rsa_sp800_56b_test.c@ 106683

Last change on this file since 106683 was 104078, checked in by vboxsync, 11 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 20.9 KB

Line
1	/*
2	* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* RSA low level APIs are deprecated for public use, but still ok for
12	* internal use.
13	*/
14	#include "internal/deprecated.h"
15
16	#include <stdio.h>
17	#include <string.h>
18
19	#include "internal/nelem.h"
20
21	#include <openssl/crypto.h>
22	#include <openssl/err.h>
23	#include <openssl/rand.h>
24	#include <openssl/bn.h>
25
26	#include "testutil.h"
27
28	#include "rsa_local.h"
29	#include <openssl/rsa.h>
30
31	/* taken from RSA2 cavs data */
32	static const unsigned char cav_e[] = {
33	0x01,0x00,0x01
34	};
35	static const unsigned char cav_p[] = {
36	0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0,
37	0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02,
38	0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d,
39	0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41,
40	0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xbc,0x4c,
41	0x01,0xa5,0x4b,0xbd,0xa4,0x20,0xb5,0x20,0xd5,0x59,0x6f,0x82,0x5c,0x8f,0x4f,
42	0xe0,0x3a,0x4e,0x7e,0xfe,0x44,0xf3,0x3c,0xc0,0x0e,0x14,0x2b,0x32,0xe6,0x28,
43	0x8b,0x63,0x87,0x00,0xc3,0x53,0x4a,0x5b,0x71,0x7a,0x5b,0x28,0x40,0xc4,0x18,
44	0xb6,0x77,0x0b,0xab,0x59,0xa4,0x96,0x7d
45	};
46	static const unsigned char cav_q[] = {
47	0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb,
48	0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf,
49	0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68,
50	0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e,
51	0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xc4,0x44,0xdd,
52	0xf7,0x7e,0xda,0x47,0x4a,0x67,0x44,0x5d,0x4e,0x75,0xf0,0x4d,0x00,0x68,0xe1,
53	0x4a,0xec,0x1f,0x45,0xf9,0xe6,0xca,0x38,0x95,0x48,0x6f,0xdc,0x9d,0x1b,0xa3,
54	0x4b,0xfd,0x08,0x4b,0x54,0xcd,0xeb,0x3d,0xef,0x33,0x11,0x6e,0xce,0xe4,0x5d,
55	0xef,0xa9,0x58,0x5c,0x87,0x4d,0xc8,0xcf
56	};
57	static const unsigned char cav_n[] = {
58	0xce,0x5e,0x8d,0x1a,0xa3,0x08,0x7a,0x2d,0xb4,0x49,0x48,0xf0,0x06,0xb6,0xfe,
59	0xba,0x2f,0x39,0x7c,0x7b,0xe0,0x5d,0x09,0x2d,0x57,0x4e,0x54,0x60,0x9c,0xe5,
60	0x08,0x4b,0xe1,0x1a,0x73,0xc1,0x5e,0x2f,0xb6,0x46,0xd7,0x81,0xca,0xbc,0x98,
61	0xd2,0xf9,0xef,0x1c,0x92,0x8c,0x8d,0x99,0x85,0x28,0x52,0xd6,0xd5,0xab,0x70,
62	0x7e,0x9e,0xa9,0x87,0x82,0xc8,0x95,0x64,0xeb,0xf0,0x6c,0x0f,0x3f,0xe9,0x02,
63	0x29,0x2e,0x6d,0xa1,0xec,0xbf,0xdc,0x23,0xdf,0x82,0x4f,0xab,0x39,0x8d,0xcc,
64	0xac,0x21,0x51,0x14,0xf8,0xef,0xec,0x73,0x80,0x86,0xa3,0xcf,0x8f,0xd5,0xcf,
65	0x22,0x1f,0xcc,0x23,0x2f,0xba,0xcb,0xf6,0x17,0xcd,0x3a,0x1f,0xd9,0x84,0xb9,
66	0x88,0xa7,0x78,0x0f,0xaa,0xc9,0x04,0x01,0x20,0x72,0x5d,0x2a,0xfe,0x5b,0xdd,
67	0x16,0x5a,0xed,0x83,0x02,0x96,0x39,0x46,0x37,0x30,0xc1,0x0d,0x87,0xc2,0xc8,
68	0x33,0x38,0xed,0x35,0x72,0xe5,0x29,0xf8,0x1f,0x23,0x60,0xe1,0x2a,0x5b,0x1d,
69	0x6b,0x53,0x3f,0x07,0xc4,0xd9,0xbb,0x04,0x0c,0x5c,0x3f,0x0b,0xc4,0xd4,0x61,
70	0x96,0x94,0xf1,0x0f,0x4a,0x49,0xac,0xde,0xd2,0xe8,0x42,0xb3,0x4a,0x0b,0x64,
71	0x7a,0x32,0x5f,0x2b,0x5b,0x0f,0x8b,0x8b,0xe0,0x33,0x23,0x34,0x64,0xf8,0xb5,
72	0x7f,0x69,0x60,0xb8,0x71,0xe9,0xff,0x92,0x42,0xb1,0xf7,0x23,0xa8,0xa7,0x92,
73	0x04,0x3d,0x6b,0xff,0xf7,0xab,0xbb,0x14,0x1f,0x4c,0x10,0x97,0xd5,0x6b,0x71,
74	0x12,0xfd,0x93,0xa0,0x4a,0x3b,0x75,0x72,0x40,0x96,0x1c,0x5f,0x40,0x40,0x57,
75	0x13
76	};
77	static const unsigned char cav_d[] = {
78	0x47,0x47,0x49,0x1d,0x66,0x2a,0x4b,0x68,0xf5,0xd8,0x4a,0x24,0xfd,0x6c,0xbf,
79	0x56,0xb7,0x70,0xf7,0x9a,0x21,0xc8,0x80,0x9e,0xf4,0x84,0xcd,0x88,0x01,0x28,
80	0xea,0x50,0xab,0x13,0x63,0xdf,0xea,0x14,0x38,0xb5,0x07,0x42,0x81,0x2f,0xda,
81	0xe9,0x24,0x02,0x7e,0xaf,0xef,0x74,0x09,0x0e,0x80,0xfa,0xfb,0xd1,0x19,0x41,
82	0xe5,0xba,0x0f,0x7c,0x0a,0xa4,0x15,0x55,0xa2,0x58,0x8c,0x3a,0x48,0x2c,0xc6,
83	0xde,0x4a,0x76,0xfb,0x72,0xb6,0x61,0xe6,0xd2,0x10,0x44,0x4c,0x33,0xb8,0xd2,
84	0x74,0xb1,0x9d,0x3b,0xcd,0x2f,0xb1,0x4f,0xc3,0x98,0xbd,0x83,0xb7,0x7e,0x75,
85	0xe8,0xa7,0x6a,0xee,0xcc,0x51,0x8c,0x99,0x17,0x67,0x7f,0x27,0xf9,0x0d,0x6a,
86	0xb7,0xd4,0x80,0x17,0x89,0x39,0x9c,0xf3,0xd7,0x0f,0xdf,0xb0,0x55,0x80,0x1d,
87	0xaf,0x57,0x2e,0xd0,0xf0,0x4f,0x42,0x69,0x55,0xbc,0x83,0xd6,0x97,0x83,0x7a,
88	0xe6,0xc6,0x30,0x6d,0x3d,0xb5,0x21,0xa7,0xc4,0x62,0x0a,0x20,0xce,0x5e,0x5a,
89	0x17,0x98,0xb3,0x6f,0x6b,0x9a,0xeb,0x6b,0xa3,0xc4,0x75,0xd8,0x2b,0xdc,0x5c,
90	0x6f,0xec,0x5d,0x49,0xac,0xa8,0xa4,0x2f,0xb8,0x8c,0x4f,0x2e,0x46,0x21,0xee,
91	0x72,0x6a,0x0e,0x22,0x80,0x71,0xc8,0x76,0x40,0x44,0x61,0x16,0xbf,0xa5,0xf8,
92	0x89,0xc7,0xe9,0x87,0xdf,0xbd,0x2e,0x4b,0x4e,0xc2,0x97,0x53,0xe9,0x49,0x1c,
93	0x05,0xb0,0x0b,0x9b,0x9f,0x21,0x19,0x41,0xe9,0xf5,0x61,0xd7,0x33,0x2e,0x2c,
94	0x94,0xb8,0xa8,0x9a,0x3a,0xcc,0x6a,0x24,0x8d,0x19,0x13,0xee,0xb9,0xb0,0x48,
95	0x61
96	};
97
98	/* helper function */
99	static BIGNUM bn_load_new(const unsigned char data, int sz)
100	{
101	BIGNUM *ret = BN_new();
102	if (ret != NULL)
103	BN_bin2bn(data, sz, ret);
104	return ret;
105	}
106
107	/* Check that small rsa exponents are allowed in non FIPS mode */
108	static int test_check_public_exponent(void)
109	{
110	int ret = 0;
111	BIGNUM *e = NULL;
112
113	ret = TEST_ptr(e = BN_new())
114	/* e is too small will fail */
115	&& TEST_true(BN_set_word(e, 1))
116	&& TEST_false(ossl_rsa_check_public_exponent(e))
117	/* e is even will fail */
118	&& TEST_true(BN_set_word(e, 65536))
119	&& TEST_false(ossl_rsa_check_public_exponent(e))
120	/* e is ok */
121	&& TEST_true(BN_set_word(e, 3))
122	&& TEST_true(ossl_rsa_check_public_exponent(e))
123	&& TEST_true(BN_set_word(e, 17))
124	&& TEST_true(ossl_rsa_check_public_exponent(e))
125	&& TEST_true(BN_set_word(e, 65537))
126	&& TEST_true(ossl_rsa_check_public_exponent(e))
127	/* e = 2^256 + 1 is ok */
128	&& TEST_true(BN_lshift(e, BN_value_one(), 256))
129	&& TEST_true(BN_add(e, e, BN_value_one()))
130	&& TEST_true(ossl_rsa_check_public_exponent(e));
131	BN_free(e);
132	return ret;
133	}
134
135	static int test_check_prime_factor_range(void)
136	{
137	int ret = 0;
138	BN_CTX *ctx = NULL;
139	BIGNUM *p = NULL;
140	BIGNUM bn_p1 = NULL, bn_p2 = NULL, bn_p3 = NULL, bn_p4 = NULL;
141	/* Some range checks that are larger than 32 bits */
142	static const unsigned char p1[] = { 0x0B, 0x50, 0x4F, 0x33, 0x3F };
143	static const unsigned char p2[] = { 0x10, 0x00, 0x00, 0x00, 0x00 };
144	static const unsigned char p3[] = { 0x0B, 0x50, 0x4F, 0x33, 0x40 };
145	static const unsigned char p4[] = { 0x0F, 0xFF, 0xFF, 0xFF, 0xFF };
146
147	/* (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2) - 1
148	* For 8 bits: 0xB.504F <= p <= 0xF
149	* for 72 bits: 0xB504F333F. <= p <= 0xF_FFFF_FFFF
150	*/
151	ret = TEST_ptr(p = BN_new())
152	&& TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1)))
153	&& TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2)))
154	&& TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3)))
155	&& TEST_ptr(bn_p4 = bn_load_new(p4, sizeof(p4)))
156	&& TEST_ptr(ctx = BN_CTX_new())
157	&& TEST_true(BN_set_word(p, 0xA))
158	&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
159	&& TEST_true(BN_set_word(p, 0x10))
160	&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
161	&& TEST_true(BN_set_word(p, 0xB))
162	&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
163	&& TEST_true(BN_set_word(p, 0xC))
164	&& TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx))
165	&& TEST_true(BN_set_word(p, 0xF))
166	&& TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx))
167	&& TEST_false(ossl_rsa_check_prime_factor_range(bn_p1, 72, ctx))
168	&& TEST_false(ossl_rsa_check_prime_factor_range(bn_p2, 72, ctx))
169	&& TEST_true(ossl_rsa_check_prime_factor_range(bn_p3, 72, ctx))
170	&& TEST_true(ossl_rsa_check_prime_factor_range(bn_p4, 72, ctx));
171
172	BN_free(bn_p4);
173	BN_free(bn_p3);
174	BN_free(bn_p2);
175	BN_free(bn_p1);
176	BN_free(p);
177	BN_CTX_free(ctx);
178	return ret;
179	}
180
181	static int test_check_prime_factor(void)
182	{
183	int ret = 0;
184	BN_CTX *ctx = NULL;
185	BIGNUM p = NULL, e = NULL;
186	BIGNUM bn_p1 = NULL, bn_p2 = NULL, *bn_p3 = NULL;
187
188	/* Some range checks that are larger than 32 bits */
189	static const unsigned char p1[] = { 0x0B, 0x50, 0x4f, 0x33, 0x73 };
190	static const unsigned char p2[] = { 0x0B, 0x50, 0x4f, 0x33, 0x75 };
191	static const unsigned char p3[] = { 0x0F, 0x50, 0x00, 0x03, 0x75 };
192
193	ret = TEST_ptr(p = BN_new())
194	&& TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1)))
195	&& TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2)))
196	&& TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3)))
197	&& TEST_ptr(e = BN_new())
198	&& TEST_ptr(ctx = BN_CTX_new())
199	/* Fails the prime test */
200	&& TEST_true(BN_set_word(e, 0x1))
201	&& TEST_false(ossl_rsa_check_prime_factor(bn_p1, e, 72, ctx))
202	/* p is prime and in range and gcd(p-1, e) = 1 */
203	&& TEST_true(ossl_rsa_check_prime_factor(bn_p2, e, 72, ctx))
204	/* gcd(p-1,e) = 1 test fails */
205	&& TEST_true(BN_set_word(e, 0x2))
206	&& TEST_false(ossl_rsa_check_prime_factor(p, e, 72, ctx))
207	/* p fails the range check */
208	&& TEST_true(BN_set_word(e, 0x1))
209	&& TEST_false(ossl_rsa_check_prime_factor(bn_p3, e, 72, ctx));
210
211	BN_free(bn_p3);
212	BN_free(bn_p2);
213	BN_free(bn_p1);
214	BN_free(e);
215	BN_free(p);
216	BN_CTX_free(ctx);
217	return ret;
218	}
219
220	/* This test uses legacy functions because they can take invalid numbers */
221	static int test_check_private_exponent(void)
222	{
223	int ret = 0;
224	RSA *key = NULL;
225	BN_CTX *ctx = NULL;
226	BIGNUM p = NULL, q = NULL, e = NULL, d = NULL, *n = NULL;
227
228	ret = TEST_ptr(key = RSA_new())
229	&& TEST_ptr(ctx = BN_CTX_new())
230	&& TEST_ptr(p = BN_new())
231	&& TEST_ptr(q = BN_new())
232	/* lcm(15-1,17-1) = 1416 / 2 = 112 /
233	&& TEST_true(BN_set_word(p, 15))
234	&& TEST_true(BN_set_word(q, 17))
235	&& TEST_true(RSA_set0_factors(key, p, q));
236	if (!ret) {
237	BN_free(p);
238	BN_free(q);
239	goto end;
240	}
241
242	ret = TEST_ptr(e = BN_new())
243	&& TEST_ptr(d = BN_new())
244	&& TEST_ptr(n = BN_new())
245	&& TEST_true(BN_set_word(e, 5))
246	&& TEST_true(BN_set_word(d, 157))
247	&& TEST_true(BN_set_word(n, 15*17))
248	&& TEST_true(RSA_set0_key(key, n, e, d));
249	if (!ret) {
250	BN_free(e);
251	BN_free(d);
252	BN_free(n);
253	goto end;
254	}
255	/* fails since d >= lcm(p-1, q-1) */
256	ret = TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx))
257	&& TEST_true(BN_set_word(d, 45))
258	/* d is correct size and 1 = e.d mod lcm(p-1, q-1) */
259	&& TEST_true(ossl_rsa_check_private_exponent(key, 8, ctx))
260	/* d is too small compared to nbits */
261	&& TEST_false(ossl_rsa_check_private_exponent(key, 16, ctx))
262	/* d is too small compared to nbits */
263	&& TEST_true(BN_set_word(d, 16))
264	&& TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx))
265	/* fail if 1 != e.d mod lcm(p-1, q-1) */
266	&& TEST_true(BN_set_word(d, 46))
267	&& TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx));
268	end:
269	RSA_free(key);
270	BN_CTX_free(ctx);
271	return ret;
272	}
273
274	static int test_check_crt_components(void)
275	{
276	const int P = 15;
277	const int Q = 17;
278	const int E = 5;
279	const int N = P*Q;
280	const int DP = 3;
281	const int DQ = 13;
282	const int QINV = 8;
283
284	int ret = 0;
285	RSA *key = NULL;
286	BN_CTX *ctx = NULL;
287	BIGNUM p = NULL, q = NULL, *e = NULL;
288
289	ret = TEST_ptr(key = RSA_new())
290	&& TEST_ptr(ctx = BN_CTX_new())
291	&& TEST_ptr(p = BN_new())
292	&& TEST_ptr(q = BN_new())
