VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/test/rsa_test.c@ 108358

最後變更 在這個檔案從108358是 108206,由 vboxsync 提交於 5 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 30.3 KB
 
1/*
2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* test vectors from p1ovect1.txt */
11
12/*
13 * RSA low level APIs are deprecated for public use, but still ok for
14 * internal use.
15 */
16#include "internal/deprecated.h"
17
18#include <stdio.h>
19#include <string.h>
20
21#include "internal/nelem.h"
22
23#include <openssl/crypto.h>
24#include <openssl/err.h>
25#include <openssl/rand.h>
26#include <openssl/bn.h>
27
28#include "testutil.h"
29
30#include <openssl/rsa.h>
31
32#define SetKey \
33 RSA_set0_key(key, \
34 BN_bin2bn(n, sizeof(n)-1, NULL), \
35 BN_bin2bn(e, sizeof(e)-1, NULL), \
36 BN_bin2bn(d, sizeof(d)-1, NULL)); \
37 RSA_set0_factors(key, \
38 BN_bin2bn(p, sizeof(p)-1, NULL), \
39 BN_bin2bn(q, sizeof(q)-1, NULL)); \
40 RSA_set0_crt_params(key, \
41 BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \
42 BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \
43 BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
44 if (c != NULL) \
45 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
46 return sizeof(ctext_ex) - 1;
47
48static int key1(RSA *key, unsigned char *c)
49{
50 static unsigned char n[] =
51 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
52 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
53 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
54 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
55 "\xF5";
56
57 static unsigned char e[] = "\x11";
58
59 static unsigned char d[] =
60 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
61 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
62 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
63 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
64
65 static unsigned char p[] =
66 "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
67 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
68 "\x0D";
69
70 static unsigned char q[] =
71 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
72 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
73 "\x89";
74
75 static unsigned char dmp1[] =
76 "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
77 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
78
79 static unsigned char dmq1[] =
80 "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
81 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
82 "\x51";
83
84 static unsigned char iqmp[] =
85 "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
86 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
87
88 static unsigned char ctext_ex[] =
89 "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
90 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
91 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
92 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
93
94 SetKey;
95}
96
97static int key2(RSA *key, unsigned char *c)
98{
99 static unsigned char n[] =
100 "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
101 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
102 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
103 "\x34\x77\xCF";
104
105 static unsigned char e[] = "\x3";
106
107 static unsigned char d[] =
108 "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
109 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
110 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
111 "\xE5\xEB";
112
113 static unsigned char p[] =
114 "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
115 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
116
117 static unsigned char q[] =
118 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
119 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
120
121 static unsigned char dmp1[] =
122 "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
123 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
124
125 static unsigned char dmq1[] =
126 "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
127 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
128
129 static unsigned char iqmp[] =
130 "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
131 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
132
133 static unsigned char ctext_ex[] =
134 "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
135 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
136 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
137 "\x62\x51";
138
139 SetKey;
140}
141
142static int key3(RSA *key, unsigned char *c)
143{
144 static unsigned char n[] =
145 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
146 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
147 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
148 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
149 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
150 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
151 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
152 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
153 "\xCB";
154
155 static unsigned char e[] = "\x11";
156
157 static unsigned char d[] =
158 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
159 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
160 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
161 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
162 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
163 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
164 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
165 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
166 "\xC1";
167
168 static unsigned char p[] =
