xref: /OK3568_Linux_fs/external/security/librkcrypto/test/test_rsa.c (revision 4882a59341e53eb6f0b4789bf948001014eff981)

/*
 * Copyright (c) 2022 Rockchip Electronics Co. Ltd.
 */
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "rkcrypto_core.h"
#include "rkcrypto_trace.h"
#include "cmode_adapter.h"
#include "test_rsa.h"
#include "test_utils.h"
#include "rsa_key_data.h"

#define TEST_END_PASS(nbits, padding_name)  do { \
		if (verbose) \
			printf("******** %-20s %-u\t%-16s test PASS !!! ********\n", \
			       __func__, nbits, padding_name); \
	} while (0)

#define TEST_END_FAIL(nbits, padding_name)  do { \
		if (verbose) \
			printf("******** %-20s %-u\t%-16s test FAIL !!! ********\n", \
			       __func__, nbits, padding_name); \
	} while (0)

#define TEST_END_NA(nbits, padding_name)  do { \
		if (verbose) \
			printf("******** %-20s %-u\t%-16s test N/A  !!! ********\n", \
			       __func__, nbits, padding_name); \
	} while (0)

typedef RK_RES (*test_rsa_one)(uint32_t padding, const char *padding_name,
			       uint32_t nbits, uint32_t data_len, int verbose);

struct test_rsa_item {
	test_rsa_one	do_test;
	uint32_t	padding;
	const char	*padding_name;
	uint32_t	data_size;
};

static RK_RES test_rsa_pub_enc(uint32_t padding, const char *padding_name,
			       uint32_t nbits, uint32_t data_len, int verbose);
static RK_RES test_rsa_priv_enc(uint32_t padding, const char *padding_name,
				uint32_t nbits, uint32_t data_len, int verbose);
static RK_RES test_rsa_sign(uint32_t padding, const char *padding_name,
			    uint32_t nbits, uint32_t data_len, int verbose);

#define TEST_RSA_CRYPT(test, name, size)	{test, RK_RSA_CRYPT_PADDING_##name, #name, size}
#define TEST_RSA_SIGN(test, name, size)		{test, RK_RSA_SIGN_PADDING_##name, #name, size}
#define TEST_RSA_EMPTY()			{NULL, 0, NULL, 0}

static const struct test_rsa_item test_rsa_tbl[] = {
	TEST_RSA_CRYPT(test_rsa_pub_enc,  NONE,             0),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  BLOCK_TYPE_0,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  BLOCK_TYPE_1,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  BLOCK_TYPE_2,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  PKCS1_V1_5,       SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  OAEP_SHA1,        SHA1_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  OAEP_SHA256,      SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  OAEP_SHA384,      SHA384_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_pub_enc,  OAEP_SHA512,      SHA512_HASH_SIZE),
	TEST_RSA_EMPTY(),

	TEST_RSA_CRYPT(test_rsa_priv_enc, NONE,             0),
	TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_0,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_1,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, BLOCK_TYPE_2,     SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, PKCS1_V1_5,	    SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA1,        SHA1_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA224,      SHA224_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA256,      SHA256_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA384,      SHA384_HASH_SIZE),
	TEST_RSA_CRYPT(test_rsa_priv_enc, OAEP_SHA512,      SHA512_HASH_SIZE),
	TEST_RSA_EMPTY(),

	TEST_RSA_SIGN(test_rsa_sign,      PKCS1_V15_SHA1,   512),
	TEST_RSA_SIGN(test_rsa_sign,      PKCS1_V15_SHA224, 512),
	TEST_RSA_SIGN(test_rsa_sign,      PKCS1_V15_SHA256, 512),
	TEST_RSA_SIGN(test_rsa_sign,      PKCS1_V15_SHA384, 512),
	TEST_RSA_SIGN(test_rsa_sign,      PKCS1_V15_SHA512, 512),
	TEST_RSA_SIGN(test_rsa_sign,	  PKCS1_PSS_SHA1,   512),
	TEST_RSA_SIGN(test_rsa_sign,	  PKCS1_PSS_SHA224, 512),
	TEST_RSA_SIGN(test_rsa_sign,	  PKCS1_PSS_SHA256, 512),
	TEST_RSA_SIGN(test_rsa_sign,	  PKCS1_PSS_SHA384, 512),
	TEST_RSA_SIGN(test_rsa_sign,	  PKCS1_PSS_SHA512, 512),
};

#ifdef RSA_OPENSSL_COMPRAE
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/ec_key.h>
#include <openssl/base.h>
#include <openssl/sha.h>
#include <openssl/err.h>

static RK_RES rk2ssl_padding(uint32_t rk_padding, int *ssl_padding, const EVP_MD **digest_md)
{
	switch (rk_padding) {
	/* crypt padding */
	case RK_RSA_CRYPT_PADDING_OAEP_SHA1:
		*ssl_padding = RSA_PKCS1_OAEP_PADDING;
		*digest_md   = EVP_sha1();
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA224:
		*ssl_padding = RSA_PKCS1_OAEP_PADDING;
		*digest_md   = EVP_sha224();
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA256:
		*ssl_padding = RSA_PKCS1_OAEP_PADDING;
		*digest_md   = EVP_sha256();
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA384:
		*ssl_padding = RSA_PKCS1_OAEP_PADDING;
		*digest_md   = EVP_sha384();
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA512:
		*ssl_padding = RSA_PKCS1_OAEP_PADDING;
		*digest_md   = EVP_sha512();
		break;
	case RK_RSA_CRYPT_PADDING_PKCS1_V1_5:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = NULL;
		break;

	/* sign padding */
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA1:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = EVP_sha1();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA224:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = EVP_sha224();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA256:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = EVP_sha256();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA384:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = EVP_sha384();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA512:
		*ssl_padding = RSA_PKCS1_PADDING;
		*digest_md   = EVP_sha512();
		break;

	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA1:
		*ssl_padding = RSA_PKCS1_PSS_PADDING;
		*digest_md   = EVP_sha1();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA224:
		*ssl_padding = RSA_PKCS1_PSS_PADDING;
		*digest_md   = EVP_sha224();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA256:
		*ssl_padding = RSA_PKCS1_PSS_PADDING;
		*digest_md   = EVP_sha256();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA384:
		*ssl_padding = RSA_PKCS1_PSS_PADDING;
		*digest_md   = EVP_sha384();
		break;
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA512:
		*ssl_padding = RSA_PKCS1_PSS_PADDING;
		*digest_md   = EVP_sha512();
		break;

	default:
		return RK_CRYPTO_ERR_PARAMETER;
	}

	return RK_CRYPTO_SUCCESS;
}

static void openssl_dump_last_error(void)
{
	ERR_load_ERR_strings();
	ERR_load_crypto_strings();
	unsigned long ulErr = ERR_get_error();
	char szErrMsg[512] = {0};
	char *pTmp = NULL;

	pTmp = ERR_error_string(ulErr, szErrMsg);
	printf("%s\n", pTmp);
}

static EVP_PKEY *openssl_alloc_evpkey(rk_rsa_priv_key_pack *priv)
{
	BIGNUM *be = NULL;
	BIGNUM *bn = NULL;
	BIGNUM *bd = NULL;
	RSA *rsa_key = NULL;
	EVP_PKEY *evp_key = NULL;

	be = BN_new();
	if (!be)
		goto error;

	bd = BN_new();
	if (!bd)
		goto error;

	bn = BN_new();
	if (!bn)
		goto error;

	rsa_key = RSA_new();
	if (!rsa_key)
		goto error;

