1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/rsa.h" 3a8e1175bSopenharmony_ci#include "rsa_alt_helpers.h" 4a8e1175bSopenharmony_ci#include "rsa_internal.h" 5a8e1175bSopenharmony_ci/* END_HEADER */ 6a8e1175bSopenharmony_ci 7a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 8a8e1175bSopenharmony_ci * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME 9a8e1175bSopenharmony_ci * END_DEPENDENCIES 10a8e1175bSopenharmony_ci */ 11a8e1175bSopenharmony_ci 12a8e1175bSopenharmony_ci/* BEGIN_CASE */ 13a8e1175bSopenharmony_civoid rsa_invalid_param() 14a8e1175bSopenharmony_ci{ 15a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 16a8e1175bSopenharmony_ci const int invalid_padding = 42; 17a8e1175bSopenharmony_ci const int invalid_hash_id = 0xff; 18a8e1175bSopenharmony_ci unsigned char buf[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; 19a8e1175bSopenharmony_ci size_t buf_len = sizeof(buf); 20a8e1175bSopenharmony_ci 21a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 22a8e1175bSopenharmony_ci 23a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 24a8e1175bSopenharmony_ci invalid_padding, 25a8e1175bSopenharmony_ci MBEDTLS_MD_NONE), 26a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_INVALID_PADDING); 27a8e1175bSopenharmony_ci 28a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 29a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V21, 30a8e1175bSopenharmony_ci invalid_hash_id), 31a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_INVALID_PADDING); 32a8e1175bSopenharmony_ci 33a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 34a8e1175bSopenharmony_ci NULL, MBEDTLS_MD_NONE, 35a8e1175bSopenharmony_ci buf_len, 36a8e1175bSopenharmony_ci NULL, buf), 37a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 38a8e1175bSopenharmony_ci 39a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_pkcs1_sign(&ctx, NULL, 40a8e1175bSopenharmony_ci NULL, MBEDTLS_MD_SHA256, 41a8e1175bSopenharmony_ci 0, 42a8e1175bSopenharmony_ci NULL, buf), 43a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 44a8e1175bSopenharmony_ci 45a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, 46a8e1175bSopenharmony_ci buf_len, 47a8e1175bSopenharmony_ci NULL, buf), 48a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 49a8e1175bSopenharmony_ci 50a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, 51a8e1175bSopenharmony_ci 0, 52a8e1175bSopenharmony_ci NULL, buf), 53a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 54a8e1175bSopenharmony_ci 55a8e1175bSopenharmony_ci#if !defined(MBEDTLS_PKCS1_V15) 56a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 57a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V15, 58a8e1175bSopenharmony_ci MBEDTLS_MD_NONE), 59a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_INVALID_PADDING); 60a8e1175bSopenharmony_ci#endif 61a8e1175bSopenharmony_ci 62a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V15) 63a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 64a8e1175bSopenharmony_ci NULL, MBEDTLS_MD_NONE, 65a8e1175bSopenharmony_ci buf_len, 66a8e1175bSopenharmony_ci NULL, buf), 67a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 68a8e1175bSopenharmony_ci 69a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, 70a8e1175bSopenharmony_ci NULL, MBEDTLS_MD_SHA256, 71a8e1175bSopenharmony_ci 0, 72a8e1175bSopenharmony_ci NULL, buf), 73a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 74a8e1175bSopenharmony_ci 75a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, 76a8e1175bSopenharmony_ci buf_len, 77a8e1175bSopenharmony_ci NULL, buf), 78a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 79a8e1175bSopenharmony_ci 80a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, 81a8e1175bSopenharmony_ci 0, 82a8e1175bSopenharmony_ci NULL, buf), 83a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 84a8e1175bSopenharmony_ci 85a8e1175bSopenharmony_ci 86a8e1175bSopenharmony_ci#endif 87a8e1175bSopenharmony_ci 88a8e1175bSopenharmony_ci#if !defined(MBEDTLS_PKCS1_V21) 89a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(&ctx, 90a8e1175bSopenharmony_ci MBEDTLS_RSA_PKCS_V21, 91a8e1175bSopenharmony_ci MBEDTLS_MD_NONE), 92a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_INVALID_PADDING); 93a8e1175bSopenharmony_ci#endif 94a8e1175bSopenharmony_ci 95a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V21) 96a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 97a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, buf_len, 98a8e1175bSopenharmony_ci NULL, buf_len, 99a8e1175bSopenharmony_ci buf), 100a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 101a8e1175bSopenharmony_ci 102a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, 103a8e1175bSopenharmony_ci MBEDTLS_MD_SHA256, 0, 104a8e1175bSopenharmony_ci NULL, buf_len, 105a8e1175bSopenharmony_ci buf), 106a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 107a8e1175bSopenharmony_ci 108a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, 109a8e1175bSopenharmony_ci buf_len, NULL, 110a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 111a8e1175bSopenharmony_ci buf_len, buf), 112a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 113a8e1175bSopenharmony_ci 114a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, 115a8e1175bSopenharmony_ci 0, NULL, 116a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 117a8e1175bSopenharmony_ci buf_len, buf), 118a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 119a8e1175bSopenharmony_ci 120a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, 121a8e1175bSopenharmony_ci buf_len, 122a8e1175bSopenharmony_ci NULL, buf), 123a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 124a8e1175bSopenharmony_ci 125a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, 126a8e1175bSopenharmony_ci 0, 127a8e1175bSopenharmony_ci NULL, buf), 128a8e1175bSopenharmony_ci MBEDTLS_ERR_RSA_BAD_INPUT_DATA); 129a8e1175bSopenharmony_ci#endif 130a8e1175bSopenharmony_ci 131a8e1175bSopenharmony_ciexit: 132a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 133a8e1175bSopenharmony_ci} 134a8e1175bSopenharmony_ci/* END_CASE */ 135a8e1175bSopenharmony_ci 136a8e1175bSopenharmony_ci/* BEGIN_CASE */ 137a8e1175bSopenharmony_civoid rsa_init_free(int reinit) 138a8e1175bSopenharmony_ci{ 139a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 140a8e1175bSopenharmony_ci 141a8e1175bSopenharmony_ci /* Double free is not explicitly documented to work, but we rely on it 142a8e1175bSopenharmony_ci * even inside the library so that you can call mbedtls_rsa_free() 143a8e1175bSopenharmony_ci * unconditionally on an error path without checking whether it has 144a8e1175bSopenharmony_ci * already been called in the success path. */ 145a8e1175bSopenharmony_ci 146a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 147a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 148a8e1175bSopenharmony_ci 149a8e1175bSopenharmony_ci if (reinit) { 150a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 151a8e1175bSopenharmony_ci } 152a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 153a8e1175bSopenharmony_ci 154a8e1175bSopenharmony_ci /* This test case always succeeds, functionally speaking. A plausible 155a8e1175bSopenharmony_ci * bug might trigger an invalid pointer dereference or a memory leak. */ 156a8e1175bSopenharmony_ci goto exit; 157a8e1175bSopenharmony_ci} 158a8e1175bSopenharmony_ci/* END_CASE */ 159a8e1175bSopenharmony_ci 160a8e1175bSopenharmony_ci/* BEGIN_CASE */ 161a8e1175bSopenharmony_civoid mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, 162a8e1175bSopenharmony_ci int digest, int mod, char *input_P, 163a8e1175bSopenharmony_ci char *input_Q, char *input_N, char *input_E, 164a8e1175bSopenharmony_ci data_t *result_str, int result) 165a8e1175bSopenharmony_ci{ 166a8e1175bSopenharmony_ci unsigned char output[256]; 167a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 168a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 169a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 170a8e1175bSopenharmony_ci 171a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 172a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 173a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 174a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 175a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 176a8e1175bSopenharmony_ci 177a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 178a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 179a8e1175bSopenharmony_ci 180a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 181a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 182a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 183a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 184a8e1175bSopenharmony_ci 185a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 186a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 187a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 188a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 189a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 190a8e1175bSopenharmony_ci 191a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_sign( 192a8e1175bSopenharmony_ci &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, 193a8e1175bSopenharmony_ci digest, message_str->len, message_str->x, 194a8e1175bSopenharmony_ci output) == result); 195a8e1175bSopenharmony_ci if (result == 0) { 196a8e1175bSopenharmony_ci 197a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 198a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 199a8e1175bSopenharmony_ci } 200a8e1175bSopenharmony_ci 201a8e1175bSopenharmony_ciexit: 202a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 203a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 204a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 205a8e1175bSopenharmony_ci} 206a8e1175bSopenharmony_ci/* END_CASE */ 207a8e1175bSopenharmony_ci 208a8e1175bSopenharmony_ci/* BEGIN_CASE */ 209a8e1175bSopenharmony_civoid mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, 210a8e1175bSopenharmony_ci int digest, int mod, 211a8e1175bSopenharmony_ci char *input_N, char *input_E, 212a8e1175bSopenharmony_ci data_t *result_str, int result) 213a8e1175bSopenharmony_ci{ 214a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 215a8e1175bSopenharmony_ci mbedtls_mpi N, E; 216a8e1175bSopenharmony_ci 217a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 218a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 219a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 220a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 221a8e1175bSopenharmony_ci 222a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 223a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 224a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 225a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 226a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 227a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 228a8e1175bSopenharmony_ci 229a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, 230a8e1175bSopenharmony_ci result_str->x) == result); 231a8e1175bSopenharmony_ci 232a8e1175bSopenharmony_ciexit: 233a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 234a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 235a8e1175bSopenharmony_ci} 236a8e1175bSopenharmony_ci/* END_CASE */ 237a8e1175bSopenharmony_ci 238a8e1175bSopenharmony_ci 239a8e1175bSopenharmony_ci/* BEGIN_CASE */ 240a8e1175bSopenharmony_civoid rsa_pkcs1_sign_raw(data_t *hash_result, 241a8e1175bSopenharmony_ci int padding_mode, int mod, 242a8e1175bSopenharmony_ci char *input_P, char *input_Q, 243a8e1175bSopenharmony_ci char *input_N, char *input_E, 244a8e1175bSopenharmony_ci data_t *result_str) 245a8e1175bSopenharmony_ci{ 246a8e1175bSopenharmony_ci unsigned char output[256]; 247a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 248a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 249a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 250a8e1175bSopenharmony_ci 251a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 252a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 253a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 254a8e1175bSopenharmony_ci 255a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 256a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 257a8e1175bSopenharmony_ci 258a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 259a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 260a8e1175bSopenharmony_ci 261a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 262a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 263a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 264a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 265a8e1175bSopenharmony_ci 266a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 267a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 268a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 269a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 270a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 271a8e1175bSopenharmony_ci 272a8e1175bSopenharmony_ci 273a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_sign(&ctx, &mbedtls_test_rnd_pseudo_rand, 274a8e1175bSopenharmony_ci &rnd_info, MBEDTLS_MD_NONE, 275a8e1175bSopenharmony_ci hash_result->len, 276a8e1175bSopenharmony_ci hash_result->x, output) == 0); 277a8e1175bSopenharmony_ci 278a8e1175bSopenharmony_ci 279a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 280a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 281a8e1175bSopenharmony_ci 282a8e1175bSopenharmony_ciexit: 283a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 284a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 285a8e1175bSopenharmony_ci 286a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 287a8e1175bSopenharmony_ci} 288a8e1175bSopenharmony_ci/* END_CASE */ 289a8e1175bSopenharmony_ci 290a8e1175bSopenharmony_ci/* BEGIN_CASE */ 291a8e1175bSopenharmony_civoid rsa_pkcs1_verify_raw(data_t *hash_result, 292a8e1175bSopenharmony_ci int padding_mode, int mod, 293a8e1175bSopenharmony_ci char *input_N, char *input_E, 294a8e1175bSopenharmony_ci data_t *result_str, int correct) 295a8e1175bSopenharmony_ci{ 296a8e1175bSopenharmony_ci unsigned char output[256]; 297a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 298a8e1175bSopenharmony_ci 299a8e1175bSopenharmony_ci mbedtls_mpi N, E; 300a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 301a8e1175bSopenharmony_ci 302a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 303a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 304a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 305a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 306a8e1175bSopenharmony_ci 307a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 308a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 309a8e1175bSopenharmony_ci 310a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 311a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 312a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 313a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 314a8e1175bSopenharmony_ci 315a8e1175bSopenharmony_ci 316a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, 317a8e1175bSopenharmony_ci result_str->x) == correct); 318a8e1175bSopenharmony_ci 319a8e1175bSopenharmony_ciexit: 320a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 321a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 322a8e1175bSopenharmony_ci} 323a8e1175bSopenharmony_ci/* END_CASE */ 324a8e1175bSopenharmony_ci 325a8e1175bSopenharmony_ci/* BEGIN_CASE */ 326a8e1175bSopenharmony_civoid mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, 327a8e1175bSopenharmony_ci int mod, char *input_N, char *input_E, 328a8e1175bSopenharmony_ci data_t *result_str, int result) 329a8e1175bSopenharmony_ci{ 330a8e1175bSopenharmony_ci unsigned char output[256]; 331a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 332a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 333a8e1175bSopenharmony_ci 334a8e1175bSopenharmony_ci mbedtls_mpi N, E; 335a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 336a8e1175bSopenharmony_ci 337a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 338a8e1175bSopenharmony_ci 339a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 340a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 341a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 342a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 343a8e1175bSopenharmony_ci 344a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 345a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 346a8e1175bSopenharmony_ci 347a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 348a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 349a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 350a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 351a8e1175bSopenharmony_ci 352a8e1175bSopenharmony_ci 353a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, 354a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 355a8e1175bSopenharmony_ci &rnd_info, message_str->len, 356a8e1175bSopenharmony_ci message_str->x, 357a8e1175bSopenharmony_ci output) == result); 358a8e1175bSopenharmony_ci if (result == 0) { 359a8e1175bSopenharmony_ci 360a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 361a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 362a8e1175bSopenharmony_ci } 363a8e1175bSopenharmony_ci 364a8e1175bSopenharmony_ciexit: 365a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 366a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 367a8e1175bSopenharmony_ci} 368a8e1175bSopenharmony_ci/* END_CASE */ 369a8e1175bSopenharmony_ci 370a8e1175bSopenharmony_ci/* BEGIN_CASE */ 371a8e1175bSopenharmony_civoid rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, 372a8e1175bSopenharmony_ci int mod, char *input_N, char *input_E, 373a8e1175bSopenharmony_ci data_t *result_str, int result) 374a8e1175bSopenharmony_ci{ 375a8e1175bSopenharmony_ci unsigned char output[256]; 376a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 377a8e1175bSopenharmony_ci 378a8e1175bSopenharmony_ci mbedtls_mpi N, E; 379a8e1175bSopenharmony_ci 380a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 381a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 382a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 383a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 384a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 385a8e1175bSopenharmony_ci 386a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 387a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 388a8e1175bSopenharmony_ci 389a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 