1 /* 2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* test vectors from p1ovect1.txt */ 11 12 /* 13 * RSA low level APIs are deprecated for public use, but still ok for 14 * internal use. 15 */ 16 #include "internal/deprecated.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #include "internal/nelem.h" 22 23 #include <openssl/crypto.h> 24 #include <openssl/err.h> 25 #include <openssl/rand.h> 26 #include <openssl/bn.h> 27 28 #include "testutil.h" 29 30 #include <openssl/rsa.h> 31 32 #define SetKey \ 33 RSA_set0_key(key, \ 34 BN_bin2bn(n, sizeof(n) - 1, NULL), \ 35 BN_bin2bn(e, sizeof(e) - 1, NULL), \ 36 BN_bin2bn(d, sizeof(d) - 1, NULL)); \ 37 RSA_set0_factors(key, \ 38 BN_bin2bn(p, sizeof(p) - 1, NULL), \ 39 BN_bin2bn(q, sizeof(q) - 1, NULL)); \ 40 RSA_set0_crt_params(key, \ 41 BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL), \ 42 BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL), \ 43 BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL)); \ 44 if (c != NULL) \ 45 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ 46 return sizeof(ctext_ex) - 1; 47 48 static int key1(RSA *key, unsigned char *c) 49 { 50 static unsigned char n[] = "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" 51 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" 52 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" 53 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" 54 "\xF5"; 55 56 static unsigned char e[] = "\x11"; 57 58 static unsigned char d[] = "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" 59 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" 60 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" 61 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; 62 63 static unsigned char p[] = "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 64 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" 65 "\x0D"; 66 67 static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 68 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 69 "\x89"; 70 71 static unsigned char dmp1[] = "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" 72 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; 73 74 static unsigned char dmq1[] = "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" 75 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" 76 "\x51"; 77 78 static unsigned char iqmp[] = "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" 79 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; 80 81 static unsigned char ctext_ex[] = "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" 82 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" 83 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" 84 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; 85 86 SetKey; 87 } 88 89 static int key2(RSA *key, unsigned char *c) 90 { 91 static unsigned char n[] = "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" 92 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" 93 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" 94 "\x34\x77\xCF"; 95 96 static unsigned char e[] = "\x3"; 97 98 static unsigned char d[] = "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" 99 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" 100 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" 101 "\xE5\xEB"; 102 103 static unsigned char p[] = "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" 104 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; 105 106 static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 107 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; 108 109 static unsigned char dmp1[] = "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" 110 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; 111 112 static unsigned char dmq1[] = "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" 113 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; 114 115 static unsigned char iqmp[] = "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" 116 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; 117 118 static unsigned char ctext_ex[] = "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" 119 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" 120 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" 121 "\x62\x51"; 122 123 SetKey; 124 } 125 126 static int key3(RSA *key, unsigned char *c) 127 { 128 static unsigned char n[] = "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" 129 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" 130 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" 131 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" 132 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" 133 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" 134 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" 135 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" 136 "\xCB"; 137 138 static unsigned char e[] = "\x11"; 139 140 static unsigned char d[] = "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" 141 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" 142 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" 143 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" 144 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" 145 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" 146 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" 147 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" 148 "\xC1"; 149 150 static unsigned char p[] = "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" 151 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" 152 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" 153 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" 154 "\x99"; 155 156 static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 157 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 158 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 159 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" 160 "\x03"; 161 162 static unsigned char dmp1[] = "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" 163 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" 164 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" 165 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; 166 167 static unsigned char dmq1[] = "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" 168 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" 169 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" 170 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; 171 172 static