TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1b6c09a62e5f597a7b2d95042b39f0c39b1025e1 / . / tests / suites / test_suite_rsa.function
blob: fa7fa9586341fdbc31ee42ae48cc35ac1cea7053 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/rsa.h"
Hanno Beckera565f542017-10-11 11:00:19 +0100[diff] [blame]3#include "mbedtls/rsa_internal.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/md2.h"
5#include "mbedtls/md4.h"
6#include "mbedtls/md5.h"
7#include "mbedtls/sha1.h"
8#include "mbedtls/sha256.h"
9#include "mbedtls/sha512.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
Hanno Becker47deec42017-07-24 12:27:09 +0100[diff] [blame]12
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]13/* END_HEADER */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]14
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]15/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]17 * END_DEPENDENCIES
18 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]19
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]20/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]21void rsa_invalid_param()
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]22{
23 mbedtls_rsa_context ctx;
24 const int valid_padding = MBEDTLS_RSA_PKCS_V21;
25 const int invalid_padding = 42;
26 const int valid_mode = MBEDTLS_RSA_PRIVATE;
27 const int invalid_mode = 42;
28 unsigned char buf[42] = { 0 };
29 size_t olen;
30
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]31 TEST_INVALID_PARAM(mbedtls_rsa_init(NULL, valid_padding, 0));
32 TEST_INVALID_PARAM(mbedtls_rsa_init(&ctx, invalid_padding, 0));
33 TEST_VALID_PARAM(mbedtls_rsa_free(NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]34
35 /* No more variants because only the first argument must be non-NULL. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]36 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
37 mbedtls_rsa_import(NULL, NULL, NULL,
38 NULL, NULL, NULL));
39 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
40 mbedtls_rsa_import_raw(NULL,
41 NULL, 0,
42 NULL, 0,
43 NULL, 0,
44 NULL, 0,
45 NULL, 0));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]46
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]47 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
48 mbedtls_rsa_complete(NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]49
50 /* No more variants because only the first argument must be non-NULL. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]51 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
52 mbedtls_rsa_export(NULL, NULL, NULL,
53 NULL, NULL, NULL));
54 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
55 mbedtls_rsa_export_raw(NULL,
56 NULL, 0,
57 NULL, 0,
58 NULL, 0,
59 NULL, 0,
60 NULL, 0));
61 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
62 mbedtls_rsa_export_crt(NULL, NULL, NULL, NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]63
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]64 TEST_INVALID_PARAM(mbedtls_rsa_set_padding(NULL,
65 valid_padding, 0));
66 TEST_INVALID_PARAM(mbedtls_rsa_set_padding(&ctx,
67 invalid_padding, 0));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]68
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]69 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
70 mbedtls_rsa_gen_key(NULL,
71 mbedtls_test_rnd_std_rand,
72 NULL, 0, 0));
73 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
74 mbedtls_rsa_gen_key(&ctx, NULL,
75 NULL, 0, 0));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]76
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]77 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
78 mbedtls_rsa_check_pubkey(NULL));
79 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
80 mbedtls_rsa_check_privkey(NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]81
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]82 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
83 mbedtls_rsa_check_pub_priv(NULL, &ctx));
84 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
85 mbedtls_rsa_check_pub_priv(&ctx, NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]86
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]87 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
88 mbedtls_rsa_public(NULL, buf, buf));
89 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
90 mbedtls_rsa_public(&ctx, NULL, buf));
91 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
92 mbedtls_rsa_public(&ctx, buf, NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]93
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]94 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
95 mbedtls_rsa_private(NULL, NULL, NULL,
96 buf, buf));
97 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
98 mbedtls_rsa_private(&ctx, NULL, NULL,
99 NULL, buf));
100 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
101 mbedtls_rsa_private(&ctx, NULL, NULL,
102 buf, NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]103
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]104 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
105 mbedtls_rsa_pkcs1_encrypt(NULL, NULL, NULL,
106 valid_mode,
107 sizeof(buf), buf,
108 buf));
109 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
110 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
111 invalid_mode,
112 sizeof(buf), buf,
113 buf));
114 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
115 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
116 valid_mode,
117 sizeof(buf), NULL,
118 buf));
119 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
120 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL,
121 valid_mode,
122 sizeof(buf), buf,
123 NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]124
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]125 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
126 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(NULL, NULL,
127 NULL,
128 valid_mode,
129 sizeof(buf), buf,
130 buf));
131 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
132 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
133 NULL,
134 invalid_mode,
135 sizeof(buf), buf,
136 buf));
137 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
138 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
139 NULL,
140 valid_mode,
141 sizeof(buf), NULL,
142 buf));
143 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
144 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL,
145 NULL,
146 valid_mode,
147 sizeof(buf), buf,
148 NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]149
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]150 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
151 mbedtls_rsa_rsaes_oaep_encrypt(NULL, NULL, NULL,
152 valid_mode,
153 buf, sizeof(buf),
154 sizeof(buf), buf,
155 buf));
156 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
157 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
158 invalid_mode,
159 buf, sizeof(buf),
160 sizeof(buf), buf,
161 buf));
162 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
163 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
164 valid_mode,
165 NULL, sizeof(buf),
166 sizeof(buf), buf,
167 buf));
168 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
169 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
170 valid_mode,
171 buf, sizeof(buf),
172 sizeof(buf), NULL,
173 buf));
174 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
175 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL,
176 valid_mode,
177 buf, sizeof(buf),
178 sizeof(buf), buf,
179 NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]180
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]181 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
182 mbedtls_rsa_pkcs1_decrypt(NULL, NULL, NULL,
183 valid_mode, &olen,
184 buf, buf, 42));
185 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
186 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
187 invalid_mode, &olen,
188 buf, buf, 42));
189 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
190 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
191 valid_mode, NULL,
192 buf, buf, 42));
193 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
194 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
195 valid_mode, &olen,
196 NULL, buf, 42));
197 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
198 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL,
199 valid_mode, &olen,
200 buf, NULL, 42));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]201
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]202 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
203 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(NULL, NULL,
204 NULL,
205 valid_mode, &olen,
206 buf, buf, 42));
207 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
208 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
209 NULL,
210 invalid_mode, &olen,
211 buf, buf, 42));
212 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
213 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
214 NULL,
215 valid_mode, NULL,
216 buf, buf, 42));
217 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
218 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
219 NULL,
220 valid_mode, &olen,
221 NULL, buf, 42));
222 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
223 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL,
224 NULL,
225 valid_mode, &olen,
226 buf, NULL, 42));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]227
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]228 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
229 mbedtls_rsa_rsaes_oaep_decrypt(NULL, NULL, NULL,
230 valid_mode,
231 buf, sizeof(buf),
232 &olen,
233 buf, buf, 42));
234 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
235 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
236 invalid_mode,
237 buf, sizeof(buf),
238 &olen,
239 buf, buf, 42));
240 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
241 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
242 valid_mode,
243 NULL, sizeof(buf),
244 NULL,
245 buf, buf, 42));
246 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
247 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
248 valid_mode,
249 buf, sizeof(buf),
250 &olen,
251 NULL, buf, 42));
252 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
253 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL,
254 valid_mode,
255 buf, sizeof(buf),
256 &olen,
257 buf, NULL, 42));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]258
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]259 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
260 mbedtls_rsa_pkcs1_sign(NULL, NULL, NULL,
261 valid_mode,
262 0, sizeof(buf), buf,
263 buf));
264 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
265 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
266 invalid_mode,
267 0, sizeof(buf), buf,
268 buf));
269 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
270 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
271 valid_mode,
272 0, sizeof(buf), NULL,
273 buf));
274 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
275 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
276 valid_mode,
277 0, sizeof(buf), buf,
278 NULL));
279 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
280 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL,
281 valid_mode,
282 MBEDTLS_MD_SHA1,
283 0, NULL,
284 buf));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]285
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]286 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
287 mbedtls_rsa_rsassa_pkcs1_v15_sign(NULL, NULL, NULL,
288 valid_mode,
289 0, sizeof(buf), buf,
290 buf));
291 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
292 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
293 invalid_mode,
294 0, sizeof(buf), buf,
295 buf));
296 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
297 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
298 valid_mode,
299 0, sizeof(buf), NULL,
300 buf));
301 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
302 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
303 valid_mode,
304 0, sizeof(buf), buf,
305 NULL));
306 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
307 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL,
