]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/rsa_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security hardening: Expose Build flags for Position Independed Execution (PIE)
[thirdparty/openssl.git] / test / rsa_test.c
CommitLineData
440e5d80 1/*
da1c088f 2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
440e5d80 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
a4949896
BL		 10/* test vectors from p1ovect1.txt */
11
c5f87134
P		 12/*
13 * RSA low level APIs are deprecated for public use, but still ok for
14 * internal use.
15 */
16#include "internal/deprecated.h"
17
a4949896 18#include <stdio.h>
28847dd1 19#include <string.h>
17e3dd1c 20
176db6dc 21#include "internal/nelem.h"
17e3dd1c 22
baac3b4b 23#include <openssl/crypto.h>
ec577822 24#include <openssl/err.h>
105c0be0 25#include <openssl/rand.h>
0f814687 26#include <openssl/bn.h>
48f17396 27
48f17396
JS		 28#include "testutil.h"
29
3a1ee3c1 30#include <openssl/rsa.h>
a4949896 31
3a1ee3c1 32#define SetKey \
9862e9aa
RL		 33 RSA_set0_key(key, \
34 BN_bin2bn(n, sizeof(n)-1, NULL), \
35 BN_bin2bn(e, sizeof(e)-1, NULL), \
36 BN_bin2bn(d, sizeof(d)-1, NULL)); \
37 RSA_set0_factors(key, \
38 BN_bin2bn(p, sizeof(p)-1, NULL), \
39 BN_bin2bn(q, sizeof(q)-1, NULL)); \
40 RSA_set0_crt_params(key, \
41 BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \
42 BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \
43 BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
4357b617
MC		 44 if (c != NULL) \
45 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
c2500f65 46 return sizeof(ctext_ex) - 1;
a4949896 47
397f7038 48static int key1(RSA *key, unsigned char *c)
0f113f3e 49{
7a01a45b 50 static unsigned char n[] =
0f113f3e
MC		 51 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
52 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
53 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
54 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
55 "\xF5";
a4949896 56
7a01a45b 57 static unsigned char e[] = "\x11";
a4949896 58
7a01a45b 59 static unsigned char d[] =
0f113f3e
MC		 60 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
61 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
62 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
63 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
a4949896 64
7a01a45b 65 static unsigned char p[] =
0f113f3e
MC		 66 "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
67 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
68 "\x0D";
69
7a01a45b 70 static unsigned char q[] =
0f113f3e
MC		 71 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
72 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
73 "\x89";
31a674d8 74
7a01a45b 75 static unsigned char dmp1[] =
0f113f3e
MC		 76 "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
77 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
31a674d8 78
7a01a45b 79 static unsigned char dmq1[] =
0f113f3e
MC		 80 "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
81 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
82 "\x51";
31a674d8 83
7a01a45b 84 static unsigned char iqmp[] =
0f113f3e
MC		 85 "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
86 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
31a674d8 87
7a01a45b 88 static unsigned char ctext_ex[] =
0f113f3e
MC		 89 "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
90 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
91 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
92 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
a4949896
BL		 93
94 SetKey;
0f113f3e 95}
a4949896 96
397f7038 97static int key2(RSA *key, unsigned char *c)
0f113f3e 98{
7a01a45b 99 static unsigned char n[] =
0f113f3e
MC		 100 "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
101 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
102 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
103 "\x34\x77\xCF";
a4949896 104
7a01a45b 105 static unsigned char e[] = "\x3";
a4949896 106
7a01a45b 107 static unsigned char d[] =
0f113f3e
MC		 108 "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
109 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
110 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
111 "\xE5\xEB";
a4949896 112
7a01a45b 113 static unsigned char p[] =
0f113f3e
MC		 114 "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
115 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
a4949896 116
7a01a45b 117 static unsigned char q[] =
0f113f3e
MC		 118 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
119 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
120
7a01a45b 121 static unsigned char dmp1[] =
0f113f3e
MC		 122 "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
123 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
a4949896 124
7a01a45b 125 static unsigned char dmq1[] =
0f113f3e
MC		 126 "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
127 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
a4949896 128
7a01a45b 129 static unsigned char iqmp[] =
0f113f3e
MC		 130 "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
131 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
a4949896 132
7a01a45b 133 static unsigned char ctext_ex[] =
0f113f3e
MC		 134 "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
135 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
136 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
137 "\x62\x51";
a4949896
BL		 138
139 SetKey;
0f113f3e 140}
a4949896 141
397f7038 142static int key3(RSA *key, unsigned char *c)
0f113f3e 143{
7a01a45b 144 static unsigned char n[] =
0f113f3e
MC		 145 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
146 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
147 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
148 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
149 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
150 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
151 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
152 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
153 "\xCB";
a4949896 154
7a01a45b 155 static unsigned char e[] = "\x11";
a4949896 156
7a01a45b 157 static unsigned char d[] =
0f113f3e
MC		 158 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
159 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
160 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
161 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
162 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
163 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
164 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
165 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
166 "\xC1";
31a674d8 167
7a01a45b 168 static unsigned char p[] =
0f113f3e
MC		 169 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
170 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
171 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
172 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
173 "\x99";
31a674d8 174
7a01a45b 175 static unsigned char q[] =
0f113f3e
MC		 176 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
177 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
178 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
179 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
180 "\x03";
31a674d8 181
7a01a45b 182 static unsigned char dmp1[] =
0f113f3e
MC		 183 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
184 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
185 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
186 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
31a674d8 187
7a01a45b 188 static unsigned char dmq1[] =
0f113f3e
MC		 189 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
190 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
191 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
192 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
193
7a01a45b 194 static unsigned char iqmp[] =
0f113f3e
MC		 195 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
196 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
197 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
198 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
199 "\xF7";
31a674d8 200
7a01a45b 201 static unsigned char ctext_ex[] =
0f113f3e
MC		 202 "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
203 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
204 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
205 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
206 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
207 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
208 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
209 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
a4949896
BL		 210
211 SetKey;
0f113f3e 212}
a4949896 213
4357b617 214static int rsa_setkey(RSA** key, unsigned char *ctext, int idx)
14281c47
JS		 215{
216 int clen = 0;
93c87f74 217
14281c47 218 *key = RSA_new();
93c87f74
P		 219 if (*key != NULL)
220 switch (idx) {
221 case 0:
222 clen = key1(*key, ctext);
223 break;
224 case 1:
225 clen = key2(*key, ctext);
226 break;
227 case 2:
228 clen = key3(*key, ctext);
229 break;
230 }
14281c47
JS		 231 return clen;
232}
233
c1ddd392
MC		 234static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type,
235 int success, unsigned char *ctext_ex, int *clen,
236 RSA **retkey)
0f113f3e 237{
48f17396 238 int ret = 0;
a4949896
BL		 239 RSA *key;
240 unsigned char ptext[256];
241 unsigned char ctext[256];
7a01a45b 242 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
a4949896 243 int plen;
4357b617 244 int clentmp = 0;
a4949896
BL		 245 int num;
246
48f17396 247 plen = sizeof(ptext_ex) - 1;
4357b617
MC		 248 clentmp = rsa_setkey(&key, ctext_ex, idx);
249 if (clen != NULL)
250 *clen = clentmp;
48f17396 251
c1ddd392 252 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type);
4357b617 253 if (!TEST_int_eq(num, clentmp))
48f17396
JS		 254 goto err;
255
c1ddd392
MC		 256 num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type);
257 if (success) {
258 if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen))
259 goto err;
260 } else {
261 if (!TEST_int_lt(num, 0))
262 goto err;
263 }
48f17396
JS		 264
265 ret = 1;
4357b617
MC		 266 if (retkey != NULL) {
267 *retkey = key;
268 key = NULL;
269 }
48f17396
JS		 270err:
271 RSA_free(key);
272 return ret;
273}
274
4357b617 275static int test_rsa_pkcs1(int idx)
ac6fff70 276{
c1ddd392
MC		 277 return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL,
278 NULL, NULL);
4357b617 279}
ac6fff70 280
48f17396
JS		 281static int test_rsa_oaep(int idx)
282{
283 int ret = 0;
55e9d8cf 284 RSA *key = NULL;
48f17396 285 unsigned char ptext[256];
48f17396
JS		 286 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
287 unsigned char ctext_ex[256];
288 int plen;
289 int clen = 0;
290 int num;
291 int n;
cb78486d 292
c1ddd392
MC		 293 if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1,
294 ctext_ex, &clen, &key))
48f17396
JS		 295 goto err;
296
4357b617 297 plen = sizeof(ptext_ex) - 1;
48f17396
JS		 298
299 /* Different ciphertexts. Try decrypting ctext_ex */
300 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
301 RSA_PKCS1_OAEP_PADDING);
4357b617 302 if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen))
48f17396
JS		 303 goto err;
304
305 /* Try decrypting corrupted ciphertexts. */
306 for (n = 0; n < clen; ++n) {
36a4637e
DB		 307 ctext_ex[n] ^= 1;
308 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
25d6b340 309 RSA_PKCS1_OAEP_PADDING);
48f17396
JS		 310 if (!TEST_int_le(num, 0))
311 goto err;
36a4637e 312 ctext_ex[n] ^= 1;
0f113f3e 313 }
baac3b4b 314
48f17396
JS		 315 /* Test truncated ciphertexts, as well as negative length. */
316 for (n = -1; n < clen; ++n) {
36a4637e 317 num = RSA_private_decrypt(n, ctext_ex, ptext, key,
48f17396
JS		 318 RSA_PKCS1_OAEP_PADDING);
319 if (!TEST_int_le(num, 0))
320 goto err;
321 }
322
323 ret = 1;
324err:
325 RSA_free(key);
326 return ret;
327}
baac3b4b 328
97b0b713
P		 329static const struct {
330 int bits;
331 unsigned int r;
332} rsa_security_bits_cases[] = {
333 /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */
334 { 2048, 112 },
335 { 3072, 128 },
336 { 4096, 152 },
337 { 6144, 176 },
338 { 8192, 200 },
b59b2f93
P		 339 /* NIST FIPS 140-2 IG 7.5 */
340 { 7680, 192 },
341 { 15360, 256 },
97b0b713
P		 342 /* Older values */
343 { 256, 40 },
344 { 512, 56 },
345 { 1024, 80 },
97b0b713
P		 346 /* Some other values */
347 { 8888, 208 },
348 { 2468, 120 },
b59b2f93
P		 349 { 13456, 248 },
350 /* Edge points */
351 { 15359, 256 },
352 { 15361, 264 },
353 { 7679, 192 },
354 { 7681, 200 },
97b0b713
P		 355};
356
357static int test_rsa_security_bit(int n)
358{
359 static const unsigned char vals[8] = {
360 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40
361 };
362 RSA *key = RSA_new();
363 const int bits = rsa_security_bits_cases[n].bits;
364 const int result = rsa_security_bits_cases[n].r;
365 const int bytes = (bits + 7) / 8;
366 int r = 0;
367 unsigned char num[2000];
368
369 if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num)))
370 goto err;
371
372 /*
373 * It is necessary to set the RSA key in order to ask for the strength.
374 * A BN of an appropriate size is created, in general it won't have the
375 * properties necessary for RSA to function. This is okay here since
376 * the RSA key is never used.
377 */
378 memset(num, vals[bits % 8], bytes);
379
380 /*
381 * The 'e' parameter is set to the same value as 'n'. This saves having
382 * an extra BN to hold a sensible value for 'e'. This is safe since the
383 * RSA key is not used. The 'd' parameter can be NULL safely.