169 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
170 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
171 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
172 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
173 "\x99";
174
175 static unsigned char q[] =
176 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
177 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
178 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
179 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
180 "\x03";
181
182 static unsigned char dmp1[] =
183 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
184 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
185 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
186 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
187
188 static unsigned char dmq1[] =
189 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
190 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
191 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
192 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
193
194 static unsigned char iqmp[] =
195 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
196 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
197 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
198 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
199 "\xF7";
200
201 static unsigned char ctext_ex[] =
202 "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
203 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
204 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
205 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
206 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
207 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
208 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
209 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
210
211 SetKey;
212}
213
214static int rsa_setkey(RSA** key, unsigned char *ctext, int idx)
215{
216 int clen = 0;
217
218 *key = RSA_new();
219 if (*key != NULL)
220 switch (idx) {
221 case 0:
222 clen = key1(*key, ctext);
223 break;
224 case 1:
225 clen = key2(*key, ctext);
226 break;
227 case 2:
228 clen = key3(*key, ctext);
229 break;
230 }
231 return clen;
232}
233
234static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type,
235 int success, unsigned char *ctext_ex, int *clen,
236 RSA **retkey)
237{
238 int ret = 0;
239 RSA *key;
240 unsigned char ptext[256];
241 unsigned char ctext[256];
242 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
243 int plen;
244 int clentmp = 0;
245 int num;
246
247 plen = sizeof(ptext_ex) - 1;
248 clentmp = rsa_setkey(&key, ctext_ex, idx);
249 if (clen != NULL)
250 *clen = clentmp;
251
252 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type);
253 if (!TEST_int_eq(num, clentmp))
254 goto err;
255
256 num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type);
257 if (success) {
258 if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen))
259 goto err;
260 } else {
261 if (!TEST_int_lt(num, 0))
262 goto err;
263 }
264
265 ret = 1;
266 if (retkey != NULL) {
267 *retkey = key;
268 key = NULL;
269 }
270err:
271 RSA_free(key);
272 return ret;
273}
274
275static int test_rsa_pkcs1(int idx)
276{
277 return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL,
278 NULL, NULL);
279}
280
281static int test_rsa_oaep(int idx)
282{
283 int ret = 0;
284 RSA *key = NULL;
285 unsigned char ptext[256];
286 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
287 unsigned char ctext_ex[256];
288 int plen;
289 int clen = 0;
290 int num;
291 int n;
292
293 if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1,
294 ctext_ex, &clen, &key))
295 goto err;
296
297 plen = sizeof(ptext_ex) - 1;
298
299 /* Different ciphertexts. Try decrypting ctext_ex */
300 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
301 RSA_PKCS1_OAEP_PADDING);
302 if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen))
303 goto err;
304
305 /* Try decrypting corrupted ciphertexts. */
306 for (n = 0; n < clen; ++n) {
307 ctext_ex[n] ^= 1;
308 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
309 RSA_PKCS1_OAEP_PADDING);
310 if (!TEST_int_le(num, 0))
311 goto err;
312 ctext_ex[n] ^= 1;
313 }
314
315 /* Test truncated ciphertexts, as well as negative length. */
316 for (n = -1; n < clen; ++n) {
317 num = RSA_private_decrypt(n, ctext_ex, ptext, key,
318 RSA_PKCS1_OAEP_PADDING);
319 if (!TEST_int_le(num, 0))
320 goto err;
321 }
322
323 ret = 1;
324err:
325 RSA_free(key);
326 return ret;
327}
328
329static const struct {
330 int bits;
331 unsigned int r;
332} rsa_security_bits_cases[] = {
333 /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */
334 { 2048, 112 },
335 { 3072, 128 },
336 { 4096, 152 },
337 { 6144, 176 },
338 { 8192, 200 },
339 /* NIST FIPS 140-2 IG 7.5 */
340 { 7680, 192 },
341 { 15360, 256 },
342 /* Older values */
343 { 256, 40 },
344 { 512, 56 },
345 { 1024, 80 },
346 /* Some other values */
347 { 8888, 208 },
348 { 2468, 120 },
349 { 13456, 248 },
350 /* Edge points */
351 { 15359, 256 },
352 { 15361, 264 },
353 { 7679, 192 },
354 { 7681, 200 },
355};
356
357static int test_rsa_security_bit(int n)
358{
359 static const unsigned char vals[8] = {
360 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40
361 };
362 RSA *key = RSA_new();
363 const int bits = rsa_security_bits_cases[n].bits;
364 const int result = rsa_security_bits_cases[n].r;
365 const int bytes = (bits + 7) / 8;
366 int r = 0;
367 unsigned char num[2000];
368
369 if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num)))
370 goto err;
371
372 /*
373 * It is necessary to set the RSA key in order to ask for the strength.
