1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "rsa_alt_helpers.h" 4 5#include "mbedtls/legacy_or_psa.h" 6/* END_HEADER */ 7 8/* BEGIN_DEPENDENCIES 9 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 10 * END_DEPENDENCIES 11 */ 12 13/* BEGIN_CASE */ 14void rsa_invalid_param( ) 15{ 16 mbedtls_rsa_context ctx; 17 const int invalid_padding = 42; 18 const int invalid_hash_id = 0xff; 19 unsigned char buf[] = {0x00,0x01,0x02,0x03,0x04,0x05}; 20 size_t buf_len = sizeof( buf ); 21 22 mbedtls_rsa_init( &ctx ); 23 24 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, 25 invalid_padding, 26 MBEDTLS_MD_NONE ), 27 MBEDTLS_ERR_RSA_INVALID_PADDING ); 28 29 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, 30 MBEDTLS_RSA_PKCS_V21, 31 invalid_hash_id ), 32 MBEDTLS_ERR_RSA_INVALID_PADDING ); 33 34 TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL, 35 NULL, MBEDTLS_MD_NONE, 36 buf_len, 37 NULL, buf), 38 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 39 40 TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL, 41 NULL, MBEDTLS_MD_SHA256, 42 0, 43 NULL, buf), 44 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 45 46 TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, 47 buf_len, 48 NULL, buf), 49 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 50 51 TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, 52 0, 53 NULL, buf), 54 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 55 56#if !defined(MBEDTLS_PKCS1_V15) 57 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, 58 MBEDTLS_RSA_PKCS_V15, 59 MBEDTLS_MD_NONE ), 60 MBEDTLS_ERR_RSA_INVALID_PADDING ); 61#endif 62 63#if defined(MBEDTLS_PKCS1_V15) 64 TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 65 NULL, MBEDTLS_MD_NONE, 66 buf_len, 67 NULL, buf), 68 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 69 70 TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 71 NULL, MBEDTLS_MD_SHA256, 72 0, 73 NULL, buf), 74 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 75 76 TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, 77 buf_len, 78 NULL, buf), 79 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 80 81 TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, 82 0, 83 NULL, buf), 84 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 85 86 87#endif 88 89#if !defined(MBEDTLS_PKCS1_V21) 90 TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, 91 MBEDTLS_RSA_PKCS_V21, 92 MBEDTLS_MD_NONE ), 93 MBEDTLS_ERR_RSA_INVALID_PADDING ); 94#endif 95 96#if defined(MBEDTLS_PKCS1_V21) 97 TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 98 MBEDTLS_MD_NONE, buf_len, 99 NULL, buf_len, 100 buf ), 101 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 102 103 TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 104 MBEDTLS_MD_SHA256, 0, 105 NULL, buf_len, 106 buf ), 107 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 108 109 TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, 110 buf_len, NULL, 111 MBEDTLS_MD_NONE, 112 buf_len, buf), 113 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 114 115 TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, 116 0, NULL, 117 MBEDTLS_MD_NONE, 118 buf_len, buf), 119 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 120 121 TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, 122 buf_len, 123 NULL, buf), 124 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 125 126 TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, 127 0, 128 NULL, buf), 129 MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 130#endif 131 132exit: 133 mbedtls_rsa_free( &ctx ); 134} 135/* END_CASE */ 136 137/* BEGIN_CASE */ 138void rsa_init_free( int reinit ) 139{ 140 mbedtls_rsa_context ctx; 141 142 /* Double free is not explicitly documented to work, but we rely on it 143 * even inside the library so that you can call mbedtls_rsa_free() 144 * unconditionally on an error path without checking whether it has 145 * already been called in the success path. */ 146 147 mbedtls_rsa_init( &ctx ); 148 mbedtls_rsa_free( &ctx ); 149 150 if( reinit ) 151 mbedtls_rsa_init( &ctx ); 152 mbedtls_rsa_free( &ctx ); 153 154 /* This test case always succeeds, functionally speaking. A plausible 155 * bug might trigger an invalid pointer dereference or a memory leak. */ 156 goto exit; 157} 158/* END_CASE */ 159 160/* BEGIN_CASE */ 161void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, 162 int digest, int mod, char * input_P, 163 char * input_Q, char * input_N, char * input_E, 164 data_t * result_str, int result ) 165{ 166 unsigned char output[256]; 167 mbedtls_rsa_context ctx; 168 mbedtls_mpi N, P, Q, E; 169 mbedtls_test_rnd_pseudo_info rnd_info; 170 171 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 172 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 173 mbedtls_rsa_init( &ctx ); 174 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode, 175 MBEDTLS_MD_NONE ) == 0 ); 176 177 memset( output, 0x00, sizeof( output ) ); 178 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 179 180 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 181 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 182 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 183 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 184 