1 1.1 christos /* 2 1.1 christos * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* test vectors from p1ovect1.txt */ 11 1.1 christos 12 1.1 christos /* 13 1.1 christos * RSA low level APIs are deprecated for public use, but still ok for 14 1.1 christos * internal use. 15 1.1 christos */ 16 1.1 christos #include "internal/deprecated.h" 17 1.1 christos 18 1.1 christos #include <stdio.h> 19 1.1 christos #include <string.h> 20 1.1 christos 21 1.1 christos #include "internal/nelem.h" 22 1.1 christos 23 1.1 christos #include <openssl/crypto.h> 24 1.1 christos #include <openssl/err.h> 25 1.1 christos #include <openssl/rand.h> 26 1.1 christos #include <openssl/bn.h> 27 1.1 christos 28 1.1 christos #include "testutil.h" 29 1.1 christos 30 1.1 christos #include <openssl/rsa.h> 31 1.1 christos 32 1.1.1.2 christos #define SetKey \ 33 1.1.1.2 christos RSA_set0_key(key, \ 34 1.1.1.2 christos BN_bin2bn(n, sizeof(n) - 1, NULL), \ 35 1.1.1.2 christos BN_bin2bn(e, sizeof(e) - 1, NULL), \ 36 1.1.1.2 christos BN_bin2bn(d, sizeof(d) - 1, NULL)); \ 37 1.1.1.2 christos RSA_set0_factors(key, \ 38 1.1.1.2 christos BN_bin2bn(p, sizeof(p) - 1, NULL), \ 39 1.1.1.2 christos BN_bin2bn(q, sizeof(q) - 1, NULL)); \ 40 1.1.1.2 christos RSA_set0_crt_params(key, \ 41 1.1.1.2 christos BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL), \ 42 1.1.1.2 christos BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL), \ 43 1.1.1.2 christos BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL)); \ 44 1.1.1.2 christos if (c != NULL) \ 45 1.1.1.2 christos memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ 46 1.1 christos return sizeof(ctext_ex) - 1; 47 1.1 christos 48 1.1 christos static int key1(RSA *key, unsigned char *c) 49 1.1 christos { 50 1.1.1.2 christos static unsigned char n[] = "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" 51 1.1.1.2 christos "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" 52 1.1.1.2 christos "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" 53 1.1.1.2 christos "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" 54 1.1.1.2 christos "\xF5"; 55 1.1 christos 56 1.1 christos static unsigned char e[] = "\x11"; 57 1.1 christos 58 1.1.1.2 christos static unsigned char d[] = "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" 59 1.1.1.2 christos "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" 60 1.1.1.2 christos "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" 61 1.1.1.2 christos "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; 62 1.1.1.2 christos 63 1.1.1.2 christos static unsigned char p[] = "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 64 1.1.1.2 christos "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" 65 1.1.1.2 christos "\x0D"; 66 1.1.1.2 christos 67 1.1.1.2 christos static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 68 1.1.1.2 christos "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 69 1.1.1.2 christos "\x89"; 70 1.1.1.2 christos 71 1.1.1.2 christos static unsigned char dmp1[] = "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" 72 1.1.1.2 christos "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; 73 1.1.1.2 christos 74 1.1.1.2 christos static unsigned char dmq1[] = "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" 75 1.1.1.2 christos "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" 76 1.1.1.2 christos "\x51"; 77 1.1.1.2 christos 78 1.1.1.2 christos static unsigned char iqmp[] = "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" 79 1.1.1.2 christos "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; 80 1.1.1.2 christos 81 1.1.1.2 christos static unsigned char ctext_ex[] = "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" 82 1.1.1.2 christos "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" 83 1.1.1.2 christos "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" 84 1.1.1.2 christos "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; 85 1.1 christos 86 1.1 christos SetKey; 87 1.1 christos } 88 1.1 christos 89 1.1 christos static int key2(RSA *key, unsigned char *c) 90 1.1 christos { 91 1.1.1.2 christos static unsigned char n[] = "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" 92 1.1.1.2 christos "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" 93 1.1.1.2 christos "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" 94 1.1.1.2 christos "\x34\x77\xCF"; 95 1.1 christos 96 1.1 christos static unsigned char e[] = "\x3"; 97 1.1 christos 98 1.1.1.2 christos static unsigned char d[] = "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" 99 1.1.1.2 christos "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" 100 1.1.1.2 christos "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" 101 1.1.1.2 christos "\xE5\xEB"; 102 1.1.1.2 christos 103 1.1.1.2 christos static unsigned char p[] = "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" 104 1.1.1.2 christos "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; 105 1.1.1.2 christos 106 1.1.1.2 christos static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 107 1.1.1.2 christos "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; 108 1.1.1.2 christos 109 1.1.1.2 christos static unsigned char dmp1[] = "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" 110 1.1.1.2 christos "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; 111 1.1.1.2 christos 112 1.1.1.2 christos static unsigned char dmq1[] = "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" 113 1.1.1.2 christos "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; 114 1.1.1.2 christos 115 1.1.1.2 christos static unsigned char iqmp[] = "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" 116 1.1.1.2 christos "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; 117 1.1.1.2 christos 118 1.1.1.2 christos static unsigned char ctext_ex[] = "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" 119 1.1.1.2 christos "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" 120 1.1.1.2 christos "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" 121 1.1.1.2 christos "\x62\x51"; 122 1.1 christos 123 1.1 christos SetKey; 124 1.1 christos } 125 1.1 christos 126 1.1 christos static int key3(RSA *key, unsigned char *c) 127 1.1 christos { 128 1.1.1.2 christos static unsigned char n[] = "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" 129 1.1.1.2 christos "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" 130 1.1.1.2 christos "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" 131 1.1.1.2 christos "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" 132 1.1.1.2 christos "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" 133 1.1.1.2 christos "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" 134 1.1.1.2 christos "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" 135 1.1.1.2 christos "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" 136 1.1.1.2 christos "\xCB"; 137 1.1 christos 138 1.1 christos static unsigned char e[] = "\x11"; 139 1.1 christos 140 1.1.1.2 christos static unsigned char d[] = "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" 141 1.1.1.2 christos "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" 142 1.1.1.2 christos "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" 143 1.1.1.2 christos "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" 144 1.1.1.2 christos "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" 145 1.1.1.2 christos "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" 146 1.1.1.2 christos "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" 147 1.1.1.2 christos "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" 148 1.1.1.2 christos "\xC1"; 149 1.1.1.2 christos 150 1.1.1.2 christos static unsigned char p[] = "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" 151 1.1.1.2 christos "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" 152 1.1.1.2 christos "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" 153 1.1.1.2 christos "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" 154 1.1.1.2 christos "\x99"; 155 1.1.1.2 christos 156 1.1.1.2 christos static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 157 1.1.1.2 christos "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 158 1.1.1.2 christos "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 159 1.1.1.2 christos "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" 160 1.1.1.2 christos "\x03"; 161 1.1.1.2 christos 162 1.1.1.2 christos static unsigned char dmp1[] = "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" 163 1.1.1.2 christos "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" 164 1.1.1.2 christos "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" 165 1.1.1.2 christos "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; 166 1.1.1.2 christos 167 1.1.1.2 christos static unsigned char dmq1[] = "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" 168 1.1.1.2 christos "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" 169 1.1.1.2 christos "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" 170 1.1.1.2 christos "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; 171 1.1.1.2 christos 172 1.1.1.2 christos static unsigned char iqmp[] = "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" 173 1.1.1.2 christos "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" 174 1.1.1.2 christos "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" 175 1.1.1.2 christos "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" 176 1.1.1.2 christos "\xF7"; 177 1.1.1.2 christos 178 1.1.1.2 christos static unsigned char ctext_ex[] = "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" 179 1.1.1.2 christos "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" 180 1.1.1.2 christos "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" 181 1.1.1.2 christos "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" 182 1.1.1.2 christos "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" 183 1.1.1.2 christos "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" 184 1.1.1.2 christos "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" 185 1.1.1.2 christos "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; 186 1.1 christos 187 1.1 christos SetKey; 188 1.1 christos } 189 1.1 christos 190 1.1.1.2 christos static int rsa_setkey(RSA **key, unsigned char *ctext, int idx) 191 1.1 christos { 192 1.1 christos int clen = 0; 193 1.1 christos 194 1.1 christos *key = RSA_new(); 195 1.1 christos if (*key != NULL) 196 1.1 christos switch (idx) { 197 1.1 christos case 0: 198 1.1 christos clen = key1(*key, ctext); 199 1.1 christos break; 200 1.1 christos case 1: 201 1.1 christos clen = key2(*key, ctext); 202 1.1 christos break; 203 1.1 christos case 2: 204 1.1 christos clen = key3(*key, ctext); 205 1.1 christos break; 206 1.1 christos } 207 1.1 christos return clen; 208 1.1 christos } 209 1.1 christos 210 1.1 christos static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, 211 1.1.1.2 christos int success, unsigned char *ctext_ex, int *clen, 212 1.1.1.2 christos RSA **retkey) 213 1.1 christos { 214 1.1 christos int ret = 0; 215 1.1 christos RSA *key; 216 1.1 christos unsigned char ptext[256]; 217 1.1 christos unsigned char ctext[256]; 218 1.1 christos static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 219 1.1 christos int plen; 220 1.1 christos int clentmp = 0; 221 1.1 christos int num; 222 1.1 christos 223 1.1 christos plen = sizeof(ptext_ex) - 1; 224 1.1 christos clentmp = rsa_setkey(&key, ctext_ex, idx); 225 1.1 christos if (clen != NULL) 226 1.1 christos *clen = clentmp; 227 1.1 christos 228 1.1 christos num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type); 229 1.1 christos if (!TEST_int_eq(num, clentmp)) 230 1.1 christos goto err; 231 1.1 christos 232 1.1 christos num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type); 233 1.1 christos if (success) { 234 1.1 christos if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 235 1.1 christos goto err; 236 1.1 christos } else { 237 1.1 christos if (!TEST_int_lt(num, 0)) 238 1.1 christos goto err; 239 1.1 christos } 240 1.1 christos 241 1.1 christos ret = 1; 242 1.1 christos if (retkey != NULL) { 243 1.1 christos *retkey = key; 244 1.1 christos key = NULL; 245 1.1 christos } 246 1.1 christos err: 247 1.1 christos RSA_free(key); 248 1.1 christos return ret; 249 1.1 christos } 250 1.1 christos 251 1.1 christos static int test_rsa_pkcs1(int idx) 252 1.1 christos { 253 1.1 christos return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, 254 1.1.1.2 christos NULL, NULL); 255 1.1 christos } 256 1.1 christos 257 1.1 christos static int test_rsa_oaep(int idx) 258 1.1 christos { 259 1.1 christos int ret = 0; 260 1.1 christos RSA *key = NULL; 261 1.1 christos unsigned char ptext[256]; 262 1.1 christos static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 263 1.1 christos unsigned char ctext_ex[256]; 264 1.1 christos int plen; 265 1.1 christos int clen = 0; 266 1.1 christos int num; 267 1.1 christos int n; 268 1.1 christos 269 1.1 christos if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, 270 1.1.1.2 christos ctext_ex, &clen, &key)) 271 1.1 christos goto err; 272 1.1 christos 273 1.1 christos plen = sizeof(ptext_ex) - 1; 274 1.1 christos 275 1.1 christos /* Different ciphertexts. Try decrypting ctext_ex */ 276 1.1 christos num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 277 1.1.1.2 christos RSA_PKCS1_OAEP_PADDING); 278 1.1 christos if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 279 1.1 christos goto err; 280 1.1 christos 281 1.1 christos /* Try decrypting corrupted ciphertexts. */ 282 1.1 christos for (n = 0; n < clen; ++n) { 283 1.1 christos ctext_ex[n] ^= 1; 284 1.1 christos num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 285 1.1.1.2 christos RSA_PKCS1_OAEP_PADDING); 286 1.1 christos if (!TEST_int_le(num, 0)) 287 1.1 christos goto err; 288 1.1 christos ctext_ex[n] ^= 1; 289 1.1 christos } 290 1.1 christos 291 1.1 christos /* Test truncated ciphertexts, as well as negative length. */ 292 1.1 christos for (n = -1; n < clen; ++n) { 293 1.1 christos num = RSA_private_decrypt(n, ctext_ex, ptext, key, 294 1.1.1.2 christos RSA_PKCS1_OAEP_PADDING); 295 1.1 christos if (!TEST_int_le(num, 0)) 296 1.1 christos goto err; 297 1.1 christos } 298 1.1 christos 299 1.1 christos ret = 1; 300 1.1 christos err: 301 1.1 christos RSA_free(key); 302 1.1 christos return ret; 303 1.1 christos } 304 1.1 christos 305 1.1 christos static const struct { 306 1.1 christos int bits; 307 1.1 christos unsigned int r; 308 1.1 christos } rsa_security_bits_cases[] = { 309 1.1 christos /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */ 310 1.1.1.2 christos { 2048, 112 }, 311 1.1.1.2 christos { 3072, 128 }, 312 1.1.1.2 christos { 4096, 152 }, 313 1.1.1.2 christos { 6144, 176 }, 314 1.1.1.2 christos { 8192, 200 }, 315 1.1 christos /* NIST FIPS 140-2 IG 7.5 */ 316 1.1.1.2 christos { 7680, 192 }, 317 1.1.1.2 christos { 15360, 256 }, 318 1.1 christos /* Older values */ 319 1.1.1.2 christos { 256, 40 }, 320 1.1.1.2 christos { 512, 56 }, 321 1.1.1.2 christos { 1024, 80 }, 322 1.1 christos /* Some other values */ 323 1.1.1.2 christos { 8888, 208 }, 324 1.1.1.2 christos { 2468, 120 }, 325 1.1.1.2 christos { 13456, 248 }, 326 1.1 christos /* Edge points */ 327 1.1.1.2 christos { 15359, 256 }, 328 1.1.1.2 christos { 15361, 264 }, 329 1.1.1.2 christos { 7679, 192 }, 330 1.1.1.2 christos { 7681, 200 }, 331 1.1 christos }; 332 1.1 christos 333 1.1 christos static int test_rsa_security_bit(int n) 334 1.1 christos { 335 1.1 christos static const unsigned char vals[8] = { 336 1.1 christos 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40 337 1.1 christos }; 338 1.1 christos RSA *key = RSA_new(); 339 1.1 christos const int bits = rsa_security_bits_cases[n].bits; 340 1.1 christos const int result = rsa_security_bits_cases[n].r; 341 1.1 christos const int bytes = (bits + 7) / 8; 342 1.1 christos int r = 0; 343 1.1 christos unsigned char num[2000]; 344 1.1 christos 345 1.1 christos if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num))) 346 1.1 christos goto err; 347 1.1 christos 348 1.1 christos /* 349 1.1 christos * It is necessary to set the RSA key in order to ask for the strength. 350 1.1 christos * A BN of an appropriate size is created, in general it won't have the 351 1.1 christos * properties necessary for RSA to function. This is okay here since 352 1.1 christos * the RSA key is never used. 353 1.1 christos */ 354 1.1 christos memset(num, vals[bits % 8], bytes); 355 1.1 christos 356 1.1 christos /* 357 1.1 christos * The 'e' parameter is set to the same value as 'n'. This saves having 358 1.1 christos * an extra BN to hold a sensible value for 'e'. This is safe since the 359 1.1 christos * RSA key is not used. The 'd' parameter can be NULL safely. 360 1.1 christos */ 361 1.1 christos if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL), 362 1.1.1.2 christos BN_bin2bn(num, bytes, NULL), NULL)) 363 1.1.1.2 christos && TEST_uint_eq(RSA_security_bits(key), result)) 364 1.1 christos r = 1; 365 1.1 christos err: 366 1.1 christos RSA_free(key); 367 1.1 christos return r; 368 1.1 christos } 369 1.1 christos 370 1.1 christos static int test_EVP_rsa_legacy_key(void) 371 1.1 christos { 372 1.1 christos int ret; 373 1.1 christos size_t buflen = 384; 374 1.1 christos size_t msglen = 64; 375 1.1 christos unsigned char sigbuf[384]; 376 1.1 christos unsigned char msgbuf[64]; 377 1.1 christos BIGNUM *p; 378 1.1 christos BIGNUM *q; 379 1.1 christos BIGNUM *n; 380 1.1 christos BIGNUM *d; 381 1.1 christos BIGNUM *e; 382 1.1 christos RSA *rsa; 383 1.1 christos const EVP_MD *md; 384 1.1 christos EVP_MD_CTX *ctx = NULL; 385 1.1 christos EVP_PKEY *pkey = NULL; 386 1.1 christos 387 1.1 christos unsigned char n_data[] = { 388 1.1.1.2 christos 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, 389 1.1.1.2 christos 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, 390 1.1.1.2 christos 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, 391 1.1.1.2 christos 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, 392 1.1.1.2 christos 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, 393 1.1.1.2 christos 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, 394 1.1.1.2 christos 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, 395 1.1.1.2 christos 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, 396 1.1.1.2 christos 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, 397 1.1.1.2 christos 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, 398 1.1.1.2 christos 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, 399 1.1.1.2 christos 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, 400 1.1.1.2 christos 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, 401 1.1.1.2 christos 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, 402 1.1.1.2 christos 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, 403 1.1.1.2 christos 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, 404 1.1.1.2 christos 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, 405 1.1.1.2 christos 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, 406 1.1.1.2 christos 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, 407 1.1.1.2 christos 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, 408 1.1.1.2 christos 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, 409 1.1.1.2 christos 0x2e, 0xf2, 0x8e, 0x7e, 0x13 410 1.1.1.2 christos }; 411 1.1 christos 412 1.1.1.2 christos unsigned char e_data[] = { 0x01, 0x00, 0x01 }; 413 1.1 christos 414 1.1 christos unsigned char d_data[] = { 415 1.1.1.2 christos 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, 416 1.1.1.2 christos 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, 417 1.1.1.2 christos 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, 418 1.1.1.2 christos 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, 419 1.1.1.2 christos 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, 420 1.1.1.2 christos 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, 421 1.1.1.2 christos 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, 422 1.1.1.2 christos 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, 423 1.1.1.2 christos 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, 424 1.1.1.2 christos 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, 425 1.1.1.2 christos 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, 426 1.1.1.2 christos 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, 427 1.1.1.2 christos 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, 428 1.1.1.2 christos 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, 429 1.1.1.2 christos 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, 430 1.1.1.2 christos 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, 431 1.1.1.2 christos 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, 432 1.1.1.2 christos 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, 433 1.1.1.2 christos 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, 434 1.1.1.2 christos 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, 435 1.1.1.2 christos 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, 436 1.1.1.2 christos 0xf4, 0xfa, 0x60, 0xc1 437 1.1.1.2 christos }; 438 1.1 christos 439 1.1 christos unsigned char p_data[] = { 440 1.1.1.2 christos 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, 441 1.1.1.2 christos 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, 442 1.1.1.2 christos 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, 443 1.1.1.2 christos 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, 444 1.1.1.2 christos 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, 445 1.1.1.2 christos 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, 446 1.1.1.2 christos 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, 447 1.1.1.2 christos 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, 448 1.1.1.2 christos 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, 449 1.1.1.2 christos 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, 450 1.1.1.2 christos 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 451 1.1.1.2 christos }; 452 1.1 christos 453 1.1 christos unsigned char q_data[] = { 454 1.1.1.2 christos 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, 455 1.1.1.2 christos 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, 456 1.1.1.2 christos 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, 457 1.1.1.2 christos 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, 458 1.1.1.2 christos 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, 459 1.1.1.2 christos 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, 460 1.1.1.2 christos 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, 461 1.1.1.2 christos 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, 462 1.1.1.2 christos 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, 463 1.1.1.2 christos 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, 464 1.1.1.2 christos 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 465 1.1.1.2 christos }; 466 1.1 christos 467 1.1 christos memset(msgbuf, 0xef, 64); 468 1.1 christos 469 1.1 christos ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) 470 1.1.1.2 christos && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) 471 1.1.1.2 christos && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) 472 1.1.1.2 christos && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) 473 1.1.1.2 christos && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) 474 1.1.1.2 christos && TEST_ptr((rsa = RSA_new())) 475 1.1.1.2 christos && TEST_ptr((md = EVP_sha256())) 476 1.1.1.2 christos && TEST_ptr((ctx = EVP_MD_CTX_new())) 477 1.1.1.2 christos && TEST_ptr((pkey = EVP_PKEY_new())) 478 1.1.1.2 christos && TEST_true(RSA_set0_factors(rsa, p, q)) 479 1.1.1.2 christos && TEST_true(RSA_set0_key(rsa, n, e, d)) 480 1.1.1.2 christos && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) 481 1.1.1.2 christos && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) 482 1.1.1.2 christos && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); 483 1.1 christos 484 1.1 christos EVP_MD_CTX_free(ctx); 485 1.1 christos EVP_PKEY_free(pkey); 486 1.1 christos return ret; 487 1.1 christos } 488 1.1 christos 489 1.1 christos static RSA *load_key(int priv) 490 1.1 christos { 491 1.1 christos RSA *rsa = NULL; 492 1.1.1.2 christos BIGNUM *pn = NULL, *pe = NULL, *pd = NULL; 493 1.1 christos 494 1.1 christos /* RSA key extracted using > openssl genpkey -algorithm RSA -text */ 495 1.1 christos static const unsigned char n[] = { 496 1.1 christos 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97, 497 1.1 christos 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17, 498 1.1 christos 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa, 499 1.1 christos 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f, 500 1.1 christos 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf, 501 1.1 christos 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77, 502 1.1 christos 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4, 503 1.1 christos 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f, 504 1.1 christos 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30, 505 1.1 christos 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21, 506 1.1 christos 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8, 507 1.1 christos 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28, 508 1.1 christos 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19, 509 1.1 christos 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91, 510 1.1 christos 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11, 511 1.1 christos 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62, 512 1.1 christos 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70, 513 1.1 christos 0x53, 0x31 514 1.1 christos }; 515 1.1 christos static const unsigned char e[] = { 516 1.1 christos 0x01, 0x00, 0x01 517 1.1 christos }; 518 1.1 christos static const unsigned char d[] = { 519 1.1 christos 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21, 520 1.1 christos 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8, 521 1.1 christos 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9, 522 1.1 christos 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64, 523 1.1 christos 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f, 524 1.1 christos 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d, 525 1.1 christos 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19, 526 1.1 christos 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76, 527 1.1 christos 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a, 528 1.1 christos 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88, 529 1.1 christos 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9, 530 1.1 christos 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57, 531 1.1 christos 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc, 532 1.1 christos 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23, 533 1.1 christos 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5, 534 1.1 christos 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37, 535 1.1 christos 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32, 536 1.1 christos 0x21 537 1.1 christos }; 538 1.1 christos 539 1.1 christos if (!TEST_ptr(rsa = RSA_new())) 540 1.1 christos return NULL; 541 1.1 christos pn = BN_bin2bn(n, sizeof(n), NULL); 542 1.1 christos pe = BN_bin2bn(e, sizeof(e), NULL); 543 1.1 christos if (priv) 544 1.1 christos pd = BN_bin2bn(d, sizeof(d), NULL); 545 1.1 christos if (!TEST_false(pn == NULL 546 1.1.1.2 christos || pe == NULL 547 1.1.1.2 christos || (priv && pd == NULL) 548 1.1.1.2 christos || !RSA_set0_key(rsa, pn, pe, pd))) { 549 1.1 christos BN_free(pn); 550 1.1 christos BN_free(pe); 551 1.1 christos BN_free(pd); 552 1.1 christos RSA_free(rsa); 553 1.1 christos rsa = NULL; 554 1.1 christos } 555 1.1 christos return rsa; 556 1.1 christos } 557 1.1 christos 558 1.1 christos static int test_rsa_saos(void) 559 1.1 christos { 560 1.1 christos int ret = 0; 561 1.1 christos unsigned int siglen = 0; 562 1.1 christos RSA *rsa_priv = NULL, *rsa_pub = NULL; 563 1.1 christos static const unsigned char in[256] = { 0 }; 564 1.1 christos unsigned char sig[256]; 565 1.1 christos /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */ 566 1.1 christos unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3; 567 1.1 christos 568 1.1 christos /* A generated signature when in[inlen]= { 1 }. */ 569 1.1 christos static const unsigned char sig_mismatch[256] = { 570 1.1 christos 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91, 571 1.1 christos 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75, 572 1.1 christos 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60, 573 1.1 christos 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38, 574 1.1 christos 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb, 575 1.1 christos 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57, 576 1.1 christos 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc, 577 1.1 christos 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3, 578 1.1 christos 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f, 579 1.1 christos 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1, 580 1.1 christos 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb, 581 1.1 christos 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9, 582 1.1 christos 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73, 583 1.1 christos 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74, 584 1.1 christos 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae, 585 1.1 christos 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f, 586 1.1 christos 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d, 587 1.1 christos 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4, 588 1.1 christos 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01, 589 1.1 christos 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7, 590 1.1 christos 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd, 591 1.1 christos 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59, 592 1.1 christos 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac, 593 1.1 christos 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7, 594 1.1 christos 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed, 595 1.1 christos 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc, 596 1.1 christos 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9, 597 1.1 christos 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1, 598 1.1 christos 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b, 599 1.1 christos 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd, 600 1.1 christos 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95, 601 1.1 christos 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86 602 1.1 christos }; 603 1.1 christos /* The signature generated by RSA_private_encrypt of in[inlen] */ 604 1.1 christos static const unsigned char no_octet_sig[256] = { 605 1.1 christos 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19, 606 1.1 christos 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81, 607 1.1 christos 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31, 608 1.1 christos 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e, 609 1.1 christos 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2, 610 1.1 christos 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84, 611 1.1 christos 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc, 612 1.1 christos 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f, 613 1.1 christos 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63, 614 1.1 christos 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52, 615 1.1 christos 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd, 616 1.1 christos 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0, 617 1.1 christos 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2, 618 1.1 christos 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0, 619 1.1 christos 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20, 620 1.1 christos 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc, 621 1.1 christos 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6, 622 1.1 christos 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46, 623 1.1 christos 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21, 624 1.1 christos 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59, 625 1.1 christos 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1, 626 1.1 christos 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3, 627 1.1 christos 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75, 628 1.1 christos 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd, 629 1.1 christos 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33, 630 1.1 christos 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf, 631 1.1 christos 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f, 632 1.1 christos 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4, 633 1.1 christos 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5, 634 1.1 christos 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc, 635 1.1 christos 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad, 636 1.1 christos 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16 637 1.1 christos }; 638 1.1 christos 639 1.1 christos if (!TEST_ptr(rsa_priv = load_key(1))) 640 1.1 christos goto err; 641 1.1 christos if (!TEST_ptr(rsa_pub = load_key(0))) 642 1.1 christos goto err; 643 1.1 christos if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv))) 644 1.1 christos goto err; 645 1.1 christos 646 1.1 christos /* Test that a generated signature can be verified */ 647 1.1 christos if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 648 1.1.1.2 christos rsa_priv))) 649 1.1 christos goto err; 650 1.1 christos if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 651 1.1 christos goto err; 652 1.1 christos 653 1.1 christos /* Test sign fails if the input is too large */ 654 1.1 christos if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen, 655 1.1.1.2 christos rsa_priv))) 656 1.1 christos goto err; 657 1.1 christos 658 1.1 christos /* Fail if there is no private signing key */ 659 1.1 christos if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 660 1.1.1.2 christos rsa_pub))) 661 1.1 christos goto err; 662 1.1 christos 663 1.1 christos /* Fail if the signature is the wrong size */ 664 1.1 christos if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub))) 665 1.1 christos goto err; 666 1.1 christos 667 1.1 christos /* Fail if the encrypted input is not octet encoded */ 668 1.1 christos if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig, 669 1.1.1.2 christos (unsigned int)sizeof(no_octet_sig), 670 1.1.1.2 christos rsa_pub))) 671 1.1 christos goto err; 672 1.1 christos 673 1.1 christos /* Fail if the signature does not match the input */ 674 1.1 christos if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch, 675 1.1.1.2 christos (unsigned int)sizeof(sig_mismatch), 676 1.1.1.2 christos rsa_pub))) 677 1.1 christos goto err; 678 1.1 christos 679 1.1 christos /* Fail if the signature is corrupt */ 680 1.1 christos sig[0]++; 681 1.1 christos if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 682 1.1 christos goto err; 683 1.1 christos sig[0]--; 684 1.1 christos 685 1.1 christos ret = 1; 686 1.1 christos err: 687 1.1 christos RSA_free(rsa_priv); 688 1.1 christos RSA_free(rsa_pub); 689 1.1 christos return ret; 690 1.1 christos } 691 1.1 christos 692 1.1 christos int setup_tests(void) 693 1.1 christos { 694 1.1 christos ADD_ALL_TESTS(test_rsa_pkcs1, 3); 695 1.1 christos ADD_ALL_TESTS(test_rsa_oaep, 3); 696 1.1 christos ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); 697 1.1 christos ADD_TEST(test_rsa_saos); 698 1.1 christos ADD_TEST(test_EVP_rsa_legacy_key); 699 1.1 christos return 1; 700 1.1 christos } 701
Indexes created Sun Mar 01 05:31:48 UTC 2026