293	&& TEST_ptr(e = BN_new())
294	&& TEST_true(BN_set_word(p, P))
295	&& TEST_true(BN_set_word(q, Q))
296	&& TEST_true(BN_set_word(e, E))
297	&& TEST_true(RSA_set0_factors(key, p, q));
298	if (!ret) {
299	BN_free(p);
300	BN_free(q);
301	goto end;
302	}
303	ret = TEST_true(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx))
304	&& TEST_BN_eq_word(key->n, N)
305	&& TEST_BN_eq_word(key->dmp1, DP)
306	&& TEST_BN_eq_word(key->dmq1, DQ)
307	&& TEST_BN_eq_word(key->iqmp, QINV)
308	&& TEST_true(ossl_rsa_check_crt_components(key, ctx))
309	/* (a) 1 < dP < (p – 1). */
310	&& TEST_true(BN_set_word(key->dmp1, 1))
311	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
312	&& TEST_true(BN_set_word(key->dmp1, P-1))
313	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
314	&& TEST_true(BN_set_word(key->dmp1, DP))
315	/* (b) 1 < dQ < (q - 1). */
316	&& TEST_true(BN_set_word(key->dmq1, 1))
317	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
318	&& TEST_true(BN_set_word(key->dmq1, Q-1))
319	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
320	&& TEST_true(BN_set_word(key->dmq1, DQ))
321	/* (c) 1 < qInv < p */
322	&& TEST_true(BN_set_word(key->iqmp, 1))
323	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
324	&& TEST_true(BN_set_word(key->iqmp, P))
325	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
326	&& TEST_true(BN_set_word(key->iqmp, QINV))
327	/* (d) 1 = (dP . e) mod (p - 1)*/
328	&& TEST_true(BN_set_word(key->dmp1, DP+1))
329	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
330	&& TEST_true(BN_set_word(key->dmp1, DP))
331	/* (e) 1 = (dQ . e) mod (q - 1) */
332	&& TEST_true(BN_set_word(key->dmq1, DQ-1))
333	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
334	&& TEST_true(BN_set_word(key->dmq1, DQ))
335	/* (f) 1 = (qInv . q) mod p */
336	&& TEST_true(BN_set_word(key->iqmp, QINV+1))
337	&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
338	&& TEST_true(BN_set_word(key->iqmp, QINV))
339	/* check defaults are still valid */
340	&& TEST_true(ossl_rsa_check_crt_components(key, ctx));
341	end:
342	BN_free(e);
343	RSA_free(key);
344	BN_CTX_free(ctx);
345	return ret;
346	}
347
348	static int test_pq_diff(void)
349	{
350	int ret = 0;
351	BIGNUM tmp = NULL, p = NULL, *q = NULL;
352
353	ret = TEST_ptr(tmp = BN_new())
354	&& TEST_ptr(p = BN_new())
355	&& TEST_ptr(q = BN_new())
356	/* \|1-(2+1)\| > 2^1 */
357	&& TEST_true(BN_set_word(p, 1))
358	&& TEST_true(BN_set_word(q, 1+2))
359	&& TEST_false(ossl_rsa_check_pminusq_diff(tmp, p, q, 202))
360	/* Check \|p - q\| > 2^(nbits/2 - 100) */
361	&& TEST_true(BN_set_word(q, 1+3))
362	&& TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202))
363	&& TEST_true(BN_set_word(p, 1+3))
364	&& TEST_true(BN_set_word(q, 1))
365	&& TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202));
366	BN_free(p);
367	BN_free(q);
368	BN_free(tmp);
369	return ret;
370	}
371
372	static int test_invalid_keypair(void)
