1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/rsa_internal.h" 4#include "mbedtls/md2.h" 5#include "mbedtls/md4.h" 6#include "mbedtls/md5.h" 7#include "mbedtls/sha1.h" 8#include "mbedtls/sha256.h" 9#include "mbedtls/sha512.h" 10#include "mbedtls/entropy.h" 11#include "mbedtls/ctr_drbg.h" 12 13/* END_HEADER */ 14 15/* BEGIN_DEPENDENCIES 16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 17 * END_DEPENDENCIES 18 */ 19 20/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 21void rsa_invalid_param( ) 22{ 23 mbedtls_rsa_context ctx; 24 const int valid_padding = MBEDTLS_RSA_PKCS_V21; 25 const int invalid_padding = 42; 26 const int valid_mode = MBEDTLS_RSA_PRIVATE; 27 const int invalid_mode = 42; 28 unsigned char buf[42] = { 0 }; 29 size_t olen; 30 31 TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) ); 32 TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); 33 TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); 34 35 /* No more variants because only the first argument must be non-NULL. */ 36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 37 mbedtls_rsa_import( NULL, NULL, NULL, 38 NULL, NULL, NULL ) ); 39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 40 mbedtls_rsa_import_raw( NULL, 41 NULL, 0, 42 NULL, 0, 43 NULL, 0, 44 NULL, 0, 45 NULL, 0 ) ); 46 47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 48 mbedtls_rsa_complete( NULL ) ); 49 50 /* No more variants because only the first argument must be non-NULL. */ 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 52 mbedtls_rsa_export( NULL, NULL, NULL, 53 NULL, NULL, NULL ) ); 54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 55 mbedtls_rsa_export_raw( NULL, 56 NULL, 0, 57 NULL, 0, 58 NULL, 0, 59 NULL, 0, 60 NULL, 0 ) ); 61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 62 mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) ); 63 64 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL, 65 valid_padding, 0 ) ); 66 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, 67 invalid_padding, 0 ) ); 68 69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 70 mbedtls_rsa_gen_key( NULL, 71 mbedtls_test_rnd_std_rand, 72 NULL, 0, 0 ) ); 73 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 74 mbedtls_rsa_gen_key( &ctx, NULL, 75 NULL, 0, 0 ) ); 76 77 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 78 mbedtls_rsa_check_pubkey( NULL ) ); 79 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 80 mbedtls_rsa_check_privkey( NULL ) ); 81 82 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 83 mbedtls_rsa_check_pub_priv( NULL, &ctx ) ); 84 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 85 mbedtls_rsa_check_pub_priv( &ctx, NULL ) ); 86 87 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 88 mbedtls_rsa_public( NULL, buf, buf ) ); 89 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 90 mbedtls_rsa_public( &ctx, NULL, buf ) ); 91 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 92 mbedtls_rsa_public( &ctx, buf, NULL ) ); 93 94 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 95 mbedtls_rsa_private( NULL, NULL, NULL, 96 buf, buf ) ); 97 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 98 mbedtls_rsa_private( &ctx, NULL, NULL, 99 NULL, buf ) ); 100 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 101 mbedtls_rsa_private( &ctx, NULL, NULL, 102 buf, NULL ) ); 103 104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 105 mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, 106 valid_mode, 107 sizeof( buf ), buf, 108 buf ) ); 109 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 110 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 111 invalid_mode, 112 sizeof( buf ), buf, 113 buf ) ); 114 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 115 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 116 valid_mode, 117 sizeof( buf ), NULL, 118 buf ) ); 119 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 120 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 121 valid_mode, 122 sizeof( buf ), buf, 123 NULL ) ); 124 125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 126 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, 127 NULL, 128 valid_mode, 129 sizeof( buf ), buf, 130 buf ) ); 131 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 132 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 133 NULL, 134 invalid_mode, 135 sizeof( buf ), buf, 136 buf ) ); 137 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 138 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 139 NULL, 140 valid_mode, 141 sizeof( buf ), NULL, 142 buf ) ); 143 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 144 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 145 NULL, 146 valid_mode, 147 sizeof( buf ), buf, 148 NULL ) ); 149 150 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 151 mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, 152 valid_mode, 153 buf, sizeof( buf ), 154 sizeof( buf ), buf, 155 buf ) ); 156 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 157 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 158 invalid_mode, 159 buf, sizeof( buf ), 160 sizeof( buf ), buf, 161 buf ) ); 162 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 163 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 164 valid_mode, 165 NULL, sizeof( buf ), 166 sizeof( buf ), buf, 167 buf ) ); 168 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 169 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 170 valid_mode, 171 buf, sizeof( buf ), 172 sizeof( buf ), NULL, 173 buf ) ); 174 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 175 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 176 valid_mode, 177 buf, sizeof( buf ), 178 sizeof( buf ), buf, 179 NULL ) ); 180 181 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 182 mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, 183 valid_mode, &olen, 184 buf, buf, 42 ) ); 185 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 186 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 187 invalid_mode, &olen, 188 buf, buf, 42 ) ); 189 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 190 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 191 valid_mode, NULL, 192 buf, buf, 42 ) ); 193 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 194 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 195 valid_mode, &olen, 196 NULL, buf, 42 ) ); 197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 198 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 199 valid_mode, &olen, 200 buf, NULL, 42 ) ); 201 202 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 203 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, 204 NULL, 205 valid_mode, &olen, 206 buf, buf, 42 ) ); 207 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 208 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 209 NULL, 210 invalid_mode, &olen, 211 buf, buf, 42 ) ); 212 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 213 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 214 NULL, 215 