1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/md.h" 4/* END_HEADER */ 5 6/* BEGIN_DEPENDENCIES 7 * depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_C:MBEDTLS_SHA1_C 8 * END_DEPENDENCIES 9 */ 10 11/* BEGIN_CASE */ 12void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E, 13 char *input_E, int hash, 14 char *message_hex_string, char *seed, 15 char *result_hex_str, int result ) 16{ 17 unsigned char message_str[1000]; 18 unsigned char output[1000]; 19 unsigned char output_str[1000]; 20 unsigned char rnd_buf[1000]; 21 mbedtls_rsa_context ctx; 22 size_t msg_len; 23 rnd_buf_info info; 24 25 info.length = unhexify( rnd_buf, seed ); 26 info.buf = rnd_buf; 27 28 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); 29 memset( message_str, 0x00, 1000 ); 30 memset( output, 0x00, 1000 ); 31 memset( output_str, 0x00, 1000 ); 32 33 ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); 34 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 35 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 36 37 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 38 39 msg_len = unhexify( message_str, message_hex_string ); 40 41 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); 42 if( result == 0 ) 43 { 44 hexify( output_str, output, ctx.len ); 45 46 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); 47 } 48 49exit: 50 mbedtls_rsa_free( &ctx ); 51} 52/* END_CASE */ 53 54/* BEGIN_CASE */ 55void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, 56 int radix_Q, char *input_Q, int radix_N, 57 char *input_N, int radix_E, char *input_E, 58 int hash, char *result_hex_str, char *seed, 59 char *message_hex_string, int result ) 60{ 61 unsigned char message_str[1000]; 62 unsigned char output[1000]; 63 unsigned char output_str[1000]; 64 mbedtls_rsa_context ctx; 65 mbedtls_mpi P1, Q1, H, G; 66 size_t output_len; 67 rnd_pseudo_info rnd_info; 68 ((void) seed); 69 70 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); 71 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); 72 73 memset( message_str, 0x00, 1000 ); 74 memset( output, 0x00, 1000 ); 75 memset( output_str, 0x00, 1000 ); 76 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 77 78 ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); 79 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); 80 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); 81 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 82 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 83 84 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); 85 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); 86 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); 87 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); 88 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); 89 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); 90 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); 91 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); 92 93 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 94 95 unhexify( message_str, message_hex_string ); 96 97 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); 98 if( result == 0 ) 99 { 100 hexify( output_str, output, ctx.len ); 101 102 TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); 103 } 104 105exit: 106 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); 107 mbedtls_rsa_free( &ctx ); 108} 109/* END_CASE */ 110 111/* BEGIN_CASE */ 112void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, 113 char *input_Q, int radix_N, char *input_N, 114 int radix_E, char *input_E, int digest, int hash, 115 char *message_hex_string, char *salt, 116 char *result_hex_str, int result ) 117{ 118 unsigned char message_str[1000]; 119 unsigned char hash_result[1000]; 120 unsigned char output[1000]; 121 unsigned char output_str[1000]; 122 unsigned char rnd_buf[1000]; 123 mbedtls_rsa_context ctx; 124 mbedtls_mpi P1, Q1, H, G; 125 size_t msg_len; 126 rnd_buf_info info; 127 128 info.length = unhexify( rnd_buf, salt ); 129 info.buf = rnd_buf; 130 131 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); 132 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); 133 134 memset( message_str, 0x00, 1000 ); 135 memset( hash_result, 0x00, 1000 ); 136 memset( output, 0x00, 1000 ); 137 memset( output_str, 0x00, 1000 ); 138 139 ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); 140 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); 141 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); 142 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 143 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 144 145 TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); 146 TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); 147 TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); 148 TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); 149 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); 150 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); 151 TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); 152 TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); 153 154 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 155 156 msg_len = unhexify( message_str, message_hex_string ); 157 158 if( mbedtls_md_info_from_type( digest ) != NULL ) 159 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); 160 161 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); 162 if( result == 0 ) 163 { 164 hexify( output_str, output, ctx.len); 165 166 TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); 167 } 168 169exit: 170 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); 171 mbedtls_rsa_free( &ctx ); 172} 173/* END_CASE */ 174 175/* BEGIN_CASE */ 176void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E, 177 char *input_E, int digest, int hash, 178 char *message_hex_string, char *salt, 179 char *result_hex_str, int result ) 180{ 181 unsigned char message_str[1000]; 182 unsigned char hash_result[1000]; 183 unsigned char result_str[1000]; 184 mbedtls_rsa_context ctx; 185 size_t msg_len; 186 ((void) salt); 187 188 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); 189 memset( message_str, 0x00, 1000 ); 190 memset( hash_result, 0x00, 1000 ); 191 memset( result_str, 0x00, 1000 ); 192 193 ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); 194 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 195 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 196 197 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 198 199 msg_len = unhexify( message_str, message_hex_string ); 200 unhexify( result_str, result_hex_str ); 201 202 if( mbedtls_md_info_from_type( digest ) != NULL ) 203 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); 204 205 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); 206 207exit: 208 mbedtls_rsa_free( &ctx ); 209} 210/* END_CASE */ 211 212/* BEGIN_CASE */ 213void pkcs1_rsassa_pss_verify_ext( int mod, 214 int radix_N, char *input_N, 215 int radix_E, char *input_E, 216 int msg_digest_id, int ctx_hash, 217 int mgf_hash, int salt_len, 218 char *message_hex_string, 219 char *result_hex_str, 220 int result_simple, 221 int result_full ) 222{ 223 unsigned char message_str[1000]; 224 unsigned char hash_result[1000]; 225 unsigned char result_str[1000]; 226 mbedtls_rsa_context ctx; 227 size_t msg_len, hash_len; 228 229 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); 230 memset( message_str, 0x00, 1000 ); 231 memset( hash_result, 0x00, 1000 ); 232 memset( result_str, 0x00, 1000 ); 233 234 ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); 235 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 236 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 237 238 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 239 240 msg_len = unhexify( message_str, message_hex_string ); 241 unhexify( result_str, result_hex_str ); 242 243 if( msg_digest_id != MBEDTLS_MD_NONE ) 244 { 245 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ), 246 message_str, msg_len, hash_result ) == 0 ); 247 hash_len = 0; 248 } 249 else 250 { 251 memcpy( hash_result, message_str, msg_len ); 252 hash_len = msg_len; 253 } 254 255 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, 256 msg_digest_id, hash_len, hash_result, 257 result_str ) == result_simple ); 258 259 TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, 260 msg_digest_id, hash_len, hash_result, 261 mgf_hash, salt_len, 262 result_str ) == result_full ); 263 264exit: 265 mbedtls_rsa_free( &ctx ); 266} 267/* END_CASE */ 268