test_suite_rsa.function (52743B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/rsa.h" 3 #include "bignum_core.h" 4 #include "rsa_alt_helpers.h" 5 #include "rsa_internal.h" 6 #include "test/bignum_codepath_check.h" 7 /* END_HEADER */ 8 9 /* BEGIN_DEPENDENCIES 10 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 11 * END_DEPENDENCIES 12 */ 13 14 /* BEGIN_CASE */ 15 void rsa_invalid_param() 16 { 17 mbedtls_rsa_context ctx; 18 const int invalid_padding = 42; 19 const int invalid_hash_id = 0xff; 20 unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; 21 size_t buf_len = sizeof(buf); 22 23 mbedtls_rsa_init(&ctx); 24 25 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 26 invalid_padding, 27 MBEDTLS_MD_NONE), 28 MBEDTLS_ERR_RSA_INVALID_PADDING); 29 30 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 31 MBEDTLS_RSA_PKCS_V21, 32 invalid_hash_id), 33 MBEDTLS_ERR_RSA_INVALID_PADDING); 34 35 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 36 NULL, MBEDTLS_MD_NONE, 37 buf_len, 38 NULL, buf), 39 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 40 41 TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 42 NULL, MBEDTLS_MD_SHA256, 43 0, 44 NULL, buf), 45 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 46 47 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, 48 buf_len, 49 NULL, buf), 50 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 51 52 TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, 53 0, 54 NULL, buf), 55 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 56 57 #if !defined(MBEDTLS_PKCS1_V15) 58 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 59 MBEDTLS_RSA_PKCS_V15, 60 MBEDTLS_MD_NONE), 61 MBEDTLS_ERR_RSA_INVALID_PADDING); 62 #endif 63 64 #if defined(MBEDTLS_PKCS1_V15) 65 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 66 NULL, MBEDTLS_MD_NONE, 67 buf_len, 68 NULL, buf), 69 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 70 71 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 72 NULL, MBEDTLS_MD_SHA256, 73 0, 74 NULL, buf), 75 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 76 77 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, 78 buf_len, 79 NULL, buf), 80 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 81 82 TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, 83 0, 84 NULL, buf), 85 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 86 87 88 #endif 89 90 #if !defined(MBEDTLS_PKCS1_V21) 91 TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 92 MBEDTLS_RSA_PKCS_V21, 93 MBEDTLS_MD_NONE), 94 MBEDTLS_ERR_RSA_INVALID_PADDING); 95 #endif 96 97 #if defined(MBEDTLS_PKCS1_V21) 98 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 99 MBEDTLS_MD_NONE, buf_len, 100 NULL, buf_len, 101 buf), 102 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 103 104 TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 105 MBEDTLS_MD_SHA256, 0, 106 NULL, buf_len, 107 buf), 108 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 109 110 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, 111 buf_len, NULL, 112 MBEDTLS_MD_NONE, 113 buf_len, buf), 114 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 115 116 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, 117 0, NULL, 118 MBEDTLS_MD_NONE, 119 buf_len, buf), 120 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 121 122 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, 123 buf_len, 124 NULL, buf), 125 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 126 127 TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, 128 0, 129 NULL, buf), 130 MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 131 #endif 132 133 exit: 134 mbedtls_rsa_free(&ctx); 135 } 136 /* END_CASE */ 137 138 /* BEGIN_CASE */ 139 void rsa_init_free(int reinit) 140 { 141 mbedtls_rsa_context ctx; 142 143 /* Double free is not explicitly documented to work, but we rely on it 144 * even inside the library so that you can call mbedtls_rsa_free() 145 * unconditionally on an error path without checking whether it has 146 * already been called in the success path. */ 147 148 mbedtls_rsa_init(&ctx); 149 mbedtls_rsa_free(&ctx); 150 151 if (reinit) { 152 mbedtls_rsa_init(&ctx); 153 } 154 mbedtls_rsa_free(&ctx); 155 156 /* This test case always succeeds, functionally speaking. A plausible 157 * bug might trigger an invalid pointer dereference or a memory leak. */ 158 goto exit; 159 } 160 /* END_CASE */ 161 162 /* BEGIN_CASE */ 163 void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, 164 int digest, int mod, char *input_P, 165 char *input_Q, char *input_N, char *input_E, 166 data_t *result_str, int result) 167 { 168 unsigned char output[256]; 169 mbedtls_rsa_context ctx; 170 mbedtls_mpi N, P, Q, E; 171 mbedtls_test_rnd_pseudo_info rnd_info; 172 173 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 174 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 175 mbedtls_rsa_init(&ctx); 176 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 177 MBEDTLS_MD_NONE) == 0); 178 179 memset(output, 0x00, sizeof(output)); 180 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 181 182 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 183 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 184 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 185 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 186 187 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 188 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 189 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 190 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 191 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 192 193 TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 194 &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, 195 digest, message_str->len, message_str->x, 196 output) == result); 197 if (result == 0) { 198 199 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 200 ctx.len, result_str->len) == 0); 201 } 202 203 exit: 204 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 205 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 206 mbedtls_rsa_free(&ctx); 207 } 208 /* END_CASE */ 209 210 /* BEGIN_CASE */ 211 void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, 212 int digest, int mod, 213 char *input_N, char *input_E, 214 data_t *result_str, int result) 215 { 216 mbedtls_rsa_context ctx; 217 mbedtls_mpi N, E; 218 219 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 220 mbedtls_rsa_init(&ctx); 221 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 222 MBEDTLS_MD_NONE) == 0); 223 224 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 225 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 226 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 227 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 228 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 229 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 230 231 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, 232 result_str->x) == result); 233 234 exit: 235 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 236 mbedtls_rsa_free(&ctx); 237 } 238 /* END_CASE */ 239 240 241 /* BEGIN_CASE */ 242 void rsa_pkcs1_sign_raw(data_t *hash_result, 243 int padding_mode, int mod, 244 char *input_P, char *input_Q, 245 char *input_N, char *input_E, 246 data_t *result_str) 247 { 248 unsigned char output[256]; 249 mbedtls_rsa_context ctx; 250 mbedtls_mpi N, P, Q, E; 251 mbedtls_test_rnd_pseudo_info rnd_info; 252 253 mbedtls_rsa_init(&ctx); 254 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 255 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 256 257 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 258 MBEDTLS_MD_NONE) == 0); 259 260 memset(output, 0x00, sizeof(output)); 261 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 262 263 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 264 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 265 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 266 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 267 268 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 269 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 270 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 271 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 272 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 273 274 275 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, 276 &rnd_info, MBEDTLS_MD_NONE, 277 hash_result->len, 278 hash_result->x, output) == 0); 279 280 281 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 282 ctx.len, result_str->len) == 0); 283 284 exit: 285 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 286 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 287 288 mbedtls_rsa_free(&ctx); 289 } 290 /* END_CASE */ 291 292 /* BEGIN_CASE */ 293 void rsa_pkcs1_verify_raw(data_t *hash_result, 294 int padding_mode, int mod, 295 char *input_N, char *input_E, 296 data_t *result_str, int correct) 297 { 298 unsigned char output[256]; 299 mbedtls_rsa_context ctx; 300 301 mbedtls_mpi N, E; 302 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 303 304 mbedtls_rsa_init(&ctx); 305 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 306 MBEDTLS_MD_NONE) == 0); 307 memset(output, 0x00, sizeof(output)); 308 309 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 310 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 311 312 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 313 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 314 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 315 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 316 317 318 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, 319 result_str->x) == correct); 320 321 exit: 322 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 323 mbedtls_rsa_free(&ctx); 324 } 325 /* END_CASE */ 326 327 /* BEGIN_CASE */ 328 void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, 329 int mod, char *input_N, char *input_E, 330 data_t *result_str, int result) 331 { 332 unsigned char output[256]; 333 mbedtls_rsa_context ctx; 334 mbedtls_test_rnd_pseudo_info rnd_info; 335 336 mbedtls_mpi N, E; 337 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 338 339 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 340 341 mbedtls_rsa_init(&ctx); 342 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 343 MBEDTLS_MD_NONE) == 0); 344 memset(output, 0x00, sizeof(output)); 345 346 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 347 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 348 349 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 350 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 351 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 352 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 353 354 355 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 356 &mbedtls_test_rnd_pseudo_rand, 357 &rnd_info, message_str->len, 358 message_str->x, 359 output) == result); 360 if (result == 0) { 361 362 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 363 ctx.len, result_str->len) == 0); 364 } 365 366 exit: 367 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 368 mbedtls_rsa_free(&ctx); 369 } 370 /* END_CASE */ 371 372 /* BEGIN_CASE */ 373 void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, 374 int mod, char *input_N, char *input_E, 375 data_t *result_str, int result) 376 { 377 unsigned char output[256]; 378 mbedtls_rsa_context ctx; 379 380 mbedtls_mpi N, E; 381 382 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 383 mbedtls_rsa_init(&ctx); 384 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 385 MBEDTLS_MD_NONE) == 0); 386 memset(output, 0x00, sizeof(output)); 387 388 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 389 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 390 391 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 392 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 393 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 394 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 395 396 397 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand, 398 NULL, message_str->len, 399 message_str->x, 400 output) == result); 401 if (result == 0) { 402 403 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 404 ctx.len, result_str->len) == 0); 405 } 406 407 exit: 408 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 409 mbedtls_rsa_free(&ctx); 410 } 411 /* END_CASE */ 412 413 /* BEGIN_CASE */ 414 void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, 415 int mod, char *input_P, 416 char *input_Q, char *input_N, 417 char *input_E, int max_output, 418 data_t *result_str, int result) 419 { 420 unsigned char output[32]; 421 mbedtls_rsa_context ctx; 422 size_t output_len; 423 mbedtls_test_rnd_pseudo_info rnd_info; 424 mbedtls_mpi N, P, Q, E; 425 426 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 427 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 428 429 mbedtls_rsa_init(&ctx); 430 TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 431 MBEDTLS_MD_NONE) == 0); 432 433 memset(output, 0x00, sizeof(output)); 434 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 435 436 437 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 438 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 439 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 440 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 441 442 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 443 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 444 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 445 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 446 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 447 448 output_len = 0; 449 450 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand, 451 &rnd_info, 452 &output_len, message_str->x, output, 453 max_output) == result); 454 if (result == 0) { 455 456 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 457 output_len, 458 result_str->len) == 0); 459 } 460 461 exit: 462 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 463 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 464 mbedtls_rsa_free(&ctx); 465 } 466 /* END_CASE */ 467 468 /* BEGIN_CASE */ 469 void mbedtls_rsa_public(data_t *message_str, int mod, 470 char *input_N, char *input_E, 471 data_t *result_str, int result) 472 { 473 unsigned char output[256]; 474 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 475 476 mbedtls_mpi N, E; 477 478 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 479 mbedtls_rsa_init(&ctx); 480 mbedtls_rsa_init(&ctx2); 481 memset(output, 0x00, sizeof(output)); 482 483 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 484 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 485 486 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 487 488 /* Check test data consistency */ 489 TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); 490 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 491 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 492 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 493 494 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 495 mbedtls_codepath_reset(); 496 #endif 497 TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); 498 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 499 ASSERT_RSA_CODEPATH(MBEDTLS_MPI_IS_PUBLIC, result); 500 #endif 501 if (result == 0) { 502 503 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 504 ctx.len, result_str->len) == 0); 505 } 506 507 /* And now with the copy */ 508 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 509 /* clear the original to be sure */ 510 mbedtls_rsa_free(&ctx); 511 512 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0); 513 514 memset(output, 0x00, sizeof(output)); 515 TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result); 516 if (result == 0) { 517 518 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 519 ctx.len, result_str->len) == 0); 520 } 521 522 exit: 523 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 524 mbedtls_rsa_free(&ctx); 525 mbedtls_rsa_free(&ctx2); 526 } 527 /* END_CASE */ 528 529 /* BEGIN_CASE */ 530 void mbedtls_rsa_private(data_t *message_str, int mod, 531 char *input_P, char *input_Q, 532 char *input_N, char *input_E, 533 data_t *result_str, int result) 534 { 535 unsigned char output[256]; 536 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 537 mbedtls_mpi N, P, Q, E; 538 mbedtls_test_rnd_pseudo_info rnd_info; 539 int i; 540 541 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 542 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 543 mbedtls_rsa_init(&ctx); 544 mbedtls_rsa_init(&ctx2); 545 546 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 547 548 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 549 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 550 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 551 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 552 553 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 554 555 /* Check test data consistency */ 556 TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); 