1/* BEGIN_HEADER */ 2#include "mbedtls/rsa.h" 3#include "mbedtls/rsa_internal.h" 4#include "mbedtls/md2.h" 5#include "mbedtls/md4.h" 6#include "mbedtls/md5.h" 7#include "mbedtls/sha1.h" 8#include "mbedtls/sha256.h" 9#include "mbedtls/sha512.h" 10#include "mbedtls/entropy.h" 11#include "mbedtls/ctr_drbg.h" 12 13/* END_HEADER */ 14 15/* BEGIN_DEPENDENCIES 16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 17 * END_DEPENDENCIES 18 */ 19 20/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 21void rsa_invalid_param() 22{ 23 mbedtls_rsa_context ctx; 24 const int valid_padding = MBEDTLS_RSA_PKCS_V21; 25 const int invalid_padding = 42; 26 const int valid_mode = MBEDTLS_RSA_PRIVATE; 27 const int invalid_mode = 42; 28 unsigned char buf[42] = { 0 }; 29 size_t olen; 30 31 TEST_INVALID_PARAM(mbedtls_rsa_init(NULL, valid_padding, 0)); 32 TEST_INVALID_PARAM(mbedtls_rsa_init(&ctx, invalid_padding, 0)); 33 TEST_VALID_PARAM(mbedtls_rsa_free(NULL)); 34 35 /* No more variants because only the first argument must be non-NULL. */ 36 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 37 mbedtls_rsa_import(NULL, NULL, NULL, 38 NULL, NULL, NULL)); 39 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 40 mbedtls_rsa_import_raw(NULL, 41 NULL, 0, 42 NULL, 0, 43 NULL, 0, 44 NULL, 0, 45 NULL, 0)); 46 47 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 48 mbedtls_rsa_complete(NULL)); 49 50 /* No more variants because only the first argument must be non-NULL. */ 51 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 52 mbedtls_rsa_export(NULL, NULL, NULL, 53 NULL, NULL, NULL)); 54 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 55 mbedtls_rsa_export_raw(NULL, 56 NULL, 0, 57 NULL, 0, 58 NULL, 0, 59 NULL, 0, 60 NULL, 0)); 61 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 62 mbedtls_rsa_export_crt(NULL, NULL, NULL, NULL)); 63 64 TEST_INVALID_PARAM(mbedtls_rsa_set_padding(NULL, 65 valid_padding, 0)); 66 TEST_INVALID_PARAM(mbedtls_rsa_set_padding(&ctx, 67 invalid_padding, 0)); 68 69 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 70 mbedtls_rsa_gen_key(NULL, 71 mbedtls_test_rnd_std_rand, 72 NULL, 0, 0)); 73 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 74 mbedtls_rsa_gen_key(&ctx, NULL, 75 NULL, 0, 0)); 76 77 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 78 mbedtls_rsa_check_pubkey(NULL)); 79 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 80 mbedtls_rsa_check_privkey(NULL)); 81 82 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 83 mbedtls_rsa_check_pub_priv(NULL, &ctx)); 84 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 85 mbedtls_rsa_check_pub_priv(&ctx, NULL)); 86 87 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 88 mbedtls_rsa_public(NULL, buf, buf)); 89 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 90 mbedtls_rsa_public(&ctx, NULL, buf)); 91 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 92 mbedtls_rsa_public(&ctx, buf, NULL)); 93 94 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 95 mbedtls_rsa_private(NULL, NULL, NULL, 96 buf, buf)); 97 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 98 mbedtls_rsa_private(&ctx, NULL, NULL, 99 NULL, buf)); 100 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 101 mbedtls_rsa_private(&ctx, NULL, NULL, 102 buf, NULL)); 103 104 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 105 mbedtls_rsa_pkcs1_encrypt(NULL, NULL, NULL, 106 valid_mode, 107 sizeof(buf), buf, 108 buf)); 109 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 110 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL, 111 invalid_mode, 112 sizeof(buf), buf, 113 buf)); 114 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 115 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL, 116 valid_mode, 117 sizeof(buf), NULL, 118 buf)); 119 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 120 mbedtls_rsa_pkcs1_encrypt(&ctx, NULL, NULL, 121 valid_mode, 122 sizeof(buf), buf, 123 NULL)); 124 125 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 126 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(NULL, NULL, 127 NULL, 128 valid_mode, 129 sizeof(buf), buf, 130 buf)); 131 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 132 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL, 133 NULL, 134 invalid_mode, 135 sizeof(buf), buf, 136 buf)); 137 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 138 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL, 139 NULL, 140 valid_mode, 141 sizeof(buf), NULL, 142 buf)); 143 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 144 mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, NULL, 145 NULL, 146 valid_mode, 147 sizeof(buf), buf, 148 NULL)); 149 150 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 151 mbedtls_rsa_rsaes_oaep_encrypt(NULL, NULL, NULL, 152 valid_mode, 153 buf, sizeof(buf), 154 sizeof(buf), buf, 155 buf)); 156 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 157 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL, 158 invalid_mode, 159 buf, sizeof(buf), 160 sizeof(buf), buf, 161 buf)); 162 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 163 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL, 164 valid_mode, 165 NULL, sizeof(buf), 166 sizeof(buf), buf, 167 buf)); 168 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 169 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL, 170 valid_mode, 171 buf, sizeof(buf), 172 sizeof(buf), NULL, 173 buf)); 174 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 175 mbedtls_rsa_rsaes_oaep_encrypt(&ctx, NULL, NULL, 176 valid_mode, 177 buf, sizeof(buf), 178 sizeof(buf), buf, 179 NULL)); 180 181 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 182 mbedtls_rsa_pkcs1_decrypt(NULL, NULL, NULL, 183 valid_mode, &olen, 184 buf, buf, 42)); 185 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 186 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL, 187 invalid_mode, &olen, 188 buf, buf, 42)); 189 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 190 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL, 191 valid_mode, NULL, 192 buf, buf, 42)); 193 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 194 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL, 195 valid_mode, &olen, 196 NULL, buf, 42)); 197 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 198 mbedtls_rsa_pkcs1_decrypt(&ctx, NULL, NULL, 199 valid_mode, &olen, 200 buf, NULL, 42)); 201 202 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 203 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(NULL, NULL, 204 NULL, 205 valid_mode, &olen, 206 buf, buf, 42)); 207 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 208 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL, 209 NULL, 210 invalid_mode, &olen, 211 buf, buf, 42)); 212 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 213 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL, 214 NULL, 215 valid_mode, NULL, 216 buf, buf, 42)); 217 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 218 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL, 