1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/rsa_internal.h" 4#include "mbedtls/md2.h" 5#include "mbedtls/md4.h" 6#include "mbedtls/md5.h" 7#include "mbedtls/sha1.h" 8#include "mbedtls/sha256.h" 9#include "mbedtls/sha512.h" 10#include "mbedtls/entropy.h" 11#include "mbedtls/ctr_drbg.h" 12 13/* END_HEADER */ 14 15/* BEGIN_DEPENDENCIES 16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 17 * END_DEPENDENCIES 18 */ 19 20/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 21void rsa_invalid_param( ) 22{ 23 mbedtls_rsa_context ctx; 24 const int valid_padding = MBEDTLS_RSA_PKCS_V21; 25 const int invalid_padding = 42; 26 const int valid_mode = MBEDTLS_RSA_PRIVATE; 27 const int invalid_mode = 42; 28 unsigned char buf[42] = { 0 }; 29 size_t olen; 30 31 TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) ); 32 TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); 33 TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); 34 35 /* No more variants because only the first argument must be non-NULL. */ 36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 37 mbedtls_rsa_import( NULL, NULL, NULL, 38 NULL, NULL, NULL ) ); 39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 40 mbedtls_rsa_import_raw( NULL, 41 NULL, 0, 42 NULL, 0, 43 NULL, 0, 44 NULL, 0, 45 NULL, 0 ) ); 46 47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 48 mbedtls_rsa_complete( NULL ) ); 49 50 /* No more variants because only the first argument must be non-NULL. */ 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 52 mbedtls_rsa_export( NULL, NULL, NULL, 53 NULL, NULL, NULL ) ); 54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 55 mbedtls_rsa_export_raw( NULL, 56 NULL, 0, 57 NULL, 0, 58 NULL, 0, 59 NULL, 0, 60 NULL, 0 ) ); 61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 62 mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) ); 63 64 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL, 65 valid_padding, 0 ) ); 66 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, 67 invalid_padding, 0 ) ); 68 69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 70 mbedtls_rsa_gen_key( NULL, rnd_std_rand, 71 NULL, 0, 0 ) ); 72 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 73 mbedtls_rsa_gen_key( &ctx, NULL, 74 NULL, 0, 0 ) ); 75 76 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 77 mbedtls_rsa_check_pubkey( NULL ) ); 78 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 79 mbedtls_rsa_check_privkey( NULL ) ); 80 81 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 82 mbedtls_rsa_check_pub_priv( NULL, &ctx ) ); 83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 84 mbedtls_rsa_check_pub_priv( &ctx, NULL ) ); 85 86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 87 mbedtls_rsa_public( NULL, buf, buf ) ); 88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 89 mbedtls_rsa_public( &ctx, NULL, buf ) ); 90 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 91 mbedtls_rsa_public( &ctx, buf, NULL ) ); 92 93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 94 mbedtls_rsa_private( NULL, NULL, NULL, 95 buf, buf ) ); 96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 97 mbedtls_rsa_private( &ctx, NULL, NULL, 98 NULL, buf ) ); 99 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 100 mbedtls_rsa_private( &ctx, NULL, NULL, 101 buf, NULL ) ); 102 103 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 104 mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, 105 valid_mode, 106 sizeof( buf ), buf, 107 buf ) ); 108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 109 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 110 invalid_mode, 111 sizeof( buf ), buf, 112 buf ) ); 113 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 114 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 115 valid_mode, 116 sizeof( buf ), NULL, 117 buf ) ); 118 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 119 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, 120 valid_mode, 121 sizeof( buf ), buf, 122 NULL ) ); 123 124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 125 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, 126 NULL, 127 valid_mode, 128 sizeof( buf ), buf, 129 buf ) ); 130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 131 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 132 NULL, 133 invalid_mode, 134 sizeof( buf ), buf, 135 buf ) ); 136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 137 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 138 NULL, 139 valid_mode, 140 sizeof( buf ), NULL, 141 buf ) ); 142 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 143 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, 144 NULL, 145 valid_mode, 146 sizeof( buf ), buf, 147 NULL ) ); 148 149 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 150 mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, 151 valid_mode, 152 buf, sizeof( buf ), 153 sizeof( buf ), buf, 154 buf ) ); 155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 156 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 157 invalid_mode, 158 buf, sizeof( buf ), 159 sizeof( buf ), buf, 160 buf ) ); 161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 162 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 163 valid_mode, 164 NULL, sizeof( buf ), 165 sizeof( buf ), buf, 166 buf ) ); 167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 168 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 169 valid_mode, 170 buf, sizeof( buf ), 171 sizeof( buf ), NULL, 172 buf ) ); 173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 174 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, 175 valid_mode, 176 buf, sizeof( buf ), 177 sizeof( buf ), buf, 178 NULL ) ); 179 180 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 181 mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, 182 valid_mode, &olen, 183 buf, buf, 42 ) ); 184 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 185 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 186 invalid_mode, &olen, 187 buf, buf, 42 ) ); 188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 189 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 190 valid_mode, NULL, 191 buf, buf, 42 ) ); 192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 193 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 194 valid_mode, &olen, 195 NULL, buf, 42 ) ); 196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 197 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, 198 valid_mode, &olen, 199 buf, NULL, 42 ) ); 200 201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 202 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, 203 NULL, 204 valid_mode, &olen, 205 buf, buf, 42 ) ); 206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 207 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 208 NULL, 209 invalid_mode, &olen, 210 buf, buf, 42 ) ); 211 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 212 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 213 NULL, 214 valid_mode, NULL, 215 buf, buf, 42 ) ); 216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 217 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 218 NULL, 219 valid_mode, &olen, 220 NULL, buf, 42 ) ); 221 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 222 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, 223 NULL, 224 valid_mode, &olen, 225 buf, NULL, 42 ) ); 226 227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 228 mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, 229 valid_mode, 230 buf, sizeof( buf ), 231 &olen, 232 buf, buf, 42 ) ); 233 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 234 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 235 invalid_mode, 236 buf, sizeof( buf ), 237 &olen, 238 buf, buf, 42 ) ); 239 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 240 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 241 valid_mode, 242 NULL, sizeof( buf ), 243 NULL, 244 buf, buf, 42 ) ); 245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 246 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 247 valid_mode, 248 buf, sizeof( buf ), 249 &olen, 250 NULL, buf, 42 ) ); 251 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 252 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, 253 valid_mode, 254 buf, sizeof( buf ), 255 &olen, 256 buf, NULL, 42 ) ); 257 258 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 259 mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, 260 valid_mode, 261 0, sizeof( buf ), buf, 262 buf ) ); 263 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 264 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 265 invalid_mode, 266 0, sizeof( buf ), buf, 267 buf ) ); 268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 269 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 270 valid_mode, 271 0, sizeof( buf ), NULL, 272 buf ) ); 273 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 274 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 275 valid_mode, 276 0, sizeof( buf ), buf, 277 NULL ) ); 278 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 279 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, 280 valid_mode, 281 MBEDTLS_MD_SHA1, 282 0, NULL, 283 buf ) ); 284 285 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 286 mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, 287 valid_mode, 288 0, sizeof( buf ), buf, 289 buf ) ); 290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 291 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 292 invalid_mode, 293 0, sizeof( buf ), buf, 294 buf ) ); 295 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 296 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 297 valid_mode, 298 0, sizeof( buf ), NULL, 299 buf ) ); 300 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 301 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 302 valid_mode, 303 0, sizeof( buf ), buf, 304 NULL ) ); 305 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 306 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, 307 valid_mode, 308 MBEDTLS_MD_SHA1, 309 0, NULL, 310 buf ) ); 311 312 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 313 mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, 314 valid_mode, 315 0, sizeof( buf ), buf, 316 buf ) ); 317 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 318 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 319 invalid_mode, 320 0, sizeof( buf ), buf, 321 buf ) ); 322 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 323 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 324 valid_mode, 325 0, sizeof( buf ), NULL, 326 buf ) ); 327 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 328 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 329 valid_mode, 330 0, sizeof( buf ), buf, 331 NULL ) ); 332 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 333 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, 334 valid_mode, 335 MBEDTLS_MD_SHA1, 336 0, NULL, 337 buf ) ); 338 339 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 340 mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, 341 valid_mode, 342 0, sizeof( buf ), buf, 343 buf ) ); 344 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 345 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 346 invalid_mode, 347 0, sizeof( buf ), buf, 348 buf ) ); 349 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 350 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 351 valid_mode, 352 0, sizeof( buf ), NULL, 353 buf ) ); 354 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 355 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 356 valid_mode, 357 0, sizeof( buf ), buf, 358 NULL ) ); 359 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 360 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, 361 valid_mode, 362 MBEDTLS_MD_SHA1, 0, NULL, 363 buf ) ); 364 365 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 366 mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, 367 NULL, 368 valid_mode, 369 0, sizeof( buf ), buf, 370 buf ) ); 371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 372 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 373 NULL, 374 invalid_mode, 375 0, sizeof( buf ), buf, 376 buf ) ); 377 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 378 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 379 NULL, 380 valid_mode, 381 0, sizeof( buf ), 382 NULL, buf ) ); 383 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 384 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 385 NULL, 386 valid_mode, 387 0, sizeof( buf ), buf, 388 NULL ) ); 389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 390 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, 391 NULL, 392 valid_mode, 393 MBEDTLS_MD_SHA1, 394 0, NULL, 395 buf ) ); 396 397 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 398 mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, 399 valid_mode, 400 0, sizeof( buf ), 401 buf, buf ) ); 402 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 403 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 404 invalid_mode, 405 0, sizeof( buf ), 406 buf, buf ) ); 407 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 408 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 409 valid_mode, 410 0, sizeof( buf ), 411 NULL, buf ) ); 412 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 413 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 414 valid_mode, 415 0, sizeof( buf ), 416 buf, NULL ) ); 417 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 418 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, 419 valid_mode, 420 MBEDTLS_MD_SHA1, 421 0, NULL, 422 buf ) ); 423 424 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 425 mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, 426 valid_mode, 427 0, sizeof( buf ), 428 buf, 429 0, 0, 430 buf ) ); 431 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 432 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 433 invalid_mode, 434 0, sizeof( buf ), 435 buf, 436 0, 0, 437 buf ) ); 438 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 439 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 440 valid_mode, 441 0, sizeof( buf ), 442 NULL, 0, 0, 443 buf ) ); 444 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 445 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 446 valid_mode, 447 0, sizeof( buf ), 448 buf, 0, 0, 449 NULL ) ); 450 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 451 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, 452 valid_mode, 453 MBEDTLS_MD_SHA1, 454 0, NULL, 455 0, 0, 456 buf ) ); 457 458 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 459 mbedtls_rsa_copy( NULL, &ctx ) ); 460 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 461 mbedtls_rsa_copy( &ctx, NULL ) ); 462 463exit: 464 return; 465} 466/* END_CASE */ 467 468/* BEGIN_CASE */ 469void rsa_init_free( int reinit ) 470{ 471 mbedtls_rsa_context ctx; 472 473 /* Double free is not explicitly documented to work, but we rely on it 474 * even inside the library so that you can call mbedtls_rsa_free() 475 * unconditionally on an error path without checking whether it has 476 * already been called in the success path. */ 477 478 mbedtls_rsa_init( &ctx, 0, 0 ); 479 mbedtls_rsa_free( &ctx ); 480 481 if( reinit ) 482 mbedtls_rsa_init( &ctx, 0, 0 ); 483 mbedtls_rsa_free( &ctx ); 484 485 /* This test case always succeeds, functionally speaking. A plausible 486 * bug might trigger an invalid pointer dereference or a memory leak. */ 487 goto exit; 488} 489/* END_CASE */ 490 491/* BEGIN_CASE */ 492void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, 493 int digest, int mod, int radix_P, char * input_P, 494 int radix_Q, char * input_Q, int radix_N, 495 char * input_N, int radix_E, char * input_E, 496 data_t * result_str, int result ) 497{ 498 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 499 unsigned char output[256]; 500 mbedtls_rsa_context ctx; 501 mbedtls_mpi N, P, Q, E; 502 rnd_pseudo_info rnd_info; 503 504 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 505 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 506 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 507 508 memset( hash_result, 0x00, sizeof( hash_result ) ); 509 memset( output, 0x00, sizeof( output ) ); 510 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 511 512 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 513 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 514 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 515 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 516 517 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 518 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 519 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 520 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 521 522 523 if( mbedtls_md_info_from_type( digest ) != NULL ) 524 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 525 526 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, 527 MBEDTLS_RSA_PRIVATE, digest, 0, 528 hash_result, output ) == result ); 529 if( result == 0 ) 530 { 531 532 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 533 ctx.len, result_str->len ) == 0 ); 534 } 535 536exit: 537 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 538 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 539 mbedtls_rsa_free( &ctx ); 540} 541/* END_CASE */ 542 543/* BEGIN_CASE */ 544void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, 545 int digest, int mod, int radix_N, 546 char * input_N, int radix_E, char * input_E, 547 data_t * result_str, int result ) 548{ 549 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 550 mbedtls_rsa_context ctx; 551 552 mbedtls_mpi N, E; 553 554 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 555 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 556 memset( hash_result, 0x00, sizeof( hash_result ) ); 557 558 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 559 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 560 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 561 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 562 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 563 564 565 if( mbedtls_md_info_from_type( digest ) != NULL ) 566 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); 567 568 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); 569 570exit: 571 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 572 mbedtls_rsa_free( &ctx ); 573} 574/* END_CASE */ 575 576 577/* BEGIN_CASE */ 578void rsa_pkcs1_sign_raw( data_t * hash_result, 579 int padding_mode, int mod, int radix_P, 580 char * input_P, int radix_Q, char * input_Q, 581 int radix_N, char * input_N, int radix_E, 582 char * input_E, data_t * result_str ) 583{ 584 unsigned char output[256]; 585 mbedtls_rsa_context ctx; 586 mbedtls_mpi N, P, Q, E; 587 rnd_pseudo_info rnd_info; 588 589 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 590 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 591 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 592 593 memset( output, 0x00, sizeof( output ) ); 594 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 595 596 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 597 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 598 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 599 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 600 601 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 602 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 603 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 604 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 605 606 607 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, 608 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, 609 hash_result->len, hash_result->x, 610 output ) == 0 ); 611 612 613 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 614 ctx.len, result_str->len ) == 0 ); 615 616#if defined(MBEDTLS_PKCS1_V15) 617 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ 618 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 619 { 620 int res; 621 memset( output, 0x00, sizeof( output) ); 622 623 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, 624 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, 625 hash_result->len, hash_result->x, output ); 626 627#if !defined(MBEDTLS_RSA_ALT) 628 TEST_ASSERT( res == 0 ); 629#else 630 TEST_ASSERT( ( res == 0 ) || 631 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 632#endif 633 634 if( res == 0 ) 635 { 636 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 637 ctx.len, 638 result_str->len ) == 0 ); 639 } 640 } 641#endif /* MBEDTLS_PKCS1_V15 */ 642 643exit: 644 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 645 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 646 647 mbedtls_rsa_free( &ctx ); 648} 649/* END_CASE */ 650 651/* BEGIN_CASE */ 652void rsa_pkcs1_verify_raw( data_t * hash_result, 653 int padding_mode, int mod, int radix_N, 654 char * input_N, int radix_E, char * input_E, 655 data_t * result_str, int correct ) 656{ 657 unsigned char output[256]; 658 mbedtls_rsa_context ctx; 659 660 mbedtls_mpi N, E; 661 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 662 663 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 664 memset( output, 0x00, sizeof( output ) ); 665 666 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 667 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 668 669 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 670 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 671 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 672 673 674 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); 675 676#if defined(MBEDTLS_PKCS1_V15) 677 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ 678 if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) 679 { 680 int res; 681 int ok; 682 size_t olen; 683 684 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, 685 NULL, NULL, MBEDTLS_RSA_PUBLIC, 686 &olen, result_str->x, output, sizeof( output ) ); 687 688#if !defined(MBEDTLS_RSA_ALT) 689 TEST_ASSERT( res == 0 ); 690#else 691 TEST_ASSERT( ( res == 0 ) || 692 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); 693#endif 694 695 if( res == 0 ) 696 { 697 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0; 698 if( correct == 0 ) 699 TEST_ASSERT( ok == 1 ); 700 else 701 TEST_ASSERT( ok == 0 ); 702 } 703 } 704#endif /* MBEDTLS_PKCS1_V15 */ 705 706exit: 707 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 708 mbedtls_rsa_free( &ctx ); 709} 710/* END_CASE */ 711 712/* BEGIN_CASE */ 713void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, 714 int mod, int radix_N, char * input_N, 715 int radix_E, char * input_E, 716 data_t * result_str, int result ) 717{ 718 unsigned char output[256]; 719 mbedtls_rsa_context ctx; 720 rnd_pseudo_info rnd_info; 721 722 mbedtls_mpi N, E; 723 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 724 725 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 726 727 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 728 memset( output, 0x00, sizeof( output ) ); 729 730 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 731 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 732 733 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 734 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 735 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 736 737 738 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, 739 MBEDTLS_RSA_PUBLIC, message_str->len, 740 message_str->x, output ) == result ); 741 if( result == 0 ) 742 { 743 744 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 745 ctx.len, result_str->len ) == 0 ); 746 } 747 748exit: 749 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 750 mbedtls_rsa_free( &ctx ); 751} 752/* END_CASE */ 753 754/* BEGIN_CASE */ 755void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, 756 int mod, int radix_N, char * input_N, 757 int radix_E, char * input_E, 758 data_t * result_str, int result ) 759{ 760 unsigned char output[256]; 761 mbedtls_rsa_context ctx; 762 763 mbedtls_mpi N, E; 764 765 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 766 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 767 memset( output, 0x00, sizeof( output ) ); 768 769 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 770 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 771 772 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 773 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 774 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 775 776 777 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, 778 MBEDTLS_RSA_PUBLIC, message_str->len, 779 message_str->x, output ) == result ); 780 if( result == 0 ) 781 { 782 783 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 784 ctx.len, result_str->len ) == 0 ); 785 } 786 787exit: 788 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 789 mbedtls_rsa_free( &ctx ); 790} 791/* END_CASE */ 792 793/* BEGIN_CASE */ 794void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, 795 int mod, int radix_P, char * input_P, 796 int radix_Q, char * input_Q, int radix_N, 797 char * input_N, int radix_E, char * input_E, 798 int max_output, data_t * result_str, 799 int result ) 800{ 801 unsigned char output[32]; 802 mbedtls_rsa_context ctx; 803 size_t output_len; 804 rnd_pseudo_info rnd_info; 805 mbedtls_mpi N, P, Q, E; 806 807 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 808 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 809 810 mbedtls_rsa_init( &ctx, padding_mode, 0 ); 811 812 memset( output, 0x00, sizeof( output ) ); 813 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 814 815 816 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 817 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 818 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 819 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 820 821 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 822 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 823 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 824 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 825 826 output_len = 0; 827 828 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); 829 if( result == 0 ) 830 { 831 832 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 833 output_len, 834 result_str->len ) == 0 ); 835 } 836 837exit: 838 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 839 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 840 mbedtls_rsa_free( &ctx ); 841} 842/* END_CASE */ 843 844/* BEGIN_CASE */ 845void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, 846 char * input_N, int radix_E, char * input_E, 847 data_t * result_str, int result ) 848{ 849 unsigned char output[256]; 850 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 851 852 mbedtls_mpi N, E; 853 854 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 855 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 856 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 857 memset( output, 0x00, sizeof( output ) ); 858 859 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 860 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 861 862 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 863 864 /* Check test data consistency */ 865 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); 866 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 867 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); 868 869 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result ); 870 if( result == 0 ) 871 { 872 873 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 874 ctx.len, result_str->len ) == 0 ); 875 } 876 877 /* And now with the copy */ 878 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 879 /* clear the original to be sure */ 880 mbedtls_rsa_free( &ctx ); 881 882 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 ); 883 884 memset( output, 0x00, sizeof( output ) ); 885 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result ); 886 if( result == 0 ) 887 { 888 889 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 890 ctx.len, result_str->len ) == 0 ); 891 } 892 893exit: 894 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 895 mbedtls_rsa_free( &ctx ); 896 mbedtls_rsa_free( &ctx2 ); 897} 898/* END_CASE */ 899 900/* BEGIN_CASE */ 901void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, 902 char * input_P, int radix_Q, char * input_Q, 903 int radix_N, char * input_N, int radix_E, 904 char * input_E, data_t * result_str, 905 int result ) 906{ 907 unsigned char output[256]; 908 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 909 mbedtls_mpi N, P, Q, E; 910 rnd_pseudo_info rnd_info; 911 int i; 912 913 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); 914 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); 915 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 916 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); 917 918 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); 919 920 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 921 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 922 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 923 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 924 925 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); 926 927 /* Check test data consistency */ 928 TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); 929 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); 930 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 931 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 932 933 /* repeat three times to test updating of blinding values */ 934 for( i = 0; i < 3; i++ ) 935 { 936 memset( output, 0x00, sizeof( output ) ); 937 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, 938 message_str->x, output ) == result ); 939 if( result == 0 ) 940 { 941 942 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 943 ctx.len, 944 result_str->len ) == 0 ); 945 } 946 } 947 948 /* And now one more time with the copy */ 949 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 ); 950 /* clear the original to be sure */ 951 mbedtls_rsa_free( &ctx ); 952 953 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); 954 955 memset( output, 0x00, sizeof( output ) ); 956 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info, 957 message_str->x, output ) == result ); 958 if( result == 0 ) 959 { 960 961 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, 962 ctx2.len, 963 result_str->len ) == 0 ); 964 } 965 966exit: 967 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); 968 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); 969 970 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); 971} 972/* END_CASE */ 973 974/* BEGIN_CASE */ 975void rsa_check_privkey_null( ) 976{ 977 mbedtls_rsa_context ctx; 978 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) ); 979 980 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 981} 982/* END_CASE */ 983 984/* BEGIN_CASE */ 985void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E, 986 char * input_E, int result ) 987{ 988 mbedtls_rsa_context ctx; 989 mbedtls_mpi N, E; 990 991 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); 992 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 993 994 if( strlen( input_N ) ) 995 { 996 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 997 } 998 if( strlen( input_E ) ) 999 { 1000 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1001 } 1002 1003 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); 1004 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); 1005 1006exit: 1007 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); 1008 mbedtls_rsa_free( &ctx ); 1009} 1010/* END_CASE */ 1011 1012/* BEGIN_CASE */ 1013void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P, 1014 int radix_Q, char * input_Q, int radix_N, 1015 char * input_N, int radix_E, char * input_E, 1016 int radix_D, char * input_D, int radix_DP, 1017 char * input_DP, int radix_DQ, 1018 char * input_DQ, int radix_QP, 1019 char * input_QP, int result ) 1020{ 1021 mbedtls_rsa_context ctx; 1022 1023 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); 1024 1025 ctx.len = mod / 8; 1026 if( strlen( input_P ) ) 1027 { 1028 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, radix_P, input_P ) == 0 ); 1029 } 1030 if( strlen( input_Q ) ) 1031 { 1032 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, radix_Q, input_Q ) == 0 ); 1033 } 1034 if( strlen( input_N ) ) 1035 { 1036 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, radix_N, input_N ) == 0 ); 1037 } 1038 if( strlen( input_E ) ) 1039 { 1040 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, radix_E, input_E ) == 0 ); 1041 } 1042 if( strlen( input_D ) ) 1043 { 1044 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, radix_D, input_D ) == 0 ); 1045 } 1046#if !defined(MBEDTLS_RSA_NO_CRT) 1047 if( strlen( input_DP ) ) 1048 { 1049 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, radix_DP, input_DP ) == 0 ); 1050 } 1051 if( strlen( input_DQ ) ) 1052 { 1053 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, radix_DQ, input_DQ ) == 0 ); 1054 } 1055 if( strlen( input_QP ) ) 1056 { 1057 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, radix_QP, input_QP ) == 0 ); 1058 } 1059#else 1060 ((void) radix_DP); ((void) input_DP); 1061 ((void) radix_DQ); ((void) input_DQ); 1062 ((void) radix_QP); ((void) input_QP); 1063#endif 1064 1065 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); 1066 1067exit: 1068 mbedtls_rsa_free( &ctx ); 1069} 1070/* END_CASE */ 1071 1072/* BEGIN_CASE */ 1073void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub, 1074 int radix_Epub, char * input_Epub, int radix_P, 1075 char * input_P, int radix_Q, char * input_Q, 1076 int radix_N, char * input_N, int radix_E, 1077 char * input_E, int radix_D, char * input_D, 1078 int radix_DP, char * input_DP, int radix_DQ, 1079 char * input_DQ, int radix_QP, char * input_QP, 1080 int result ) 1081{ 1082 mbedtls_rsa_context pub, prv; 1083 1084 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 ); 1085 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 ); 1086 1087 pub.len = mod / 8; 1088 prv.len = mod / 8; 1089 1090 if( strlen( input_Npub ) ) 1091 { 1092 TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, radix_Npub, input_Npub ) == 0 ); 1093 } 1094 if( strlen( input_Epub ) ) 1095 { 1096 TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, radix_Epub, input_Epub ) == 0 ); 1097 } 1098 1099 if( strlen( input_P ) ) 1100 { 1101 TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, radix_P, input_P ) == 0 ); 1102 } 1103 if( strlen( input_Q ) ) 1104 { 1105 TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, radix_Q, input_Q ) == 0 ); 1106 } 1107 if( strlen( input_N ) ) 1108 { 1109 TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, radix_N, input_N ) == 0 ); 1110 } 1111 if( strlen( input_E ) ) 1112 { 1113 TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, radix_E, input_E ) == 0 ); 1114 } 1115 if( strlen( input_D ) ) 1116 { 1117 TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, radix_D, input_D ) == 0 ); 1118 } 1119#if !defined(MBEDTLS_RSA_NO_CRT) 1120 if( strlen( input_DP ) ) 1121 { 1122 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, radix_DP, input_DP ) == 0 ); 1123 } 1124 if( strlen( input_DQ ) ) 1125 { 1126 TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, radix_DQ, input_DQ ) == 0 ); 1127 } 1128 if( strlen( input_QP ) ) 1129 { 1130 TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, radix_QP, input_QP ) == 0 ); 1131 } 1132#else 1133 ((void) radix_DP); ((void) input_DP); 1134 ((void) radix_DQ); ((void) input_DQ); 1135 ((void) radix_QP); ((void) input_QP); 1136#endif 1137 1138 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); 1139 1140exit: 1141 mbedtls_rsa_free( &pub ); 1142 mbedtls_rsa_free( &prv ); 1143} 1144/* END_CASE */ 1145 1146/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1147void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) 1148{ 1149 mbedtls_rsa_context ctx; 1150 mbedtls_entropy_context entropy; 1151 mbedtls_ctr_drbg_context ctr_drbg; 1152 const char *pers = "test_suite_rsa"; 1153 1154 mbedtls_ctr_drbg_init( &ctr_drbg ); 1155 mbedtls_entropy_init( &entropy ); 1156 mbedtls_rsa_init ( &ctx, 0, 0 ); 1157 1158 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1159 &entropy, (const unsigned char *) pers, 1160 strlen( pers ) ) == 0 ); 1161 1162 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); 1163 if( result == 0 ) 1164 { 1165 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); 1166 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); 1167 } 1168 1169exit: 1170 mbedtls_rsa_free( &ctx ); 1171 mbedtls_ctr_drbg_free( &ctr_drbg ); 1172 mbedtls_entropy_free( &entropy ); 1173} 1174/* END_CASE */ 1175 1176/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1177void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, 1178 int radix_D, char *input_D, 1179 int radix_E, char *input_E, 1180 int radix_P, char *output_P, 1181 int radix_Q, char *output_Q, 1182 int corrupt, int result ) 1183{ 1184 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 1185 1186 mbedtls_mpi_init( &N ); 1187 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1188 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); 1189 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1190 1191 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1192 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); 1193 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1194 TEST_ASSERT( mbedtls_test_read_mpi( &Qp, radix_P, output_P ) == 0 ); 1195 TEST_ASSERT( mbedtls_test_read_mpi( &Pp, radix_Q, output_Q ) == 0 ); 1196 1197 if( corrupt ) 1198 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); 1199 1200 /* Try to deduce P, Q from N, D, E only. */ 1201 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); 1202 1203 if( !corrupt ) 1204 { 1205 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 1206 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || 1207 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); 1208 } 1209 1210exit: 1211 mbedtls_mpi_free( &N ); 1212 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1213 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); 1214 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1215} 1216/* END_CASE */ 1217 1218/* BEGIN_CASE */ 1219void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, 1220 int radix_Q, char *input_Q, 1221 int radix_E, char *input_E, 1222 int radix_D, char *output_D, 1223 int corrupt, int result ) 1224{ 1225 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 1226 1227 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1228 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); 1229 mbedtls_mpi_init( &E ); 1230 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); 1231 1232 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 1233 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 1234 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1235 TEST_ASSERT( mbedtls_test_read_mpi( &Dp, radix_D, output_D ) == 0 ); 1236 1237 if( corrupt ) 1238 { 1239 /* Make E even */ 1240 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); 1241 } 1242 1243 /* Try to deduce D from N, P, Q, E. */ 1244 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, 1245 &E, &D ) == result ); 1246 1247 if( !corrupt ) 1248 { 1249 /* 1250 * Check that D and Dp agree modulo LCM(P-1, Q-1). 1251 */ 1252 1253 /* Replace P,Q by P-1, Q-1 */ 1254 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); 1255 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); 1256 1257 /* Check D == Dp modulo P-1 */ 1258 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); 1259 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); 1260 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1261 1262 /* Check D == Dp modulo Q-1 */ 1263 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); 1264 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); 1265 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); 1266 } 1267 1268exit: 1269 1270 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1271 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); 1272 mbedtls_mpi_free( &E ); 1273 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); 1274} 1275/* END_CASE */ 1276 1277/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1278void mbedtls_rsa_import( int radix_N, char *input_N, 1279 int radix_P, char *input_P, 1280 int radix_Q, char *input_Q, 1281 int radix_D, char *input_D, 1282 int radix_E, char *input_E, 1283 int successive, 1284 int is_priv, 1285 int res_check, 1286 int res_complete ) 1287{ 1288 mbedtls_mpi N, P, Q, D, E; 1289 mbedtls_rsa_context ctx; 1290 1291 /* Buffers used for encryption-decryption test */ 1292 unsigned char *buf_orig = NULL; 1293 unsigned char *buf_enc = NULL; 1294 unsigned char *buf_dec = NULL; 1295 1296 mbedtls_entropy_context entropy; 1297 mbedtls_ctr_drbg_context ctr_drbg; 1298 const char *pers = "test_suite_rsa"; 1299 1300 const int have_N = ( strlen( input_N ) > 0 ); 1301 const int have_P = ( strlen( input_P ) > 0 ); 1302 const int have_Q = ( strlen( input_Q ) > 0 ); 1303 const int have_D = ( strlen( input_D ) > 0 ); 1304 const int have_E = ( strlen( input_E ) > 0 ); 1305 1306 mbedtls_ctr_drbg_init( &ctr_drbg ); 1307 mbedtls_entropy_init( &entropy ); 1308 mbedtls_rsa_init( &ctx, 0, 0 ); 1309 1310 mbedtls_mpi_init( &N ); 1311 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1312 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1313 1314 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, 1315 (const unsigned char *) pers, strlen( pers ) ) == 0 ); 1316 1317 if( have_N ) 1318 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1319 1320 if( have_P ) 1321 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 1322 1323 if( have_Q ) 1324 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 1325 1326 if( have_D ) 1327 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); 1328 1329 if( have_E ) 1330 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1331 1332 if( !successive ) 1333 { 1334 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1335 have_N ? &N : NULL, 1336 have_P ? &P : NULL, 1337 have_Q ? &Q : NULL, 1338 have_D ? &D : NULL, 1339 have_E ? &E : NULL ) == 0 ); 1340 } 1341 else 1342 { 1343 /* Import N, P, Q, D, E separately. 1344 * This should make no functional difference. */ 1345 1346 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1347 have_N ? &N : NULL, 1348 NULL, NULL, NULL, NULL ) == 0 ); 1349 1350 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1351 NULL, 1352 have_P ? &P : NULL, 1353 NULL, NULL, NULL ) == 0 ); 1354 1355 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1356 NULL, NULL, 1357 have_Q ? &Q : NULL, 1358 NULL, NULL ) == 0 ); 1359 1360 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1361 NULL, NULL, NULL, 1362 have_D ? &D : NULL, 1363 NULL ) == 0 ); 1364 1365 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1366 NULL, NULL, NULL, NULL, 1367 have_E ? &E : NULL ) == 0 ); 1368 } 1369 1370 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1371 1372 /* On expected success, perform some public and private 1373 * key operations to check if the key is working properly. */ 1374 if( res_complete == 0 ) 1375 { 1376 if( is_priv ) 1377 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1378 else 1379 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1380 1381 if( res_check != 0 ) 1382 goto exit; 1383 1384 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1385 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1386 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1387 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1388 goto exit; 1389 1390 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1391 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1392 1393 /* Make sure the number we're generating is smaller than the modulus */ 1394 buf_orig[0] = 0x00; 1395 1396 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1397 1398 if( is_priv ) 1399 { 1400 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1401 &ctr_drbg, buf_enc, 1402 buf_dec ) == 0 ); 1403 1404 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1405 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1406 } 1407 } 1408 1409exit: 1410 1411 mbedtls_free( buf_orig ); 1412 mbedtls_free( buf_enc ); 1413 mbedtls_free( buf_dec ); 1414 1415 mbedtls_rsa_free( &ctx ); 1416 1417 mbedtls_ctr_drbg_free( &ctr_drbg ); 1418 mbedtls_entropy_free( &entropy ); 1419 1420 mbedtls_mpi_free( &N ); 1421 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1422 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1423} 1424/* END_CASE */ 1425 1426/* BEGIN_CASE */ 1427void mbedtls_rsa_export( int radix_N, char *input_N, 1428 int radix_P, char *input_P, 1429 int radix_Q, char *input_Q, 1430 int radix_D, char *input_D, 1431 int radix_E, char *input_E, 1432 int is_priv, 1433 int successive ) 1434{ 1435 /* Original MPI's with which we set up the RSA context */ 1436 mbedtls_mpi N, P, Q, D, E; 1437 1438 /* Exported MPI's */ 1439 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1440 1441 const int have_N = ( strlen( input_N ) > 0 ); 1442 const int have_P = ( strlen( input_P ) > 0 ); 1443 const int have_Q = ( strlen( input_Q ) > 0 ); 1444 const int have_D = ( strlen( input_D ) > 0 ); 1445 const int have_E = ( strlen( input_E ) > 0 ); 1446 1447 mbedtls_rsa_context ctx; 1448 1449 mbedtls_rsa_init( &ctx, 0, 0 ); 1450 1451 mbedtls_mpi_init( &N ); 1452 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1453 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1454 1455 mbedtls_mpi_init( &Ne ); 1456 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); 1457 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); 1458 1459 /* Setup RSA context */ 1460 1461 if( have_N ) 1462 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1463 1464 if( have_P ) 1465 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 1466 1467 if( have_Q ) 1468 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 1469 1470 if( have_D ) 1471 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); 1472 1473 if( have_E ) 1474 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1475 1476 TEST_ASSERT( mbedtls_rsa_import( &ctx, 1477 strlen( input_N ) ? &N : NULL, 1478 strlen( input_P ) ? &P : NULL, 1479 strlen( input_Q ) ? &Q : NULL, 1480 strlen( input_D ) ? &D : NULL, 1481 strlen( input_E ) ? &E : NULL ) == 0 ); 1482 1483 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1484 1485 /* 1486 * Export parameters and compare to original ones. 1487 */ 1488 1489 /* N and E must always be present. */ 1490 if( !successive ) 1491 { 1492 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); 1493 } 1494 else 1495 { 1496 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); 1497 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); 1498 } 1499 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); 1500 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); 1501 1502 /* If we were providing enough information to setup a complete private context, 1503 * we expect to be able to export all core parameters. */ 1504 1505 if( is_priv ) 1506 { 1507 if( !successive ) 1508 { 1509 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, 1510 &De, NULL ) == 0 ); 1511 } 1512 else 1513 { 1514 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, 1515 NULL, NULL ) == 0 ); 1516 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, 1517 NULL, NULL ) == 0 ); 1518 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, 1519 &De, NULL ) == 0 ); 1520 } 1521 1522 if( have_P ) 1523 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); 1524 1525 if( have_Q ) 1526 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); 1527 1528 if( have_D ) 1529 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); 1530 1531 /* While at it, perform a sanity check */ 1532 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee, 1533 NULL, NULL ) == 0 ); 1534 } 1535 1536exit: 1537 1538 mbedtls_rsa_free( &ctx ); 1539 1540 mbedtls_mpi_free( &N ); 1541 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1542 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1543 1544 mbedtls_mpi_free( &Ne ); 1545 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); 1546 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); 1547} 1548/* END_CASE */ 1549 1550/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ 1551void mbedtls_rsa_validate_params( int radix_N, char *input_N, 1552 int radix_P, char *input_P, 1553 int radix_Q, char *input_Q, 1554 int radix_D, char *input_D, 1555 int radix_E, char *input_E, 1556 int prng, int result ) 1557{ 1558 /* Original MPI's with which we set up the RSA context */ 1559 mbedtls_mpi N, P, Q, D, E; 1560 1561 const int have_N = ( strlen( input_N ) > 0 ); 1562 const int have_P = ( strlen( input_P ) > 0 ); 1563 const int have_Q = ( strlen( input_Q ) > 0 ); 1564 const int have_D = ( strlen( input_D ) > 0 ); 1565 const int have_E = ( strlen( input_E ) > 0 ); 1566 1567 mbedtls_entropy_context entropy; 1568 mbedtls_ctr_drbg_context ctr_drbg; 1569 const char *pers = "test_suite_rsa"; 1570 1571 mbedtls_mpi_init( &N ); 1572 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); 1573 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); 1574 1575 mbedtls_ctr_drbg_init( &ctr_drbg ); 1576 mbedtls_entropy_init( &entropy ); 1577 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1578 &entropy, (const unsigned char *) pers, 1579 strlen( pers ) ) == 0 ); 1580 1581 if( have_N ) 1582 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1583 1584 if( have_P ) 1585 TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); 1586 1587 if( have_Q ) 1588 TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); 1589 1590 if( have_D ) 1591 TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); 1592 1593 if( have_E ) 1594 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1595 1596 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, 1597 have_P ? &P : NULL, 1598 have_Q ? &Q : NULL, 1599 have_D ? &D : NULL, 1600 have_E ? &E : NULL, 1601 prng ? mbedtls_ctr_drbg_random : NULL, 1602 prng ? &ctr_drbg : NULL ) == result ); 1603exit: 1604 1605 mbedtls_ctr_drbg_free( &ctr_drbg ); 1606 mbedtls_entropy_free( &entropy ); 1607 1608 mbedtls_mpi_free( &N ); 1609 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); 1610 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); 1611} 1612/* END_CASE */ 1613 1614/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1615void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P, 1616 data_t *input_Q, data_t *input_D, 1617 data_t *input_E, int is_priv, 1618 int successive ) 1619{ 1620 /* Exported buffers */ 1621 unsigned char bufNe[256]; 1622 unsigned char bufPe[128]; 1623 unsigned char bufQe[128]; 1624 unsigned char bufDe[256]; 1625 unsigned char bufEe[1]; 1626 1627 mbedtls_rsa_context ctx; 1628 1629 mbedtls_rsa_init( &ctx, 0, 0 ); 1630 1631 /* Setup RSA context */ 1632 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1633 input_N->len ? input_N->x : NULL, input_N->len, 1634 input_P->len ? input_P->x : NULL, input_P->len, 1635 input_Q->len ? input_Q->x : NULL, input_Q->len, 1636 input_D->len ? input_D->x : NULL, input_D->len, 1637 input_E->len ? input_E->x : NULL, input_E->len ) == 0 ); 1638 1639 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); 1640 1641 /* 1642 * Export parameters and compare to original ones. 1643 */ 1644 1645 /* N and E must always be present. */ 1646 if( !successive ) 1647 { 1648 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1649 NULL, 0, NULL, 0, NULL, 0, 1650 bufEe, input_E->len ) == 0 ); 1651 } 1652 else 1653 { 1654 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len, 1655 NULL, 0, NULL, 0, NULL, 0, 1656 NULL, 0 ) == 0 ); 1657 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1658 NULL, 0, NULL, 0, NULL, 0, 1659 bufEe, input_E->len ) == 0 ); 1660 } 1661 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 ); 1662 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 ); 1663 1664 /* If we were providing enough information to setup a complete private context, 1665 * we expect to be able to export all core parameters. */ 1666 1667 if( is_priv ) 1668 { 1669 if( !successive ) 1670 { 1671 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1672 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1673 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1674 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1675 NULL, 0 ) == 0 ); 1676 } 1677 else 1678 { 1679 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, 1680 bufPe, input_P->len ? input_P->len : sizeof( bufPe ), 1681 NULL, 0, NULL, 0, 1682 NULL, 0 ) == 0 ); 1683 1684 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, 1685 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ), 1686 NULL, 0, NULL, 0 ) == 0 ); 1687 1688 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0, 1689 bufDe, input_D->len ? input_D->len : sizeof( bufDe ), 1690 NULL, 0 ) == 0 ); 1691 } 1692 1693 if( input_P->len ) 1694 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 ); 1695 1696 if( input_Q->len ) 1697 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 ); 1698 1699 if( input_D->len ) 1700 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 ); 1701 1702 } 1703 1704exit: 1705 mbedtls_rsa_free( &ctx ); 1706} 1707/* END_CASE */ 1708 1709/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1710void mbedtls_rsa_import_raw( data_t *input_N, 1711 data_t *input_P, data_t *input_Q, 1712 data_t *input_D, data_t *input_E, 1713 int successive, 1714 int is_priv, 1715 int res_check, 1716 int res_complete ) 1717{ 1718 /* Buffers used for encryption-decryption test */ 1719 unsigned char *buf_orig = NULL; 1720 unsigned char *buf_enc = NULL; 1721 unsigned char *buf_dec = NULL; 1722 1723 mbedtls_rsa_context ctx; 1724 mbedtls_entropy_context entropy; 1725 mbedtls_ctr_drbg_context ctr_drbg; 1726 1727 const char *pers = "test_suite_rsa"; 1728 1729 mbedtls_ctr_drbg_init( &ctr_drbg ); 1730 mbedtls_entropy_init( &entropy ); 1731 mbedtls_rsa_init( &ctx, 0, 0 ); 1732 1733 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, 1734 &entropy, (const unsigned char *) pers, 1735 strlen( pers ) ) == 0 ); 1736 1737 if( !successive ) 1738 { 1739 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1740 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1741 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1742 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1743 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1744 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1745 } 1746 else 1747 { 1748 /* Import N, P, Q, D, E separately. 1749 * This should make no functional difference. */ 1750 1751 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1752 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len, 1753 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1754 1755 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1756 NULL, 0, 1757 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len, 1758 NULL, 0, NULL, 0, NULL, 0 ) == 0 ); 1759 1760 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1761 NULL, 0, NULL, 0, 1762 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len, 1763 NULL, 0, NULL, 0 ) == 0 ); 1764 1765 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1766 NULL, 0, NULL, 0, NULL, 0, 1767 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len, 1768 NULL, 0 ) == 0 ); 1769 1770 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, 1771 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1772 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 ); 1773 } 1774 1775 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); 1776 1777 /* On expected success, perform some public and private 1778 * key operations to check if the key is working properly. */ 1779 if( res_complete == 0 ) 1780 { 1781 if( is_priv ) 1782 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); 1783 else 1784 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); 1785 1786 if( res_check != 0 ) 1787 goto exit; 1788 1789 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1790 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1791 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); 1792 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) 1793 goto exit; 1794 1795 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, 1796 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1797 1798 /* Make sure the number we're generating is smaller than the modulus */ 1799 buf_orig[0] = 0x00; 1800 1801 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); 1802 1803 if( is_priv ) 1804 { 1805 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, 1806 &ctr_drbg, buf_enc, 1807 buf_dec ) == 0 ); 1808 1809 TEST_ASSERT( memcmp( buf_orig, buf_dec, 1810 mbedtls_rsa_get_len( &ctx ) ) == 0 ); 1811 } 1812 } 1813 1814exit: 1815 1816 mbedtls_free( buf_orig ); 1817 mbedtls_free( buf_enc ); 1818 mbedtls_free( buf_dec ); 1819 1820 mbedtls_rsa_free( &ctx ); 1821 1822 mbedtls_ctr_drbg_free( &ctr_drbg ); 1823 mbedtls_entropy_free( &entropy ); 1824 1825} 1826/* END_CASE */ 1827 1828/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1829void rsa_selftest( ) 1830{ 1831 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); 1832} 1833/* END_CASE */ 1834