Add expectation when testing RSA key import/export
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.
Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 160b916..062b971 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -843,11 +843,17 @@
int radix_D, char *input_D,
int radix_E, char *input_E,
int successive,
+ int is_priv,
int result )
{
mbedtls_mpi N, P, Q, D, E;
mbedtls_rsa_context ctx;
+ /* Buffers used for encryption-decryption test */
+ unsigned char *buf_orig = NULL;
+ unsigned char *buf_enc = NULL;
+ unsigned char *buf_dec = NULL;
+
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "test_suite_rsa";
@@ -927,8 +933,47 @@
mbedtls_ctr_drbg_random,
&ctr_drbg ) == result );
+ /* On expected success, perform some public and private
+ * key operations to check if the key is working properly. */
+ if( result == 0 )
+ {
+ TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+
+ /* Did we expect a full private key to be setup? */
+ if( is_priv )
+ TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+
+ buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
+ goto exit;
+
+ TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
+ buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
+
+ /* Make sure the number we're generating is smaller than the modulus */
+ buf_orig[0] = 0x00;
+
+ TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
+
+ if( is_priv )
+ {
+ TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
+ &ctr_drbg, buf_enc,
+ buf_dec ) == 0 );
+
+ TEST_ASSERT( memcmp( buf_orig, buf_dec,
+ mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ }
+ }
+
exit:
+ mbedtls_free( buf_orig );
+ mbedtls_free( buf_enc );
+ mbedtls_free( buf_dec );
+
mbedtls_rsa_free( &ctx );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -946,6 +991,7 @@
int radix_Q, char *input_Q,
int radix_D, char *input_D,
int radix_E, char *input_E,
+ int is_priv,
int successive )
{
/* Original MPI's with which we set up the RSA context */
@@ -960,8 +1006,6 @@
const int have_D = ( strlen( input_D ) > 0 );
const int have_E = ( strlen( input_E ) > 0 );
- const int is_priv = have_P || have_Q || have_D;
-
mbedtls_rsa_context ctx;
mbedtls_rsa_init( &ctx, 0, 0 );
@@ -1132,7 +1176,8 @@
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
void mbedtls_rsa_export_raw( char *input_N, char *input_P,
char *input_Q, char *input_D,
- char *input_E, int successive )
+ char *input_E, int is_priv,
+ int successive )
{
/* Original raw buffers with which we set up the RSA context */
unsigned char bufN[1000];
@@ -1160,8 +1205,6 @@
const int have_D = ( strlen( input_D ) > 0 );
const int have_E = ( strlen( input_E ) > 0 );
- const int is_priv = have_P || have_Q || have_D;
-
mbedtls_rsa_context ctx;
mbedtls_rsa_init( &ctx, 0, 0 );
@@ -1265,6 +1308,7 @@
char *input_P, char *input_Q,
char *input_D, char *input_E,
int successive,
+ int is_priv,
int result )
{
unsigned char bufN[1000];
@@ -1273,6 +1317,11 @@
unsigned char bufD[1000];
unsigned char bufE[1000];
+ /* Buffers used for encryption-decryption test */
+ unsigned char *buf_orig = NULL;
+ unsigned char *buf_enc = NULL;
+ unsigned char *buf_dec = NULL;
+
size_t lenN = 0;
size_t lenP = 0;
size_t lenQ = 0;
@@ -1351,6 +1400,41 @@
mbedtls_ctr_drbg_random,
&ctr_drbg ) == result );
+ /* On expected success, perform some public and private
+ * key operations to check if the key is working properly. */
+ if( result == 0 )
+ {
+ TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+
+ /* Did we expect a full private key to be setup? */
+ if( is_priv )
+ TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+
+ buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
+ if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
+ goto exit;
+
+ TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
+ buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
+
+ /* Make sure the number we're generating is smaller than the modulus */
+ buf_orig[0] = 0x00;
+
+ TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
+
+ if( is_priv )
+ {
+ TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
+ &ctr_drbg, buf_enc,
+ buf_dec ) == 0 );
+
+ TEST_ASSERT( memcmp( buf_orig, buf_dec,
+ mbedtls_rsa_get_len( &ctx ) ) == 0 );
+ }
+ }
+
exit:
mbedtls_rsa_free( &ctx );