308 valid_mode,
Cédric Meutera05cbec2020-04-25 15:02:34 +0200[diff] [blame]309 MBEDTLS_MD_SHA1,
310 0, NULL,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]311 buf));
Cédric Meutera05cbec2020-04-25 15:02:34 +0200[diff] [blame]312
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]313 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
314 mbedtls_rsa_rsassa_pss_sign(NULL, NULL, NULL,
315 valid_mode,
316 0, sizeof(buf), buf,
317 buf));
318 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
319 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
320 invalid_mode,
321 0, sizeof(buf), buf,
322 buf));
323 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
324 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
325 valid_mode,
326 0, sizeof(buf), NULL,
327 buf));
328 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
329 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
330 valid_mode,
331 0, sizeof(buf), buf,
332 NULL));
333 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
334 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL,
335 valid_mode,
336 MBEDTLS_MD_SHA1,
337 0, NULL,
338 buf));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]339
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]340 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
341 mbedtls_rsa_rsassa_pss_sign_ext(NULL, NULL, NULL,
342 0, sizeof(buf), buf,
343 MBEDTLS_RSA_SALT_LEN_ANY,
344 buf));
345 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
346 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
347 0, sizeof(buf), NULL,
348 MBEDTLS_RSA_SALT_LEN_ANY,
349 buf));
350 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
351 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
352 0, sizeof(buf), buf,
353 MBEDTLS_RSA_SALT_LEN_ANY,
354 NULL));
355 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
356 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]357 MBEDTLS_MD_SHA1,
358 0, NULL,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]359 MBEDTLS_RSA_SALT_LEN_ANY,
360 buf));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]361
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]362 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
363 mbedtls_rsa_pkcs1_verify(NULL, NULL, NULL,
364 valid_mode,
365 0, sizeof(buf), buf,
366 buf));
367 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
368 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
369 invalid_mode,
370 0, sizeof(buf), buf,
371 buf));
372 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
373 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
374 valid_mode,
375 0, sizeof(buf), NULL,
376 buf));
377 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
378 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
379 valid_mode,
380 0, sizeof(buf), buf,
381 NULL));
382 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
383 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL,
384 valid_mode,
385 MBEDTLS_MD_SHA1, 0, NULL,
386 buf));
387
388 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
389 mbedtls_rsa_rsassa_pkcs1_v15_verify(NULL, NULL,
390 NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]391 valid_mode,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]392 0, sizeof(buf), buf,
393 buf));
394 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
395 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
396 NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]397 invalid_mode,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]398 0, sizeof(buf), buf,
399 buf));
400 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
401 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
402 NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]403 valid_mode,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]404 0, sizeof(buf),
405 NULL, buf));
406 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
407 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
408 NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]409 valid_mode,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]410 0, sizeof(buf), buf,
411 NULL));
412 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
413 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL,
414 NULL,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]415 valid_mode,
416 MBEDTLS_MD_SHA1,
417 0, NULL,
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]418 buf));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]419
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]420 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
421 mbedtls_rsa_rsassa_pss_verify(NULL, NULL, NULL,
422 valid_mode,
423 0, sizeof(buf),
424 buf, buf));
425 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
426 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
427 invalid_mode,
428 0, sizeof(buf),
429 buf, buf));
430 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
431 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
432 valid_mode,
433 0, sizeof(buf),
434 NULL, buf));
435 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
436 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
437 valid_mode,
438 0, sizeof(buf),
439 buf, NULL));
440 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
441 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL,
442 valid_mode,
443 MBEDTLS_MD_SHA1,
444 0, NULL,
445 buf));
446
447 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
448 mbedtls_rsa_rsassa_pss_verify_ext(NULL, NULL, NULL,
449 valid_mode,
450 0, sizeof(buf),
451 buf,
452 0, 0,
453 buf));
454 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
455 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
456 invalid_mode,
457 0, sizeof(buf),
458 buf,
459 0, 0,
460 buf));
461 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
462 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
463 valid_mode,
464 0, sizeof(buf),
465 NULL, 0, 0,
466 buf));
467 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
468 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
469 valid_mode,
470 0, sizeof(buf),
471 buf, 0, 0,
472 NULL));
473 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
474 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL,
475 valid_mode,
476 MBEDTLS_MD_SHA1,
477 0, NULL,
478 0, 0,
479 buf));
480
481 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
482 mbedtls_rsa_copy(NULL, &ctx));
483 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
484 mbedtls_rsa_copy(&ctx, NULL));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]485
486exit:
487 return;
488}
489/* END_CASE */
490
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]491/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]492void rsa_init_free(int reinit)
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]493{
494 mbedtls_rsa_context ctx;
495
496 /* Double free is not explicitly documented to work, but we rely on it
497 * even inside the library so that you can call mbedtls_rsa_free()
498 * unconditionally on an error path without checking whether it has
499 * already been called in the success path. */
500
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]501 mbedtls_rsa_init(&ctx, 0, 0);
502 mbedtls_rsa_free(&ctx);
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]503
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]504 if (reinit) {
505 mbedtls_rsa_init(&ctx, 0, 0);
506 }
507 mbedtls_rsa_free(&ctx);
Gilles Peskine914afe12021-02-01 17:55:24 +0100[diff] [blame]508
509 /* This test case always succeeds, functionally speaking. A plausible
510 * bug might trigger an invalid pointer dereference or a memory leak. */
511 goto exit;
512}
513/* END_CASE */
514
515/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]516void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
517 int digest, int mod, char *input_P,
518 char *input_Q, char *input_N, char *input_E,
519 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]520{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]521 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
522 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]523 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]524 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]525 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]526
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]527 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
528 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
529 mbedtls_rsa_init(&ctx, padding_mode, 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]530
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]531 memset(hash_result, 0x00, sizeof(hash_result));
532 memset(output, 0x00, sizeof(output));
533 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]534
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]535 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
536 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
537 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
538 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]539
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]540 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
541 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
542 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
543 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]544
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]545
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]546 if (mbedtls_md_info_from_type(digest) != NULL) {
547 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
548 hash_result) == 0);
549 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]550
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]551 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
552 &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
553 0, hash_result, output) == result);
554 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]555
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]556 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
557 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]558 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]559
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]560exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]561 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
562 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
563 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]564}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]565/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]566
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]567/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]568void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
569 int digest, int mod,
570 char *input_N, char *input_E,
571 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]572{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]573 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]574 mbedtls_rsa_context ctx;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]575
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]576 mbedtls_mpi N, E;
577
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]578 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
579 mbedtls_rsa_init(&ctx, padding_mode, 0);
580 memset(hash_result, 0x00, sizeof(hash_result));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]581
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]582 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
583 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
584 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
585 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
586 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]587
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]588
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]589 if (mbedtls_md_info_from_type(digest) != NULL) {
590 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len,
591 hash_result) == 0);
592 }
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]593
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]594 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0,
595 hash_result, result_str->x) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]596
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]597exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]598 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
599 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]600}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]601/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]602
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]603
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]604/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]605void rsa_pkcs1_sign_raw(data_t *hash_result,
606 int padding_mode, int mod,
607 char *input_P, char *input_Q,
608 char *input_N, char *input_E,
609 data_t *result_str)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]610{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]611 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]612 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]613 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]614 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]615
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]616 mbedtls_rsa_init(&ctx, padding_mode, 0);
617 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
618 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]619
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]620 memset(output, 0x00, sizeof(output));
621 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]622
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]623 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
624 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
625 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
626 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]627
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]628 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
629 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
630 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
631 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]632
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]633
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]634 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand,
635 &rnd_info, MBEDTLS_RSA_PRIVATE,
636 MBEDTLS_MD_NONE, hash_result->len,
637 hash_result->x, output) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]638
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]639
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]640 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
641 ctx.len, result_str->len) == 0);
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]642
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]643#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]644 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]645 if (padding_mode == MBEDTLS_RSA_PKCS_V15) {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]646 int res;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]647 memset(output, 0x00, sizeof(output));
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]648
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]649 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx,
650 &mbedtls_test_rnd_pseudo_rand, &rnd_info,
651 MBEDTLS_RSA_PRIVATE, hash_result->len,
652 hash_result->x, output);
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]653
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]654#if !defined(MBEDTLS_RSA_ALT)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]655 TEST_ASSERT(res == 0);
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]656#else
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]657 TEST_ASSERT((res == 0) ||
658 (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION));
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]659#endif
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]660
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]661 if (res == 0) {
662 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
663 ctx.len,
664 result_str->len) == 0);
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]665 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]666 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]667#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]668
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]669exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]670 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
671 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]672
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]673 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]674}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]675/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]676
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]677/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]678void rsa_pkcs1_verify_raw(data_t *hash_result,
679 int padding_mode, int mod,
680 char *input_N, char *input_E,
681 data_t *result_str, int correct)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]682{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]683 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]685
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]686 mbedtls_mpi N, E;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]687 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]688
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]689 mbedtls_rsa_init(&ctx, padding_mode, 0);
690 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]691
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]692 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
693 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]694
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]695 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
696 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
697 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]698
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]699
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]700 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
701 hash_result->len, hash_result->x,
702 result_str->x) == correct);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]703
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]704#if defined(MBEDTLS_PKCS1_V15)
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]705 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]706 if (padding_mode == MBEDTLS_RSA_PKCS_V15) {
Manuel Pégourié-Gonnard1ba8a3f2018-03-13 13:27:14 +0100[diff] [blame]707 int res;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]708 int ok;
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]709 size_t olen;
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]710
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]711 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx,
712 NULL, NULL, MBEDTLS_RSA_PUBLIC,
713 &olen, result_str->x, output, sizeof(output));
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]714
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]715#if !defined(MBEDTLS_RSA_ALT)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]716 TEST_ASSERT(res == 0);
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]717#else
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]718 TEST_ASSERT((res == 0) ||
719 (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION));
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]720#endif
721
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]722 if (res == 0) {
723 ok = olen == hash_result->len && memcmp(output, hash_result->x, olen) == 0;
724 if (correct == 0) {
725 TEST_ASSERT(ok == 1);
726 } else {
727 TEST_ASSERT(ok == 0);
728 }
Hanno Beckerf8b56d42017-10-05 10:16:37 +0100[diff] [blame]729 }
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]730 }
Manuel Pégourié-Gonnard43be6cd2017-06-20 09:53:42 +0200[diff] [blame]731#endif /* MBEDTLS_PKCS1_V15 */
Manuel Pégourié-Gonnardfbf09152014-02-03 11:58:55 +0100[diff] [blame]732
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]733exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]734 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
735 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]736}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]737/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]738
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]739/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]740void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
741 int mod, char *input_N, char *input_E,
742 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]743{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]744 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]745 mbedtls_rsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]746 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker997bbd12011-03-13 15:45:42 +0000[diff] [blame]747
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]748 mbedtls_mpi N, E;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]749 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]750
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]751 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]752
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]753 mbedtls_rsa_init(&ctx, padding_mode, 0);
754 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]755
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]756 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
757 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]758
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]759 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
760 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
761 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]762
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]763
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]764 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx,
765 &mbedtls_test_rnd_pseudo_rand,
766 &rnd_info, MBEDTLS_RSA_PUBLIC,
767 message_str->len, message_str->x,
768 output) == result);
769 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]770
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]771 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
772 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]773 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]774
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]775exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]776 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
777 mbedtls_rsa_free(&ctx);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]778}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]779/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]780
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]781/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]782void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
783 int mod, char *input_N, char *input_E,
784 data_t *result_str, int result)
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]785{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]786 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]787 mbedtls_rsa_context ctx;
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]788
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]789 mbedtls_mpi N, E;
790
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]791 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
792 mbedtls_rsa_init(&ctx, padding_mode, 0);
793 memset(output, 0x00, sizeof(output));
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]794
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]795 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
796 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]797
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]798 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
799 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
800 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]801
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]802
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]803 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand,
804 NULL, MBEDTLS_RSA_PUBLIC,
805 message_str->len, message_str->x,
806 output) == result);
807 if (result == 0) {
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]808
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]809 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
810 ctx.len, result_str->len) == 0);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]811 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]812
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]813exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]814 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
815 mbedtls_rsa_free(&ctx);
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]816}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]817/* END_CASE */
Paul Bakkera6656852010-07-18 19:47:14 +0000[diff] [blame]818
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]819/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]820void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
821 int mod, char *input_P,
822 char *input_Q, char *input_N,
823 char *input_E, int max_output,
824 data_t *result_str, int result)
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]825{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]826 unsigned char output[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]827 mbedtls_rsa_context ctx;
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]828 size_t output_len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]829 mbedtls_test_rnd_pseudo_info rnd_info;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]830 mbedtls_mpi N, P, Q, E;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]831
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]832 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
833 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]834
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]835 mbedtls_rsa_init(&ctx, padding_mode, 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]836
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]837 memset(output, 0x00, sizeof(output));
838 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]839
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]840
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]841 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
842 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
843 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
844 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]845
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]846 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
847 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
848 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
849 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]850
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]851 output_len = 0;
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]852
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]853 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand,
854 &rnd_info, MBEDTLS_RSA_PRIVATE,
855 &output_len, message_str->x, output,
856 max_output) == result);
857 if (result == 0) {
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]858
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]859 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
860 output_len,
861 result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]862 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]863
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]864exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]865 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
866 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
867 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]868}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]869/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]870
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]871/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]872void mbedtls_rsa_public(data_t *message_str, int mod,
873 char *input_N, char *input_E,
874 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]875{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]876 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]877 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]878
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]879 mbedtls_mpi N, E;
880
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]881 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
882 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
883 mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0);
884 memset(output, 0x00, sizeof(output));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]885
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]886 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
887 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]888
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]889 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
Gilles Peskine88ea3e82021-06-09 16:24:35 +0200[diff] [blame]890
891 /* Check test data consistency */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]892 TEST_ASSERT(message_str->len == (size_t) (mod / 8));
893 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
894 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]895
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]896 TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
897 if (result == 0) {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]898
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]899 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
900 ctx.len, result_str->len) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]901 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]902
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]903 /* And now with the copy */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]904 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]905 /* clear the original to be sure */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]906 mbedtls_rsa_free(&ctx);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]907
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]908 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]909
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]910 memset(output, 0x00, sizeof(output));
911 TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result);
912 if (result == 0) {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]913
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]914 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
915 ctx.len, result_str->len) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]916 }
917
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]918exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]919 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
920 mbedtls_rsa_free(&ctx);
921 mbedtls_rsa_free(&ctx2);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]922}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]923/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]924
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]925/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]926void mbedtls_rsa_private(data_t *message_str, int mod,
927 char *input_P, char *input_Q,
928 char *input_N, char *input_E,
929 data_t *result_str, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]930{
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]931 unsigned char output[256];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]932 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]933 mbedtls_mpi N, P, Q, E;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]934 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]935 int i;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]936
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]937 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
938 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
939 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
940 mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]941
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]942 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]943
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]944 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
945 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
946 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
947 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]948
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]949 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
Gilles Peskine88ea3e82021-06-09 16:24:35 +0200[diff] [blame]950
951 /* Check test data consistency */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]952 TEST_ASSERT(message_str->len == (size_t) (mod / 8));
953 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
954 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
955 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]956
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]957 /* repeat three times to test updating of blinding values */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]958 for (i = 0; i < 3; i++) {
959 memset(output, 0x00, sizeof(output));
960 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand,
961 &rnd_info, message_str->x,
962 output) == result);
963 if (result == 0) {
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]964
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]965 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
966 ctx.len,
967 result_str->len) == 0);
Manuel Pégourié-Gonnard735b8fc2013-09-13 12:57:23 +0200[diff] [blame]968 }
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]969 }
Paul Bakker6c591fa2011-05-05 11:49:20 +0000[diff] [blame]970
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]971 /* And now one more time with the copy */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]972 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]973 /* clear the original to be sure */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]974 mbedtls_rsa_free(&ctx);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]975
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]976 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]977
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]978 memset(output, 0x00, sizeof(output));
979 TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand,
980 &rnd_info, message_str->x,
981 output) == result);
982 if (result == 0) {
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]983
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]984 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
985 ctx2.len,
986 result_str->len) == 0);
Manuel Pégourié-Gonnardc4919bc2014-02-03 11:16:44 +0100[diff] [blame]987 }
988
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]989exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]990 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
991 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]992
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]993 mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]994}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]995/* END_CASE */
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]996
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]997/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]998void rsa_check_privkey_null()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]999{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1000 mbedtls_rsa_context ctx;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1001 memset(&ctx, 0x00, sizeof(mbedtls_rsa_context));
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]1002
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1003 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]1004}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1005/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]1006
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1007/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1008void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1009{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1010 mbedtls_rsa_context ctx;
Hanno Beckerceb7a9d2017-08-23 08:33:08 +0100[diff] [blame]1011 mbedtls_mpi N, E;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1012
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1013 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
1014 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1015
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1016 if (strlen(input_N)) {
1017 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1018 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1019 if (strlen(input_E)) {
1020 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1021 }
1022
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1023 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
1024 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]1025
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1026exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1027 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
1028 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1029}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1030/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1031
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1032/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1033void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q,
1034 char *input_N, char *input_E, char *input_D,
1035 char *input_DP, char *input_DQ, char *input_QP,
1036 int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1037{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1038 mbedtls_rsa_context ctx;
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1039
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1040 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1041
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1042 ctx.len = mod / 8;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1043 if (strlen(input_P)) {
1044 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1045 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1046 if (strlen(input_Q)) {
1047 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1048 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1049 if (strlen(input_N)) {
1050 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1051 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1052 if (strlen(input_E)) {
1053 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1054 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1055 if (strlen(input_D)) {
1056 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1057 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1058#if !defined(MBEDTLS_RSA_NO_CRT)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1059 if (strlen(input_DP)) {
1060 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]1061 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1062 if (strlen(input_DQ)) {
1063 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]1064 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1065 if (strlen(input_QP)) {
1066 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0);
Paul Bakker31417a72012-09-27 20:41:37 +0000[diff] [blame]1067 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1068#else
Werner Lewis3e005f32022-07-07 11:38:44 +0100[diff] [blame]1069 ((void) input_DP);
1070 ((void) input_DQ);
1071 ((void) input_QP);
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1072#endif
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1073
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1074 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]1075
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1076exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1077 mbedtls_rsa_free(&ctx);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1078}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1079/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1080
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1081/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1082void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub,
1083 char *input_P, char *input_Q, char *input_N,
1084 char *input_E, char *input_D, char *input_DP,
1085 char *input_DQ, char *input_QP, int result)
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1086{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1087 mbedtls_rsa_context pub, prv;
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1088
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1089 mbedtls_rsa_init(&pub, MBEDTLS_RSA_PKCS_V15, 0);
1090 mbedtls_rsa_init(&prv, MBEDTLS_RSA_PKCS_V15, 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1091
1092 pub.len = mod / 8;
1093 prv.len = mod / 8;
1094
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1095 if (strlen(input_Npub)) {
1096 TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1097 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1098 if (strlen(input_Epub)) {
1099 TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1100 }
1101
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1102 if (strlen(input_P)) {
1103 TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1104 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1105 if (strlen(input_Q)) {
1106 TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1107 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1108 if (strlen(input_N)) {
1109 TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1110 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1111 if (strlen(input_E)) {
1112 TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1113 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1114 if (strlen(input_D)) {
1115 TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1116 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1117#if !defined(MBEDTLS_RSA_NO_CRT)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1118 if (strlen(input_DP)) {
1119 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1120 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1121 if (strlen(input_DQ)) {
1122 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1123 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1124 if (strlen(input_QP)) {
1125 TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1126 }
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1127#else
Werner Lewis3e005f32022-07-07 11:38:44 +0100[diff] [blame]1128 ((void) input_DP);
1129 ((void) input_DQ);
1130 ((void) input_QP);
Hanno Becker131134f2017-08-23 08:31:07 +0100[diff] [blame]1131#endif
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1132
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1133 TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1134
1135exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1136 mbedtls_rsa_free(&pub);
1137 mbedtls_rsa_free(&prv);
Manuel Pégourié-Gonnard2f8d1f92014-11-06 14:02:51 +0100[diff] [blame]1138}
1139/* END_CASE */
1140
Hanno Beckerd4a872e2017-09-07 08:09:33 +0100[diff] [blame]1141/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1142void mbedtls_rsa_gen_key(int nrbits, int exponent, int result)
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1143{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1144 mbedtls_rsa_context ctx;
1145 mbedtls_entropy_context entropy;
1146 mbedtls_ctr_drbg_context ctr_drbg;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]1147 const char *pers = "test_suite_rsa";
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1148
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1149 mbedtls_ctr_drbg_init(&ctr_drbg);
1150 mbedtls_entropy_init(&entropy);
1151 mbedtls_rsa_init(&ctx, 0, 0);
Paul Bakkerc0a1a312011-12-04 17:12:15 +0000[diff] [blame]1152
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1153 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
1154 &entropy, (const unsigned char *) pers,
1155 strlen(pers)) == 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1156
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1157 TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits,
1158 exponent) == result);
1159 if (result == 0) {
1160 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
1161 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1162 }
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100[diff] [blame]1163
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1164exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1165 mbedtls_rsa_free(&ctx);
1166 mbedtls_ctr_drbg_free(&ctr_drbg);
1167 mbedtls_entropy_free(&entropy);
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1168}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1169/* END_CASE */
Paul Bakker821fb082009-07-12 13:26:42 +0000[diff] [blame]1170
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1171/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1172void mbedtls_rsa_deduce_primes(char *input_N,
1173 char *input_D,
1174 char *input_E,
1175 char *output_P,
1176 char *output_Q,
1177 int corrupt, int result)
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1178{
1179 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
1180
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1181 mbedtls_mpi_init(&N);
1182 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1183 mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp);
1184 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1185
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1186 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1187 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1188 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1189 TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0);
1190 TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1191
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1192 if (corrupt) {
1193 TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0);
1194 }
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1195
1196 /* Try to deduce P, Q from N, D, E only. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1197 TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1198
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1199 if (!corrupt) {
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1200 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1201 TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) ||
1202 (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0));
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1203 }
1204
1205exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1206 mbedtls_mpi_free(&N);
1207 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1208 mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp);
1209 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckere78fd8d2017-08-23 11:00:44 +0100[diff] [blame]1210}
1211/* END_CASE */
1212
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1213/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1214void mbedtls_rsa_deduce_private_exponent(char *input_P,
1215 char *input_Q,
1216 char *input_E,
1217 char *output_D,
1218 int corrupt, int result)
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1219{
1220 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
1221
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1222 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1223 mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp);
1224 mbedtls_mpi_init(&E);
1225 mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1226
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1227 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1228 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1229 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1230 TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1231
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1232 if (corrupt) {
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1233 /* Make E even */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1234 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1235 }
1236
1237 /* Try to deduce D from N, P, Q, E. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1238 TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q,
1239 &E, &D) == result);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1240
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1241 if (!corrupt) {
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1242 /*
1243 * Check that D and Dp agree modulo LCM(P-1, Q-1).
1244 */
1245
1246 /* Replace P,Q by P-1, Q-1 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1247 TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0);
1248 TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1249
1250 /* Check D == Dp modulo P-1 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1251 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0);
1252 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0);
1253 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1254
1255 /* Check D == Dp modulo Q-1 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1256 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0);
1257 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0);
1258 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1259 }
1260
1261exit:
1262
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1263 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1264 mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp);
1265 mbedtls_mpi_free(&E);
1266 mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp);
Hanno Becker6b4ce492017-08-23 11:00:21 +0100[diff] [blame]1267}
1268/* END_CASE */
1269
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1270/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1271void mbedtls_rsa_import(char *input_N,
1272 char *input_P,
1273 char *input_Q,
1274 char *input_D,
1275 char *input_E,
1276 int successive,
1277 int is_priv,
1278 int res_check,
1279 int res_complete)
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1280{
1281 mbedtls_mpi N, P, Q, D, E;
1282 mbedtls_rsa_context ctx;
1283
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1284 /* Buffers used for encryption-decryption test */
1285 unsigned char *buf_orig = NULL;
1286 unsigned char *buf_enc = NULL;
1287 unsigned char *buf_dec = NULL;
1288
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1289 mbedtls_entropy_context entropy;
1290 mbedtls_ctr_drbg_context ctr_drbg;
1291 const char *pers = "test_suite_rsa";
1292
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1293 const int have_N = (strlen(input_N) > 0);
1294 const int have_P = (strlen(input_P) > 0);
1295 const int have_Q = (strlen(input_Q) > 0);
1296 const int have_D = (strlen(input_D) > 0);
1297 const int have_E = (strlen(input_E) > 0);
Hanno Becker4d6e8342017-09-29 11:50:18 +0100[diff] [blame]1298
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1299 mbedtls_ctr_drbg_init(&ctr_drbg);
1300 mbedtls_entropy_init(&entropy);
1301 mbedtls_rsa_init(&ctx, 0, 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1302
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1303 mbedtls_mpi_init(&N);
1304 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1305 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1306
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1307 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
1308 (const unsigned char *) pers, strlen(pers)) == 0);
Hanno Beckerd4d60572018-01-10 07:12:01 +0000[diff] [blame]1309
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1310 if (have_N) {
1311 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1312 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1313
1314 if (have_P) {
1315 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1316 }
1317
1318 if (have_Q) {
1319 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1320 }
1321
1322 if (have_D) {
1323 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1324 }
1325
1326 if (have_E) {
1327 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1328 }
1329
1330 if (!successive) {
1331 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1332 have_N ? &N : NULL,
1333 have_P ? &P : NULL,
1334 have_Q ? &Q : NULL,
1335 have_D ? &D : NULL,
1336 have_E ? &E : NULL) == 0);
1337 } else {
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1338 /* Import N, P, Q, D, E separately.
1339 * This should make no functional difference. */
1340
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1341 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1342 have_N ? &N : NULL,
1343 NULL, NULL, NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1344
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1345 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1346 NULL,
1347 have_P ? &P : NULL,
1348 NULL, NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1349
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1350 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1351 NULL, NULL,
1352 have_Q ? &Q : NULL,
1353 NULL, NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1354
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1355 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1356 NULL, NULL, NULL,
1357 have_D ? &D : NULL,
1358 NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1359
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1360 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1361 NULL, NULL, NULL, NULL,
1362 have_E ? &E : NULL) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1363 }
1364
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1365 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1366
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1367 /* On expected success, perform some public and private
1368 * key operations to check if the key is working properly. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1369 if (res_complete == 0) {
1370 if (is_priv) {
1371 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
1372 } else {
1373 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
1374 }
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1375
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1376 if (res_check != 0) {
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1377 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1378 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1379
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1380 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1381 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1382 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1383 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1384 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1385 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1386
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1387 TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg,
1388 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1389
1390 /* Make sure the number we're generating is smaller than the modulus */
1391 buf_orig[0] = 0x00;
1392
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1393 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1394
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1395 if (is_priv) {
1396 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random,
1397 &ctr_drbg, buf_enc,
1398 buf_dec) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1399
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1400 TEST_ASSERT(memcmp(buf_orig, buf_dec,
1401 mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1402 }
1403 }
1404
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1405exit:
1406
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1407 mbedtls_free(buf_orig);
1408 mbedtls_free(buf_enc);
1409 mbedtls_free(buf_dec);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1410
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1411 mbedtls_rsa_free(&ctx);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1412
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1413 mbedtls_ctr_drbg_free(&ctr_drbg);
1414 mbedtls_entropy_free(&entropy);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1415
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1416 mbedtls_mpi_free(&N);
1417 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1418 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1419}
1420/* END_CASE */
1421
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1422/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1423void mbedtls_rsa_export(char *input_N,
1424 char *input_P,
1425 char *input_Q,
1426 char *input_D,
1427 char *input_E,
1428 int is_priv,
1429 int successive)
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1430{
1431 /* Original MPI's with which we set up the RSA context */
1432 mbedtls_mpi N, P, Q, D, E;
1433
1434 /* Exported MPI's */
1435 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1436
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1437 const int have_N = (strlen(input_N) > 0);
1438 const int have_P = (strlen(input_P) > 0);
1439 const int have_Q = (strlen(input_Q) > 0);
1440 const int have_D = (strlen(input_D) > 0);
1441 const int have_E = (strlen(input_E) > 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1442
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1443 mbedtls_rsa_context ctx;
1444
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1445 mbedtls_rsa_init(&ctx, 0, 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1446
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1447 mbedtls_mpi_init(&N);
1448 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1449 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1450
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1451 mbedtls_mpi_init(&Ne);
1452 mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe);
1453 mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1454
1455 /* Setup RSA context */
1456
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1457 if (have_N) {
1458 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1459 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1460
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1461 if (have_P) {
1462 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1463 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1464
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1465 if (have_Q) {
1466 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1467 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1468
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1469 if (have_D) {
1470 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1471 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1472
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1473 if (have_E) {
1474 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1475 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1476
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1477 TEST_ASSERT(mbedtls_rsa_import(&ctx,
1478 strlen(input_N) ? &N : NULL,
1479 strlen(input_P) ? &P : NULL,
1480 strlen(input_Q) ? &Q : NULL,
1481 strlen(input_D) ? &D : NULL,
1482 strlen(input_E) ? &E : NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1483
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1484 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1485
1486 /*
1487 * Export parameters and compare to original ones.
1488 */
1489
1490 /* N and E must always be present. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1491 if (!successive) {
1492 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0);
1493 } else {
1494 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0);
1495 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1496 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1497 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0);
1498 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1499
1500 /* If we were providing enough information to setup a complete private context,
1501 * we expect to be able to export all core parameters. */
1502
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1503 if (is_priv) {
1504 if (!successive) {
1505 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe,
1506 &De, NULL) == 0);
1507 } else {
1508 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL,
1509 NULL, NULL) == 0);
1510 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe,
1511 NULL, NULL) == 0);
1512 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL,
1513 &De, NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1514 }
1515
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1516 if (have_P) {
1517 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0);
1518 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1519
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1520 if (have_Q) {
1521 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0);
1522 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1523
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1524 if (have_D) {
1525 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0);
1526 }
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1527
1528 /* While at it, perform a sanity check */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1529 TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee,
1530 NULL, NULL) == 0);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1531 }
1532
1533exit:
1534
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1535 mbedtls_rsa_free(&ctx);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1536
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1537 mbedtls_mpi_free(&N);
1538 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1539 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1540
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1541 mbedtls_mpi_free(&Ne);
1542 mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe);
1543 mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee);
Hanno Becker417f2d62017-08-23 11:44:51 +0100[diff] [blame]1544}
1545/* END_CASE */
1546
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1547/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1548void mbedtls_rsa_validate_params(char *input_N,
1549 char *input_P,
1550 char *input_Q,
1551 char *input_D,
1552 char *input_E,
1553 int prng, int result)
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1554{
1555 /* Original MPI's with which we set up the RSA context */
1556 mbedtls_mpi N, P, Q, D, E;
1557
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1558 const int have_N = (strlen(input_N) > 0);
1559 const int have_P = (strlen(input_P) > 0);
1560 const int have_Q = (strlen(input_Q) > 0);
1561 const int have_D = (strlen(input_D) > 0);
1562 const int have_E = (strlen(input_E) > 0);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1563
1564 mbedtls_entropy_context entropy;
1565 mbedtls_ctr_drbg_context ctr_drbg;
1566 const char *pers = "test_suite_rsa";
1567
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1568 mbedtls_mpi_init(&N);
1569 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
1570 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1571
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1572 mbedtls_ctr_drbg_init(&ctr_drbg);
1573 mbedtls_entropy_init(&entropy);
1574 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
1575 &entropy, (const unsigned char *) pers,
1576 strlen(pers)) == 0);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1577
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1578 if (have_N) {
1579 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
1580 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1581
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1582 if (have_P) {
1583 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
1584 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1585
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1586 if (have_Q) {
1587 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
1588 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1589
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1590 if (have_D) {
1591 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0);
1592 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1593
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1594 if (have_E) {
1595 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
1596 }
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1597
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1598 TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL,
1599 have_P ? &P : NULL,
1600 have_Q ? &Q : NULL,
1601 have_D ? &D : NULL,
1602 have_E ? &E : NULL,
1603 prng ? mbedtls_ctr_drbg_random : NULL,
1604 prng ? &ctr_drbg : NULL) == result);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1605exit:
1606
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1607 mbedtls_ctr_drbg_free(&ctr_drbg);
1608 mbedtls_entropy_free(&entropy);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1609
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1610 mbedtls_mpi_free(&N);
1611 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
1612 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
Hanno Beckerce002632017-08-23 13:22:36 +0100[diff] [blame]1613}
1614/* END_CASE */
1615
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1616/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1617void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P,
1618 data_t *input_Q, data_t *input_D,
1619 data_t *input_E, int is_priv,
1620 int successive)
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1621{
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1622 /* Exported buffers */
Ron Eldorfdc15bd2018-11-22 15:47:51 +0200[diff] [blame]1623 unsigned char bufNe[256];
1624 unsigned char bufPe[128];
1625 unsigned char bufQe[128];
1626 unsigned char bufDe[256];
1627 unsigned char bufEe[1];
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1628
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1629 mbedtls_rsa_context ctx;
1630
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1631 mbedtls_rsa_init(&ctx, 0, 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1632
1633 /* Setup RSA context */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1634 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1635 input_N->len ? input_N->x : NULL, input_N->len,
1636 input_P->len ? input_P->x : NULL, input_P->len,
1637 input_Q->len ? input_Q->x : NULL, input_Q->len,
1638 input_D->len ? input_D->x : NULL, input_D->len,
1639 input_E->len ? input_E->x : NULL, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1640
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1641 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1642
1643 /*
1644 * Export parameters and compare to original ones.
1645 */
1646
1647 /* N and E must always be present. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1648 if (!successive) {
1649 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1650 NULL, 0, NULL, 0, NULL, 0,
1651 bufEe, input_E->len) == 0);
1652 } else {
1653 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len,
1654 NULL, 0, NULL, 0, NULL, 0,
1655 NULL, 0) == 0);
1656 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1657 NULL, 0, NULL, 0, NULL, 0,
1658 bufEe, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1659 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1660 TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0);
1661 TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1662
1663 /* If we were providing enough information to setup a complete private context,
1664 * we expect to be able to export all core parameters. */
1665
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1666 if (is_priv) {
1667 if (!successive) {
1668 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1669 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1670 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1671 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1672 NULL, 0) == 0);
1673 } else {
1674 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0,
1675 bufPe, input_P->len ? input_P->len : sizeof(bufPe),
1676 NULL, 0, NULL, 0,
1677 NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1678
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1679 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0,
1680 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe),
1681 NULL, 0, NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1682
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1683 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0,
1684 bufDe, input_D->len ? input_D->len : sizeof(bufDe),
1685 NULL, 0) == 0);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1686 }
1687
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1688 if (input_P->len) {
1689 TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0);
1690 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1691
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1692 if (input_Q->len) {
1693 TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0);
1694 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1695
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1696 if (input_D->len) {
1697 TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0);
1698 }
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1699
1700 }
1701
1702exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1703 mbedtls_rsa_free(&ctx);
Hanno Beckerf1b9a2c2017-08-23 11:49:22 +0100[diff] [blame]1704}
1705/* END_CASE */
1706
Hanno Beckerf40cdf92017-12-22 11:03:27 +0000[diff] [blame]1707/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1708void mbedtls_rsa_import_raw(data_t *input_N,
1709 data_t *input_P, data_t *input_Q,
1710 data_t *input_D, data_t *input_E,
1711 int successive,
1712 int is_priv,
1713 int res_check,
1714 int res_complete)
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1715{
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1716 /* Buffers used for encryption-decryption test */
1717 unsigned char *buf_orig = NULL;
1718 unsigned char *buf_enc = NULL;
1719 unsigned char *buf_dec = NULL;
1720
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1721 mbedtls_rsa_context ctx;
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1722 mbedtls_entropy_context entropy;
1723 mbedtls_ctr_drbg_context ctr_drbg;
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1724
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1725 const char *pers = "test_suite_rsa";
1726
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1727 mbedtls_ctr_drbg_init(&ctr_drbg);
1728 mbedtls_entropy_init(&entropy);
1729 mbedtls_rsa_init(&ctx, 0, 0);
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1730
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1731 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
1732 &entropy, (const unsigned char *) pers,
1733 strlen(pers)) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1734
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1735 if (!successive) {
1736 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1737 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1738 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1739 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1740 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1741 (input_E->len > 0) ? input_E->x : NULL,
1742 input_E->len) == 0);
1743 } else {
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1744 /* Import N, P, Q, D, E separately.
1745 * This should make no functional difference. */
1746
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1747 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1748 (input_N->len > 0) ? input_N->x : NULL, input_N->len,
1749 NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1750
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1751 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1752 NULL, 0,
1753 (input_P->len > 0) ? input_P->x : NULL, input_P->len,
1754 NULL, 0, NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1755
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1756 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1757 NULL, 0, NULL, 0,
1758 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len,
1759 NULL, 0, NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1760
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1761 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1762 NULL, 0, NULL, 0, NULL, 0,
1763 (input_D->len > 0) ? input_D->x : NULL, input_D->len,
1764 NULL, 0) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1765
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1766 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx,
1767 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1768 (input_E->len > 0) ? input_E->x : NULL,
1769 input_E->len) == 0);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1770 }
1771
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1772 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1773
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1774 /* On expected success, perform some public and private
1775 * key operations to check if the key is working properly. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1776 if (res_complete == 0) {
1777 if (is_priv) {
1778 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
1779 } else {
1780 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check);
1781 }
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1782
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1783 if (res_check != 0) {
Hanno Becker04877a42017-10-11 10:01:33 +0100[diff] [blame]1784 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1785 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1786
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1787 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1788 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1789 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx));
1790 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) {
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1791 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1792 }
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1793
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1794 TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg,
1795 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1796
1797 /* Make sure the number we're generating is smaller than the modulus */
1798 buf_orig[0] = 0x00;
1799
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1800 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1801
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1802 if (is_priv) {
1803 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random,
1804 &ctr_drbg, buf_enc,
1805 buf_dec) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1806
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1807 TEST_ASSERT(memcmp(buf_orig, buf_dec,
1808 mbedtls_rsa_get_len(&ctx)) == 0);
Hanno Beckere1582a82017-09-29 11:51:05 +0100[diff] [blame]1809 }
1810 }
1811
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1812exit:
1813
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1814 mbedtls_free(buf_orig);
1815 mbedtls_free(buf_enc);
1816 mbedtls_free(buf_dec);
Hanno Becker3f3ae852017-10-02 10:08:39 +0100[diff] [blame]1817
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1818 mbedtls_rsa_free(&ctx);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1819
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1820 mbedtls_ctr_drbg_free(&ctr_drbg);
1821 mbedtls_entropy_free(&entropy);
Hanno Beckerc77ab892017-08-23 11:01:06 +0100[diff] [blame]1822
1823}
1824/* END_CASE */
1825
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1826/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1827void rsa_selftest()
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1828{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame^]1829 TEST_ASSERT(mbedtls_rsa_self_test(1) == 0);
Paul Bakker42a29bf2009-07-07 20:18:41 +0000[diff] [blame]1830}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1831/* END_CASE */