384 */
385 if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL),
386 BN_bin2bn(num, bytes, NULL), NULL))
387 && TEST_uint_eq(RSA_security_bits(key), result))
388 r = 1;
389err:
390 RSA_free(key);
391 return r;
392}
393
e62097f4
NH		 394static int test_EVP_rsa_legacy_key(void)
395{
396 int ret;
397 size_t buflen = 384;
398 size_t msglen = 64;
399 unsigned char sigbuf[384];
400 unsigned char msgbuf[64];
401 BIGNUM *p;
402 BIGNUM *q;
403 BIGNUM *n;
404 BIGNUM *d;
405 BIGNUM *e;
406 RSA *rsa;
407 const EVP_MD *md;
408 EVP_MD_CTX *ctx = NULL;
409 EVP_PKEY *pkey = NULL;
410
411 unsigned char n_data[] = {
412 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf,
413 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd,
414 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6,
415 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8,
416 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11,
417 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b,
418 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0,
419 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1,
420 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99,
421 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e,
422 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d,
423 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f,
424 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05,
425 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54,
426 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc,
427 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52,
428 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe,
429 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55,
430 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45,
431 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16,
432 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97,
433 0x2e, 0xf2, 0x8e, 0x7e, 0x13 };
434
435 unsigned char e_data[] = { 0x01, 0x00, 0x01 };
436
437 unsigned char d_data[] = {
438 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a,
439 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02,
440 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40,
441 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01,
442 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72,
443 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd,
444 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38,
445 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2,
446 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4,
447 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27,
448 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c,
449 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f,
450 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e,
451 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15,
452 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81,
453 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22,
454 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9,
455 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b,
456 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4,
457 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf,
458 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d,
459 0xf4, 0xfa, 0x60, 0xc1 };
460
461 unsigned char p_data[] = {
462 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec,
463 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2,
464 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9,
465 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78,
466 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5,
467 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3,
468 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b,
469 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f,
470 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e,
471 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57,
472 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 };
473
474 unsigned char q_data[] = {
475 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d,
476 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7,
477 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8,
478 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03,
479 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03,
480 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50,
481 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3,
482 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a,
483 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92,
484 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34,
485 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 };
486
0bf18140 487 memset(msgbuf, 0xef, 64);
e62097f4
NH		 488
489 ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL)))
490 && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL)))
491 && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL)))
492 && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL)))
493 && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL)))
494 && TEST_ptr((rsa = RSA_new()))
495 && TEST_ptr((md = EVP_sha256()))
496 && TEST_ptr((ctx = EVP_MD_CTX_new()))
497 && TEST_ptr((pkey = EVP_PKEY_new()))
498 && TEST_true(RSA_set0_factors(rsa, p, q))
499 && TEST_true(RSA_set0_key(rsa, n, e, d))
500 && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))
501 && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
502 && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen)));
503
504 EVP_MD_CTX_free(ctx);
505 EVP_PKEY_free(pkey);
506 return ret;
507}
508
416a9286 509static RSA *load_key(int priv)
510{
511 RSA *rsa = NULL;
512 BIGNUM *pn = NULL, *pe = NULL, *pd= NULL;
513
514 /* RSA key extracted using > openssl genpkey -algorithm RSA -text */
515 static const unsigned char n[] = {
516 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97,
517 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17,
518 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa,
519 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f,
520 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf,
521 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77,
522 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4,
523 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f,
524 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30,
525 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21,
526 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8,
527 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28,
528 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19,
529 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91,
530 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11,
531 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62,
532 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70,
533 0x53, 0x31
534 };
535 static const unsigned char e[] = {
536 0x01, 0x00, 0x01
537 };
538 static const unsigned char d[] = {
539 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21,
540 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8,
541 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9,
542 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64,
543 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f,
544 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d,
545 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19,
546 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76,
547 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a,
548 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88,
549 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9,
550 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57,
551 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc,
552 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23,
553 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5,
554 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37,
555 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32,
556 0x21
557 };
558
559 if (!TEST_ptr(rsa = RSA_new()))
560 return NULL;
561 pn = BN_bin2bn(n, sizeof(n), NULL);
562 pe = BN_bin2bn(e, sizeof(e), NULL);
563 if (priv)
564 pd = BN_bin2bn(d, sizeof(d), NULL);
565 if (!TEST_false(pn == NULL
566 || pe == NULL
567 || (priv && pd == NULL)
568 || !RSA_set0_key(rsa, pn, pe, pd))) {
569 BN_free(pn);
570 BN_free(pe);
571 BN_free(pd);
572 RSA_free(rsa);
573 rsa = NULL;
574 }
575 return rsa;
576}
577
578static int test_rsa_saos(void)
579{
580 int ret = 0;
581 unsigned int siglen = 0;
582 RSA *rsa_priv = NULL, *rsa_pub = NULL;
583 static const unsigned char in[256] = { 0 };
584 unsigned char sig[256];
585 /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */
586 unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3;
587
588 /* A generated signature when in[inlen]= { 1 }. */
589 static const unsigned char sig_mismatch[256] = {
590 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91,
591 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75,
592 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60,
593 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38,
594 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb,
595 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57,
596 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc,
597 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3,
598 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f,
599 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1,
600 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb,
601 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9,
602 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73,
603 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74,
604 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae,
605 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f,
606 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d,
607 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4,
608 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01,
609 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7,
610 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd,
611 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59,
612 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac,
613 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7,
614 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed,
615 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc,
616 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9,
617 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1,
618 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b,
619 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd,
620 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95,
621 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86
622 };
623 /* The signature generated by RSA_private_encrypt of in[inlen] */
624 static const unsigned char no_octet_sig[256] = {
625 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19,
626 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81,
627 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31,
628 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e,
629 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2,
630 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84,
631 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc,
632 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f,
633 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63,
634 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52,
635 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd,
636 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0,
637 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2,
638 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0,
639 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20,
640 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc,
641 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6,
642 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46,
643 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21,
644 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59,
645 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1,
646 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3,
647 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75,
648 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd,
649 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33,
650 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf,
651 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f,
652 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4,
653 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5,
654 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc,
655 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad,
656 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16
657 };
658
659 if (!TEST_ptr(rsa_priv = load_key(1)))
660 goto err;
661 if (!TEST_ptr(rsa_pub = load_key(0)))
662 goto err;
663 if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv)))
664 goto err;
665
666 /* Test that a generated signature can be verified */
667 if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen,
668 rsa_priv)))
669 goto err;
670 if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub)))
671 goto err;
672
673 /* Test sign fails if the input is too large */
674 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen,
675 rsa_priv)))
676 goto err;
677
678 /* Fail if there is no private signing key */
679 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen,
680 rsa_pub)))
681 goto err;
682
683 /* Fail if the signature is the wrong size */
684 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub)))
685 goto err;
686
687 /* Fail if the encrypted input is not octet encoded */
688 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig,
689 (unsigned int)sizeof(no_octet_sig),
690 rsa_pub)))
691 goto err;
692
693 /* Fail if the signature does not match the input */
694 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch,
695 (unsigned int)sizeof(sig_mismatch),
696 rsa_pub)))
697 goto err;
698
699 /* Fail if the signature is corrupt */
700 sig[0]++;
701 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub)))
702 goto err;
703 sig[0]--;
704
705 ret = 1;
706err:
707 RSA_free(rsa_priv);
708 RSA_free(rsa_pub);
709 return ret;
710}
711
ad887416 712int setup_tests(void)
48f17396
JS		 713{
714 ADD_ALL_TESTS(test_rsa_pkcs1, 3);
715 ADD_ALL_TESTS(test_rsa_oaep, 3);
97b0b713 716 ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases));
416a9286 717 ADD_TEST(test_rsa_saos);
e62097f4 718 ADD_TEST(test_EVP_rsa_legacy_key);
ad887416 719 return 1;
0f113f3e 720}
A mirror of the official openssl repository