unsigned char iqmp[] = "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" 173 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" 174 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" 175 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" 176 "\xF7"; 177 178 static unsigned char ctext_ex[] = "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" 179 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" 180 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" 181 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" 182 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" 183 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" 184 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" 185 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; 186 187 SetKey; 188 } 189 190 static int rsa_setkey(RSA **key, unsigned char *ctext, int idx) 191 { 192 int clen = 0; 193 194 *key = RSA_new(); 195 if (*key != NULL) 196 switch (idx) { 197 case 0: 198 clen = key1(*key, ctext); 199 break; 200 case 1: 201 clen = key2(*key, ctext); 202 break; 203 case 2: 204 clen = key3(*key, ctext); 205 break; 206 } 207 return clen; 208 } 209 210 static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, 211 int success, unsigned char *ctext_ex, int *clen, 212 RSA **retkey) 213 { 214 int ret = 0; 215 RSA *key; 216 unsigned char ptext[256]; 217 unsigned char ctext[256]; 218 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 219 int plen; 220 int clentmp = 0; 221 int num; 222 223 plen = sizeof(ptext_ex) - 1; 224 clentmp = rsa_setkey(&key, ctext_ex, idx); 225 if (clen != NULL) 226 *clen = clentmp; 227 228 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type); 229 if (!TEST_int_eq(num, clentmp)) 230 goto err; 231 232 num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type); 233 if (success) { 234 if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 235 goto err; 236 } else { 237 if (!TEST_int_lt(num, 0)) 238 goto err; 239 } 240 241 ret = 1; 242 if (retkey != NULL) { 243 *retkey = key; 244 key = NULL; 245 } 246 err: 247 RSA_free(key); 248 return ret; 249 } 250 251 static int test_rsa_pkcs1(int idx) 252 { 253 return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, 254 NULL, NULL); 255 } 256 257 static int test_rsa_oaep(int idx) 258 { 259 int ret = 0; 260 RSA *key = NULL; 261 unsigned char ptext[256]; 262 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 263 unsigned char ctext_ex[256]; 264 int plen; 265 int clen = 0; 266 int num; 267 int n; 268 269 if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, 270 ctext_ex, &clen, &key)) 271 goto err; 272 273 plen = sizeof(ptext_ex) - 1; 274 275 /* Different ciphertexts. Try decrypting ctext_ex */ 276 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 277 RSA_PKCS1_OAEP_PADDING); 278 if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 279 goto err; 280 281 /* Try decrypting corrupted ciphertexts. */ 282 for (n = 0; n < clen; ++n) { 283 ctext_ex[n] ^= 1; 284 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 285 RSA_PKCS1_OAEP_PADDING); 286 if (!TEST_int_le(num, 0)) 287 goto err; 288 ctext_ex[n] ^= 1; 289 } 290 291 /* Test truncated ciphertexts, as well as negative length. */ 292 for (n = -1; n < clen; ++n) { 293 num = RSA_private_decrypt(n, ctext_ex, ptext, key, 294 RSA_PKCS1_OAEP_PADDING); 295 if (!TEST_int_le(num, 0)) 296 goto err; 297 } 298 299 ret = 1; 300 err: 301 RSA_free(key); 302 return ret; 303 } 304 305 static const struct { 306 int bits; 307 unsigned int r; 308 } rsa_security_bits_cases[] = { 309 /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */ 310 { 2048, 112 }, 311 { 3072, 128 }, 312 { 4096, 152 }, 313 { 6144, 176 }, 314 { 8192, 200 }, 315 /* NIST FIPS 140-2 IG 7.5 */ 316 { 7680, 192 }, 317 { 15360, 256 }, 318 /* Older values */ 319 { 256, 40 }, 320 { 512, 56 }, 321 { 1024, 80 }, 322 /* Some other values */ 323 { 8888, 208 }, 324 { 2468, 120 }, 325 { 13456, 248 }, 326 /* Edge points */ 327 { 15359, 256 }, 328 { 15361, 264 }, 329 { 7679, 192 }, 330 { 7681, 200 }, 331 }; 332 333 static int test_rsa_security_bit(int n) 334 { 335 static const unsigned char vals[8] = { 336 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40 337 }; 338 RSA *key = RSA_new(); 339 const int bits = rsa_security_bits_cases[n].bits; 340 const int result = rsa_security_bits_cases[n].r; 341 const int bytes = (bits + 7) / 8; 342 int r = 0; 343 unsigned char num[2000]; 344 345 if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num))) 346 goto err; 347 348 /* 349 * It is necessary to set the RSA key in order to ask for the strength. 350 * A BN of an appropriate size is created, in general it won't have the 351 * properties necessary for RSA to function. This is okay here since 352 * the RSA key is never used. 353 */ 354 memset(num, vals[bits % 8], bytes); 355 356 /* 357 * The 'e' parameter is set to the same value as 'n'. This saves having 358 * an extra BN to hold a sensible value for 'e'. This is safe since the 359 * RSA key is not used. The 'd' parameter can be NULL safely. 360 */ 361 if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL), 362 BN_bin2bn(num, bytes, NULL), NULL)) 363 && TEST_uint_eq(RSA_security_bits(key), result)) 364 r = 1; 365 err: 366 RSA_free(key); 367 return r; 368 } 369 370 static int test_EVP_rsa_legacy_key(void) 371 { 372 int ret; 373 size_t buflen = 384; 374 size_t msglen = 64; 375 unsigned char sigbuf[384]; 376 unsigned char msgbuf[64]; 377 BIGNUM *p; 378 BIGNUM *q; 379 BIGNUM *n; 380 BIGNUM *d; 381 BIGNUM *e; 382 RSA *rsa; 383 const EVP_MD *md; 384 EVP_MD_CTX *ctx = NULL; 385 EVP_PKEY *pkey = NULL; 386 387 unsigned char n_data[] = { 388 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, 389 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, 390 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, 391 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, 392 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, 393 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, 394 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, 395 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, 396 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, 397 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, 398 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, 399 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, 400 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, 401 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, 402 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, 403 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, 404 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, 405 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, 406 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, 407 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, 408 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, 409 0x2e, 0xf2, 0x8e, 0x7e, 0x13 410 }; 411 412 unsigned char e_data[] = { 0x01, 0x00, 0x01 }; 413 414 unsigned char d_data[] = { 415 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, 416 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, 417 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, 418 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, 419 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, 420 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, 421 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, 422 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, 423 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, 424 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, 425 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, 426 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, 427 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, 428 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, 429 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, 430 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, 431 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, 432 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, 433 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, 434 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, 435 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, 436 0xf4, 0xfa, 0x60, 0xc1 437 }; 438 439 unsigned char p_data[] = { 440 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, 441 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, 442 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, 443 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, 444 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, 445 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, 446 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, 447 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, 448 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, 449 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, 450 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 451 }; 452 453 unsigned char q_data[] = { 454 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, 455 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, 456 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, 457 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, 458 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, 459 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, 460 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, 461 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, 462 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, 463 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, 464 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 465 }; 466 467 memset(msgbuf, 0xef, 64); 468 469 ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) 470 && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) 471 && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) 472 && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) 473 && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) 474 && TEST_ptr((rsa = RSA_new())) 475 && TEST_ptr((md = EVP_sha256())) 476 && TEST_ptr((ctx = EVP_MD_CTX_new())) 477 && TEST_ptr((pkey = EVP_PKEY_new())) 478 && TEST_true(RSA_set0_factors(rsa, p, q)) 479 && TEST_true(RSA_set0_key(rsa, n, e, d)) 480 && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) 481 && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) 482 && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); 483 484 EVP_MD_CTX_free(ctx); 485 EVP_PKEY_free(pkey); 486 return ret; 487 } 488 489 static RSA *load_key(int priv) 490 { 491 RSA *rsa = NULL; 492 BIGNUM *pn = NULL, *pe = NULL, *pd = NULL; 493 494 /* RSA key extracted using > openssl genpkey -algorithm RSA -text */ 495 static const unsigned char n[] = { 496 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97, 497 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17, 498 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa, 499 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f, 500 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf, 501 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77, 502 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4, 503 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f, 504 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30, 505 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21, 506 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8, 507 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28, 508 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19, 509 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91, 510 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11, 511 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62, 512 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70, 513 0x53, 0x31 514 }; 515 static const unsigned char e[] = { 516 0x01, 0x00, 0x01 517 }; 518 static const unsigned char d[] = { 519 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21, 520 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8, 521 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9, 522 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64, 523 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f, 524 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d, 525 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19, 526 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76, 527 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a, 528 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88, 529 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9, 530 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57, 531 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc, 532 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23, 533 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5, 534 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37, 535 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32, 536 0x21 537 }; 538 539 if (!TEST_ptr(rsa = RSA_new())) 540 return NULL; 541 pn = BN_bin2bn(n, sizeof(n), NULL); 542 pe = BN_bin2bn(e, sizeof(e), NULL); 543 if (priv) 544 pd = BN_bin2bn(d, sizeof(d), NULL); 545 if (!TEST_false(pn == NULL 546 || pe == NULL 547 || (priv && pd == NULL) 548 || !RSA_set0_key(rsa, pn, pe, pd))) { 549 BN_free(pn); 550 BN_free(pe); 551 BN_free(pd); 552 RSA_free(rsa); 553 rsa = NULL; 554 } 555 return rsa; 556 } 557 558 static int test_rsa_saos(void) 559 { 560 int ret = 0; 561 unsigned int siglen = 0; 562 RSA *rsa_priv = NULL, *rsa_pub = NULL; 563 static const unsigned char in[256] = { 0 }; 564 unsigned char sig[256]; 565 /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */ 566 unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3; 567 568 /* A generated signature when in[inlen]= { 1 }. */ 569 static const unsigned char sig_mismatch[256] = { 570 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91, 571 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75, 572 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60, 573 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38, 574 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb, 575 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57, 576 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc, 577 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3, 578 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f, 579 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1, 580 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb, 581 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9, 582 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73, 583 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74, 584 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae, 585 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f, 586 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d, 587 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4, 588 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01, 589 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7, 590 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd, 591 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59, 592 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac, 593 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7, 594 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed, 595 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc, 596 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9, 597 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1, 598 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b, 599 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd, 600 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95, 601 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86 602 }; 603 /* The signature generated by RSA_private_encrypt of in[inlen] */ 604 static const unsigned char no_octet_sig[256] = { 605 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19, 606 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81, 607 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31, 608 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e, 609 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2, 610 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84, 611 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc, 612 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f, 613 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63, 614 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52, 615 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd, 616 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0, 617 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2, 618 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0, 619 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20, 620 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc, 621 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6, 622 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46, 623 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21, 624 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59, 625 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1, 626 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3, 627 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75, 628 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd, 629 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33, 630 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf, 631 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f, 632 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4, 633 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5, 634 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc, 635 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad, 636 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16 637 }; 638 639 if (!TEST_ptr(rsa_priv = load_key(1))) 640 goto err; 641 if (!TEST_ptr(rsa_pub = load_key(0))) 642 goto err; 643 if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv))) 644 goto err; 645 646 /* Test that a generated signature can be verified */ 647 if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 648 rsa_priv))) 649 goto err; 650 if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 651 goto err; 652 653 /* Test sign fails if the input is too large */ 654 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen, 655 rsa_priv))) 656 goto err; 657 658 /* Fail if there is no private signing key */ 659 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 660 rsa_pub))) 661 goto err; 662 663 /* Fail if the signature is the wrong size */ 664 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub))) 665 goto err; 666 667 /* Fail if the encrypted input is not octet encoded */ 668 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig, 669 (unsigned int)sizeof(no_octet_sig), 670 rsa_pub))) 671 goto err; 672 673 /* Fail if the signature does not match the input */ 674 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch, 675 (unsigned int)sizeof(sig_mismatch), 676 rsa_pub))) 677 goto err; 678 679 /* Fail if the signature is corrupt */ 680 sig[0]++; 681 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 682 goto err; 683 sig[0]--; 684 685 ret = 1; 686 err: 687 RSA_free(rsa_priv); 688 RSA_free(rsa_pub); 689 return ret; 690 } 691 692 int setup_tests(void) 693 { 694 ADD_ALL_TESTS(test_rsa_pkcs1, 3); 695 ADD_ALL_TESTS(test_rsa_oaep, 3); 696 ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); 697 ADD_TEST(test_rsa_saos); 698 ADD_TEST(test_EVP_rsa_legacy_key); 699 return 1; 700 } 701