2 #include "mbedtls/rsa.h"
3 #include "mbedtls/rsa_internal.h"
4 #include "mbedtls/md2.h"
5 #include "mbedtls/md4.h"
6 #include "mbedtls/md5.h"
7 #include "mbedtls/sha1.h"
8 #include "mbedtls/sha256.h"
9 #include "mbedtls/sha512.h"
10 #include "mbedtls/entropy.h"
11 #include "mbedtls/ctr_drbg.h"
16 * depends_on:MBEDTLS_RSA_C:MBEDTLS_BIGNUM_C:MBEDTLS_GENPRIME
20 /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
21 void rsa_invalid_param( )
23 mbedtls_rsa_context ctx;
24 const int valid_padding = MBEDTLS_RSA_PKCS_V21;
25 const int invalid_padding = 42;
26 const int valid_mode = MBEDTLS_RSA_PRIVATE;
27 const int invalid_mode = 42;
28 unsigned char buf[42] = { 0 };
31 TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
32 TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
33 TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
35 /* No more variants because only the first argument must be non-NULL. */
36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
37 mbedtls_rsa_import( NULL, NULL, NULL,
39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
40 mbedtls_rsa_import_raw( NULL,
47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
48 mbedtls_rsa_complete( NULL ) );
50 /* No more variants because only the first argument must be non-NULL. */
51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
52 mbedtls_rsa_export( NULL, NULL, NULL,
54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
55 mbedtls_rsa_export_raw( NULL,
61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
62 mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
64 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
66 TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
67 invalid_padding, 0 ) );
69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
70 mbedtls_rsa_gen_key( NULL, rnd_std_rand,
72 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
73 mbedtls_rsa_gen_key( &ctx, NULL,
76 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
77 mbedtls_rsa_check_pubkey( NULL ) );
78 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
79 mbedtls_rsa_check_privkey( NULL ) );
81 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
82 mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
84 mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
87 mbedtls_rsa_public( NULL, buf, buf ) );
88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
89 mbedtls_rsa_public( &ctx, NULL, buf ) );
90 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
91 mbedtls_rsa_public( &ctx, buf, NULL ) );
93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
94 mbedtls_rsa_private( NULL, NULL, NULL,
96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
97 mbedtls_rsa_private( &ctx, NULL, NULL,
99 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
100 mbedtls_rsa_private( &ctx, NULL, NULL,
103 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
104 mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
109 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
113 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
114 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
118 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
119 mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
125 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
131 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
137 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
142 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
143 mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
149 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
150 mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
156 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
162 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
168 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
174 mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
180 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
181 mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
184 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
185 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
189 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
193 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
197 mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
202 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
207 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
211 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
212 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
217 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
221 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
222 mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
228 mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
233 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
234 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
239 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
240 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
246 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
251 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
252 mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
258 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
259 mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
261 0, sizeof( buf ), buf,
263 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
264 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
266 0, sizeof( buf ), buf,
268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
269 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
271 0, sizeof( buf ), NULL,
273 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
274 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
276 0, sizeof( buf ), buf,
278 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
279 mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
285 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
286 mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
288 0, sizeof( buf ), buf,
290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
291 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
293 0, sizeof( buf ), buf,
295 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
296 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
298 0, sizeof( buf ), NULL,
300 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
301 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
303 0, sizeof( buf ), buf,
305 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
306 mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
312 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
313 mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
315 0, sizeof( buf ), buf,
317 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
318 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
320 0, sizeof( buf ), buf,
322 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
323 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
325 0, sizeof( buf ), NULL,
327 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
328 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
330 0, sizeof( buf ), buf,
332 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
333 mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
339 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
340 mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
342 0, sizeof( buf ), buf,
344 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
345 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
347 0, sizeof( buf ), buf,
349 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
350 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
352 0, sizeof( buf ), NULL,
354 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
355 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
357 0, sizeof( buf ), buf,
359 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
360 mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
362 MBEDTLS_MD_SHA1, 0, NULL,
365 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
366 mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
369 0, sizeof( buf ), buf,
371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
372 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
375 0, sizeof( buf ), buf,
377 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
378 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
383 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
384 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
387 0, sizeof( buf ), buf,
389 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
390 mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
397 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
398 mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
402 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
403 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
407 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
408 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
412 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
413 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
417 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
418 mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
424 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
425 mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
431 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
432 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
438 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
439 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
444 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
445 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
450 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
451 mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
458 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
459 mbedtls_rsa_copy( NULL, &ctx ) );
460 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
461 mbedtls_rsa_copy( &ctx, NULL ) );
469 void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
470 int digest, int mod, int radix_P, char * input_P,
471 int radix_Q, char * input_Q, int radix_N,
472 char * input_N, int radix_E, char * input_E,
473 data_t * result_hex_str, int result )
475 unsigned char hash_result[1000];
476 unsigned char output[1000];
477 mbedtls_rsa_context ctx;
478 mbedtls_mpi N, P, Q, E;
479 rnd_pseudo_info rnd_info;
481 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
482 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
483 mbedtls_rsa_init( &ctx, padding_mode, 0 );
485 memset( hash_result, 0x00, 1000 );
486 memset( output, 0x00, 1000 );
487 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
489 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
490 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
491 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
492 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
494 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
495 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
496 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
497 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
500 if( mbedtls_md_info_from_type( digest ) != NULL )
501 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
503 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
504 MBEDTLS_RSA_PRIVATE, digest, 0,
505 hash_result, output ) == result );
509 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
513 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
514 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
515 mbedtls_rsa_free( &ctx );
520 void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
521 int digest, int mod, int radix_N,
522 char * input_N, int radix_E, char * input_E,
523 data_t * result_str, int result )
525 unsigned char hash_result[1000];
526 mbedtls_rsa_context ctx;
530 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
531 mbedtls_rsa_init( &ctx, padding_mode, 0 );
532 memset( hash_result, 0x00, 1000 );
534 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
535 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
536 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
537 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
538 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
541 if( mbedtls_md_info_from_type( digest ) != NULL )
542 TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
544 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
547 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
548 mbedtls_rsa_free( &ctx );
554 void rsa_pkcs1_sign_raw( data_t * hash_result,
555 int padding_mode, int mod, int radix_P,
556 char * input_P, int radix_Q, char * input_Q,
557 int radix_N, char * input_N, int radix_E,
558 char * input_E, data_t * result_hex_str )
560 unsigned char output[1000];
561 mbedtls_rsa_context ctx;
562 mbedtls_mpi N, P, Q, E;
563 rnd_pseudo_info rnd_info;
565 mbedtls_rsa_init( &ctx, padding_mode, 0 );
566 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
567 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
569 memset( output, 0x00, 1000 );
570 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
572 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
573 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
574 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
575 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
577 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
578 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
579 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
580 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
583 TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
584 MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
585 hash_result->len, hash_result->x,
589 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
591 #if defined(MBEDTLS_PKCS1_V15)
592 /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
593 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
596 memset( output, 0x00, 1000 );
598 res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
599 &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
600 hash_result->len, hash_result->x, output );
602 #if !defined(MBEDTLS_RSA_ALT)
603 TEST_ASSERT( res == 0 );
605 TEST_ASSERT( ( res == 0 ) ||
606 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
611 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
614 #endif /* MBEDTLS_PKCS1_V15 */
617 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
618 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
620 mbedtls_rsa_free( &ctx );
625 void rsa_pkcs1_verify_raw( data_t * hash_result,
626 int padding_mode, int mod, int radix_N,
627 char * input_N, int radix_E, char * input_E,
628 data_t * result_str, int correct )
630 unsigned char output[1000];
631 mbedtls_rsa_context ctx;
634 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
636 mbedtls_rsa_init( &ctx, padding_mode, 0 );
637 memset( output, 0x00, sizeof( output ) );
639 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
640 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
642 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
643 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
644 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
647 TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
649 #if defined(MBEDTLS_PKCS1_V15)
650 /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
651 if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
657 res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
658 NULL, NULL, MBEDTLS_RSA_PUBLIC,
659 &olen, result_str->x, output, sizeof( output ) );
661 #if !defined(MBEDTLS_RSA_ALT)
662 TEST_ASSERT( res == 0 );
664 TEST_ASSERT( ( res == 0 ) ||
665 ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
670 ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
672 TEST_ASSERT( ok == 1 );
674 TEST_ASSERT( ok == 0 );
677 #endif /* MBEDTLS_PKCS1_V15 */
680 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
681 mbedtls_rsa_free( &ctx );
686 void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
687 int mod, int radix_N, char * input_N,
688 int radix_E, char * input_E,
689 data_t * result_hex_str, int result )
691 unsigned char output[1000];
692 mbedtls_rsa_context ctx;
693 rnd_pseudo_info rnd_info;
696 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
698 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
700 mbedtls_rsa_init( &ctx, padding_mode, 0 );
701 memset( output, 0x00, 1000 );
703 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
704 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
706 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
707 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
708 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
711 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
712 MBEDTLS_RSA_PUBLIC, message_str->len,
713 message_str->x, output ) == result );
717 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
721 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
722 mbedtls_rsa_free( &ctx );
727 void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
728 int mod, int radix_N, char * input_N,
729 int radix_E, char * input_E,
730 data_t * result_hex_str, int result )
732 unsigned char output[1000];
733 mbedtls_rsa_context ctx;
737 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
738 mbedtls_rsa_init( &ctx, padding_mode, 0 );
739 memset( output, 0x00, 1000 );
741 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
742 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
744 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
745 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
746 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
749 TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
750 MBEDTLS_RSA_PUBLIC, message_str->len,
751 message_str->x, output ) == result );
755 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
759 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
760 mbedtls_rsa_free( &ctx );
765 void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
766 int mod, int radix_P, char * input_P,
767 int radix_Q, char * input_Q, int radix_N,
768 char * input_N, int radix_E, char * input_E,
769 int max_output, data_t * result_hex_str,
772 unsigned char output[1000];
773 mbedtls_rsa_context ctx;
775 rnd_pseudo_info rnd_info;
776 mbedtls_mpi N, P, Q, E;
778 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
779 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
781 mbedtls_rsa_init( &ctx, padding_mode, 0 );
783 memset( output, 0x00, 1000 );
784 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
787 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
788 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
789 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
790 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
792 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
793 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
794 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
795 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
799 TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
803 TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
807 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
808 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
809 mbedtls_rsa_free( &ctx );
814 void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
815 char * input_N, int radix_E, char * input_E,
816 data_t * result_hex_str, int result )
818 unsigned char output[1000];
819 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
823 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
824 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
825 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
826 memset( output, 0x00, 1000 );
828 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
829 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
831 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
832 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
833 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
836 TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
840 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
843 /* And now with the copy */
844 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
845 /* clear the original to be sure */
846 mbedtls_rsa_free( &ctx );
848 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
850 memset( output, 0x00, 1000 );
851 TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
855 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
859 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
860 mbedtls_rsa_free( &ctx );
861 mbedtls_rsa_free( &ctx2 );
866 void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
867 char * input_P, int radix_Q, char * input_Q,
868 int radix_N, char * input_N, int radix_E,
869 char * input_E, data_t * result_hex_str,
872 unsigned char output[1000];
873 mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
874 mbedtls_mpi N, P, Q, E;
875 rnd_pseudo_info rnd_info;
878 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
879 mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
880 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
881 mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
883 memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
885 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
886 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
887 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
888 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
890 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
891 TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
892 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
893 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
896 /* repeat three times to test updating of blinding values */
897 for( i = 0; i < 3; i++ )
899 memset( output, 0x00, 1000 );
900 TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
901 message_str->x, output ) == result );
905 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
909 /* And now one more time with the copy */
910 TEST_ASSERT( mbedtls_rsa_copy( &ctx2, &ctx ) == 0 );
911 /* clear the original to be sure */
912 mbedtls_rsa_free( &ctx );
914 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
916 memset( output, 0x00, 1000 );
917 TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
918 message_str->x, output ) == result );
922 TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
926 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
927 mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
929 mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 );
934 void rsa_check_privkey_null( )
936 mbedtls_rsa_context ctx;
937 memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
939 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
944 void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
945 char * input_E, int result )
947 mbedtls_rsa_context ctx;
950 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
951 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
953 if( strlen( input_N ) )
955 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
957 if( strlen( input_E ) )
959 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
962 TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
963 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result );
966 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
967 mbedtls_rsa_free( &ctx );
972 void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
973 int radix_Q, char * input_Q, int radix_N,
974 char * input_N, int radix_E, char * input_E,
975 int radix_D, char * input_D, int radix_DP,
976 char * input_DP, int radix_DQ,
977 char * input_DQ, int radix_QP,
978 char * input_QP, int result )
980 mbedtls_rsa_context ctx;
982 mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
985 if( strlen( input_P ) )
987 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
989 if( strlen( input_Q ) )
991 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
993 if( strlen( input_N ) )
995 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
997 if( strlen( input_E ) )
999 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
1001 if( strlen( input_D ) )
1003 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
1005 #if !defined(MBEDTLS_RSA_NO_CRT)
1006 if( strlen( input_DP ) )
1008 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
1010 if( strlen( input_DQ ) )
1012 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
1014 if( strlen( input_QP ) )
1016 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
1019 ((void) radix_DP); ((void) input_DP);
1020 ((void) radix_DQ); ((void) input_DQ);
1021 ((void) radix_QP); ((void) input_QP);
1024 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result );
1027 mbedtls_rsa_free( &ctx );
1032 void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
1033 int radix_Epub, char * input_Epub, int radix_P,
1034 char * input_P, int radix_Q, char * input_Q,
1035 int radix_N, char * input_N, int radix_E,
1036 char * input_E, int radix_D, char * input_D,
1037 int radix_DP, char * input_DP, int radix_DQ,
1038 char * input_DQ, int radix_QP, char * input_QP,
1041 mbedtls_rsa_context pub, prv;
1043 mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
1044 mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
1049 if( strlen( input_Npub ) )
1051 TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
1053 if( strlen( input_Epub ) )
1055 TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
1058 if( strlen( input_P ) )
1060 TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
1062 if( strlen( input_Q ) )
1064 TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
1066 if( strlen( input_N ) )
1068 TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
1070 if( strlen( input_E ) )
1072 TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
1074 if( strlen( input_D ) )
1076 TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
1078 #if !defined(MBEDTLS_RSA_NO_CRT)
1079 if( strlen( input_DP ) )
1081 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
1083 if( strlen( input_DQ ) )
1085 TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
1087 if( strlen( input_QP ) )
1089 TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
1092 ((void) radix_DP); ((void) input_DP);
1093 ((void) radix_DQ); ((void) input_DQ);
1094 ((void) radix_QP); ((void) input_QP);
1097 TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result );
1100 mbedtls_rsa_free( &pub );
1101 mbedtls_rsa_free( &prv );
1105 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
1106 void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
1108 mbedtls_rsa_context ctx;
1109 mbedtls_entropy_context entropy;
1110 mbedtls_ctr_drbg_context ctr_drbg;
1111 const char *pers = "test_suite_rsa";
1113 mbedtls_ctr_drbg_init( &ctr_drbg );
1114 mbedtls_entropy_init( &entropy );
1115 mbedtls_rsa_init ( &ctx, 0, 0 );
1117 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1118 &entropy, (const unsigned char *) pers,
1119 strlen( pers ) ) == 0 );
1121 TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
1124 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
1125 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
1129 mbedtls_rsa_free( &ctx );
1130 mbedtls_ctr_drbg_free( &ctr_drbg );
1131 mbedtls_entropy_free( &entropy );
1135 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
1136 void mbedtls_rsa_deduce_primes( int radix_N, char *input_N,
1137 int radix_D, char *input_D,
1138 int radix_E, char *input_E,
1139 int radix_P, char *output_P,
1140 int radix_Q, char *output_Q,
1141 int corrupt, int result )
1143 mbedtls_mpi N, P, Pp, Q, Qp, D, E;
1145 mbedtls_mpi_init( &N );
1146 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1147 mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
1148 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1150 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1151 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1152 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1153 TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
1154 TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
1157 TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
1159 /* Try to deduce P, Q from N, D, E only. */
1160 TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result );
1164 /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */
1165 TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) ||
1166 ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) );
1170 mbedtls_mpi_free( &N );
1171 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1172 mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp );
1173 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1178 void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P,
1179 int radix_Q, char *input_Q,
1180 int radix_E, char *input_E,
1181 int radix_D, char *output_D,
1182 int corrupt, int result )
1184 mbedtls_mpi P, Q, D, Dp, E, R, Rp;
1186 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1187 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp );
1188 mbedtls_mpi_init( &E );
1189 mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
1191 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1192 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1193 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1194 TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
1199 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 );
1202 /* Try to deduce D from N, P, Q, E. */
1203 TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q,
1204 &E, &D ) == result );
1209 * Check that D and Dp agree modulo LCM(P-1, Q-1).
