rsa_test.c revision 1.1
1 /* 2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* test vectors from p1ovect1.txt */ 11 12 /* 13 * RSA low level APIs are deprecated for public use, but still ok for 14 * internal use. 15 */ 16 #include "internal/deprecated.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #include "internal/nelem.h" 22 23 #include <openssl/crypto.h> 24 #include <openssl/err.h> 25 #include <openssl/rand.h> 26 #include <openssl/bn.h> 27 28 #include "testutil.h" 29 30 #include <openssl/rsa.h> 31 32 #define SetKey \ 33 RSA_set0_key(key, \ 34 BN_bin2bn(n, sizeof(n)-1, NULL), \ 35 BN_bin2bn(e, sizeof(e)-1, NULL), \ 36 BN_bin2bn(d, sizeof(d)-1, NULL)); \ 37 RSA_set0_factors(key, \ 38 BN_bin2bn(p, sizeof(p)-1, NULL), \ 39 BN_bin2bn(q, sizeof(q)-1, NULL)); \ 40 RSA_set0_crt_params(key, \ 41 BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \ 42 BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ 43 BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ 44 if (c != NULL) \ 45 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ 46 return sizeof(ctext_ex) - 1; 47 48 static int key1(RSA *key, unsigned char *c) 49 { 50 static unsigned char n[] = 51 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" 52 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" 53 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" 54 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" 55 "\xF5"; 56 57 static unsigned char e[] = "\x11"; 58 59 static unsigned char d[] = 60 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" 61 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" 62 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" 63 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; 64 65 static unsigned char p[] = 66 "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 67 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" 68 "\x0D"; 69 70 static unsigned char q[] = 71 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 72 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 73 "\x89"; 74 75 static unsigned char dmp1[] = 76 "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" 77 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; 78 79 static unsigned char dmq1[] = 80 "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" 81 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" 82 "\x51"; 83 84 static unsigned char iqmp[] = 85 "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" 86 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; 87 88 static unsigned char ctext_ex[] = 89 "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" 90 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" 91 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" 92 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; 93 94 SetKey; 95 } 96 97 static int key2(RSA *key, unsigned char *c) 98 { 99 static unsigned char n[] = 100 "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" 101 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" 102 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" 103 "\x34\x77\xCF"; 104 105 static unsigned char e[] = "\x3"; 106 107 static unsigned char d[] = 108 "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" 109 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" 110 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" 111 "\xE5\xEB"; 112 113 static unsigned char p[] = 114 "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" 115 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; 116 117 static unsigned char q[] = 118 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 119 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; 120 121 static unsigned char dmp1[] = 122 "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" 123 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; 124 125 static unsigned char dmq1[] = 126 "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" 127 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; 128 129 static unsigned char iqmp[] = 130 "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" 131 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; 132 133 static unsigned char ctext_ex[] = 134 "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" 135 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" 136 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" 137 "\x62\x51"; 138 139 SetKey; 140 } 141 142 static int key3(RSA *key, unsigned char *c) 143 { 144 static unsigned char n[] = 145 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" 146 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" 147 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" 148 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" 149 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" 150 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" 151 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" 152 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" 153 "\xCB"; 154 155 static unsigned char e[] = "\x11"; 156 157 static unsigned char d[] = 158 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" 159 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" 160 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" 161 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" 162 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" 163 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" 164 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" 165 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" 166 "\xC1"; 167 168 static unsigned char p[] = 169 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" 170 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" 171 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" 172 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" 173 "\x99"; 174 175 static unsigned char q[] = 176 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 177 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 178 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 179 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" 180 "\x03"; 181 182 static unsigned char dmp1[] = 183 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" 184 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" 185 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" 186 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; 187 188 static unsigned char dmq1[] = 189 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" 190 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" 191 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" 192 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; 193 194 static unsigned char iqmp[] = 195 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" 196 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" 197 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" 198 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" 199 "\xF7"; 200 201 static unsigned char ctext_ex[] = 202 "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" 203 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" 204 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" 205 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" 206 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" 207 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" 208 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" 209 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; 210 211 SetKey; 212 } 213 214 static int rsa_setkey(RSA** key, unsigned char *ctext, int idx) 215 { 216 int clen = 0; 217 218 *key = RSA_new(); 219 if (*key != NULL) 220 switch (idx) { 221 case 0: 222 clen = key1(*key, ctext); 223 break; 224 case 1: 225 clen = key2(*key, ctext); 226 break; 227 case 2: 228 clen = key3(*key, ctext); 229 break; 230 } 231 return clen; 232 } 233 234 static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, 235 int success, unsigned char *ctext_ex, int *clen, 236 RSA **retkey) 237 { 238 int ret = 0; 239 RSA *key; 240 unsigned char ptext[256]; 241 unsigned char ctext[256]; 242 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 243 int plen; 244 int clentmp = 0; 245 int num; 246 247 plen = sizeof(ptext_ex) - 1; 248 clentmp = rsa_setkey(&key, ctext_ex, idx); 249 if (clen != NULL) 250 *clen = clentmp; 251 252 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type); 253 if (!TEST_int_eq(num, clentmp)) 254 goto err; 255 256 num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type); 257 if (success) { 258 if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 259 goto err; 260 } else { 261 if (!TEST_int_lt(num, 0)) 262 goto err; 263 } 264 265 ret = 1; 266 if (retkey != NULL) { 267 *retkey = key; 268 key = NULL; 269 } 270 err: 271 RSA_free(key); 272 return ret; 273 } 274 275 static int test_rsa_pkcs1(int idx) 276 { 277 return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, 278 NULL, NULL); 279 } 280 281 static int test_rsa_oaep(int idx) 282 { 283 int ret = 0; 284 RSA *key = NULL; 285 unsigned char ptext[256]; 286 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 287 unsigned char ctext_ex[256]; 288 int plen; 289 int clen = 0; 290 int num; 291 int n; 292 293 if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, 294 ctext_ex, &clen, &key)) 295 goto err; 296 297 plen = sizeof(ptext_ex) - 1; 298 299 /* Different ciphertexts. Try decrypting ctext_ex */ 300 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 301 RSA_PKCS1_OAEP_PADDING); 302 if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 303 goto err; 304 305 /* Try decrypting corrupted ciphertexts. */ 306 for (n = 0; n < clen; ++n) { 307 ctext_ex[n] ^= 1; 308 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 309 RSA_PKCS1_OAEP_PADDING); 310 if (!TEST_int_le(num, 0)) 311 goto err; 312 ctext_ex[n] ^= 1; 313 } 314 315 /* Test truncated ciphertexts, as well as negative length. */ 316 for (n = -1; n < clen; ++n) { 317 num = RSA_private_decrypt(n, ctext_ex, ptext, key, 318 RSA_PKCS1_OAEP_PADDING); 319 if (!TEST_int_le(num, 0)) 320 goto err; 321 } 322 323 ret = 1; 324 err: 325 RSA_free(key); 326 return ret; 327 } 328 329 static const struct { 330 int bits; 331 unsigned int r; 332 } rsa_security_bits_cases[] = { 333 /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */ 334 { 2048, 112 }, 335 { 3072, 128 }, 336 { 4096, 152 }, 337 { 6144, 176 }, 338 { 8192, 200 }, 339 /* NIST FIPS 140-2 IG 7.5 */ 340 { 7680, 192 }, 341 { 15360, 256 }, 342 /* Older values */ 343 { 256, 40 }, 344 { 512, 56 }, 345 { 1024, 80 }, 346 /* Some other values */ 347 { 8888, 208 }, 348 { 2468, 120 }, 349 { 13456, 248 }, 350 /* Edge points */ 351 { 15359, 256 }, 352 { 15361, 264 }, 353 { 7679, 192 }, 354 { 7681, 200 }, 355 }; 356 357 static int test_rsa_security_bit(int n) 358 { 359 static const unsigned char vals[8] = { 360 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40 361 }; 362 RSA *key = RSA_new(); 363 const int bits = rsa_security_bits_cases[n].bits; 364 const int result = rsa_security_bits_cases[n].r; 365 const int bytes = (bits + 7) / 8; 366 int r = 0; 367 unsigned char num[2000]; 368 369 if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num))) 370 goto err; 371 372 /* 373 * It is necessary to set the RSA key in order to ask for the strength. 374 * A BN of an appropriate size is created, in general it won't have the 375 * properties necessary for RSA to function. This is okay here since 376 * the RSA key is never used. 377 */ 378 memset(num, vals[bits % 8], bytes); 379 380 /* 381 * The 'e' parameter is set to the same value as 'n'. This saves having 382 * an extra BN to hold a sensible value for 'e'. This is safe since the 383 * RSA key is not used. The 'd' parameter can be NULL safely. 384 */ 385 if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL), 386 BN_bin2bn(num, bytes, NULL), NULL)) 387 && TEST_uint_eq(RSA_security_bits(key), result)) 388 r = 1; 389 err: 390 RSA_free(key); 391 return r; 392 } 393 394 static int test_EVP_rsa_legacy_key(void) 395 { 396 int ret; 397 size_t buflen = 384; 398 size_t msglen = 64; 399 unsigned char sigbuf[384]; 400 unsigned char msgbuf[64]; 401 BIGNUM *p; 402 BIGNUM *q; 403 BIGNUM *n; 404 BIGNUM *d; 405 BIGNUM *e; 406 RSA *rsa; 407 const EVP_MD *md; 408 EVP_MD_CTX *ctx = NULL; 409 EVP_PKEY *pkey = NULL; 410 411 unsigned char n_data[] = { 412 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, 413 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, 414 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, 415 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, 416 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, 417 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, 418 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, 419 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, 420 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, 421 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, 422 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, 423 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, 424 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, 425 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, 426 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, 427 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, 428 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, 429 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, 430 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, 431 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, 432 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, 433 0x2e, 0xf2, 0x8e, 0x7e, 0x13 }; 434 435 unsigned char e_data[] = { 0x01, 0x00, 0x01 }; 436 437 unsigned char d_data[] = { 438 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, 439 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, 440 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, 441 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, 442 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, 443 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, 444 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, 445 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, 446 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, 447 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, 448 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, 449 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, 450 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, 451 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, 452 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, 453 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, 454 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, 455 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, 456 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, 457 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, 458 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, 459 0xf4, 0xfa, 0x60, 0xc1 }; 460 461 unsigned char p_data[] = { 462 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, 463 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, 464 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, 465 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, 466 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, 467 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, 468 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, 469 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, 470 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, 471 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, 472 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 }; 473 474 unsigned char q_data[] = { 475 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, 476 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, 477 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, 478 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, 479 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, 480 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, 481 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, 482 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, 483 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, 484 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, 485 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; 486 487 memset(msgbuf, 0xef, 64); 488 489 ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) 490 && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) 491 && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) 492 && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) 493 && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) 494 && TEST_ptr((rsa = RSA_new())) 495 && TEST_ptr((md = EVP_sha256())) 496 && TEST_ptr((ctx = EVP_MD_CTX_new())) 497 && TEST_ptr((pkey = EVP_PKEY_new())) 498 && TEST_true(RSA_set0_factors(rsa, p, q)) 499 && TEST_true(RSA_set0_key(rsa, n, e, d)) 500 && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) 501 && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) 502 && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); 503 504 EVP_MD_CTX_free(ctx); 505 EVP_PKEY_free(pkey); 506 return ret; 507 } 508 509 static RSA *load_key(int priv) 510 { 511 RSA *rsa = NULL; 512 BIGNUM *pn = NULL, *pe = NULL, *pd= NULL; 513 514 /* RSA key extracted using > openssl genpkey -algorithm RSA -text */ 515 static const unsigned char n[] = { 516 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97, 517 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17, 518 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa, 519 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f, 520 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf, 521 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77, 522 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4, 523 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f, 524 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30, 525 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21, 526 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8, 527 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28, 528 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19, 529 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91, 530 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11, 531 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62, 532 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70, 533 0x53, 0x31 534 }; 535 static const unsigned char e[] = { 536 0x01, 0x00, 0x01 537 }; 538 static const unsigned char d[] = { 539 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21, 540 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8, 541 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9, 542 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64, 543 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f, 544 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d, 545 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19, 546 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76, 547 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a, 548 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88, 549 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9, 550 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57, 551 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc, 552 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23, 553 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5, 554 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37, 555 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32, 556 0x21 557 }; 558 559 if (!TEST_ptr(rsa = RSA_new())) 560 return NULL; 561 pn = BN_bin2bn(n, sizeof(n), NULL); 562 pe = BN_bin2bn(e, sizeof(e), NULL); 563 if (priv) 564 pd = BN_bin2bn(d, sizeof(d), NULL); 565 if (!TEST_false(pn == NULL 566 || pe == NULL 567 || (priv && pd == NULL) 568 || !RSA_set0_key(rsa, pn, pe, pd))) { 569 BN_free(pn); 570 BN_free(pe); 571 BN_free(pd); 572 RSA_free(rsa); 573 rsa = NULL; 574 } 575 return rsa; 576 } 577 578 static int test_rsa_saos(void) 579 { 580 int ret = 0; 581 unsigned int siglen = 0; 582 RSA *rsa_priv = NULL, *rsa_pub = NULL; 583 static const unsigned char in[256] = { 0 }; 584 unsigned char sig[256]; 585 /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */ 586 unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3; 587 588 /* A generated signature when in[inlen]= { 1 }. */ 589 static const unsigned char sig_mismatch[256] = { 590 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91, 591 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75, 592 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60, 593 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38, 594 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb, 595 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57, 596 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc, 597 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3, 598 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f, 599 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1, 600 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb, 601 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9, 602 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73, 603 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74, 604 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae, 605 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f, 606 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d, 607 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4, 608 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01, 609 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7, 610 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd, 611 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59, 612 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac, 613 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7, 614 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed, 615 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc, 616 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9, 617 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1, 618 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b, 619 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd, 620 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95, 621 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86 622 }; 623 /* The signature generated by RSA_private_encrypt of in[inlen] */ 624 static const unsigned char no_octet_sig[256] = { 625 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19, 626 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81, 627 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31, 628 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e, 629 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2, 630 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84, 631 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc, 632 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f, 633 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63, 634 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52, 635 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd, 636 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0, 637 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2, 638 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0, 639 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20, 640 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc, 641 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6, 642 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46, 643 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21, 644 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59, 645 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1, 646 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3, 647 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75, 648 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd, 649 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33, 650 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf, 651 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f, 652 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4, 653 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5, 654 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc, 655 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad, 656 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16 657 }; 658 659 if (!TEST_ptr(rsa_priv = load_key(1))) 660 goto err; 661 if (!TEST_ptr(rsa_pub = load_key(0))) 662 goto err; 663 if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv))) 664 goto err; 665 666 /* Test that a generated signature can be verified */ 667 if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 668 rsa_priv))) 669 goto err; 670 if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 671 goto err; 672 673 /* Test sign fails if the input is too large */ 674 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen, 675 rsa_priv))) 676 goto err; 677 678 /* Fail if there is no private signing key */ 679 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, 680 rsa_pub))) 681 goto err; 682 683 /* Fail if the signature is the wrong size */ 684 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub))) 685 goto err; 686 687 /* Fail if the encrypted input is not octet encoded */ 688 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig, 689 (unsigned int)sizeof(no_octet_sig), 690 rsa_pub))) 691 goto err; 692 693 /* Fail if the signature does not match the input */ 694 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch, 695 (unsigned int)sizeof(sig_mismatch), 696 rsa_pub))) 697 goto err; 698 699 /* Fail if the signature is corrupt */ 700 sig[0]++; 701 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) 702 goto err; 703 sig[0]--; 704 705 ret = 1; 706 err: 707 RSA_free(rsa_priv); 708 RSA_free(rsa_pub); 709 return ret; 710 } 711 712 int setup_tests(void) 713 { 714 ADD_ALL_TESTS(test_rsa_pkcs1, 3); 715 ADD_ALL_TESTS(test_rsa_oaep, 3); 716 ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); 717 ADD_TEST(test_rsa_saos); 718 ADD_TEST(test_EVP_rsa_legacy_key); 719 return 1; 720 } 721
Indexes created Wed Mar 04 15:26:31 UTC 2026