185 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 186 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 187 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 188 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 189 190 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( 191 &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, 192 digest, message_str->len, message_str->x, 193 output ) == result ); 194 if( result == 0 ) 195 { 196 197 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 198 ctx.len, result_str->len ) == 0 ); 199 } 200 201exit: 202 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 203 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 204 mbedtls_rsa_free( &ctx ); 205} 206/* END_CASE */ 207 208/* BEGIN_CASE */ 209void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, 210 int digest, int mod, 211 char * input_N, char * input_E, 212 data_t * result_str, int result ) 213{ 214 mbedtls_rsa_context ctx; 215 mbedtls_mpi N, E; 216 217 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 218 mbedtls_rsa_init( &ctx ); 219 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 220 MBEDTLS_MD_NONE ) == 0 ); 221 222 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 223 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 224 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 225 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 226 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 227 228 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, message_str->len, message_str->x, result_str->x ) == result ); 229 230exit: 231 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 232 mbedtls_rsa_free( &ctx ); 233} 234/* END_CASE */ 235 236 237/* BEGIN_CASE */ 238void rsa_pkcs1_sign_raw( data_t * hash_result, 239 int padding_mode, int mod, 240 char * input_P, char * input_Q, 241 char * input_N, char * input_E, 242 data_t * result_str ) 243{ 244 unsigned char output[256]; 245 mbedtls_rsa_context ctx; 246 mbedtls_mpi N, P, Q, E; 247 mbedtls_test_rnd_pseudo_info rnd_info; 248 249 mbedtls_rsa_init( &ctx ); 250 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 251 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 252 253 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 254 MBEDTLS_MD_NONE ) == 0 ); 255 256 memset( output, 0x00, sizeof( output ) ); 257 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 258 259 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 260 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 261 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 262 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 263 264 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 265 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 266 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 267 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 268 269 270 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, 271 &rnd_info, MBEDTLS_MD_NONE, 272 hash_result->len, 273 hash_result->x, output ) == 0 ); 274 275 276 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 277 ctx.len, result_str->len ) == 0 ); 278 279exit: 280 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 281 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 282 283 mbedtls_rsa_free( &ctx ); 284} 285/* END_CASE */ 286 287/* BEGIN_CASE */ 288void rsa_pkcs1_verify_raw( data_t * hash_result, 289 int padding_mode, int mod, 290 char * input_N, char * input_E, 291 data_t * result_str, int correct ) 292{ 293 unsigned char output[256]; 294 mbedtls_rsa_context ctx; 295 296 mbedtls_mpi N, E; 297 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 298 299 mbedtls_rsa_init( &ctx ); 300 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 301 MBEDTLS_MD_NONE ) == 0 ); 302 memset( output, 0x00, sizeof( output ) ); 303 304 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 305 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 306 307 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 308 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 309 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 310 311 312 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); 313 314exit: 315 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 316 mbedtls_rsa_free( &ctx ); 317} 318/* END_CASE */ 319 320/* BEGIN_CASE */ 321void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, 322 int mod, char * input_N, char * input_E, 323 data_t * result_str, int result ) 324{ 325 unsigned char output[256]; 326 mbedtls_rsa_context ctx; 327 mbedtls_test_rnd_pseudo_info rnd_info; 328 329 mbedtls_mpi N, E; 330 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 331 332 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 333 334 mbedtls_rsa_init( &ctx ); 335 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 336 MBEDTLS_MD_NONE ) == 0 ); 337 memset( output, 0x00, sizeof( output ) ); 338 339 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 340 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 341 342 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 343 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 344 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 345 346 347 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, 348 &mbedtls_test_rnd_pseudo_rand, 349 &rnd_info, message_str->len, 350 message_str->x, 351 output ) == result ); 352 if( result == 0 ) 353 { 354 355 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 356 ctx.len, result_str->len ) == 0 ); 357 } 358 359exit: 360 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 361 mbedtls_rsa_free( &ctx ); 362} 363/* END_CASE */ 364 365/* BEGIN_CASE */ 366void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, 367 int mod, char * input_N, char * input_E, 368 data_t * result_str, int result ) 369{ 370 unsigned char output[256]; 371 mbedtls_rsa_context ctx; 372 373 mbedtls_mpi N, E; 374 375 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 376 mbedtls_rsa_init( &ctx ); 377 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 378 MBEDTLS_MD_NONE ) == 0 ); 379 memset( output, 0x00, sizeof( output ) ); 380 381 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 382 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 383 384 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 385 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 386 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 387 388 389 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, 390 NULL, message_str->len, 391 message_str->x, 392 output ) == result ); 393 if( result == 0 ) 394 { 395 396 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 397 ctx.len, result_str->len ) == 0 ); 398 } 399 400exit: 401 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 402 mbedtls_rsa_free( &ctx ); 403} 404/* END_CASE */ 405 406/* BEGIN_CASE */ 407void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, 408 int mod, char * input_P, 409 char * input_Q, char * input_N, 410 char * input_E, int max_output, 411 data_t * result_str, int result ) 412{ 413 unsigned char output[32]; 414 mbedtls_rsa_context ctx; 415 size_t output_len; 416 mbedtls_test_rnd_pseudo_info rnd_info; 417 mbedtls_mpi N, P, Q, E; 418 419 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 420 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 421 422 mbedtls_rsa_init( &ctx ); 423 TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, 424 MBEDTLS_MD_NONE ) == 0 ); 425 426 memset( output, 0x00, sizeof( output ) ); 427 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 428 429 430 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 431 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 432 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 433 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 434 435 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 436 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 437 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 438 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 439 440 output_len = 0; 441 442 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, 443 &rnd_info, 444 &output_len, message_str->x, output, 445 max_output ) == result ); 446 if( result == 0 ) 447 { 448 449 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 450 output_len, 451 result_str->len ) == 0 ); 452 } 453 454exit: 455 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 456 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 457 mbedtls_rsa_free( &ctx ); 458} 459/* END_CASE */ 460 461/* BEGIN_CASE */ 462void mbedtls_rsa_public( data_t * message_str, int mod, 463 char * input_N, char * input_E, 464 data_t * result_str, int result ) 465{ 466 unsigned char output[256]; 467 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 468 469 mbedtls_mpi N, E; 470 471 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 472 mbedtls_rsa_init( &ctx ); 473 mbedtls_rsa_init( &ctx2 ); 474 memset( output, 0x00, sizeof( output ) ); 475 476 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 477 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 478 479 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 480 481 /* Check test data consistency */ 482 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); 483 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 484 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 485 486 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result ); 487 if( result == 0 ) 488 { 489 490 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 491 ctx.len, result_str->len ) == 0 ); 492 } 493 494 /* And now with the copy */ 495 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 496 /* clear the original to be sure */ 497 mbedtls_rsa_free( &ctx ); 498 499 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 ); 500 501 memset( output, 0x00, sizeof( output ) ); 502 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result ); 503 if( result == 0 ) 504 { 505 506 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 507 ctx.len, result_str->len ) == 0 ); 508 } 509 510exit: 511 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 512 mbedtls_rsa_free( &ctx ); 513 mbedtls_rsa_free( &ctx2 ); 514} 515/* END_CASE */ 516 517/* BEGIN_CASE */ 518void mbedtls_rsa_private( data_t * message_str, int mod, 519 char * input_P, char * input_Q, 520 char * input_N, char * input_E, 521 data_t * result_str, int result ) 522{ 523 unsigned char output[256]; 524 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 525 mbedtls_mpi N, P, Q, E; 526 mbedtls_test_rnd_pseudo_info rnd_info; 527 int i; 528 529 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 530 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 531 mbedtls_rsa_init( &ctx ); 532 mbedtls_rsa_init( &ctx2 ); 533 534 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 535 536 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 537 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 538 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 539 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 540 541 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 542 543 /* Check test data consistency */ 544 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); 545 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 546 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 547 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 548 549 /* repeat three times to test updating of blinding values */ 550 for( i = 0; i < 3; i++ ) 551 { 552 memset( output, 0x00, sizeof( output ) ); 553 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, 554 &rnd_info, message_str->x, 555 output ) == result ); 556 if( result == 0 ) 557 { 558 559 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 560 ctx.len, 561 result_str->len ) == 0 ); 562 } 563 } 564 565 /* And now one more time with the copy */ 566 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 567 /* clear the original to be sure */ 568 mbedtls_rsa_free( &ctx ); 569 570 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); 571 572 memset( output, 0x00, sizeof( output ) ); 573 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, 574 &rnd_info, message_str->x, 575 output ) == result ); 576 if( result == 0 ) 577 { 578 579 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 580 ctx2.len, 581 result_str->len ) == 0 ); 582 } 583 584exit: 585 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 586 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 587 588 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); 589} 590/* END_CASE */ 591 592/* BEGIN_CASE */ 593void rsa_check_privkey_null( ) 594{ 595 mbedtls_rsa_context ctx; 596 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) ); 597 598 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 599} 600/* END_CASE */ 601 602/* BEGIN_CASE */ 603void mbedtls_rsa_check_pubkey( char * input_N, char * input_E, int result ) 604{ 605 mbedtls_rsa_context ctx; 606 mbedtls_mpi N, E; 607 608 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 609 mbedtls_rsa_init( &ctx ); 610 611 if( strlen( input_N ) ) 612 { 613 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 614 } 615 if( strlen( input_E ) ) 616 { 617 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 618 } 619 620 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 621 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); 622 623exit: 624 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 625 mbedtls_rsa_free( &ctx ); 626} 627/* END_CASE */ 628 629/* BEGIN_CASE */ 630void mbedtls_rsa_check_privkey( int mod, char * input_P, char * input_Q, 631 char * input_N, char * input_E, char * input_D, 632 char * input_DP, char * input_DQ, char * input_QP, 633 int result ) 634{ 635 mbedtls_rsa_context ctx; 636 637 mbedtls_rsa_init( &ctx ); 638 639 ctx.len = mod / 8; 640 if( strlen( input_P ) ) 641 { 642 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, input_P ) == 0 ); 643 } 644 if( strlen( input_Q ) ) 645 { 646 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, input_Q ) == 0 ); 647 } 648 if( strlen( input_N ) ) 649 { 650 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, input_N ) == 0 ); 651 } 652 if( strlen( input_E ) ) 653 { 654 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, input_E ) == 0 ); 655 } 656 if( strlen( input_D ) ) 657 { 658 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, input_D ) == 0 ); 659 } 660#if !defined(MBEDTLS_RSA_NO_CRT) 661 if( strlen( input_DP ) ) 662 { 663 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, input_DP ) == 0 ); 664 } 665 if( strlen( input_DQ ) ) 666 { 667 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, input_DQ ) == 0 ); 668 } 669 if( strlen( input_QP ) ) 670 { 671 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, input_QP ) == 0 ); 672 } 673#else 674 ((void) input_DP); 675 ((void) input_DQ); 676 ((void) input_QP); 677#endif 678 679 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); 680 681exit: 682 mbedtls_rsa_free( &ctx ); 683} 684/* END_CASE */ 685 686/* BEGIN_CASE */ 687void rsa_check_pubpriv( int mod, char * input_Npub, char * input_Epub, 688 char * input_P, char * input_Q, char * input_N, 689 char * input_E, char * input_D, char * input_DP, 690 char * input_DQ, char * input_QP, int result ) 691{ 692 mbedtls_rsa_context pub, prv; 693 694 mbedtls_rsa_init( &pub ); 695 mbedtls_rsa_init( &prv ); 696 697 pub.len = mod / 8; 698 prv.len = mod / 8; 699 700 if( strlen( input_Npub ) ) 701 { 702 TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, input_Npub ) == 0 ); 703 } 704 if( strlen( input_Epub ) ) 705 { 706 TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, input_Epub ) == 0 ); 707 } 708 709 if( strlen( input_P ) ) 710 { 711 TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, input_P ) == 0 ); 712 } 713 if( strlen( input_Q ) ) 714 { 715 TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, input_Q ) == 0 ); 716 } 717 if( strlen( input_N ) ) 718 { 719 TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, input_N ) == 0 ); 720 } 721 if( strlen( input_E ) ) 722 { 723 TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, input_E ) == 0 ); 724 } 725 if( strlen( input_D ) ) 726 { 727 TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, input_D ) == 0 ); 728 } 729#if !defined(MBEDTLS_RSA_NO_CRT) 730 if( strlen( input_DP ) ) 731 { 732 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, input_DP ) == 0 ); 733 } 734 if( strlen( input_DQ ) ) 735 { 736 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, input_DQ ) == 0 ); 737 } 738 if( strlen( input_QP ) ) 739 { 740 TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, input_QP ) == 0 ); 741 } 742#else 743 ((void) input_DP); 744 ((void) input_DQ); 745 ((void) input_QP); 746#endif 747 748 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); 749 750exit: 751 mbedtls_rsa_free( &pub ); 752 mbedtls_rsa_free( &prv ); 753} 754/* END_CASE */ 755 756/* BEGIN_CASE */ 757void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) 758{ 759 mbedtls_rsa_context ctx; 760 mbedtls_rsa_init ( &ctx ); 761 762 /* This test uses an insecure RNG, suitable only for testing. 763 * In production, always use a cryptographically strong RNG! */ 764 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, exponent ) == result ); 765 if( result == 0 ) 766 { 767 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 768 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); 769 } 770 771exit: 772 mbedtls_rsa_free( &ctx ); 773} 774/* END_CASE */ 775 776/* BEGIN_CASE */ 777void mbedtls_rsa_deduce_primes( char *input_N, 778 char *input_D, 779 char *input_E, 780 char *output_P, 781 char *output_Q, 782 int corrupt, int result ) 783{ 784 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 785 786 mbedtls_mpi_init( &N ); 787 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 788 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); 789 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 790 791 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 792 TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 ); 793 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 794 TEST_ASSERT( mbedtls_test_read_mpi( &Qp, output_P ) == 0 ); 795 TEST_ASSERT( mbedtls_test_read_mpi( &Pp, output_Q ) == 0 ); 796 797 if( corrupt ) 798 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); 799 800 /* Try to deduce P, Q from N, D, E only. */ 801 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); 802 803 if( !corrupt ) 804 { 805 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 806 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || 807 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); 808 } 809 810exit: 811 mbedtls_mpi_free( &N ); 812 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 813 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); 814 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 815} 816/* END_CASE */ 817 818/* BEGIN_CASE */ 819void mbedtls_rsa_deduce_private_exponent( char *input_P, 820 char *input_Q, 821 char *input_E, 822 char *output_D, 823 int corrupt, int result ) 824{ 825 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 826 827 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 828 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); 829 mbedtls_mpi_init( &E ); 830 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); 831 832 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 833 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 834 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 835 TEST_ASSERT( mbedtls_test_read_mpi( &Dp, output_D ) == 0 ); 836 837 if( corrupt ) 838 { 839 /* Make E even */ 840 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); 841 } 842 843 /* Try to deduce D from N, P, Q, E. */ 844 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, 845 &E, &D ) == result ); 846 847 if( !corrupt ) 848 { 849 /* 850 * Check that D and Dp agree modulo LCM(P-1, Q-1). 851 */ 852 853 /* Replace P,Q by P-1, Q-1 */ 854 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); 855 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); 856 857 /* Check D == Dp modulo P-1 */ 858 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); 859 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); 860 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 861 862 /* Check D == Dp modulo Q-1 */ 863 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); 864 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); 865 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 866 } 867 868exit: 869 870 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 871 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); 872 mbedtls_mpi_free( &E ); 873 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); 874} 875/* END_CASE */ 876 877/* BEGIN_CASE */ 878void mbedtls_rsa_import( char *input_N, 879 char *input_P, 880 char *input_Q, 881 char *input_D, 882 char *input_E, 883 int successive, 884 int is_priv, 