]>
Commit | Line | Data |
---|---|---|
8240d5fa | 1 | /* |
454afd98 | 2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
8240d5fa | 3 | * |
a6ed19dc | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
8240d5fa SL |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
d7e498ac RL |
10 | /* |
11 | * RSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
8240d5fa SL |
16 | #include <stdio.h> |
17 | #include <string.h> | |
18 | ||
19 | #include "internal/nelem.h" | |
20 | ||
21 | #include <openssl/crypto.h> | |
22 | #include <openssl/err.h> | |
23 | #include <openssl/rand.h> | |
24 | #include <openssl/bn.h> | |
25 | ||
26 | #include "testutil.h" | |
27 | ||
3a1ee3c1 RL |
28 | #include "rsa_local.h" |
29 | #include <openssl/rsa.h> | |
8240d5fa SL |
30 | |
31 | /* taken from RSA2 cavs data */ | |
32 | static const unsigned char cav_e[] = { | |
33 | 0x01,0x00,0x01 | |
34 | }; | |
8240d5fa SL |
35 | static const unsigned char cav_p[] = { |
36 | 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, | |
37 | 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, | |
38 | 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d, | |
39 | 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41, | |
40 | 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xbc,0x4c, | |
41 | 0x01,0xa5,0x4b,0xbd,0xa4,0x20,0xb5,0x20,0xd5,0x59,0x6f,0x82,0x5c,0x8f,0x4f, | |
42 | 0xe0,0x3a,0x4e,0x7e,0xfe,0x44,0xf3,0x3c,0xc0,0x0e,0x14,0x2b,0x32,0xe6,0x28, | |
43 | 0x8b,0x63,0x87,0x00,0xc3,0x53,0x4a,0x5b,0x71,0x7a,0x5b,0x28,0x40,0xc4,0x18, | |
44 | 0xb6,0x77,0x0b,0xab,0x59,0xa4,0x96,0x7d | |
45 | }; | |
46 | static const unsigned char cav_q[] = { | |
47 | 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb, | |
48 | 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf, | |
49 | 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68, | |
50 | 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e, | |
51 | 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xc4,0x44,0xdd, | |
52 | 0xf7,0x7e,0xda,0x47,0x4a,0x67,0x44,0x5d,0x4e,0x75,0xf0,0x4d,0x00,0x68,0xe1, | |
53 | 0x4a,0xec,0x1f,0x45,0xf9,0xe6,0xca,0x38,0x95,0x48,0x6f,0xdc,0x9d,0x1b,0xa3, | |
54 | 0x4b,0xfd,0x08,0x4b,0x54,0xcd,0xeb,0x3d,0xef,0x33,0x11,0x6e,0xce,0xe4,0x5d, | |
55 | 0xef,0xa9,0x58,0x5c,0x87,0x4d,0xc8,0xcf | |
56 | }; | |
57 | static const unsigned char cav_n[] = { | |
58 | 0xce,0x5e,0x8d,0x1a,0xa3,0x08,0x7a,0x2d,0xb4,0x49,0x48,0xf0,0x06,0xb6,0xfe, | |
59 | 0xba,0x2f,0x39,0x7c,0x7b,0xe0,0x5d,0x09,0x2d,0x57,0x4e,0x54,0x60,0x9c,0xe5, | |
60 | 0x08,0x4b,0xe1,0x1a,0x73,0xc1,0x5e,0x2f,0xb6,0x46,0xd7,0x81,0xca,0xbc,0x98, | |
61 | 0xd2,0xf9,0xef,0x1c,0x92,0x8c,0x8d,0x99,0x85,0x28,0x52,0xd6,0xd5,0xab,0x70, | |
62 | 0x7e,0x9e,0xa9,0x87,0x82,0xc8,0x95,0x64,0xeb,0xf0,0x6c,0x0f,0x3f,0xe9,0x02, | |
63 | 0x29,0x2e,0x6d,0xa1,0xec,0xbf,0xdc,0x23,0xdf,0x82,0x4f,0xab,0x39,0x8d,0xcc, | |
64 | 0xac,0x21,0x51,0x14,0xf8,0xef,0xec,0x73,0x80,0x86,0xa3,0xcf,0x8f,0xd5,0xcf, | |
65 | 0x22,0x1f,0xcc,0x23,0x2f,0xba,0xcb,0xf6,0x17,0xcd,0x3a,0x1f,0xd9,0x84,0xb9, | |
66 | 0x88,0xa7,0x78,0x0f,0xaa,0xc9,0x04,0x01,0x20,0x72,0x5d,0x2a,0xfe,0x5b,0xdd, | |
67 | 0x16,0x5a,0xed,0x83,0x02,0x96,0x39,0x46,0x37,0x30,0xc1,0x0d,0x87,0xc2,0xc8, | |
68 | 0x33,0x38,0xed,0x35,0x72,0xe5,0x29,0xf8,0x1f,0x23,0x60,0xe1,0x2a,0x5b,0x1d, | |
69 | 0x6b,0x53,0x3f,0x07,0xc4,0xd9,0xbb,0x04,0x0c,0x5c,0x3f,0x0b,0xc4,0xd4,0x61, | |
70 | 0x96,0x94,0xf1,0x0f,0x4a,0x49,0xac,0xde,0xd2,0xe8,0x42,0xb3,0x4a,0x0b,0x64, | |
71 | 0x7a,0x32,0x5f,0x2b,0x5b,0x0f,0x8b,0x8b,0xe0,0x33,0x23,0x34,0x64,0xf8,0xb5, | |
72 | 0x7f,0x69,0x60,0xb8,0x71,0xe9,0xff,0x92,0x42,0xb1,0xf7,0x23,0xa8,0xa7,0x92, | |
73 | 0x04,0x3d,0x6b,0xff,0xf7,0xab,0xbb,0x14,0x1f,0x4c,0x10,0x97,0xd5,0x6b,0x71, | |
74 | 0x12,0xfd,0x93,0xa0,0x4a,0x3b,0x75,0x72,0x40,0x96,0x1c,0x5f,0x40,0x40,0x57, | |
75 | 0x13 | |
76 | }; | |
77 | static const unsigned char cav_d[] = { | |
78 | 0x47,0x47,0x49,0x1d,0x66,0x2a,0x4b,0x68,0xf5,0xd8,0x4a,0x24,0xfd,0x6c,0xbf, | |
79 | 0x56,0xb7,0x70,0xf7,0x9a,0x21,0xc8,0x80,0x9e,0xf4,0x84,0xcd,0x88,0x01,0x28, | |
80 | 0xea,0x50,0xab,0x13,0x63,0xdf,0xea,0x14,0x38,0xb5,0x07,0x42,0x81,0x2f,0xda, | |
81 | 0xe9,0x24,0x02,0x7e,0xaf,0xef,0x74,0x09,0x0e,0x80,0xfa,0xfb,0xd1,0x19,0x41, | |
82 | 0xe5,0xba,0x0f,0x7c,0x0a,0xa4,0x15,0x55,0xa2,0x58,0x8c,0x3a,0x48,0x2c,0xc6, | |
83 | 0xde,0x4a,0x76,0xfb,0x72,0xb6,0x61,0xe6,0xd2,0x10,0x44,0x4c,0x33,0xb8,0xd2, | |
84 | 0x74,0xb1,0x9d,0x3b,0xcd,0x2f,0xb1,0x4f,0xc3,0x98,0xbd,0x83,0xb7,0x7e,0x75, | |
85 | 0xe8,0xa7,0x6a,0xee,0xcc,0x51,0x8c,0x99,0x17,0x67,0x7f,0x27,0xf9,0x0d,0x6a, | |
86 | 0xb7,0xd4,0x80,0x17,0x89,0x39,0x9c,0xf3,0xd7,0x0f,0xdf,0xb0,0x55,0x80,0x1d, | |
87 | 0xaf,0x57,0x2e,0xd0,0xf0,0x4f,0x42,0x69,0x55,0xbc,0x83,0xd6,0x97,0x83,0x7a, | |
88 | 0xe6,0xc6,0x30,0x6d,0x3d,0xb5,0x21,0xa7,0xc4,0x62,0x0a,0x20,0xce,0x5e,0x5a, | |
89 | 0x17,0x98,0xb3,0x6f,0x6b,0x9a,0xeb,0x6b,0xa3,0xc4,0x75,0xd8,0x2b,0xdc,0x5c, | |
90 | 0x6f,0xec,0x5d,0x49,0xac,0xa8,0xa4,0x2f,0xb8,0x8c,0x4f,0x2e,0x46,0x21,0xee, | |
91 | 0x72,0x6a,0x0e,0x22,0x80,0x71,0xc8,0x76,0x40,0x44,0x61,0x16,0xbf,0xa5,0xf8, | |
92 | 0x89,0xc7,0xe9,0x87,0xdf,0xbd,0x2e,0x4b,0x4e,0xc2,0x97,0x53,0xe9,0x49,0x1c, | |
93 | 0x05,0xb0,0x0b,0x9b,0x9f,0x21,0x19,0x41,0xe9,0xf5,0x61,0xd7,0x33,0x2e,0x2c, | |
94 | 0x94,0xb8,0xa8,0x9a,0x3a,0xcc,0x6a,0x24,0x8d,0x19,0x13,0xee,0xb9,0xb0,0x48, | |
95 | 0x61 | |
96 | }; | |
97 | ||
98 | /* helper function */ | |
99 | static BIGNUM *bn_load_new(const unsigned char *data, int sz) | |
100 | { | |
101 | BIGNUM *ret = BN_new(); | |
102 | if (ret != NULL) | |
103 | BN_bin2bn(data, sz, ret); | |
104 | return ret; | |
105 | } | |
106 | ||
8240d5fa SL |
107 | static int test_check_public_exponent(void) |
108 | { | |
109 | int ret = 0; | |
110 | BIGNUM *e = NULL; | |
111 | ||
112 | ret = TEST_ptr(e = BN_new()) | |
113 | /* e is too small */ | |
114 | && TEST_true(BN_set_word(e, 65535)) | |
23b2fc0b | 115 | && TEST_false(ossl_rsa_check_public_exponent(e)) |
8240d5fa SL |
116 | /* e is even will fail */ |
117 | && TEST_true(BN_set_word(e, 65536)) | |
23b2fc0b | 118 | && TEST_false(ossl_rsa_check_public_exponent(e)) |
8240d5fa SL |
119 | /* e is ok */ |
120 | && TEST_true(BN_set_word(e, 65537)) | |
23b2fc0b | 121 | && TEST_true(ossl_rsa_check_public_exponent(e)) |
8240d5fa SL |
122 | /* e = 2^256 is too big */ |
123 | && TEST_true(BN_lshift(e, BN_value_one(), 256)) | |
23b2fc0b | 124 | && TEST_false(ossl_rsa_check_public_exponent(e)) |
8240d5fa SL |
125 | /* e = 2^256-1 is odd and in range */ |
126 | && TEST_true(BN_sub(e, e, BN_value_one())) | |
23b2fc0b | 127 | && TEST_true(ossl_rsa_check_public_exponent(e)); |
8240d5fa SL |
128 | BN_free(e); |
129 | return ret; | |
130 | } | |
131 | ||
132 | static int test_check_prime_factor_range(void) | |
133 | { | |
134 | int ret = 0; | |
135 | BN_CTX *ctx = NULL; | |
136 | BIGNUM *p = NULL; | |
137 | BIGNUM *bn_p1 = NULL, *bn_p2 = NULL, *bn_p3 = NULL, *bn_p4 = NULL; | |
138 | /* Some range checks that are larger than 32 bits */ | |
139 | static const unsigned char p1[] = { 0x0B, 0x50, 0x4F, 0x33, 0x3F }; | |
140 | static const unsigned char p2[] = { 0x10, 0x00, 0x00, 0x00, 0x00 }; | |
141 | static const unsigned char p3[] = { 0x0B, 0x50, 0x4F, 0x33, 0x40 }; | |
142 | static const unsigned char p4[] = { 0x0F, 0xFF, 0xFF, 0xFF, 0xFF }; | |
143 | ||
144 | /* (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2) - 1 | |
145 | * For 8 bits: 0xB.504F <= p <= 0xF | |
146 | * for 72 bits: 0xB504F333F. <= p <= 0xF_FFFF_FFFF | |
147 | */ | |
148 | ret = TEST_ptr(p = BN_new()) | |
149 | && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) | |
150 | && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) | |
151 | && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) | |
152 | && TEST_ptr(bn_p4 = bn_load_new(p4, sizeof(p4))) | |
153 | && TEST_ptr(ctx = BN_CTX_new()) | |
154 | && TEST_true(BN_set_word(p, 0xA)) | |
23b2fc0b | 155 | && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) |
8240d5fa | 156 | && TEST_true(BN_set_word(p, 0x10)) |
23b2fc0b | 157 | && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) |
8240d5fa | 158 | && TEST_true(BN_set_word(p, 0xB)) |
23b2fc0b | 159 | && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) |
fd4a6e7d | 160 | && TEST_true(BN_set_word(p, 0xC)) |
23b2fc0b | 161 | && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) |
8240d5fa | 162 | && TEST_true(BN_set_word(p, 0xF)) |
23b2fc0b P |
163 | && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) |
164 | && TEST_false(ossl_rsa_check_prime_factor_range(bn_p1, 72, ctx)) | |
165 | && TEST_false(ossl_rsa_check_prime_factor_range(bn_p2, 72, ctx)) | |
166 | && TEST_true(ossl_rsa_check_prime_factor_range(bn_p3, 72, ctx)) | |
167 | && TEST_true(ossl_rsa_check_prime_factor_range(bn_p4, 72, ctx)); | |
8240d5fa SL |
168 | |
169 | BN_free(bn_p4); | |
170 | BN_free(bn_p3); | |
171 | BN_free(bn_p2); | |
172 | BN_free(bn_p1); | |
173 | BN_free(p); | |
174 | BN_CTX_free(ctx); | |
175 | return ret; | |
176 | } | |
177 | ||
178 | static int test_check_prime_factor(void) | |
179 | { | |
180 | int ret = 0; | |
181 | BN_CTX *ctx = NULL; | |
182 | BIGNUM *p = NULL, *e = NULL; | |
183 | BIGNUM *bn_p1 = NULL, *bn_p2 = NULL, *bn_p3 = NULL; | |
184 | ||
185 | /* Some range checks that are larger than 32 bits */ | |
186 | static const unsigned char p1[] = { 0x0B, 0x50, 0x4f, 0x33, 0x73 }; | |
187 | static const unsigned char p2[] = { 0x0B, 0x50, 0x4f, 0x33, 0x75 }; | |
188 | static const unsigned char p3[] = { 0x0F, 0x50, 0x00, 0x03, 0x75 }; | |
189 | ||
190 | ret = TEST_ptr(p = BN_new()) | |
191 | && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) | |
192 | && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) | |
193 | && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) | |
194 | && TEST_ptr(e = BN_new()) | |
195 | && TEST_ptr(ctx = BN_CTX_new()) | |
196 | /* Fails the prime test */ | |
197 | && TEST_true(BN_set_word(e, 0x1)) | |
23b2fc0b | 198 | && TEST_false(ossl_rsa_check_prime_factor(bn_p1, e, 72, ctx)) |
8240d5fa | 199 | /* p is prime and in range and gcd(p-1, e) = 1 */ |
23b2fc0b | 200 | && TEST_true(ossl_rsa_check_prime_factor(bn_p2, e, 72, ctx)) |
8240d5fa SL |
201 | /* gcd(p-1,e) = 1 test fails */ |
202 | && TEST_true(BN_set_word(e, 0x2)) | |
23b2fc0b | 203 | && TEST_false(ossl_rsa_check_prime_factor(p, e, 72, ctx)) |
8240d5fa SL |
204 | /* p fails the range check */ |
205 | && TEST_true(BN_set_word(e, 0x1)) | |
23b2fc0b | 206 | && TEST_false(ossl_rsa_check_prime_factor(bn_p3, e, 72, ctx)); |
8240d5fa SL |
207 | |
208 | BN_free(bn_p3); | |
209 | BN_free(bn_p2); | |
210 | BN_free(bn_p1); | |
211 | BN_free(e); | |
212 | BN_free(p); | |
213 | BN_CTX_free(ctx); | |
214 | return ret; | |
215 | } | |
216 | ||
d7e498ac | 217 | /* This test uses legacy functions because they can take invalid numbers */ |
8240d5fa SL |
218 | static int test_check_private_exponent(void) |
219 | { | |
220 | int ret = 0; | |
221 | RSA *key = NULL; | |
222 | BN_CTX *ctx = NULL; | |
223 | BIGNUM *p = NULL, *q = NULL, *e = NULL, *d = NULL, *n = NULL; | |
224 | ||
225 | ret = TEST_ptr(key = RSA_new()) | |
226 | && TEST_ptr(ctx = BN_CTX_new()) | |
227 | && TEST_ptr(p = BN_new()) | |
228 | && TEST_ptr(q = BN_new()) | |
8240d5fa SL |
229 | /* lcm(15-1,17-1) = 14*16 / 2 = 112 */ |
230 | && TEST_true(BN_set_word(p, 15)) | |
231 | && TEST_true(BN_set_word(q, 17)) | |
a12864a5 SL |
232 | && TEST_true(RSA_set0_factors(key, p, q)); |
233 | if (!ret) { | |
234 | BN_free(p); | |
235 | BN_free(q); | |
236 | goto end; | |
237 | } | |
238 | ||
239 | ret = TEST_ptr(e = BN_new()) | |
240 | && TEST_ptr(d = BN_new()) | |
241 | && TEST_ptr(n = BN_new()) | |
8240d5fa SL |
242 | && TEST_true(BN_set_word(e, 5)) |
243 | && TEST_true(BN_set_word(d, 157)) | |
244 | && TEST_true(BN_set_word(n, 15*17)) | |
a12864a5 SL |
245 | && TEST_true(RSA_set0_key(key, n, e, d)); |
246 | if (!ret) { | |
247 | BN_free(e); | |
248 | BN_free(d); | |
249 | BN_free(n); | |
250 | goto end; | |
251 | } | |
252 | /* fails since d >= lcm(p-1, q-1) */ | |
23b2fc0b | 253 | ret = TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)) |
8240d5fa SL |
254 | && TEST_true(BN_set_word(d, 45)) |
255 | /* d is correct size and 1 = e.d mod lcm(p-1, q-1) */ | |
23b2fc0b | 256 | && TEST_true(ossl_rsa_check_private_exponent(key, 8, ctx)) |
8240d5fa | 257 | /* d is too small compared to nbits */ |
23b2fc0b | 258 | && TEST_false(ossl_rsa_check_private_exponent(key, 16, ctx)) |
8240d5fa SL |
259 | /* d is too small compared to nbits */ |
260 | && TEST_true(BN_set_word(d, 16)) | |
23b2fc0b | 261 | && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)) |
8240d5fa SL |
262 | /* fail if 1 != e.d mod lcm(p-1, q-1) */ |
263 | && TEST_true(BN_set_word(d, 46)) | |
23b2fc0b | 264 | && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)); |
a12864a5 | 265 | end: |
8240d5fa SL |
266 | RSA_free(key); |
267 | BN_CTX_free(ctx); | |
268 | return ret; | |
269 | } | |
270 | ||
271 | static int test_check_crt_components(void) | |
272 | { | |
273 | const int P = 15; | |
274 | const int Q = 17; | |
275 | const int E = 5; | |
276 | const int N = P*Q; | |
277 | const int DP = 3; | |
278 | const int DQ = 13; | |
279 | const int QINV = 8; | |
280 | ||
281 | int ret = 0; | |
282 | RSA *key = NULL; | |
283 | BN_CTX *ctx = NULL; | |
284 | BIGNUM *p = NULL, *q = NULL, *e = NULL; | |
285 | ||
286 | ret = TEST_ptr(key = RSA_new()) | |
287 | && TEST_ptr(ctx = BN_CTX_new()) | |
288 | && TEST_ptr(p = BN_new()) | |
289 | && TEST_ptr(q = BN_new()) | |
290 | && TEST_ptr(e = BN_new()) | |
291 | && TEST_true(BN_set_word(p, P)) | |
292 | && TEST_true(BN_set_word(q, Q)) | |
293 | && TEST_true(BN_set_word(e, E)) | |
a12864a5 SL |
294 | && TEST_true(RSA_set0_factors(key, p, q)); |
295 | if (!ret) { | |
296 | BN_free(p); | |
297 | BN_free(q); | |
298 | goto end; | |
299 | } | |
23b2fc0b | 300 | ret = TEST_true(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx)) |
8240d5fa SL |
301 | && TEST_BN_eq_word(key->n, N) |
302 | && TEST_BN_eq_word(key->dmp1, DP) | |
303 | && TEST_BN_eq_word(key->dmq1, DQ) | |
304 | && TEST_BN_eq_word(key->iqmp, QINV) | |
23b2fc0b | 305 | && TEST_true(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
306 | /* (a) 1 < dP < (p – 1). */ |
307 | && TEST_true(BN_set_word(key->dmp1, 1)) | |
23b2fc0b | 308 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa | 309 | && TEST_true(BN_set_word(key->dmp1, P-1)) |
23b2fc0b | 310 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
311 | && TEST_true(BN_set_word(key->dmp1, DP)) |
312 | /* (b) 1 < dQ < (q - 1). */ | |
313 | && TEST_true(BN_set_word(key->dmq1, 1)) | |
23b2fc0b | 314 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa | 315 | && TEST_true(BN_set_word(key->dmq1, Q-1)) |
23b2fc0b | 316 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
317 | && TEST_true(BN_set_word(key->dmq1, DQ)) |
318 | /* (c) 1 < qInv < p */ | |
319 | && TEST_true(BN_set_word(key->iqmp, 1)) | |
23b2fc0b | 320 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa | 321 | && TEST_true(BN_set_word(key->iqmp, P)) |
23b2fc0b | 322 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
323 | && TEST_true(BN_set_word(key->iqmp, QINV)) |
324 | /* (d) 1 = (dP . e) mod (p - 1)*/ | |
325 | && TEST_true(BN_set_word(key->dmp1, DP+1)) | |
23b2fc0b | 326 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
327 | && TEST_true(BN_set_word(key->dmp1, DP)) |
328 | /* (e) 1 = (dQ . e) mod (q - 1) */ | |
329 | && TEST_true(BN_set_word(key->dmq1, DQ-1)) | |
23b2fc0b | 330 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
331 | && TEST_true(BN_set_word(key->dmq1, DQ)) |
332 | /* (f) 1 = (qInv . q) mod p */ | |
333 | && TEST_true(BN_set_word(key->iqmp, QINV+1)) | |
23b2fc0b | 334 | && TEST_false(ossl_rsa_check_crt_components(key, ctx)) |
8240d5fa SL |
335 | && TEST_true(BN_set_word(key->iqmp, QINV)) |
336 | /* check defaults are still valid */ | |
23b2fc0b | 337 | && TEST_true(ossl_rsa_check_crt_components(key, ctx)); |
a12864a5 | 338 | end: |
8240d5fa SL |
339 | BN_free(e); |
340 | RSA_free(key); | |
341 | BN_CTX_free(ctx); | |
342 | return ret; | |
343 | } | |
344 | ||
345 | static int test_pq_diff(void) | |
346 | { | |
347 | int ret = 0; | |
348 | BIGNUM *tmp = NULL, *p = NULL, *q = NULL; | |
349 | ||
350 | ret = TEST_ptr(tmp = BN_new()) | |
351 | && TEST_ptr(p = BN_new()) | |
352 | && TEST_ptr(q = BN_new()) | |
353 | /* |1-(2+1)| > 2^1 */ | |
354 | && TEST_true(BN_set_word(p, 1)) | |
355 | && TEST_true(BN_set_word(q, 1+2)) | |
23b2fc0b | 356 | && TEST_false(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) |
8240d5fa SL |
357 | /* Check |p - q| > 2^(nbits/2 - 100) */ |
358 | && TEST_true(BN_set_word(q, 1+3)) | |
23b2fc0b | 359 | && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) |
8240d5fa SL |
360 | && TEST_true(BN_set_word(p, 1+3)) |
361 | && TEST_true(BN_set_word(q, 1)) | |
23b2fc0b | 362 | && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)); |
8240d5fa SL |
363 | BN_free(p); |
364 | BN_free(q); | |
365 | BN_free(tmp); | |
366 | return ret; | |
367 | } | |
368 | ||
369 | static int test_invalid_keypair(void) | |
370 | { | |
371 | int ret = 0; | |
372 | RSA *key = NULL; | |
373 | BN_CTX *ctx = NULL; | |
374 | BIGNUM *p = NULL, *q = NULL, *n = NULL, *e = NULL, *d = NULL; | |
375 | ||
376 | ret = TEST_ptr(key = RSA_new()) | |
377 | && TEST_ptr(ctx = BN_CTX_new()) | |
378 | /* NULL parameters */ | |
23b2fc0b | 379 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) |
8240d5fa SL |
380 | /* load key */ |
381 | && TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p))) | |
382 | && TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q))) | |
a12864a5 SL |
383 | && TEST_true(RSA_set0_factors(key, p, q)); |
384 | if (!ret) { | |
385 | BN_free(p); | |
386 | BN_free(q); | |
387 | goto end; | |
388 | } | |
389 | ||
390 | ret = TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) | |
8240d5fa SL |
391 | && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) |
392 | && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) | |
a12864a5 SL |
393 | && TEST_true(RSA_set0_key(key, n, e, d)); |
394 | if (!ret) { | |
395 | BN_free(e); | |
396 | BN_free(n); | |
397 | BN_free(d); | |
398 | goto end; | |
399 | } | |
8240d5fa | 400 | /* bad strength/key size */ |
23b2fc0b P |
401 | ret = TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 100, 2048)) |
402 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 112, 1024)) | |
403 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 128, 2048)) | |
404 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 140, 3072)) | |
8240d5fa | 405 | /* mismatching exponent */ |
23b2fc0b P |
406 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, BN_value_one(), |
407 | -1, 2048)) | |
8240d5fa SL |
408 | /* bad exponent */ |
409 | && TEST_true(BN_add_word(e, 1)) | |
23b2fc0b | 410 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) |
8240d5fa SL |
411 | && TEST_true(BN_sub_word(e, 1)) |
412 | ||
413 | /* mismatch between bits and modulus */ | |
23b2fc0b P |
414 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 3072)) |
415 | && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, e, 112, 2048)) | |
8240d5fa SL |
416 | /* check n == pq failure */ |
417 | && TEST_true(BN_add_word(n, 1)) | |
23b2fc0b | 418 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) |
8240d5fa SL |
419 | && TEST_true(BN_sub_word(n, 1)) |
420 | /* check p */ | |
421 | && TEST_true(BN_sub_word(p, 2)) | |
422 | && TEST_true(BN_mul(n, p, q, ctx)) | |
23b2fc0b | 423 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) |
8240d5fa SL |
424 | && TEST_true(BN_add_word(p, 2)) |
425 | && TEST_true(BN_mul(n, p, q, ctx)) | |
426 | /* check q */ | |
427 | && TEST_true(BN_sub_word(q, 2)) | |
428 | && TEST_true(BN_mul(n, p, q, ctx)) | |
23b2fc0b | 429 | && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) |
8240d5fa SL |
430 | && TEST_true(BN_add_word(q, 2)) |
431 | && TEST_true(BN_mul(n, p, q, ctx)); | |
a12864a5 | 432 | end: |
8240d5fa SL |
433 | RSA_free(key); |
434 | BN_CTX_free(ctx); | |
435 | return ret; | |
436 | } | |
437 | ||
8240d5fa SL |
438 | static int keygen_size[] = |
439 | { | |
440 | 2048, 3072 | |
441 | }; | |
442 | ||
443 | static int test_sp80056b_keygen(int id) | |
444 | { | |
445 | RSA *key = NULL; | |
446 | int ret; | |
447 | int sz = keygen_size[id]; | |
448 | ||
449 | ret = TEST_ptr(key = RSA_new()) | |
23b2fc0b P |
450 | && TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL)) |
451 | && TEST_true(ossl_rsa_sp800_56b_check_public(key)) | |
452 | && TEST_true(ossl_rsa_sp800_56b_check_private(key)) | |
453 | && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz)); | |
8240d5fa SL |
454 | |
455 | RSA_free(key); | |
456 | return ret; | |
457 | } | |
458 | ||
459 | static int test_check_private_key(void) | |
460 | { | |
461 | int ret = 0; | |
462 | BIGNUM *n = NULL, *d = NULL, *e = NULL; | |
463 | RSA *key = NULL; | |
464 | ||
465 | ret = TEST_ptr(key = RSA_new()) | |
466 | /* check NULL pointers fail */ | |
23b2fc0b | 467 | && TEST_false(ossl_rsa_sp800_56b_check_private(key)) |
8240d5fa SL |
468 | /* load private key */ |
469 | && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) | |
470 | && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) | |
471 | && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) | |
a12864a5 SL |
472 | && TEST_true(RSA_set0_key(key, n, e, d)); |
473 | if (!ret) { | |
474 | BN_free(n); | |
475 | BN_free(e); | |
476 | BN_free(d); | |
477 | goto end; | |
478 | } | |
479 | /* check d is in range */ | |
23b2fc0b | 480 | ret = TEST_true(ossl_rsa_sp800_56b_check_private(key)) |
8240d5fa SL |
481 | /* check d is too low */ |
482 | && TEST_true(BN_set_word(d, 0)) | |
23b2fc0b | 483 | && TEST_false(ossl_rsa_sp800_56b_check_private(key)) |
8240d5fa SL |
484 | /* check d is too high */ |
485 | && TEST_ptr(BN_copy(d, n)) | |
23b2fc0b | 486 | && TEST_false(ossl_rsa_sp800_56b_check_private(key)); |
a12864a5 | 487 | end: |
8240d5fa SL |
488 | RSA_free(key); |
489 | return ret; | |
490 | } | |
491 | ||
492 | static int test_check_public_key(void) | |
493 | { | |
494 | int ret = 0; | |
495 | BIGNUM *n = NULL, *e = NULL; | |
496 | RSA *key = NULL; | |
497 | ||
498 | ret = TEST_ptr(key = RSA_new()) | |
499 | /* check NULL pointers fail */ | |
23b2fc0b | 500 | && TEST_false(ossl_rsa_sp800_56b_check_public(key)) |
8240d5fa SL |
501 | /* load public key */ |
502 | && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) | |
503 | && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) | |
a12864a5 SL |
504 | && TEST_true(RSA_set0_key(key, n, e, NULL)); |
505 | if (!ret) { | |
506 | BN_free(e); | |
507 | BN_free(n); | |
508 | goto end; | |
509 | } | |
510 | /* check public key is valid */ | |
23b2fc0b | 511 | ret = TEST_true(ossl_rsa_sp800_56b_check_public(key)) |
8240d5fa SL |
512 | /* check fail if n is even */ |
513 | && TEST_true(BN_add_word(n, 1)) | |
23b2fc0b | 514 | && TEST_false(ossl_rsa_sp800_56b_check_public(key)) |
8240d5fa SL |
515 | && TEST_true(BN_sub_word(n, 1)) |
516 | /* check fail if n is wrong number of bits */ | |
517 | && TEST_true(BN_lshift1(n, n)) | |
23b2fc0b | 518 | && TEST_false(ossl_rsa_sp800_56b_check_public(key)) |
8240d5fa SL |
519 | && TEST_true(BN_rshift1(n, n)) |
520 | /* test odd exponent fails */ | |
521 | && TEST_true(BN_add_word(e, 1)) | |
23b2fc0b | 522 | && TEST_false(ossl_rsa_sp800_56b_check_public(key)) |
8240d5fa SL |
523 | && TEST_true(BN_sub_word(e, 1)) |
524 | /* modulus fails composite check */ | |
525 | && TEST_true(BN_add_word(n, 2)) | |
23b2fc0b | 526 | && TEST_false(ossl_rsa_sp800_56b_check_public(key)); |
a12864a5 | 527 | end: |
8240d5fa SL |
528 | RSA_free(key); |
529 | return ret; | |
530 | } | |
531 | ||
532 | int setup_tests(void) | |
533 | { | |
534 | ADD_TEST(test_check_public_exponent); | |
535 | ADD_TEST(test_check_prime_factor_range); | |
536 | ADD_TEST(test_check_prime_factor); | |
537 | ADD_TEST(test_check_private_exponent); | |
538 | ADD_TEST(test_check_crt_components); | |
539 | ADD_TEST(test_check_private_key); | |
540 | ADD_TEST(test_check_public_key); | |
541 | ADD_TEST(test_invalid_keypair); | |
542 | ADD_TEST(test_pq_diff); | |
8240d5fa SL |
543 | ADD_ALL_TESTS(test_sp80056b_keygen, (int)OSSL_NELEM(keygen_size)); |
544 | return 1; | |
545 | } |