390a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 391a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 392a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 393a8e1175bSopenharmony_ci 394a8e1175bSopenharmony_ci 395a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_encrypt(&ctx, &mbedtls_test_rnd_zero_rand, 396a8e1175bSopenharmony_ci NULL, message_str->len, 397a8e1175bSopenharmony_ci message_str->x, 398a8e1175bSopenharmony_ci output) == result); 399a8e1175bSopenharmony_ci if (result == 0) { 400a8e1175bSopenharmony_ci 401a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 402a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 403a8e1175bSopenharmony_ci } 404a8e1175bSopenharmony_ci 405a8e1175bSopenharmony_ciexit: 406a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 407a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 408a8e1175bSopenharmony_ci} 409a8e1175bSopenharmony_ci/* END_CASE */ 410a8e1175bSopenharmony_ci 411a8e1175bSopenharmony_ci/* BEGIN_CASE */ 412a8e1175bSopenharmony_civoid mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, 413a8e1175bSopenharmony_ci int mod, char *input_P, 414a8e1175bSopenharmony_ci char *input_Q, char *input_N, 415a8e1175bSopenharmony_ci char *input_E, int max_output, 416a8e1175bSopenharmony_ci data_t *result_str, int result) 417a8e1175bSopenharmony_ci{ 418a8e1175bSopenharmony_ci unsigned char output[32]; 419a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 420a8e1175bSopenharmony_ci size_t output_len; 421a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 422a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 423a8e1175bSopenharmony_ci 424a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 425a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 426a8e1175bSopenharmony_ci 427a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 428a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, padding_mode, 429a8e1175bSopenharmony_ci MBEDTLS_MD_NONE) == 0); 430a8e1175bSopenharmony_ci 431a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 432a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 433a8e1175bSopenharmony_ci 434a8e1175bSopenharmony_ci 435a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 436a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 437a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 438a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 439a8e1175bSopenharmony_ci 440a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 441a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 442a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 443a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 444a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 445a8e1175bSopenharmony_ci 446a8e1175bSopenharmony_ci output_len = 0; 447a8e1175bSopenharmony_ci 448a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_test_rnd_pseudo_rand, 449a8e1175bSopenharmony_ci &rnd_info, 450a8e1175bSopenharmony_ci &output_len, message_str->x, output, 451a8e1175bSopenharmony_ci max_output) == result); 452a8e1175bSopenharmony_ci if (result == 0) { 453a8e1175bSopenharmony_ci 454a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 455a8e1175bSopenharmony_ci output_len, 456a8e1175bSopenharmony_ci result_str->len) == 0); 457a8e1175bSopenharmony_ci } 458a8e1175bSopenharmony_ci 459a8e1175bSopenharmony_ciexit: 460a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 461a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 462a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 463a8e1175bSopenharmony_ci} 464a8e1175bSopenharmony_ci/* END_CASE */ 465a8e1175bSopenharmony_ci 466a8e1175bSopenharmony_ci/* BEGIN_CASE */ 467a8e1175bSopenharmony_civoid mbedtls_rsa_public(data_t *message_str, int mod, 468a8e1175bSopenharmony_ci char *input_N, char *input_E, 469a8e1175bSopenharmony_ci data_t *result_str, int result) 470a8e1175bSopenharmony_ci{ 471a8e1175bSopenharmony_ci unsigned char output[256]; 472a8e1175bSopenharmony_ci mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 473a8e1175bSopenharmony_ci 474a8e1175bSopenharmony_ci mbedtls_mpi N, E; 475a8e1175bSopenharmony_ci 476a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 477a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 478a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx2); 479a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 480a8e1175bSopenharmony_ci 481a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 482a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 483a8e1175bSopenharmony_ci 484a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 485a8e1175bSopenharmony_ci 486a8e1175bSopenharmony_ci /* Check test data consistency */ 487a8e1175bSopenharmony_ci TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); 488a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 489a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 490a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); 491a8e1175bSopenharmony_ci 492a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); 493a8e1175bSopenharmony_ci if (result == 0) { 494a8e1175bSopenharmony_ci 495a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 496a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 497a8e1175bSopenharmony_ci } 498a8e1175bSopenharmony_ci 499a8e1175bSopenharmony_ci /* And now with the copy */ 500a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 501a8e1175bSopenharmony_ci /* clear the original to be sure */ 502a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 503a8e1175bSopenharmony_ci 504a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx2) == 0); 505a8e1175bSopenharmony_ci 506a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 507a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_public(&ctx2, message_str->x, output) == result); 508a8e1175bSopenharmony_ci if (result == 0) { 509a8e1175bSopenharmony_ci 510a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 511a8e1175bSopenharmony_ci ctx.len, result_str->len) == 0); 512a8e1175bSopenharmony_ci } 513a8e1175bSopenharmony_ci 514a8e1175bSopenharmony_ciexit: 515a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 516a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 517a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx2); 518a8e1175bSopenharmony_ci} 519a8e1175bSopenharmony_ci/* END_CASE */ 520a8e1175bSopenharmony_ci 521a8e1175bSopenharmony_ci/* BEGIN_CASE */ 522a8e1175bSopenharmony_civoid mbedtls_rsa_private(data_t *message_str, int mod, 523a8e1175bSopenharmony_ci char *input_P, char *input_Q, 524a8e1175bSopenharmony_ci char *input_N, char *input_E, 525a8e1175bSopenharmony_ci data_t *result_str, int result) 526a8e1175bSopenharmony_ci{ 527a8e1175bSopenharmony_ci unsigned char output[256]; 528a8e1175bSopenharmony_ci mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ 529a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 530a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 531a8e1175bSopenharmony_ci int i; 532a8e1175bSopenharmony_ci 533a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 534a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 535a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 536a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx2); 537a8e1175bSopenharmony_ci 538a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 539a8e1175bSopenharmony_ci 540a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 541a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 542a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 543a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 544a8e1175bSopenharmony_ci 545a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); 546a8e1175bSopenharmony_ci 547a8e1175bSopenharmony_ci /* Check test data consistency */ 548a8e1175bSopenharmony_ci TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); 549a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); 550a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); 551a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 552a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 553a8e1175bSopenharmony_ci 554a8e1175bSopenharmony_ci /* repeat three times to test updating of blinding values */ 555a8e1175bSopenharmony_ci for (i = 0; i < 3; i++) { 556a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 557a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand, 558a8e1175bSopenharmony_ci &rnd_info, message_str->x, 559a8e1175bSopenharmony_ci output) == result); 560a8e1175bSopenharmony_ci if (result == 0) { 561a8e1175bSopenharmony_ci 562a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 563a8e1175bSopenharmony_ci ctx.len, 564a8e1175bSopenharmony_ci result_str->len) == 0); 565a8e1175bSopenharmony_ci } 566a8e1175bSopenharmony_ci } 567a8e1175bSopenharmony_ci 568a8e1175bSopenharmony_ci /* And now one more time with the copy */ 569a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_copy(&ctx2, &ctx) == 0); 570a8e1175bSopenharmony_ci /* clear the original to be sure */ 571a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 572a8e1175bSopenharmony_ci 573a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx2) == 0); 574a8e1175bSopenharmony_ci 575a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 576a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_private(&ctx2, mbedtls_test_rnd_pseudo_rand, 577a8e1175bSopenharmony_ci &rnd_info, message_str->x, 578a8e1175bSopenharmony_ci output) == result); 579a8e1175bSopenharmony_ci if (result == 0) { 580a8e1175bSopenharmony_ci 581a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 582a8e1175bSopenharmony_ci ctx2.len, 583a8e1175bSopenharmony_ci result_str->len) == 0); 584a8e1175bSopenharmony_ci } 585a8e1175bSopenharmony_ci 586a8e1175bSopenharmony_ciexit: 587a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 588a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 589a8e1175bSopenharmony_ci 590a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx2); 591a8e1175bSopenharmony_ci} 592a8e1175bSopenharmony_ci/* END_CASE */ 593a8e1175bSopenharmony_ci 594a8e1175bSopenharmony_ci/* BEGIN_CASE */ 595a8e1175bSopenharmony_civoid rsa_check_privkey_null() 596a8e1175bSopenharmony_ci{ 597a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 598a8e1175bSopenharmony_ci memset(&ctx, 0x00, sizeof(mbedtls_rsa_context)); 599a8e1175bSopenharmony_ci 600a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); 601a8e1175bSopenharmony_ci} 602a8e1175bSopenharmony_ci/* END_CASE */ 603a8e1175bSopenharmony_ci 604a8e1175bSopenharmony_ci/* BEGIN_CASE */ 605a8e1175bSopenharmony_civoid mbedtls_rsa_check_pubkey(char *input_N, char *input_E, int result) 606a8e1175bSopenharmony_ci{ 607a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 608a8e1175bSopenharmony_ci mbedtls_mpi N, E; 609a8e1175bSopenharmony_ci 610a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); 611a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 612a8e1175bSopenharmony_ci 613a8e1175bSopenharmony_ci if (strlen(input_N)) { 614a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 615a8e1175bSopenharmony_ci } 616a8e1175bSopenharmony_ci if (strlen(input_E)) { 617a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 618a8e1175bSopenharmony_ci } 619a8e1175bSopenharmony_ci 620a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); 621a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == result); 622a8e1175bSopenharmony_ci 623a8e1175bSopenharmony_ciexit: 624a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); 625a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 626a8e1175bSopenharmony_ci} 627a8e1175bSopenharmony_ci/* END_CASE */ 628a8e1175bSopenharmony_ci 629a8e1175bSopenharmony_ci/* BEGIN_CASE */ 630a8e1175bSopenharmony_civoid mbedtls_rsa_check_privkey(int mod, char *input_P, char *input_Q, 631a8e1175bSopenharmony_ci char *input_N, char *input_E, char *input_D, 632a8e1175bSopenharmony_ci char *input_DP, char *input_DQ, char *input_QP, 633a8e1175bSopenharmony_ci int result) 634a8e1175bSopenharmony_ci{ 635a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 636a8e1175bSopenharmony_ci 637a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 638a8e1175bSopenharmony_ci 639a8e1175bSopenharmony_ci ctx.len = mod / 8; 640a8e1175bSopenharmony_ci if (strlen(input_P)) { 641a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.P, input_P) == 0); 642a8e1175bSopenharmony_ci } 643a8e1175bSopenharmony_ci if (strlen(input_Q)) { 644a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.Q, input_Q) == 0); 645a8e1175bSopenharmony_ci } 646a8e1175bSopenharmony_ci if (strlen(input_N)) { 647a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.N, input_N) == 0); 648a8e1175bSopenharmony_ci } 649a8e1175bSopenharmony_ci if (strlen(input_E)) { 650a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.E, input_E) == 0); 651a8e1175bSopenharmony_ci } 652a8e1175bSopenharmony_ci if (strlen(input_D)) { 653a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.D, input_D) == 0); 654a8e1175bSopenharmony_ci } 655a8e1175bSopenharmony_ci#if !defined(MBEDTLS_RSA_NO_CRT) 656a8e1175bSopenharmony_ci if (strlen(input_DP)) { 657a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DP, input_DP) == 0); 658a8e1175bSopenharmony_ci } 659a8e1175bSopenharmony_ci if (strlen(input_DQ)) { 660a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.DQ, input_DQ) == 0); 661a8e1175bSopenharmony_ci } 662a8e1175bSopenharmony_ci if (strlen(input_QP)) { 663a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&ctx.QP, input_QP) == 0); 664a8e1175bSopenharmony_ci } 665a8e1175bSopenharmony_ci#else 666a8e1175bSopenharmony_ci ((void) input_DP); 667a8e1175bSopenharmony_ci ((void) input_DQ); 668a8e1175bSopenharmony_ci ((void) input_QP); 669a8e1175bSopenharmony_ci#endif 670a8e1175bSopenharmony_ci 671a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == result); 672a8e1175bSopenharmony_ci 673a8e1175bSopenharmony_ciexit: 674a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 675a8e1175bSopenharmony_ci} 676a8e1175bSopenharmony_ci/* END_CASE */ 677a8e1175bSopenharmony_ci 678a8e1175bSopenharmony_ci/* BEGIN_CASE */ 679a8e1175bSopenharmony_civoid rsa_check_pubpriv(int mod, char *input_Npub, char *input_Epub, 680a8e1175bSopenharmony_ci char *input_P, char *input_Q, char *input_N, 681a8e1175bSopenharmony_ci char *input_E, char *input_D, char *input_DP, 682a8e1175bSopenharmony_ci char *input_DQ, char *input_QP, int result) 683a8e1175bSopenharmony_ci{ 684a8e1175bSopenharmony_ci mbedtls_rsa_context pub, prv; 685a8e1175bSopenharmony_ci 686a8e1175bSopenharmony_ci mbedtls_rsa_init(&pub); 687a8e1175bSopenharmony_ci mbedtls_rsa_init(&prv); 688a8e1175bSopenharmony_ci 689a8e1175bSopenharmony_ci pub.len = mod / 8; 690a8e1175bSopenharmony_ci prv.len = mod / 8; 691a8e1175bSopenharmony_ci 692a8e1175bSopenharmony_ci if (strlen(input_Npub)) { 693a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&pub.N, input_Npub) == 0); 694a8e1175bSopenharmony_ci } 695a8e1175bSopenharmony_ci if (strlen(input_Epub)) { 696a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&pub.E, input_Epub) == 0); 697a8e1175bSopenharmony_ci } 698a8e1175bSopenharmony_ci 699a8e1175bSopenharmony_ci if (strlen(input_P)) { 700a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.P, input_P) == 0); 701a8e1175bSopenharmony_ci } 702a8e1175bSopenharmony_ci if (strlen(input_Q)) { 703a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.Q, input_Q) == 0); 704a8e1175bSopenharmony_ci } 705a8e1175bSopenharmony_ci if (strlen(input_N)) { 706a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.N, input_N) == 0); 707a8e1175bSopenharmony_ci } 708a8e1175bSopenharmony_ci if (strlen(input_E)) { 709a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.E, input_E) == 0); 710a8e1175bSopenharmony_ci } 711a8e1175bSopenharmony_ci if (strlen(input_D)) { 712a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.D, input_D) == 0); 713a8e1175bSopenharmony_ci } 714a8e1175bSopenharmony_ci#if !defined(MBEDTLS_RSA_NO_CRT) 715a8e1175bSopenharmony_ci if (strlen(input_DP)) { 716a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.DP, input_DP) == 0); 717a8e1175bSopenharmony_ci } 718a8e1175bSopenharmony_ci if (strlen(input_DQ)) { 719a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.DQ, input_DQ) == 0); 720a8e1175bSopenharmony_ci } 721a8e1175bSopenharmony_ci if (strlen(input_QP)) { 722a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&prv.QP, input_QP) == 0); 723a8e1175bSopenharmony_ci } 724a8e1175bSopenharmony_ci#else 725a8e1175bSopenharmony_ci ((void) input_DP); 726a8e1175bSopenharmony_ci ((void) input_DQ); 727a8e1175bSopenharmony_ci ((void) input_QP); 728a8e1175bSopenharmony_ci#endif 729a8e1175bSopenharmony_ci 730a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pub_priv(&pub, &prv) == result); 731a8e1175bSopenharmony_ci 732a8e1175bSopenharmony_ciexit: 733a8e1175bSopenharmony_ci mbedtls_rsa_free(&pub); 734a8e1175bSopenharmony_ci mbedtls_rsa_free(&prv); 735a8e1175bSopenharmony_ci} 736a8e1175bSopenharmony_ci/* END_CASE */ 737a8e1175bSopenharmony_ci 738a8e1175bSopenharmony_ci/* BEGIN_CASE */ 739a8e1175bSopenharmony_civoid mbedtls_rsa_gen_key(int nrbits, int exponent, int result) 740a8e1175bSopenharmony_ci{ 741a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 742a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 743a8e1175bSopenharmony_ci 744a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 745a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 746a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_gen_key(&ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, 747a8e1175bSopenharmony_ci exponent) == result); 748a8e1175bSopenharmony_ci if (result == 0) { 749a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); 750a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&ctx.P, &ctx.Q) > 0); 751a8e1175bSopenharmony_ci } 752a8e1175bSopenharmony_ci 753a8e1175bSopenharmony_ciexit: 754a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 755a8e1175bSopenharmony_ci} 756a8e1175bSopenharmony_ci/* END_CASE */ 757a8e1175bSopenharmony_ci 758a8e1175bSopenharmony_ci/* BEGIN_CASE */ 759a8e1175bSopenharmony_civoid mbedtls_rsa_deduce_primes(char *input_N, 760a8e1175bSopenharmony_ci char *input_D, 761a8e1175bSopenharmony_ci char *input_E, 762a8e1175bSopenharmony_ci char *output_P, 763a8e1175bSopenharmony_ci char *output_Q, 764a8e1175bSopenharmony_ci int corrupt, int result) 765a8e1175bSopenharmony_ci{ 766a8e1175bSopenharmony_ci mbedtls_mpi N, P, Pp, Q, Qp, D, E; 767a8e1175bSopenharmony_ci 768a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); 769a8e1175bSopenharmony_ci mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 770a8e1175bSopenharmony_ci mbedtls_mpi_init(&Pp); mbedtls_mpi_init(&Qp); 771a8e1175bSopenharmony_ci mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 772a8e1175bSopenharmony_ci 773a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 774a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 775a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 776a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Qp, output_P) == 0); 777a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Pp, output_Q) == 0); 778a8e1175bSopenharmony_ci 779a8e1175bSopenharmony_ci if (corrupt) { 780a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_add_int(&D, &D, 2) == 0); 781a8e1175bSopenharmony_ci } 782a8e1175bSopenharmony_ci 783a8e1175bSopenharmony_ci /* Try to deduce P, Q from N, D, E only. */ 784a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_deduce_primes(&N, &D, &E, &P, &Q) == result); 785a8e1175bSopenharmony_ci 786a8e1175bSopenharmony_ci if (!corrupt) { 787a8e1175bSopenharmony_ci /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ 788a8e1175bSopenharmony_ci TEST_ASSERT((mbedtls_mpi_cmp_mpi(&P, &Pp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Qp) == 0) || 789a8e1175bSopenharmony_ci (mbedtls_mpi_cmp_mpi(&P, &Qp) == 0 && mbedtls_mpi_cmp_mpi(&Q, &Pp) == 0)); 790a8e1175bSopenharmony_ci } 791a8e1175bSopenharmony_ci 792a8e1175bSopenharmony_ciexit: 793a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); 794a8e1175bSopenharmony_ci mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 795a8e1175bSopenharmony_ci mbedtls_mpi_free(&Pp); mbedtls_mpi_free(&Qp); 796a8e1175bSopenharmony_ci mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 797a8e1175bSopenharmony_ci} 798a8e1175bSopenharmony_ci/* END_CASE */ 799a8e1175bSopenharmony_ci 800a8e1175bSopenharmony_ci/* BEGIN_CASE */ 801a8e1175bSopenharmony_civoid mbedtls_rsa_deduce_private_exponent(char *input_P, 802a8e1175bSopenharmony_ci char *input_Q, 803a8e1175bSopenharmony_ci char *input_E, 804a8e1175bSopenharmony_ci char *output_D, 805a8e1175bSopenharmony_ci int corrupt, int result) 806a8e1175bSopenharmony_ci{ 807a8e1175bSopenharmony_ci mbedtls_mpi P, Q, D, Dp, E, R, Rp; 808a8e1175bSopenharmony_ci 809a8e1175bSopenharmony_ci mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 810a8e1175bSopenharmony_ci mbedtls_mpi_init(&D); mbedtls_mpi_init(&Dp); 811a8e1175bSopenharmony_ci mbedtls_mpi_init(&E); 812a8e1175bSopenharmony_ci mbedtls_mpi_init(&R); mbedtls_mpi_init(&Rp); 813a8e1175bSopenharmony_ci 814a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 815a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 816a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 817a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Dp, output_D) == 0); 818a8e1175bSopenharmony_ci 819a8e1175bSopenharmony_ci if (corrupt) { 820a8e1175bSopenharmony_ci /* Make E even */ 821a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 0) == 0); 822a8e1175bSopenharmony_ci } 823a8e1175bSopenharmony_ci 824a8e1175bSopenharmony_ci /* Try to deduce D from N, P, Q, E. */ 825a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_deduce_private_exponent(&P, &Q, 826a8e1175bSopenharmony_ci &E, &D) == result); 827a8e1175bSopenharmony_ci 828a8e1175bSopenharmony_ci if (!corrupt) { 829a8e1175bSopenharmony_ci /* 830a8e1175bSopenharmony_ci * Check that D and Dp agree modulo LCM(P-1, Q-1). 831a8e1175bSopenharmony_ci */ 832a8e1175bSopenharmony_ci 833a8e1175bSopenharmony_ci /* Replace P,Q by P-1, Q-1 */ 834a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_sub_int(&P, &P, 1) == 0); 835a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_sub_int(&Q, &Q, 1) == 0); 836a8e1175bSopenharmony_ci 837a8e1175bSopenharmony_ci /* Check D == Dp modulo P-1 */ 838a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &P) == 0); 839a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &P) == 0); 840a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 841a8e1175bSopenharmony_ci 842a8e1175bSopenharmony_ci /* Check D == Dp modulo Q-1 */ 843a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &D, &Q) == 0); 844a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_mod_mpi(&Rp, &Dp, &Q) == 0); 845a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &Rp) == 0); 846a8e1175bSopenharmony_ci } 847a8e1175bSopenharmony_ci 848a8e1175bSopenharmony_ciexit: 849a8e1175bSopenharmony_ci 850a8e1175bSopenharmony_ci mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 851a8e1175bSopenharmony_ci mbedtls_mpi_free(&D); mbedtls_mpi_free(&Dp); 852a8e1175bSopenharmony_ci mbedtls_mpi_free(&E); 853a8e1175bSopenharmony_ci mbedtls_mpi_free(&R); mbedtls_mpi_free(&Rp); 854a8e1175bSopenharmony_ci} 855a8e1175bSopenharmony_ci/* END_CASE */ 856a8e1175bSopenharmony_ci 857a8e1175bSopenharmony_ci/* BEGIN_CASE */ 858a8e1175bSopenharmony_civoid mbedtls_rsa_import(char *input_N, 859a8e1175bSopenharmony_ci char *input_P, 860a8e1175bSopenharmony_ci char *input_Q, 861a8e1175bSopenharmony_ci char *input_D, 862a8e1175bSopenharmony_ci char *input_E, 863a8e1175bSopenharmony_ci int bitlen, 864a8e1175bSopenharmony_ci int successive, 865a8e1175bSopenharmony_ci int is_priv, 866a8e1175bSopenharmony_ci int res_check, 867a8e1175bSopenharmony_ci int res_complete) 868a8e1175bSopenharmony_ci{ 869a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, D, E; 870a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 871a8e1175bSopenharmony_ci 872a8e1175bSopenharmony_ci /* Buffers used for encryption-decryption test */ 873a8e1175bSopenharmony_ci unsigned char *buf_orig = NULL; 874a8e1175bSopenharmony_ci unsigned char *buf_enc = NULL; 875a8e1175bSopenharmony_ci unsigned char *buf_dec = NULL; 876a8e1175bSopenharmony_ci 877a8e1175bSopenharmony_ci const int have_N = (strlen(input_N) > 0); 878a8e1175bSopenharmony_ci const int have_P = (strlen(input_P) > 0); 879a8e1175bSopenharmony_ci const int have_Q = (strlen(input_Q) > 0); 880a8e1175bSopenharmony_ci const int have_D = (strlen(input_D) > 0); 881a8e1175bSopenharmony_ci const int have_E = (strlen(input_E) > 0); 882a8e1175bSopenharmony_ci 883a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 884a8e1175bSopenharmony_ci 885a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); 886a8e1175bSopenharmony_ci mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 887a8e1175bSopenharmony_ci mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 888a8e1175bSopenharmony_ci 889a8e1175bSopenharmony_ci if (have_N) { 890a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 891a8e1175bSopenharmony_ci } 892a8e1175bSopenharmony_ci 893a8e1175bSopenharmony_ci if (have_P) { 894a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 895a8e1175bSopenharmony_ci } 896a8e1175bSopenharmony_ci 897a8e1175bSopenharmony_ci if (have_Q) { 898a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 899a8e1175bSopenharmony_ci } 900a8e1175bSopenharmony_ci 901a8e1175bSopenharmony_ci if (have_D) { 902a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 903a8e1175bSopenharmony_ci } 904a8e1175bSopenharmony_ci 905a8e1175bSopenharmony_ci if (have_E) { 906a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 907a8e1175bSopenharmony_ci } 908a8e1175bSopenharmony_ci 909a8e1175bSopenharmony_ci if (!successive) { 910a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 911a8e1175bSopenharmony_ci have_N ? &N : NULL, 912a8e1175bSopenharmony_ci have_P ? &P : NULL, 913a8e1175bSopenharmony_ci have_Q ? &Q : NULL, 914a8e1175bSopenharmony_ci have_D ? &D : NULL, 915a8e1175bSopenharmony_ci have_E ? &E : NULL) == 0); 916a8e1175bSopenharmony_ci } else { 917a8e1175bSopenharmony_ci /* Import N, P, Q, D, E separately. 918a8e1175bSopenharmony_ci * This should make no functional difference. */ 919a8e1175bSopenharmony_ci 920a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 921a8e1175bSopenharmony_ci have_N ? &N : NULL, 922a8e1175bSopenharmony_ci NULL, NULL, NULL, NULL) == 0); 923a8e1175bSopenharmony_ci 924a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 925a8e1175bSopenharmony_ci NULL, 926a8e1175bSopenharmony_ci have_P ? &P : NULL, 927a8e1175bSopenharmony_ci NULL, NULL, NULL) == 0); 928a8e1175bSopenharmony_ci 929a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 930a8e1175bSopenharmony_ci NULL, NULL, 931a8e1175bSopenharmony_ci have_Q ? &Q : NULL, 932a8e1175bSopenharmony_ci NULL, NULL) == 0); 933a8e1175bSopenharmony_ci 934a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 935a8e1175bSopenharmony_ci NULL, NULL, NULL, 936a8e1175bSopenharmony_ci have_D ? &D : NULL, 937a8e1175bSopenharmony_ci NULL) == 0); 938a8e1175bSopenharmony_ci 939a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 940a8e1175bSopenharmony_ci NULL, NULL, NULL, NULL, 941a8e1175bSopenharmony_ci have_E ? &E : NULL) == 0); 942a8e1175bSopenharmony_ci } 943a8e1175bSopenharmony_ci 944a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 945a8e1175bSopenharmony_ci 946a8e1175bSopenharmony_ci /* On expected success, perform some public and private 947a8e1175bSopenharmony_ci * key operations to check if the key is working properly. */ 948a8e1175bSopenharmony_ci if (res_complete == 0) { 949a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen); 950a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8); 951a8e1175bSopenharmony_ci 952a8e1175bSopenharmony_ci if (is_priv) { 953a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 954a8e1175bSopenharmony_ci } else { 955a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 956a8e1175bSopenharmony_ci } 957a8e1175bSopenharmony_ci 958a8e1175bSopenharmony_ci if (res_check != 0) { 959a8e1175bSopenharmony_ci goto exit; 960a8e1175bSopenharmony_ci } 961a8e1175bSopenharmony_ci 962a8e1175bSopenharmony_ci buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 963a8e1175bSopenharmony_ci buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 964a8e1175bSopenharmony_ci buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 965a8e1175bSopenharmony_ci if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 966a8e1175bSopenharmony_ci goto exit; 967a8e1175bSopenharmony_ci } 968a8e1175bSopenharmony_ci 969a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 970a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 971a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 972a8e1175bSopenharmony_ci buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 973a8e1175bSopenharmony_ci 974a8e1175bSopenharmony_ci /* Make sure the number we're generating is smaller than the modulus */ 975a8e1175bSopenharmony_ci buf_orig[0] = 0x00; 976a8e1175bSopenharmony_ci 977a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 978a8e1175bSopenharmony_ci 979a8e1175bSopenharmony_ci if (is_priv) { 980a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 981a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 982a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 983a8e1175bSopenharmony_ci NULL, buf_enc, 984a8e1175bSopenharmony_ci buf_dec) == 0); 985a8e1175bSopenharmony_ci 986a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(buf_orig, buf_dec, 987a8e1175bSopenharmony_ci mbedtls_rsa_get_len(&ctx)) == 0); 988a8e1175bSopenharmony_ci } 989a8e1175bSopenharmony_ci } 990a8e1175bSopenharmony_ci 991a8e1175bSopenharmony_ciexit: 992a8e1175bSopenharmony_ci 993a8e1175bSopenharmony_ci mbedtls_free(buf_orig); 994a8e1175bSopenharmony_ci mbedtls_free(buf_enc); 995a8e1175bSopenharmony_ci mbedtls_free(buf_dec); 996a8e1175bSopenharmony_ci 997a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 998a8e1175bSopenharmony_ci 999a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); 1000a8e1175bSopenharmony_ci mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1001a8e1175bSopenharmony_ci mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1002a8e1175bSopenharmony_ci} 1003a8e1175bSopenharmony_ci/* END_CASE */ 1004a8e1175bSopenharmony_ci 1005a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1006a8e1175bSopenharmony_civoid mbedtls_rsa_export(char *input_N, 1007a8e1175bSopenharmony_ci char *input_P, 1008a8e1175bSopenharmony_ci char *input_Q, 1009a8e1175bSopenharmony_ci char *input_D, 1010a8e1175bSopenharmony_ci char *input_E, 1011a8e1175bSopenharmony_ci int is_priv, 1012a8e1175bSopenharmony_ci int successive) 1013a8e1175bSopenharmony_ci{ 1014a8e1175bSopenharmony_ci /* Original MPI's with which we set up the RSA context */ 1015a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, D, E; 1016a8e1175bSopenharmony_ci 1017a8e1175bSopenharmony_ci /* Exported MPI's */ 1018a8e1175bSopenharmony_ci mbedtls_mpi Ne, Pe, Qe, De, Ee; 1019a8e1175bSopenharmony_ci 1020a8e1175bSopenharmony_ci const int have_N = (strlen(input_N) > 0); 1021a8e1175bSopenharmony_ci const int have_P = (strlen(input_P) > 0); 1022a8e1175bSopenharmony_ci const int have_Q = (strlen(input_Q) > 0); 1023a8e1175bSopenharmony_ci const int have_D = (strlen(input_D) > 0); 1024a8e1175bSopenharmony_ci const int have_E = (strlen(input_E) > 0); 1025a8e1175bSopenharmony_ci 1026a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 1027a8e1175bSopenharmony_ci 1028a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 1029a8e1175bSopenharmony_ci 1030a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); 1031a8e1175bSopenharmony_ci mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1032a8e1175bSopenharmony_ci mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1033a8e1175bSopenharmony_ci 1034a8e1175bSopenharmony_ci mbedtls_mpi_init(&Ne); 1035a8e1175bSopenharmony_ci mbedtls_mpi_init(&Pe); mbedtls_mpi_init(&Qe); 1036a8e1175bSopenharmony_ci mbedtls_mpi_init(&De); mbedtls_mpi_init(&Ee); 1037a8e1175bSopenharmony_ci 1038a8e1175bSopenharmony_ci /* Setup RSA context */ 1039a8e1175bSopenharmony_ci 1040a8e1175bSopenharmony_ci if (have_N) { 1041a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1042a8e1175bSopenharmony_ci } 1043a8e1175bSopenharmony_ci 1044a8e1175bSopenharmony_ci if (have_P) { 1045a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1046a8e1175bSopenharmony_ci } 1047a8e1175bSopenharmony_ci 1048a8e1175bSopenharmony_ci if (have_Q) { 1049a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1050a8e1175bSopenharmony_ci } 1051a8e1175bSopenharmony_ci 1052a8e1175bSopenharmony_ci if (have_D) { 1053a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1054a8e1175bSopenharmony_ci } 1055a8e1175bSopenharmony_ci 1056a8e1175bSopenharmony_ci if (have_E) { 1057a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1058a8e1175bSopenharmony_ci } 1059a8e1175bSopenharmony_ci 1060a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(&ctx, 1061a8e1175bSopenharmony_ci strlen(input_N) ? &N : NULL, 1062a8e1175bSopenharmony_ci strlen(input_P) ? &P : NULL, 1063a8e1175bSopenharmony_ci strlen(input_Q) ? &Q : NULL, 1064a8e1175bSopenharmony_ci strlen(input_D) ? &D : NULL, 1065a8e1175bSopenharmony_ci strlen(input_E) ? &E : NULL) == 0); 1066a8e1175bSopenharmony_ci 1067a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1068a8e1175bSopenharmony_ci 1069a8e1175bSopenharmony_ci /* 1070a8e1175bSopenharmony_ci * Export parameters and compare to original ones. 1071a8e1175bSopenharmony_ci */ 1072a8e1175bSopenharmony_ci 1073a8e1175bSopenharmony_ci /* N and E must always be present. */ 1074a8e1175bSopenharmony_ci if (!successive) { 1075a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, &Ee) == 0); 1076a8e1175bSopenharmony_ci } else { 1077a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, &Ne, NULL, NULL, NULL, NULL) == 0); 1078a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, NULL, &Ee) == 0); 1079a8e1175bSopenharmony_ci } 1080a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &Ne) == 0); 1081a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&E, &Ee) == 0); 1082a8e1175bSopenharmony_ci 1083a8e1175bSopenharmony_ci /* If we were providing enough information to setup a complete private context, 1084a8e1175bSopenharmony_ci * we expect to be able to export all core parameters. */ 1085a8e1175bSopenharmony_ci 1086a8e1175bSopenharmony_ci if (is_priv) { 1087a8e1175bSopenharmony_ci if (!successive) { 1088a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, &Qe, 1089a8e1175bSopenharmony_ci &De, NULL) == 0); 1090a8e1175bSopenharmony_ci } else { 1091a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, &Pe, NULL, 1092a8e1175bSopenharmony_ci NULL, NULL) == 0); 1093a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, &Qe, 1094a8e1175bSopenharmony_ci NULL, NULL) == 0); 1095a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export(&ctx, NULL, NULL, NULL, 1096a8e1175bSopenharmony_ci &De, NULL) == 0); 1097a8e1175bSopenharmony_ci } 1098a8e1175bSopenharmony_ci 1099a8e1175bSopenharmony_ci if (have_P) { 1100a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P, &Pe) == 0); 1101a8e1175bSopenharmony_ci } 1102a8e1175bSopenharmony_ci 1103a8e1175bSopenharmony_ci if (have_Q) { 1104a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &Qe) == 0); 1105a8e1175bSopenharmony_ci } 1106a8e1175bSopenharmony_ci 1107a8e1175bSopenharmony_ci if (have_D) { 1108a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&D, &De) == 0); 1109a8e1175bSopenharmony_ci } 1110a8e1175bSopenharmony_ci 1111a8e1175bSopenharmony_ci /* While at it, perform a sanity check */ 1112a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_validate_params(&Ne, &Pe, &Qe, &De, &Ee, 1113a8e1175bSopenharmony_ci NULL, NULL) == 0); 1114a8e1175bSopenharmony_ci } 1115a8e1175bSopenharmony_ci 1116a8e1175bSopenharmony_ciexit: 1117a8e1175bSopenharmony_ci 1118a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 1119a8e1175bSopenharmony_ci 1120a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); 1121a8e1175bSopenharmony_ci mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1122a8e1175bSopenharmony_ci mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1123a8e1175bSopenharmony_ci 1124a8e1175bSopenharmony_ci mbedtls_mpi_free(&Ne); 1125a8e1175bSopenharmony_ci mbedtls_mpi_free(&Pe); mbedtls_mpi_free(&Qe); 1126a8e1175bSopenharmony_ci mbedtls_mpi_free(&De); mbedtls_mpi_free(&Ee); 1127a8e1175bSopenharmony_ci} 1128a8e1175bSopenharmony_ci/* END_CASE */ 1129a8e1175bSopenharmony_ci 1130a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1131a8e1175bSopenharmony_civoid mbedtls_rsa_validate_params(char *input_N, 1132a8e1175bSopenharmony_ci char *input_P, 1133a8e1175bSopenharmony_ci char *input_Q, 1134a8e1175bSopenharmony_ci char *input_D, 1135a8e1175bSopenharmony_ci char *input_E, 1136a8e1175bSopenharmony_ci int prng, int result) 1137a8e1175bSopenharmony_ci{ 1138a8e1175bSopenharmony_ci /* Original MPI's with which we set up the RSA context */ 1139a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, D, E; 1140a8e1175bSopenharmony_ci 1141a8e1175bSopenharmony_ci const int have_N = (strlen(input_N) > 0); 1142a8e1175bSopenharmony_ci const int have_P = (strlen(input_P) > 0); 1143a8e1175bSopenharmony_ci const int have_Q = (strlen(input_Q) > 0); 1144a8e1175bSopenharmony_ci const int have_D = (strlen(input_D) > 0); 1145a8e1175bSopenharmony_ci const int have_E = (strlen(input_E) > 0); 1146a8e1175bSopenharmony_ci 1147a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); 1148a8e1175bSopenharmony_ci mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); 1149a8e1175bSopenharmony_ci mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); 1150a8e1175bSopenharmony_ci 1151a8e1175bSopenharmony_ci if (have_N) { 1152a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1153a8e1175bSopenharmony_ci } 1154a8e1175bSopenharmony_ci 1155a8e1175bSopenharmony_ci if (have_P) { 1156a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1157a8e1175bSopenharmony_ci } 1158a8e1175bSopenharmony_ci 1159a8e1175bSopenharmony_ci if (have_Q) { 1160a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1161a8e1175bSopenharmony_ci } 1162a8e1175bSopenharmony_ci 1163a8e1175bSopenharmony_ci if (have_D) { 1164a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&D, input_D) == 0); 1165a8e1175bSopenharmony_ci } 1166a8e1175bSopenharmony_ci 1167a8e1175bSopenharmony_ci if (have_E) { 1168a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1169a8e1175bSopenharmony_ci } 1170a8e1175bSopenharmony_ci 1171a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 1172a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 1173a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_validate_params(have_N ? &N : NULL, 1174a8e1175bSopenharmony_ci have_P ? &P : NULL, 1175a8e1175bSopenharmony_ci have_Q ? &Q : NULL, 1176a8e1175bSopenharmony_ci have_D ? &D : NULL, 1177a8e1175bSopenharmony_ci have_E ? &E : NULL, 1178a8e1175bSopenharmony_ci prng ? mbedtls_test_rnd_std_rand : NULL, 1179a8e1175bSopenharmony_ci prng ? NULL : NULL) == result); 1180a8e1175bSopenharmony_ci 1181a8e1175bSopenharmony_ciexit: 1182a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); 1183a8e1175bSopenharmony_ci mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); 1184a8e1175bSopenharmony_ci mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); 1185a8e1175bSopenharmony_ci} 1186a8e1175bSopenharmony_ci/* END_CASE */ 1187a8e1175bSopenharmony_ci 1188a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1189a8e1175bSopenharmony_civoid mbedtls_rsa_export_raw(data_t *input_N, data_t *input_P, 1190a8e1175bSopenharmony_ci data_t *input_Q, data_t *input_D, 1191a8e1175bSopenharmony_ci data_t *input_E, int is_priv, 1192a8e1175bSopenharmony_ci int successive) 1193a8e1175bSopenharmony_ci{ 1194a8e1175bSopenharmony_ci /* Exported buffers */ 1195a8e1175bSopenharmony_ci unsigned char bufNe[256]; 1196a8e1175bSopenharmony_ci unsigned char bufPe[128]; 1197a8e1175bSopenharmony_ci unsigned char bufQe[128]; 1198a8e1175bSopenharmony_ci unsigned char bufDe[256]; 1199a8e1175bSopenharmony_ci unsigned char bufEe[1]; 1200a8e1175bSopenharmony_ci 1201a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 1202a8e1175bSopenharmony_ci 1203a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 1204a8e1175bSopenharmony_ci 1205a8e1175bSopenharmony_ci /* Setup RSA context */ 1206a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1207a8e1175bSopenharmony_ci input_N->len ? input_N->x : NULL, input_N->len, 1208a8e1175bSopenharmony_ci input_P->len ? input_P->x : NULL, input_P->len, 1209a8e1175bSopenharmony_ci input_Q->len ? input_Q->x : NULL, input_Q->len, 1210a8e1175bSopenharmony_ci input_D->len ? input_D->x : NULL, input_D->len, 1211a8e1175bSopenharmony_ci input_E->len ? input_E->x : NULL, input_E->len) == 0); 1212a8e1175bSopenharmony_ci 1213a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); 1214a8e1175bSopenharmony_ci 1215a8e1175bSopenharmony_ci /* 1216a8e1175bSopenharmony_ci * Export parameters and compare to original ones. 1217a8e1175bSopenharmony_ci */ 1218a8e1175bSopenharmony_ci 1219a8e1175bSopenharmony_ci /* N and E must always be present. */ 1220a8e1175bSopenharmony_ci if (!successive) { 1221a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1222a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, 1223a8e1175bSopenharmony_ci bufEe, input_E->len) == 0); 1224a8e1175bSopenharmony_ci } else { 1225a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, bufNe, input_N->len, 1226a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, 1227a8e1175bSopenharmony_ci NULL, 0) == 0); 1228a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1229a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, 1230a8e1175bSopenharmony_ci bufEe, input_E->len) == 0); 1231a8e1175bSopenharmony_ci } 1232a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(input_N->x, bufNe, input_N->len) == 0); 1233a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(input_E->x, bufEe, input_E->len) == 0); 1234a8e1175bSopenharmony_ci 1235a8e1175bSopenharmony_ci /* If we were providing enough information to setup a complete private context, 1236a8e1175bSopenharmony_ci * we expect to be able to export all core parameters. */ 1237a8e1175bSopenharmony_ci 1238a8e1175bSopenharmony_ci if (is_priv) { 1239a8e1175bSopenharmony_ci if (!successive) { 1240a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1241a8e1175bSopenharmony_ci bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1242a8e1175bSopenharmony_ci bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1243a8e1175bSopenharmony_ci bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1244a8e1175bSopenharmony_ci NULL, 0) == 0); 1245a8e1175bSopenharmony_ci } else { 1246a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, 1247a8e1175bSopenharmony_ci bufPe, input_P->len ? input_P->len : sizeof(bufPe), 1248a8e1175bSopenharmony_ci NULL, 0, NULL, 0, 1249a8e1175bSopenharmony_ci NULL, 0) == 0); 1250a8e1175bSopenharmony_ci 1251a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, 1252a8e1175bSopenharmony_ci bufQe, input_Q->len ? input_Q->len : sizeof(bufQe), 1253a8e1175bSopenharmony_ci NULL, 0, NULL, 0) == 0); 1254a8e1175bSopenharmony_ci 1255a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_export_raw(&ctx, NULL, 0, NULL, 0, NULL, 0, 1256a8e1175bSopenharmony_ci bufDe, input_D->len ? input_D->len : sizeof(bufDe), 1257a8e1175bSopenharmony_ci NULL, 0) == 0); 1258a8e1175bSopenharmony_ci } 1259a8e1175bSopenharmony_ci 1260a8e1175bSopenharmony_ci if (input_P->len) { 1261a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(input_P->x, bufPe, input_P->len) == 0); 1262a8e1175bSopenharmony_ci } 1263a8e1175bSopenharmony_ci 1264a8e1175bSopenharmony_ci if (input_Q->len) { 1265a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(input_Q->x, bufQe, input_Q->len) == 0); 1266a8e1175bSopenharmony_ci } 1267a8e1175bSopenharmony_ci 1268a8e1175bSopenharmony_ci if (input_D->len) { 1269a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(input_D->x, bufDe, input_D->len) == 0); 1270a8e1175bSopenharmony_ci } 1271a8e1175bSopenharmony_ci 1272a8e1175bSopenharmony_ci } 1273a8e1175bSopenharmony_ci 1274a8e1175bSopenharmony_ciexit: 1275a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 1276a8e1175bSopenharmony_ci} 1277a8e1175bSopenharmony_ci/* END_CASE */ 1278a8e1175bSopenharmony_ci 1279a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1280a8e1175bSopenharmony_civoid mbedtls_rsa_import_raw(data_t *input_N, 1281a8e1175bSopenharmony_ci data_t *input_P, data_t *input_Q, 1282a8e1175bSopenharmony_ci data_t *input_D, data_t *input_E, 1283a8e1175bSopenharmony_ci int successive, 1284a8e1175bSopenharmony_ci int is_priv, 1285a8e1175bSopenharmony_ci int res_check, 1286a8e1175bSopenharmony_ci int res_complete) 1287a8e1175bSopenharmony_ci{ 1288a8e1175bSopenharmony_ci /* Buffers used for encryption-decryption test */ 1289a8e1175bSopenharmony_ci unsigned char *buf_orig = NULL; 1290a8e1175bSopenharmony_ci unsigned char *buf_enc = NULL; 1291a8e1175bSopenharmony_ci unsigned char *buf_dec = NULL; 1292a8e1175bSopenharmony_ci 1293a8e1175bSopenharmony_ci mbedtls_rsa_context ctx; 1294a8e1175bSopenharmony_ci 1295a8e1175bSopenharmony_ci mbedtls_rsa_init(&ctx); 1296a8e1175bSopenharmony_ci 1297a8e1175bSopenharmony_ci if (!successive) { 1298a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1299a8e1175bSopenharmony_ci (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1300a8e1175bSopenharmony_ci (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1301a8e1175bSopenharmony_ci (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1302a8e1175bSopenharmony_ci (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1303a8e1175bSopenharmony_ci (input_E->len > 0) ? input_E->x : NULL, 1304a8e1175bSopenharmony_ci input_E->len) == 0); 1305a8e1175bSopenharmony_ci } else { 1306a8e1175bSopenharmony_ci /* Import N, P, Q, D, E separately. 1307a8e1175bSopenharmony_ci * This should make no functional difference. */ 1308a8e1175bSopenharmony_ci 1309a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1310a8e1175bSopenharmony_ci (input_N->len > 0) ? input_N->x : NULL, input_N->len, 1311a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, NULL, 0) == 0); 1312a8e1175bSopenharmony_ci 1313a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1314a8e1175bSopenharmony_ci NULL, 0, 1315a8e1175bSopenharmony_ci (input_P->len > 0) ? input_P->x : NULL, input_P->len, 1316a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0) == 0); 1317a8e1175bSopenharmony_ci 1318a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1319a8e1175bSopenharmony_ci NULL, 0, NULL, 0, 1320a8e1175bSopenharmony_ci (input_Q->len > 0) ? input_Q->x : NULL, input_Q->len, 1321a8e1175bSopenharmony_ci NULL, 0, NULL, 0) == 0); 1322a8e1175bSopenharmony_ci 1323a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1324a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, 1325a8e1175bSopenharmony_ci (input_D->len > 0) ? input_D->x : NULL, input_D->len, 1326a8e1175bSopenharmony_ci NULL, 0) == 0); 1327a8e1175bSopenharmony_ci 1328a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import_raw(&ctx, 1329a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1330a8e1175bSopenharmony_ci (input_E->len > 0) ? input_E->x : NULL, 1331a8e1175bSopenharmony_ci input_E->len) == 0); 1332a8e1175bSopenharmony_ci } 1333a8e1175bSopenharmony_ci 1334a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(&ctx) == res_complete); 1335a8e1175bSopenharmony_ci 1336a8e1175bSopenharmony_ci /* On expected success, perform some public and private 1337a8e1175bSopenharmony_ci * key operations to check if the key is working properly. */ 1338a8e1175bSopenharmony_ci if (res_complete == 0) { 1339a8e1175bSopenharmony_ci if (is_priv) { 1340a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); 1341a8e1175bSopenharmony_ci } else { 1342a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == res_check); 1343a8e1175bSopenharmony_ci } 1344a8e1175bSopenharmony_ci 1345a8e1175bSopenharmony_ci if (res_check != 0) { 1346a8e1175bSopenharmony_ci goto exit; 1347a8e1175bSopenharmony_ci } 1348a8e1175bSopenharmony_ci 1349a8e1175bSopenharmony_ci buf_orig = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1350a8e1175bSopenharmony_ci buf_enc = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1351a8e1175bSopenharmony_ci buf_dec = mbedtls_calloc(1, mbedtls_rsa_get_len(&ctx)); 1352a8e1175bSopenharmony_ci if (buf_orig == NULL || buf_enc == NULL || buf_dec == NULL) { 1353a8e1175bSopenharmony_ci goto exit; 1354a8e1175bSopenharmony_ci } 1355a8e1175bSopenharmony_ci 1356a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 1357a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 1358a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, 1359a8e1175bSopenharmony_ci buf_orig, mbedtls_rsa_get_len(&ctx)) == 0); 1360a8e1175bSopenharmony_ci 1361a8e1175bSopenharmony_ci /* Make sure the number we're generating is smaller than the modulus */ 1362a8e1175bSopenharmony_ci buf_orig[0] = 0x00; 1363a8e1175bSopenharmony_ci 1364a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_public(&ctx, buf_orig, buf_enc) == 0); 1365a8e1175bSopenharmony_ci 1366a8e1175bSopenharmony_ci if (is_priv) { 1367a8e1175bSopenharmony_ci /* This test uses an insecure RNG, suitable only for testing. 1368a8e1175bSopenharmony_ci * In production, always use a cryptographically strong RNG! */ 1369a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_std_rand, 1370a8e1175bSopenharmony_ci NULL, buf_enc, 1371a8e1175bSopenharmony_ci buf_dec) == 0); 1372a8e1175bSopenharmony_ci 1373a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(buf_orig, buf_dec, 1374a8e1175bSopenharmony_ci mbedtls_rsa_get_len(&ctx)) == 0); 1375a8e1175bSopenharmony_ci } 1376a8e1175bSopenharmony_ci } 1377a8e1175bSopenharmony_ci 1378a8e1175bSopenharmony_ciexit: 1379a8e1175bSopenharmony_ci 1380a8e1175bSopenharmony_ci mbedtls_free(buf_orig); 1381a8e1175bSopenharmony_ci mbedtls_free(buf_enc); 1382a8e1175bSopenharmony_ci mbedtls_free(buf_dec); 1383a8e1175bSopenharmony_ci 1384a8e1175bSopenharmony_ci mbedtls_rsa_free(&ctx); 1385a8e1175bSopenharmony_ci} 1386a8e1175bSopenharmony_ci/* END_CASE */ 1387a8e1175bSopenharmony_ci 1388a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1389a8e1175bSopenharmony_civoid rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) 1390a8e1175bSopenharmony_ci{ 1391a8e1175bSopenharmony_ci mbedtls_rsa_context rsa_ctx; 1392a8e1175bSopenharmony_ci 1393a8e1175bSopenharmony_ci mbedtls_rsa_init(&rsa_ctx); 1394a8e1175bSopenharmony_ci 1395a8e1175bSopenharmony_ci if (is_public) { 1396a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val); 1397a8e1175bSopenharmony_ci } else { 1398a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); 1399a8e1175bSopenharmony_ci } 1400a8e1175bSopenharmony_ci 1401a8e1175bSopenharmony_ciexit: 1402a8e1175bSopenharmony_ci mbedtls_rsa_free(&rsa_ctx); 1403a8e1175bSopenharmony_ci} 1404a8e1175bSopenharmony_ci/* END_CASE */ 1405a8e1175bSopenharmony_ci 1406a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1407a8e1175bSopenharmony_civoid rsa_parse_write_pkcs1_key(int is_public, data_t *input) 1408a8e1175bSopenharmony_ci{ 1409a8e1175bSopenharmony_ci mbedtls_rsa_context rsa_ctx; 1410a8e1175bSopenharmony_ci unsigned char *output_buf = NULL; 1411a8e1175bSopenharmony_ci unsigned char *output_end, *output_p; 1412a8e1175bSopenharmony_ci size_t output_len; 1413a8e1175bSopenharmony_ci 1414a8e1175bSopenharmony_ci mbedtls_rsa_init(&rsa_ctx); 1415a8e1175bSopenharmony_ci 1416a8e1175bSopenharmony_ci TEST_CALLOC(output_buf, input->len); 1417a8e1175bSopenharmony_ci output_end = output_buf + input->len; 1418a8e1175bSopenharmony_ci output_p = output_end; 1419a8e1175bSopenharmony_ci 1420a8e1175bSopenharmony_ci /* Parse the key and write it back to output_buf. */ 1421a8e1175bSopenharmony_ci if (is_public) { 1422a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); 1423a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len); 1424a8e1175bSopenharmony_ci } else { 1425a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); 1426a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len); 1427a8e1175bSopenharmony_ci } 1428a8e1175bSopenharmony_ci output_len = output_end - output_p; 1429a8e1175bSopenharmony_ci 1430a8e1175bSopenharmony_ci /* Check that the written key matches with the one provided in input. */ 1431a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len); 1432a8e1175bSopenharmony_ci 1433a8e1175bSopenharmony_ciexit: 1434a8e1175bSopenharmony_ci mbedtls_free(output_buf); 1435a8e1175bSopenharmony_ci mbedtls_rsa_free(&rsa_ctx); 1436a8e1175bSopenharmony_ci} 1437a8e1175bSopenharmony_ci/* END_CASE */ 1438a8e1175bSopenharmony_ci 1439a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1440a8e1175bSopenharmony_civoid rsa_key_write_incremental(int is_public, data_t *input) 1441a8e1175bSopenharmony_ci{ 1442a8e1175bSopenharmony_ci mbedtls_rsa_context rsa_ctx; 1443a8e1175bSopenharmony_ci unsigned char *buf = NULL, *end, *p; 1444a8e1175bSopenharmony_ci size_t i, written_data; 1445a8e1175bSopenharmony_ci 1446a8e1175bSopenharmony_ci mbedtls_rsa_init(&rsa_ctx); 1447a8e1175bSopenharmony_ci 1448a8e1175bSopenharmony_ci /* This is supposed to succeed as the real target of this test are the 1449a8e1175bSopenharmony_ci * write attempt below. */ 1450a8e1175bSopenharmony_ci if (is_public) { 1451a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); 1452a8e1175bSopenharmony_ci } else { 1453a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); 1454a8e1175bSopenharmony_ci } 1455a8e1175bSopenharmony_ci 1456a8e1175bSopenharmony_ci /* Test with an output buffer smaller than required. */ 1457a8e1175bSopenharmony_ci for (i = 1; i < input->len; i++) { 1458a8e1175bSopenharmony_ci TEST_CALLOC(buf, i); 1459a8e1175bSopenharmony_ci end = buf + i; 1460a8e1175bSopenharmony_ci p = end; 1461a8e1175bSopenharmony_ci /* We don't care much about the return value as long as it fails. */ 1462a8e1175bSopenharmony_ci if (is_public) { 1463a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0); 1464a8e1175bSopenharmony_ci } else { 1465a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0); 1466a8e1175bSopenharmony_ci } 1467a8e1175bSopenharmony_ci mbedtls_free(buf); 1468a8e1175bSopenharmony_ci buf = NULL; 1469a8e1175bSopenharmony_ci } 1470a8e1175bSopenharmony_ci 1471a8e1175bSopenharmony_ci /* Test with an output buffer equal or larger than what it is strictly required. */ 1472a8e1175bSopenharmony_ci for (i = input->len; i < (2 * input->len); i++) { 1473a8e1175bSopenharmony_ci TEST_CALLOC(buf, i); 1474a8e1175bSopenharmony_ci end = buf + i; 1475a8e1175bSopenharmony_ci p = end; 1476a8e1175bSopenharmony_ci /* This time all write functions must succeed. */ 1477a8e1175bSopenharmony_ci if (is_public) { 1478a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0); 1479a8e1175bSopenharmony_ci } else { 1480a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0); 1481a8e1175bSopenharmony_ci } 1482a8e1175bSopenharmony_ci written_data = (end - p); 1483a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(p, written_data, input->x, input->len); 1484a8e1175bSopenharmony_ci mbedtls_free(buf); 1485a8e1175bSopenharmony_ci buf = NULL; 1486a8e1175bSopenharmony_ci } 1487a8e1175bSopenharmony_ci 1488a8e1175bSopenharmony_ciexit: 1489a8e1175bSopenharmony_ci mbedtls_free(buf); 1490a8e1175bSopenharmony_ci mbedtls_rsa_free(&rsa_ctx); 1491a8e1175bSopenharmony_ci} 1492a8e1175bSopenharmony_ci/* END_CASE */ 1493a8e1175bSopenharmony_ci 1494a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1495a8e1175bSopenharmony_civoid rsa_selftest() 1496a8e1175bSopenharmony_ci{ 1497a8e1175bSopenharmony_ci MD_PSA_INIT(); 1498a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); 1499a8e1175bSopenharmony_ci 1500a8e1175bSopenharmony_ciexit: 1501a8e1175bSopenharmony_ci MD_PSA_DONE(); 1502a8e1175bSopenharmony_ci} 1503a8e1175bSopenharmony_ci/* END_CASE */ 1504