1 /*
2 * Copyright (c) 2022 Rockchip Electronics Co. Ltd.
3 */
4 #include <stdlib.h>
5 #include <string.h>
6 #include <unistd.h>
7 #include "rkcrypto_core.h"
8 #include "rkcrypto_trace.h"
9 #include "cmode_adapter.h"
10 #include "test_rsa.h"
11 #include "test_utils.h"
12 #include "rsa_key_data.h"
13
14 #define TEST_END_PASS(nbits, padding_name) do { \
15 if (verbose) \
16 printf("******** %-20s %-u\t%-16s test PASS !!! ********\n", \
17 __func__, nbits, padding_name); \
18 } while (0)
19
20 #define TEST_END_FAIL(nbits, padding_name) do { \
21 if (verbose) \
22 printf("******** %-20s %-u\t%-16s test FAIL !!! ********\n", \
23 __func__, nbits, padding_name); \
24 } while (0)
25
26 #define TEST_END_NA(nbits, padding_name) do { \
27 if (verbose) \
28 printf("******** %-20s %-u\t%-16s test N/A !!! ********\n", \
29 __func__, nbits, padding_name); \
30 } while (0)
31
32 typedef RK_RES (*test_rsa_one)(uint32_t padding, const char *padding_name,
33 uint32_t nbits, uint32_t data_len, int verbose);
34
35 struct test_rsa_item {
36 test_rsa_one do_test;
37 uint32_t padding;
38 const char *padding_name;
39 uint32_t data_size;
40 };
41
42 static RK_RES test_rsa_pub_enc(uint32_t padding, const char *padding_name,
43 uint32_t nbits, uint32_t data_len, int verbose);
44 static RK_RES test_rsa_priv_enc(uint32_t padding, const char *padding_name,
45 uint32_t nbits, uint32_t data_len, int verbose);
46 static RK_RES test_rsa_sign(uint32_t padding, const char *padding_name,
47 uint32_t nbits, uint32_t data_len, int verbose);
48
49 #define TEST_RSA_CRYPT(test, name, size) {test, RK_RSA_CRYPT_PADDING_##name, #name, size}
50 #define TEST_RSA_SIGN(test, name, size) {test, RK_RSA_SIGN_PADDING_##name, #name, size}
51 #define TEST_RSA_EMPTY() {NULL, 0, NULL, 0}
52
53 static const struct test_rsa_item test_rsa_tbl[] = {
54 TEST_RSA_CRYPT(test_rsa_pub_enc, NONE, 0),
55 TEST_RSA_CRYPT(test_rsa_pub_enc, BLOCK_TYPE_0, SHA256_HASH_SIZE),
56 TEST_RSA_CRYPT(test_rsa_pub_enc, BLOCK_TYPE_1, SHA256_HASH_SIZE),
57 TEST_RSA_CRYPT(test_rsa_pub_enc, BLOCK_TYPE_2, SHA256_HASH_SIZE),
58 TEST_RSA_CRYPT(test_rsa_pub_enc, PKCS1_V1_5, SHA256_HASH_SIZE),
59 TEST_RSA_CRYPT(test_rsa_pub_enc, OAEP_SHA1, SHA1_HASH_SIZE),
60 TEST_RSA_CRYPT(test_rsa_pub_enc, OAEP_SHA256, SHA256_HASH_SIZE),
61 TEST_RSA_CRYPT(test_rsa_pub_enc, OAEP_SHA384, SHA384_HASH_SIZE),
62 TEST_RSA_CRYPT(test_rsa_pub_enc, OAEP_SHA512, SHA512_HASH_SIZE),
63 TEST_RSA_EMPTY(),
64
65 TEST_RSA_CRYPT(test_rsa_priv_enc, NONE, 0),
66 TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_0, SHA256_HASH_SIZE),
67 TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_1, SHA256_HASH_SIZE),
68 TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_2, SHA256_HASH_SIZE),
69 TEST_RSA_CRYPT(test_rsa_priv_enc, PKCS1_V1_5, SHA256_HASH_SIZE),
70 TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA1, SHA1_HASH_SIZE),
71 TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA224, SHA224_HASH_SIZE),
72 TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA256, SHA256_HASH_SIZE),
73 TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA384, SHA384_HASH_SIZE),
74 TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA512, SHA512_HASH_SIZE),
75 TEST_RSA_EMPTY(),
76
77 TEST_RSA_SIGN(test_rsa_sign, PKCS1_V15_SHA1, 512),
78 TEST_RSA_SIGN(test_rsa_sign, PKCS1_V15_SHA224, 512),
79 TEST_RSA_SIGN(test_rsa_sign, PKCS1_V15_SHA256, 512),
80 TEST_RSA_SIGN(test_rsa_sign, PKCS1_V15_SHA384, 512),
81 TEST_RSA_SIGN(test_rsa_sign, PKCS1_V15_SHA512, 512),
82 TEST_RSA_SIGN(test_rsa_sign, PKCS1_PSS_SHA1, 512),
83 TEST_RSA_SIGN(test_rsa_sign, PKCS1_PSS_SHA224, 512),
84 TEST_RSA_SIGN(test_rsa_sign, PKCS1_PSS_SHA256, 512),
85 TEST_RSA_SIGN(test_rsa_sign, PKCS1_PSS_SHA384, 512),
86 TEST_RSA_SIGN(test_rsa_sign, PKCS1_PSS_SHA512, 512),
87 };
88
89 #ifdef RSA_OPENSSL_COMPRAE
90 #include <openssl/rsa.h>
91 #include <openssl/bn.h>
92 #include <openssl/rand.h>
93 #include <openssl/evp.h>
94 #include <openssl/ec_key.h>
95 #include <openssl/base.h>
96 #include <openssl/sha.h>
97 #include <openssl/err.h>
98
rk2ssl_padding(uint32_t rk_padding,int * ssl_padding,const EVP_MD ** digest_md)99 static RK_RES rk2ssl_padding(uint32_t rk_padding, int *ssl_padding, const EVP_MD **digest_md)
100 {
101 switch (rk_padding) {
102 /* crypt padding */
103 case RK_RSA_CRYPT_PADDING_OAEP_SHA1:
104 *ssl_padding = RSA_PKCS1_OAEP_PADDING;
105 *digest_md = EVP_sha1();
106 break;
107 case RK_RSA_CRYPT_PADDING_OAEP_SHA224:
108 *ssl_padding = RSA_PKCS1_OAEP_PADDING;
109 *digest_md = EVP_sha224();
110 break;
111 case RK_RSA_CRYPT_PADDING_OAEP_SHA256:
112 *ssl_padding = RSA_PKCS1_OAEP_PADDING;
113 *digest_md = EVP_sha256();
114 break;
115 case RK_RSA_CRYPT_PADDING_OAEP_SHA384:
116 *ssl_padding = RSA_PKCS1_OAEP_PADDING;
117 *digest_md = EVP_sha384();
118 break;
119 case RK_RSA_CRYPT_PADDING_OAEP_SHA512:
120 *ssl_padding = RSA_PKCS1_OAEP_PADDING;
121 *digest_md = EVP_sha512();
122 break;
123 case RK_RSA_CRYPT_PADDING_PKCS1_V1_5:
124 *ssl_padding = RSA_PKCS1_PADDING;
125 *digest_md = NULL;
126 break;
127
128 /* sign padding */
129 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA1:
130 *ssl_padding = RSA_PKCS1_PADDING;
131 *digest_md = EVP_sha1();
132 break;
133 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA224:
134 *ssl_padding = RSA_PKCS1_PADDING;
135 *digest_md = EVP_sha224();
136 break;
137 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA256:
138 *ssl_padding = RSA_PKCS1_PADDING;
139 *digest_md = EVP_sha256();
140 break;
141 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA384:
142 *ssl_padding = RSA_PKCS1_PADDING;
143 *digest_md = EVP_sha384();
144 break;
145 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA512:
146 *ssl_padding = RSA_PKCS1_PADDING;
147 *digest_md = EVP_sha512();
148 break;
149
150 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA1:
151 *ssl_padding = RSA_PKCS1_PSS_PADDING;
152 *digest_md = EVP_sha1();
153 break;
154 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA224:
155 *ssl_padding = RSA_PKCS1_PSS_PADDING;
156 *digest_md = EVP_sha224();
157 break;
158 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA256:
159 *ssl_padding = RSA_PKCS1_PSS_PADDING;
160 *digest_md = EVP_sha256();
161 break;
162 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA384:
163 *ssl_padding = RSA_PKCS1_PSS_PADDING;
164 *digest_md = EVP_sha384();
165 break;
166 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA512:
167 *ssl_padding = RSA_PKCS1_PSS_PADDING;
168 *digest_md = EVP_sha512();
169 break;
170
171 default:
172 return RK_CRYPTO_ERR_PARAMETER;
173 }
174
175 return RK_CRYPTO_SUCCESS;
176 }
177
openssl_dump_last_error(void)178 static void openssl_dump_last_error(void)
179 {
180 ERR_load_ERR_strings();
181 ERR_load_crypto_strings();
182 unsigned long ulErr = ERR_get_error();
183 char szErrMsg[512] = {0};
184 char *pTmp = NULL;
185
186 pTmp = ERR_error_string(ulErr, szErrMsg);
187 printf("%s\n", pTmp);
188 }
189
openssl_alloc_evpkey(rk_rsa_priv_key_pack * priv)190 static EVP_PKEY *openssl_alloc_evpkey(rk_rsa_priv_key_pack *priv)
191 {
192 BIGNUM *be = NULL;
193 BIGNUM *bn = NULL;
194 BIGNUM *bd = NULL;
195 RSA *rsa_key = NULL;
196 EVP_PKEY *evp_key = NULL;
197
198 be = BN_new();
199 if (!be)
200 goto error;
201
202 bd = BN_new();
203 if (!bd)
204 goto error;
205
206 bn = BN_new();
207 if (!bn)
208 goto error;
209
210 rsa_key = RSA_new();
211 if (!rsa_key)
212 goto error;
213
214 BN_bin2bn(priv->key.n, priv->key.n_len, bn);
215 BN_bin2bn(priv->key.e, priv->key.e_len, be);
216 BN_bin2bn(priv->key.d, priv->key.d_len, bd);
217
218 rsa_key->e = be;
219 rsa_key->d = bd;
220 rsa_key->n = bn;
221
222 evp_key = EVP_PKEY_new();
223 if (!evp_key) {
224 printf("EVP_PKEY_new failed!\n");
225 goto error;
226 }
227
228 if (EVP_PKEY_set1_RSA(evp_key, rsa_key) != 1) {
229 printf("EVP_PKEY_set1_RSA err\n");
230 goto error;
231 }
232
233 return evp_key;
234 error:
235 if (be)
236 BN_free(be);
237 if (bn)
238 BN_free(bn);
239 if (bd)
240 BN_free(bd);
241
242 rsa_key->e = NULL;
243 rsa_key->d = NULL;
244 rsa_key->n = NULL;
245
246 if (evp_key)
247 EVP_PKEY_free(evp_key);
248
249 return NULL;
250 }
251
openssl_free_evpkey(EVP_PKEY * evp_key)252 static void openssl_free_evpkey(EVP_PKEY *evp_key)
253 {
254 if (evp_key)
255 EVP_PKEY_free(evp_key);
256 }
257
openssl_encrypt(const uint8_t * in,uint32_t in_len,uint8_t * out,uint32_t * out_len,int padding,const EVP_MD * digest_algorithm,rk_rsa_priv_key_pack * priv)258 static RK_RES openssl_encrypt(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
259 int padding, const EVP_MD *digest_algorithm,
260 rk_rsa_priv_key_pack *priv)
261 {
262 RK_RES res = RK_CRYPTO_ERR_GENERIC;
263 size_t tmp_len;
264 EVP_PKEY *evp_key = NULL;
265 EVP_PKEY_CTX *pkey_ctx = NULL;
266
267 evp_key = openssl_alloc_evpkey(priv);
268 if (!evp_key)
269 return RK_CRYPTO_ERR_OUT_OF_MEMORY;
270
271 pkey_ctx = EVP_PKEY_CTX_new(evp_key, NULL /* engine */);
272 if (!pkey_ctx) {
273 printf("EVP_PKEY_CTX_new err\n");
274 return RK_CRYPTO_ERR_GENERIC;
275 }
276
277 if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) {
278 printf("EVP_PKEY_encrypt_init err\n");
279 goto exit;
280 }
281
282 if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
283 printf("EVP_PKEY_CTX_set_rsa_padding err\n");
284 goto exit;
285 }
286
287 if (padding == RSA_PKCS1_OAEP_PADDING) {
288 if (!EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, digest_algorithm)) {
289 printf("EVP_PKEY_CTX_set_rsa_oaep_md err\n");
290 goto exit;
291 }
292
293 if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest_algorithm)) {
294 printf("EVP_PKEY_CTX_set_rsa_mgf1_md err\n");
295 goto exit;
296 }
297 }
298
299 if (EVP_PKEY_encrypt(pkey_ctx, NULL /* out */, &tmp_len, in, in_len) <= 0) {
300 printf("EVP_PKEY_encrypt err\n");
301 goto exit;
302 }
303 if (EVP_PKEY_encrypt(pkey_ctx, out, &tmp_len, in, in_len) <= 0) {
304 printf("EVP_PKEY_encrypt err\n");
305 goto exit;
306 }
307
308 *out_len = (uint32_t)tmp_len;
309
310 res = RK_CRYPTO_SUCCESS;
311 exit:
312 if (res)
313 openssl_dump_last_error();
314
315 EVP_PKEY_CTX_free(pkey_ctx);
316 openssl_free_evpkey(evp_key);
317
318 return res;
319 }
320
openssl_decrypt(const uint8_t * in,uint32_t in_len,uint8_t * out,uint32_t * out_len,int padding,const EVP_MD * digest_algorithm,rk_rsa_priv_key_pack * priv)321 static RK_RES openssl_decrypt(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
322 int padding, const EVP_MD *digest_algorithm,
323 rk_rsa_priv_key_pack *priv)
324 {
325 RK_RES res = RK_CRYPTO_ERR_GENERIC;
326 size_t tmp_len;
327 EVP_PKEY *evp_key = NULL;
328 EVP_PKEY_CTX *pkey_ctx = NULL;
329
330 evp_key = openssl_alloc_evpkey(priv);
331 if (!evp_key) {
332 printf("openssl_alloc_evpkey err\n");
333 return RK_CRYPTO_ERR_OUT_OF_MEMORY;
334 }
335
336 pkey_ctx = EVP_PKEY_CTX_new(evp_key, NULL /* engine */);
337 if (!pkey_ctx) {
338 printf("EVP_PKEY_CTX_new err\n");
339 return RK_CRYPTO_ERR_GENERIC;
340 }
341
342 if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
343 printf("EVP_PKEY_encrypt_init err\n");
344 goto exit;
345 }
346
347 if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
348 printf("EVP_PKEY_CTX_set_rsa_padding err\n");
349 goto exit;
350 }
351
352 if (padding == RSA_PKCS1_OAEP_PADDING) {
353 if (!EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, digest_algorithm)) {
354 printf("EVP_PKEY_CTX_set_rsa_oaep_md err\n");
355 goto exit;
356 }
357
358 if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest_algorithm)) {
359 printf("EVP_PKEY_CTX_set_rsa_mgf1_md err\n");
360 goto exit;
361 }
362 }
363
364 if (EVP_PKEY_decrypt(pkey_ctx, NULL /* out */, &tmp_len, in, in_len) <= 0) {
365 printf("EVP_PKEY_decrypt err\n");
366 goto exit;
367 }
368 if (EVP_PKEY_decrypt(pkey_ctx, out, &tmp_len, in, in_len) <= 0) {
369 printf("EVP_PKEY_decrypt err\n");
370 goto exit;
371 }
372
373 *out_len = (uint32_t)tmp_len;
374
375 res = RK_CRYPTO_SUCCESS;
376 exit:
377 if (res)
378 openssl_dump_last_error();
379
380 EVP_PKEY_CTX_free(pkey_ctx);
381 openssl_free_evpkey(evp_key);
382
383 return res;
384 }
385
openssl_sign(const uint8_t * in,uint32_t in_len,uint8_t * out,uint32_t * out_len,int padding,const EVP_MD * digest_algorithm,rk_rsa_priv_key_pack * priv)386 static RK_RES openssl_sign(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
387 int padding, const EVP_MD *digest_algorithm, rk_rsa_priv_key_pack *priv)
388 {
389 RK_RES res = RK_CRYPTO_ERR_GENERIC;
390 size_t tmp_len = *out_len;
391 EVP_PKEY_CTX *pkey_ctx;
392 EVP_PKEY *evp_key = NULL;
393 EVP_MD_CTX *digest_ctx = NULL;
394
395 digest_ctx = EVP_MD_CTX_new();
396 if (!digest_ctx) {
397 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
398 goto exit;
399 }
400
401 evp_key = openssl_alloc_evpkey(priv);
402 if (!evp_key) {
403 printf("openssl_alloc_evpkey err\n");
404 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
405 goto exit;
406 }
407
408 if (EVP_DigestSignInit(digest_ctx, &pkey_ctx, digest_algorithm,
409 NULL /* engine */, evp_key) != 1) {
410 printf("EVP_DigestSignInit err\n");
411 goto exit;
412 }
413
414 if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
415 printf("EVP_PKEY_CTX_set_rsa_padding err\n");
416 goto exit;
417 }
418
419 if (padding == RSA_PKCS1_PSS_PADDING) {
420 uint32_t saltlen = EVP_MD_size(digest_algorithm);
421
422 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, saltlen) <= 0) {
423 printf("EVP_PKEY_CTX_set_rsa_pss_saltlen err\n");
424 goto exit;
425 }
426 }
427
428 if (EVP_DigestSignUpdate(digest_ctx, in, in_len) != 1) {
429 printf("EVP_DigestSignUpdate err\n");
430 goto exit;
431 }
432 if (EVP_DigestSignFinal(digest_ctx, NULL, &tmp_len) != 1) {
433 printf("EVP_DigestSignFinal err\n");
434 goto exit;
435 }
436 if (EVP_DigestSignFinal(digest_ctx, out, &tmp_len) <= 0) {
437 printf("EVP_DigestSignFinal err\n");
438 goto exit;
439 }
440
441 *out_len = (uint32_t)tmp_len;
442 res = RK_CRYPTO_SUCCESS;
443 exit:
444 if (res)
445 openssl_dump_last_error();
446
447 if (digest_ctx)
448 EVP_MD_CTX_free(digest_ctx);
449
450 openssl_free_evpkey(evp_key);
451
452 return res;
453
454 }
455
openssl_verify(const uint8_t * in,uint32_t in_len,uint8_t * sign,uint32_t sign_len,int padding,const EVP_MD * digest_algorithm,rk_rsa_priv_key_pack * priv)456 static RK_RES openssl_verify(const uint8_t *in, uint32_t in_len, uint8_t *sign, uint32_t sign_len,
457 int padding, const EVP_MD *digest_algorithm, rk_rsa_priv_key_pack *priv)
458 {
459 RK_RES res = RK_CRYPTO_ERR_GENERIC;
460 EVP_PKEY_CTX *pkey_ctx;
461 EVP_PKEY *evp_key = NULL;
462 EVP_MD_CTX *digest_ctx = NULL;
463
464 digest_ctx = EVP_MD_CTX_new();
465 if (!digest_ctx) {
466 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
467 goto exit;
468 }
469
470 evp_key = openssl_alloc_evpkey(priv);