	BN_bin2bn(priv->key.n, priv->key.n_len, bn);
	BN_bin2bn(priv->key.e, priv->key.e_len, be);
	BN_bin2bn(priv->key.d, priv->key.d_len, bd);

	rsa_key->e = be;
	rsa_key->d = bd;
	rsa_key->n = bn;

	evp_key = EVP_PKEY_new();
	if (!evp_key) {
		printf("EVP_PKEY_new failed!\n");
		goto error;
	}

	if (EVP_PKEY_set1_RSA(evp_key, rsa_key) != 1) {
		printf("EVP_PKEY_set1_RSA err\n");
		goto error;
	}

	return evp_key;
error:
	if (be)
		BN_free(be);
	if (bn)
		BN_free(bn);
	if (bd)
		BN_free(bd);

	rsa_key->e = NULL;
	rsa_key->d = NULL;
	rsa_key->n = NULL;

	if (evp_key)
		EVP_PKEY_free(evp_key);

	return NULL;
}

static void openssl_free_evpkey(EVP_PKEY *evp_key)
{
	if (evp_key)
		EVP_PKEY_free(evp_key);
}

static RK_RES openssl_encrypt(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
			      int padding, const EVP_MD *digest_algorithm,
			      rk_rsa_priv_key_pack *priv)
{
	RK_RES res = RK_CRYPTO_ERR_GENERIC;
	size_t tmp_len;
	EVP_PKEY *evp_key = NULL;
	EVP_PKEY_CTX *pkey_ctx = NULL;

	evp_key = openssl_alloc_evpkey(priv);
	if (!evp_key)
		return RK_CRYPTO_ERR_OUT_OF_MEMORY;

	pkey_ctx = EVP_PKEY_CTX_new(evp_key, NULL /* engine */);
	if (!pkey_ctx) {
		printf("EVP_PKEY_CTX_new err\n");
		return RK_CRYPTO_ERR_GENERIC;
	}

	if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) {
		printf("EVP_PKEY_encrypt_init err\n");
		goto exit;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
		printf("EVP_PKEY_CTX_set_rsa_padding err\n");
		goto exit;
	}

	if (padding == RSA_PKCS1_OAEP_PADDING) {
		if (!EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, digest_algorithm)) {
			printf("EVP_PKEY_CTX_set_rsa_oaep_md err\n");
			goto exit;
		}

		if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest_algorithm)) {
			printf("EVP_PKEY_CTX_set_rsa_mgf1_md err\n");
			goto exit;
		}
	}

	if (EVP_PKEY_encrypt(pkey_ctx, NULL /* out */, &tmp_len, in, in_len) <= 0) {
		printf("EVP_PKEY_encrypt err\n");
		goto exit;
	}
	if (EVP_PKEY_encrypt(pkey_ctx, out, &tmp_len, in, in_len) <= 0) {
		printf("EVP_PKEY_encrypt err\n");
		goto exit;
	}

	*out_len = (uint32_t)tmp_len;

	res = RK_CRYPTO_SUCCESS;
exit:
	if (res)
		openssl_dump_last_error();

	EVP_PKEY_CTX_free(pkey_ctx);
	openssl_free_evpkey(evp_key);

	return res;
}

static RK_RES openssl_decrypt(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
			      int padding, const EVP_MD *digest_algorithm,
			      rk_rsa_priv_key_pack *priv)
{
	RK_RES res = RK_CRYPTO_ERR_GENERIC;
	size_t tmp_len;
	EVP_PKEY *evp_key = NULL;
	EVP_PKEY_CTX *pkey_ctx = NULL;

	evp_key = openssl_alloc_evpkey(priv);
	if (!evp_key) {
		printf("openssl_alloc_evpkey err\n");
		return RK_CRYPTO_ERR_OUT_OF_MEMORY;
	}

	pkey_ctx = EVP_PKEY_CTX_new(evp_key, NULL /* engine */);
	if (!pkey_ctx) {
		printf("EVP_PKEY_CTX_new err\n");
		return RK_CRYPTO_ERR_GENERIC;
	}

	if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
		printf("EVP_PKEY_encrypt_init err\n");
		goto exit;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
		printf("EVP_PKEY_CTX_set_rsa_padding err\n");
		goto exit;
	}

	if (padding == RSA_PKCS1_OAEP_PADDING) {
		if (!EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, digest_algorithm)) {
			printf("EVP_PKEY_CTX_set_rsa_oaep_md err\n");
			goto exit;
		}

		if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest_algorithm)) {
			printf("EVP_PKEY_CTX_set_rsa_mgf1_md err\n");
			goto exit;
		}
	}

	if (EVP_PKEY_decrypt(pkey_ctx, NULL /* out */, &tmp_len, in, in_len) <= 0) {
		printf("EVP_PKEY_decrypt err\n");
		goto exit;
	}
	if (EVP_PKEY_decrypt(pkey_ctx, out, &tmp_len, in, in_len) <= 0) {
		printf("EVP_PKEY_decrypt err\n");
		goto exit;
	}

	*out_len = (uint32_t)tmp_len;

	res = RK_CRYPTO_SUCCESS;
exit:
	if (res)
		openssl_dump_last_error();

	EVP_PKEY_CTX_free(pkey_ctx);
	openssl_free_evpkey(evp_key);

	return res;
}

static RK_RES openssl_sign(const uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len,
			   int padding, const EVP_MD *digest_algorithm, rk_rsa_priv_key_pack *priv)
{
	RK_RES res = RK_CRYPTO_ERR_GENERIC;
	size_t tmp_len = *out_len;
	EVP_PKEY_CTX *pkey_ctx;
	EVP_PKEY *evp_key = NULL;
	EVP_MD_CTX *digest_ctx = NULL;

	digest_ctx = EVP_MD_CTX_new();
	if (!digest_ctx) {
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	evp_key = openssl_alloc_evpkey(priv);
	if (!evp_key) {
		printf("openssl_alloc_evpkey err\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	if (EVP_DigestSignInit(digest_ctx, &pkey_ctx, digest_algorithm,
			       NULL /* engine */, evp_key) != 1) {
		printf("EVP_DigestSignInit err\n");
		goto exit;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
		printf("EVP_PKEY_CTX_set_rsa_padding err\n");
		goto exit;
	}

	if (padding == RSA_PKCS1_PSS_PADDING) {
		uint32_t saltlen = EVP_MD_size(digest_algorithm);

		if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, saltlen) <= 0) {
			printf("EVP_PKEY_CTX_set_rsa_pss_saltlen err\n");
			goto exit;
		}
	}

	if (EVP_DigestSignUpdate(digest_ctx, in, in_len) != 1) {
		printf("EVP_DigestSignUpdate err\n");
		goto exit;
	}
	if (EVP_DigestSignFinal(digest_ctx, NULL, &tmp_len) != 1) {
		printf("EVP_DigestSignFinal err\n");
		goto exit;
	}
	if (EVP_DigestSignFinal(digest_ctx, out, &tmp_len) <= 0) {
		printf("EVP_DigestSignFinal err\n");
		goto exit;
	}

	*out_len = (uint32_t)tmp_len;
	res = RK_CRYPTO_SUCCESS;
exit:
	if (res)
		openssl_dump_last_error();

	if (digest_ctx)
		EVP_MD_CTX_free(digest_ctx);

	openssl_free_evpkey(evp_key);

	return res;