219 NULL, 220 valid_mode, &olen, 221 NULL, buf, 42)); 222 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 223 mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, NULL, 224 NULL, 225 valid_mode, &olen, 226 buf, NULL, 42)); 227 228 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 229 mbedtls_rsa_rsaes_oaep_decrypt(NULL, NULL, NULL, 230 valid_mode, 231 buf, sizeof(buf), 232 &olen, 233 buf, buf, 42)); 234 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 235 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL, 236 invalid_mode, 237 buf, sizeof(buf), 238 &olen, 239 buf, buf, 42)); 240 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 241 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL, 242 valid_mode, 243 NULL, sizeof(buf), 244 NULL, 245 buf, buf, 42)); 246 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 247 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL, 248 valid_mode, 249 buf, sizeof(buf), 250 &olen, 251 NULL, buf, 42)); 252 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 253 mbedtls_rsa_rsaes_oaep_decrypt(&ctx, NULL, NULL, 254 valid_mode, 255 buf, sizeof(buf), 256 &olen, 257 buf, NULL, 42)); 258 259 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 260 mbedtls_rsa_pkcs1_sign(NULL, NULL, NULL, 261 valid_mode, 262 0, sizeof(buf), buf, 263 buf)); 264 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 265 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL, 266 invalid_mode, 267 0, sizeof(buf), buf, 268 buf)); 269 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 270 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL, 271 valid_mode, 272 0, sizeof(buf), NULL, 273 buf)); 274 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 275 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL, 276 valid_mode, 277 0, sizeof(buf), buf, 278 NULL)); 279 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 280 mbedtls_rsa_pkcs1_sign(&ctx, NULL, NULL, 281 valid_mode, 282 MBEDTLS_MD_SHA1, 283 0, NULL, 284 buf)); 285 286 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 287 mbedtls_rsa_rsassa_pkcs1_v15_sign(NULL, NULL, NULL, 288 valid_mode, 289 0, sizeof(buf), buf, 290 buf)); 291 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 292 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL, 293 invalid_mode, 294 0, sizeof(buf), buf, 295 buf)); 296 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 297 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL, 298 valid_mode, 299 0, sizeof(buf), NULL, 300 buf)); 301 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 302 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL, 303 valid_mode, 304 0, sizeof(buf), buf, 305 NULL)); 306 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 307 mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, NULL, 308 valid_mode, 309 MBEDTLS_MD_SHA1, 310 0, NULL, 311 buf)); 312 313 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 314 mbedtls_rsa_rsassa_pss_sign(NULL, NULL, NULL, 315 valid_mode, 316 0, sizeof(buf), buf, 317 buf)); 318 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 319 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL, 320 invalid_mode, 321 0, sizeof(buf), buf, 322 buf)); 323 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 324 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL, 325 valid_mode, 326 0, sizeof(buf), NULL, 327 buf)); 328 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 329 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL, 330 valid_mode, 331 0, sizeof(buf), buf, 332 NULL)); 333 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 334 mbedtls_rsa_rsassa_pss_sign(&ctx, NULL, NULL, 335 valid_mode, 336 MBEDTLS_MD_SHA1, 337 0, NULL, 338 buf)); 339 340 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 341 mbedtls_rsa_rsassa_pss_sign_ext(NULL, NULL, NULL, 342 0, sizeof(buf), buf, 343 MBEDTLS_RSA_SALT_LEN_ANY, 344 buf)); 345 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 346 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 347 0, sizeof(buf), NULL, 348 MBEDTLS_RSA_SALT_LEN_ANY, 349 buf)); 350 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 351 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 352 0, sizeof(buf), buf, 353 MBEDTLS_RSA_SALT_LEN_ANY, 354 NULL)); 355 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 356 mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 357 MBEDTLS_MD_SHA1, 358 0, NULL, 359 MBEDTLS_RSA_SALT_LEN_ANY, 360 buf)); 361 362 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 363 mbedtls_rsa_pkcs1_verify(NULL, NULL, NULL, 364 valid_mode, 365 0, sizeof(buf), buf, 366 buf)); 367 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 368 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, 369 invalid_mode, 370 0, sizeof(buf), buf, 371 buf)); 372 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 373 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, 374 valid_mode, 375 0, sizeof(buf), NULL, 376 buf)); 377 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 378 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, 379 valid_mode, 380 0, sizeof(buf), buf, 381 NULL)); 382 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 383 mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, 384 valid_mode, 385 MBEDTLS_MD_SHA1, 0, NULL, 386 buf)); 387 388 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 389 mbedtls_rsa_rsassa_pkcs1_v15_verify(NULL, NULL, 390 NULL, 391 valid_mode, 392 0, sizeof(buf), buf, 393 buf)); 394 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 395 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL, 396 NULL, 397 invalid_mode, 398 0, sizeof(buf), buf, 399 buf)); 400 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 401 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL, 402 NULL, 403 valid_mode, 404 0, sizeof(buf), 405 NULL, buf)); 406 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 407 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL, 408 NULL, 409 valid_mode, 410 0, sizeof(buf), buf, 411 NULL)); 412 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 413 mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL, 414 NULL, 415 valid_mode, 416 MBEDTLS_MD_SHA1, 417 0, NULL, 418 buf)); 419 420 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 421 mbedtls_rsa_rsassa_pss_verify(NULL, NULL, NULL, 422 valid_mode, 423 0, sizeof(buf), 424 buf, buf)); 425 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 426 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL, 427 invalid_mode, 428 0, sizeof(buf), 429 buf, buf)); 430 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 431 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL, 432 valid_mode, 433 0, sizeof(buf), 434 NULL, buf)); 435 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 436 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL, 437 valid_mode, 438 0, sizeof(buf), 439 buf, NULL)); 440 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 441 mbedtls_rsa_rsassa_pss_verify(&ctx, NULL, NULL, 442 valid_mode, 443 MBEDTLS_MD_SHA1, 444 0, NULL, 445 buf)); 446 447 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 448 mbedtls_rsa_rsassa_pss_verify_ext(NULL, NULL, NULL, 449 valid_mode, 450 0, sizeof(buf), 451 buf, 452 0, 0, 453 buf)); 454 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 455 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL, 456 invalid_mode, 457 0, sizeof(buf), 458 buf, 459 0, 0, 460 buf)); 461 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 462 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL, 463 valid_mode, 464 0, sizeof(buf), 465 NULL, 0, 0, 466 buf)); 467 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 468 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL, 469 valid_mode, 470 0, sizeof(buf), 471 buf, 0, 0, 472 NULL)); 473 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 474 mbedtls_rsa_rsassa_pss_verify_ext(&ctx, NULL, NULL, 475 valid_mode, 476 MBEDTLS_MD_SHA1, 477 0, NULL, 478 0, 0, 479 buf)); 480 481 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 482 mbedtls_rsa_copy(NULL, &ctx)); 483 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, 484 mbedtls_rsa_copy(&ctx, NULL)); 485 486exit: 487 return; 488} 489/* END_CASE */ 490 491/* BEGIN_CASE */ 492void rsa_init_free(int reinit) 493{ 494 mbedtls_rsa_context ctx; 495 496 /* Double free is not explicitly documented to work, but we rely on it 497 * even inside the library so that you can call mbedtls_rsa_free() 498 * unconditionally on an error path without checking whether it has 499 * already been called in the success path. */ 500 501 mbedtls_rsa_init(&ctx, 0, 0); 502 mbedtls_rsa_free(&ctx); 503 504 if (reinit) { 505 mbedtls_rsa_init(&ctx, 0, 0); 506 } 507 mbedtls_rsa_free(&ctx); 508 509 /* This test case always succeeds, functionally speaking. A plausible 510 * bug might trigger an invalid pointer dereference or a memory leak. */ 511 goto exit; 512} 513/* END_CASE */ 514 515/* BEGIN_CASE */ 516void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, 517 int digest, int mod, char *input_P, 518 char *input_Q, char *input_N, char *input_E, 519 data_t *result_str, int result) 520{ 521 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 522 unsigned char output[256]; 523 mbedtls_rsa_context ctx; 524 mbedtls_mpi N, P, Q, E; 525 mbedtls_test_rnd_pseudo_info rnd_info; 526 527 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 528 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 529 mbedtls_rsa_init(&ctx, padding_mode, 0); 530 531 memset(hash_result, 0x00, sizeof(hash_result)); 532 memset(output, 0x00, sizeof(output)); 533 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 534 535 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 536 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 537 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 538 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 539 540 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 541 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 542 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 543 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 544 545 546 if (mbedtls_md_info_from_type(digest) != NULL) { 547 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len, 548 hash_result) == 0); 549 } 550 551 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, 552 &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 553 0, hash_result, output) == result); 554 if (result == 0) { 555 556 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 557 ctx.len, result_str->len) == 0); 558 } 559 560exit: 561 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 562 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 563 mbedtls_rsa_free(&ctx); 564} 565/* END_CASE */ 566 567/* BEGIN_CASE */ 568void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, 569 int digest, int mod, 570 char *input_N, char *input_E, 571 data_t *result_str, int result) 572{ 573 unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; 574 mbedtls_rsa_context ctx; 575 576 mbedtls_mpi N, E; 577 578 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 579 mbedtls_rsa_init(&ctx, padding_mode, 0); 580 memset(hash_result, 0x00, sizeof(hash_result)); 581 582 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 583 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 584 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 585 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 586 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 587 588 589 if (mbedtls_md_info_from_type(digest) != NULL) { 590 TEST_ASSERT(mbedtls_md(mbedtls_md_info_from_type(digest), message_str->x, message_str->len, 591 hash_result) == 0); 592 } 593 594 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, 595 hash_result, result_str->x) == result); 596 597exit: 598 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 599 mbedtls_rsa_free(&ctx); 600} 601/* END_CASE */ 602 603 604/* BEGIN_CASE */ 605void rsa_pkcs1_sign_raw(data_t *hash_result, 606 int padding_mode, int mod, 607 char *input_P, char *input_Q, 608 char *input_N, char *input_E, 609 data_t *result_str) 610{ 611 unsigned char output[256]; 612 mbedtls_rsa_context ctx; 613 mbedtls_mpi N, P, Q, E; 614 mbedtls_test_rnd_pseudo_info rnd_info; 615 616 mbedtls_rsa_init(&ctx, padding_mode, 0); 617 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 618 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 619 620 memset(output, 0x00, sizeof(output)); 621 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 622 623 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 624 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 625 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 626 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 627 628 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 629 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 630 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 631 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 632 633 634 TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, 635 &rnd_info, MBEDTLS_RSA_PRIVATE, 636 MBEDTLS_MD_NONE, hash_result->len, 637 hash_result->x, output) == 0); 638 639 640 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 641 ctx.len, result_str->len) == 0); 642 643#if defined(MBEDTLS_PKCS1_V15) 644 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ 645 if (padding_mode == MBEDTLS_RSA_PKCS_V15) { 646 int res; 647 memset(output, 0x00, sizeof(output)); 648 649 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(&ctx, 650 &mbedtls_test_rnd_pseudo_rand, &rnd_info, 651 MBEDTLS_RSA_PRIVATE, hash_result->len, 652 hash_result->x, output); 653 654#if !defined(MBEDTLS_RSA_ALT) 655 TEST_ASSERT(res == 0); 656#else 657 TEST_ASSERT((res == 0) || 658 (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION)); 659#endif 660 661 if (res == 0) { 662 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 663 ctx.len, 664 result_str->len) == 0); 665 } 666 } 667#endif /* MBEDTLS_PKCS1_V15 */ 668 669exit: 670 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 671 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 672 673 mbedtls_rsa_free(&ctx); 674} 675/* END_CASE */ 676 677/* BEGIN_CASE */ 678void rsa_pkcs1_verify_raw(data_t *hash_result, 679 int padding_mode, int mod, 680 char *input_N, char *input_E, 681 data_t *result_str, int correct) 682{ 683 unsigned char output[256]; 684 mbedtls_rsa_context ctx; 685 686 mbedtls_mpi N, E; 687 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 688 689 mbedtls_rsa_init(&ctx, padding_mode, 0); 690 memset(output, 0x00, sizeof(output)); 691 692 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 693 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 694 695 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 696 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 697 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 698 699 700 TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, 701 hash_result->len, hash_result->x, 702 result_str->x) == correct); 703 704#if defined(MBEDTLS_PKCS1_V15) 705 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ 706 if (padding_mode == MBEDTLS_RSA_PKCS_V15) { 707 int res; 708 int ok; 709 size_t olen; 710 711 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(&ctx, 712 NULL, NULL, MBEDTLS_RSA_PUBLIC, 713 &olen, result_str->x, output, sizeof(output)); 714 715#if !defined(MBEDTLS_RSA_ALT) 716 TEST_ASSERT(res == 0); 717#else 718 TEST_ASSERT((res == 0) || 719 (res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION)); 720#endif 721 722 if (res == 0) { 723 ok = olen == hash_result->len && memcmp(output, hash_result->x, olen) == 0; 724 if (correct == 0) { 725 TEST_ASSERT(ok == 1); 726 } else { 727 TEST_ASSERT(ok == 0); 728 } 729 } 730 } 731#endif /* MBEDTLS_PKCS1_V15 */ 732 733exit: 734 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 735 mbedtls_rsa_free(&ctx); 736} 737/* END_CASE */ 738 739/* BEGIN_CASE */ 740void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, 741 int mod, char *input_N, char *input_E, 742 data_t *result_str, int result) 743{ 744 unsigned char output[256]; 745 mbedtls_rsa_context ctx; 746 mbedtls_test_rnd_pseudo_info rnd_info; 747 748 mbedtls_mpi N, E; 749 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 750 751 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 752 753 mbedtls_rsa_init(&ctx, padding_mode, 0); 754 memset(output, 0x00, sizeof(output)); 755 756 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 757 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 758 759 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 760 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 761 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 762 763 764 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 765 &mbedtls_test_rnd_pseudo_rand, 766 &rnd_info, MBEDTLS_RSA_PUBLIC, 767 message_str->len, message_str->x, 768 output) == result); 769 if (result == 0) { 770 771 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 772 ctx.len, result_str->len) == 0); 773 } 774 775exit: 776 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 777 mbedtls_rsa_free(&ctx); 778} 779/* END_CASE */ 780 781/* BEGIN_CASE */ 782void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, 783 int mod, char *input_N, char *input_E, 784 data_t *result_str, int result) 785{ 786 unsigned char output[256]; 787 mbedtls_rsa_context ctx; 788 789 mbedtls_mpi N, E; 790 791 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 792 mbedtls_rsa_init(&ctx, padding_mode, 0); 793 memset(output, 0x00, sizeof(output)); 794 795 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 796 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 797 798 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 799 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 800 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 801 802 803 TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand, 804 NULL, MBEDTLS_RSA_PUBLIC, 805 message_str->len, message_str->x, 806 output) == result); 807 if (result == 0) { 808 809 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 810 ctx.len, result_str->len) == 0); 811 } 812 813exit: 814 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 815 mbedtls_rsa_free(&ctx); 816} 817/* END_CASE */ 818 819/* BEGIN_CASE */ 820void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, 821 int mod, char *input_P, 822 char *input_Q, char *input_N, 823 char *input_E, int max_output, 824 data_t *result_str, int result) 825{ 826 unsigned char output[32]; 827 mbedtls_rsa_context ctx; 828 size_t output_len; 829 mbedtls_test_rnd_pseudo_info rnd_info; 830 mbedtls_mpi N, P, Q, E; 831 832 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 833 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 834 835 mbedtls_rsa_init(&ctx, padding_mode, 0); 836 837 memset(output, 0x00, sizeof(output)); 838 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 839 840 841 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 842 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 843 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 844 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 845 846 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 847 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 848 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 849 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 850 851 output_len = 0; 852 853 TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand, 854 &rnd_info, MBEDTLS_RSA_PRIVATE, 855 &output_len, message_str->x, output, 856 max_output) == result); 857 if (result == 0) { 858 859 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 860 output_len, 861 result_str->len) == 0); 862 } 863 864exit: 865 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 866 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 867 mbedtls_rsa_free(&ctx); 868} 869/* END_CASE */ 870 871/* BEGIN_CASE */ 872void mbedtls_rsa_public(data_t *message_str, int mod, 873 char *input_N, char *input_E, 874 data_t *result_str, int result) 875{ 876 unsigned char output[256]; 877 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 878 879 mbedtls_mpi N, E; 880 881 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 882 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0); 883 mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0); 884 memset(output, 0x00, sizeof(output)); 885 886 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 887 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 888 889 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 890 891 /* Check test data consistency */ 892 TEST_ASSERT(message_str->len == (size_t) (mod / 8)); 893 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 894 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 895 896 TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); 897 if (result == 0) { 898 899 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 900 ctx.len, result_str->len) == 0); 901 } 902 903 /* And now with the copy */ 904 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 905 /* clear the original to be sure */ 906 mbedtls_rsa_free(&ctx); 907 908 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0); 909 910 memset(output, 0x00, sizeof(output)); 911 TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result); 912 if (result == 0) { 913 914 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 915 ctx.len, result_str->len) == 0); 916 } 917 918exit: 919 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 920 mbedtls_rsa_free(&ctx); 921 mbedtls_rsa_free(&ctx2); 922} 923/* END_CASE */ 924 925/* BEGIN_CASE */ 926void mbedtls_rsa_private(data_t *message_str, int mod, 927 char *input_P, char *input_Q, 928 char *input_N, char *input_E, 929 data_t *result_str, int result) 930{ 931 unsigned char output[256]; 932 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 933 mbedtls_mpi N, P, Q, E; 934 mbedtls_test_rnd_pseudo_info rnd_info; 935 int i; 936 937 mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 938 mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 939 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0); 940 mbedtls_rsa_init(&ctx2, MBEDTLS_RSA_PKCS_V15, 0); 941 942 memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 943 944 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 945 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 946 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 947 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 948 949 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 950 951 /* Check test data consistency */ 952 TEST_ASSERT(message_str->len == (size_t) (mod / 8)); 953 TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); 954 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 955 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 956 957 /* repeat three times to test updating of blinding values */ 958 for (i = 0; i < 3; i++) { 959 memset(output, 0x00, sizeof(output)); 960 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand, 961 &rnd_info, message_str->x, 962 output) == result); 963 if (result == 0) { 964 965 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 966 ctx.len, 967 result_str->len) == 0); 968 } 969 } 970 971 /* And now one more time with the copy */ 972 TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 973 /* clear the original to be sure */ 974 mbedtls_rsa_free(&ctx); 975 976 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0); 977 978 memset(output, 0x00, sizeof(output)); 979 TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand, 980 &rnd_info, message_str->x, 981 output) == result); 982 if (result == 0) { 983 984 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 985 ctx2.len, 986 result_str->len) == 0); 987 } 988 989exit: 990 mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 991 mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 992 993 mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2); 994} 995/* END_CASE */ 996 997/* BEGIN_CASE */ 998void rsa_check_privkey_null() 999{ 1000 mbedtls_rsa_context ctx; 1001 memset(&ctx, 0x00, sizeof(mbedtls_rsa_context)); 1002 1003 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); 1004} 1005/* END_CASE */ 1006 1007/* BEGIN_CASE */ 1008void mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result) 1009{ 1010 mbedtls_rsa_context ctx; 1011 mbedtls_mpi N, E; 1012 1013 mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 1014 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0); 1015 1016 if (strlen(input_N)) { 1017 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1018 } 1019 if (strlen(input_E)) { 1020 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1021 } 1022 1023 TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 1024 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result); 1025 1026exit: 1027 mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 1028 mbedtls_rsa_free(&ctx); 1029} 1030/* END_CASE */ 1031 1032/* BEGIN_CASE */ 1033void mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q, 1034 char *input_N, char *input_E, char *input_D, 1035 char *input_DP, char *input_DQ, char *input_QP, 1036 int result) 1037{ 1038 mbedtls_rsa_context ctx; 1039 1040 mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0); 1041 1042 ctx.len = mod / 8; 1043 if (strlen(input_P)) { 1044 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0); 1045 } 1046 if (strlen(input_Q)) { 1047 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0); 1048 } 1049 if (strlen(input_N)) { 1050 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0); 1051 } 1052 if (strlen(input_E)) { 1053 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0); 1054 } 1055 if (strlen(input_D)) { 1056 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0); 1057 } 1058#if !defined(MBEDTLS_RSA_NO_CRT) 1059 if (strlen(input_DP)) { 1060 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0); 1061 } 1062 if (strlen(input_DQ)) { 1063 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0); 1064 } 1065 if (strlen(input_QP)) { 1066 TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0); 1067 } 1068#else 1069 ((void) input_DP); 1070 ((void) input_DQ); 1071 ((void) input_QP); 1072#endif 1073 1074 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result); 1075 1076exit: 1077 mbedtls_rsa_free(&ctx); 1078} 1079/* END_CASE */ 1080 1081/* BEGIN_CASE */ 1082void rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub, 1083 char *input_P, char *input_Q, char *input_N, 1084 char *input_E, char *input_D, char *input_DP, 1085 char *input_DQ, char *input_QP, int result) 1086{ 1087 mbedtls_rsa_context pub, prv; 1088 1089 mbedtls_rsa_init(&pub, MBEDTLS_RSA_PKCS_V15, 0); 1090 mbedtls_rsa_init(&prv, MBEDTLS_RSA_PKCS_V15, 0); 1091 1092 pub.len = mod / 8; 1093 prv.len = mod / 8; 1094 1095 if (strlen(input_Npub)) { 1096 TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0); 1097 } 1098 if (strlen(input_Epub)) { 1099 TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0); 1100 } 1101 1102 if (strlen(input_P)) { 1103 TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0); 1104 } 1105 if (strlen(input_Q)) { 1106 TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0); 1107 } 1108 if (strlen(input_N)) { 1109 TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0); 1110 } 1111 if (strlen(input_E)) { 1112 TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0); 1113 } 1114 if (strlen(input_D)) { 1115 TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0); 1116 } 1117#if !defined(MBEDTLS_RSA_NO_CRT) 1118 if (strlen(input_DP)) { 1119 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0); 1120 } 1121 if (strlen(input_DQ)) { 1122 TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0); 1123 } 1124 if (strlen(input_QP)) { 1125 TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0); 1126 } 1127#else 1128 ((void) input_DP); 1129 ((void) input_DQ); 1130 ((void) input_QP); 1131#endif 1132 1133 TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result); 1134 1135exit: 1136 mbedtls_rsa_free(&pub); 1137 mbedtls_rsa_free(&prv); 1138} 1139/* END_CASE */ 1140 1141/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1142void mbedtls_rsa_gen_key(int nrbits, int exponent, int result) 1143{ 1144 mbedtls_rsa_context ctx; 1145 mbedtls_entropy_context entropy; 1146 mbedtls_ctr_drbg_context ctr_drbg; 1147 const char *pers = "test_suite_rsa"; 1148 1149 mbedtls_ctr_drbg_init(&ctr_drbg); 1150 mbedtls_entropy_init(&entropy); 1151 mbedtls_rsa_init(&ctx, 0, 0); 1152 1153 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, 1154 &entropy, (const unsigned char *) pers, 1155 strlen(pers)) == 0); 1156 1157 TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, 1158 exponent) == result); 1159 if (result == 0) { 1160 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 1161 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0); 1162 } 1163 1164exit: 1165 mbedtls_rsa_free(&ctx); 1166 mbedtls_ctr_drbg_free(&ctr_drbg); 1167 mbedtls_entropy_free(&entropy); 1168} 1169/* END_CASE */ 1170 1171/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1172void mbedtls_rsa_deduce_primes(char *input_N, 1173 char *input_D, 1174 char *input_E, 1175 char *output_P, 1176 char *output_Q, 1177 int corrupt, int result) 1178{ 1179 mbedtls_mpi N, P, Pp, Q, Qp, D, E; 1180 1181 mbedtls_mpi_init(&N); 1182 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1183 mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp); 1184 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1185 1186 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1187 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1188 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1189 TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0); 1190 TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0); 1191 1192 if (corrupt) { 1193 TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0); 1194 } 1195 1196 /* Try to deduce P, Q from N, D, E only. */ 1197 TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result); 1198 1199 if (!corrupt) { 1200 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 1201 TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) || 1202 (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0)); 1203 } 1204 1205exit: 1206 mbedtls_mpi_free(&N); 1207 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1208 mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp); 1209 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1210} 1211/* END_CASE */ 1212 1213/* BEGIN_CASE */ 1214void mbedtls_rsa_deduce_private_exponent(char *input_P, 1215 char *input_Q, 1216 char *input_E, 1217 char *output_D, 1218 int corrupt, int result) 1219{ 1220 mbedtls_mpi P, Q, D, Dp, E, R, Rp; 1221 1222 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1223 mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp); 1224 mbedtls_mpi_init(&E); 1225 mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp); 1226 1227 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1228 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1229 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1230 TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0); 1231 1232 if (corrupt) { 1233 /* Make E even */ 1234 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0); 1235 } 1236 1237 /* Try to deduce D from N, P, Q, E. */ 1238 TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q, 1239 &E, &D) == result); 1240 1241 if (!corrupt) { 1242 /* 1243 * Check that D and Dp agree modulo LCM(P-1, Q-1). 1244 */ 1245 1246 /* Replace P,Q by P-1, Q-1 */ 1247 TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0); 1248 TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0); 1249 1250 /* Check D == Dp modulo P-1 */ 1251 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0); 1252 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0); 1253 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 1254 1255 /* Check D == Dp modulo Q-1 */ 1256 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0); 1257 TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0); 1258 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 1259 } 1260 1261exit: 1262 1263 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1264 mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp); 1265 mbedtls_mpi_free(&E); 1266 mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp); 1267} 1268/* END_CASE */ 1269 1270/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1271void mbedtls_rsa_import(char *input_N, 1272 char *input_P, 1273 char *input_Q, 1274 char *input_D, 1275 char *input_E, 1276 int successive, 1277 int is_priv, 1278 int res_check, 1279 int res_complete) 1280{ 1281 mbedtls_mpi N, P, Q, D, E; 1282 mbedtls_rsa_context ctx; 1283 1284 /* Buffers used for encryption-decryption test */ 1285 unsigned char *buf_orig = NULL; 1286 unsigned char *buf_enc = NULL; 1287 unsigned char *buf_dec = NULL; 1288 1289 mbedtls_entropy_context entropy; 1290 mbedtls_ctr_drbg_context ctr_drbg; 1291 const char *pers = "test_suite_rsa"; 1292 1293 const int have_N = (strlen(input_N) > 0); 1294 const int have_P = (strlen(input_P) > 0); 1295 const int have_Q = (strlen(input_Q) > 0); 1296 const int have_D = (strlen(input_D) > 0); 1297 const int have_E = (strlen(input_E) > 0); 1298 1299 mbedtls_ctr_drbg_init(&ctr_drbg); 1300 mbedtls_entropy_init(&entropy); 1301 mbedtls_rsa_init(&ctx, 0, 0); 1302 1303 mbedtls_mpi_init(&N); 1304 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1305 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1306 1307 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, 1308 (const unsigned char *) pers, strlen(pers)) == 0); 1309 1310 if (have_N) { 1311 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1312 } 1313 1314 if (have_P) { 1315 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1316 } 1317 1318 if (have_Q) { 1319 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1320 } 1321 1322 if (have_D) { 1323 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1324 } 1325 1326 if (have_E) { 1327 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1328 } 1329 1330 if (!successive) { 1331 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1332 have_N ? &N : NULL, 1333 have_P ? &P : NULL, 1334 have_Q ? &Q : NULL, 1335 have_D ? &D : NULL, 1336 have_E ? &E : NULL) == 0); 1337 } else { 1338 /* Import N, P, Q, D, E separately. 1339 * This should make no functional difference. */ 1340 1341 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1342 have_N ? &N : NULL, 1343 NULL, NULL, NULL, NULL) == 0); 1344 1345 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1346 NULL, 1347 have_P ? &P : NULL, 1348 NULL, NULL, NULL) == 0); 1349 1350 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1351 NULL, NULL, 1352 have_Q ? &Q : NULL, 1353 NULL, NULL) == 0); 1354 1355 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1356 NULL, NULL, NULL, 1357 have_D ? &D : NULL, 1358 NULL) == 0); 1359 1360 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1361 NULL, NULL, NULL, NULL, 1362 have_E ? &E : NULL) == 0); 1363 } 1364 1365 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 1366 1367 /* On expected success, perform some public and private 1368 * key operations to check if the key is working properly. */ 1369 if (res_complete == 0) { 1370 if (is_priv) { 1371 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 1372 } else { 1373 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 1374 } 1375 1376 if (res_check != 0) { 1377 goto exit; 1378 } 1379 1380 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1381 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1382 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1383 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 1384 goto exit; 1385 } 1386 1387 TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg, 1388 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 1389 1390 /* Make sure the number we're generating is smaller than the modulus */ 1391 buf_orig[0] = 0x00; 1392 1393 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 1394 1395 if (is_priv) { 1396 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random, 1397 &ctr_drbg, buf_enc, 1398 buf_dec) == 0); 1399 1400 TEST_ASSERT(memcmp(buf_orig, buf_dec, 1401 mbedtls_rsa_get_len(&ctx)) == 0); 1402 } 1403 } 1404 1405exit: 1406 1407 mbedtls_free(buf_orig); 1408 mbedtls_free(buf_enc); 1409 mbedtls_free(buf_dec); 1410 1411 mbedtls_rsa_free(&ctx); 1412 1413 mbedtls_ctr_drbg_free(&ctr_drbg); 1414 mbedtls_entropy_free(&entropy); 1415 1416 mbedtls_mpi_free(&N); 1417 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1418 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1419} 1420/* END_CASE */ 1421 1422/* BEGIN_CASE */ 1423void mbedtls_rsa_export(char *input_N, 1424 char *input_P, 1425 char *input_Q, 1426 char *input_D, 1427 char *input_E, 1428 int is_priv, 1429 int successive) 1430{ 1431 /* Original MPI's with which we set up the RSA context */ 1432 mbedtls_mpi N, P, Q, D, E; 1433 1434 /* Exported MPI's */ 1435 mbedtls_mpi Ne, Pe, Qe, De, Ee; 1436 1437 const int have_N = (strlen(input_N) > 0); 1438 const int have_P = (strlen(input_P) > 0); 1439 const int have_Q = (strlen(input_Q) > 0); 1440 const int have_D = (strlen(input_D) > 0); 1441 const int have_E = (strlen(input_E) > 0); 1442 1443 mbedtls_rsa_context ctx; 1444 1445 mbedtls_rsa_init(&ctx, 0, 0); 1446 1447 mbedtls_mpi_init(&N); 1448 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1449 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1450 1451 mbedtls_mpi_init(&Ne); 1452 mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe); 1453 mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee); 1454 1455 /* Setup RSA context */ 1456 1457 if (have_N) { 1458 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1459 } 1460 1461 if (have_P) { 1462 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1463 } 1464 1465 if (have_Q) { 1466 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1467 } 1468 1469 if (have_D) { 1470 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1471 } 1472 1473 if (have_E) { 1474 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1475 } 1476 1477 TEST_ASSERT(mbedtls_rsa_import(&ctx, 1478 strlen(input_N) ? &N : NULL, 1479 strlen(input_P) ? &P : NULL, 1480 strlen(input_Q) ? &Q : NULL, 1481 strlen(input_D) ? &D : NULL, 1482 strlen(input_E) ? &E : NULL) == 0); 1483 1484 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1485 1486 /* 1487 * Export parameters and compare to original ones. 1488 */ 1489 1490 /* N and E must always be present. */ 1491 if (!successive) { 1492 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0); 1493 } else { 1494 TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0); 1495 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0); 1496 } 1497 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0); 1498 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0); 1499 1500 /* If we were providing enough information to setup a complete private context, 1501 * we expect to be able to export all core parameters. */ 1502 1503 if (is_priv) { 1504 if (!successive) { 1505 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe, 1506 &De, NULL) == 0); 1507 } else { 1508 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL, 1509 NULL, NULL) == 0); 1510 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe, 1511 NULL, NULL) == 0); 1512 TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, 1513 &De, NULL) == 0); 1514 } 1515 1516 if (have_P) { 1517 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0); 1518 } 1519 1520 if (have_Q) { 1521 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0); 1522 } 1523 1524 if (have_D) { 1525 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0); 1526 } 1527 1528 /* While at it, perform a sanity check */ 1529 TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee, 1530 NULL, NULL) == 0); 1531 } 1532 1533exit: 1534 1535 mbedtls_rsa_free(&ctx); 1536 1537 mbedtls_mpi_free(&N); 1538 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1539 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1540 1541 mbedtls_mpi_free(&Ne); 1542 mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe); 1543 mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee); 1544} 1545/* END_CASE */ 1546 1547/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ 1548void mbedtls_rsa_validate_params(char *input_N, 1549 char *input_P, 1550 char *input_Q, 1551 char *input_D, 1552 char *input_E, 1553 int prng, int result) 1554{ 1555 /* Original MPI's with which we set up the RSA context */ 1556 mbedtls_mpi N, P, Q, D, E; 1557 1558 const int have_N = (strlen(input_N) > 0); 1559 const int have_P = (strlen(input_P) > 0); 1560 const int have_Q = (strlen(input_Q) > 0); 1561 const int have_D = (strlen(input_D) > 0); 1562 const int have_E = (strlen(input_E) > 0); 1563 1564 mbedtls_entropy_context entropy; 1565 mbedtls_ctr_drbg_context ctr_drbg; 1566 const char *pers = "test_suite_rsa"; 1567 1568 mbedtls_mpi_init(&N); 1569 mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1570 mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1571 1572 mbedtls_ctr_drbg_init(&ctr_drbg); 1573 mbedtls_entropy_init(&entropy); 1574 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, 1575 &entropy, (const unsigned char *) pers, 1576 strlen(pers)) == 0); 1577 1578 if (have_N) { 1579 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1580 } 1581 1582 if (have_P) { 1583 TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1584 } 1585 1586 if (have_Q) { 1587 TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1588 } 1589 1590 if (have_D) { 1591 TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1592 } 1593 1594 if (have_E) { 1595 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1596 } 1597 1598 TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL, 1599 have_P ? &P : NULL, 1600 have_Q ? &Q : NULL, 1601 have_D ? &D : NULL, 1602 have_E ? &E : NULL, 1603 prng ? mbedtls_ctr_drbg_random : NULL, 1604 prng ? &ctr_drbg : NULL) == result); 1605exit: 1606 1607 mbedtls_ctr_drbg_free(&ctr_drbg); 1608 mbedtls_entropy_free(&entropy); 