885 int res_check, 886 int res_complete ) 887{ 888 mbedtls_mpi N, P, Q, D, E; 889 mbedtls_rsa_context ctx; 890 891 /* Buffers used for encryption-decryption test */ 892 unsigned char *buf_orig = NULL; 893 unsigned char *buf_enc = NULL; 894 unsigned char *buf_dec = NULL; 895 896 const int have_N = ( strlen( input_N ) > 0 ); 897 const int have_P = ( strlen( input_P ) > 0 ); 898 const int have_Q = ( strlen( input_Q ) > 0 ); 899 const int have_D = ( strlen( input_D ) > 0 ); 900 const int have_E = ( strlen( input_E ) > 0 ); 901 902 mbedtls_rsa_init( &ctx ); 903 904 mbedtls_mpi_init( &N ); 905 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 906 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 907 908 if( have_N ) 909 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 910 911 if( have_P ) 912 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 913 914 if( have_Q ) 915 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 916 917 if( have_D ) 918 TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 ); 919 920 if( have_E ) 921 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 922 923 if( !successive ) 924 { 925 TEST_ASSERT( mbedtls_rsa_import( &ctx, 926 have_N ? &N : NULL, 927 have_P ? &P : NULL, 928 have_Q ? &Q : NULL, 929 have_D ? &D : NULL, 930 have_E ? &E : NULL ) == 0 ); 931 } 932 else 933 { 934 /* Import N, P, Q, D, E separately. 935 * This should make no functional difference. */ 936 937 TEST_ASSERT( mbedtls_rsa_import( &ctx, 938 have_N ? &N : NULL, 939 NULL, NULL, NULL, NULL ) == 0 ); 940 941 TEST_ASSERT( mbedtls_rsa_import( &ctx, 942 NULL, 943 have_P ? &P : NULL, 944 NULL, NULL, NULL ) == 0 ); 945 946 TEST_ASSERT( mbedtls_rsa_import( &ctx, 947 NULL, NULL, 948 have_Q ? &Q : NULL, 949 NULL, NULL ) == 0 ); 950 951 TEST_ASSERT( mbedtls_rsa_import( &ctx, 952 NULL, NULL, NULL, 953 have_D ? &D : NULL, 954 NULL ) == 0 ); 955 956 TEST_ASSERT( mbedtls_rsa_import( &ctx, 957 NULL, NULL, NULL, NULL, 958 have_E ? &E : NULL ) == 0 ); 959 } 960 961 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 962 963 /* On expected success, perform some public and private 964 * key operations to check if the key is working properly. */ 965 if( res_complete == 0 ) 966 { 967 if( is_priv ) 968 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 969 else 970 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 971 972 if( res_check != 0 ) 973 goto exit; 974 975 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 976 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 977 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 978 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 979 goto exit; 980 981 /* This test uses an insecure RNG, suitable only for testing. 982 * In production, always use a cryptographically strong RNG! */ 983 TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL, 984 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 985 986 /* Make sure the number we're generating is smaller than the modulus */ 987 buf_orig[0] = 0x00; 988 989 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 990 991 if( is_priv ) 992 { 993 /* This test uses an insecure RNG, suitable only for testing. 994 * In production, always use a cryptographically strong RNG! */ 995 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand, 996 NULL, buf_enc, 997 buf_dec ) == 0 ); 998 999 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1000 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1001 } 1002 } 1003 1004exit: 1005 1006 mbedtls_free( buf_orig ); 1007 mbedtls_free( buf_enc ); 1008 mbedtls_free( buf_dec ); 1009 1010 mbedtls_rsa_free( &ctx ); 1011 1012 mbedtls_mpi_free( &N ); 1013 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1014 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1015} 1016/* END_CASE */ 1017 1018/* BEGIN_CASE */ 1019void mbedtls_rsa_export( char *input_N, 1020 char *input_P, 1021 char *input_Q, 1022 char *input_D, 1023 char *input_E, 1024 int is_priv, 1025 int successive ) 1026{ 1027 /* Original MPI's with which we set up the RSA context */ 1028 mbedtls_mpi N, P, Q, D, E; 1029 1030 /* Exported MPI's */ 1031 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1032 1033 const int have_N = ( strlen( input_N ) > 0 ); 1034 const int have_P = ( strlen( input_P ) > 0 ); 1035 const int have_Q = ( strlen( input_Q ) > 0 ); 1036 const int have_D = ( strlen( input_D ) > 0 ); 1037 const int have_E = ( strlen( input_E ) > 0 ); 1038 1039 mbedtls_rsa_context ctx; 1040 1041 mbedtls_rsa_init( &ctx ); 1042 1043 mbedtls_mpi_init( &N ); 1044 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1045 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1046 1047 mbedtls_mpi_init( &Ne ); 1048 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); 1049 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); 1050 1051 /* Setup RSA context */ 1052 1053 if( have_N ) 1054 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 1055 1056 if( have_P ) 1057 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 1058 1059 if( have_Q ) 1060 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 1061 1062 if( have_D ) 1063 TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 ); 1064 1065 if( have_E ) 1066 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 1067 1068 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1069 strlen( input_N ) ? &N : NULL, 1070 strlen( input_P ) ? &P : NULL, 1071 strlen( input_Q ) ? &Q : NULL, 1072 strlen( input_D ) ? &D : NULL, 1073 strlen( input_E ) ? &E : NULL ) == 0 ); 1074 1075 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1076 1077 /* 1078 * Export parameters and compare to original ones. 1079 */ 1080 1081 /* N and E must always be present. */ 1082 if( !successive ) 1083 { 1084 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); 1085 } 1086 else 1087 { 1088 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); 1089 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); 1090 } 1091 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); 1092 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); 1093 1094 /* If we were providing enough information to setup a complete private context, 1095 * we expect to be able to export all core parameters. */ 1096 1097 if( is_priv ) 1098 { 1099 if( !successive ) 1100 { 1101 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, 1102 &De, NULL ) == 0 ); 1103 } 1104 else 1105 { 1106 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, 1107 NULL, NULL ) == 0 ); 1108 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, 1109 NULL, NULL ) == 0 ); 1110 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, 1111 &De, NULL ) == 0 ); 1112 } 1113 1114 if( have_P ) 1115 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); 1116 1117 if( have_Q ) 1118 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); 1119 1120 if( have_D ) 1121 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); 1122 1123 /* While at it, perform a sanity check */ 1124 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee, 1125 NULL, NULL ) == 0 ); 1126 } 1127 1128exit: 1129 1130 mbedtls_rsa_free( &ctx ); 1131 1132 mbedtls_mpi_free( &N ); 1133 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1134 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1135 1136 mbedtls_mpi_free( &Ne ); 1137 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); 1138 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); 1139} 1140/* END_CASE */ 1141 1142/* BEGIN_CASE */ 1143void mbedtls_rsa_validate_params( char *input_N, 1144 char *input_P, 1145 char *input_Q, 1146 char *input_D, 1147 char *input_E, 1148 int prng, int result ) 1149{ 1150 /* Original MPI's with which we set up the RSA context */ 1151 mbedtls_mpi N, P, Q, D, E; 1152 1153 const int have_N = ( strlen( input_N ) > 0 ); 1154 const int have_P = ( strlen( input_P ) > 0 ); 1155 const int have_Q = ( strlen( input_Q ) > 0 ); 1156 const int have_D = ( strlen( input_D ) > 0 ); 1157 const int have_E = ( strlen( input_E ) > 0 ); 1158 1159 mbedtls_mpi_init( &N ); 1160 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1161 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1162 1163 if( have_N ) 1164 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 1165 1166 if( have_P ) 1167 TEST_ASSERT( mbedtls_test_read_mpi( &P, input_P ) == 0 ); 1168 1169 if( have_Q ) 1170 TEST_ASSERT( mbedtls_test_read_mpi( &Q, input_Q ) == 0 ); 1171 1172 if( have_D ) 1173 TEST_ASSERT( mbedtls_test_read_mpi( &D, input_D ) == 0 ); 1174 1175 if( have_E ) 1176 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 1177 1178 /* This test uses an insecure RNG, suitable only for testing. 1179 * In production, always use a cryptographically strong RNG! */ 1180 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, 1181 have_P ? &P : NULL, 1182 have_Q ? &Q : NULL, 1183 have_D ? &D : NULL, 1184 have_E ? &E : NULL, 1185 prng ? mbedtls_test_rnd_std_rand : NULL, 1186 prng ? NULL : NULL ) == result ); 1187 1188exit: 1189 mbedtls_mpi_free( &N ); 1190 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1191 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1192} 1193/* END_CASE */ 1194 1195/* BEGIN_CASE */ 1196void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P, 1197 data_t *input_Q, data_t *input_D, 1198 data_t *input_E, int is_priv, 1199 int successive ) 1200{ 1201 /* Exported buffers */ 1202 unsigned char bufNe[256]; 1203 unsigned char bufPe[128]; 1204 unsigned char bufQe[128]; 1205 unsigned char bufDe[256]; 1206 unsigned char bufEe[1]; 1207 1208 mbedtls_rsa_context ctx; 1209 1210 mbedtls_rsa_init( &ctx ); 1211 1212 /* Setup RSA context */ 1213 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1214 input_N->len ? input_N->x : NULL, input_N->len, 1215 input_P->len ? input_P->x : NULL, input_P->len, 1216 input_Q->len ? input_Q->x : NULL, input_Q->len, 1217 input_D->len ? input_D->x : NULL, input_D->len, 1218 input_E->len ? input_E->x : NULL, input_E->len ) == 0 ); 1219 1220 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1221 1222 /* 1223 * Export parameters and compare to original ones. 1224 */ 1225 1226 /* N and E must always be present. */ 1227 if( !successive ) 1228 { 1229 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1230 NULL, 0, NULL, 0, NULL, 0, 1231 bufEe, input_E->len ) == 0 ); 1232 } 1233 else 1234 { 1235 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1236 NULL, 0, NULL, 0, NULL, 0, 1237 NULL, 0 ) == 0 ); 1238 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1239 NULL, 0, NULL, 0, NULL, 0, 1240 bufEe, input_E->len ) == 0 ); 1241 } 1242 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 ); 1243 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 ); 1244 1245 /* If we were providing enough information to setup a complete private context, 1246 * we expect to be able to export all core parameters. */ 1247 1248 if( is_priv ) 1249 { 1250 if( !successive ) 1251 { 1252 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1253 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1254 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1255 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1256 NULL, 0 ) == 0 ); 1257 } 1258 else 1259 { 1260 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1261 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1262 NULL, 0, NULL, 0, 1263 NULL, 0 ) == 0 ); 1264 1265 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, 1266 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1267 NULL, 0, NULL, 0 ) == 0 ); 1268 1269 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0, 1270 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1271 NULL, 0 ) == 0 ); 1272 } 1273 1274 if( input_P->len ) 1275 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 ); 1276 1277 if( input_Q->len ) 1278 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 ); 1279 1280 if( input_D->len ) 1281 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 ); 1282 1283 } 1284 1285exit: 1286 mbedtls_rsa_free( &ctx ); 1287} 1288/* END_CASE */ 1289 1290/* BEGIN_CASE */ 1291void mbedtls_rsa_import_raw( data_t *input_N, 1292 data_t *input_P, data_t *input_Q, 1293 data_t *input_D, data_t *input_E, 1294 int successive, 1295 int is_priv, 1296 int res_check, 1297 int res_complete ) 1298{ 1299 /* Buffers used for encryption-decryption test */ 1300 unsigned char *buf_orig = NULL; 1301 unsigned char *buf_enc = NULL; 1302 unsigned char *buf_dec = NULL; 1303 1304 mbedtls_rsa_context ctx; 1305 1306 mbedtls_rsa_init( &ctx ); 1307 1308 if( !successive ) 1309 { 1310 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1311 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1312 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1313 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1314 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1315 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1316 } 1317 else 1318 { 1319 /* Import N, P, Q, D, E separately. 1320 * This should make no functional difference. */ 1321 1322 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1323 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1324 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1325 1326 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1327 NULL, 0, 1328 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1329 NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1330 1331 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1332 NULL, 0, NULL, 0, 1333 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1334 NULL, 0, NULL, 0 ) == 0 ); 1335 1336 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1337 NULL, 0, NULL, 0, NULL, 0, 1338 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1339 NULL, 0 ) == 0 ); 1340 1341 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1342 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1343 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1344 } 1345 1346 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1347 1348 /* On expected success, perform some public and private 1349 * key operations to check if the key is working properly. */ 1350 if( res_complete == 0 ) 1351 { 1352 if( is_priv ) 1353 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1354 else 1355 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1356 1357 if( res_check != 0 ) 1358 goto exit; 1359 1360 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1361 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1362 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1363 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1364 goto exit; 1365 1366 /* This test uses an insecure RNG, suitable only for testing. 1367 * In production, always use a cryptographically strong RNG! */ 1368 TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL, 1369 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1370 1371 /* Make sure the number we're generating is smaller than the modulus */ 1372 buf_orig[0] = 0x00; 1373 1374 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1375 1376 if( is_priv ) 1377 { 1378 /* This test uses an insecure RNG, suitable only for testing. 1379 * In production, always use a cryptographically strong RNG! */ 1380 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand, 1381 NULL, buf_enc, 1382 buf_dec ) == 0 ); 1383 1384 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1385 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1386 } 1387 } 1388 1389exit: 1390 1391 mbedtls_free( buf_orig ); 1392 mbedtls_free( buf_enc ); 1393 mbedtls_free( buf_dec ); 1394 1395 mbedtls_rsa_free( &ctx ); 1396} 1397/* END_CASE */ 1398 1399/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1400void rsa_selftest( ) 1401{ 1402 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); 1403} 1404/* END_CASE */ 1405