557 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 558 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 559 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 560 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 561 562 /* repeat three times to test updating of blinding values */ 563 for (i = 0; i < 3; i++) { 564 memset(output, 0x00, sizeof(output)); 565 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 566 mbedtls_codepath_reset(); 567 #endif 568 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand, 569 &rnd_info, message_str->x, 570 output) == result); 571 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 572 ASSERT_RSA_CODEPATH(MBEDTLS_MPI_IS_SECRET, result); 573 #endif 574 if (result == 0) { 575 576 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 577 ctx.len, 578 result_str->len) == 0); 579 } 580 } 581 582 /* And now one more time with the copy */ 583 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 584 /* clear the original to be sure */ 585 mbedtls_rsa_free(&ctx); 586 587 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0); 588 589 memset(output, 0x00, sizeof(output)); 590 TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand, 591 &rnd_info, message_str->x, 592 output) == result); 593 if (result == 0) { 594 595 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 596 ctx2.len, 597 result_str->len) == 0); 598 } 599 600 exit: 601 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 602 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 603 604 mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2); 605 } 606 /* END_CASE */ 607 608 /* BEGIN_CASE */ 609 void rsa_check_privkey_null() 610 { 611 mbedtls_rsa_context ctx; 612 memset(&ctx, 0x00, sizeof(mbedtls_rsa_context)); 613 614 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); 615 } 616 /* END_CASE */ 617 618 /* BEGIN_CASE */ 619 void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result) 620 { 621 mbedtls_rsa_context ctx; 622 mbedtls_mpi N, E; 623 624 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 625 mbedtls_rsa_init(&ctx); 626 627 if (strlen(input_N)) { 628 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 629 } 630 if (strlen(input_E)) { 631 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 632 } 633 634 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 635 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result); 636 637 exit: 638 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 639 mbedtls_rsa_free(&ctx); 640 } 641 /* END_CASE */ 642 643 /* BEGIN_CASE */ 644 void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q, 645 char *input_N, char *input_E, char *input_D, 646 char *input_DP, char *input_DQ, char *input_QP, 647 int result) 648 { 649 mbedtls_rsa_context ctx; 650 651 mbedtls_rsa_init(&ctx); 652 653 ctx.len = mod / 8; 654 if (strlen(input_P)) { 655 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0); 656 } 657 if (strlen(input_Q)) { 658 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0); 659 } 660 if (strlen(input_N)) { 661 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0); 662 } 663 if (strlen(input_E)) { 664 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0); 665 } 666 if (strlen(input_D)) { 667 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0); 668 } 669 #if !defined(MBEDTLS_RSA_NO_CRT) 670 if (strlen(input_DP)) { 671 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0); 672 } 673 if (strlen(input_DQ)) { 674 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0); 675 } 676 if (strlen(input_QP)) { 677 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0); 678 } 679 #else 680 ((void) input_DP); 681 ((void) input_DQ); 682 ((void) input_QP); 683 #endif 684 685 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result); 686 687 exit: 688 mbedtls_rsa_free(&ctx); 689 } 690 /* END_CASE */ 691 692 /* BEGIN_CASE */ 693 void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub, 694 char *input_P, char *input_Q, char *input_N, 695 char *input_E, char *input_D, char *input_DP, 696 char *input_DQ, char *input_QP, int result) 697 { 698 mbedtls_rsa_context pub, prv; 699 700 mbedtls_rsa_init(&pub); 701 mbedtls_rsa_init(&prv); 702 703 pub.len = mod / 8; 704 prv.len = mod / 8; 705 706 if (strlen(input_Npub)) { 707 TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0); 708 } 709 if (strlen(input_Epub)) { 710 TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0); 711 } 712 713 if (strlen(input_P)) { 714 TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0); 715 } 716 if (strlen(input_Q)) { 717 TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0); 718 } 719 if (strlen(input_N)) { 720 TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0); 721 } 722 if (strlen(input_E)) { 723 TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0); 724 } 725 if (strlen(input_D)) { 726 TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0); 727 } 728 #if !defined(MBEDTLS_RSA_NO_CRT) 729 if (strlen(input_DP)) { 730 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0); 731 } 732 if (strlen(input_DQ)) { 733 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0); 734 } 735 if (strlen(input_QP)) { 736 TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0); 737 } 738 #else 739 ((void) input_DP); 740 ((void) input_DQ); 741 ((void) input_QP); 742 #endif 743 744 TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result); 745 746 exit: 747 mbedtls_rsa_free(&pub); 748 mbedtls_rsa_free(&prv); 749 } 750 /* END_CASE */ 751 752 /* BEGIN_CASE */ 753 void mbedtls_rsa_gen_key(int nrbits, int exponent, int result) 754 { 755 mbedtls_rsa_context ctx; 756 mbedtls_rsa_init(&ctx); 757 758 /* This test uses an insecure RNG, suitable only for testing. 