1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include <tomcrypt_test.h>
10
11 #if defined(LTC_MRSA) && defined(LTC_TEST_MPI)
12
13 #define RSA_MSGSIZE 78
14
15 /* These are test keys [see file test.key] that I use to test my import/export against */
16 static const unsigned char openssl_private_rsa[] = {
17 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde, 0x64, 0x8a,
18 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7, 0xa1, 0xb7,
19 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84, 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96, 0x65, 0xe5,
20 0x3f, 0x72, 0x95, 0x24, 0x9f, 0x28, 0x68, 0xca, 0x4f, 0xdb, 0x44, 0x1c, 0x3e, 0x60, 0x12, 0x8a,
21 0xdd, 0x26, 0xa5, 0xeb, 0xff, 0x0b, 0x5e, 0xd4, 0x88, 0x38, 0x49, 0x2a, 0x6e, 0x5b, 0xbf, 0x12,
22 0x37, 0x47, 0xbd, 0x05, 0x6b, 0xbc, 0xdb, 0xf3, 0xee, 0xe4, 0x11, 0x8e, 0x41, 0x68, 0x7c, 0x61,
23 0x13, 0xd7, 0x42, 0xc8, 0x80, 0xbe, 0x36, 0x8f, 0xdc, 0x08, 0x8b, 0x4f, 0xac, 0xa4, 0xe2, 0x76,
24 0x0c, 0xc9, 0x63, 0x6c, 0x49, 0x58, 0x93, 0xed, 0xcc, 0xaa, 0xdc, 0x25, 0x3b, 0x0a, 0x60, 0x3f,
25 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01,
26 0x02, 0x81, 0x81, 0x00, 0xc8, 0x62, 0xb9, 0xea, 0xde, 0x44, 0x53, 0x1d, 0x56, 0x97, 0xd9, 0x97,
27 0x9e, 0x1a, 0xcf, 0x30, 0x1e, 0x0a, 0x88, 0x45, 0x86, 0x29, 0x30, 0xa3, 0x4d, 0x9f, 0x61, 0x65,
28 0x73, 0xe0, 0xd6, 0x87, 0x8f, 0xb6, 0xf3, 0x06, 0xa3, 0x82, 0xdc, 0x7c, 0xac, 0xfe, 0x9b, 0x28,
29 0x9a, 0xae, 0xfd, 0xfb, 0xfe, 0x2f, 0x0e, 0xd8, 0x97, 0x04, 0xe3, 0xbb, 0x1f, 0xd1, 0xec, 0x0d,
30 0xba, 0xa3, 0x49, 0x7f, 0x47, 0xac, 0x8a, 0x44, 0x04, 0x7e, 0x86, 0xb7, 0x39, 0x42, 0x3f, 0xad,
31 0x1e, 0xb7, 0x0e, 0xa5, 0x51, 0xf4, 0x40, 0x63, 0x1e, 0xfd, 0xbd, 0xea, 0x9f, 0x41, 0x9f, 0xa8,
32 0x90, 0x1d, 0x6f, 0x0a, 0x5a, 0x95, 0x13, 0x11, 0x0d, 0x80, 0xaf, 0x5f, 0x64, 0x98, 0x8a, 0x2c,
33 0x78, 0x68, 0x65, 0xb0, 0x2b, 0x8b, 0xa2, 0x53, 0x87, 0xca, 0xf1, 0x64, 0x04, 0xab, 0xf2, 0x7b,
34 0xdb, 0x83, 0xc8, 0x81, 0x02, 0x41, 0x00, 0xf7, 0xbe, 0x5e, 0x23, 0xc3, 0x32, 0x3f, 0xbf, 0x8b,
35 0x8e, 0x3a, 0xee, 0xfc, 0xfc, 0xcb, 0xe5, 0xf7, 0xf1, 0x0b, 0xbc, 0x42, 0x82, 0xae, 0xd5, 0x7a,
36 0x3e, 0xca, 0xf7, 0xd5, 0x69, 0x3f, 0x64, 0x25, 0xa2, 0x1f, 0xb7, 0x75, 0x75, 0x05, 0x92, 0x42,
37 0xeb, 0xb8, 0xf1, 0xf3, 0x0a, 0x05, 0xe3, 0x94, 0xd1, 0x55, 0x78, 0x35, 0xa0, 0x36, 0xa0, 0x9b,
38 0x7c, 0x92, 0x84, 0x6c, 0xdd, 0xdc, 0x4d, 0x02, 0x41, 0x00, 0xd6, 0x86, 0x0e, 0x85, 0x42, 0x0b,
39 0x04, 0x08, 0x84, 0x21, 0x60, 0xf0, 0x0e, 0x0d, 0x88, 0xfd, 0x1e, 0x36, 0x10, 0x65, 0x4f, 0x1e,
40 0x53, 0xb4, 0x08, 0x72, 0x80, 0x5c, 0x3f, 0x59, 0x66, 0x17, 0xe6, 0x98, 0xf2, 0xe9, 0x6c, 0x7a,
41 0x06, 0x4c, 0xac, 0x76, 0x3d, 0xed, 0x8c, 0xa1, 0xce, 0xad, 0x1b, 0xbd, 0xb4, 0x7d, 0x28, 0xbc,
42 0xe3, 0x0e, 0x38, 0x8d, 0x99, 0xd8, 0x05, 0xb5, 0xa3, 0x71, 0x02, 0x40, 0x6d, 0xeb, 0xc3, 0x2d,
43 0x2e, 0xf0, 0x5e, 0xa4, 0x88, 0x31, 0x05, 0x29, 0x00, 0x8a, 0xd1, 0x95, 0x29, 0x9b, 0x83, 0xcf,
44 0x75, 0xdb, 0x31, 0xe3, 0x7a, 0x27, 0xde, 0x3a, 0x74, 0x30, 0x0c, 0x76, 0x4c, 0xd4, 0x50, 0x2a,
45 0x40, 0x2d, 0x39, 0xd9, 0x99, 0x63, 0xa9, 0x5d, 0x80, 0xae, 0x53, 0xca, 0x94, 0x3f, 0x05, 0x23,
46 0x1e, 0xf8, 0x05, 0x04, 0xe1, 0xb8, 0x35, 0xf2, 0x17, 0xb3, 0xa0, 0x89, 0x02, 0x41, 0x00, 0xab,
47 0x90, 0x88, 0xfa, 0x60, 0x08, 0x29, 0x50, 0x9a, 0x43, 0x8b, 0xa0, 0x50, 0xcc, 0xd8, 0x5a, 0xfe,
48 0x97, 0x64, 0x63, 0x71, 0x74, 0x22, 0xa3, 0x20, 0x02, 0x5a, 0xcf, 0xeb, 0xc6, 0x16, 0x95, 0x54,
49 0xd1, 0xcb, 0xab, 0x8d, 0x1a, 0xc6, 0x00, 0xfa, 0x08, 0x92, 0x9c, 0x71, 0xd5, 0x52, 0x52, 0x35,
50 0x96, 0x71, 0x4b, 0x8b, 0x92, 0x0c, 0xd0, 0xe9, 0xbf, 0xad, 0x63, 0x0b, 0xa5, 0xe9, 0xb1, 0x02,
51 0x41, 0x00, 0xdc, 0xcc, 0x27, 0xc8, 0xe4, 0xdc, 0x62, 0x48, 0xd5, 0x9b, 0xaf, 0xf5, 0xab, 0x60,
52 0xf6, 0x21, 0xfd, 0x53, 0xe2, 0xb7, 0x5d, 0x09, 0xc9, 0x1a, 0xa1, 0x04, 0xa9, 0xfc, 0x61, 0x2c,