1212 /* Replace P,Q by P-1, Q-1 */
1213 TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 );
1214 TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 );
1216 /* Check D == Dp modulo P-1 */
1217 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 );
1218 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 );
1219 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
1221 /* Check D == Dp modulo Q-1 */
1222 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 );
1223 TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 );
1224 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 );
1229 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1230 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp );
1231 mbedtls_mpi_free( &E );
1232 mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp );
1236 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
1237 void mbedtls_rsa_import( int radix_N, char *input_N,
1238 int radix_P, char *input_P,
1239 int radix_Q, char *input_Q,
1240 int radix_D, char *input_D,
1241 int radix_E, char *input_E,
1247 mbedtls_mpi N, P, Q, D, E;
1248 mbedtls_rsa_context ctx;
1250 /* Buffers used for encryption-decryption test */
1251 unsigned char *buf_orig = NULL;
1252 unsigned char *buf_enc = NULL;
1253 unsigned char *buf_dec = NULL;
1255 mbedtls_entropy_context entropy;
1256 mbedtls_ctr_drbg_context ctr_drbg;
1257 const char *pers = "test_suite_rsa";
1259 const int have_N = ( strlen( input_N ) > 0 );
1260 const int have_P = ( strlen( input_P ) > 0 );
1261 const int have_Q = ( strlen( input_Q ) > 0 );
1262 const int have_D = ( strlen( input_D ) > 0 );
1263 const int have_E = ( strlen( input_E ) > 0 );
1265 mbedtls_ctr_drbg_init( &ctr_drbg );
1266 mbedtls_entropy_init( &entropy );
1267 mbedtls_rsa_init( &ctx, 0, 0 );
1269 mbedtls_mpi_init( &N );
1270 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1271 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1273 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
1274 (const unsigned char *) pers, strlen( pers ) ) == 0 );
1277 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1280 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1283 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1286 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1289 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1293 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1298 have_E ? &E : NULL ) == 0 );
1302 /* Import N, P, Q, D, E separately.
1303 * This should make no functional difference. */
1305 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1307 NULL, NULL, NULL, NULL ) == 0 );
1309 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1312 NULL, NULL, NULL ) == 0 );
1314 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1317 NULL, NULL ) == 0 );
1319 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1324 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1325 NULL, NULL, NULL, NULL,
1326 have_E ? &E : NULL ) == 0 );
1329 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
1331 /* On expected success, perform some public and private
1332 * key operations to check if the key is working properly. */
1333 if( res_complete == 0 )
1336 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1338 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1340 if( res_check != 0 )
1343 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1344 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1345 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1346 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1349 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1350 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1352 /* Make sure the number we're generating is smaller than the modulus */
1355 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1359 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1363 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1364 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1370 mbedtls_free( buf_orig );
1371 mbedtls_free( buf_enc );
1372 mbedtls_free( buf_dec );
1374 mbedtls_rsa_free( &ctx );
1376 mbedtls_ctr_drbg_free( &ctr_drbg );
1377 mbedtls_entropy_free( &entropy );
1379 mbedtls_mpi_free( &N );
1380 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1381 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1386 void mbedtls_rsa_export( int radix_N, char *input_N,
1387 int radix_P, char *input_P,
1388 int radix_Q, char *input_Q,
1389 int radix_D, char *input_D,
1390 int radix_E, char *input_E,
1394 /* Original MPI's with which we set up the RSA context */
1395 mbedtls_mpi N, P, Q, D, E;
1397 /* Exported MPI's */
1398 mbedtls_mpi Ne, Pe, Qe, De, Ee;
1400 const int have_N = ( strlen( input_N ) > 0 );
1401 const int have_P = ( strlen( input_P ) > 0 );
1402 const int have_Q = ( strlen( input_Q ) > 0 );
1403 const int have_D = ( strlen( input_D ) > 0 );
1404 const int have_E = ( strlen( input_E ) > 0 );
1406 mbedtls_rsa_context ctx;
1408 mbedtls_rsa_init( &ctx, 0, 0 );
1410 mbedtls_mpi_init( &N );
1411 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1412 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1414 mbedtls_mpi_init( &Ne );
1415 mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe );
1416 mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee );
1418 /* Setup RSA context */
1421 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1424 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1427 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1430 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1433 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1435 TEST_ASSERT( mbedtls_rsa_import( &ctx,
1436 strlen( input_N ) ? &N : NULL,
1437 strlen( input_P ) ? &P : NULL,
1438 strlen( input_Q ) ? &Q : NULL,
1439 strlen( input_D ) ? &D : NULL,
1440 strlen( input_E ) ? &E : NULL ) == 0 );
1442 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
1445 * Export parameters and compare to original ones.
1448 /* N and E must always be present. */
1451 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 );
1455 TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 );
1456 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 );
1458 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 );
1459 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 );
1461 /* If we were providing enough information to setup a complete private context,
1462 * we expect to be able to export all core parameters. */
1468 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe,
1473 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL,
1474 NULL, NULL ) == 0 );
1475 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe,
1476 NULL, NULL ) == 0 );
1477 TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL,
1482 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 );
1485 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 );
1488 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 );
1490 /* While at it, perform a sanity check */
1491 TEST_ASSERT( mbedtls_rsa_validate_params( &Ne, &Pe, &Qe, &De, &Ee,
1492 NULL, NULL ) == 0 );
1497 mbedtls_rsa_free( &ctx );
1499 mbedtls_mpi_free( &N );
1500 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1501 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1503 mbedtls_mpi_free( &Ne );
1504 mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe );
1505 mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee );
1509 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
1510 void mbedtls_rsa_validate_params( int radix_N, char *input_N,
1511 int radix_P, char *input_P,
1512 int radix_Q, char *input_Q,
1513 int radix_D, char *input_D,
1514 int radix_E, char *input_E,
1515 int prng, int result )
1517 /* Original MPI's with which we set up the RSA context */
1518 mbedtls_mpi N, P, Q, D, E;
1520 const int have_N = ( strlen( input_N ) > 0 );
1521 const int have_P = ( strlen( input_P ) > 0 );
1522 const int have_Q = ( strlen( input_Q ) > 0 );
1523 const int have_D = ( strlen( input_D ) > 0 );
1524 const int have_E = ( strlen( input_E ) > 0 );
1526 mbedtls_entropy_context entropy;
1527 mbedtls_ctr_drbg_context ctr_drbg;
1528 const char *pers = "test_suite_rsa";
1530 mbedtls_mpi_init( &N );
1531 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
1532 mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
1534 mbedtls_ctr_drbg_init( &ctr_drbg );
1535 mbedtls_entropy_init( &entropy );
1536 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1537 &entropy, (const unsigned char *) pers,
1538 strlen( pers ) ) == 0 );
1541 TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
1544 TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
1547 TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
1550 TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
1553 TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
1555 TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
1560 prng ? mbedtls_ctr_drbg_random : NULL,
1561 prng ? &ctr_drbg : NULL ) == result );
1564 mbedtls_ctr_drbg_free( &ctr_drbg );
1565 mbedtls_entropy_free( &entropy );
1567 mbedtls_mpi_free( &N );
1568 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
1569 mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
1573 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
1574 void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
1575 data_t *input_Q, data_t *input_D,
1576 data_t *input_E, int is_priv,
1579 /* Exported buffers */
1580 unsigned char bufNe[1000];
1581 unsigned char bufPe[1000];
1582 unsigned char bufQe[1000];
1583 unsigned char bufDe[1000];
1584 unsigned char bufEe[1000];
1586 mbedtls_rsa_context ctx;
1588 mbedtls_rsa_init( &ctx, 0, 0 );
1590 /* Setup RSA context */
1591 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1592 input_N->len ? input_N->x : NULL, input_N->len,
1593 input_P->len ? input_P->x : NULL, input_P->len,
1594 input_Q->len ? input_Q->x : NULL, input_Q->len,
1595 input_D->len ? input_D->x : NULL, input_D->len,
1596 input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
1598 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
1601 * Export parameters and compare to original ones.
1604 /* N and E must always be present. */
1607 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
1608 NULL, 0, NULL, 0, NULL, 0,
1609 bufEe, input_E->len ) == 0 );
1613 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
1614 NULL, 0, NULL, 0, NULL, 0,
1616 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1617 NULL, 0, NULL, 0, NULL, 0,
1618 bufEe, input_E->len ) == 0 );
1620 TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
1621 TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
1623 /* If we were providing enough information to setup a complete private context,
1624 * we expect to be able to export all core parameters. */
1630 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1631 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1632 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1633 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
1638 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
1639 bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
1643 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
1644 bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
1645 NULL, 0, NULL, 0 ) == 0 );
1647 TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
1648 bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
1653 TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
1656 TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
1659 TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
1664 mbedtls_rsa_free( &ctx );
1668 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
1669 void mbedtls_rsa_import_raw( data_t *input_N,
1670 data_t *input_P, data_t *input_Q,
1671 data_t *input_D, data_t *input_E,
1677 /* Buffers used for encryption-decryption test */
1678 unsigned char *buf_orig = NULL;
1679 unsigned char *buf_enc = NULL;
1680 unsigned char *buf_dec = NULL;
1682 mbedtls_rsa_context ctx;
1683 mbedtls_entropy_context entropy;
1684 mbedtls_ctr_drbg_context ctr_drbg;
1686 const char *pers = "test_suite_rsa";
1688 mbedtls_ctr_drbg_init( &ctr_drbg );
1689 mbedtls_entropy_init( &entropy );
1690 mbedtls_rsa_init( &ctx, 0, 0 );
1692 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
1693 &entropy, (const unsigned char *) pers,
1694 strlen( pers ) ) == 0 );
1698 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1699 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1700 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1701 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1702 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1703 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
1707 /* Import N, P, Q, D, E separately.
1708 * This should make no functional difference. */
1710 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1711 ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
1712 NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1714 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1716 ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
1717 NULL, 0, NULL, 0, NULL, 0 ) == 0 );
1719 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1721 ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
1722 NULL, 0, NULL, 0 ) == 0 );
1724 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1725 NULL, 0, NULL, 0, NULL, 0,
1726 ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
1729 TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
1730 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1731 ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
1734 TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
1736 /* On expected success, perform some public and private
1737 * key operations to check if the key is working properly. */
1738 if( res_complete == 0 )
1741 TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check );
1743 TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check );
1745 if( res_check != 0 )
1748 buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1749 buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1750 buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) );
1751 if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
1754 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
1755 buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );
1757 /* Make sure the number we're generating is smaller than the modulus */
1760 TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 );
1764 TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
1768 TEST_ASSERT( memcmp( buf_orig, buf_dec,
1769 mbedtls_rsa_get_len( &ctx ) ) == 0 );
1775 mbedtls_free( buf_orig );
1776 mbedtls_free( buf_enc );
1777 mbedtls_free( buf_dec );
1779 mbedtls_rsa_free( &ctx );
1781 mbedtls_ctr_drbg_free( &ctr_drbg );
1782 mbedtls_entropy_free( &entropy );
1787 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
1788 void rsa_selftest( )
1790 TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );