1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/rsa_internal.h" 4#include "mbedtls/md2.h" 5#include "mbedtls/md4.h" 6#include "mbedtls/md5.h" 7#include "mbedtls/sha1.h" 8#include "mbedtls/sha256.h" 9#include "mbedtls/sha512.h" 10#include "mbedtls/entropy.h" 11#include "mbedtls/ctr_drbg.h" 12 13/* END_HEADER */ 14 15/* BEGIN_DEPENDENCIES 16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 17 * END_DEPENDENCIES 18 */ 19 20/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 21void rsa_invalid_param( ) 22{ 23 mbedtls_rsa_context ctx; 24 const int valid_padding = MBEDTLS_RSA_PKCS_V21; 25 const int invalid_padding = 42; 26 const int valid_mode = MBEDTLS_RSA_PRIVATE; 27 const int invalid_mode = 42; 28 unsigned char buf[42] = { 0 }; 29 size_t olen; 30 31 TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) ); 32 TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); 33 TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); 34 35 /* No more variants because only the first argument must be non-NULL. */ 36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 37 mbedtls_rsa_import( NULL, NULL, NULL, 38 NULL, NULL, NULL ) ); 39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 40 mbedtls_rsa_import_raw( NULL, 41 NULL, 0, 42 NULL, 0, 43 NULL, 0, 44 NULL, 0, 45 NULL, 0 ) ); 46 47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 48 mbedtls_rsa_complete( NULL ) ); 49 50 /* No more variants because only the first argument must be non-NULL. */ 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 52 mbedtls_rsa_export( NULL, NULL, NULL, 53 NULL, NULL, NULL ) ); 54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 55 mbedtls_rsa_export_raw( NULL, 56 NULL, 0, 57 NULL, 0, 58 NULL, 0, 59 NULL, 0, 60 NULL, 0 ) ); 61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 62 mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) ); 63 64 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL, 65 valid_padding, 0 ) ); 66 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, 67 invalid_padding, 0 ) ); 68 69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 70 mbedtls_rsa_gen_key( NULL, rnd_std_rand, 71 NULL, 0, 0 ) ); 72 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 73 mbedtls_rsa_gen_key( &ctx, NULL, 74 NULL, 0, 0 ) ); 75 76 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 77 mbedtls_rsa_check_pubkey( NULL ) ); 78 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 79 mbedtls_rsa_check_privkey( NULL ) ); 80 81 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 82 mbedtls_rsa_check_pub_priv( NULL, &ctx ) ); 83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 84 mbedtls_rsa_check_pub_priv( &ctx, NULL ) ); 85 86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 87 mbedtls_rsa_public( NULL, buf, buf ) ); 88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 89 mbedtls_rsa_public( &ctx, NULL, buf ) ); 90 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 91 mbedtls_rsa_public( &ctx, buf, NULL ) ); 92 93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 94 mbedtls_rsa_private( NULL, NULL, NULL, 95 buf, buf ) ); 96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 97 mbedtls_rsa_private( &ctx, NULL, NULL, 98 NULL, buf ) ); 99 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 100 mbedtls_rsa_private( &ctx, NULL, NULL, 101 buf, NULL ) ); 102 103 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 104 mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, 105 valid_mode, 106 sizeof( buf ), buf, 107 buf ) ); 108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 109 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 110 invalid_mode, 111 sizeof( buf ), buf, 112 buf ) ); 113 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 114 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 115 valid_mode, 116 sizeof( buf ), NULL, 117 buf ) ); 118 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 119 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 120 valid_mode, 121 sizeof( buf ), buf, 122 NULL ) ); 123 124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 125 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, 126 NULL, 127 valid_mode, 128 sizeof( buf ), buf, 129 buf ) ); 130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 131 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 132 NULL, 133 invalid_mode, 134 sizeof( buf ), buf, 135 buf ) ); 136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 137 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 138 NULL, 139 valid_mode, 140 sizeof( buf ), NULL, 141 buf ) ); 142 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 143 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 144 NULL, 145 valid_mode, 146 sizeof( buf ), buf, 147 NULL ) ); 148 149 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 150 mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, 151 valid_mode, 152 buf, sizeof( buf ), 153 sizeof( buf ), buf, 154 buf ) ); 155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 156 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 157 invalid_mode, 158 buf, sizeof( buf ), 159 sizeof( buf ), buf, 160 buf ) ); 161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 162 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 163 valid_mode, 164 NULL, sizeof( buf ), 165 sizeof( buf ), buf, 166 buf ) ); 167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 168 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 169 valid_mode, 170 buf, sizeof( buf ), 171 sizeof( buf ), NULL, 172 buf ) ); 173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 174 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 175 valid_mode, 176 buf, sizeof( buf ), 177 sizeof( buf ), buf, 178 NULL ) ); 179 180 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 181 mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, 182 valid_mode, &olen, 183 buf, buf, 42 ) ); 184 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 185 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 186 invalid_mode, &olen, 187 buf, buf, 42 ) ); 188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 189 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 190 valid_mode, NULL, 191 buf, buf, 42 ) ); 192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 193 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 194 valid_mode, &olen, 195 NULL, buf, 42 ) ); 196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 197 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 198 valid_mode, &olen, 199 buf, NULL, 42 ) ); 200 201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 202 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, 203 NULL, 204 valid_mode, &olen, 205 buf, buf, 42 ) ); 206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 207 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 208 NULL, 209 invalid_mode, &olen, 210 buf, buf, 42 ) ); 211 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 212 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 213 NULL, 214 valid_mode, NULL, 215 buf, buf, 42 ) ); 216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 217 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 218 NULL, 219 valid_mode, &olen, 220 NULL, buf, 42 ) ); 221 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 222 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 223 NULL, 224 valid_mode, &olen, 225 buf, NULL, 42 ) ); 226 227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 228 mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, 229 valid_mode, 230 buf, sizeof( buf ), 231 &olen, 232 buf, buf, 42 ) ); 233 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 234 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 235 invalid_mode, 236 buf, sizeof( buf ), 237 &olen, 238 buf, buf, 42 ) ); 239 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 240 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 241 valid_mode, 242 NULL, sizeof( buf ), 243 NULL, 244 buf, buf, 42 ) ); 245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 246 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 247 valid_mode, 248 buf, sizeof( buf ), 249 &olen, 250 NULL, buf, 42 ) ); 251 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 252 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 253 valid_mode, 254 buf, sizeof( buf ), 255 &olen, 256 buf, NULL, 42 ) ); 257 258 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 259 mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, 260 valid_mode, 261 0, sizeof( buf ), buf, 262 buf ) ); 263 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 264 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 265 invalid_mode, 266 0, sizeof( buf ), buf, 267 buf ) ); 268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 269 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 270 valid_mode, 271 0, sizeof( buf ), NULL, 272 buf ) ); 273 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 274 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 275 valid_mode, 276 0, sizeof( buf ), buf, 277 NULL ) ); 278 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 279 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 280 valid_mode, 281 MBEDTLS_MD_SHA1, 282 0, NULL, 283 buf ) ); 284 285 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 286 mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, 287 valid_mode, 288 0, sizeof( buf ), buf, 289 buf ) ); 290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 291 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 292 invalid_mode, 293 0, sizeof( buf ), buf, 294 buf ) ); 295 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 296 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 297 valid_mode, 298 0, sizeof( buf ), NULL, 299 buf ) ); 300 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 301 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 302 valid_mode, 303 0, sizeof( buf ), buf, 304 NULL ) ); 305 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 306 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 307 valid_mode, 308 MBEDTLS_MD_SHA1, 309 0, NULL, 310 buf ) ); 311 312 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 313 mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, 314 valid_mode, 315 0, sizeof( buf ), buf, 316 buf ) ); 317 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 318 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 319 invalid_mode, 320 0, sizeof( buf ), buf, 321 buf ) ); 322 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 323 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 324 valid_mode, 325 0, sizeof( buf ), NULL, 326 buf ) ); 327 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 328 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 329 valid_mode, 330 0, sizeof( buf ), buf, 331 NULL ) ); 332 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 333 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 334 valid_mode, 335 MBEDTLS_MD_SHA1, 336 0, NULL, 337 buf ) ); 338 339 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 340 mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, 341 valid_mode, 342 0, sizeof( buf ), buf, 343 buf ) ); 344 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 345 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 346 invalid_mode, 347 0, sizeof( buf ), buf, 348 buf ) ); 349 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 350 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 351 valid_mode, 352 0, sizeof( buf ), NULL, 353 buf ) ); 354 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 355 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 356 valid_mode, 357 0, sizeof( buf ), buf, 358 NULL ) ); 359 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 360 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 361 valid_mode, 362 MBEDTLS_MD_SHA1, 0, NULL, 363 buf ) ); 364 365 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 366 mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, 367 NULL, 368 valid_mode, 369 0, sizeof( buf ), buf, 370 buf ) ); 371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 372 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 373 NULL, 374 invalid_mode, 375 0, sizeof( buf ), buf, 376 buf ) ); 377 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 378 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 379 NULL, 380 valid_mode, 381 0, sizeof( buf ), 382 NULL, buf ) ); 383 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 384 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 385 NULL, 386 valid_mode, 387 0, sizeof( buf ), buf, 388 NULL ) ); 389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 390 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 391 NULL, 392 valid_mode, 393 MBEDTLS_MD_SHA1, 394 0, NULL, 395 buf ) ); 396 397 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 398 mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, 399 valid_mode, 400 0, sizeof( buf ), 401 buf, buf ) ); 402 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 403 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 404 invalid_mode, 405 0, sizeof( buf ), 406 buf, buf ) ); 407 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 408 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 409 valid_mode, 410 0, sizeof( buf ), 411 NULL, buf ) ); 412 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 413 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 414 valid_mode, 415 0, sizeof( buf ), 416 buf, NULL ) ); 417 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 418 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 419 valid_mode, 420 MBEDTLS_MD_SHA1, 421 0, NULL, 422 buf ) ); 423 424 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 425 mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, 426 valid_mode, 427 0, sizeof( buf ), 428 buf, 429 0, 0, 430 buf ) ); 431 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 432 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 433 invalid_mode, 434 0, sizeof( buf ), 435 buf, 436 0, 0, 437 buf ) ); 438 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 439 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 440 valid_mode, 441 0, sizeof( buf ), 