53 0x5d, 0x04, 0x58, 0x3a, 0x5a, 0x39, 0xf1, 0x4a, 0x21, 0x56, 0x67, 0xfd, 0xcc, 0x20, 0xa3, 0x8f,
54 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17,
55 0x4a, 0x9f, };
56
57 static const unsigned char x509_public_rsa[] =
58 "MIICdTCCAd4CCQCYjCwz0l9JpjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJD\
59 WjEPMA0GA1UECAwGTW9yYXZhMQ0wCwYDVQQHDARCcm5vMRAwDgYDVQQKDAdMVEMg\
60 THRkMQ8wDQYDVQQLDAZDcnlwdG8xEjAQBgNVBAMMCVRlc3QgQ2VydDEYMBYGCSqG\
61 SIb3DQEJARYJdGVzdEBjZXJ0MCAXDTE3MDMwOTIzNDMzOVoYDzIyOTAxMjIyMjM0\
62 MzM5WjB+MQswCQYDVQQGEwJDWjEPMA0GA1UECAwGTW9yYXZhMQ0wCwYDVQQHDARC\
63 cm5vMRAwDgYDVQQKDAdMVEMgTHRkMQ8wDQYDVQQLDAZDcnlwdG8xEjAQBgNVBAMM\
64 CVRlc3QgQ2VydDEYMBYGCSqGSIb3DQEJARYJdGVzdEBjZXJ0MIGfMA0GCSqGSIb3\
65 DQEBAQUAA4GNADCBiQKBgQDPmt5kitrIMyCp14MxGVSymoWnobd1M7aprIQks97b\
66 fYUtlmXlP3KVJJ8oaMpP20QcPmASit0mpev/C17UiDhJKm5bvxI3R70Fa7zb8+7k\
67 EY5BaHxhE9dCyIC+No/cCItPrKTidgzJY2xJWJPtzKrcJTsKYD+LVDrDTTHnlKRE\
68 /QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAApwWqupmmLGHeKOLFLcthQpAXXYep6T\
69 3S3e8X7fIG6TGhfvn5DHn+/V/C4184oOCwImI+VYRokdXdQ1AMGfVUomHJxsFPia\
70 bv5Aw3hiKsIG3jigKHwmMScgkl3yn+8hLkx6thNbqQoa6Yyo20RqaEFBwlZ5G8lF\
71 rZsdeO84SeCH";
72
73 static const unsigned char pkcs8_private_rsa[] = {
74 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
75 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01,
76 0x00, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde, 0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7,
77 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7, 0xa1, 0xb7, 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84,
78 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96, 0x65, 0xe5, 0x3f, 0x72, 0x95, 0x24, 0x9f, 0x28,
79 0x68, 0xca, 0x4f, 0xdb, 0x44, 0x1c, 0x3e, 0x60, 0x12, 0x8a, 0xdd, 0x26, 0xa5, 0xeb, 0xff, 0x0b,
80 0x5e, 0xd4, 0x88, 0x38, 0x49, 0x2a, 0x6e, 0x5b, 0xbf, 0x12, 0x37, 0x47, 0xbd, 0x05, 0x6b, 0xbc,
81 0xdb, 0xf3, 0xee, 0xe4, 0x11, 0x8e, 0x41, 0x68, 0x7c, 0x61, 0x13, 0xd7, 0x42, 0xc8, 0x80, 0xbe,
82 0x36, 0x8f, 0xdc, 0x08, 0x8b, 0x4f, 0xac, 0xa4, 0xe2, 0x76, 0x0c, 0xc9, 0x63, 0x6c, 0x49, 0x58,
83 0x93, 0xed, 0xcc, 0xaa, 0xdc, 0x25, 0x3b, 0x0a, 0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31,
84 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x81, 0x00, 0xc8, 0x62,
85 0xb9, 0xea, 0xde, 0x44, 0x53, 0x1d, 0x56, 0x97, 0xd9, 0x97, 0x9e, 0x1a, 0xcf, 0x30, 0x1e, 0x0a,
86 0x88, 0x45, 0x86, 0x29, 0x30, 0xa3, 0x4d, 0x9f, 0x61, 0x65, 0x73, 0xe0, 0xd6, 0x87, 0x8f, 0xb6,
87 0xf3, 0x06, 0xa3, 0x82, 0xdc, 0x7c, 0xac, 0xfe, 0x9b, 0x28, 0x9a, 0xae, 0xfd, 0xfb, 0xfe, 0x2f,
88 0x0e, 0xd8, 0x97, 0x04, 0xe3, 0xbb, 0x1f, 0xd1, 0xec, 0x0d, 0xba, 0xa3, 0x49, 0x7f, 0x47, 0xac,
89 0x8a, 0x44, 0x04, 0x7e, 0x86, 0xb7, 0x39, 0x42, 0x3f, 0xad, 0x1e, 0xb7, 0x0e, 0xa5, 0x51, 0xf4,
90 0x40, 0x63, 0x1e, 0xfd, 0xbd, 0xea, 0x9f, 0x41, 0x9f, 0xa8, 0x90, 0x1d, 0x6f, 0x0a, 0x5a, 0x95,
91 0x13, 0x11, 0x0d, 0x80, 0xaf, 0x5f, 0x64, 0x98, 0x8a, 0x2c, 0x78, 0x68, 0x65, 0xb0, 0x2b, 0x8b,
92 0xa2, 0x53, 0x87, 0xca, 0xf1, 0x64, 0x04, 0xab, 0xf2, 0x7b, 0xdb, 0x83, 0xc8, 0x81, 0x02, 0x41,
93 0x00, 0xf7, 0xbe, 0x5e, 0x23, 0xc3, 0x32, 0x3f, 0xbf, 0x8b, 0x8e, 0x3a, 0xee, 0xfc, 0xfc, 0xcb,
94 0xe5, 0xf7, 0xf1, 0x0b, 0xbc, 0x42, 0x82, 0xae, 0xd5, 0x7a, 0x3e, 0xca, 0xf7, 0xd5, 0x69, 0x3f,
95 0x64, 0x25, 0xa2, 0x1f, 0xb7, 0x75, 0x75, 0x05, 0x92, 0x42, 0xeb, 0xb8, 0xf1, 0xf3, 0x0a, 0x05,
96 0xe3, 0x94, 0xd1, 0x55, 0x78, 0x35, 0xa0, 0x36, 0xa0, 0x9b, 0x7c, 0x92, 0x84, 0x6c, 0xdd, 0xdc,
97 0x4d, 0x02, 0x41, 0x00, 0xd6, 0x86, 0x0e, 0x85, 0x42, 0x0b, 0x04, 0x08, 0x84, 0x21, 0x60, 0xf0,
98 0x0e, 0x0d, 0x88, 0xfd, 0x1e, 0x36, 0x10, 0x65, 0x4f, 0x1e, 0x53, 0xb4, 0x08, 0x72, 0x80, 0x5c,
99 0x3f, 0x59, 0x66, 0x17, 0xe6, 0x98, 0xf2, 0xe9, 0x6c, 0x7a, 0x06, 0x4c, 0xac, 0x76, 0x3d, 0xed,
100 0x8c, 0xa1, 0xce, 0xad, 0x1b, 0xbd, 0xb4, 0x7d, 0x28, 0xbc, 0xe3, 0x0e, 0x38, 0x8d, 0x99, 0xd8,
101 0x05, 0xb5, 0xa3, 0x71, 0x02, 0x40, 0x6d, 0xeb, 0xc3, 0x2d, 0x2e, 0xf0, 0x5e, 0xa4, 0x88, 0x31,
102 0x05, 0x29, 0x00, 0x8a, 0xd1, 0x95, 0x29, 0x9b, 0x83, 0xcf, 0x75, 0xdb, 0x31, 0xe3, 0x7a, 0x27,
103 0xde, 0x3a, 0x74, 0x30, 0x0c, 0x76, 0x4c, 0xd4, 0x50, 0x2a, 0x40, 0x2d, 0x39, 0xd9, 0x99, 0x63,
104 0xa9, 0x5d, 0x80, 0xae, 0x53, 0xca, 0x94, 0x3f, 0x05, 0x23, 0x1e, 0xf8, 0x05, 0x04, 0xe1, 0xb8,
105 0x35, 0xf2, 0x17, 0xb3, 0xa0, 0x89, 0x02, 0x41, 0x00, 0xab, 0x90, 0x88, 0xfa, 0x60, 0x08, 0x29,
106 0x50, 0x9a, 0x43, 0x8b, 0xa0, 0x50, 0xcc, 0xd8, 0x5a, 0xfe, 0x97, 0x64, 0x63, 0x71, 0x74, 0x22,
107 0xa3, 0x20, 0x02, 0x5a, 0xcf, 0xeb, 0xc6, 0x16, 0x95, 0x54, 0xd1, 0xcb, 0xab, 0x8d, 0x1a, 0xc6,
108 0x00, 0xfa, 0x08, 0x92, 0x9c, 0x71, 0xd5, 0x52, 0x52, 0x35, 0x96, 0x71, 0x4b, 0x8b, 0x92, 0x0c,
109 0xd0, 0xe9, 0xbf, 0xad, 0x63, 0x0b, 0xa5, 0xe9, 0xb1, 0x02, 0x41, 0x00, 0xdc, 0xcc, 0x27, 0xc8,
110 0xe4, 0xdc, 0x62, 0x48, 0xd5, 0x9b, 0xaf, 0xf5, 0xab, 0x60, 0xf6, 0x21, 0xfd, 0x53, 0xe2, 0xb7,
111 0x5d, 0x09, 0xc9, 0x1a, 0xa1, 0x04, 0xa9, 0xfc, 0x61, 0x2c, 0x5d, 0x04, 0x58, 0x3a, 0x5a, 0x39,
112 0xf1, 0x4a, 0x21, 0x56, 0x67, 0xfd, 0xcc, 0x20, 0xa3, 0x8f, 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e,
113 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f };
114
115 /* private key - hexadecimal */
116 enum {
117 pk_d ,
118 pk_dP,
119 pk_dQ,
120 pk_e ,
121 pk_N ,
122 pk_p ,
123 pk_q ,
124 pk_qP,
125 };
126 static const char *hex_key[] = {
127 "C862B9EADE44531D5697D9979E1ACF301E0A8845862930A34D9F616573E0D6878FB6F306A382DC7CACFE9B289AAEFDFBFE2F0ED89704E3BB1FD1EC0DBAA3497F47AC8A44047E86B739423FAD1EB70EA551F440631EFDBDEA9F419FA8901D6F0A5A9513110D80AF5F64988A2C786865B02B8BA25387CAF16404ABF27BDB83C881",
128 "6DEBC32D2EF05EA488310529008AD195299B83CF75DB31E37A27DE3A74300C764CD4502A402D39D99963A95D80AE53CA943F05231EF80504E1B835F217B3A089",
129 "AB9088FA600829509A438BA050CCD85AFE976463717422A320025ACFEBC6169554D1CBAB8D1AC600FA08929C71D552523596714B8B920CD0E9BFAD630BA5E9B1",
130 "010001",
131 "CF9ADE648ADAC83320A9D783311954B29A85A7A1B77533B6A9AC8424B3DEDB7D852D9665E53F7295249F2868CA4FDB441C3E60128ADD26A5EBFF0B5ED48838492A6E5BBF123747BD056BBCDBF3EEE4118E41687C6113D742C880BE368FDC088B4FACA4E2760CC9636C495893EDCCAADC253B0A603F8B543AC34D31E794A444FD",
132 "F7BE5E23C3323FBF8B8E3AEEFCFCCBE5F7F10BBC4282AED57A3ECAF7D5693F6425A21FB77575059242EBB8F1F30A05E394D1557835A036A09B7C92846CDDDC4D",
133 "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371",
134 "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F" };
135
136 /*** openssl public RSA key in DER format */
137 static const unsigned char openssl_public_rsa[] = {
138 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
139 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde,
140 0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7,
141 0xa1, 0xb7, 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84, 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96,
142 0x65, 0xe5, 0x3f, 0x72, 0x95, 0x24, 0x9f, 0x28, 0x68, 0xca, 0x4f, 0xdb, 0x44, 0x1c, 0x3e, 0x60,
143 0x12, 0x8a, 0xdd, 0x26, 0xa5, 0xeb, 0xff, 0x0b, 0x5e, 0xd4, 0x88, 0x38, 0x49, 0x2a, 0x6e, 0x5b,
144 0xbf, 0x12, 0x37, 0x47, 0xbd, 0x05, 0x6b, 0xbc, 0xdb, 0xf3, 0xee, 0xe4, 0x11, 0x8e, 0x41, 0x68,
145 0x7c, 0x61, 0x13, 0xd7, 0x42, 0xc8, 0x80, 0xbe, 0x36, 0x8f, 0xdc, 0x08, 0x8b, 0x4f, 0xac, 0xa4,
146 0xe2, 0x76, 0x0c, 0xc9, 0x63, 0x6c, 0x49, 0x58, 0x93, 0xed, 0xcc, 0xaa, 0xdc, 0x25, 0x3b, 0x0a,
147 0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
148 0x00, 0x01, };
149
150 /* same key but with extra headers stripped */
151 static const unsigned char openssl_public_rsa_stripped[] = {
152 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde,
153 0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7,