471 if (!evp_key) {
472 printf("openssl_alloc_evpkey err\n");
473 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
474 goto exit;
475 }
476
477 if (EVP_DigestVerifyInit(digest_ctx, &pkey_ctx, digest_algorithm,
478 NULL /* engine */, evp_key) != 1) {
479 printf("EVP_DigestVerifyInit err\n");
480 goto exit;
481 }
482
483 if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
484 printf("EVP_PKEY_CTX_set_rsa_padding err\n");
485 goto exit;
486 }
487
488 if (padding == RSA_PKCS1_PSS_PADDING) {
489 uint32_t saltlen = EVP_MD_size(digest_algorithm);
490
491 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, saltlen) <= 0) {
492 printf("EVP_PKEY_CTX_set_rsa_pss_saltlen err\n");
493 goto exit;
494 }
495 }
496
497 if (EVP_DigestVerifyUpdate(digest_ctx, in, in_len) != 1) {
498 printf("EVP_DigestVerifyUpdate err\n");
499 goto exit;
500 }
501
502 if (!EVP_DigestVerifyFinal(digest_ctx, sign, sign_len)) {
503 printf("EVP_DigestVerifyFinal err\n");
504 goto exit;
505 }
506
507 res = RK_CRYPTO_SUCCESS;
508 exit:
509 if (res)
510 openssl_dump_last_error();
511
512 if (digest_ctx)
513 EVP_MD_CTX_free(digest_ctx);
514
515 openssl_free_evpkey(evp_key);
516
517 return res;
518 }
519
520 #endif
521
get_hash_algo_from_padding(uint32_t padding,uint32_t * hlen,uint32_t * hash_algo)522 static RK_RES get_hash_algo_from_padding(uint32_t padding, uint32_t *hlen, uint32_t *hash_algo)
523 {
524 uint32_t shaalgo = RK_ALGO_SHA1;
525
526 switch (padding) {
527 case RK_RSA_CRYPT_PADDING_OAEP_SHA1:
528 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA1:
529 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA1:
530 *hlen = SHA1_HASH_SIZE;
531 shaalgo = RK_ALGO_SHA1;
532 break;
533 case RK_RSA_CRYPT_PADDING_OAEP_SHA224:
534 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA224:
535 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA224:
536 *hlen = SHA224_HASH_SIZE;
537 shaalgo = RK_ALGO_SHA224;
538 break;
539 case RK_RSA_CRYPT_PADDING_OAEP_SHA256:
540 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA256:
541 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA256:
542 *hlen = SHA256_HASH_SIZE;
543 shaalgo = RK_ALGO_SHA256;
544 break;
545 case RK_RSA_CRYPT_PADDING_OAEP_SHA384:
546 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA384:
547 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA384:
548 *hlen = SHA384_HASH_SIZE;
549 shaalgo = RK_ALGO_SHA384;
550 break;
551 case RK_RSA_CRYPT_PADDING_OAEP_SHA512:
552 case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA512:
553 case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA512:
554 *hlen = SHA512_HASH_SIZE;
555 shaalgo = RK_ALGO_SHA512;
556 break;
557 default:
558 D_TRACE("unknown padding %x", padding);
559 *hlen = 0;
560 shaalgo = 0;
561 return RK_CRYPTO_ERR_PADDING;
562 }
563
564 *hash_algo = shaalgo;
565
566 return RK_CRYPTO_SUCCESS;
567 }
568
calc_padding_digest(uint32_t padding,const uint8_t * data,uint32_t data_len,uint8_t * digest)569 static RK_RES calc_padding_digest(uint32_t padding, const uint8_t *data, uint32_t data_len,
570 uint8_t *digest)
571 {
572 RK_RES res;
573 uint32_t hash_algo, hash_len;
574 rk_hash_config hash_cfg;
575 rk_handle hash_hdl = 0;
576
577 res = get_hash_algo_from_padding(padding, &hash_len, &hash_algo);
578 if (res)
579 goto exit;
580
581 memset(&hash_cfg, 0x00, sizeof(hash_cfg));
582
583 hash_cfg.algo = hash_algo;
584
585 res = rk_hash_init(&hash_cfg, &hash_hdl);
586 if (res)
587 goto exit;
588
589 if (data && data_len != 0) {
590 res = rk_hash_update_virt(hash_hdl, data, data_len);
591 if (res) {
592 rk_hash_final(hash_hdl, NULL);
593 goto exit;
594 }
595 }
596
597 res = rk_hash_final(hash_hdl, digest);
598 exit:
599 if (res)
600 D_TRACE("digest error.");
601
602 return res;
603 }
604
test_rsa_pub_enc(uint32_t padding,const char * padding_name,uint32_t nbits,uint32_t data_len,int verbose)605 static RK_RES test_rsa_pub_enc(uint32_t padding, const char *padding_name,
606 uint32_t nbits, uint32_t data_len, int verbose)
607 {
608 RK_RES res = RK_CRYPTO_SUCCESS;
609 uint8_t *data = NULL;
610 uint8_t *enc_buf = NULL;
611 uint8_t *dec_buf = NULL;
612 uint32_t out_len, nbytes = nbits / 8;
613 rk_rsa_pub_key_pack pub_key;
614 rk_rsa_priv_key_pack priv_key;
615
616 data = (uint8_t *)malloc(data_len);
617 if (!data) {
618 printf("malloc for data failed\n");
619 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
620 goto exit;
621 }
622
623 memset(data, 0xab, data_len);
624 /* make sure data < n */
625 data[0] = 0x11;
626
627 enc_buf = (uint8_t *)malloc(nbytes);
628 if (!enc_buf) {
629 printf("malloc for enc_buf failed\n");
630 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
631 goto exit;
632 }
633
634 dec_buf = (uint8_t *)malloc(nbytes);
635 if (!dec_buf) {
636 printf("malloc for dec_buf failed\n");
637 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
638 goto exit;
639 }
640
641 test_init_pubkey(&pub_key, nbits);
642 test_init_privkey(&priv_key, nbits);
643
644 res = rk_rsa_pub_encrypt(&pub_key, padding, data, data_len, enc_buf, &out_len);
645 if (res) {
646 if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
647 res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
648 printf("rk_rsa_pub_encrypt failed %x\n", res);
649 goto exit;
650 }
651
652 #ifdef RSA_OPENSSL_COMPRAE
653 int ssl_padding;
654 const EVP_MD *digest_md;
655
656 if (rk2ssl_padding(padding, &ssl_padding, &digest_md) == RK_CRYPTO_SUCCESS) {
657 res = openssl_decrypt(enc_buf, out_len, dec_buf, &out_len,
658 ssl_padding, digest_md, &priv_key);
659 if (res) {
660 printf("openssl_decrypt error!\n");
661 goto exit;
662 }
663
664 if (out_len != data_len || memcmp(data, dec_buf, data_len)) {
665 printf("rk_rsa_pub_encrypt not match openssl_decrypt\n");
666 test_dump_hex("result", dec_buf, out_len);
667 test_dump_hex("expect", data, data_len);
668 res = RK_CRYPTO_ERR_GENERIC;
669 goto exit;
670 }
671
672 res = openssl_encrypt(data, data_len, enc_buf, &out_len,
673 ssl_padding, digest_md, &priv_key);
674 if (res) {
675 printf("openssl_encrypt error!\n");
676 goto exit;
677 }
678 }
679 #endif
680 res = rk_rsa_priv_decrypt(&priv_key, padding, enc_buf, out_len, dec_buf, &out_len);
681 if (res) {
682 printf("rk_rsa_priv_decrypt failed %x\n", res);
683 goto exit;
684 }
685
686 if (data_len != out_len || memcmp(dec_buf, data, data_len)) {
687 printf("rk_rsa_priv_decrypt compare failed\n");
688 test_dump_hex("result", enc_buf, out_len);
689 test_dump_hex("expect", data, data_len);
690 res = RK_CRYPTO_ERR_GENERIC;
691 goto exit;
692 }
693
694 exit:
695 if (data)
696 free(data);
697
698 if (enc_buf)
699 free(enc_buf);
700
701 if (dec_buf)
702 free(dec_buf);
703
704 if (res == RK_CRYPTO_ERR_NOT_SUPPORTED ||
705 res == RK_CRYPTO_ERR_PADDING_OVERFLOW) {
706 TEST_END_NA(nbits, padding_name);
707 res = RK_CRYPTO_SUCCESS;
708 } else if (res) {
709 TEST_END_FAIL(nbits, padding_name);
710 } else {
711 TEST_END_PASS(nbits, padding_name);
712 }
713
714 return res;
715 }
716
test_rsa_priv_enc(uint32_t padding,const char * padding_name,uint32_t nbits,uint32_t data_len,int verbose)717 static RK_RES test_rsa_priv_enc(uint32_t padding, const char *padding_name,
718 uint32_t nbits, uint32_t data_len, int verbose)
719 {
720 RK_RES res = RK_CRYPTO_SUCCESS;
721 uint8_t *data = NULL;
722 uint8_t *enc_buf = NULL;
723 uint8_t *dec_buf = NULL;
724 uint32_t out_len, nbytes = nbits / 8;
725 rk_rsa_pub_key_pack pub_key;
726 rk_rsa_priv_key_pack priv_key;
727
728 data = (uint8_t *)malloc(data_len);
729 if (!data) {
730 printf("malloc for data failed\n");
731 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
732 goto exit;
733 }
734
735 memset(data, 0xab, data_len);
736 /* make sure data < n */
737 data[0] = 0x11;
738
739 enc_buf = (uint8_t *)malloc(nbytes);
740 if (!enc_buf) {
741 printf("malloc for enc_buf failed\n");
742 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
743 goto exit;
744 }
745
746 dec_buf = (uint8_t *)malloc(nbytes);
747 if (!dec_buf) {
748 printf("malloc for dec_buf failed\n");
749 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
750 goto exit;
751 }
752
753 test_init_pubkey(&pub_key, nbits);
754 test_init_privkey(&priv_key, nbits);
755
756 res = rk_rsa_priv_encrypt(&priv_key, padding, data, data_len, enc_buf, &out_len);
757 if (res) {
758 if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
759 res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
760 printf("rk_rsa_priv_encrypt failed %x\n", res);
761 goto exit;
762 }
763
764 res = rk_rsa_pub_decrypt(&pub_key, padding, enc_buf, out_len, dec_buf, &out_len);
765 if (res) {
766 printf("rk_rsa_pub_decrypt failed %x\n", res);
767 goto exit;
768 }
769
770 if (data_len != out_len || memcmp(dec_buf, data, data_len)) {
771 printf("rk_rsa_pub_decrypt compare failed\n");
772 test_dump_hex("result", enc_buf, out_len);
773 test_dump_hex("expect", data, data_len);
774 res = RK_CRYPTO_ERR_GENERIC;
775 goto exit;
776 }
777
778 exit:
779 if (data)
780 free(data);
781
782 if (enc_buf)
783 free(enc_buf);
784
785 if (dec_buf)
786 free(dec_buf);
787
788 if (res == RK_CRYPTO_ERR_NOT_SUPPORTED ||
789 res == RK_CRYPTO_ERR_PADDING_OVERFLOW) {
790 TEST_END_NA(nbits, padding_name);
791 res = RK_CRYPTO_SUCCESS;
792 } else if (res) {
793 TEST_END_FAIL(nbits, padding_name);
794 } else {
795 TEST_END_PASS(nbits, padding_name);
796 }
797
798 return res;
799 }
800
test_rsa_sign_common(uint32_t padding,const char * padding_name,uint32_t nbits,const uint8_t * in,uint32_t in_len,const uint8_t * hash,int verbose)801 static RK_RES test_rsa_sign_common(uint32_t padding, const char *padding_name,
802 uint32_t nbits, const uint8_t *in, uint32_t in_len,
803 const uint8_t *hash, int verbose)
804 {
805 RK_RES res = RK_CRYPTO_SUCCESS;
806 uint8_t *sign = NULL;
807 uint32_t sign_len, nbytes = nbits / 8;
808 const char *test_name = hash ? "test_rsa_sign_digest" : "test_rsa_sign_data";
809 rk_rsa_pub_key_pack pub_key;
810 rk_rsa_priv_key_pack priv_key;
811
812 sign = (uint8_t *)malloc(nbytes);
813 if (!sign) {
814 printf("malloc for sign failed\n");
815 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
816 goto exit;
817 }
818
819 test_init_pubkey(&pub_key, nbits);
820 test_init_privkey(&priv_key, nbits);
821
822 res = rk_rsa_sign(&priv_key, padding, in, in_len, hash, sign, &sign_len);
823 if (res) {
824 if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
825 res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
826 printf("rk_rsa_sign failed %x\n", res);
827 else {
828 res = RK_CRYPTO_SUCCESS;
829
830 if (verbose) {
831 printf("******** %-20s %u\t%-16s test N/A !!! ********\n",
832 "test_rsa_sign_data", nbits, padding_name);
833 printf("******** %-20s %u\t%-16s test N/A !!! ********\n",
834 "test_rsa_sign_digest", nbits, padding_name);
835 }
836 }
837 goto exit;
838 }
839
840 #ifdef RSA_OPENSSL_COMPRAE
841 int ssl_padding;
842 const EVP_MD *digest_md;
843
844 if (rk2ssl_padding(padding, &ssl_padding, &digest_md) == RK_CRYPTO_SUCCESS) {
845 res = openssl_verify(in, in_len, sign, sign_len, ssl_padding, digest_md, &priv_key);