374 * A BN of an appropriate size is created, in general it won't have the
375 * properties necessary for RSA to function. This is okay here since
376 * the RSA key is never used.
377 */
378 memset(num, vals[bits % 8], bytes);
379
380 /*
381 * The 'e' parameter is set to the same value as 'n'. This saves having
382 * an extra BN to hold a sensible value for 'e'. This is safe since the
383 * RSA key is not used. The 'd' parameter can be NULL safely.
384 */
385 if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL),
386 BN_bin2bn(num, bytes, NULL), NULL))
387 && TEST_uint_eq(RSA_security_bits(key), result))
388 r = 1;
389err:
390 RSA_free(key);
391 return r;
392}
393
394static int test_EVP_rsa_legacy_key(void)
395{
396 int ret;
397 size_t buflen = 384;
398 size_t msglen = 64;
399 unsigned char sigbuf[384];
400 unsigned char msgbuf[64];
401 BIGNUM *p;
402 BIGNUM *q;
403 BIGNUM *n;
404 BIGNUM *d;
405 BIGNUM *e;
406 RSA *rsa;
407 const EVP_MD *md;
408 EVP_MD_CTX *ctx = NULL;
409 EVP_PKEY *pkey = NULL;
410
411 unsigned char n_data[] = {
412 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf,
413 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd,
414 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6,
415 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8,
416 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11,
417 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b,
418 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0,
419 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1,
420 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99,
421 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e,
422 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d,
423 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f,
424 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05,
425 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54,
426 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc,
427 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52,
428 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe,
429 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55,
430 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45,
431 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16,
432 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97,
433 0x2e, 0xf2, 0x8e, 0x7e, 0x13 };
434
435 unsigned char e_data[] = { 0x01, 0x00, 0x01 };
436
437 unsigned char d_data[] = {
438 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a,
439 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02,
440 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40,
441 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01,
442 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72,
443 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd,
444 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38,
445 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2,
446 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4,
447 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27,
448 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c,
449 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f,
450 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e,
451 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15,
452 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81,
453 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22,
454 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9,
455 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b,
456 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4,
457 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf,
458 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d,
459 0xf4, 0xfa, 0x60, 0xc1 };
460
461 unsigned char p_data[] = {
462 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec,
463 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2,
464 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9,
465 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78,
466 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5,
467 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3,
468 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b,
469 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f,
470 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e,
471 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57,
472 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 };
473
474 unsigned char q_data[] = {
475 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d,
476 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7,
477 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8,
478 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03,
479 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03,
480 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50,
481 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3,
482 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a,
483 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92,
484 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34,
485 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 };
486
487 memset(msgbuf, 0xef, 64);
488
489 ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL)))
490 && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL)))
491 && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL)))
492 && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL)))
493 && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL)))
494 && TEST_ptr((rsa = RSA_new()))
495 && TEST_ptr((md = EVP_sha256()))
496 && TEST_ptr((ctx = EVP_MD_CTX_new()))
497 && TEST_ptr((pkey = EVP_PKEY_new()))
498 && TEST_true(RSA_set0_factors(rsa, p, q))
499 && TEST_true(RSA_set0_key(rsa, n, e, d))
500 && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))
501 && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
502 && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen)));
503
504 EVP_MD_CTX_free(ctx);
505 EVP_PKEY_free(pkey);
506 return ret;
507}
508
509static RSA *load_key(int priv)
510{
511 RSA *rsa = NULL;
512 BIGNUM *pn = NULL, *pe = NULL, *pd= NULL;
513
514 /* RSA key extracted using > openssl genpkey -algorithm RSA -text */
515 static const unsigned char n[] = {
516 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97,
517 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17,
518 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa,
519 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f,
520 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf,
521 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77,
522 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4,
523 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f,
524 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30,
525 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21,
526 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8,
527 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28,
528 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19,
529 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91,
530 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11,
531 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62,
532 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70,
533 0x53, 0x31
534 };
535 static const unsigned char e[] = {
536 0x01, 0x00, 0x01
537 };
538 static const unsigned char d[] = {
539 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21,
540 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8,
541 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9,
542 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64,
543 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f,
544 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d,
545 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19,
546 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76,
547 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a,
548 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88,
549 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9,
550 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57,
551 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc,
552 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23,
553 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5,
554 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37,
555 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32,
556 0x21
557 };
558
559 if (!TEST_ptr(rsa = RSA_new()))
560 return NULL;
561 pn = BN_bin2bn(n, sizeof(n), NULL);
562 pe = BN_bin2bn(e, sizeof(e), NULL);
563 if (priv)
564 pd = BN_bin2bn(d, sizeof(d), NULL);
565 if (!TEST_false(pn == NULL
566 || pe == NULL
567 || (priv && pd == NULL)
568 || !RSA_set0_key(rsa, pn, pe, pd))) {
569 BN_free(pn);
570 BN_free(pe);
571 BN_free(pd);
572 RSA_free(rsa);
573 rsa = NULL;
574 }
575 return rsa;
576}
577
578static int test_rsa_saos(void)
579{
580 int ret = 0;
581 unsigned int siglen = 0;
582 RSA *rsa_priv = NULL, *rsa_pub = NULL;
583 static const unsigned char in[256] = { 0 };
584 unsigned char sig[256];
585 /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */
586 unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3;
587
588 /* A generated signature when in[inlen]= { 1 }. */
589 static const unsigned char sig_mismatch[256] = {
590 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91,
591 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75,
592 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60,
593 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38,
594 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb,
595 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57,
596 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc,
597 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3,
598 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f,
599 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1,
600 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb,
601 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9,
602 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73,
603 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74,
604 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae,
605 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f,
606 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d,
607 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4,
608 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01,
609 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7,
610 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd,
611 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59,
612 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac,
613 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7,
614 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed,
615 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc,
616 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9,
617 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1,
618 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b,
619 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd,
620 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95,
621 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86
622 };
623 /* The signature generated by RSA_private_encrypt of in[inlen] */
624 static const unsigned char no_octet_sig[256] = {
625 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19,
626 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81,
627 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31,
628 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e,
629 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2,
630 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84,
631 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc,
632 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f,
633 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63,
634 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52,
635 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd,
636 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0,
637 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2,
638 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0,
639 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20,
640 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc,
641 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6,
642 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46,
643 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21,
644 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59,
645 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1,
646 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3,
647 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75,
648 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd,
649 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33,
650 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf,
651 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f,
652 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4,
653 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5,
654 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc,
655 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad,
656 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16
657 };
658
659 if (!TEST_ptr(rsa_priv = load_key(1)))
660 goto err;
661 if (!TEST_ptr(rsa_pub = load_key(0)))
662 goto err;
663 if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv)))
664 goto err;
665
666 /* Test that a generated signature can be verified */
667 if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen,
668 rsa_priv)))
669 goto err;
670 if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub)))
671 goto err;
672
673 /* Test sign fails if the input is too large */
674 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen,
675 rsa_priv)))
676 goto err;
677
678 /* Fail if there is no private signing key */
679 if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen,
680 rsa_pub)))
681 goto err;
682
683 /* Fail if the signature is the wrong size */
684 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub)))
685 goto err;
686
687 /* Fail if the encrypted input is not octet encoded */
688 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig,
689 (unsigned int)sizeof(no_octet_sig),
690 rsa_pub)))
691 goto err;
692
693 /* Fail if the signature does not match the input */
694 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch,
695 (unsigned int)sizeof(sig_mismatch),
696 rsa_pub)))
697 goto err;
698
699 /* Fail if the signature is corrupt */
700 sig[0]++;
701 if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub)))
702 goto err;
703 sig[0]--;
704
705 ret = 1;
706err:
707 RSA_free(rsa_priv);
708 RSA_free(rsa_pub);
709 return ret;
710}
711
712int setup_tests(void)
713{
714 ADD_ALL_TESTS(test_rsa_pkcs1, 3);
715 ADD_ALL_TESTS(test_rsa_oaep, 3);
716 ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases));
717 ADD_TEST(test_rsa_saos);
718 ADD_TEST(test_EVP_rsa_legacy_key);
719 return 1;
720}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette