f98SSadaf Ebrahimi if (result == 0) { 551*62c56f98SSadaf Ebrahimi 552*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 553*62c56f98SSadaf Ebrahimi ctx.len, 554*62c56f98SSadaf Ebrahimi result_str->len) == 0); 555*62c56f98SSadaf Ebrahimi } 556*62c56f98SSadaf Ebrahimi } 557*62c56f98SSadaf Ebrahimi 558*62c56f98SSadaf Ebrahimi /* And now one more time with the copy */ 559*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 560*62c56f98SSadaf Ebrahimi /* clear the original to be sure */ 561*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 562*62c56f98SSadaf Ebrahimi 563*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0); 564*62c56f98SSadaf Ebrahimi 565*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 566*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand, 567*62c56f98SSadaf Ebrahimi &rnd_info, message_str->x, 568*62c56f98SSadaf Ebrahimi output) == result); 569*62c56f98SSadaf Ebrahimi if (result == 0) { 570*62c56f98SSadaf Ebrahimi 571*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 572*62c56f98SSadaf Ebrahimi ctx2.len, 573*62c56f98SSadaf Ebrahimi result_str->len) == 0); 574*62c56f98SSadaf Ebrahimi } 575*62c56f98SSadaf Ebrahimi 576*62c56f98SSadaf Ebrahimiexit: 577*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 578*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 579*62c56f98SSadaf Ebrahimi 580*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2); 581*62c56f98SSadaf Ebrahimi} 582*62c56f98SSadaf Ebrahimi/* END_CASE */ 583*62c56f98SSadaf Ebrahimi 584*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 585*62c56f98SSadaf Ebrahimivoid rsa_check_privkey_null() 586*62c56f98SSadaf Ebrahimi{ 587*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 588*62c56f98SSadaf Ebrahimi memset(&ctx, 0x00, sizeof(mbedtls_rsa_context)); 589*62c56f98SSadaf Ebrahimi 590*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); 591*62c56f98SSadaf Ebrahimi} 592*62c56f98SSadaf Ebrahimi/* END_CASE */ 593*62c56f98SSadaf Ebrahimi 594*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 595*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result) 596*62c56f98SSadaf Ebrahimi{ 597*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 598*62c56f98SSadaf Ebrahimi mbedtls_mpi N, E; 599*62c56f98SSadaf Ebrahimi 600*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 601*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 602*62c56f98SSadaf Ebrahimi 603*62c56f98SSadaf Ebrahimi if (strlen(input_N)) { 604*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 605*62c56f98SSadaf Ebrahimi } 606*62c56f98SSadaf Ebrahimi if (strlen(input_E)) { 607*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 608*62c56f98SSadaf Ebrahimi } 609*62c56f98SSadaf Ebrahimi 610*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 611*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result); 612*62c56f98SSadaf Ebrahimi 613*62c56f98SSadaf Ebrahimiexit: 614*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 615*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 616*62c56f98SSadaf Ebrahimi} 617*62c56f98SSadaf Ebrahimi/* END_CASE */ 618*62c56f98SSadaf Ebrahimi 619*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 620*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q, 621*62c56f98SSadaf Ebrahimi char *input_N, char *input_E, char *input_D, 622*62c56f98SSadaf Ebrahimi char *input_DP, char *input_DQ, char *input_QP, 623*62c56f98SSadaf Ebrahimi int result) 624*62c56f98SSadaf Ebrahimi{ 625*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 626*62c56f98SSadaf Ebrahimi 627*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 628*62c56f98SSadaf Ebrahimi 629*62c56f98SSadaf Ebrahimi ctx.len = mod / 8; 630*62c56f98SSadaf Ebrahimi if (strlen(input_P)) { 631*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0); 632*62c56f98SSadaf Ebrahimi } 633*62c56f98SSadaf Ebrahimi if (strlen(input_Q)) { 634*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0); 635*62c56f98SSadaf Ebrahimi } 636*62c56f98SSadaf Ebrahimi if (strlen(input_N)) { 637*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0); 638*62c56f98SSadaf Ebrahimi } 639*62c56f98SSadaf Ebrahimi if (strlen(input_E)) { 640*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0); 641*62c56f98SSadaf Ebrahimi } 642*62c56f98SSadaf Ebrahimi if (strlen(input_D)) { 643*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0); 644*62c56f98SSadaf Ebrahimi } 645*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_RSA_NO_CRT) 646*62c56f98SSadaf Ebrahimi if (strlen(input_DP)) { 647*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0); 648*62c56f98SSadaf Ebrahimi } 649*62c56f98SSadaf Ebrahimi if (strlen(input_DQ)) { 650*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0); 651*62c56f98SSadaf Ebrahimi } 652*62c56f98SSadaf Ebrahimi if (strlen(input_QP)) { 653*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0); 654*62c56f98SSadaf Ebrahimi } 655*62c56f98SSadaf Ebrahimi#else 656*62c56f98SSadaf Ebrahimi ((void) input_DP); 657*62c56f98SSadaf Ebrahimi ((void) input_DQ); 658*62c56f98SSadaf Ebrahimi ((void) input_QP); 659*62c56f98SSadaf Ebrahimi#endif 660*62c56f98SSadaf Ebrahimi 