759 * In production, always use a cryptographically strong RNG! */ 760 TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, 761 exponent) == result); 762 if (result == 0) { 763 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 764 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0); 765 } 766 767 exit: 768 mbedtls_rsa_free(&ctx); 769 } 770 /* END_CASE */ 771 772 /* BEGIN_CASE */ 773 void mbedtls_rsa_deduce_primes(char *input_N, 774 char *input_D, 775 char *input_E, 776 char *output_P, 777 char *output_Q, 778 int corrupt, int result) 779 { 780 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 781 782 mbedtls_mpi_init(&N); 783 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 784 mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp); 785 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 786 787 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 788 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 789 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 790 TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0); 791 TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0); 792 793 if (corrupt) { 794 TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0); 795 } 796 797 /* Try to deduce P, Q from N, D, E only. */ 798 TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result); 799 800 if (!corrupt) { 801 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 802 TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) || 803 (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0)); 804 } 805 806 exit: 807 mbedtls_mpi_free(&N); 808 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 809 mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp); 810 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 811 } 812 /* END_CASE */ 813 814 /* BEGIN_CASE */ 815 void mbedtls_rsa_deduce_private_exponent(char *input_P, 816 char *input_Q, 817 char *input_E, 818 char *output_D, 819 int corrupt, int result) 820 { 821 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 822 823 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 824 mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp); 825 mbedtls_mpi_init(&E); 826 mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp); 827 828 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 829 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 830 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 831 TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0); 832 833 if (corrupt) { 834 /* Make E even */ 835 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0); 836 } 837 838 /* Try to deduce D from N, P, Q, E. */ 839 TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q, 840 &E, &D) == result); 841 842 if (!corrupt) { 843 /* 844 * Check that D and Dp agree modulo LCM(P-1, Q-1). 845 */ 846 847 /* Replace P,Q by P-1, Q-1 */ 848 TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0); 849 TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0); 850 851 /* Check D == Dp modulo P-1 */ 852 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0); 853 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0); 854 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 855 856 /* Check D == Dp modulo Q-1 */ 857 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0); 858 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0); 859 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 860 } 861 862 exit: 863 864 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 865 mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp); 866 mbedtls_mpi_free(&E); 867 mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp); 868 } 869 /* END_CASE */ 870 871 /* BEGIN_CASE */ 872 void mbedtls_rsa_import(char *input_N, 873 char *input_P, 874 char *input_Q, 875 char *input_D, 876 char *input_E, 877 int bitlen, 878 int successive, 879 int is_priv, 880 int res_check, 881 int res_complete) 882 { 883 mbedtls_mpi N, P, Q, D, E; 884 mbedtls_rsa_context ctx; 885 886 /* Buffers used for encryption-decryption test */ 887 unsigned char *buf_orig = NULL; 888 unsigned char *buf_enc = NULL; 889 unsigned char *buf_dec = NULL; 890 891 const int have_N = (strlen(input_N) > 0); 892 const int have_P = (strlen(input_P) > 0); 893 const int have_Q = (strlen(input_Q) > 0); 894 const int have_D = (strlen(input_D) > 0); 895 const int have_E = (strlen(input_E) > 0); 896 897 mbedtls_rsa_init(&ctx); 898 899 mbedtls_mpi_init(&N); 900 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 901 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 902 903 if (have_N) { 904 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 905 } 906 907 if (have_P) { 908 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 909 } 910 911 if (have_Q) { 912 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 913 } 914 915 if (have_D) { 916 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 917 } 918 919 if (have_E) { 920 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 921 } 922 923 if (!successive) { 924 TEST_ASSERT(mbedtls_rsa_import(&ctx, 925 have_N ? &N : NULL, 926 have_P ? &P : NULL, 927 have_Q ? &Q : NULL, 928 have_D ? &D : NULL, 929 have_E ? &E : NULL) == 0); 930 } else { 931 /* Import N, P, Q, D, E separately. 