}

static RK_RES openssl_verify(const uint8_t *in, uint32_t in_len, uint8_t *sign, uint32_t sign_len,
			     int padding, const EVP_MD *digest_algorithm, rk_rsa_priv_key_pack *priv)
{
	RK_RES res = RK_CRYPTO_ERR_GENERIC;
	EVP_PKEY_CTX *pkey_ctx;
	EVP_PKEY *evp_key = NULL;
	EVP_MD_CTX *digest_ctx = NULL;

	digest_ctx = EVP_MD_CTX_new();
	if (!digest_ctx) {
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	evp_key = openssl_alloc_evpkey(priv);
	if (!evp_key) {
		printf("openssl_alloc_evpkey err\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	if (EVP_DigestVerifyInit(digest_ctx, &pkey_ctx, digest_algorithm,
			       NULL /* engine */, evp_key) != 1) {
		printf("EVP_DigestVerifyInit err\n");
		goto exit;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) <= 0) {
		printf("EVP_PKEY_CTX_set_rsa_padding err\n");
		goto exit;
	}

	if (padding == RSA_PKCS1_PSS_PADDING) {
		uint32_t saltlen = EVP_MD_size(digest_algorithm);

		if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, saltlen) <= 0) {
			printf("EVP_PKEY_CTX_set_rsa_pss_saltlen err\n");
			goto exit;
		}
	}

	if (EVP_DigestVerifyUpdate(digest_ctx, in, in_len) != 1) {
		printf("EVP_DigestVerifyUpdate err\n");
		goto exit;
	}

	if (!EVP_DigestVerifyFinal(digest_ctx, sign, sign_len)) {
		printf("EVP_DigestVerifyFinal err\n");
		goto exit;
	}

	res = RK_CRYPTO_SUCCESS;
exit:
	if (res)
		openssl_dump_last_error();

	if (digest_ctx)
		EVP_MD_CTX_free(digest_ctx);

	openssl_free_evpkey(evp_key);

	return res;
}

#endif

static RK_RES get_hash_algo_from_padding(uint32_t padding, uint32_t *hlen, uint32_t *hash_algo)
{
	uint32_t shaalgo = RK_ALGO_SHA1;

	switch (padding) {
	case RK_RSA_CRYPT_PADDING_OAEP_SHA1:
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA1:
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA1:
		*hlen = SHA1_HASH_SIZE;
		shaalgo = RK_ALGO_SHA1;
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA224:
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA224:
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA224:
		*hlen = SHA224_HASH_SIZE;
		shaalgo = RK_ALGO_SHA224;
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA256:
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA256:
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA256:
		*hlen = SHA256_HASH_SIZE;
		shaalgo = RK_ALGO_SHA256;
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA384:
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA384:
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA384:
		*hlen = SHA384_HASH_SIZE;
		shaalgo = RK_ALGO_SHA384;
		break;
	case RK_RSA_CRYPT_PADDING_OAEP_SHA512:
	case RK_RSA_SIGN_PADDING_PKCS1_V15_SHA512:
	case RK_RSA_SIGN_PADDING_PKCS1_PSS_SHA512:
		*hlen = SHA512_HASH_SIZE;
		shaalgo = RK_ALGO_SHA512;
		break;
	default:
		D_TRACE("unknown padding %x", padding);
		*hlen = 0;
		shaalgo = 0;
		return RK_CRYPTO_ERR_PADDING;
	}

	*hash_algo = shaalgo;

	return RK_CRYPTO_SUCCESS;
}

static RK_RES calc_padding_digest(uint32_t padding, const uint8_t *data, uint32_t data_len,
				  uint8_t *digest)
{
	RK_RES res;
	uint32_t hash_algo, hash_len;
	rk_hash_config hash_cfg;
	rk_handle hash_hdl = 0;

	res = get_hash_algo_from_padding(padding, &hash_len, &hash_algo);
	if (res)
		goto exit;

	memset(&hash_cfg, 0x00, sizeof(hash_cfg));

	hash_cfg.algo = hash_algo;

	res = rk_hash_init(&hash_cfg, &hash_hdl);
	if (res)
		goto exit;

	if (data && data_len != 0) {
		res = rk_hash_update_virt(hash_hdl, data, data_len);
		if (res) {
			rk_hash_final(hash_hdl, NULL);
			goto exit;
		}
	}

	res = rk_hash_final(hash_hdl, digest);
exit:
	if (res)
		D_TRACE("digest error.");

	return res;
}

static RK_RES test_rsa_pub_enc(uint32_t padding, const char *padding_name,
			       uint32_t nbits, uint32_t data_len, int verbose)
{
	RK_RES res = RK_CRYPTO_SUCCESS;
	uint8_t  *data = NULL;
	uint8_t  *enc_buf = NULL;
	uint8_t  *dec_buf = NULL;
	uint32_t out_len, nbytes = nbits / 8;
	rk_rsa_pub_key_pack pub_key;
	rk_rsa_priv_key_pack priv_key;

	data = (uint8_t *)malloc(data_len);
	if (!data) {
		printf("malloc for data failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	memset(data, 0xab, data_len);
	/* make sure data < n */
	data[0] = 0x11;

	enc_buf = (uint8_t *)malloc(nbytes);
	if (!enc_buf) {
		printf("malloc for enc_buf failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	dec_buf = (uint8_t *)malloc(nbytes);
	if (!dec_buf) {
		printf("malloc for dec_buf failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	test_init_pubkey(&pub_key, nbits);
	test_init_privkey(&priv_key, nbits);

	res = rk_rsa_pub_encrypt(&pub_key, padding, data, data_len, enc_buf, &out_len);
	if (res) {
		if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
		    res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
			printf("rk_rsa_pub_encrypt failed %x\n", res);
		goto exit;
	}

#ifdef RSA_OPENSSL_COMPRAE
	int ssl_padding;
	const EVP_MD *digest_md;

	if (rk2ssl_padding(padding, &ssl_padding, &digest_md) == RK_CRYPTO_SUCCESS) {
		res = openssl_decrypt(enc_buf, out_len, dec_buf, &out_len,
				      ssl_padding, digest_md, &priv_key);
		if (res) {
			printf("openssl_decrypt error!\n");
			goto exit;
		}

		if (out_len != data_len || memcmp(data, dec_buf, data_len)) {
			printf("rk_rsa_pub_encrypt not match openssl_decrypt\n");
			test_dump_hex("result", dec_buf, out_len);
			test_dump_hex("expect", data, data_len);
			res = RK_CRYPTO_ERR_GENERIC;
			goto exit;
		}

		res = openssl_encrypt(data, data_len, enc_buf, &out_len,
				      ssl_padding, digest_md, &priv_key);
		if (res) {
			printf("openssl_encrypt error!\n");
			goto exit;
		}
	}
#endif
	res = rk_rsa_priv_decrypt(&priv_key, padding, enc_buf, out_len, dec_buf, &out_len);
	if (res) {
		printf("rk_rsa_priv_decrypt failed %x\n", res);
		goto exit;
	}

	if (data_len != out_len || memcmp(dec_buf, data, data_len)) {
		printf("rk_rsa_priv_decrypt compare failed\n");
		test_dump_hex("result", enc_buf, out_len);
		test_dump_hex("expect", data, data_len);
		res = RK_CRYPTO_ERR_GENERIC;
		goto exit;
	}

exit:
	if (data)
		free(data);

	if (enc_buf)
		free(enc_buf);

	if (dec_buf)
		free(dec_buf);

	if (res == RK_CRYPTO_ERR_NOT_SUPPORTED ||
	    res == RK_CRYPTO_ERR_PADDING_OVERFLOW) {
		TEST_END_NA(nbits, padding_name);
		res = RK_CRYPTO_SUCCESS;
	} else if (res) {
		TEST_END_FAIL(nbits, padding_name);
	} else {
		TEST_END_PASS(nbits, padding_name);
	}