valid_mode, NULL, 216 buf, buf, 42 ) ); 217 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 218 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 219 NULL, 220 valid_mode, &olen, 221 NULL, buf, 42 ) ); 222 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 223 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 224 NULL, 225 valid_mode, &olen, 226 buf, NULL, 42 ) ); 227 228 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 229 mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, 230 valid_mode, 231 buf, sizeof( buf ), 232 &olen, 233 buf, buf, 42 ) ); 234 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 235 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 236 invalid_mode, 237 buf, sizeof( buf ), 238 &olen, 239 buf, buf, 42 ) ); 240 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 241 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 242 valid_mode, 243 NULL, sizeof( buf ), 244 NULL, 245 buf, buf, 42 ) ); 246 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 247 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 248 valid_mode, 249 buf, sizeof( buf ), 250 &olen, 251 NULL, buf, 42 ) ); 252 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 253 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 254 valid_mode, 255 buf, sizeof( buf ), 256 &olen, 257 buf, NULL, 42 ) ); 258 259 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 260 mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, 261 valid_mode, 262 0, sizeof( buf ), buf, 263 buf ) ); 264 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 265 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 266 invalid_mode, 267 0, sizeof( buf ), buf, 268 buf ) ); 269 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 270 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 271 valid_mode, 272 0, sizeof( buf ), NULL, 273 buf ) ); 274 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 275 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 276 valid_mode, 277 0, sizeof( buf ), buf, 278 NULL ) ); 279 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 280 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 281 valid_mode, 282 MBEDTLS_MD_SHA1, 283 0, NULL, 284 buf ) ); 285 286 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 287 mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, 288 valid_mode, 289 0, sizeof( buf ), buf, 290 buf ) ); 291 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 292 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 293 invalid_mode, 294 0, sizeof( buf ), buf, 295 buf ) ); 296 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 297 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 298 valid_mode, 299 0, sizeof( buf ), NULL, 300 buf ) ); 301 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 302 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 303 valid_mode, 304 0, sizeof( buf ), buf, 305 NULL ) ); 306 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 307 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 308 valid_mode, 309 MBEDTLS_MD_SHA1, 310 0, NULL, 311 buf ) ); 312 313 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 314 mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, 315 valid_mode, 316 0, sizeof( buf ), buf, 317 buf ) ); 318 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 319 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 320 invalid_mode, 321 0, sizeof( buf ), buf, 322 buf ) ); 323 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 324 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 325 valid_mode, 326 0, sizeof( buf ), NULL, 327 buf ) ); 328 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 329 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 330 valid_mode, 331 0, sizeof( buf ), buf, 332 NULL ) ); 333 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 334 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 335 valid_mode, 336 MBEDTLS_MD_SHA1, 337 0, NULL, 338 buf ) ); 339 340 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 341 mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, 342 valid_mode, 343 0, sizeof( buf ), buf, 344 buf ) ); 345 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 346 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 347 invalid_mode, 348 0, sizeof( buf ), buf, 349 buf ) ); 350 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 351 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 352 valid_mode, 353 0, sizeof( buf ), NULL, 354 buf ) ); 355 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 356 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 357 valid_mode, 358 0, sizeof( buf ), buf, 359 NULL ) ); 360 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 361 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 362 valid_mode, 363 MBEDTLS_MD_SHA1, 0, NULL, 364 buf ) ); 365 366 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 367 mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, 368 NULL, 369 valid_mode, 370 0, sizeof( buf ), buf, 371 buf ) ); 372 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 373 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 374 NULL, 375 invalid_mode, 376 0, sizeof( buf ), buf, 377 buf ) ); 378 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 379 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 380 NULL, 381 valid_mode, 382 0, sizeof( buf ), 383 NULL, buf ) ); 384 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 385 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 386 NULL, 387 valid_mode, 388 0, sizeof( buf ), buf, 389 NULL ) ); 390 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 391 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 392 NULL, 393 valid_mode, 394 MBEDTLS_MD_SHA1, 395 0, NULL, 396 buf ) ); 397 398 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 399 mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, 400 valid_mode, 401 0, sizeof( buf ), 402 buf, buf ) ); 403 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 404 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 405 invalid_mode, 406 0, sizeof( buf ), 407 buf, buf ) ); 408 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 409 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 410 valid_mode, 411 0, sizeof( buf ), 412 NULL, buf ) ); 413 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 414 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 415 valid_mode, 416 0, sizeof( buf ), 417 buf, NULL ) ); 418 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 419 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 420 valid_mode, 421 MBEDTLS_MD_SHA1, 422 0, NULL, 423 buf ) ); 424 425 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 426 mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, 427 valid_mode, 428 0, sizeof( buf ), 429 buf, 430 0, 0, 431 buf ) ); 432 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 433 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 434 invalid_mode, 435 0, sizeof( buf ), 436 buf, 437 0, 0, 438 buf ) ); 439 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 440 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 441 valid_mode, 442 0, sizeof( buf ), 443 NULL, 0, 0, 444 buf ) ); 445 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 446 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 447 valid_mode, 448 0, sizeof( buf ), 449 buf, 0, 0, 450 NULL ) ); 451 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 452 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 453 valid_mode, 454 MBEDTLS_MD_SHA1, 455 0, NULL, 456 0, 0, 457 buf ) ); 458 459 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 460 mbedtls_rsa_copy( NULL, &ctx ) ); 461 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 462 mbedtls_rsa_copy( &ctx, NULL ) ); 463 464exit: 465 return; 466} 467/* END_CASE */ 468 469/* BEGIN_CASE */ 470void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, 471 int digest, int mod, int radix_P, char * input_P, 472 int radix_Q, char * input_Q, int radix_N, 473 char * input_N, int radix_E, char * input_E, 474 data_t * result_str, int result ) 475{ 476 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 477 unsigned char output[256]; 478 mbedtls_rsa_context ctx; 479 mbedtls_mpi N, P, Q, E; 480 mbedtls_test_rnd_pseudo_info rnd_info; 481 482 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 483 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 484 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 485 486 memset( hash_result, 0x00, sizeof( hash_result ) ); 487 memset( output, 0x00, sizeof( output ) ); 488 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 489 490 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 491 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 492 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 493 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 494 495 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 496 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 497 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 498 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 499 500 501 if( mbedtls_md_info_from_type( digest ) != NULL ) 502 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 503 504 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, 505 &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 506 0, hash_result, output ) == result ); 507 if( result == 0 ) 508 { 509 510 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 511 ctx.len, result_str->len ) == 0 ); 512 } 513 514exit: 515 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 516 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 517 mbedtls_rsa_free( &ctx ); 518} 519/* END_CASE */ 520 521/* BEGIN_CASE */ 522void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, 523 int digest, int mod, int radix_N, 524 char * input_N, int radix_E, char * input_E, 525 data_t * result_str, int result ) 526{ 527 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 528 mbedtls_rsa_context ctx; 529 530 mbedtls_mpi N, E; 531 532 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 533 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 534 memset( hash_result, 0x00, sizeof( hash_result ) ); 535 536 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 537 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 538 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 539 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 540 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 541 542 543 if( mbedtls_md_info_from_type( digest ) != NULL ) 544 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 545 546 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); 547 548exit: 549 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 550 mbedtls_rsa_free( &ctx ); 551} 552/* END_CASE */ 553 554 555/* BEGIN_CASE */ 556void rsa_pkcs1_sign_raw( data_t * hash_result, 557 int padding_mode, int mod, int radix_P, 558 char * input_P, int radix_Q, char * input_Q, 559 int radix_N, char * input_N, int radix_E, 560 char * input_E, data_t * result_str ) 561{ 562 unsigned char output[256]; 563 mbedtls_rsa_context ctx; 564 mbedtls_mpi N, P, Q, E; 565 mbedtls_test_rnd_pseudo_info rnd_info; 566 567 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 568 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 569 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 570 571 memset( output, 0x00, sizeof( output ) ); 572 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 573 574 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 575 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 576 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 577 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 578 579 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 580 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 581 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 582 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 583 584 585 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, 586 &rnd_info, MBEDTLS_RSA_PRIVATE, 587 MBEDTLS_MD_NONE, hash_result->len, 588 hash_result->x, output ) == 0 ); 589 590 591 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 592 ctx.len, result_str->len ) == 0 ); 593 594#if defined(MBEDTLS_PKCS1_V15) 595 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ 596 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 597 { 598 int res; 599 memset( output, 0x00, sizeof( output) ); 600 601 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, 602 &mbedtls_test_rnd_pseudo_rand, &rnd_info, 603 MBEDTLS_RSA_PRIVATE, hash_result->len, 604 hash_result->x, output ); 605 606#if !defined(MBEDTLS_RSA_ALT) 607 TEST_ASSERT( res == 0 ); 608#else 609 TEST_ASSERT( ( res == 0 ) || 610 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 611#endif 612 613 if( res == 0 ) 614 { 615 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 616 ctx.len, 617 result_str->len ) == 0 ); 618 } 619 } 620#endif /* MBEDTLS_PKCS1_V15 */ 621 622exit: 623 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 624 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 625 626 mbedtls_rsa_free( &ctx ); 627} 628/* END_CASE */ 629 630/* BEGIN_CASE */ 631void rsa_pkcs1_verify_raw( data_t * hash_result, 632 int padding_mode, int mod, int radix_N, 633 char * input_N, int radix_E, char * input_E, 634 data_t * result_str, int correct ) 635{ 636 unsigned char output[256]; 637 mbedtls_rsa_context ctx; 638 639 mbedtls_mpi N, E; 640 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 641 642 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 643 memset( output, 0x00, sizeof( output ) ); 644 645 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 646 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 647 648 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 649 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 650 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 651 652 653 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); 654 655#if defined(MBEDTLS_PKCS1_V15) 656 