846 if (res) {
847 printf("openssl_verify error!\n");
848 goto exit;
849 }
850
851 res = openssl_sign(in, in_len, sign, &sign_len,
852 ssl_padding, digest_md, &priv_key);
853 if (res) {
854 printf("openssl_sign error!\n");
855 goto exit;
856 }
857 }
858 #endif
859
860 res = rk_rsa_verify(&pub_key, padding, in, in_len, hash, sign, sign_len);
861 if (res) {
862 printf("rk_rsa_verify failed %x\n", res);
863 goto exit;
864 }
865
866 /* modify sign data to make it wrong */
867 *sign += 1;
868 res = rk_rsa_verify(&pub_key, padding, in, in_len, hash, sign, sign_len);
869 if (res != RK_CRYPTO_ERR_VERIFY) {
870 printf("rk_rsa_verify should be RK_CRYPTO_ERR_VERIFY but %x\n", res);
871 goto exit;
872 }
873
874 res = RK_CRYPTO_SUCCESS;
875
876 if (verbose)
877 printf("******** %-20s %u\t%-16s test PASS !!! ********\n",
878 test_name, nbits, padding_name);
879
880 exit:
881 if (sign)
882 free(sign);
883
884 if (res && verbose)
885 printf("******** %-20s %u\t%-16s test FAIL !!! ********\n",
886 test_name, nbits, padding_name);
887
888 return res;
889 }
890
test_rsa_sign(uint32_t padding,const char * padding_name,uint32_t nbits,uint32_t in_len,int verbose)891 static RK_RES test_rsa_sign(uint32_t padding, const char *padding_name,
892 uint32_t nbits, uint32_t in_len, int verbose)
893 {
894 RK_RES res;
895 uint8_t *data = NULL;
896 uint8_t digest[SHA512_HASH_SIZE];
897
898 data = (uint8_t *)malloc(in_len);
899 if (!data) {
900 printf("malloc for data failed\n");
901 res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
902 goto exit;
903 }
904
905 memset(data, 0xab, in_len);
906 memset(digest, 0x00, sizeof(digest));
907
908 res = calc_padding_digest(padding, data, in_len, digest);
909 if (res) {
910 if (res == RK_CRYPTO_ERR_NOT_SUPPORTED) {
911 if (verbose) {
912 printf("******** %-20s %u\t%-16s test N/A !!! ********\n",
913 "test_rsa_sign_data", nbits, padding_name);
914 printf("******** %-20s %u\t%-16s test N/A !!! ********\n",
915 "test_rsa_sign_digest", nbits, padding_name);
916 }
917 res = RK_CRYPTO_SUCCESS;
918 goto exit;
919 }
920
921 printf("calc_padding_digest %x\n", res);
922 goto exit;
923 }
924
925 res = test_rsa_sign_common(padding, padding_name, nbits, data, in_len,
926 NULL, verbose);
927
928 if (res) {
929 printf("test_rsa_sign data failed %x\n", res);
930 goto exit;
931 }
932
933 res = test_rsa_sign_common(padding, padding_name, nbits, data, in_len,
934 digest, verbose);
935
936 if (res) {
937 printf("test_rsa_sign digest failed %x\n", res);
938 goto exit;
939 }
940
941 exit:
942 if (data)
943 free(data);
944
945 return res;
946 }
947
test_rsa(int verbose)948 RK_RES test_rsa(int verbose)
949 {
950 RK_RES res = RK_CRYPTO_ERR_GENERIC;
951 uint32_t i, j, data_size;
952 uint32_t rsa_key_nbits[] = {
953 RSA_BITS_1024,
954 RSA_BITS_2048,
955 RSA_BITS_3072,
956 RSA_BITS_4096,
957 };
958
959 res = rk_crypto_init();
960 if (res) {
961 printf("rk_crypto_init error %08x\n", res);
962 return res;
963 }
964
965 for (i = 0; i < ARRAY_SIZE(rsa_key_nbits); i++) {
966 /* verbose == 0 means alled by the stress test, only test RSA 2048 */
967 if (!verbose && rsa_key_nbits[i] != RSA_BITS_2048)
968 continue;
969
970 for (j = 0; j < ARRAY_SIZE(test_rsa_tbl); j++) {
971 if (!test_rsa_tbl[j].do_test) {
972 if (verbose)
973 printf("\n");
974
975 continue;
976 }
977
978 data_size = test_rsa_tbl[j].data_size ? : (rsa_key_nbits[i] / 8);
979 res = test_rsa_tbl[j].do_test(test_rsa_tbl[j].padding,
980 test_rsa_tbl[j].padding_name,
981 rsa_key_nbits[i],
982 data_size,
983 verbose);
984 if (res)
985 goto exit;
986 }
987
988 if (verbose)
989 printf("\n");
990 }
991 exit:
992 rk_crypto_deinit();
993 return res;
994 }
995