932 * This should make no functional difference. */ 933 934 TEST_ASSERT(mbedtls_rsa_import(&ctx, 935 have_N ? &N : NULL, 936 NULL, NULL, NULL, NULL) == 0); 937 938 TEST_ASSERT(mbedtls_rsa_import(&ctx, 939 NULL, 940 have_P ? &P : NULL, 941 NULL, NULL, NULL) == 0); 942 943 TEST_ASSERT(mbedtls_rsa_import(&ctx, 944 NULL, NULL, 945 have_Q ? &Q : NULL, 946 NULL, NULL) == 0); 947 948 TEST_ASSERT(mbedtls_rsa_import(&ctx, 949 NULL, NULL, NULL, 950 have_D ? &D : NULL, 951 NULL) == 0); 952 953 TEST_ASSERT(mbedtls_rsa_import(&ctx, 954 NULL, NULL, NULL, NULL, 955 have_E ? &E : NULL) == 0); 956 } 957 958 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 959 960 /* On expected success, perform some public and private 961 * key operations to check if the key is working properly. */ 962 if (res_complete == 0) { 963 TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen); 964 TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8); 965 966 if (is_priv) { 967 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 968 } else { 969 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 970 } 971 972 if (res_check != 0) { 973 goto exit; 974 } 975 976 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 977 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 978 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 979 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 980 goto exit; 981 } 982 983 /* This test uses an insecure RNG, suitable only for testing. 984 * In production, always use a cryptographically strong RNG! */ 985 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 986 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 987 988 /* Make sure the number we're generating is smaller than the modulus */ 989 buf_orig[0] = 0x00; 990 991 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 992 993 if (is_priv) { 994 /* This test uses an insecure RNG, suitable only for testing. 995 * In production, always use a cryptographically strong RNG! */ 996 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 997 NULL, buf_enc, 998 buf_dec) == 0); 999 1000 TEST_ASSERT(memcmp(buf_orig, buf_dec, 1001 mbedtls_rsa_get_len(&ctx)) == 0); 1002 } 1003 } 1004 1005 exit: 1006 1007 mbedtls_free(buf_orig); 1008 mbedtls_free(buf_enc); 1009 mbedtls_free(buf_dec); 1010 1011 mbedtls_rsa_free(&ctx); 1012 1013 mbedtls_mpi_free(&N); 1014 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1015 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1016 } 1017 /* END_CASE */ 1018 1019 /* BEGIN_CASE */ 1020 void mbedtls_rsa_export(char *input_N, 1021 char *input_P, 1022 char *input_Q, 1023 char *input_D, 1024 char *input_E, 1025 int is_priv, 1026 int successive) 1027 { 1028 /* Original MPI's with which we set up the RSA context */ 1029 mbedtls_mpi N, P, Q, D, E; 1030 1031 /* Exported MPI's */ 1032 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1033 1034 const int have_N = (strlen(input_N) > 0); 1035 const int have_P = (strlen(input_P) > 0); 1036 const int have_Q = (strlen(input_Q) > 0); 1037 const int have_D = (strlen(input_D) > 0); 1038 const int have_E = (strlen(input_E) > 0); 1039 1040 mbedtls_rsa_context ctx; 1041 1042 mbedtls_rsa_init(&ctx); 1043 1044 mbedtls_mpi_init(&N); 1045 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1046 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1047 1048 mbedtls_mpi_init(&Ne); 1049 mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe); 1050 mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee); 1051 1052 /* Setup RSA context */ 1053 1054 if (have_N) { 1055 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1056 } 1057 1058 if (have_P) { 1059 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1060 } 1061 1062 if (have_Q) { 1063 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1064 } 1065 1066 if (have_D) { 1067 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1068 } 1069 1070 if (have_E) { 1071 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1072 } 1073 1074 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1075 strlen(input_N) ? &N : NULL, 1076 strlen(input_P) ? &P : NULL, 1077 strlen(input_Q) ? &Q : NULL, 1078 strlen(input_D) ? &D : NULL, 1079 strlen(input_E) ? &E : NULL) == 0); 1080 1081 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1082 1083 /* 1084 * Export parameters and compare to original ones. 1085 */ 1086 1087 /* N and E must always be present. */ 1088 if (!successive) { 1089 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0); 1090 } else { 1091 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0); 1092 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0); 1093 } 1094 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0); 1095 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0); 1096 1097 /* If we were providing enough information to setup a complete private context, 1098 * we expect to be able to export all core parameters. */ 1099 1100 if (is_priv) { 1101 if (!successive) { 1102 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe, 1103 &De, NULL) == 0); 1104 } else { 1105 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL, 1106 NULL, NULL) == 0); 1107 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe, 1108 NULL, NULL) == 0); 1109 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, 1110 &De, NULL) == 0); 1111 } 1112 1113 if (have_P) { 1114 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0); 1115 } 1116 1117 if (have_Q) { 1118 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0); 1119 } 1120 1121 if (have_D) { 1122 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0); 1123 } 1124 1125 /* While at it, perform a sanity check */ 1126 TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee, 1127 NULL, NULL) == 0); 1128 } 1129 1130 exit: 1131 1132 mbedtls_rsa_free(&ctx); 1133 1134 mbedtls_mpi_free(&N); 1135 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1136 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1137 1138 mbedtls_mpi_free(&Ne); 1139 mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe); 1140 mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee); 1141 } 1142 /* END_CASE */ 1143 1144 /* BEGIN_CASE */ 1145 void mbedtls_rsa_validate_params(char *input_N, 1146 char *input_P, 1147 char *input_Q, 1148 char *input_D, 1149 char *input_E, 1150 int prng, int result) 1151 { 1152 /* Original MPI's with which we set up the RSA context */ 1153 mbedtls_mpi N, P, Q, D, E; 1154 1155 const int have_N = (strlen(input_N) > 0); 1156 const int have_P = (strlen(input_P) > 0); 1157 const int have_Q = (strlen(input_Q) > 0); 1158 const int have_D = (strlen(input_D) > 0); 1159 const int have_E = (strlen(input_E) > 0); 1160 1161 mbedtls_mpi_init(&N); 1162 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1163 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1164 1165 if (have_N) { 1166 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1167 } 1168 1169 if (have_P) { 1170 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1171 } 1172 1173 if (have_Q) { 1174 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1175 } 1176 1177 if (have_D) { 1178 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1179 } 1180 1181 if (have_E) { 1182 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1183 } 1184 1185 /* This test uses an insecure RNG, suitable only for testing. 1186 * In production, always use a cryptographically strong RNG! */ 1187 TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL, 1188 have_P ? &P : NULL, 1189 have_Q ? &Q : NULL, 1190 have_D ? &D : NULL, 1191 have_E ? &E : NULL, 1192 prng ? mbedtls_test_rnd_std_rand : NULL, 1193 prng ? NULL : NULL) == result); 1194 1195 exit: 1196 mbedtls_mpi_free(&N); 1197 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1198 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1199 } 1200 /* END_CASE */ 1201 1202 /* BEGIN_CASE */ 1203 void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P, 1204 data_t *input_Q, data_t *input_D, 1205 data_t *input_E, int is_priv, 1206 int successive) 1207 { 1208 /* Exported buffers */ 1209 unsigned char bufNe[256]; 1210 unsigned char bufPe[128]; 1211 unsigned char bufQe[128]; 1212 unsigned char bufDe[256]; 1213 unsigned char bufEe[1]; 1214 1215 mbedtls_rsa_context ctx; 1216 1217 mbedtls_rsa_init(&ctx); 1218 1219 /* Setup RSA context */ 1220 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1221 input_N->len ? input_N->x : NULL, input_N->len, 1222 input_P->len ? input_P->x : NULL, input_P->len, 1223 input_Q->len ? input_Q->x : NULL, input_Q->len, 1224 input_D->len ? input_D->x : NULL, input_D->len, 1225 input_E->len ? input_E->x : NULL, input_E->len) == 0); 1226 1227 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1228 1229 /* 1230 * Export parameters and compare to original ones. 1231 */ 1232 1233 /* N and E must always be present. */ 1234 if (!successive) { 1235 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1236 NULL, 0, NULL, 0, NULL, 0, 1237 bufEe, input_E->len) == 0); 1238 } else { 1239 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1240 NULL, 0, NULL, 0, NULL, 0, 1241 NULL, 0) == 0); 1242 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1243 NULL, 0, NULL, 0, NULL, 0, 1244 bufEe, input_E->len) == 0); 1245 } 1246 TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0); 1247 TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0); 1248 1249 /* If we were providing enough information to setup a complete private context, 1250 * we expect to be able to export all core parameters. */ 1251 1252 if (is_priv) { 1253 if (!successive) { 1254 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1255 bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1256 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1257 bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1258 NULL, 0) == 0); 1259 } else { 1260 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1261 bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1262 NULL, 0, NULL, 0, 1263 NULL, 0) == 0); 1264 1265 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, 1266 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1267 NULL, 0, NULL, 0) == 0); 1268 1269 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0, 1270 bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1271 NULL, 0) == 0); 1272 } 1273 1274 if (input_P->len) { 1275 TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0); 1276 } 1277 1278 if (input_Q->len) { 1279 TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0); 1280 } 1281 1282 if (input_D->len) { 1283 TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0); 1284 } 1285 1286 } 1287 1288 exit: 1289 mbedtls_rsa_free(&ctx); 1290 } 1291 /* END_CASE */ 1292 1293 /* BEGIN_CASE */ 1294 void mbedtls_rsa_import_raw(data_t *input_N, 1295 data_t *input_P, data_t *input_Q, 1296 data_t *input_D, data_t *input_E, 1297 int successive, 1298 int is_priv, 1299 int res_check, 1300 int res_complete) 1301 { 1302 /* Buffers used for encryption-decryption test */ 1303 unsigned char *buf_orig = NULL; 1304 unsigned char *buf_enc = NULL; 1305 unsigned char *buf_dec = NULL; 1306 1307 mbedtls_rsa_context ctx; 1308 1309 mbedtls_rsa_init(&ctx); 1310 1311 if (!successive) { 1312 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1313 (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1314 (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1315 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1316 (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1317 (input_E->len > 0) ? input_E->x : NULL, 1318 input_E->len) == 0); 1319 } else { 1320 /* Import N, P, Q, D, E separately. 