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ 657 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 658 { 659 int res; 660 int ok; 661 size_t olen; 662 663 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, 664 NULL, NULL, MBEDTLS_RSA_PUBLIC, 665 &olen, result_str->x, output, sizeof( output ) ); 666 667#if !defined(MBEDTLS_RSA_ALT) 668 TEST_ASSERT( res == 0 ); 669#else 670 TEST_ASSERT( ( res == 0 ) || 671 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 672#endif 673 674 if( res == 0 ) 675 { 676 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0; 677 if( correct == 0 ) 678 TEST_ASSERT( ok == 1 ); 679 else 680 TEST_ASSERT( ok == 0 ); 681 } 682 } 683#endif /* MBEDTLS_PKCS1_V15 */ 684 685exit: 686 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 687 mbedtls_rsa_free( &ctx ); 688} 689/* END_CASE */ 690 691/* BEGIN_CASE */ 692void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, 693 int mod, int radix_N, char * input_N, 694 int radix_E, char * input_E, 695 data_t * result_str, int result ) 696{ 697 unsigned char output[256]; 698 mbedtls_rsa_context ctx; 699 mbedtls_test_rnd_pseudo_info rnd_info; 700 701 mbedtls_mpi N, E; 702 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 703 704 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 705 706 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 707 memset( output, 0x00, sizeof( output ) ); 708 709 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 710 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 711 712 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 713 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 714 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 715 716 717 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, 718 &mbedtls_test_rnd_pseudo_rand, 719 &rnd_info, MBEDTLS_RSA_PUBLIC, 720 message_str->len, message_str->x, 721 output ) == result ); 722 if( result == 0 ) 723 { 724 725 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 726 ctx.len, result_str->len ) == 0 ); 727 } 728 729exit: 730 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 731 mbedtls_rsa_free( &ctx ); 732} 733/* END_CASE */ 734 735/* BEGIN_CASE */ 736void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, 737 int mod, int radix_N, char * input_N, 738 int radix_E, char * input_E, 739 data_t * result_str, int result ) 740{ 741 unsigned char output[256]; 742 mbedtls_rsa_context ctx; 743 744 mbedtls_mpi N, E; 745 746 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 747 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 748 memset( output, 0x00, sizeof( output ) ); 749 750 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 751 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 752 753 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 754 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 755 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 756 757 758 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, 759 NULL, MBEDTLS_RSA_PUBLIC, 760 message_str->len, message_str->x, 761 output ) == result ); 762 if( result == 0 ) 763 { 764 765 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 766 ctx.len, result_str->len ) == 0 ); 767 } 768 769exit: 770 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 771 mbedtls_rsa_free( &ctx ); 772} 773/* END_CASE */ 774 775/* BEGIN_CASE */ 776void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, 777 int mod, int radix_P, char * input_P, 778 int radix_Q, char * input_Q, int radix_N, 779 char * input_N, int radix_E, char * input_E, 780 int max_output, data_t * result_str, 781 int result ) 782{ 783 unsigned char output[32]; 784 mbedtls_rsa_context ctx; 785 size_t output_len; 786 mbedtls_test_rnd_pseudo_info rnd_info; 787 mbedtls_mpi N, P, Q, E; 788 789 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 790 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 791 792 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 793 794 memset( output, 0x00, sizeof( output ) ); 795 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 796 797 798 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 799 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 800 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 801 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 802 803 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 804 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 805 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 806 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 807 808 output_len = 0; 809 810 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, 811 &rnd_info, MBEDTLS_RSA_PRIVATE, 812 &output_len, message_str->x, output, 813 max_output ) == result ); 814 if( result == 0 ) 815 { 816 817 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 818 output_len, 819 result_str->len ) == 0 ); 820 } 821 822exit: 823 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 824 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 825 mbedtls_rsa_free( &ctx ); 826} 827/* END_CASE */ 828 829/* BEGIN_CASE */ 830void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, 831 char * input_N, int radix_E, char * input_E, 832 data_t * result_str, int result ) 833{ 834 unsigned char output[256]; 835 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 836 837 mbedtls_mpi N, E; 838 839 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 840 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 841 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 842 memset( output, 0x00, sizeof( output ) ); 843 844 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 845 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 846 847 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 848 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 849 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 850 851 852 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result ); 853 if( result == 0 ) 854 { 855 856 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 857 ctx.len, result_str->len ) == 0 ); 858 } 859 860 /* And now with the copy */ 861 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 862 /* clear the original to be sure */ 863 mbedtls_rsa_free( &ctx ); 864 865 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 ); 866 867 memset( output, 0x00, sizeof( output ) ); 868 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result ); 869 if( result == 0 ) 870 { 871 872 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 873 ctx.len, result_str->len ) == 0 ); 874 } 875 876exit: 877 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 878 mbedtls_rsa_free( &ctx ); 879 mbedtls_rsa_free( &ctx2 ); 880} 881/* END_CASE */ 882 883/* BEGIN_CASE */ 884void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, 885 char * input_P, int radix_Q, char * input_Q, 886 int radix_N, char * input_N, int radix_E, 887 char * input_E, data_t * result_str, 888 int result ) 889{ 890 unsigned char output[256]; 891 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 892 mbedtls_mpi N, P, Q, E; 893 mbedtls_test_rnd_pseudo_info rnd_info; 894 int i; 895 896 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 897 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 898 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 899 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 900 901 memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); 902 903 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 904 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 905 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 906 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 907 908 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 909 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 910 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 911 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 912 913 914 /* repeat three times to test updating of blinding values */ 915 for( i = 0; i < 3; i++ ) 916 { 917 memset( output, 0x00, sizeof( output ) ); 918 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, 919 &rnd_info, message_str->x, 920 output ) == result ); 921 if( result == 0 ) 922 { 923 924 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 925 ctx.len, 926 result_str->len ) == 0 ); 927 } 928 } 929 930 /* And now one more time with the copy */ 931 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 932 /* clear the original to be sure */ 933 mbedtls_rsa_free( &ctx ); 934 935 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); 936 937 memset( output, 0x00, sizeof( output ) ); 938 TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, 939 &rnd_info, message_str->x, 940 output ) == result ); 941 if( result == 0 ) 942 { 943 944 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 945 ctx2.len, 946 result_str->len ) == 0 ); 947 } 948 949exit: 950 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 951 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 952 953 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); 954} 955/* END_CASE */ 956 957/* BEGIN_CASE */ 958void rsa_check_privkey_null( ) 959{ 960 mbedtls_rsa_context ctx; 961 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) ); 962 963 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 964} 965/* END_CASE */ 966 967/* BEGIN_CASE */ 968void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E, 969 char * input_E, int result ) 970{ 971 mbedtls_rsa_context ctx; 972 mbedtls_mpi N, E; 973 974 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 975 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 976 977 if( strlen( input_N ) ) 978 { 979 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 980 } 981 if( strlen( input_E ) ) 982 { 983 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 984 } 985 986 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 987 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); 988 989exit: 990 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 991 mbedtls_rsa_free( &ctx ); 992} 993/* END_CASE */ 994 995/* BEGIN_CASE */ 996void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P, 997 int radix_Q, char * input_Q, int radix_N, 998 char * input_N, int radix_E, char * input_E, 999 int radix_D, char * input_D, int radix_DP, 1000 char * input_DP, int radix_DQ, 1001 char * input_DQ, int radix_QP, 1002 char * input_QP, int result ) 1003{ 1004 mbedtls_rsa_context ctx; 1005 1006 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 1007 1008 ctx.len = mod / 8; 1009 if( strlen( input_P ) ) 1010 { 1011 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); 1012 } 1013 if( strlen( input_Q ) ) 1014 { 1015 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); 1016 } 1017 if( strlen( input_N ) ) 1018 { 1019 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 1020 } 1021 if( strlen( input_E ) ) 1022 { 1023 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 1024 } 1025 if( strlen( input_D ) ) 1026 { 1027 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 ); 1028 } 1029#if !defined(MBEDTLS_RSA_NO_CRT) 1030 if( strlen( input_DP ) ) 1031 { 1032 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 ); 1033 } 1034 if( strlen( input_DQ ) ) 1035 { 1036 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 ); 1037 } 1038 if( strlen( input_QP ) ) 1039 { 1040 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 ); 1041 } 1042#else 1043 ((void) radix_DP); ((void) input_DP); 1044 ((void) radix_DQ); ((void) input_DQ); 1045 ((void) radix_QP); ((void) input_QP); 1046#endif 1047 1048 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); 1049 1050exit: 1051 mbedtls_rsa_free( &ctx ); 1052} 1053/* END_CASE */ 1054 1055/* BEGIN_CASE */ 1056void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub, 1057 int radix_Epub, char * input_Epub, int radix_P, 1058 char * input_P, int radix_Q, char * input_Q, 1059 int radix_N, char * input_N, int radix_E, 1060 char * input_E, int radix_D, char * input_D, 1061 int radix_DP, char * input_DP, int radix_DQ, 1062 char * input_DQ, int radix_QP, char * input_QP, 1063 int result ) 1064{ 1065 mbedtls_rsa_context pub, prv; 1066 1067 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 ); 1068 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 ); 1069 1070 pub.len = mod / 8; 1071 prv.len = mod / 8; 1072 1073 if( strlen( input_Npub ) ) 1074 { 1075 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 ); 1076 } 1077 if( strlen( input_Epub ) ) 1078 { 1079 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 ); 1080 } 1081 1082 if( strlen( input_P ) ) 1083 { 1084 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 ); 1085 } 1086 if( strlen( input_Q ) ) 1087 { 1088 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 ); 1089 } 1090 if( strlen( input_N ) ) 1091 { 1092 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 ); 1093 } 1094 if( strlen( input_E ) ) 1095 { 1096 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 ); 1097 } 1098 if( strlen( input_D ) ) 1099 { 1100 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); 1101 } 1102#if !defined(MBEDTLS_RSA_NO_CRT) 1103 if( strlen( input_DP ) ) 1104 { 1105 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); 1106 } 1107 if( strlen( input_DQ ) ) 1108 { 1109 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 ); 1110 } 1111 if( strlen( input_QP ) ) 1112 { 1113 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); 1114 } 1115#else 1116 ((void) radix_DP); ((void) input_DP); 1117 ((void) radix_DQ); ((void) input_DQ); 1118 ((void) radix_QP); ((void) input_QP); 1119#endif 1120 1121 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); 1122 1123exit: 1124 mbedtls_rsa_free( &pub ); 1125 mbedtls_rsa_free( &prv ); 1126} 1127/* END_CASE */ 1128 1129/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1130void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) 1131{ 1132 mbedtls_rsa_context ctx; 1133 mbedtls_entropy_context entropy; 1134 mbedtls_ctr_drbg_context ctr_drbg; 1135 const char *pers = "test_suite_rsa"; 1136 1137 mbedtls_ctr_drbg_init( &ctr_drbg ); 1138 mbedtls_entropy_init( &entropy ); 1139 mbedtls_rsa_init ( &ctx, 0, 0 ); 1140 1141 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1142 &entropy, (const unsigned char *) pers, 1143 strlen( pers ) ) == 0 ); 1144 1145 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); 1146 if( result == 0 ) 1147 { 1148 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 1149 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); 1150 } 1151 1152exit: 1153 mbedtls_rsa_free( &ctx ); 1154 mbedtls_ctr_drbg_free( &ctr_drbg ); 1155 mbedtls_entropy_free( &entropy ); 1156} 1157/* END_CASE */ 1158 1159/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1160void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, 1161 int radix_D, char *input_D, 1162 int radix_E, char *input_E, 1163 int radix_P, char *output_P, 1164 int radix_Q, char *output_Q, 1165 int corrupt, int result ) 1166{ 1167 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 1168 1169 mbedtls_mpi_init( &N ); 1170 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1171 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); 1172 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1173 1174 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1175 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1176 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1177 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 ); 1178 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 ); 1179 1180 if( corrupt ) 1181 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); 1182 1183 /* Try to deduce P, Q from N, D, E only. */ 1184 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); 1185 1186 if( !corrupt ) 1187 { 1188 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 1189 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || 1190 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); 1191 } 1192 1193exit: 1194 mbedtls_mpi_free( &N ); 1195 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1196 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); 1197 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1198} 1199/* END_CASE */ 1200 1201/* BEGIN_CASE */ 1202void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, 1203 int radix_Q, char *input_Q, 1204 int radix_E, char *input_E, 1205 int radix_D, char *output_D, 1206 int corrupt, int result ) 1207{ 1208 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 1209 1210 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1211 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); 1212 mbedtls_mpi_init( &E ); 1213 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); 1214 1215 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1216 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1217 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1218 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 ); 1219 1220 if( corrupt ) 1221 { 1222 /* Make E even */ 1223 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); 1224 } 1225 1226 /* Try to deduce D from N, P, Q, E. */ 1227 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, 1228 &E, &D ) == result ); 1229 1230 if( !corrupt ) 1231 { 1232 /* 1233 * Check that D and Dp agree modulo LCM(P-1, Q-1). 1234 */ 1235 1236 /* Replace P,Q by P-1, Q-1 */ 1237 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); 1238 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); 1239 1240 /* Check D == Dp modulo P-1 */ 1241 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); 1242 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); 1243 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1244 1245 /* Check D == Dp modulo Q-1 */ 1246 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); 1247 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); 1248 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1249 } 1250 1251exit: 1252 1253 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1254 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); 1255 mbedtls_mpi_free( &E ); 1256 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); 1257} 1258/* END_CASE */ 1259 1260/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1261void mbedtls_rsa_import( int radix_N, char *input_N, 1262 int radix_P, char *input_P, 1263 int radix_Q, char *input_Q, 1264 int radix_D, char *input_D, 1265 int radix_E, char *input_E, 1266 int successive, 1267 int is_priv, 1268 int res_check, 1269 int res_complete ) 1270{ 1271 mbedtls_mpi N, P, Q, D, E; 1272 mbedtls_rsa_context ctx; 1273 1274 /* Buffers used for encryption-decryption test */ 1275 unsigned char *buf_orig = NULL; 1276 unsigned char *buf_enc = NULL; 1277 unsigned char *buf_dec = NULL; 1278 1279 mbedtls_entropy_context entropy; 1280 mbedtls_ctr_drbg_context ctr_drbg; 1281 const char *pers = "test_suite_rsa"; 1282 1283 const int have_N = ( strlen( input_N ) > 0 ); 1284 const int have_P = ( strlen( input_P ) > 0 ); 1285 const int have_Q = ( strlen( input_Q ) > 0 ); 1286 const int have_D = ( strlen( input_D ) > 0 ); 1287 const int have_E = ( strlen( input_E ) > 0 ); 1288 1289 mbedtls_ctr_drbg_init( &ctr_drbg ); 1290 mbedtls_entropy_init( &entropy ); 1291 mbedtls_rsa_init( &ctx, 0, 0 ); 1292 1293 mbedtls_mpi_init( &N ); 1294 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1295 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1296 1297 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, 1298 (const unsigned char *) pers, strlen( pers ) ) == 0 ); 1299 1300 if( have_N ) 1301 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1302 1303 if( have_P ) 1304 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1305 1306 if( have_Q ) 1307 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1308 1309 if( have_D ) 1310 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1311 1312 if( have_E ) 1313 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1314 1315 if( !successive ) 1316 { 1317 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1318 have_N ? &N : NULL, 1319 have_P ? &P : NULL, 1320 have_Q ? &Q : NULL, 1321 have_D ? &D : NULL, 1322 have_E ? &E : NULL ) == 0 ); 1323 } 1324 else 1325 { 1326 /* Import N, P, Q, D, E separately. 1327 * This should make no functional difference. */ 1328 1329 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1330 have_N ? &N : NULL, 1331 NULL, NULL, NULL, NULL ) == 0 ); 1332 1333 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1334 NULL, 1335 have_P ? &P : NULL, 1336 NULL, NULL, NULL ) == 0 ); 1337 1338 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1339 NULL, NULL, 1340 have_Q ? &Q : NULL, 1341 NULL, NULL ) == 0 ); 1342 1343 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1344 NULL, NULL, NULL, 1345 have_D ? &D : NULL, 1346 NULL ) == 0 ); 1347 1348 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1349 NULL, NULL, NULL, NULL, 1350 have_E ? &E : NULL ) == 0 ); 1351 } 1352 1353 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1354 1355 /* On expected success, perform some public and private 1356 * key operations to check if the key is working properly. */ 1357 if( res_complete == 0 ) 1358 { 1359 if( is_priv ) 1360 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1361 else 1362 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1363 1364 if( res_check != 0 ) 1365 goto exit; 1366 1367 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1368 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1369 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1370 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1371 goto exit; 1372 1373 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1374 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1375 1376 /* Make sure the number we're generating is smaller than the modulus */ 1377 buf_orig[0] = 0x00; 1378 1379 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1380 1381 if( is_priv ) 1382 { 1383 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1384 &ctr_drbg, buf_enc, 1385 buf_dec ) == 0 ); 1386 1387 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1388 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1389 } 1390 } 1391 1392exit: 1393 1394 mbedtls_free( buf_orig ); 1395 mbedtls_free( buf_enc ); 1396 mbedtls_free( buf_dec ); 1397 1398 mbedtls_rsa_free( &ctx ); 1399 1400 mbedtls_ctr_drbg_free( &ctr_drbg ); 1401 mbedtls_entropy_free( &entropy ); 1402 1403 mbedtls_mpi_free( &N ); 1404 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1405 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1406} 1407/* END_CASE */ 1408 1409/* BEGIN_CASE */ 1410void mbedtls_rsa_export( int radix_N, char *input_N, 1411 int radix_P, char *input_P, 1412 int radix_Q, char *input_Q, 1413 int radix_D, char *input_D, 1414 int radix_E, char *input_E, 1415 int is_priv, 1416 int successive ) 1417{ 1418 /* Original MPI's with which we set up the RSA context */ 1419 mbedtls_mpi N, P, Q, D, E; 1420 1421 /* Exported MPI's */ 1422 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1423 1424 const int have_N = ( strlen( input_N ) > 0 ); 1425 const int have_P = ( strlen( input_P ) > 0 ); 1426 const int have_Q = ( strlen( input_Q ) > 0 ); 1427 const int have_D = ( strlen( input_D ) > 0 ); 1428 const int have_E = ( strlen( input_E ) > 0 ); 1429 1430 mbedtls_rsa_context ctx; 1431 1432 mbedtls_rsa_init( &ctx, 0, 0 ); 1433 1434 mbedtls_mpi_init( &N ); 1435 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1436 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1437 1438 mbedtls_mpi_init( &Ne ); 1439 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); 1440 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); 1441 1442 /* Setup RSA context */ 1443 1444 if( have_N ) 1445 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1446 1447 if( have_P ) 1448 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1449 1450 if( have_Q ) 1451 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1452 1453 if( have_D ) 1454 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1455 1456 if( have_E ) 1457 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1458 1459 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1460 strlen( input_N ) ? &N : NULL, 1461 strlen( input_P ) ? &P : NULL, 1462 strlen( input_Q ) ? &Q : NULL, 1463 strlen( input_D ) ? &D : NULL, 1464 strlen( input_E ) ? &E : NULL ) == 0 ); 1465 1466 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1467 1468 /* 1469 * Export parameters and compare to original ones. 1470 */ 1471 1472 /* N and E must always be present. */ 1473 if( !successive ) 1474 { 1475 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); 1476 } 1477 else 1478 { 1479 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); 1480 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); 1481 } 1482 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); 1483 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); 1484 1485 /* If we were providing enough information to setup a complete private context, 1486 * we expect to be able to export all core parameters. */ 1487 1488 if( is_priv ) 1489 { 1490 if( !successive ) 1491 { 1492 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, 1493 &De, NULL ) == 0 ); 1494 } 1495 else 1496 { 1497 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, 1498 NULL, NULL ) == 0 ); 1499 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, 1500 NULL, NULL ) == 0 ); 1501 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, 1502 &De, NULL ) == 0 ); 1503 } 1504 1505 if( have_P ) 1506 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); 1507 1508 if( have_Q ) 1509 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); 1510 1511 if( have_D ) 1512 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); 1513 1514 /* While at it, perform a sanity check */ 1515 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee, 1516 NULL, NULL ) == 0 ); 1517 } 1518 1519exit: 1520 1521 mbedtls_rsa_free( &ctx ); 1522 1523 mbedtls_mpi_free( &N ); 1524 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1525 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1526 1527 mbedtls_mpi_free( &Ne ); 1528 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); 1529 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); 1530} 1531/* END_CASE */ 1532 1533/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ 1534void mbedtls_rsa_validate_params( int radix_N, char *input_N, 1535 int radix_P, char *input_P, 1536 int radix_Q, char *input_Q, 1537 int radix_D, char *input_D, 1538 int radix_E, char *input_E, 1539 int prng, int result ) 1540{ 1541 /* Original MPI's with which we set up the RSA context */ 1542 mbedtls_mpi N, P, Q, D, E; 1543 1544 const int have_N = ( strlen( input_N ) > 0 ); 1545 const int have_P = ( strlen( input_P ) > 0 ); 1546 const int have_Q = ( strlen( input_Q ) > 0 ); 1547 const int have_D = ( strlen( input_D ) > 0 ); 1548 const int have_E = ( strlen( input_E ) > 0 ); 1549 1550 mbedtls_entropy_context entropy; 1551 mbedtls_ctr_drbg_context ctr_drbg; 1552 const char *pers = "test_suite_rsa"; 1553 1554 mbedtls_mpi_init( &N ); 1555 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1556 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1557 1558 mbedtls_ctr_drbg_init( &ctr_drbg ); 1559 mbedtls_entropy_init( &entropy ); 1560 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1561 &entropy, (const unsigned char *) pers, 1562 strlen( pers ) ) == 0 ); 1563 1564 if( have_N ) 1565 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1566 1567 if( have_P ) 1568 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1569 1570 if( have_Q ) 1571 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1572 1573 if( have_D ) 1574 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1575 1576 if( have_E ) 1577 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1578 1579 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, 1580 have_P ? &P : NULL, 1581 have_Q ? &Q : NULL, 1582 have_D ? &D : NULL, 1583 have_E ? &E : NULL, 1584 prng ? mbedtls_ctr_drbg_random : NULL, 1585 prng ? &ctr_drbg : NULL ) == result ); 1586exit: 1587 1588 mbedtls_ctr_drbg_free( &ctr_drbg ); 1589 mbedtls_entropy_free( &entropy ); 1590 