1 /* 2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* test vectors from p1ovect1.txt */ 11 12 /* 13 * RSA low level APIs are deprecated for public use, but still ok for 14 * internal use. 15 */ 16 #include "internal/deprecated.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #include "internal/nelem.h" 22 23 #include <openssl/crypto.h> 24 #include <openssl/err.h> 25 #include <openssl/rand.h> 26 #include <openssl/bn.h> 27 28 #include "testutil.h" 29 30 #include <openssl/rsa.h> 31 32 #define SetKey \ 33 RSA_set0_key(key, \ 34 BN_bin2bn(n, sizeof(n)-1, NULL), \ 35 BN_bin2bn(e, sizeof(e)-1, NULL), \ 36 BN_bin2bn(d, sizeof(d)-1, NULL)); \ 37 RSA_set0_factors(key, \ 38 BN_bin2bn(p, sizeof(p)-1, NULL), \ 39 BN_bin2bn(q, sizeof(q)-1, NULL)); \ 40 RSA_set0_crt_params(key, \ 41 BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \ 42 BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ 43 BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ 44 if (c != NULL) \ 45 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ 46 return sizeof(ctext_ex) - 1; 47 48 static int key1(RSA *key, unsigned char *c) 49 { 50 static unsigned char n[] = 51 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" 52 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" 53 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" 54 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" 55 "\xF5"; 56 57 static unsigned char e[] = "\x11"; 58 59 static unsigned char d[] = 60 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" 61 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" 62 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" 63 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; 64 65 static unsigned char p[] = 66 "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 67 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" 68 "\x0D"; 69 70 static unsigned char q[] = 71 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 72 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 73 "\x89"; 74 75 static unsigned char dmp1[] = 76 "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" 77 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; 78 79 static unsigned char dmq1[] = 80 "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" 81 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" 82 "\x51"; 83 84 static unsigned char iqmp[] = 85 "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" 86 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; 87 88 static unsigned char ctext_ex[] = 89 "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" 90 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" 91 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" 92 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; 93 94 SetKey; 95 } 96 97 static int key2(RSA *key, unsigned char *c) 98 { 99 static unsigned char n[] = 100 "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" 101 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" 102 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" 103 "\x34\x77\xCF"; 104 105 static unsigned char e[] = "\x3"; 106 107 static unsigned char d[] = 108 "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" 109 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" 110 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" 111 "\xE5\xEB"; 112 113 static unsigned char p[] = 114 "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" 115 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; 116 117 static unsigned char q[] = 118 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 119 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; 120 121 static unsigned char dmp1[] = 122 "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" 123 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; 124 125 static unsigned char dmq1[] = 126 "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" 127 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; 128 129 static unsigned char iqmp[] = 130 "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" 131 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; 132 133 static unsigned char ctext_ex[] = 134 "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" 135 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" 136 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" 137 "\x62\x51"; 138 139 SetKey; 140 } 141 142 static int key3(RSA *key, unsigned char *c) 143 { 144 static unsigned char n[] = 145 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" 146 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" 147 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" 148 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" 149 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" 150 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" 151 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" 152 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" 153 "\xCB"; 154 155 static unsigned char e[] = "\x11"; 156 157 static unsigned char d[] = 158 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" 159 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" 160 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" 161 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" 162 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" 163 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" 164 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" 165 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" 166 "\xC1"; 167 168 static unsigned char p[] = 169 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" 170 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" 171 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" 172 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" 173 "\x99"; 174 175 static unsigned char q[] = 176 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" 177 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" 178 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" 179 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" 180 "\x03"; 181 182 static unsigned char dmp1[] = 183 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" 184 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" 185 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" 186 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; 187 188 static unsigned char dmq1[] = 189 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" 190 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" 191 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" 192 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; 193 194 static unsigned char iqmp[] = 195 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" 196 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" 197 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" 198 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" 199 "\xF7"; 200 201 static unsigned char ctext_ex[] = 202 "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" 203 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" 204 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" 205 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" 206 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" 207 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" 208 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" 209 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; 210 211 SetKey; 212 } 213 214 static int rsa_setkey(RSA** key, unsigned char *ctext, int idx) 215 { 216 int clen = 0; 217 218 *key = RSA_new(); 219 if (*key != NULL) 220 switch (idx) { 221 case 0: 222 clen = key1(*key, ctext); 223 break; 224 case 1: 225 clen = key2(*key, ctext); 226 break; 227 case 2: 228 clen = key3(*key, ctext); 229 break; 230 } 231 return clen; 232 } 233 234 static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, 235 int success, unsigned char *ctext_ex, int *clen, 236 RSA **retkey) 237 { 238 int ret = 0; 239 RSA *key; 240 unsigned char ptext[256]; 241 unsigned char ctext[256]; 242 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 243 int plen; 244 int clentmp = 0; 245 int num; 246 247 plen = sizeof(ptext_ex) - 1; 248 clentmp = rsa_setkey(&key, ctext_ex, idx); 249 if (clen != NULL) 250 *clen = clentmp; 251 252 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type); 253 if (!TEST_int_eq(num, clentmp)) 254 goto err; 255 256 num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type); 257 if (success) { 258 if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 259 goto err; 260 } else { 261 if (!TEST_int_lt(num, 0)) 262 goto err; 263 } 264 265 ret = 1; 266 if (retkey != NULL) { 267 *retkey = key; 268 key = NULL; 269 } 270 err: 271 RSA_free(key); 272 return ret; 273 } 274 275 static int test_rsa_pkcs1(int idx) 276 { 277 return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, 278 NULL, NULL); 279 } 280 281 static int test_rsa_oaep(int idx) 282 { 283 int ret = 0; 284 RSA *key = NULL; 285 unsigned char ptext[256]; 286 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; 287 unsigned char ctext_ex[256]; 288 int plen; 289 int clen = 0; 290 int num; 291 int n; 292 293 if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, 294 ctext_ex, &clen, &key)) 295 goto err; 296 297 plen = sizeof(ptext_ex) - 1; 298 299 /* Different ciphertexts. Try decrypting ctext_ex */ 300 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 301 RSA_PKCS1_OAEP_PADDING); 302 if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) 303 goto err; 304 305 /* Try decrypting corrupted ciphertexts. */ 306 for (n = 0; n < clen; ++n) { 307 ctext_ex[n] ^= 1; 308 num = RSA_private_decrypt(clen, ctext_ex, ptext, key, 309 RSA_PKCS1_OAEP_PADDING); 310 if (!TEST_int_le(num, 0)) 311 goto err; 312 ctext_ex[n] ^= 1; 313 } 314 315 /* Test truncated ciphertexts, as well as negative length. */ 316 for (n = -1; n < clen; ++n) { 317 num = RSA_private_decrypt(n, ctext_ex, ptext, key, 318 RSA_PKCS1_OAEP_PADDING); 319 if (!TEST_int_le(num, 0)) 320 goto err; 321 } 322 323 ret = 1; 324 err: 325 RSA_free(key); 326 return ret; 327 } 328 329 static const struct { 330 int bits; 331 unsigned int r; 332 } rsa_security_bits_cases[] = { 333 /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */ 334 { 2048, 112 }, 335 { 3072, 128 }, 336 { 4096, 152 }, 337 { 6144, 176 }, 338 { 8192, 200 }, 339 /* NIST FIPS 140-2 IG 7.5 */ 340 { 7680, 192 }, 341 { 15360, 256 }, 342 /* Older values */ 343 { 256, 40 }, 344 { 512, 56 }, 345 { 1024, 80 }, 346 /* Some other values */ 347 { 8888, 208 }, 348 { 2468, 120 }, 349 { 13456, 248 }, 350 /* Edge points */ 351 { 15359, 256 }, 352 { 15361, 264 }, 353 { 7679, 192 }, 354 { 7681, 200 }, 355 }; 356 357 static int test_rsa_security_bit(int n) 358 { 359 static const unsigned char vals[8] = { 360 0x80, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40 361 }; 362 RSA *key = RSA_new(); 363 const int bits = rsa_security_bits_cases[n].bits; 364 const int result = rsa_security_bits_cases[n].r; 365 const int bytes = (bits + 7) / 8; 366 int r = 0; 367 unsigned char num[2000]; 368 369 if (!TEST_ptr(key) || !TEST_int_le(bytes, (int)sizeof(num))) 370 goto err; 371 372 /* 373 * It is necessary to set the RSA key in order to ask for the strength. 374 * A BN of an appropriate size is created, in general it won't have the 375 * properties necessary for RSA to function. This is okay here since 376 * the RSA key is never used. 377 */ 378 memset(num, vals[bits % 8], bytes); 379 380 /* 381 * The 'e' parameter is set to the same value as 'n'. This saves having 382 * an extra BN to hold a sensible value for 'e'. This is safe since the 383 * RSA key is not used. The 'd' parameter can be NULL safely. 384 */ 385 if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL), 386 BN_bin2bn(num, bytes, NULL), NULL)) 387 && TEST_uint_eq(RSA_security_bits(key), result)) 388 r = 1; 389 err: 390 RSA_free(key); 391 return r; 392 } 393 394 static int test_EVP_rsa_legacy_key(void) 395 { 396 int ret; 397 size_t buflen = 384; 398 size_t msglen = 64; 399 unsigned char sigbuf[384]; 400 unsigned char msgbuf[64]; 401 BIGNUM *p; 402 BIGNUM *q; 403 BIGNUM *n; 404 BIGNUM *d; 405 BIGNUM *e; 406 RSA *rsa; 407 const EVP_MD *md; 408 EVP_MD_CTX *ctx = NULL; 409 EVP_PKEY *pkey = NULL; 410 411 unsigned char n_data[] = { 412 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, 413 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, 414 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, 415 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, 416 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, 417 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, 418 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, 419 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, 420 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, 421 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, 422 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, 423 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, 424 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, 425 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, 426 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, 427 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, 428 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, 429 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, 430 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, 431 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, 432 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, 433 0x2e, 0xf2, 0x8e, 0x7e, 0x13 }; 434 435 unsigned char e_data[] = { 0x01, 0x00, 0x01 }; 436 437 unsigned char d_data[] = { 438 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, 439 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, 440 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, 441 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, 442 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, 443 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, 444 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, 445 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, 446 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, 447 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, 448 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, 449 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, 450 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, 451 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, 452 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, 453 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, 454 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, 455 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, 456 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, 457 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, 458 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, 459 0xf4, 0xfa, 0x60, 0xc1 }; 460 461 unsigned char p_data[] = { 462 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, 463 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, 464 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, 465 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, 466 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, 467 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, 468 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, 469 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, 470 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, 471 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, 472 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 }; 473 474 unsigned char q_data[] = { 475 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, 476 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, 477 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, 478 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, 479 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, 480 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, 481 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, 482 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, 483 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, 484 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, 485 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; 486 487 memset(msgbuf, 0xef, 64); 488 489 ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) 490 && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) 491 && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) 492 && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) 493 && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) 494 && TEST_ptr((rsa = RSA_new())) 495 && TEST_ptr((md = EVP_sha256())) 496 && TEST_ptr((ctx = EVP_MD_CTX_new())) 497 && TEST_ptr((pkey = EVP_PKEY_new())) 498 && TEST_true(RSA_set0_factors(rsa, p, q)) 499 && TEST_true(RSA_set0_key(rsa, n, e, d)) 500 && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) 501 && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) 502 && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); 503 504 EVP_MD_CTX_free(ctx); 505 EVP_PKEY_free(pkey); 506 return ret; 507 } 508 509 int setup_tests(void) 510 { 511 ADD_ALL_TESTS(test_rsa_pkcs1, 3); 512 ADD_ALL_TESTS(test_rsa_oaep, 3); 513 ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); 514 ADD_TEST(test_EVP_rsa_legacy_key); 515 return 1; 516 } 517