373	{
374	int ret = 0;
375	RSA *key = NULL;
376	BN_CTX *ctx = NULL;
377	BIGNUM p = NULL, q = NULL, n = NULL, e = NULL, *d = NULL;
378
379	ret = TEST_ptr(key = RSA_new())
380	&& TEST_ptr(ctx = BN_CTX_new())
381	/* NULL parameters */
382	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
383	/* load key */
384	&& TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p)))
385	&& TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q)))
386	&& TEST_true(RSA_set0_factors(key, p, q));
387	if (!ret) {
388	BN_free(p);
389	BN_free(q);
390	goto end;
391	}
392
393	ret = TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e)))
394	&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
395	&& TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d)))
396	&& TEST_true(RSA_set0_key(key, n, e, d));
397	if (!ret) {
398	BN_free(e);
399	BN_free(n);
400	BN_free(d);
401	goto end;
402	}
403	/* bad strength/key size */
404	ret = TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 100, 2048))
405	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 112, 1024))
406	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 128, 2048))
407	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 140, 3072))
408	/* mismatching exponent */
409	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, BN_value_one(),
410	-1, 2048))
411	/* bad exponent */
412	&& TEST_true(BN_add_word(e, 1))
413	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
414	&& TEST_true(BN_sub_word(e, 1))
415
416	/* mismatch between bits and modulus */
417	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 3072))
418	&& TEST_true(ossl_rsa_sp800_56b_check_keypair(key, e, 112, 2048))
419	/* check n == pq failure */
420	&& TEST_true(BN_add_word(n, 1))
421	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
422	&& TEST_true(BN_sub_word(n, 1))
423	/* check p */
424	&& TEST_true(BN_sub_word(p, 2))
425	&& TEST_true(BN_mul(n, p, q, ctx))
426	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
427	&& TEST_true(BN_add_word(p, 2))
428	&& TEST_true(BN_mul(n, p, q, ctx))
429	/* check q */
430	&& TEST_true(BN_sub_word(q, 2))
431	&& TEST_true(BN_mul(n, p, q, ctx))
432	&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
433	&& TEST_true(BN_add_word(q, 2))
434	&& TEST_true(BN_mul(n, p, q, ctx));
435	end:
436	RSA_free(key);
437	BN_CTX_free(ctx);
438	return ret;
439	}
440
441	static int keygen_size[] =
442	{
443	2048, 3072
444	};
445
446	static int test_sp80056b_keygen(int id)
447	{
448	RSA *key = NULL;
449	int ret;
450	int sz = keygen_size[id];
451
452	ret = TEST_ptr(key = RSA_new())
453	&& TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL))
454	&& TEST_true(ossl_rsa_sp800_56b_check_public(key))
455	&& TEST_true(ossl_rsa_sp800_56b_check_private(key))
456	&& TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz));
457
458	RSA_free(key);
459	return ret;
460	}
461
462	static int test_check_private_key(void)
463	{
464	int ret = 0;
465	BIGNUM n = NULL, d = NULL, *e = NULL;
466	RSA *key = NULL;
467
468	ret = TEST_ptr(key = RSA_new())
469	/* check NULL pointers fail */
470	&& TEST_false(ossl_rsa_sp800_56b_check_private(key))
471	/* load private key */
472	&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
473	&& TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d)))
474	&& TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e)))
475	&& TEST_true(RSA_set0_key(key, n, e, d));
476	if (!ret) {
477	BN_free(n);
478	BN_free(e);
479	BN_free(d);
480	goto end;
481	}
482	/* check d is in range */
483	ret = TEST_true(ossl_rsa_sp800_56b_check_private(key))
484	/* check d is too low */
485	&& TEST_true(BN_set_word(d, 0))
486	&& TEST_false(ossl_rsa_sp800_56b_check_private(key))
487	/* check d is too high */
488	&& TEST_ptr(BN_copy(d, n))
489	&& TEST_false(ossl_rsa_sp800_56b_check_private(key));
490	end:
491	RSA_free(key);
492	return ret;
493	}
494
495	static int test_check_public_key(void)
496	{
497	int ret = 0;
498	BIGNUM n = NULL, e = NULL;
499	RSA *key = NULL;
500
501	ret = TEST_ptr(key = RSA_new())
502	/* check NULL pointers fail */
503	&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
504	/* load public key */
505	&& TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e)))
506	&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
507	&& TEST_true(RSA_set0_key(key, n, e, NULL));
508	if (!ret) {
509	BN_free(e);
510	BN_free(n);
511	goto end;
512	}
513	/* check public key is valid */
514	ret = TEST_true(ossl_rsa_sp800_56b_check_public(key))
515	/* check fail if n is even */
516	&& TEST_true(BN_add_word(n, 1))
517	&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
518	&& TEST_true(BN_sub_word(n, 1))
519	/* check fail if n is wrong number of bits */
520	&& TEST_true(BN_lshift1(n, n))
521	&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
522	&& TEST_true(BN_rshift1(n, n))
523	/* test odd exponent fails */
524	&& TEST_true(BN_add_word(e, 1))
525	&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
526	&& TEST_true(BN_sub_word(e, 1))
527	/* modulus fails composite check */
528	&& TEST_true(BN_add_word(n, 2))
529	&& TEST_false(ossl_rsa_sp800_56b_check_public(key));
530	end:
531	RSA_free(key);
532	return ret;
533	}
534
535	int setup_tests(void)
536	{
537	ADD_TEST(test_check_public_exponent);
538	ADD_TEST(test_check_prime_factor_range);
539	ADD_TEST(test_check_prime_factor);
540	ADD_TEST(test_check_private_exponent);
541	ADD_TEST(test_check_crt_components);
542	ADD_TEST(test_check_private_key);
543	ADD_TEST(test_check_public_key);
544	ADD_TEST(test_invalid_keypair);
545	ADD_TEST(test_pq_diff);
546	ADD_ALL_TESTS(test_sp80056b_keygen, (int)OSSL_NELEM(keygen_size));
547	return 1;
548	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/test/rsa_sp800_56b_test.c@ 106683

Download in other formats: