2 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include "internal/nelem.h"
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/rand.h>
18 #include <openssl/bn.h>
29 # include "rsa_local.h"
30 # include <openssl/rsa.h>
32 /* taken from RSA2 cavs data */
33 static const unsigned char cav_e
[] = {
36 static const unsigned char cav_p
[] = {
37 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0,
38 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02,
39 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d,
40 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41,
41 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xbc,0x4c,
42 0x01,0xa5,0x4b,0xbd,0xa4,0x20,0xb5,0x20,0xd5,0x59,0x6f,0x82,0x5c,0x8f,0x4f,
43 0xe0,0x3a,0x4e,0x7e,0xfe,0x44,0xf3,0x3c,0xc0,0x0e,0x14,0x2b,0x32,0xe6,0x28,
44 0x8b,0x63,0x87,0x00,0xc3,0x53,0x4a,0x5b,0x71,0x7a,0x5b,0x28,0x40,0xc4,0x18,
45 0xb6,0x77,0x0b,0xab,0x59,0xa4,0x96,0x7d
47 static const unsigned char cav_q
[] = {
48 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb,
49 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf,
50 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68,
51 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e,
52 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xc4,0x44,0xdd,
53 0xf7,0x7e,0xda,0x47,0x4a,0x67,0x44,0x5d,0x4e,0x75,0xf0,0x4d,0x00,0x68,0xe1,
54 0x4a,0xec,0x1f,0x45,0xf9,0xe6,0xca,0x38,0x95,0x48,0x6f,0xdc,0x9d,0x1b,0xa3,
55 0x4b,0xfd,0x08,0x4b,0x54,0xcd,0xeb,0x3d,0xef,0x33,0x11,0x6e,0xce,0xe4,0x5d,
56 0xef,0xa9,0x58,0x5c,0x87,0x4d,0xc8,0xcf
58 static const unsigned char cav_n
[] = {
59 0xce,0x5e,0x8d,0x1a,0xa3,0x08,0x7a,0x2d,0xb4,0x49,0x48,0xf0,0x06,0xb6,0xfe,
60 0xba,0x2f,0x39,0x7c,0x7b,0xe0,0x5d,0x09,0x2d,0x57,0x4e,0x54,0x60,0x9c,0xe5,
61 0x08,0x4b,0xe1,0x1a,0x73,0xc1,0x5e,0x2f,0xb6,0x46,0xd7,0x81,0xca,0xbc,0x98,
62 0xd2,0xf9,0xef,0x1c,0x92,0x8c,0x8d,0x99,0x85,0x28,0x52,0xd6,0xd5,0xab,0x70,
63 0x7e,0x9e,0xa9,0x87,0x82,0xc8,0x95,0x64,0xeb,0xf0,0x6c,0x0f,0x3f,0xe9,0x02,
64 0x29,0x2e,0x6d,0xa1,0xec,0xbf,0xdc,0x23,0xdf,0x82,0x4f,0xab,0x39,0x8d,0xcc,
65 0xac,0x21,0x51,0x14,0xf8,0xef,0xec,0x73,0x80,0x86,0xa3,0xcf,0x8f,0xd5,0xcf,
66 0x22,0x1f,0xcc,0x23,0x2f,0xba,0xcb,0xf6,0x17,0xcd,0x3a,0x1f,0xd9,0x84,0xb9,
67 0x88,0xa7,0x78,0x0f,0xaa,0xc9,0x04,0x01,0x20,0x72,0x5d,0x2a,0xfe,0x5b,0xdd,
68 0x16,0x5a,0xed,0x83,0x02,0x96,0x39,0x46,0x37,0x30,0xc1,0x0d,0x87,0xc2,0xc8,
69 0x33,0x38,0xed,0x35,0x72,0xe5,0x29,0xf8,0x1f,0x23,0x60,0xe1,0x2a,0x5b,0x1d,
70 0x6b,0x53,0x3f,0x07,0xc4,0xd9,0xbb,0x04,0x0c,0x5c,0x3f,0x0b,0xc4,0xd4,0x61,
71 0x96,0x94,0xf1,0x0f,0x4a,0x49,0xac,0xde,0xd2,0xe8,0x42,0xb3,0x4a,0x0b,0x64,
72 0x7a,0x32,0x5f,0x2b,0x5b,0x0f,0x8b,0x8b,0xe0,0x33,0x23,0x34,0x64,0xf8,0xb5,
73 0x7f,0x69,0x60,0xb8,0x71,0xe9,0xff,0x92,0x42,0xb1,0xf7,0x23,0xa8,0xa7,0x92,
74 0x04,0x3d,0x6b,0xff,0xf7,0xab,0xbb,0x14,0x1f,0x4c,0x10,0x97,0xd5,0x6b,0x71,
75 0x12,0xfd,0x93,0xa0,0x4a,0x3b,0x75,0x72,0x40,0x96,0x1c,0x5f,0x40,0x40,0x57,
78 static const unsigned char cav_d
[] = {
79 0x47,0x47,0x49,0x1d,0x66,0x2a,0x4b,0x68,0xf5,0xd8,0x4a,0x24,0xfd,0x6c,0xbf,
80 0x56,0xb7,0x70,0xf7,0x9a,0x21,0xc8,0x80,0x9e,0xf4,0x84,0xcd,0x88,0x01,0x28,
81 0xea,0x50,0xab,0x13,0x63,0xdf,0xea,0x14,0x38,0xb5,0x07,0x42,0x81,0x2f,0xda,
82 0xe9,0x24,0x02,0x7e,0xaf,0xef,0x74,0x09,0x0e,0x80,0xfa,0xfb,0xd1,0x19,0x41,
83 0xe5,0xba,0x0f,0x7c,0x0a,0xa4,0x15,0x55,0xa2,0x58,0x8c,0x3a,0x48,0x2c,0xc6,
84 0xde,0x4a,0x76,0xfb,0x72,0xb6,0x61,0xe6,0xd2,0x10,0x44,0x4c,0x33,0xb8,0xd2,
85 0x74,0xb1,0x9d,0x3b,0xcd,0x2f,0xb1,0x4f,0xc3,0x98,0xbd,0x83,0xb7,0x7e,0x75,
86 0xe8,0xa7,0x6a,0xee,0xcc,0x51,0x8c,0x99,0x17,0x67,0x7f,0x27,0xf9,0x0d,0x6a,
87 0xb7,0xd4,0x80,0x17,0x89,0x39,0x9c,0xf3,0xd7,0x0f,0xdf,0xb0,0x55,0x80,0x1d,
88 0xaf,0x57,0x2e,0xd0,0xf0,0x4f,0x42,0x69,0x55,0xbc,0x83,0xd6,0x97,0x83,0x7a,
89 0xe6,0xc6,0x30,0x6d,0x3d,0xb5,0x21,0xa7,0xc4,0x62,0x0a,0x20,0xce,0x5e,0x5a,
90 0x17,0x98,0xb3,0x6f,0x6b,0x9a,0xeb,0x6b,0xa3,0xc4,0x75,0xd8,0x2b,0xdc,0x5c,
91 0x6f,0xec,0x5d,0x49,0xac,0xa8,0xa4,0x2f,0xb8,0x8c,0x4f,0x2e,0x46,0x21,0xee,
92 0x72,0x6a,0x0e,0x22,0x80,0x71,0xc8,0x76,0x40,0x44,0x61,0x16,0xbf,0xa5,0xf8,
93 0x89,0xc7,0xe9,0x87,0xdf,0xbd,0x2e,0x4b,0x4e,0xc2,0x97,0x53,0xe9,0x49,0x1c,
94 0x05,0xb0,0x0b,0x9b,0x9f,0x21,0x19,0x41,0xe9,0xf5,0x61,0xd7,0x33,0x2e,0x2c,
95 0x94,0xb8,0xa8,0x9a,0x3a,0xcc,0x6a,0x24,0x8d,0x19,0x13,0xee,0xb9,0xb0,0x48,
100 static BIGNUM
*bn_load_new(const unsigned char *data
, int sz
)
102 BIGNUM
*ret
= BN_new();
104 BN_bin2bn(data
, sz
, ret
);
108 static int test_check_public_exponent(void)
113 ret
= TEST_ptr(e
= BN_new())
115 && TEST_true(BN_set_word(e
, 65535))
116 && TEST_false(rsa_check_public_exponent(e
))
117 /* e is even will fail */
118 && TEST_true(BN_set_word(e
, 65536))
119 && TEST_false(rsa_check_public_exponent(e
))
121 && TEST_true(BN_set_word(e
, 65537))
122 && TEST_true(rsa_check_public_exponent(e
))
123 /* e = 2^256 is too big */
124 && TEST_true(BN_lshift(e
, BN_value_one(), 256))
125 && TEST_false(rsa_check_public_exponent(e
))
126 /* e = 2^256-1 is odd and in range */
127 && TEST_true(BN_sub(e
, e
, BN_value_one()))
128 && TEST_true(rsa_check_public_exponent(e
));
133 static int test_check_prime_factor_range(void)
138 BIGNUM
*bn_p1
= NULL
, *bn_p2
= NULL
, *bn_p3
= NULL
, *bn_p4
= NULL
;
139 /* Some range checks that are larger than 32 bits */
140 static const unsigned char p1
[] = { 0x0B, 0x50, 0x4F, 0x33, 0x3F };
141 static const unsigned char p2
[] = { 0x10, 0x00, 0x00, 0x00, 0x00 };
142 static const unsigned char p3
[] = { 0x0B, 0x50, 0x4F, 0x33, 0x40 };
143 static const unsigned char p4
[] = { 0x0F, 0xFF, 0xFF, 0xFF, 0xFF };
145 /* (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2) - 1