1321 * This should make no functional difference. */ 1322 1323 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1324 (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1325 NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0); 1326 1327 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1328 NULL, 0, 1329 (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1330 NULL, 0, NULL, 0, NULL, 0) == 0); 1331 1332 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1333 NULL, 0, NULL, 0, 1334 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1335 NULL, 0, NULL, 0) == 0); 1336 1337 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1338 NULL, 0, NULL, 0, NULL, 0, 1339 (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1340 NULL, 0) == 0); 1341 1342 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1343 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1344 (input_E->len > 0) ? input_E->x : NULL, 1345 input_E->len) == 0); 1346 } 1347 1348 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 1349 1350 /* On expected success, perform some public and private 1351 * key operations to check if the key is working properly. */ 1352 if (res_complete == 0) { 1353 if (is_priv) { 1354 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 1355 } else { 1356 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 1357 } 1358 1359 if (res_check != 0) { 1360 goto exit; 1361 } 1362 1363 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1364 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1365 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1366 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 1367 goto exit; 1368 } 1369 1370 /* This test uses an insecure RNG, suitable only for testing. 1371 * In production, always use a cryptographically strong RNG! */ 1372 TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 1373 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 1374 1375 /* Make sure the number we're generating is smaller than the modulus */ 1376 buf_orig[0] = 0x00; 1377 1378 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 1379 1380 if (is_priv) { 1381 /* This test uses an insecure RNG, suitable only for testing. 1382 * In production, always use a cryptographically strong RNG! */ 1383 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 1384 NULL, buf_enc, 1385 buf_dec) == 0); 1386 1387 TEST_ASSERT(memcmp(buf_orig, buf_dec, 1388 mbedtls_rsa_get_len(&ctx)) == 0); 1389 } 1390 } 1391 1392 exit: 1393 1394 mbedtls_free(buf_orig); 1395 mbedtls_free(buf_enc); 1396 mbedtls_free(buf_dec); 1397 1398 mbedtls_rsa_free(&ctx); 1399 } 1400 /* END_CASE */ 1401 1402 /* BEGIN_CASE */ 1403 void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) 1404 { 1405 mbedtls_rsa_context rsa_ctx; 1406 1407 mbedtls_rsa_init(&rsa_ctx); 1408 1409 if (is_public) { 1410 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val); 1411 } else { 1412 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); 1413 } 1414 1415 exit: 1416 mbedtls_rsa_free(&rsa_ctx); 1417 } 1418 /* END_CASE */ 1419 1420 /* BEGIN_CASE */ 1421 void rsa_parse_write_pkcs1_key(int is_public, data_t *input) 1422 { 1423 mbedtls_rsa_context rsa_ctx; 1424 unsigned char *output_buf = NULL; 1425 unsigned char *output_end, *output_p; 1426 size_t output_len; 1427 1428 mbedtls_rsa_init(&rsa_ctx); 1429 1430 TEST_CALLOC(output_buf, input->len); 1431 output_end = output_buf + input->len; 1432 output_p = output_end; 1433 1434 /* Parse the key and write it back to output_buf. */ 1435 if (is_public) { 1436 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); 1437 TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len); 1438 } else { 1439 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); 1440 TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len); 1441 } 1442 output_len = output_end - output_p; 1443 1444 /* Check that the written key matches with the one provided in input. */ 1445 TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len); 1446 1447 exit: 1448 mbedtls_free(output_buf); 1449 mbedtls_rsa_free(&rsa_ctx); 1450 } 1451 /* END_CASE */ 1452 1453 /* BEGIN_CASE */ 1454 void rsa_key_write_incremental(int is_public, data_t *input) 1455 { 1456 mbedtls_rsa_context rsa_ctx; 1457 unsigned char *buf = NULL, *end, *p; 1458 size_t i, written_data; 1459 1460 mbedtls_rsa_init(&rsa_ctx); 1461 1462 /* This is supposed to succeed as the real target of this test are the 1463 * write attempt below. */ 1464 if (is_public) { 1465 TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); 1466 } else { 1467 TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); 1468 } 1469 1470 /* Test with an output buffer smaller than required. */ 1471 for (i = 1; i < input->len; i++) { 1472 TEST_CALLOC(buf, i); 1473 end = buf + i; 1474 p = end; 1475 /* We don't care much about the return value as long as it fails. */ 1476 if (is_public) { 1477 TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0); 1478 } else { 1479 TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0); 1480 } 1481 mbedtls_free(buf); 1482 buf = NULL; 1483 } 1484 1485 /* Test with an output buffer equal or larger than what it is strictly required. */ 1486 for (i = input->len; i < (2 * input->len); i++) { 1487 TEST_CALLOC(buf, i); 1488 end = buf + i; 1489 p = end; 1490 /* This time all write functions must succeed. */ 1491 if (is_public) { 1492 TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0); 1493 } else { 1494 TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0); 1495 } 1496 written_data = (end - p); 1497 TEST_MEMORY_COMPARE(p, written_data, input->x, input->len); 1498 mbedtls_free(buf); 1499 buf = NULL; 1500 } 1501 1502 exit: 1503 mbedtls_free(buf); 1504 mbedtls_rsa_free(&rsa_ctx); 1505 } 1506 /* END_CASE */ 1507 1508 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1509 void rsa_selftest() 1510 { 1511 MD_PSA_INIT(); 1512 TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); 1513 1514 exit: 1515 MD_PSA_DONE(); 1516 } 1517 /* END_CASE */