154 0xa1, 0xb7, 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84, 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96,
155 0x65, 0xe5, 0x3f, 0x72, 0x95, 0x24, 0x9f, 0x28, 0x68, 0xca, 0x4f, 0xdb, 0x44, 0x1c, 0x3e, 0x60,
156 0x12, 0x8a, 0xdd, 0x26, 0xa5, 0xeb, 0xff, 0x0b, 0x5e, 0xd4, 0x88, 0x38, 0x49, 0x2a, 0x6e, 0x5b,
157 0xbf, 0x12, 0x37, 0x47, 0xbd, 0x05, 0x6b, 0xbc, 0xdb, 0xf3, 0xee, 0xe4, 0x11, 0x8e, 0x41, 0x68,
158 0x7c, 0x61, 0x13, 0xd7, 0x42, 0xc8, 0x80, 0xbe, 0x36, 0x8f, 0xdc, 0x08, 0x8b, 0x4f, 0xac, 0xa4,
159 0xe2, 0x76, 0x0c, 0xc9, 0x63, 0x6c, 0x49, 0x58, 0x93, 0xed, 0xcc, 0xaa, 0xdc, 0x25, 0x3b, 0x0a,
160 0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
161 0x00, 0x01, };
162
163
164 /* generated with the private key above as:
165 echo -n 'test' | openssl rsautl -sign -inkey rsa_private.pem -pkcs -hexdump
166 */
167 static const unsigned char openssl_rsautl_pkcs[] = {
168 0x24, 0xef, 0x54, 0xea, 0x1a, 0x12, 0x0c, 0xf4, 0x04, 0x0c, 0x48, 0xc8, 0xe8, 0x17, 0xd2, 0x6f,
169 0xc3, 0x41, 0xb3, 0x97, 0x5c, 0xbc, 0xa3, 0x2d, 0x21, 0x00, 0x10, 0x0e, 0xbb, 0xf7, 0x30, 0x21,
170 0x7e, 0x12, 0xd2, 0xdf, 0x26, 0x28, 0xd8, 0x0f, 0x6d, 0x4d, 0xc8, 0x4d, 0xa8, 0x78, 0xe7, 0x03,
171 0xee, 0xbc, 0x68, 0xba, 0x98, 0xea, 0xe9, 0xb6, 0x06, 0x8d, 0x85, 0x5b, 0xdb, 0xa6, 0x49, 0x86,
172 0x6f, 0xc7, 0x3d, 0xe0, 0x53, 0x83, 0xe0, 0xea, 0xb1, 0x08, 0x6a, 0x7b, 0xbd, 0xeb, 0xb5, 0x4a,
173 0xdd, 0xbc, 0x64, 0x97, 0x8c, 0x17, 0x20, 0xa3, 0x5c, 0xd4, 0xb8, 0x87, 0x43, 0xc5, 0x13, 0xad,
174 0x41, 0x6e, 0x45, 0x41, 0x32, 0xd4, 0x09, 0x12, 0x7f, 0xdc, 0x59, 0x1f, 0x28, 0x3f, 0x1e, 0xbc,
175 0xef, 0x57, 0x23, 0x4b, 0x3a, 0xa3, 0x24, 0x91, 0x4d, 0xfb, 0xb2, 0xd4, 0xe7, 0x5e, 0x41, 0x7e,
176 };
177
178 extern const unsigned char _der_tests_cacert_root_cert[];
179 extern const unsigned long _der_tests_cacert_root_cert_size;
180
rsa_compat_test(void)181 static int rsa_compat_test(void)
182 {
183 rsa_key key, pubkey;
184 int stat, i;
185 unsigned char buf[1024], key_parts[8][128];
186 unsigned long len, key_lens[8];
187
188 /* try reading the key */
189 DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key));
190 DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &pubkey));
191
192 /* sign-verify a message with PKCS #1 v1.5 no ASN.1 */
193 len = sizeof(buf);
194 DO(rsa_sign_hash_ex((unsigned char*)"test", 4, buf, &len, LTC_PKCS_1_V1_5_NA1, NULL, 0, 0, 0, &key));
195 if (len != sizeof(openssl_rsautl_pkcs) || memcmp(buf, openssl_rsautl_pkcs, len)) {
196 fprintf(stderr, "RSA rsa_sign_hash_ex + LTC_PKCS_1_V1_5_NA1 failed\n");
197 return 1;
198 }
199 stat = 0;
200 DO(rsa_verify_hash_ex(openssl_rsautl_pkcs, sizeof(openssl_rsautl_pkcs), (unsigned char*)"test", 4, LTC_PKCS_1_V1_5_NA1, 0, 0, &stat, &pubkey));
201 if (stat != 1) {
202 fprintf(stderr, "RSA rsa_verify_hash_ex + LTC_PKCS_1_V1_5_NA1 failed\n");
203 return 1;
204 }
205 rsa_free(&pubkey);
206
207 /* now try to export private/public and compare */
208 len = sizeof(buf);
209 DO(rsa_export(buf, &len, PK_PRIVATE, &key));
210 if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from OpenSSL)", 0)) {
211 return 1;
212 }
213
214 len = sizeof(buf);
215 DO(rsa_export(buf, &len, PK_PUBLIC, &key));
216 if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from OpenSSL private key)", 0)) {
217 return 1;
218 }
219 rsa_free(&key);
220
221 /* try reading the public key */
222 DO(rsa_import(openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), &key));
223 len = sizeof(buf);
224 DO(rsa_export(buf, &len, PK_PUBLIC, &key));
225 if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from stripped OpenSSL)", 0)) {
226 return 1;
227 }
228 rsa_free(&key);
229
230 /* try reading the public key */
231 DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key));
232 len = sizeof(buf);
233 DO(rsa_export(buf, &len, PK_PUBLIC, &key));
234 if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from OpenSSL)", 0)) {