1609 1610 mbedtls_mpi_free(&N); 1611 mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1612 mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1613} 1614/* END_CASE */ 1615 1616/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ 1617void mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P, 1618 data_t *input_Q, data_t *input_D, 1619 data_t *input_E, int is_priv, 1620 int successive) 1621{ 1622 /* Exported buffers */ 1623 unsigned char bufNe[256]; 1624 unsigned char bufPe[128]; 1625 unsigned char bufQe[128]; 1626 unsigned char bufDe[256]; 1627 unsigned char bufEe[1]; 1628 1629 mbedtls_rsa_context ctx; 1630 1631 mbedtls_rsa_init(&ctx, 0, 0); 1632 1633 /* Setup RSA context */ 1634 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1635 input_N->len ? input_N->x : NULL, input_N->len, 1636 input_P->len ? input_P->x : NULL, input_P->len, 1637 input_Q->len ? input_Q->x : NULL, input_Q->len, 1638 input_D->len ? input_D->x : NULL, input_D->len, 1639 input_E->len ? input_E->x : NULL, input_E->len) == 0); 1640 1641 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1642 1643 /* 1644 * Export parameters and compare to original ones. 1645 */ 1646 1647 /* N and E must always be present. */ 1648 if (!successive) { 1649 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1650 NULL, 0, NULL, 0, NULL, 0, 1651 bufEe, input_E->len) == 0); 1652 } else { 1653 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1654 NULL, 0, NULL, 0, NULL, 0, 1655 NULL, 0) == 0); 1656 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1657 NULL, 0, NULL, 0, NULL, 0, 1658 bufEe, input_E->len) == 0); 1659 } 1660 TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0); 1661 TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0); 1662 1663 /* If we were providing enough information to setup a complete private context, 1664 * we expect to be able to export all core parameters. */ 1665 1666 if (is_priv) { 1667 if (!successive) { 1668 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1669 bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1670 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1671 bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1672 NULL, 0) == 0); 1673 } else { 1674 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1675 bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1676 NULL, 0, NULL, 0, 1677 NULL, 0) == 0); 1678 1679 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, 1680 bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1681 NULL, 0, NULL, 0) == 0); 1682 1683 TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0, 1684 bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1685 NULL, 0) == 0); 1686 } 1687 1688 if (input_P->len) { 1689 TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0); 1690 } 1691 1692 if (input_Q->len) { 1693 TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0); 1694 } 1695 1696 if (input_D->len) { 1697 TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0); 1698 } 1699 1700 } 1701 1702exit: 1703 mbedtls_rsa_free(&ctx); 1704} 1705/* END_CASE */ 1706 1707/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ 1708void mbedtls_rsa_import_raw(data_t *input_N, 1709 data_t *input_P, data_t *input_Q, 1710 data_t *input_D, data_t *input_E, 1711 int successive, 1712 int is_priv, 1713 int res_check, 1714 int res_complete) 1715{ 1716 /* Buffers used for encryption-decryption test */ 1717 unsigned char *buf_orig = NULL; 1718 unsigned char *buf_enc = NULL; 1719 unsigned char *buf_dec = NULL; 1720 1721 mbedtls_rsa_context ctx; 1722 mbedtls_entropy_context entropy; 1723 mbedtls_ctr_drbg_context ctr_drbg; 1724 1725 const char *pers = "test_suite_rsa"; 1726 1727 mbedtls_ctr_drbg_init(&ctr_drbg); 1728 mbedtls_entropy_init(&entropy); 1729 mbedtls_rsa_init(&ctx, 0, 0); 1730 1731 TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, 1732 &entropy, (const unsigned char *) pers, 1733 strlen(pers)) == 0); 1734 1735 if (!successive) { 1736 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1737 (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1738 (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1739 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1740 (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1741 (input_E->len > 0) ? input_E->x : NULL, 1742 input_E->len) == 0); 1743 } else { 1744 /* Import N, P, Q, D, E separately. 1745 * This should make no functional difference. */ 1746 1747 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1748 (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1749 NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0); 1750 1751 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1752 NULL, 0, 1753 (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1754 NULL, 0, NULL, 0, NULL, 0) == 0); 1755 1756 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1757 NULL, 0, NULL, 0, 1758 (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1759 NULL, 0, NULL, 0) == 0); 1760 1761 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1762 NULL, 0, NULL, 0, NULL, 0, 1763 (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1764 NULL, 0) == 0); 1765 1766 TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1767 NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1768 (input_E->len > 0) ? input_E->x : NULL, 1769 input_E->len) == 0); 1770 } 1771 1772 TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 1773 1774 /* On expected success, perform some public and private 1775 * key operations to check if the key is working properly. */ 1776 if (res_complete == 0) { 1777 if (is_priv) { 1778 TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 1779 } else { 1780 TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 1781 } 1782 1783 if (res_check != 0) { 1784 goto exit; 1785 } 1786 1787 buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1788 buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1789 buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1790 if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 1791 goto exit; 1792 } 1793 1794 TEST_ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg, 1795 buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 1796 1797 /* Make sure the number we're generating is smaller than the modulus */ 1798 buf_orig[0] = 0x00; 1799 1800 TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 1801 1802 if (is_priv) { 1803 TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_ctr_drbg_random, 1804 &ctr_drbg, buf_enc, 1805 buf_dec) == 0); 1806 1807 TEST_ASSERT(memcmp(buf_orig, buf_dec, 1808 mbedtls_rsa_get_len(&ctx)) == 0); 1809 } 1810 } 1811 1812exit: 1813 1814 mbedtls_free(buf_orig); 1815 mbedtls_free(buf_enc); 1816 mbedtls_free(buf_dec); 1817 1818 mbedtls_rsa_free(&ctx); 1819 1820 mbedtls_ctr_drbg_free(&ctr_drbg); 1821 mbedtls_entropy_free(&entropy); 1822 1823} 1824/* END_CASE */ 1825 1826/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1827void rsa_selftest() 1828{ 1829 TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); 1830} 1831/* END_CASE */ 1832