1591 mbedtls_mpi_free( &N ); 1592 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1593 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1594} 1595/* END_CASE */ 1596 1597/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1598void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P, 1599 data_t *input_Q, data_t *input_D, 1600 data_t *input_E, int is_priv, 1601 int successive ) 1602{ 1603 /* Exported buffers */ 1604 unsigned char bufNe[256]; 1605 unsigned char bufPe[128]; 1606 unsigned char bufQe[128]; 1607 unsigned char bufDe[256]; 1608 unsigned char bufEe[1]; 1609 1610 mbedtls_rsa_context ctx; 1611 1612 mbedtls_rsa_init( &ctx, 0, 0 ); 1613 1614 /* Setup RSA context */ 1615 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1616 input_N->len ? input_N->x : NULL, input_N->len, 1617 input_P->len ? input_P->x : NULL, input_P->len, 1618 input_Q->len ? input_Q->x : NULL, input_Q->len, 1619 input_D->len ? input_D->x : NULL, input_D->len, 1620 input_E->len ? input_E->x : NULL, input_E->len ) == 0 ); 1621 1622 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1623 1624 /* 1625 * Export parameters and compare to original ones. 1626 */ 1627 1628 /* N and E must always be present. */ 1629 if( !successive ) 1630 { 1631 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1632 NULL, 0, NULL, 0, NULL, 0, 1633 bufEe, input_E->len ) == 0 ); 1634 } 1635 else 1636 { 1637 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1638 NULL, 0, NULL, 0, NULL, 0, 1639 NULL, 0 ) == 0 ); 1640 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1641 NULL, 0, NULL, 0, NULL, 0, 1642 bufEe, input_E->len ) == 0 ); 1643 } 1644 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 ); 1645 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 ); 1646 1647 /* If we were providing enough information to setup a complete private context, 1648 * we expect to be able to export all core parameters. */ 1649 1650 if( is_priv ) 1651 { 1652 if( !successive ) 1653 { 1654 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1655 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1656 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1657 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1658 NULL, 0 ) == 0 ); 1659 } 1660 else 1661 { 1662 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1663 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1664 NULL, 0, NULL, 0, 1665 NULL, 0 ) == 0 ); 1666 1667 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, 1668 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1669 NULL, 0, NULL, 0 ) == 0 ); 1670 1671 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0, 1672 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1673 NULL, 0 ) == 0 ); 1674 } 1675 1676 if( input_P->len ) 1677 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 ); 1678 1679 if( input_Q->len ) 1680 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 ); 1681 1682 if( input_D->len ) 1683 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 ); 1684 1685 } 1686 1687exit: 1688 mbedtls_rsa_free( &ctx ); 1689} 1690/* END_CASE */ 1691 1692/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1693void mbedtls_rsa_import_raw( data_t *input_N, 1694 data_t *input_P, data_t *input_Q, 1695 data_t *input_D, data_t *input_E, 1696 int successive, 1697 int is_priv, 1698 int res_check, 1699 int res_complete ) 1700{ 1701 /* Buffers used for encryption-decryption test */ 1702 unsigned char *buf_orig = NULL; 1703 unsigned char *buf_enc = NULL; 1704 unsigned char *buf_dec = NULL; 1705 1706 mbedtls_rsa_context ctx; 1707 mbedtls_entropy_context entropy; 1708 mbedtls_ctr_drbg_context ctr_drbg; 1709 1710 const char *pers = "test_suite_rsa"; 1711 1712 mbedtls_ctr_drbg_init( &ctr_drbg ); 1713 mbedtls_entropy_init( &entropy ); 1714 mbedtls_rsa_init( &ctx, 0, 0 ); 1715 1716 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1717 &entropy, (const unsigned char *) pers, 1718 strlen( pers ) ) == 0 ); 1719 1720 if( !successive ) 1721 { 1722 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1723 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1724 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1725 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1726 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1727 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1728 } 1729 else 1730 { 1731 /* Import N, P, Q, D, E separately. 1732 * This should make no functional difference. */ 1733 1734 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1735 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1736 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1737 1738 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1739 NULL, 0, 1740 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1741 NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1742 1743 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1744 NULL, 0, NULL, 0, 1745 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1746 NULL, 0, NULL, 0 ) == 0 ); 1747 1748 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1749 NULL, 0, NULL, 0, NULL, 0, 1750 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1751 NULL, 0 ) == 0 ); 1752 1753 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1754 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1755 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1756 } 1757 1758 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1759 1760 /* On expected success, perform some public and private 1761 * key operations to check if the key is working properly. */ 1762 if( res_complete == 0 ) 1763 { 1764 if( is_priv ) 1765 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1766 else 1767 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1768 1769 if( res_check != 0 ) 1770 goto exit; 1771 1772 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1773 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1774 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1775 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1776 goto exit; 1777 1778 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1779 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1780 1781 /* Make sure the number we're generating is smaller than the modulus */ 1782 buf_orig[0] = 0x00; 1783 1784 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1785 1786 if( is_priv ) 1787 { 1788 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1789 &ctr_drbg, buf_enc, 1790 buf_dec ) == 0 ); 1791 1792 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1793 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1794 } 1795 } 1796 1797exit: 1798 1799 mbedtls_free( buf_orig ); 1800 mbedtls_free( buf_enc ); 1801 mbedtls_free( buf_dec ); 1802 1803 mbedtls_rsa_free( &ctx ); 1804 1805 mbedtls_ctr_drbg_free( &ctr_drbg ); 1806 mbedtls_entropy_free( &entropy ); 1807 1808} 1809/* END_CASE */ 1810 1811/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1812void rsa_selftest( ) 1813{ 1814 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); 1815} 1816/* END_CASE */ 1817