235 return 1;
236 }
237 rsa_free(&key);
238
239 /* try import private key in pkcs8 format */
240 DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, 0, &key));
241 len = sizeof(buf);
242 DO(rsa_export(buf, &len, PK_PRIVATE, &key));
243 if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)) {
244 return 1;
245 }
246 rsa_free(&key);
247
248 /* convert raw hexadecimal numbers to binary */
249 for (i = 0; i < 8; ++i) {
250 key_lens[i] = sizeof(key_parts[i]);
251 DO(radix_to_bin(hex_key[i], 16, key_parts[i], &key_lens[i]));
252 }
253 /* try import private key from converted raw hexadecimal numbers */
254 DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], key_parts[pk_d], key_lens[pk_d], &key));
255 DO(rsa_set_factors(key_parts[pk_p], key_lens[pk_p], key_parts[pk_q], key_lens[pk_q], &key));
256 DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key));
257 len = sizeof(buf);
258 DO(rsa_export(buf, &len, PK_PRIVATE, &key));
259 if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)) {
260 return 1;
261 }
262 rsa_free(&key);
263
264 /* try import public key from converted raw hexadecimal numbers */
265 DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], NULL, 0, &key));
266 len = sizeof(buf);
267 DO(rsa_export(buf, &len, PK_PUBLIC, &key));
268 if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from hex)", 0)) {
269 return 1;
270 }
271 rsa_free(&key);
272
273 /* try export in SubjectPublicKeyInfo format of the public key */
274 DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key));
275 len = sizeof(buf);
276 DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key));
277 if (len != sizeof(openssl_public_rsa) || memcmp(buf, openssl_public_rsa, len)) {
278 fprintf(stderr, "RSA(public) SSL public X.509 export failed to match OpenSSL output\n");
279 print_hex("should", openssl_public_rsa, sizeof(openssl_public_rsa));
280 print_hex("is", buf, len);
281 return 1;
282 }
283 rsa_free(&key);
284
285 return 0;
286 }
287
_rsa_key_cmp(const int should_type,const rsa_key * should,const rsa_key * is)288 static int _rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is)
289 {
290 if(should_type != is->type)
291 return CRYPT_ERROR;
292 if(should_type == PK_PRIVATE) {
293 if(mp_cmp(should->q, is->q) != LTC_MP_EQ)
294 return CRYPT_ERROR;
295 if(mp_cmp(should->p, is->p) != LTC_MP_EQ)
296 return CRYPT_ERROR;
297 if(mp_cmp(should->qP, is->qP) != LTC_MP_EQ)
298 return CRYPT_ERROR;
299 if(mp_cmp(should->dP, is->dP) != LTC_MP_EQ)
300 return CRYPT_ERROR;
301 if(mp_cmp(should->dQ, is->dQ) != LTC_MP_EQ)
302 return CRYPT_ERROR;
303 if(mp_cmp(should->d, is->d) != LTC_MP_EQ)
304 return CRYPT_ERROR;
305 }
306 if(mp_cmp(should->N, is->N) != LTC_MP_EQ)
307 return CRYPT_ERROR;
308 if(mp_cmp(should->e, is->e) != LTC_MP_EQ)
309 return CRYPT_ERROR;
310 return CRYPT_OK;
311 }
312
_rsa_issue_301(int prng_idx)313 static int _rsa_issue_301(int prng_idx)
314 {
315 rsa_key key, key_in;
316 unsigned char buf[4096];
317 unsigned long len;
318
319 DO(rsa_make_key(&yarrow_prng, prng_idx, sizeof(buf)/8, 65537, &key));
320
321 len = sizeof(buf);
322 DO(rsa_export(buf, &len, PK_PRIVATE, &key));
323 DO(rsa_import(buf, len, &key_in));
324
325 DO(_rsa_key_cmp(PK_PRIVATE, &key, &key_in));
326 rsa_free(&key_in);
327
328 len = sizeof(buf);
329 DO(rsa_export(buf, &len, PK_PUBLIC, &key));
330 DO(rsa_import(buf, len, &key_in));
331
332 DO(_rsa_key_cmp(PK_PUBLIC, &key, &key_in));
333 rsa_free(&key_in);
334
335 len = sizeof(buf);
336 DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key));
337 DO(rsa_import(buf, len, &key_in));
338
339 DO(_rsa_key_cmp(PK_PUBLIC, &key, &key_in));
340 rsa_free(&key_in);
341
342 rsa_free(&key);
343 return CRYPT_OK;
344 }
345
rsa_test(void)346 int rsa_test(void)
347 {
348 unsigned char in[1024], out[1024], tmp[3072];
349 rsa_key key, privKey, pubKey;
350 int hash_idx, prng_idx, stat, stat2, i, err;
