Commit graph

52 commits

Author SHA1 Message Date
Azim Khan d30ca130e8 Combine hex parameters in a struct 2018-08-06 11:40:57 +01:00
Azim Khan 392267a7c8 Fix missing data in the RSA test vectors file 2018-08-06 11:40:57 +01:00
Hanno Becker 71b0060af7 Merge branch 'development' into iotssl-247 2018-01-15 11:31:34 +00:00
Hanno Becker d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
Hanno Becker 32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Hanno Becker dfd15b3444 Add toy example triggering early abort in mbedtls_rsa_deduce_primes 2017-10-12 09:14:09 +01:00
Hanno Becker 7643d4e30c Fix number of loop iterations in mbedtls_deduce_primes
The number of loop iterations per candidate in `mbedtls_deduce_primes` was off
by one. This commit corrects this and removes a toy non-example from the RSA
test suite, as it seems difficult to have the function fail on small values of N
even if D,E are corrupted.
2017-10-11 16:32:49 +01:00
Hanno Becker 04877a48d4 Adapt rsa_import tests to weakened semantics of rsa_complete
The tests now accept two result parameters, one for the expected result of the
completion call, and one for the expected result of the subsequent sanity
check.
2017-10-11 10:01:33 +01:00
Gilles Peskine b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Hanno Becker 0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker 8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker db13cefde2 Correct typo in RSA test suite data 2017-10-03 14:31:05 +01:00
Hanno Becker c21a8db3fe Adapt test suites to modified error codes
As the new PKCS v1.5 verification function opaquely compares an expected encoding to the given one, it cannot
distinguish multiple reasons of failure anymore and instead always returns MBEDTLS_ERR_RSA_VERIFY_FAILED. This
necessitates some modifications to the expected return values of some tests verifying signatures with bad padding.
2017-10-03 07:58:00 +01:00
Hanno Becker 558477d073 Add tests for non-reduced length encoding in PKCS1 v15 signatures
This commit adds some tests to the RSA test suite verifying that RSA PKCS-v15 signatures with non-reduced length
encodings are refuted. Details are provided via comments in the test suite data file.
2017-10-03 07:57:16 +01:00
Gilles Peskine 26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker e1582a832b Add expectation when testing RSA key import/export
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.

Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
2017-09-29 11:54:05 +01:00
Hanno Becker 54cfc585cd Add test cases for mbedtls_rsa_import[_raw] where N is missing 2017-09-29 11:54:05 +01:00
Hanno Becker 750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker 131134fa1a Adapt RSA test suite to deal with RSA_NON_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker ce00263bd2 Add tests for rsa_check_params
This commit adds test for the new library function mbedtls_rsa_check_params for
checking a set of RSA core parameters. There are some toy example tests with
small numbers that can be verified by hand, as well as tests with real world
numbers. Complete, partial and corrupted data are tested, as well the check for
primality exactly if a PRNG is provided.
2017-08-23 15:07:39 +01:00
Hanno Becker f1b9a2c783 Add tests for rsa_export_raw
This commit adds tests for the new library function mbedtls_rsa_export_raw.
Each test case performs the following steps:

- Parse and convert a set of hex-string decoded core RSA parameters into big
  endian byte arrays.
- Use these to initialize an RSA context
- Export core RSA parameters as byte arrays again afterwards
- Compare byte strings.

Each test split is performed twice, once with successive and once with
simultaneous exporting.
2017-08-23 15:05:35 +01:00
Hanno Becker 417f2d6107 Add tests for rsa_export
This commit adds tests for the new library function mbedtls_rsa_export. Each
test case performs the following steps:

- Parse and convert a set of hex-string decoded core RSA parameters into MPI's.
- Use these to initialize an RSA context
- Export core RSA parameters as MPI's again afterwards
- Compare initial MPI's to exported ones.

In the private key case, all core parameters are exported and sanity-checked,
regardless of whether they were also used during setup.

Each test split is performed twice, once with successive and once with
simultaneous exporting.
2017-08-23 15:04:39 +01:00
Hanno Becker c77ab892e5 Add tests for rsa_import, rsa_import_raw and rsa_complete
This commit adds numerous tests for the new library functions mbedtls_rsa_import
and mbedtls_rsa_import_raw in conjunction with mbedtls_rsa_complete for
importing and completing core sets of core RSA parameters (N,P,Q,D,E) into an
RSA context, with the importing accepting either MPI's or raw big endian
buffers.

Each test is determined by the following parameters:
1) Set of parameters provided
   We're testing full sets (N,P,Q,D,E), partial sets (N,-,-,D,E) and (N,P,Q,-,E)
   that are sufficient to generate missing parameters, and the partial and
   insufficient set (N, -, Q, -, E).
2) Simultaenous or successive importing
   The functions rsa_import and rsa_import_raw accept importing parameters at
   once or one after another. We test both.
3) Sanity of parameters
2017-08-23 15:02:57 +01:00
Hanno Becker e78fd8d1b6 Add tests for rsa_deduce_moduli
This commit adds test for the new library function mbedtls_rsa_deduce_moduli for
deducing the prime factors (P,Q) of an RSA modulus N from knowledge of a
pair (D,E) of public and private exponent:

- Two toy examples that can be checked by hand, one fine and with bad parameters.
- Two real world examples, one fine and one with bad parameters.
2017-08-23 14:47:25 +01:00
Hanno Becker 6b4ce49991 Add tests for rsa_deduce_private
This commit adds tests for the new library function mbedtls_rsa_deduce_private
for deducing the private RSA exponent D from the public exponent E and the
factorization (P,Q) of the RSA modulus:

- Two toy examples with small numbers that can be checked by hand, one
  working fine and another failing due to bad parameters.

- Two real world examples, one fine and one with bad parameters.
2017-08-23 14:47:25 +01:00
Manuel Pégourié-Gonnard c1380de887 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential in to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:10:13 +02:00
Janos Follath ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Simon Butcher 3f5c875654 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Manuel Pégourié-Gonnard 4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard 2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Manuel Pégourié-Gonnard a0d758b917 Fix typo in test dependency 2013-12-02 16:34:24 +01:00
Paul Bakker 48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker 31417a71f8 - Fixed tests for enhanced rsa_check_privkey() 2012-09-27 20:41:37 +00:00
Paul Bakker 40dd5303c2 - Fixed test on Big Endian systems (Fixed Ticket #54) 2012-05-15 15:02:38 +00:00
Paul Bakker c0a1a319df - Moved test to entropy and CTR_DRBG 2011-12-04 17:12:15 +00:00
Paul Bakker 5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker 335db3f121 - Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO 2011-04-25 15:28:35 +00:00
Paul Bakker b3dcbc18f6 - Made function resilient to endianness differences. 2011-03-13 16:57:25 +00:00
Paul Bakker 997bbd10d8 - Removed dependency of tests on rand()
- Added pseudo-random helper function
2011-03-13 15:45:42 +00:00
Paul Bakker 9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker a665685abf - Added rsa random deadlock test 2010-07-18 19:47:14 +00:00
Paul Bakker 46b8071641 - Added 'depends_on' for tests dependent on specific hash algorithms 2009-10-03 20:01:39 +00:00
Paul Bakker 345fb49cb7 - Added extra coverage and regression tests 2009-07-20 21:26:07 +00:00
Paul Bakker 38e2b482ff - Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. 2009-07-19 20:41:06 +00:00
Paul Bakker 821fb08b53 - Added extra tests (result of coverage) 2009-07-12 13:26:42 +00:00