146 * For 8 bits: 0xB.504F <= p <= 0xF
147 * for 72 bits: 0xB504F333F. <= p <= 0xF_FFFF_FFFF
149 ret
= TEST_ptr(p
= BN_new())
150 && TEST_ptr(bn_p1
= bn_load_new(p1
, sizeof(p1
)))
151 && TEST_ptr(bn_p2
= bn_load_new(p2
, sizeof(p2
)))
152 && TEST_ptr(bn_p3
= bn_load_new(p3
, sizeof(p3
)))
153 && TEST_ptr(bn_p4
= bn_load_new(p4
, sizeof(p4
)))
154 && TEST_ptr(ctx
= BN_CTX_new())
155 && TEST_true(BN_set_word(p
, 0xA))
156 && TEST_false(rsa_check_prime_factor_range(p
, 8, ctx
))
157 && TEST_true(BN_set_word(p
, 0x10))
158 && TEST_false(rsa_check_prime_factor_range(p
, 8, ctx
))
159 && TEST_true(BN_set_word(p
, 0xB))
160 && TEST_false(rsa_check_prime_factor_range(p
, 8, ctx
))
161 && TEST_true(BN_set_word(p
, 0xC))
162 && TEST_true(rsa_check_prime_factor_range(p
, 8, ctx
))
163 && TEST_true(BN_set_word(p
, 0xF))
164 && TEST_true(rsa_check_prime_factor_range(p
, 8, ctx
))
165 && TEST_false(rsa_check_prime_factor_range(bn_p1
, 72, ctx
))
166 && TEST_false(rsa_check_prime_factor_range(bn_p2
, 72, ctx
))
167 && TEST_true(rsa_check_prime_factor_range(bn_p3
, 72, ctx
))
168 && TEST_true(rsa_check_prime_factor_range(bn_p4
, 72, ctx
));
179 static int test_check_prime_factor(void)
183 BIGNUM
*p
= NULL
, *e
= NULL
;
184 BIGNUM
*bn_p1
= NULL
, *bn_p2
= NULL
, *bn_p3
= NULL
;
186 /* Some range checks that are larger than 32 bits */
187 static const unsigned char p1
[] = { 0x0B, 0x50, 0x4f, 0x33, 0x73 };
188 static const unsigned char p2
[] = { 0x0B, 0x50, 0x4f, 0x33, 0x75 };
189 static const unsigned char p3
[] = { 0x0F, 0x50, 0x00, 0x03, 0x75 };
191 ret
= TEST_ptr(p
= BN_new())
192 && TEST_ptr(bn_p1
= bn_load_new(p1
, sizeof(p1
)))
193 && TEST_ptr(bn_p2
= bn_load_new(p2
, sizeof(p2
)))
194 && TEST_ptr(bn_p3
= bn_load_new(p3
, sizeof(p3
)))
195 && TEST_ptr(e
= BN_new())
196 && TEST_ptr(ctx
= BN_CTX_new())
197 /* Fails the prime test */
198 && TEST_true(BN_set_word(e
, 0x1))
199 && TEST_false(rsa_check_prime_factor(bn_p1
, e
, 72, ctx
))
200 /* p is prime and in range and gcd(p-1, e) = 1 */
201 && TEST_true(rsa_check_prime_factor(bn_p2
, e
, 72, ctx
))
202 /* gcd(p-1,e) = 1 test fails */
203 && TEST_true(BN_set_word(e
, 0x2))
204 && TEST_false(rsa_check_prime_factor(p
, e
, 72, ctx
))
205 /* p fails the range check */
206 && TEST_true(BN_set_word(e
, 0x1))
207 && TEST_false(rsa_check_prime_factor(bn_p3
, e
, 72, ctx
));
218 static int test_check_private_exponent(void)
223 BIGNUM
*p
= NULL
, *q
= NULL
, *e
= NULL
, *d
= NULL
, *n
= NULL
;
225 ret
= TEST_ptr(key
= RSA_new())
226 && TEST_ptr(ctx
= BN_CTX_new())
227 && TEST_ptr(p
= BN_new())
228 && TEST_ptr(q
= BN_new())
229 /* lcm(15-1,17-1) = 14*16 / 2 = 112 */
230 && TEST_true(BN_set_word(p
, 15))
231 && TEST_true(BN_set_word(q
, 17))
232 && TEST_true(RSA_set0_factors(key
, p
, q
));
239 ret
= TEST_ptr(e
= BN_new())
240 && TEST_ptr(d
= BN_new())
241 && TEST_ptr(n
= BN_new())
242 && TEST_true(BN_set_word(e
, 5))
243 && TEST_true(BN_set_word(d
, 157))
244 && TEST_true(BN_set_word(n
, 15*17))
245 && TEST_true(RSA_set0_key(key
, n
, e
, d
));
252 /* fails since d >= lcm(p-1, q-1) */
253 ret
= TEST_false(rsa_check_private_exponent(key
, 8, ctx
))
254 && TEST_true(BN_set_word(d
, 45))
255 /* d is correct size and 1 = e.d mod lcm(p-1, q-1) */
256 && TEST_true(rsa_check_private_exponent(key
, 8, ctx
))
257 /* d is too small compared to nbits */
258 && TEST_false(rsa_check_private_exponent(key
, 16, ctx
))
259 /* d is too small compared to nbits */
260 && TEST_true(BN_set_word(d
, 16))
261 && TEST_false(rsa_check_private_exponent(key
, 8, ctx
))
262 /* fail if 1 != e.d mod lcm(p-1, q-1) */
263 && TEST_true(BN_set_word(d
, 46))
264 && TEST_false(rsa_check_private_exponent(key
, 8, ctx
));
271 static int test_check_crt_components(void)
284 BIGNUM
*p
= NULL
, *q
= NULL
, *e
= NULL
;
286 ret
= TEST_ptr(key
= RSA_new())
287 && TEST_ptr(ctx
= BN_CTX_new())
288 && TEST_ptr(p
= BN_new())
289 && TEST_ptr(q
= BN_new())
290 && TEST_ptr(e
= BN_new())
291 && TEST_true(BN_set_word(p
, P
))
292 && TEST_true(BN_set_word(q
, Q
))
293 && TEST_true(BN_set_word(e
, E
))
294 && TEST_true(RSA_set0_factors(key
, p
, q
));
300 ret
= TEST_true(rsa_sp800_56b_derive_params_from_pq(key
, 8, e
, ctx
))
301 && TEST_BN_eq_word(key
->n
, N
)
302 && TEST_BN_eq_word(key
->dmp1
, DP
)
303 && TEST_BN_eq_word(key
->dmq1
, DQ
)
304 && TEST_BN_eq_word(key
->iqmp
, QINV
)
305 && TEST_true(rsa_check_crt_components(key
, ctx
))
306 /* (a) 1 < dP < (p – 1). */
307 && TEST_true(BN_set_word(key
->dmp1
, 1))
308 && TEST_false(rsa_check_crt_components(key
, ctx
))
309 && TEST_true(BN_set_word(key
->dmp1
, P
-1))
310 && TEST_false(rsa_check_crt_components(key
, ctx
))
311 && TEST_true(BN_set_word(key
->dmp1
, DP
))
312 /* (b) 1 < dQ < (q - 1). */
313 && TEST_true(BN_set_word(key
->dmq1
, 1))
314 && TEST_false(rsa_check_crt_components(key
, ctx
))
315 && TEST_true(BN_set_word(key
->dmq1
, Q
-1))
316 && TEST_false(rsa_check_crt_components(key
, ctx
))
317 && TEST_true(BN_set_word(key
->dmq1
, DQ
))
318 /* (c) 1 < qInv < p */
319 && TEST_true(BN_set_word(key
->iqmp
, 1))
320 && TEST_false(rsa_check_crt_components(key
, ctx
))
321 && TEST_true(BN_set_word(key
->iqmp
, P
))
322 && TEST_false(rsa_check_crt_components(key
, ctx
))
323 && TEST_true(BN_set_word(key
->iqmp
, QINV
))
324 /* (d) 1 = (dP . e) mod (p - 1)*/
325 && TEST_true(BN_set_word(key
->dmp1
, DP
+1))
326 && TEST_false(rsa_check_crt_components(key
, ctx
))
327 && TEST_true(BN_set_word(key
->dmp1
, DP
))
328 /* (e) 1 = (dQ . e) mod (q - 1) */
329 && TEST_true(BN_set_word(key
->dmq1
, DQ
-1))
330 && TEST_false(rsa_check_crt_components(key
, ctx
))
331 && TEST_true(BN_set_word(key
->dmq1
, DQ
))
332 /* (f) 1 = (qInv . q) mod p */
333 && TEST_true(BN_set_word(key
->iqmp
, QINV
+1))
334 && TEST_false(rsa_check_crt_components(key
, ctx
))
335 && TEST_true(BN_set_word(key
->iqmp
, QINV
))
336 /* check defaults are still valid */
337 && TEST_true(rsa_check_crt_components(key
, ctx
));
345 static int test_pq_diff(void)
348 BIGNUM
*tmp
= NULL
, *p
= NULL
, *q
= NULL
;
350 ret
= TEST_ptr(tmp
= BN_new())
351 && TEST_ptr(p
= BN_new())
352 && TEST_ptr(q
= BN_new())
353 /* |1-(2+1)| > 2^1 */
354 && TEST_true(BN_set_word(p
, 1))
355 && TEST_true(BN_set_word(q
, 1+2))
356 && TEST_false(rsa_check_pminusq_diff(tmp
, p
, q
, 202))
357 /* Check |p - q| > 2^(nbits/2 - 100) */
358 && TEST_true(BN_set_word(q
, 1+3))
359 && TEST_true(rsa_check_pminusq_diff(tmp
, p
, q
, 202))
360 && TEST_true(BN_set_word(p
, 1+3))
361 && TEST_true(BN_set_word(q
, 1))
362 && TEST_true(rsa_check_pminusq_diff(tmp
, p
, q
, 202));
369 static int test_invalid_keypair(void)
374 BIGNUM
*p
= NULL
, *q
= NULL
, *n
= NULL
, *e
= NULL
, *d
= NULL
;
376 ret
= TEST_ptr(key
= RSA_new())
377 && TEST_ptr(ctx
= BN_CTX_new())
378 /* NULL parameters */
379 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1, 2048))
381 && TEST_ptr(p
= bn_load_new(cav_p
, sizeof(cav_p
)))
382 && TEST_ptr(q
= bn_load_new(cav_q
, sizeof(cav_q
)))
383 && TEST_true(RSA_set0_factors(key
, p
, q
));
390 ret
= TEST_ptr(e
= bn_load_new(cav_e
, sizeof(cav_e
)))
391 && TEST_ptr(n
= bn_load_new(cav_n
, sizeof(cav_n
)))
392 && TEST_ptr(d
= bn_load_new(cav_d
, sizeof(cav_d
)))
393 && TEST_true(RSA_set0_key(key
, n
, e
, d
));
400 /* bad strength/key size */
401 ret
= TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, 100, 2048))
402 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, 112, 1024))
403 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, 128, 2048))
404 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, 140, 3072))
405 /* mismatching exponent */
406 && TEST_false(rsa_sp800_56b_check_keypair(key
, BN_value_one(), -1,
409 && TEST_true(BN_add_word(e
, 1))
410 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1,
412 && TEST_true(BN_sub_word(e
, 1))
414 /* mismatch between bits and modulus */
415 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1, 3072))
416 && TEST_true(rsa_sp800_56b_check_keypair(key
, e
, 112, 2048))
417 /* check n == pq failure */
418 && TEST_true(BN_add_word(n
, 1))
419 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1, 2048))
420 && TEST_true(BN_sub_word(n
, 1))
422 && TEST_true(BN_sub_word(p
, 2))
423 && TEST_true(BN_mul(n
, p
, q
, ctx
))
424 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1, 2048))
425 && TEST_true(BN_add_word(p
, 2))
426 && TEST_true(BN_mul(n
, p
, q
, ctx
))
428 && TEST_true(BN_sub_word(q
, 2))
429 && TEST_true(BN_mul(n
, p
, q
, ctx
))
430 && TEST_false(rsa_sp800_56b_check_keypair(key
, NULL
, -1, 2048))
431 && TEST_true(BN_add_word(q
, 2))
432 && TEST_true(BN_mul(n
, p
, q
, ctx
));
439 static int keygen_size
[] =
444 static int test_sp80056b_keygen(int id
)
448 int sz
= keygen_size
[id
];
450 ret
= TEST_ptr(key
= RSA_new())
451 && TEST_true(rsa_sp800_56b_generate_key(key
, sz
, NULL
, NULL
))
452 && TEST_true(rsa_sp800_56b_check_public(key
))
453 && TEST_true(rsa_sp800_56b_check_private(key
))
454 && TEST_true(rsa_sp800_56b_check_keypair(key
, NULL
, -1, sz
));
460 static int test_check_private_key(void)
463 BIGNUM
*n
= NULL
, *d
= NULL
, *e
= NULL
;
466 ret
= TEST_ptr(key
= RSA_new())
467 /* check NULL pointers fail */
468 && TEST_false(rsa_sp800_56b_check_private(key
))
469 /* load private key */
470 && TEST_ptr(n
= bn_load_new(cav_n
, sizeof(cav_n
)))
471 && TEST_ptr(d
= bn_load_new(cav_d
, sizeof(cav_d
)))
472 && TEST_ptr(e
= bn_load_new(cav_e
, sizeof(cav_e
)))
473 && TEST_true(RSA_set0_key(key
, n
, e
, d
));
480 /* check d is in range */
481 ret
= TEST_true(rsa_sp800_56b_check_private(key
))
482 /* check d is too low */
483 && TEST_true(BN_set_word(d
, 0))
484 && TEST_false(rsa_sp800_56b_check_private(key
))
485 /* check d is too high */
486 && TEST_ptr(BN_copy(d
, n
))
487 && TEST_false(rsa_sp800_56b_check_private(key
));
493 static int test_check_public_key(void)
496 BIGNUM
*n
= NULL
, *e
= NULL
;
499 ret
= TEST_ptr(key
= RSA_new())
500 /* check NULL pointers fail */
501 && TEST_false(rsa_sp800_56b_check_public(key
))
502 /* load public key */
503 && TEST_ptr(e
= bn_load_new(cav_e
, sizeof(cav_e
)))
504 && TEST_ptr(n
= bn_load_new(cav_n
, sizeof(cav_n
)))
505 && TEST_true(RSA_set0_key(key
, n
, e
, NULL
));
511 /* check public key is valid */
512 ret
= TEST_true(rsa_sp800_56b_check_public(key
))
513 /* check fail if n is even */
514 && TEST_true(BN_add_word(n
, 1))
515 && TEST_false(rsa_sp800_56b_check_public(key
))
516 && TEST_true(BN_sub_word(n
, 1))
517 /* check fail if n is wrong number of bits */
518 && TEST_true(BN_lshift1(n
, n
))
519 && TEST_false(rsa_sp800_56b_check_public(key
))
520 && TEST_true(BN_rshift1(n
, n
))
521 /* test odd exponent fails */
522 && TEST_true(BN_add_word(e
, 1))
523 && TEST_false(rsa_sp800_56b_check_public(key
))
524 && TEST_true(BN_sub_word(e
, 1))
525 /* modulus fails composite check */
526 && TEST_true(BN_add_word(n
, 2))
527 && TEST_false(rsa_sp800_56b_check_public(key
));
533 int setup_tests(void)
535 ADD_TEST(test_check_public_exponent
);
536 ADD_TEST(test_check_prime_factor_range
);
537 ADD_TEST(test_check_prime_factor
);
538 ADD_TEST(test_check_private_exponent
);
539 ADD_TEST(test_check_crt_components
);
540 ADD_TEST(test_check_private_key
);
541 ADD_TEST(test_check_public_key
);
542 ADD_TEST(test_invalid_keypair
);
543 ADD_TEST(test_pq_diff
);
544 ADD_ALL_TESTS(test_sp80056b_keygen
, (int)OSSL_NELEM(keygen_size
));