351 unsigned long rsa_msgsize, len, len2, len3, cnt, cnt2;
352 static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 };
353 void* dP;
354 unsigned char* p;
355 unsigned char* p2;
356 unsigned char* p3;
357
358 if (rsa_compat_test() != 0) {
359 return 1;
360 }
361
362 hash_idx = find_hash("sha1");
363 prng_idx = find_prng("yarrow");
364 if (hash_idx == -1 || prng_idx == -1) {
365 fprintf(stderr, "rsa_test requires LTC_SHA1 and yarrow");
366 return 1;
367 }
368
369 DO(_rsa_issue_301(prng_idx));
370
371 /* make 10 random key */
372 for (cnt = 0; cnt < 10; cnt++) {
373 DO(rsa_make_key(&yarrow_prng, prng_idx, 1024/8, 65537, &key));
374 if (mp_count_bits(key.N) != 1024) {
375 fprintf(stderr, "rsa_1024 key modulus has %d bits\n", mp_count_bits(key.N));
376
377 len = mp_unsigned_bin_size(key.N);
378 mp_to_unsigned_bin(key.N, tmp);
379 print_hex("N", tmp, len);
380
381 len = mp_unsigned_bin_size(key.p);
382 mp_to_unsigned_bin(key.p, tmp);
383 print_hex("p", tmp, len);
384
385 len = mp_unsigned_bin_size(key.q);
386 mp_to_unsigned_bin(key.q, tmp);
387 print_hex("q", tmp, len);
388
389 return 1;
390 }
391 if (cnt != 9) {
392 rsa_free(&key);
393 }
394 }
395
396 /* encrypt the key (without lparam) */
397 for (cnt = 0; cnt < 4; cnt++) {
398 for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
399 /* make a random key/msg */
400 yarrow_read(in, rsa_msgsize, &yarrow_prng);
401
402 len = sizeof(out);
403 len2 = rsa_msgsize;
404
405 DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &yarrow_prng, prng_idx, hash_idx, &key));
406 /* change a byte */
407 out[8] ^= 1;
408 DOX((err = rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key))
409 == CRYPT_INVALID_PACKET ? CRYPT_OK:err, "should fail");
410 /* change a byte back */
411 out[8] ^= 1;
412 if (len2 != rsa_msgsize) {
413 fprintf(stderr, "\n%i:rsa_decrypt_key mismatch len %lu (first decrypt)", __LINE__, len2);
414 return 1;
415 }
416
417 len2 = rsa_msgsize;
418 DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat, &key));
419 if (!(stat == 1 && stat2 == 0)) {
420 fprintf(stderr, "rsa_decrypt_key (without lparam) failed (rsa_msgsize = %lu)", rsa_msgsize);
421 fprintf(stderr, "\n stat: %i stat2: %i", stat, stat2);
422 return 1;
423 }
424 if (len2 != rsa_msgsize || memcmp(tmp, in, rsa_msgsize)) {
425 fprintf(stderr, "\nrsa_decrypt_key mismatch, len %lu (second decrypt)\n", len2);
426 print_hex("Original", in, rsa_msgsize);
427 print_hex("Output", tmp, len2);
428 return 1;
429 }
430 }
431 }
432
433 /* encrypt the key (with lparam) */
434 for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
435 len = sizeof(out);
436 len2 = rsa_msgsize;
437 DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &yarrow_prng, prng_idx, hash_idx, &key));
438 /* change a byte */
439 out[8] ^= 1;
440 DOX((err = rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key))
441 == CRYPT_INVALID_PACKET ? CRYPT_OK:err, "should fail");
442 if (len2 != rsa_msgsize) {
443 fprintf(stderr, "\n%i:rsa_decrypt_key mismatch len %lu (first decrypt)", __LINE__, len2);
444 return 1;
445 }
446 /* change a byte back */
447 out[8] ^= 1;
448
449 len2 = rsa_msgsize;
450 DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat, &key));
451 if (!(stat == 1 && stat2 == 0)) {
452 fprintf(stderr, "rsa_decrypt_key (with lparam) failed (rsa_msgsize = %lu)", rsa_msgsize);
453 return 1;
454 }
455 if (len2 != rsa_msgsize || memcmp(tmp, in, rsa_msgsize)) {
456 fprintf(stderr, "rsa_decrypt_key mismatch len %lu", len2);
457 print_hex("Original", in, rsa_msgsize);
458 print_hex("Output", tmp, len2);
459 return 1;
460 }
461 }
462
463 /* encrypt the key PKCS #1 v1.5 (payload from 1 to 117 bytes) */
464 for (rsa_msgsize = 1; rsa_msgsize <= 117; rsa_msgsize++) {
465 len = sizeof(out);
466 len2 = rsa_msgsize;
467 /* make a random key/msg */
468 yarrow_read(in, rsa_msgsize, &yarrow_prng);
469 DO(rsa_encrypt_key_ex(in, rsa_msgsize, out, &len, NULL, 0, &yarrow_prng, prng_idx, 0, LTC_PKCS_1_V1_5, &key));
470
471 len2 = rsa_msgsize;
472 DO(rsa_decrypt_key_ex(out, len, tmp, &len2, NULL, 0, 0, LTC_PKCS_1_V1_5, &stat, &key));
473 if (stat != 1) {
474 fprintf(stderr, "rsa_decrypt_key_ex failed, %d, %d", stat, stat2);
475 return 1;
476 }
477 if (len2 != rsa_msgsize) {
478 fprintf(stderr, "rsa_decrypt_key_ex mismatch len %lu", len2);
479 return 1;
480 }
481 if (memcmp(tmp, in, rsa_msgsize)) {
482 fprintf(stderr, "rsa_decrypt_key_ex mismatch data");
483 print_hex("Original", in, rsa_msgsize);
484 print_hex("Output", tmp, rsa_msgsize);
485 return 1;
486 }
487 }
488
489 /* sign a message (unsalted, lower cholestorol and Atkins approved) now */
490 len = sizeof(out);
491 DO(rsa_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 0, &key));
492
493 /* export key and import as both private and public */
494 len2 = sizeof(tmp);
495 DO(rsa_export(tmp, &len2, PK_PRIVATE, &key));
496 DO(rsa_import(tmp, len2, &privKey));
497 len2 = sizeof(tmp);
498 DO(rsa_export(tmp, &len2, PK_PUBLIC, &key));
499 DO(rsa_import(tmp, len2, &pubKey));
500
501 /* verify with original */
502 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &key));
503 /* change a byte */
504 in[0] ^= 1;
505 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &key));
506
507 if (!(stat == 1 && stat2 == 0)) {
508 fprintf(stderr, "rsa_verify_hash (unsalted, origKey) failed, %d, %d", stat, stat2);
509 rsa_free(&key);
510 rsa_free(&pubKey);
511 rsa_free(&privKey);
512 return 1;
513 }
514
515 /* verify with privKey */
516 /* change byte back to original */
517 in[0] ^= 1;
518 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &privKey));
519 /* change a byte */
520 in[0] ^= 1;
521 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &privKey));
522
523 if (!(stat == 1 && stat2 == 0)) {
524 fprintf(stderr, "rsa_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2);
525 rsa_free(&key);
526 rsa_free(&pubKey);
527 rsa_free(&privKey);
528 return 1;
529 }
530
531 /* verify with privKey but remove pointer to dP to test without CRT */
532
533 dP = privKey.dP;
534 privKey.dP = NULL;
535 /* change byte back to original */
536 in[0] ^= 1;
537 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &privKey));
538 /* change a byte */
539 in[0] ^= 1;
540 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &privKey));
541
542 if (!(stat == 1 && stat2 == 0)) {
543 fprintf(stderr, "rsa_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2);
544 rsa_free(&key);
545 rsa_free(&pubKey);
546 rsa_free(&privKey);
547 return 1;
548 }
549 privKey.dP = dP;
550
551 /* verify with pubKey */
552 /* change byte back to original */
553 in[0] ^= 1;
554 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &pubKey));
555 /* change a byte */
556 in[0] ^= 1;
557 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &pubKey));
558
559 if (!(stat == 1 && stat2 == 0)) {
560 fprintf(stderr, "rsa_verify_hash (unsalted, pubkey) failed, %d, %d", stat, stat2);
561 rsa_free(&key);
562 rsa_free(&pubKey);
563 rsa_free(&privKey);
564 return 1;
565 }
566
567 /* sign a message (salted) now (use privKey to make, pubKey to verify) */
568 len = sizeof(out);
569 DO(rsa_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 8, &privKey));
570 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat, &pubKey));
571 /* change a byte */
572 in[0] ^= 1;
573 DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat2, &pubKey));
574
575 if (!(stat == 1 && stat2 == 0)) {
576 fprintf(stderr, "rsa_verify_hash (salted) failed, %d, %d", stat, stat2);
577 rsa_free(&key);
578 rsa_free(&pubKey);
579 rsa_free(&privKey);
580 return 1;
581 }
582
583 /* sign a message with PKCS #1 v1.5 */
584 len = sizeof(out);
585 DO(rsa_sign_hash_ex(in, 20, out, &len, LTC_PKCS_1_V1_5, &yarrow_prng, prng_idx, hash_idx, 8, &privKey));