661*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result); 662*62c56f98SSadaf Ebrahimi 663*62c56f98SSadaf Ebrahimiexit: 664*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 665*62c56f98SSadaf Ebrahimi} 666*62c56f98SSadaf Ebrahimi/* END_CASE */ 667*62c56f98SSadaf Ebrahimi 668*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 669*62c56f98SSadaf Ebrahimivoid rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub, 670*62c56f98SSadaf Ebrahimi char *input_P, char *input_Q, char *input_N, 671*62c56f98SSadaf Ebrahimi char *input_E, char *input_D, char *input_DP, 672*62c56f98SSadaf Ebrahimi char *input_DQ, char *input_QP, int result) 673*62c56f98SSadaf Ebrahimi{ 674*62c56f98SSadaf Ebrahimi mbedtls_rsa_context pub, prv; 675*62c56f98SSadaf Ebrahimi 676*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&pub); 677*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&prv); 678*62c56f98SSadaf Ebrahimi 679*62c56f98SSadaf Ebrahimi pub.len = mod / 8; 680*62c56f98SSadaf Ebrahimi prv.len = mod / 8; 681*62c56f98SSadaf Ebrahimi 682*62c56f98SSadaf Ebrahimi if (strlen(input_Npub)) { 683*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0); 684*62c56f98SSadaf Ebrahimi } 685*62c56f98SSadaf Ebrahimi if (strlen(input_Epub)) { 686*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0); 687*62c56f98SSadaf Ebrahimi } 688*62c56f98SSadaf Ebrahimi 689*62c56f98SSadaf Ebrahimi if (strlen(input_P)) { 690*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0); 691*62c56f98SSadaf Ebrahimi } 692*62c56f98SSadaf Ebrahimi if (strlen(input_Q)) { 693*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0); 694*62c56f98SSadaf Ebrahimi } 695*62c56f98SSadaf Ebrahimi if (strlen(input_N)) { 696*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0); 697*62c56f98SSadaf Ebrahimi } 698*62c56f98SSadaf Ebrahimi if (strlen(input_E)) { 699*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0); 700*62c56f98SSadaf Ebrahimi } 701*62c56f98SSadaf Ebrahimi if (strlen(input_D)) { 702*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0); 703*62c56f98SSadaf Ebrahimi } 704*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_RSA_NO_CRT) 705*62c56f98SSadaf Ebrahimi if (strlen(input_DP)) { 706*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0); 707*62c56f98SSadaf Ebrahimi } 708*62c56f98SSadaf Ebrahimi if (strlen(input_DQ)) { 709*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0); 710*62c56f98SSadaf Ebrahimi } 711*62c56f98SSadaf Ebrahimi if (strlen(input_QP)) { 712*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0); 713*62c56f98SSadaf Ebrahimi } 714*62c56f98SSadaf Ebrahimi#else 715*62c56f98SSadaf Ebrahimi ((void) input_DP); 716*62c56f98SSadaf Ebrahimi ((void) input_DQ); 717*62c56f98SSadaf Ebrahimi ((void) input_QP); 718*62c56f98SSadaf Ebrahimi#endif 719*62c56f98SSadaf Ebrahimi 720*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result); 721*62c56f98SSadaf Ebrahimi 722*62c56f98SSadaf Ebrahimiexit: 723*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&pub); 724*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&prv); 725*62c56f98SSadaf Ebrahimi} 726*62c56f98SSadaf Ebrahimi/* END_CASE */ 727*62c56f98SSadaf Ebrahimi 728*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 729*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_gen_key(int nrbits, int exponent, int result) 730*62c56f98SSadaf Ebrahimi{ 731*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 732*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 733*62c56f98SSadaf Ebrahimi 734*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 735*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 736*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, 737*62c56f98SSadaf Ebrahimi exponent) == result); 738*62c56f98SSadaf Ebrahimi if (result == 0) { 739*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 740*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0); 741*62c56f98SSadaf Ebrahimi } 742*62c56f98SSadaf Ebrahimi 743*62c56f98SSadaf Ebrahimiexit: 744*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 745*62c56f98SSadaf Ebrahimi} 746*62c56f98SSadaf Ebrahimi/* END_CASE */ 747*62c56f98SSadaf Ebrahimi 748*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 749*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_deduce_primes(char *input_N, 750*62c56f98SSadaf Ebrahimi char *input_D, 751*62c56f98SSadaf Ebrahimi char *input_E, 752*62c56f98SSadaf Ebrahimi char *output_P, 753*62c56f98SSadaf Ebrahimi char *output_Q, 754*62c56f98SSadaf Ebrahimi int corrupt, int result) 755*62c56f98SSadaf Ebrahimi{ 756*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Pp, Q, Qp, D, E; 757*62c56f98SSadaf Ebrahimi 758*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); 759*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 760*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp); 761*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 762*62c56f98SSadaf Ebrahimi 763*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 764*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 765*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 766*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0); 767*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0); 768*62c56f98SSadaf Ebrahimi 769*62c56f98SSadaf Ebrahimi if (corrupt) { 770*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0); 771*62c56f98SSadaf Ebrahimi } 772*62c56f98SSadaf Ebrahimi 773*62c56f98SSadaf Ebrahimi /* Try to deduce P, Q from N, D, E only. */ 774*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result); 775*62c56f98SSadaf Ebrahimi 776*62c56f98SSadaf Ebrahimi if (!corrupt) { 777*62c56f98SSadaf Ebrahimi /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 778*62c56f98SSadaf Ebrahimi TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) || 779*62c56f98SSadaf Ebrahimi (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0)); 780*62c56f98SSadaf Ebrahimi } 781*62c56f98SSadaf Ebrahimi 782*62c56f98SSadaf Ebrahimiexit: 783*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); 784*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 785*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp); 786*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 787*62c56f98SSadaf Ebrahimi} 788*62c56f98SSadaf Ebrahimi/* END_CASE */ 789*62c56f98SSadaf Ebrahimi 790*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 791*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_deduce_private_exponent(char *input_P, 792*62c56f98SSadaf Ebrahimi char *input_Q, 793*62c56f98SSadaf Ebrahimi char *input_E, 794*62c56f98SSadaf Ebrahimi char *output_D, 795*62c56f98SSadaf Ebrahimi int corrupt, int result) 796*62c56f98SSadaf Ebrahimi{ 797*62c56f98SSadaf Ebrahimi mbedtls_mpi P, Q, D, Dp, E, R, Rp; 798*62c56f98SSadaf Ebrahimi 799*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 800*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp); 801*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&E); 802*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp); 803*62c56f98SSadaf Ebrahimi 804*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 805*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 806*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 807*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0); 808*62c56f98SSadaf Ebrahimi 809*62c56f98SSadaf Ebrahimi if (corrupt) { 810*62c56f98SSadaf Ebrahimi /* Make E even */ 811*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0); 812*62c56f98SSadaf Ebrahimi } 813*62c56f98SSadaf Ebrahimi 814*62c56f98SSadaf Ebrahimi /* Try to deduce D from N, P, Q, E. */ 815*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q, 816*62c56f98SSadaf Ebrahimi &E, &D) == result); 817*62c56f98SSadaf Ebrahimi 818*62c56f98SSadaf Ebrahimi if (!corrupt) { 819*62c56f98SSadaf Ebrahimi /* 820*62c56f98SSadaf Ebrahimi * Check that D and Dp agree modulo LCM(P-1, Q-1). 821*62c56f98SSadaf Ebrahimi */ 822*62c56f98SSadaf Ebrahimi 823*62c56f98SSadaf Ebrahimi /* Replace P,Q by P-1, Q-1 */ 824*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0); 825*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0); 826*62c56f98SSadaf Ebrahimi 827*62c56f98SSadaf Ebrahimi /* Check D == Dp modulo P-1 */ 828*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0); 829*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0); 830*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 831*62c56f98SSadaf Ebrahimi 832*62c56f98SSadaf Ebrahimi /* Check D == Dp modulo Q-1 */ 833*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0); 834*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0); 835*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 836*62c56f98SSadaf Ebrahimi } 837*62c56f98SSadaf Ebrahimi 838*62c56f98SSadaf Ebrahimiexit: 839*62c56f98SSadaf Ebrahimi 840*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 841*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp); 842*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&E); 843*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp); 844*62c56f98SSadaf Ebrahimi} 845*62c56f98SSadaf Ebrahimi/* END_CASE */ 846*62c56f98SSadaf Ebrahimi 847*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 848*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_import(char *input_N, 849*62c56f98SSadaf Ebrahimi char *input_P, 850*62c56f98SSadaf Ebrahimi char *input_Q, 851*62c56f98SSadaf Ebrahimi char *input_D, 852*62c56f98SSadaf Ebrahimi char *input_E, 853*62c56f98SSadaf Ebrahimi int successive, 854*62c56f98SSadaf Ebrahimi int is_priv, 855*62c56f98SSadaf Ebrahimi int res_check, 856*62c56f98SSadaf Ebrahimi int res_complete) 857*62c56f98SSadaf Ebrahimi{ 858*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, D, E; 859*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 860*62c56f98SSadaf Ebrahimi 861*62c56f98SSadaf Ebrahimi /* Buffers used for encryption-decryption test */ 862*62c56f98SSadaf Ebrahimi unsigned char *buf_orig = NULL; 863*62c56f98SSadaf Ebrahimi unsigned char *buf_enc = NULL; 864*62c56f98SSadaf Ebrahimi unsigned char *buf_dec = NULL; 865*62c56f98SSadaf Ebrahimi 866*62c56f98SSadaf Ebrahimi const int have_N = (strlen(input_N) > 0); 867*62c56f98SSadaf Ebrahimi const int have_P = (strlen(input_P) > 0); 868*62c56f98SSadaf Ebrahimi const int have_Q = (strlen(input_Q) > 0); 869*62c56f98SSadaf Ebrahimi const int have_D = (strlen(input_D) > 0); 870*62c56f98SSadaf Ebrahimi const int have_E = (strlen(input_E) > 0); 871*62c56f98SSadaf Ebrahimi 872*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 873*62c56f98SSadaf Ebrahimi 874*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); 875*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 876*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 877*62c56f98SSadaf Ebrahimi 878*62c56f98SSadaf Ebrahimi if (have_N) { 879*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 880*62c56f98SSadaf Ebrahimi } 881*62c56f98SSadaf Ebrahimi 882*62c56f98SSadaf Ebrahimi if (have_P) { 883*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 884*62c56f98SSadaf Ebrahimi } 885*62c56f98SSadaf Ebrahimi 886*62c56f98SSadaf Ebrahimi if (have_Q) { 887*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 888*62c56f98SSadaf Ebrahimi } 889*62c56f98SSadaf Ebrahimi 890*62c56f98SSadaf Ebrahimi if (have_D) { 891*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 892*62c56f98SSadaf Ebrahimi } 893*62c56f98SSadaf Ebrahimi 894*62c56f98SSadaf Ebrahimi if (have_E) { 895*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 896*62c56f98SSadaf Ebrahimi } 897*62c56f98SSadaf Ebrahimi 898*62c56f98SSadaf Ebrahimi if (!successive) { 899*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 900*62c56f98SSadaf Ebrahimi have_N ? &N : NULL, 901*62c56f98SSadaf Ebrahimi have_P ? &P : NULL, 902*62c56f98SSadaf Ebrahimi have_Q ? &Q : NULL, 903*62c56f98SSadaf Ebrahimi have_D ? &D : NULL, 904*62c56f98SSadaf Ebrahimi have_E ? &E : NULL) == 0); 905*62c56f98SSadaf Ebrahimi } else { 906*62c56f98SSadaf Ebrahimi /* Import N, P, Q, D, E separately. 907*62c56f98SSadaf Ebrahimi * This should make no functional difference. */ 908*62c56f98SSadaf Ebrahimi 909*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 910*62c56f98SSadaf Ebrahimi have_N ? &N : NULL, 911*62c56f98SSadaf Ebrahimi NULL, NULL, NULL, NULL) == 0); 912*62c56f98SSadaf Ebrahimi 913*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 914*62c56f98SSadaf Ebrahimi NULL, 915*62c56f98SSadaf Ebrahimi have_P ? &P : NULL, 916*62c56f98SSadaf Ebrahimi NULL, NULL, NULL) == 0); 917*62c56f98SSadaf Ebrahimi 918*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 919*62c56f98SSadaf Ebrahimi NULL, NULL, 920*62c56f98SSadaf Ebrahimi have_Q ? &Q : NULL, 921*62c56f98SSadaf Ebrahimi NULL, NULL) == 0); 922*62c56f98SSadaf Ebrahimi 923*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 924*62c56f98SSadaf Ebrahimi NULL, NULL, NULL, 925*62c56f98SSadaf Ebrahimi have_D ? &D : NULL, 926*62c56f98SSadaf Ebrahimi NULL) == 0); 927*62c56f98SSadaf Ebrahimi 928*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 929*62c56f98SSadaf Ebrahimi NULL, NULL, NULL, NULL, 930*62c56f98SSadaf Ebrahimi have_E ? &E : NULL) == 0); 931*62c56f98SSadaf Ebrahimi } 932*62c56f98SSadaf Ebrahimi 933*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 934*62c56f98SSadaf Ebrahimi 935*62c56f98SSadaf Ebrahimi /* On expected success, perform some public and private 936*62c56f98SSadaf Ebrahimi * key operations to check if the key is working properly. */ 937*62c56f98SSadaf Ebrahimi if (res_complete == 0) { 938*62c56f98SSadaf Ebrahimi if (is_priv) { 939*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 940*62c56f98SSadaf Ebrahimi } else { 941*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 942*62c56f98SSadaf Ebrahimi } 943*62c56f98SSadaf Ebrahimi 944*62c56f98SSadaf Ebrahimi if (res_check != 0) { 945*62c56f98SSadaf Ebrahimi goto exit; 946*62c56f98SSadaf Ebrahimi } 947*62c56f98SSadaf Ebrahimi 948*62c56f98SSadaf Ebrahimi buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 949*62c56f98SSadaf Ebrahimi buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 950*62c56f98SSadaf Ebrahimi buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 951*62c56f98SSadaf Ebrahimi if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 952*62c56f98SSadaf Ebrahimi goto exit; 953*62c56f98SSadaf Ebrahimi } 954*62c56f98SSadaf Ebrahimi 955*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 956*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 957*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 958*62c56f98SSadaf Ebrahimi buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 959*62c56f98SSadaf Ebrahimi 960*62c56f98SSadaf Ebrahimi /* Make sure the number we're generating is smaller than the modulus */ 961*62c56f98SSadaf Ebrahimi buf_orig[0] = 0x00; 962*62c56f98SSadaf Ebrahimi 963*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 964*62c56f98SSadaf Ebrahimi 965*62c56f98SSadaf Ebrahimi if (is_priv) { 966*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 967*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 968*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 969*62c56f98SSadaf Ebrahimi NULL, buf_enc, 970*62c56f98SSadaf Ebrahimi buf_dec) == 0); 971*62c56f98SSadaf Ebrahimi 972*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(buf_orig, buf_dec, 973*62c56f98SSadaf Ebrahimi mbedtls_rsa_get_len(&ctx)) == 0); 974*62c56f98SSadaf Ebrahimi } 975*62c56f98SSadaf Ebrahimi } 976*62c56f98SSadaf Ebrahimi 977*62c56f98SSadaf Ebrahimiexit: 978*62c56f98SSadaf Ebrahimi 979*62c56f98SSadaf Ebrahimi mbedtls_free(buf_orig); 980*62c56f98SSadaf Ebrahimi mbedtls_free(buf_enc); 981*62c56f98SSadaf Ebrahimi mbedtls_free(buf_dec); 982*62c56f98SSadaf Ebrahimi 983*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 984*62c56f98SSadaf Ebrahimi 985*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); 986*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 987*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 988*62c56f98SSadaf Ebrahimi} 989*62c56f98SSadaf Ebrahimi/* END_CASE */ 990*62c56f98SSadaf Ebrahimi 991*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 992*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_export(char *input_N, 993*62c56f98SSadaf Ebrahimi char *input_P, 994*62c56f98SSadaf Ebrahimi char *input_Q, 995*62c56f98SSadaf Ebrahimi char *input_D, 996*62c56f98SSadaf Ebrahimi char *input_E, 997*62c56f98SSadaf Ebrahimi int is_priv, 998*62c56f98SSadaf Ebrahimi int successive) 999*62c56f98SSadaf Ebrahimi{ 1000*62c56f98SSadaf Ebrahimi /* Original MPI's with which we set up the RSA context */ 1001*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, D, E; 1002*62c56f98SSadaf Ebrahimi 1003*62c56f98SSadaf Ebrahimi /* Exported MPI's */ 1004*62c56f98SSadaf Ebrahimi mbedtls_mpi Ne, Pe, Qe, De, Ee; 1005*62c56f98SSadaf Ebrahimi 1006*62c56f98SSadaf Ebrahimi const int have_N = (strlen(input_N) > 0); 1007*62c56f98SSadaf Ebrahimi const int have_P = (strlen(input_P) > 0); 1008*62c56f98SSadaf Ebrahimi const int have_Q = (strlen(input_Q) > 0); 1009*62c56f98SSadaf Ebrahimi const int have_D = (strlen(input_D) > 0); 1010*62c56f98SSadaf Ebrahimi const int have_E = (strlen(input_E) > 0); 1011*62c56f98SSadaf Ebrahimi 1012*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 1013*62c56f98SSadaf Ebrahimi 1014*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 1015*62c56f98SSadaf Ebrahimi 1016*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); 1017*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1018*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1019*62c56f98SSadaf Ebrahimi 1020*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Ne); 1021*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe); 1022*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee); 1023*62c56f98SSadaf Ebrahimi 1024*62c56f98SSadaf Ebrahimi /* Setup RSA context */ 1025*62c56f98SSadaf Ebrahimi 1026*62c56f98SSadaf Ebrahimi if (have_N) { 1027*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1028*62c56f98SSadaf Ebrahimi } 1029*62c56f98SSadaf Ebrahimi 1030*62c56f98SSadaf Ebrahimi if (have_P) { 1031*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1032*62c56f98SSadaf Ebrahimi } 1033*62c56f98SSadaf Ebrahimi 1034*62c56f98SSadaf Ebrahimi if (have_Q) { 1035*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1036*62c56f98SSadaf Ebrahimi } 1037*62c56f98SSadaf Ebrahimi 1038*62c56f98SSadaf Ebrahimi if (have_D) { 1039*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1040*62c56f98SSadaf Ebrahimi } 1041*62c56f98SSadaf Ebrahimi 1042*62c56f98SSadaf Ebrahimi if (have_E) { 1043*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1044*62c56f98SSadaf Ebrahimi } 1045*62c56f98SSadaf Ebrahimi 1046*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import(&ctx, 1047*62c56f98SSadaf Ebrahimi strlen(input_N) ? &N : NULL, 1048*62c56f98SSadaf Ebrahimi strlen(input_P) ? &P : NULL, 1049*62c56f98SSadaf Ebrahimi strlen(input_Q) ? &Q : NULL, 1050*62c56f98SSadaf Ebrahimi strlen(input_D) ? &D : NULL, 1051*62c56f98SSadaf Ebrahimi strlen(input_E) ? &E : NULL) == 0); 1052*62c56f98SSadaf Ebrahimi 1053*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1054*62c56f98SSadaf Ebrahimi 1055*62c56f98SSadaf Ebrahimi /* 1056*62c56f98SSadaf Ebrahimi * Export parameters and compare to original ones. 1057*62c56f98SSadaf Ebrahimi */ 1058*62c56f98SSadaf Ebrahimi 1059*62c56f98SSadaf Ebrahimi /* N and E must always be present. */ 1060*62c56f98SSadaf Ebrahimi if (!successive) { 1061*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0); 1062*62c56f98SSadaf Ebrahimi } else { 1063*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0); 1064*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0); 1065*62c56f98SSadaf Ebrahimi } 1066*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0); 1067*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0); 1068*62c56f98SSadaf Ebrahimi 1069*62c56f98SSadaf Ebrahimi /* If we were providing enough information to setup a complete private context, 1070*62c56f98SSadaf Ebrahimi * we expect to be able to export all core parameters. */ 1071*62c56f98SSadaf Ebrahimi 1072*62c56f98SSadaf Ebrahimi if (is_priv) { 1073*62c56f98SSadaf Ebrahimi if (!successive) { 1074*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe, 1075*62c56f98SSadaf Ebrahimi &De, NULL) == 0); 1076*62c56f98SSadaf Ebrahimi } else { 1077*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL, 1078*62c56f98SSadaf Ebrahimi NULL, NULL) == 0); 1079*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe, 1080*62c56f98SSadaf Ebrahimi NULL, NULL) == 0); 1081*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, 1082*62c56f98SSadaf Ebrahimi &De, NULL) == 0); 1083*62c56f98SSadaf Ebrahimi } 1084*62c56f98SSadaf Ebrahimi 1085*62c56f98SSadaf Ebrahimi if (have_P) { 1086*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0); 1087*62c56f98SSadaf Ebrahimi } 1088*62c56f98SSadaf Ebrahimi 1089*62c56f98SSadaf Ebrahimi if (have_Q) { 1090*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0); 1091*62c56f98SSadaf Ebrahimi } 1092*62c56f98SSadaf Ebrahimi 1093*62c56f98SSadaf Ebrahimi if (have_D) { 1094*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0); 1095*62c56f98SSadaf Ebrahimi } 1096*62c56f98SSadaf Ebrahimi 1097*62c56f98SSadaf Ebrahimi /* While at it, perform a sanity check */ 1098*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee, 1099*62c56f98SSadaf Ebrahimi NULL, NULL) == 0); 1100*62c56f98SSadaf Ebrahimi } 1101*62c56f98SSadaf Ebrahimi 1102*62c56f98SSadaf Ebrahimiexit: 1103*62c56f98SSadaf Ebrahimi 1104*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 1105*62c56f98SSadaf Ebrahimi 1106*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); 1107*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1108*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1109*62c56f98SSadaf Ebrahimi 1110*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Ne); 1111*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe); 1112*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee); 1113*62c56f98SSadaf Ebrahimi} 1114*62c56f98SSadaf Ebrahimi/* END_CASE */ 1115*62c56f98SSadaf Ebrahimi 1116*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 1117*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_validate_params(char *input_N, 1118*62c56f98SSadaf Ebrahimi char *input_P, 1119*62c56f98SSadaf Ebrahimi char *input_Q, 1120*62c56f98SSadaf Ebrahimi char *input_D, 1121*62c56f98SSadaf Ebrahimi char *input_E, 1122*62c56f98SSadaf Ebrahimi int prng, int result) 1123*62c56f98SSadaf Ebrahimi{ 1124*62c56f98SSadaf Ebrahimi /* Original MPI's with which we set up the RSA context */ 1125*62c56f98SSadaf Ebrahimi mbedtls_mpi N, P, Q, D, E; 1126*62c56f98SSadaf Ebrahimi 1127*62c56f98SSadaf Ebrahimi const int have_N = (strlen(input_N) > 0); 1128*62c56f98SSadaf Ebrahimi const int have_P = (strlen(input_P) > 0); 1129*62c56f98SSadaf Ebrahimi const int have_Q = (strlen(input_Q) > 0); 1130*62c56f98SSadaf Ebrahimi const int have_D = (strlen(input_D) > 0); 1131*62c56f98SSadaf Ebrahimi const int have_E = (strlen(input_E) > 0); 1132*62c56f98SSadaf Ebrahimi 1133*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&N); 1134*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1135*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1136*62c56f98SSadaf Ebrahimi 1137*62c56f98SSadaf Ebrahimi if (have_N) { 1138*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1139*62c56f98SSadaf Ebrahimi } 1140*62c56f98SSadaf Ebrahimi 1141*62c56f98SSadaf Ebrahimi if (have_P) { 1142*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1143*62c56f98SSadaf Ebrahimi } 1144*62c56f98SSadaf Ebrahimi 1145*62c56f98SSadaf Ebrahimi if (have_Q) { 1146*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1147*62c56f98SSadaf Ebrahimi } 1148*62c56f98SSadaf Ebrahimi 1149*62c56f98SSadaf Ebrahimi if (have_D) { 1150*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1151*62c56f98SSadaf Ebrahimi } 1152*62c56f98SSadaf Ebrahimi 1153*62c56f98SSadaf Ebrahimi if (have_E) { 1154*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1155*62c56f98SSadaf Ebrahimi } 1156*62c56f98SSadaf Ebrahimi 1157*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 1158*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 1159*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL, 1160*62c56f98SSadaf Ebrahimi have_P ? &P : NULL, 1161*62c56f98SSadaf Ebrahimi have_Q ? &Q : NULL, 1162*62c56f98SSadaf Ebrahimi have_D ? &D : NULL, 1163*62c56f98SSadaf Ebrahimi have_E ? &E : NULL, 1164*62c56f98SSadaf Ebrahimi prng ? mbedtls_test_rnd_std_rand : NULL, 1165*62c56f98SSadaf Ebrahimi prng ? NULL : NULL) == result); 1166*62c56f98SSadaf Ebrahimi 1167*62c56f98SSadaf Ebrahimiexit: 1168*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&N); 1169*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1170*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1171*62c56f98SSadaf Ebrahimi} 1172*62c56f98SSadaf Ebrahimi/* END_CASE */ 1173*62c56f98SSadaf Ebrahimi 1174*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 1175*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P, 1176*62c56f98SSadaf Ebrahimi data_t *input_Q, data_t *input_D, 1177*62c56f98SSadaf Ebrahimi data_t *input_E, int is_priv, 1178*62c56f98SSadaf Ebrahimi int successive) 1179*62c56f98SSadaf Ebrahimi{ 1180*62c56f98SSadaf Ebrahimi /* Exported buffers */ 1181*62c56f98SSadaf Ebrahimi unsigned char bufNe[256]; 1182*62c56f98SSadaf Ebrahimi unsigned char bufPe[128]; 1183*62c56f98SSadaf Ebrahimi unsigned char bufQe[128]; 1184*62c56f98SSadaf Ebrahimi unsigned char bufDe[256]; 1185*62c56f98SSadaf Ebrahimi unsigned char bufEe[1]; 1186*62c56f98SSadaf Ebrahimi 1187*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 1188*62c56f98SSadaf Ebrahimi 1189*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 1190*62c56f98SSadaf Ebrahimi 1191*62c56f98SSadaf Ebrahimi /* Setup RSA context */ 1192*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1193*62c56f98SSadaf Ebrahimi input_N->len ? input_N->x : NULL, input_N->len, 1194*62c56f98SSadaf Ebrahimi input_P->len ? input_P->x : NULL, input_P->len, 1195*62c56f98SSadaf Ebrahimi input_Q->len ? input_Q->x : NULL, input_Q->len, 1196*62c56f98SSadaf Ebrahimi input_D->len ? input_D->x : NULL, input_D->len, 1197*62c56f98SSadaf Ebrahimi input_E->len ? input_E->x : NULL, input_E->len) == 0); 1198*62c56f98SSadaf Ebrahimi 1199*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1200*62c56f98SSadaf Ebrahimi 1201*62c56f98SSadaf Ebrahimi /* 1202*62c56f98SSadaf Ebrahimi * Export parameters and compare to original ones. 1203*62c56f98SSadaf Ebrahimi */ 1204*62c56f98SSadaf Ebrahimi 1205*62c56f98SSadaf Ebrahimi /* N and E must always be present. */ 1206*62c56f98SSadaf Ebrahimi if (!successive) { 1207*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1208*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, 1209*62c56f98SSadaf Ebrahimi bufEe, input_E->len) == 0); 1210*62c56f98SSadaf Ebrahimi } else { 1211*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1212*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, 1213*62c56f98SSadaf Ebrahimi NULL, 0) == 0); 1214*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1215*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, 1216*62c56f98SSadaf Ebrahimi bufEe, input_E->len) == 0); 1217*62c56f98SSadaf Ebrahimi } 1218*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0); 1219*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0); 1220*62c56f98SSadaf Ebrahimi 1221*62c56f98SSadaf Ebrahimi /* If we were providing enough information to setup a complete private context, 1222*62c56f98SSadaf Ebrahimi * we expect to be able to export all core parameters. */ 1223*62c56f98SSadaf Ebrahimi 1224*62c56f98SSadaf Ebrahimi if (is_priv) { 1225*62c56f98SSadaf Ebrahimi if (!successive) { 1226*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1227*62c56f98SSadaf Ebrahimi bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1228*62c56f98SSadaf Ebrahimi bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1229*62c56f98SSadaf Ebrahimi bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1230*62c56f98SSadaf Ebrahimi NULL, 0) == 0); 1231*62c56f98SSadaf Ebrahimi } else { 1232*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1233*62c56f98SSadaf Ebrahimi bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1234*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, 1235*62c56f98SSadaf Ebrahimi NULL, 0) == 0); 1236*62c56f98SSadaf Ebrahimi 1237*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, 1238*62c56f98SSadaf Ebrahimi bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1239*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0) == 0); 1240*62c56f98SSadaf Ebrahimi 1241*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0, 1242*62c56f98SSadaf Ebrahimi bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1243*62c56f98SSadaf Ebrahimi NULL, 0) == 0); 1244*62c56f98SSadaf Ebrahimi } 1245*62c56f98SSadaf Ebrahimi 1246*62c56f98SSadaf Ebrahimi if (input_P->len) { 1247*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0); 1248*62c56f98SSadaf Ebrahimi } 1249*62c56f98SSadaf Ebrahimi 1250*62c56f98SSadaf Ebrahimi if (input_Q->len) { 1251*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0); 1252*62c56f98SSadaf Ebrahimi } 1253*62c56f98SSadaf Ebrahimi 1254*62c56f98SSadaf Ebrahimi if (input_D->len) { 1255*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0); 1256*62c56f98SSadaf Ebrahimi } 1257*62c56f98SSadaf Ebrahimi 1258*62c56f98SSadaf Ebrahimi } 1259*62c56f98SSadaf Ebrahimi 1260*62c56f98SSadaf Ebrahimiexit: 1261*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 1262*62c56f98SSadaf Ebrahimi} 1263*62c56f98SSadaf Ebrahimi/* END_CASE */ 1264*62c56f98SSadaf Ebrahimi 1265*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 1266*62c56f98SSadaf Ebrahimivoid mbedtls_rsa_import_raw(data_t *input_N, 1267*62c56f98SSadaf Ebrahimi data_t *input_P, data_t *input_Q, 1268*62c56f98SSadaf Ebrahimi data_t *input_D, data_t *input_E, 1269*62c56f98SSadaf Ebrahimi int successive, 1270*62c56f98SSadaf Ebrahimi int is_priv, 1271*62c56f98SSadaf Ebrahimi int res_check, 1272*62c56f98SSadaf Ebrahimi int res_complete) 1273*62c56f98SSadaf Ebrahimi{ 1274*62c56f98SSadaf Ebrahimi /* Buffers used for encryption-decryption test */ 1275*62c56f98SSadaf Ebrahimi unsigned char *buf_orig = NULL; 1276*62c56f98SSadaf Ebrahimi unsigned char *buf_enc = NULL; 1277*62c56f98SSadaf Ebrahimi unsigned char *buf_dec = NULL; 1278*62c56f98SSadaf Ebrahimi 1279*62c56f98SSadaf Ebrahimi mbedtls_rsa_context ctx; 1280*62c56f98SSadaf Ebrahimi 1281*62c56f98SSadaf Ebrahimi mbedtls_rsa_init(&ctx); 1282*62c56f98SSadaf Ebrahimi 1283*62c56f98SSadaf Ebrahimi if (!successive) { 1284*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1285*62c56f98SSadaf Ebrahimi (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1286*62c56f98SSadaf Ebrahimi (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1287*62c56f98SSadaf Ebrahimi (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1288*62c56f98SSadaf Ebrahimi (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1289*62c56f98SSadaf Ebrahimi (input_E->len > 0) ? input_E->x : NULL, 1290*62c56f98SSadaf Ebrahimi input_E->len) == 0); 1291*62c56f98SSadaf Ebrahimi } else { 1292*62c56f98SSadaf Ebrahimi /* Import N, P, Q, D, E separately. 1293*62c56f98SSadaf Ebrahimi * This should make no functional difference. */ 1294*62c56f98SSadaf Ebrahimi 1295*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1296*62c56f98SSadaf Ebrahimi (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1297*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0); 1298*62c56f98SSadaf Ebrahimi 1299*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1300*62c56f98SSadaf Ebrahimi NULL, 0, 1301*62c56f98SSadaf Ebrahimi (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1302*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0) == 0); 1303*62c56f98SSadaf Ebrahimi 1304*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1305*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, 1306*62c56f98SSadaf Ebrahimi (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1307*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0) == 0); 1308*62c56f98SSadaf Ebrahimi 1309*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1310*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, 1311*62c56f98SSadaf Ebrahimi (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1312*62c56f98SSadaf Ebrahimi NULL, 0) == 0); 1313*62c56f98SSadaf Ebrahimi 1314*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1315*62c56f98SSadaf Ebrahimi NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1316*62c56f98SSadaf Ebrahimi (input_E->len > 0) ? input_E->x : NULL, 1317*62c56f98SSadaf Ebrahimi input_E->len) == 0); 1318*62c56f98SSadaf Ebrahimi } 1319*62c56f98SSadaf Ebrahimi 1320*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 1321*62c56f98SSadaf Ebrahimi 1322*62c56f98SSadaf Ebrahimi /* On expected success, perform some public and private 1323*62c56f98SSadaf Ebrahimi * key operations to check if the key is working properly. */ 1324*62c56f98SSadaf Ebrahimi if (res_complete == 0) { 1325*62c56f98SSadaf Ebrahimi if (is_priv) { 1326*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 1327*62c56f98SSadaf Ebrahimi } else { 1328*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 1329*62c56f98SSadaf Ebrahimi } 1330*62c56f98SSadaf Ebrahimi 1331*62c56f98SSadaf Ebrahimi if (res_check != 0) { 1332*62c56f98SSadaf Ebrahimi goto exit; 1333*62c56f98SSadaf Ebrahimi } 1334*62c56f98SSadaf Ebrahimi 1335*62c56f98SSadaf Ebrahimi buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1336*62c56f98SSadaf Ebrahimi buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1337*62c56f98SSadaf Ebrahimi buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1338*62c56f98SSadaf Ebrahimi if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 1339*62c56f98SSadaf Ebrahimi goto exit; 1340*62c56f98SSadaf Ebrahimi } 1341*62c56f98SSadaf Ebrahimi 1342*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 1343*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 1344*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 1345*62c56f98SSadaf Ebrahimi buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 1346*62c56f98SSadaf Ebrahimi 1347*62c56f98SSadaf Ebrahimi /* Make sure the number we're generating is smaller than the modulus */ 1348*62c56f98SSadaf Ebrahimi buf_orig[0] = 0x00; 1349*62c56f98SSadaf Ebrahimi 1350*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 1351*62c56f98SSadaf Ebrahimi 1352*62c56f98SSadaf Ebrahimi if (is_priv) { 1353*62c56f98SSadaf Ebrahimi /* This test uses an insecure RNG, suitable only for testing. 1354*62c56f98SSadaf Ebrahimi * In production, always use a cryptographically strong RNG! */ 1355*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 1356*62c56f98SSadaf Ebrahimi NULL, buf_enc, 1357*62c56f98SSadaf Ebrahimi buf_dec) == 0); 1358*62c56f98SSadaf Ebrahimi 1359*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(buf_orig, buf_dec, 1360*62c56f98SSadaf Ebrahimi mbedtls_rsa_get_len(&ctx)) == 0); 1361*62c56f98SSadaf Ebrahimi } 1362*62c56f98SSadaf Ebrahimi } 1363*62c56f98SSadaf Ebrahimi 1364*62c56f98SSadaf Ebrahimiexit: 1365*62c56f98SSadaf Ebrahimi 1366*62c56f98SSadaf Ebrahimi mbedtls_free(buf_orig); 1367*62c56f98SSadaf Ebrahimi mbedtls_free(buf_enc); 1368*62c56f98SSadaf Ebrahimi mbedtls_free(buf_dec); 1369*62c56f98SSadaf Ebrahimi 1370*62c56f98SSadaf Ebrahimi mbedtls_rsa_free(&ctx); 1371*62c56f98SSadaf Ebrahimi} 1372*62c56f98SSadaf Ebrahimi/* END_CASE */ 1373*62c56f98SSadaf Ebrahimi 1374*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1375*62c56f98SSadaf Ebrahimivoid rsa_selftest() 1376*62c56f98SSadaf Ebrahimi{ 1377*62c56f98SSadaf Ebrahimi MD_PSA_INIT(); 1378*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); 1379*62c56f98SSadaf Ebrahimi 1380*62c56f98SSadaf Ebrahimiexit: 1381*62c56f98SSadaf Ebrahimi MD_PSA_DONE(); 1382*62c56f98SSadaf Ebrahimi} 1383*62c56f98SSadaf Ebrahimi/* END_CASE */ 1384