442 NULL, 0, 0, 443 buf ) ); 444 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 445 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 446 valid_mode, 447 0, sizeof( buf ), 448 buf, 0, 0, 449 NULL ) ); 450 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 451 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 452 valid_mode, 453 MBEDTLS_MD_SHA1, 454 0, NULL, 455 0, 0, 456 buf ) ); 457 458 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 459 mbedtls_rsa_copy( NULL, &ctx ) ); 460 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 461 mbedtls_rsa_copy( &ctx, NULL ) ); 462 463exit: 464 return; 465} 466/* END_CASE */ 467 468/* BEGIN_CASE */ 469void rsa_init_free( int reinit ) 470{ 471 mbedtls_rsa_context ctx; 472 473 /* Double free is not explicitly documented to work, but we rely on it 474 * even inside the library so that you can call mbedtls_rsa_free() 475 * unconditionally on an error path without checking whether it has 476 * already been called in the success path. */ 477 478 mbedtls_rsa_init( &ctx, 0, 0 ); 479 mbedtls_rsa_free( &ctx ); 480 481 if( reinit ) 482 mbedtls_rsa_init( &ctx, 0, 0 ); 483 mbedtls_rsa_free( &ctx ); 484 485 /* This test case always succeeds, functionally speaking. A plausible 486 * bug might trigger an invalid pointer dereference or a memory leak. */ 487 goto exit; 488} 489/* END_CASE */ 490 491/* BEGIN_CASE */ 492void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, 493 int digest, int mod, int radix_P, char * input_P, 494 int radix_Q, char * input_Q, int radix_N, 495 char * input_N, int radix_E, char * input_E, 496 data_t * result_str, int result ) 497{ 498 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 499 unsigned char output[256]; 500 mbedtls_rsa_context ctx; 501 mbedtls_mpi N, P, Q, E; 502 rnd_pseudo_info rnd_info; 503 504 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 505 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 506 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 507 508 memset( hash_result, 0x00, sizeof( hash_result ) ); 509 memset( output, 0x00, sizeof( output ) ); 510 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 511 512 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 513 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 514 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 515 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 516 517 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 518 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 519 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 520 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 521 522 523 if( mbedtls_md_info_from_type( digest ) != NULL ) 524 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 525 526 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, 527 MBEDTLS_RSA_PRIVATE, digest, 0, 528 hash_result, output ) == result ); 529 if( result == 0 ) 530 { 531 532 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 533 ctx.len, result_str->len ) == 0 ); 534 } 535 536exit: 537 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 538 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 539 mbedtls_rsa_free( &ctx ); 540} 541/* END_CASE */ 542 543/* BEGIN_CASE */ 544void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, 545 int digest, int mod, int radix_N, 546 char * input_N, int radix_E, char * input_E, 547 data_t * result_str, int result ) 548{ 549 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 550 mbedtls_rsa_context ctx; 551 552 mbedtls_mpi N, E; 553 554 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 555 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 556 memset( hash_result, 0x00, sizeof( hash_result ) ); 557 558 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 559 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 560 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 561 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 562 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 563 564 565 if( mbedtls_md_info_from_type( digest ) != NULL ) 566 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 567 568 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); 569 570exit: 571 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 572 mbedtls_rsa_free( &ctx ); 573} 574/* END_CASE */ 575 576 577/* BEGIN_CASE */ 578void rsa_pkcs1_sign_raw( data_t * hash_result, 579 int padding_mode, int mod, int radix_P, 580 char * input_P, int radix_Q, char * input_Q, 581 int radix_N, char * input_N, int radix_E, 582 char * input_E, data_t * result_str ) 583{ 584 unsigned char output[256]; 585 mbedtls_rsa_context ctx; 586 mbedtls_mpi N, P, Q, E; 587 rnd_pseudo_info rnd_info; 588 589 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 590 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 591 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 592 593 memset( output, 0x00, sizeof( output ) ); 594 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 595 596 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 597 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 598 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 599 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 600 601 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 602 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 603 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 604 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 605 606 607 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, 608 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, 609 hash_result->len, hash_result->x, 610 output ) == 0 ); 611 612 613 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 614 ctx.len, result_str->len ) == 0 ); 615 616#if defined(MBEDTLS_PKCS1_V15) 617 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ 618 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 619 { 620 int res; 621 memset( output, 0x00, sizeof( output) ); 622 623 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, 624 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, 625 hash_result->len, hash_result->x, output ); 626 627#if !defined(MBEDTLS_RSA_ALT) 628 TEST_ASSERT( res == 0 ); 629#else 630 TEST_ASSERT( ( res == 0 ) || 631 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 632#endif 633 634 if( res == 0 ) 635 { 636 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 637 ctx.len, 638 result_str->len ) == 0 ); 639 } 640 } 641#endif /* MBEDTLS_PKCS1_V15 */ 642 643exit: 644 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 645 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 646 647 mbedtls_rsa_free( &ctx ); 648} 649/* END_CASE */ 650 651/* BEGIN_CASE */ 652void rsa_pkcs1_verify_raw( data_t * hash_result, 653 int padding_mode, int mod, int radix_N, 654 char * input_N, int radix_E, char * input_E, 655 data_t * result_str, int correct ) 656{ 657 unsigned char output[256]; 658 mbedtls_rsa_context ctx; 659 660 mbedtls_mpi N, E; 661 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 662 663 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 664 memset( output, 0x00, sizeof( output ) ); 665 666 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 667 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 668 669 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 670 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 671 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 672 673 674 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); 675 676#if defined(MBEDTLS_PKCS1_V15) 677 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ 678 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 679 { 680 int res; 681 int ok; 682 size_t olen; 683 684 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, 685 NULL, NULL, MBEDTLS_RSA_PUBLIC, 686 &olen, result_str->x, output, sizeof( output ) ); 687 688#if !defined(MBEDTLS_RSA_ALT) 689 TEST_ASSERT( res == 0 ); 690#else 691 TEST_ASSERT( ( res == 0 ) || 692 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 693#endif 694 695 if( res == 0 ) 696 { 697 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0; 698 if( correct == 0 ) 699 TEST_ASSERT( ok == 1 ); 700 else 701 TEST_ASSERT( ok == 0 ); 702 } 703 } 704#endif /* MBEDTLS_PKCS1_V15 */ 705 706exit: 707 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 708 mbedtls_rsa_free( &ctx ); 709} 710/* END_CASE */ 711 712/* BEGIN_CASE */ 713void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, 714 int mod, int radix_N, char * input_N, 715 int radix_E, char * input_E, 716 data_t * result_str, int result ) 717{ 718 unsigned char output[256]; 719 mbedtls_rsa_context ctx; 720 rnd_pseudo_info rnd_info; 721 722 mbedtls_mpi N, E; 723 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 724 725 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 726 727 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 728 memset( output, 0x00, sizeof( output ) ); 729 730 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 731 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 732 733 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 734 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 735 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 736 737 738 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, 739 MBEDTLS_RSA_PUBLIC, message_str->len, 740 message_str->x, output ) == result ); 741 if( result == 0 ) 742 { 743 744 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 745 ctx.len, result_str->len ) == 0 ); 746 } 747 748exit: 749 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 750 mbedtls_rsa_free( &ctx ); 751} 752/* END_CASE */ 753 754/* BEGIN_CASE */ 755void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, 756 int mod, int radix_N, char * input_N, 757 int radix_E, char * input_E, 758 data_t * result_str, int result ) 759{ 760 unsigned char output[256]; 761 mbedtls_rsa_context ctx; 762 763 mbedtls_mpi N, E; 764 765 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 766 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 767 memset( output, 0x00, sizeof( output ) ); 768 769 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 770 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 771 772 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 773 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 774 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 775 776 777 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, 778 MBEDTLS_RSA_PUBLIC, message_str->len, 779 message_str->x, output ) == result ); 780 if( result == 0 ) 781 { 782 783 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 784 ctx.len, result_str->len ) == 0 ); 785 } 786 787exit: 788 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 789 mbedtls_rsa_free( &ctx ); 790} 791/* END_CASE */ 792 793/* BEGIN_CASE */ 794void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, 795 int mod, int radix_P, char * input_P, 796 int radix_Q, char * input_Q, int radix_N, 797 char * input_N, int radix_E, char * input_E, 798 int max_output, data_t * result_str, 799 int result ) 800{ 801 unsigned char output[32]; 802 mbedtls_rsa_context ctx; 803 size_t output_len; 804 rnd_pseudo_info rnd_info; 805 mbedtls_mpi N, P, Q, E; 806 807 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 808 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 809 810 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 811 812 memset( output, 0x00, sizeof( output ) ); 813 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 814 815 816 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 817 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 818 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 819 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 820 821 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 822 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 823 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 824 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 825 826 output_len = 0; 827 828 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); 829 if( result == 0 ) 830 { 831 832 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 833 output_len, 834 result_str->len ) == 0 ); 835 } 836 837exit: 838 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 839 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 840 mbedtls_rsa_free( &ctx ); 841} 842/* END_CASE */ 843 844/* BEGIN_CASE */ 845void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, 846 char * input_N, int radix_E, char * input_E, 847 data_t * result_str, int result ) 848{ 849 unsigned char output[256]; 850 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 851 852 mbedtls_mpi N, E; 853 854 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 855 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 856 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 857 memset( output, 0x00, sizeof( output ) ); 858 859 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 860 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 861 862 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 863 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 864 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 865 866 867 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result ); 868 if( result == 0 ) 869 { 870 871 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 872 ctx.len, result_str->len ) == 0 ); 873 } 874 875 /* And now with the copy */ 876 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 877 /* clear the original to be sure */ 878 mbedtls_rsa_free( &ctx ); 879 880 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 ); 881 882 memset( output, 0x00, sizeof( output ) ); 883 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result ); 884 if( result == 0 ) 885 { 886 887 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 888 ctx.len, result_str->len ) == 0 ); 889 } 890 891exit: 892 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 893 mbedtls_rsa_free( &ctx ); 894 mbedtls_rsa_free( &ctx2 ); 895} 896/* END_CASE */ 897 898/* BEGIN_CASE */ 899void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, 900 char * input_P, int radix_Q, char * input_Q, 901 int radix_N, char * input_N, int radix_E, 902 char * input_E, data_t * result_str, 903 int result ) 904{ 905 unsigned char output[256]; 906 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 907 mbedtls_mpi N, P, Q, E; 908 rnd_pseudo_info rnd_info; 909 int i; 910 911 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 912 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 913 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 914 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 915 916 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 917 918 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 919 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 920 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 921 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 922 923 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 924 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 925 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 926 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 927 928 929 /* repeat three times to test updating of blinding values */ 930 for( i = 0; i < 3; i++ ) 931 { 932 memset( output, 0x00, sizeof( output ) ); 933 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, 934 message_str->x, output ) == result ); 935 if( result == 0 ) 936 { 937 938 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 939 ctx.len, 940 result_str->len ) == 0 ); 941 } 942 } 943 944 /* And now one more time with the copy */ 945 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 946 /* clear the original to be sure */ 947 mbedtls_rsa_free( &ctx ); 948 949 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); 950 951 memset( output, 0x00, sizeof( output ) ); 952 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info, 953 message_str->x, output ) == result ); 954 if( result == 0 ) 955 { 956 957 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 958 ctx2.len, 959 result_str->len ) == 0 ); 960 } 961 962exit: 963 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 964 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 965 966 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); 967} 968/* END_CASE */ 969 970/* BEGIN_CASE */ 971void rsa_check_privkey_null( ) 972{ 973 mbedtls_rsa_context ctx; 974 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) ); 975 976 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 977} 978/* END_CASE */ 979 980/* BEGIN_CASE */ 981void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E, 982 char * input_E, int result ) 983{ 984 mbedtls_rsa_context ctx; 985 mbedtls_mpi N, E; 986 987 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 988 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 989 990 if( strlen( input_N ) ) 991 { 992 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 993 } 994 if( strlen( input_E ) ) 995 { 996 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 997 } 998 999 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 1000 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); 1001 1002exit: 1003 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 1004 mbedtls_rsa_free( &ctx ); 1005} 1006/* END_CASE */ 1007 1008/* BEGIN_CASE */ 1009void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P, 1010 int radix_Q, char * input_Q, int radix_N, 1011 char * input_N, int radix_E, char * input_E, 1012 int radix_D, char * input_D, int radix_DP, 1013 char * input_DP, int radix_DQ, 1014 char * input_DQ, int radix_QP, 1015 char * input_QP, int result ) 1016{ 1017 mbedtls_rsa_context ctx; 1018 1019 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 1020 1021 ctx.len = mod / 8; 1022 if( strlen( input_P ) ) 1023 { 1024 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); 1025 } 1026 if( strlen( input_Q ) ) 1027 { 1028 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); 1029 } 1030 if( strlen( input_N ) ) 1031 { 1032 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); 1033 } 1034 if( strlen( input_E ) ) 1035 { 1036 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); 1037 } 1038 if( strlen( input_D ) ) 1039 { 1040 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 ); 1041 } 1042#if !defined(MBEDTLS_RSA_NO_CRT) 1043 if( strlen( input_DP ) ) 1044 { 1045 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 ); 1046 } 1047 if( strlen( input_DQ ) ) 1048 { 1049 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 ); 1050 } 1051 if( strlen( input_QP ) ) 1052 { 1053 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 ); 1054 } 1055#else 1056 ((void) radix_DP); ((void) input_DP); 1057 ((void) radix_DQ); ((void) input_DQ); 1058 ((void) radix_QP); ((void) input_QP); 1059#endif 1060 1061 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); 1062 1063exit: 1064 mbedtls_rsa_free( &ctx ); 1065} 1066/* END_CASE */ 1067 1068/* BEGIN_CASE */ 1069void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub, 1070 int radix_Epub, char * input_Epub, int radix_P, 1071 char * input_P, int radix_Q, char * input_Q, 1072 int radix_N, char * input_N, int radix_E, 1073 char * input_E, int radix_D, char * input_D, 1074 int radix_DP, char * input_DP, int radix_DQ, 1075 char * input_DQ, int radix_QP, char * input_QP, 1076 int result ) 1077{ 1078 mbedtls_rsa_context pub, prv; 1079 1080 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 ); 1081 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 ); 1082 1083 pub.len = mod / 8; 1084 prv.len = mod / 8; 1085 1086 if( strlen( input_Npub ) ) 1087 { 1088 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 ); 1089 } 1090 if( strlen( input_Epub ) ) 1091 { 1092 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 ); 1093 } 1094 1095 if( strlen( input_P ) ) 1096 { 1097 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 ); 1098 } 1099 if( strlen( input_Q ) ) 1100 { 1101 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 ); 1102 } 1103 if( strlen( input_N ) ) 1104 { 1105 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 ); 1106 } 1107 if( strlen( input_E ) ) 1108 { 1109 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 ); 1110 } 1111 if( strlen( input_D ) ) 1112 { 1113 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); 1114 } 1115#if !defined(MBEDTLS_RSA_NO_CRT) 1116 if( strlen( input_DP ) ) 1117 { 1118 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); 1119 } 1120 if( strlen( input_DQ ) ) 1121 { 1122 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 ); 1123 } 1124 if( strlen( input_QP ) ) 1125 { 1126 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); 1127 } 1128#else 1129 ((void) radix_DP); ((void) input_DP); 1130 ((void) radix_DQ); ((void) input_DQ); 1131 ((void) radix_QP); ((void) input_QP); 1132#endif 1133 1134 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); 1135 1136exit: 1137 mbedtls_rsa_free( &pub ); 1138 mbedtls_rsa_free( &prv ); 1139} 1140/* END_CASE */ 1141 1142/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1143void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) 1144{ 1145 mbedtls_rsa_context ctx; 1146 mbedtls_entropy_context entropy; 1147 mbedtls_ctr_drbg_context ctr_drbg; 1148 const char *pers = "test_suite_rsa"; 1149 1150 mbedtls_ctr_drbg_init( &ctr_drbg ); 1151 mbedtls_entropy_init( &entropy ); 1152 mbedtls_rsa_init ( &ctx, 0, 0 ); 1153 1154 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1155 &entropy, (const unsigned char *) pers, 1156 strlen( pers ) ) == 0 ); 1157 1158 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); 1159 if( result == 0 ) 1160 { 1161 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 1162 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); 1163 } 1164 1165exit: 1166 mbedtls_rsa_free( &ctx ); 1167 mbedtls_ctr_drbg_free( &ctr_drbg ); 1168 mbedtls_entropy_free( &entropy ); 1169} 1170/* END_CASE */ 1171 1172/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1173void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, 1174 int radix_D, char *input_D, 1175 int radix_E, char *input_E, 1176 int radix_P, char *output_P, 1177 int radix_Q, char *output_Q, 1178 int corrupt, int result ) 1179{ 1180 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 1181 1182 mbedtls_mpi_init( &N ); 1183 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1184 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); 1185 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1186 1187 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1188 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1189 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1190 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 ); 1191 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 ); 1192 1193 if( corrupt ) 1194 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); 1195 1196 /* Try to deduce P, Q from N, D, E only. */ 1197 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); 1198 1199 if( !corrupt ) 1200 { 1201 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 1202 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || 1203 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); 1204 } 1205 1206exit: 1207 mbedtls_mpi_free( &N ); 1208 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1209 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); 1210 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1211} 1212/* END_CASE */ 1213 1214/* BEGIN_CASE */ 1215void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, 1216 int radix_Q, char *input_Q, 1217 int radix_E, char *input_E, 1218 int radix_D, char *output_D, 1219 int corrupt, int result ) 1220{ 1221 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 1222 1223 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1224 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); 1225 mbedtls_mpi_init( &E ); 1226 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); 1227 1228 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1229 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1230 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1231 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 ); 1232 1233 if( corrupt ) 1234 { 1235 /* Make E even */ 1236 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); 1237 } 1238 1239 /* Try to deduce D from N, P, Q, E. */ 1240 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, 1241 &E, &D ) == result ); 1242 1243 if( !corrupt ) 1244 { 1245 /* 1246 * Check that D and Dp agree modulo LCM(P-1, Q-1). 1247 */ 1248 1249 /* Replace P,Q by P-1, Q-1 */ 1250 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); 1251 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); 1252 1253 /* Check D == Dp modulo P-1 */ 1254 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); 1255 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); 1256 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1257 1258 /* Check D == Dp modulo Q-1 */ 1259 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); 1260 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); 1261 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1262 } 1263 1264exit: 1265 1266 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1267 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); 1268 mbedtls_mpi_free( &E ); 1269 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); 1270} 1271/* END_CASE */ 1272 1273/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1274void mbedtls_rsa_import( int radix_N, char *input_N, 1275 int radix_P, char *input_P, 1276 int radix_Q, char *input_Q, 1277 int radix_D, char *input_D, 1278 int radix_E, char *input_E, 1279 int successive, 1280 int is_priv, 1281 int res_check, 1282 int res_complete ) 1283{ 1284 mbedtls_mpi N, P, Q, D, E; 1285 mbedtls_rsa_context ctx; 1286 1287 /* Buffers used for encryption-decryption test */ 1288 unsigned char *buf_orig = NULL; 1289 unsigned char *buf_enc = NULL; 1290 unsigned char *buf_dec = NULL; 1291 1292 mbedtls_entropy_context entropy; 1293 mbedtls_ctr_drbg_context ctr_drbg; 1294 const char *pers = "test_suite_rsa"; 1295 1296 const int have_N = ( strlen( input_N ) > 0 ); 1297 const int have_P = ( strlen( input_P ) > 0 ); 1298 const int have_Q = ( strlen( input_Q ) > 0 ); 1299 const int have_D = ( strlen( input_D ) > 0 ); 1300 const int have_E = ( strlen( input_E ) > 0 ); 1301 1302 mbedtls_ctr_drbg_init( &ctr_drbg ); 1303 mbedtls_entropy_init( &entropy ); 1304 mbedtls_rsa_init( &ctx, 0, 0 ); 1305 1306 mbedtls_mpi_init( &N ); 1307 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1308 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1309 1310 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, 1311 (const unsigned char *) pers, strlen( pers ) ) == 0 ); 1312 1313 if( have_N ) 1314 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1315 1316 if( have_P ) 1317 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1318 1319 if( have_Q ) 1320 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1321 1322 if( have_D ) 1323 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1324 1325 if( have_E ) 1326 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1327 1328 if( !successive ) 1329 { 1330 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1331 have_N ? &N : NULL, 1332 have_P ? &P : NULL, 1333 have_Q ? &Q : NULL, 1334 have_D ? &D : NULL, 1335 have_E ? &E : NULL ) == 0 ); 1336 } 1337 else 1338 { 1339 /* Import N, P, Q, D, E separately. 1340 * This should make no functional difference. */ 1341 1342 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1343 have_N ? &N : NULL, 1344 NULL, NULL, NULL, NULL ) == 0 ); 1345 1346 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1347 NULL, 1348 have_P ? &P : NULL, 1349 NULL, NULL, NULL ) == 0 ); 1350 1351 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1352 NULL, NULL, 1353 have_Q ? &Q : NULL, 1354 NULL, NULL ) == 0 ); 1355 1356 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1357 NULL, NULL, NULL, 1358 have_D ? &D : NULL, 1359 NULL ) == 0 ); 1360 1361 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1362 NULL, NULL, NULL, NULL, 1363 have_E ? &E : NULL ) == 0 ); 1364 } 1365 1366 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1367 1368 /* On expected success, perform some public and private 1369 * key operations to check if the key is working properly. */ 1370 if( res_complete == 0 ) 1371 { 1372 if( is_priv ) 1373 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1374 else 1375 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1376 1377 if( res_check != 0 ) 1378 goto exit; 1379 1380 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1381 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1382 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1383 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1384 goto exit; 1385 1386 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1387 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1388 1389 /* Make sure the number we're generating is smaller than the modulus */ 1390 buf_orig[0] = 0x00; 1391 1392 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1393 1394 if( is_priv ) 1395 { 1396 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1397 &ctr_drbg, buf_enc, 1398 buf_dec ) == 0 ); 1399 1400 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1401 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1402 } 1403 } 1404 1405exit: 1406 1407 mbedtls_free( buf_orig ); 1408 mbedtls_free( buf_enc ); 1409 mbedtls_free( buf_dec ); 1410 1411 mbedtls_rsa_free( &ctx ); 1412 1413 mbedtls_ctr_drbg_free( &ctr_drbg ); 1414 mbedtls_entropy_free( &entropy ); 1415 1416 mbedtls_mpi_free( &N ); 1417 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1418 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1419} 1420/* END_CASE */ 1421 1422/* BEGIN_CASE */ 1423void mbedtls_rsa_export( int radix_N, char *input_N, 1424 int radix_P, char *input_P, 1425 int radix_Q, char *input_Q, 1426 int radix_D, char *input_D, 1427 int radix_E, char *input_E, 1428 int is_priv, 1429 int successive ) 1430{ 1431 /* Original MPI's with which we set up the RSA context */ 1432 mbedtls_mpi N, P, Q, D, E; 1433 1434 /* Exported MPI's */ 1435 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1436 1437 const int have_N = ( strlen( input_N ) > 0 ); 1438 const int have_P = ( strlen( input_P ) > 0 ); 1439 const int have_Q = ( strlen( input_Q ) > 0 ); 1440 const int have_D = ( strlen( input_D ) > 0 ); 1441 const int have_E = ( strlen( input_E ) > 0 ); 1442 1443 mbedtls_rsa_context ctx; 1444 1445 mbedtls_rsa_init( &ctx, 0, 0 ); 1446 1447 mbedtls_mpi_init( &N ); 1448 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1449 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1450 1451 mbedtls_mpi_init( &Ne ); 1452 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); 1453 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); 1454 1455 /* Setup RSA context */ 1456 1457 if( have_N ) 1458 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1459 1460 if( have_P ) 1461 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1462 1463 if( have_Q ) 1464 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1465 1466 if( have_D ) 1467 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1468 1469 if( have_E ) 1470 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1471 1472 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1473 strlen( input_N ) ? &N : NULL, 1474 strlen( input_P ) ? &P : NULL, 1475 strlen( input_Q ) ? &Q : NULL, 1476 strlen( input_D ) ? &D : NULL, 1477 strlen( input_E ) ? &E : NULL ) == 0 ); 1478 1479 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1480 1481 /* 1482 * Export parameters and compare to original ones. 1483 */ 1484 1485 /* N and E must always be present. */ 1486 if( !successive ) 1487 { 1488 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); 1489 } 1490 else 1491 { 1492 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); 1493 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); 1494 } 1495 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); 1496 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); 1497 1498 /* If we were providing enough information to setup a complete private context, 1499 * we expect to be able to export all core parameters. */ 1500 1501 if( is_priv ) 1502 { 1503 if( !successive ) 1504 { 1505 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, 1506 &De, NULL ) == 0 ); 1507 } 1508 else 1509 { 1510 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, 1511 NULL, NULL ) == 0 ); 1512 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, 1513 NULL, NULL ) == 0 ); 1514 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, 1515 &De, NULL ) == 0 ); 1516 } 1517 1518 if( have_P ) 1519 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); 1520 1521 if( have_Q ) 1522 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); 1523 1524 if( have_D ) 1525 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); 1526 1527 /* While at it, perform a sanity check */ 1528 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee, 1529 NULL, NULL ) == 0 ); 1530 } 1531 1532exit: 1533 1534 mbedtls_rsa_free( &ctx ); 1535 1536 mbedtls_mpi_free( &N ); 1537 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1538 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1539 1540 mbedtls_mpi_free( &Ne ); 1541 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); 1542 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); 1543} 1544/* END_CASE */ 1545 1546/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ 1547void mbedtls_rsa_validate_params( int radix_N, char *input_N, 1548 int radix_P, char *input_P, 1549 int radix_Q, char *input_Q, 1550 int radix_D, char *input_D, 1551 int radix_E, char *input_E, 1552 int prng, int result ) 1553{ 1554 /* Original MPI's with which we set up the RSA context */ 1555 mbedtls_mpi N, P, Q, D, E; 1556 1557 const int have_N = ( strlen( input_N ) > 0 ); 1558 const int have_P = ( strlen( input_P ) > 0 ); 1559 const int have_Q = ( strlen( input_Q ) > 0 ); 1560 const int have_D = ( strlen( input_D ) > 0 ); 1561 const int have_E = ( strlen( input_E ) > 0 ); 1562 1563 mbedtls_entropy_context entropy; 1564 mbedtls_ctr_drbg_context ctr_drbg; 1565 const char *pers = "test_suite_rsa"; 1566 1567 mbedtls_mpi_init( &N ); 1568 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1569 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1570 1571 mbedtls_ctr_drbg_init( &ctr_drbg ); 1572 mbedtls_entropy_init( &entropy ); 1573 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1574 &entropy, (const unsigned char *) pers, 1575 strlen( pers ) ) == 0 ); 1576 1577 if( have_N ) 1578 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); 1579 1580 if( have_P ) 1581 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); 1582 1583 if( have_Q ) 1584 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); 1585 1586 if( have_D ) 1587 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); 1588 1589 if( have_E ) 1590 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); 1591 1592 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, 1593 have_P ? &P : NULL, 1594 have_Q ? &Q : NULL, 1595 have_D ? &D : NULL, 1596 have_E ? &E : NULL, 1597 prng ? mbedtls_ctr_drbg_random : NULL, 1598 prng ? &ctr_drbg : NULL ) == result ); 1599exit: 1600 1601 mbedtls_ctr_drbg_free( &ctr_drbg ); 1602 mbedtls_entropy_free( &entropy ); 1603 1604 mbedtls_mpi_free( &N ); 1605 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1606 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1607} 1608/* END_CASE */ 1609 1610/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1611void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P, 1612 data_t *input_Q, data_t *input_D, 1613 data_t *input_E, int is_priv, 1614 int successive ) 1615{ 1616 /* Exported buffers */ 1617 unsigned char bufNe[256]; 1618 unsigned char bufPe[128]; 1619 unsigned char bufQe[128]; 1620 unsigned char bufDe[256]; 1621 unsigned char bufEe[1]; 1622 1623 mbedtls_rsa_context ctx; 1624 1625 mbedtls_rsa_init( &ctx, 0, 0 ); 1626 1627 /* Setup RSA context */ 1628 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1629 input_N->len ? input_N->x : NULL, input_N->len, 1630 input_P->len ? input_P->x : NULL, input_P->len, 1631 input_Q->len ? input_Q->x : NULL, input_Q->len, 1632 input_D->len ? input_D->x : NULL, input_D->len, 1633 input_E->len ? input_E->x : NULL, input_E->len ) == 0 ); 1634 1635 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1636 1637 /* 1638 * Export parameters and compare to original ones. 1639 */ 1640 1641 /* N and E must always be present. */ 1642 if( !successive ) 1643 { 1644 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1645 NULL, 0, NULL, 0, NULL, 0, 1646 bufEe, input_E->len ) == 0 ); 1647 } 1648 else 1649 { 1650 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1651 NULL, 0, NULL, 0, NULL, 0, 1652 NULL, 0 ) == 0 ); 1653 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1654 NULL, 0, NULL, 0, NULL, 0, 1655 bufEe, input_E->len ) == 0 ); 1656 } 1657 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 ); 1658 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 ); 1659 1660 /* If we were providing enough information to setup a complete private context, 1661 * we expect to be able to export all core parameters. */ 1662 1663 if( is_priv ) 1664 { 1665 if( !successive ) 1666 { 1667 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1668 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1669 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1670 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1671 NULL, 0 ) == 0 ); 1672 } 1673 else 1674 { 1675 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1676 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1677 NULL, 0, NULL, 0, 1678 NULL, 0 ) == 0 ); 1679 1680 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, 1681 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1682 NULL, 0, NULL, 0 ) == 0 ); 1683 1684 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0, 1685 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1686 NULL, 0 ) == 0 ); 1687 } 1688 1689 if( input_P->len ) 1690 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 ); 1691 1692 if( input_Q->len ) 1693 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 ); 1694 1695 if( input_D->len ) 1696 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 ); 1697 1698 } 1699 1700exit: 1701 mbedtls_rsa_free( &ctx ); 1702} 1703/* END_CASE */ 1704 1705/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1706void mbedtls_rsa_import_raw( data_t *input_N, 1707 data_t *input_P, data_t *input_Q, 1708 data_t *input_D, data_t *input_E, 1709 int successive, 1710 int is_priv, 1711 int res_check, 1712 int res_complete ) 1713{ 1714 /* Buffers used for encryption-decryption test */ 1715 unsigned char *buf_orig = NULL; 1716 unsigned char *buf_enc = NULL; 1717 unsigned char *buf_dec = NULL; 1718 1719 mbedtls_rsa_context ctx; 1720 mbedtls_entropy_context entropy; 1721 mbedtls_ctr_drbg_context ctr_drbg; 1722 1723 const char *pers = "test_suite_rsa"; 1724 1725 mbedtls_ctr_drbg_init( &ctr_drbg ); 1726 mbedtls_entropy_init( &entropy ); 1727 mbedtls_rsa_init( &ctx, 0, 0 ); 1728 1729 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1730 &entropy, (const unsigned char *) pers, 1731 strlen( pers ) ) == 0 ); 1732 1733 if( !successive ) 1734 { 1735 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1736 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1737 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1738 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1739 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1740 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1741 } 1742 else 1743 { 1744 /* Import N, P, Q, D, E separately. 1745 * This should make no functional difference. */ 1746 1747 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1748 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1749 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1750 1751 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1752 NULL, 0, 1753 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1754 NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1755 1756 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1757 NULL, 0, NULL, 0, 1758 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1759 NULL, 0, NULL, 0 ) == 0 ); 1760 1761 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1762 NULL, 0, NULL, 0, NULL, 0, 1763 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1764 NULL, 0 ) == 0 ); 1765 1766 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1767 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1768 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1769 } 1770 1771 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1772 1773 /* On expected success, perform some public and private 1774 * key operations to check if the key is working properly. */ 1775 if( res_complete == 0 ) 1776 { 1777 if( is_priv ) 1778 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1779 else 1780 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1781 1782 if( res_check != 0 ) 1783 goto exit; 1784 1785 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1786 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1787 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1788 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1789 goto exit; 1790 1791 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1792 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1793 1794 /* Make sure the number we're generating is smaller than the modulus */ 1795 buf_orig[0] = 0x00; 1796 1797 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1798 1799 if( is_priv ) 1800 { 1801 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1802 &ctr_drbg, buf_enc, 1803 buf_dec ) == 0 ); 1804 1805 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1806 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1807 } 1808 } 1809 1810exit: 1811 1812 mbedtls_free( buf_orig ); 1813 mbedtls_free( buf_enc ); 1814 mbedtls_free( buf_dec ); 1815 1816 mbedtls_rsa_free( &ctx ); 1817 1818 mbedtls_ctr_drbg_free( &ctr_drbg ); 1819 mbedtls_entropy_free( &entropy ); 1820 1821} 1822/* END_CASE */ 1823 1824/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1825void rsa_selftest( ) 1826{ 1827 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); 1828} 1829/* END_CASE */ 1830