586 DO(rsa_verify_hash_ex(out, len, in, 20, LTC_PKCS_1_V1_5, hash_idx, 8, &stat, &pubKey));
587 /* change a byte */
588 in[0] ^= 1;
589 DO(rsa_verify_hash_ex(out, len, in, 20, LTC_PKCS_1_V1_5, hash_idx, 8, &stat2, &pubKey));
590
591 if (!(stat == 1 && stat2 == 0)) {
592 fprintf(stderr, "rsa_verify_hash_ex failed, %d, %d", stat, stat2);
593 rsa_free(&key);
594 rsa_free(&pubKey);
595 rsa_free(&privKey);
596 return 1;
597 }
598
599 /* Testcase for Bleichenbacher attack
600 *
601 * (1) Create a valid signature
602 * (2) Check that it can be verified
603 * (3) Decrypt the package to fetch plain text
604 * (4) Forge the structure of PKCS#1-EMSA encoded data
605 * (4.1) Search for start and end of the padding string
606 * (4.2) Move the signature to the front of the padding string
607 * (4.3) Zero the message until the end
608 * (5) Encrypt the package again
609 * (6) Profit :)
610 * For PS lengths < 8: the verification process should fail
611 * For PS lengths >= 8: the verification process should succeed
612 * For all PS lengths: the result should not be valid
613 */
614
615 p = in;
616 p2 = out;
617 p3 = tmp;
618 for (i = 0; i < 9; ++i) {
619 len = sizeof(in);
620 len2 = sizeof(out);
621 /* (1) */
622 DO(rsa_sign_hash_ex(p, 20, p2, &len2, LTC_PKCS_1_V1_5, &yarrow_prng, prng_idx, hash_idx, 8, &privKey));
623 /* (2) */
624 DOX(rsa_verify_hash_ex(p2, len2, p, 20, LTC_PKCS_1_V1_5, hash_idx, -1, &stat, &pubKey), "should succeed");
625 DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, "should succeed");
626 len3 = sizeof(tmp);
627 /* (3) */
628 DO(ltc_mp.rsa_me(p2, len2, p3, &len3, PK_PUBLIC, &key));
629 /* (4) */
630 #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1
631 print_hex("Original signature", p3, len3);
632 #endif
633 /* (4.1) */
634 for (cnt = 0; cnt < len3; ++cnt) {
635 if (p3[cnt] == 0xff)
636 break;
637 }
638 for (cnt2 = cnt+1; cnt2 < len3; ++cnt2) {
639 if (p3[cnt2] != 0xff)
640 break;
641 }
642 /* (4.2) */
643 memmove(&p3[cnt+i], &p3[cnt2], len3-cnt2);
644 /* (4.3) */
645 for (cnt = cnt + len3-cnt2+i; cnt < len; ++cnt) {
646 p3[cnt] = 0;
647 }
648 #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1
649 print_hex("Forged signature", p3, len3);
650 #endif
651
652 len2 = sizeof(out);
653 /* (5) */
654 DO(ltc_mp.rsa_me(p3, len3, p2, &len2, PK_PRIVATE, &key));
655
656 len3 = sizeof(tmp);
657 /* (6) */
658 if (i < 8)
659 DOX(rsa_verify_hash_ex(p2, len2, p, 20, LTC_PKCS_1_V1_5, hash_idx, -1, &stat, &pubKey)
660 == CRYPT_INVALID_PACKET ? CRYPT_OK:CRYPT_INVALID_PACKET, "should fail");
661 else
662 DOX(rsa_verify_hash_ex(p2, len2, p, 20, LTC_PKCS_1_V1_5, hash_idx, -1, &stat, &pubKey), "should succeed");
663 DOX(stat == 0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, "should fail");
664 }
665 rsa_free(&key);
666
667 /* try reading the public RSA key from a X509 certificate */
668 len3 = sizeof(tmp);
669 DO(base64_decode(x509_public_rsa, sizeof(x509_public_rsa), tmp, &len3));
670 DO(rsa_import_x509(tmp, len3, &key));
671 len = sizeof(tmp);
672 DO(rsa_export(tmp, &len, PK_PUBLIC, &key));
673 if (len != sizeof(openssl_public_rsa_stripped) || memcmp(tmp, openssl_public_rsa_stripped, len)) {
674 fprintf(stderr, "RSA public export failed to match rsa_import_x509\n");
675 return 1;
676 }
677 rsa_free(&key);
678
679 len3 = sizeof(tmp);
680 DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
681
682 DO(rsa_import_x509(tmp, len3, &key));
683
684 /* free the key and return */
685 rsa_free(&key);
686 rsa_free(&pubKey);
687 rsa_free(&privKey);
688 return 0;
689 }
690
691 #else
692
rsa_test(void)693 int rsa_test(void)
694 {
695 return CRYPT_NOP;
696 }
697
698 #endif
699
700 /* ref: HEAD -> master, tag: v1.18.2 */
701 /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
702 /* commit time: 2018-07-01 22:49:01 +0200 */
703