	return res;
}

static RK_RES test_rsa_priv_enc(uint32_t padding, const char *padding_name,
				uint32_t nbits, uint32_t data_len, int verbose)
{
	RK_RES res = RK_CRYPTO_SUCCESS;
	uint8_t  *data = NULL;
	uint8_t  *enc_buf = NULL;
	uint8_t  *dec_buf = NULL;
	uint32_t out_len, nbytes = nbits / 8;
	rk_rsa_pub_key_pack pub_key;
	rk_rsa_priv_key_pack priv_key;

	data = (uint8_t *)malloc(data_len);
	if (!data) {
		printf("malloc for data failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	memset(data, 0xab, data_len);
	/* make sure data < n */
	data[0] = 0x11;

	enc_buf = (uint8_t *)malloc(nbytes);
	if (!enc_buf) {
		printf("malloc for enc_buf failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	dec_buf = (uint8_t *)malloc(nbytes);
	if (!dec_buf) {
		printf("malloc for dec_buf failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	test_init_pubkey(&pub_key, nbits);
	test_init_privkey(&priv_key, nbits);

	res = rk_rsa_priv_encrypt(&priv_key, padding, data, data_len, enc_buf, &out_len);
	if (res) {
		if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
		    res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
			printf("rk_rsa_priv_encrypt failed %x\n", res);
		goto exit;
	}

	res = rk_rsa_pub_decrypt(&pub_key, padding, enc_buf, out_len, dec_buf, &out_len);
	if (res) {
		printf("rk_rsa_pub_decrypt failed %x\n", res);
		goto exit;
	}

	if (data_len != out_len || memcmp(dec_buf, data, data_len)) {
		printf("rk_rsa_pub_decrypt compare failed\n");
		test_dump_hex("result", enc_buf, out_len);
		test_dump_hex("expect", data, data_len);
		res = RK_CRYPTO_ERR_GENERIC;
		goto exit;
	}

exit:
	if (data)
		free(data);

	if (enc_buf)
		free(enc_buf);

	if (dec_buf)
		free(dec_buf);

	if (res == RK_CRYPTO_ERR_NOT_SUPPORTED ||
	    res == RK_CRYPTO_ERR_PADDING_OVERFLOW) {
		TEST_END_NA(nbits, padding_name);
		res = RK_CRYPTO_SUCCESS;
	} else if (res) {
		TEST_END_FAIL(nbits, padding_name);
	} else {
		TEST_END_PASS(nbits, padding_name);
	}

	return res;
}

static RK_RES test_rsa_sign_common(uint32_t padding, const char *padding_name,
				   uint32_t nbits, const uint8_t *in, uint32_t in_len,
				   const uint8_t *hash, int verbose)
{
	RK_RES res = RK_CRYPTO_SUCCESS;
	uint8_t  *sign = NULL;
	uint32_t sign_len, nbytes = nbits / 8;
	const char *test_name = hash ? "test_rsa_sign_digest" : "test_rsa_sign_data";
	rk_rsa_pub_key_pack pub_key;
	rk_rsa_priv_key_pack priv_key;

	sign = (uint8_t *)malloc(nbytes);
	if (!sign) {
		printf("malloc for sign failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	test_init_pubkey(&pub_key, nbits);
	test_init_privkey(&priv_key, nbits);

	res = rk_rsa_sign(&priv_key, padding, in, in_len, hash, sign, &sign_len);
	if (res) {
		if (res != RK_CRYPTO_ERR_NOT_SUPPORTED &&
		    res != RK_CRYPTO_ERR_PADDING_OVERFLOW)
			printf("rk_rsa_sign failed %x\n", res);
		else {
			res = RK_CRYPTO_SUCCESS;

			if (verbose) {
				printf("******** %-20s %u\t%-16s test N/A  !!! ********\n",
				       "test_rsa_sign_data", nbits, padding_name);
				printf("******** %-20s %u\t%-16s test N/A  !!! ********\n",
				       "test_rsa_sign_digest", nbits, padding_name);
			}
		}
		goto exit;
	}

#ifdef RSA_OPENSSL_COMPRAE
	int ssl_padding;
	const EVP_MD *digest_md;

	if (rk2ssl_padding(padding, &ssl_padding, &digest_md) == RK_CRYPTO_SUCCESS) {
		res = openssl_verify(in, in_len, sign, sign_len, ssl_padding, digest_md, &priv_key);
		if (res) {
			printf("openssl_verify error!\n");
			goto exit;
		}

		res = openssl_sign(in, in_len, sign, &sign_len,
			ssl_padding, digest_md, &priv_key);
		if (res) {
			printf("openssl_sign error!\n");
			goto exit;
		}
	}
#endif

	res = rk_rsa_verify(&pub_key, padding, in, in_len, hash, sign, sign_len);
	if (res) {
		printf("rk_rsa_verify failed %x\n", res);
		goto exit;
	}

	/* modify sign data to make it wrong */
	*sign += 1;
	res = rk_rsa_verify(&pub_key, padding, in, in_len, hash, sign, sign_len);
	if (res != RK_CRYPTO_ERR_VERIFY) {
		printf("rk_rsa_verify should be RK_CRYPTO_ERR_VERIFY but %x\n", res);
		goto exit;
	}

	res = RK_CRYPTO_SUCCESS;

	if (verbose)
		printf("******** %-20s %u\t%-16s test PASS !!! ********\n",
		       test_name, nbits, padding_name);

exit:
	if (sign)
		free(sign);

	if (res && verbose)
		printf("******** %-20s %u\t%-16s test FAIL !!! ********\n",
		       test_name, nbits, padding_name);

	return res;
}

static RK_RES test_rsa_sign(uint32_t padding, const char *padding_name,
			    uint32_t nbits, uint32_t in_len, int verbose)
{
	RK_RES res;
	uint8_t  *data = NULL;
	uint8_t digest[SHA512_HASH_SIZE];

	data = (uint8_t *)malloc(in_len);
	if (!data) {
		printf("malloc for data failed\n");
		res = RK_CRYPTO_ERR_OUT_OF_MEMORY;
		goto exit;
	}

	memset(data, 0xab, in_len);
	memset(digest, 0x00, sizeof(digest));

	res = calc_padding_digest(padding, data, in_len, digest);
	if (res) {
		if (res == RK_CRYPTO_ERR_NOT_SUPPORTED) {
			if (verbose) {
				printf("******** %-20s %u\t%-16s test N/A  !!! ********\n",
				       "test_rsa_sign_data", nbits, padding_name);
				printf("******** %-20s %u\t%-16s test N/A  !!! ********\n",
				       "test_rsa_sign_digest", nbits, padding_name);
			}
			res = RK_CRYPTO_SUCCESS;
			goto exit;
		}

		printf("calc_padding_digest %x\n", res);
		goto exit;
	}

	res = test_rsa_sign_common(padding, padding_name, nbits, data, in_len,
				   NULL, verbose);

	if (res) {
		printf("test_rsa_sign data failed %x\n", res);
		goto exit;
	}

	res = test_rsa_sign_common(padding, padding_name, nbits, data, in_len,
				   digest, verbose);

	if (res) {
		printf("test_rsa_sign digest failed %x\n", res);
		goto exit;
	}

exit:
	if (data)
		free(data);

	return res;
}

RK_RES test_rsa(int verbose)
{
	RK_RES res = RK_CRYPTO_ERR_GENERIC;
	uint32_t i, j, data_size;
	uint32_t rsa_key_nbits[] = {
		RSA_BITS_1024,
		RSA_BITS_2048,
		RSA_BITS_3072,
		RSA_BITS_4096,
	};

	res = rk_crypto_init();
	if (res) {
		printf("rk_crypto_init error %08x\n", res);
		return res;
	}

	for (i = 0; i < ARRAY_SIZE(rsa_key_nbits); i++) {
		/* verbose == 0 means alled by the stress test, only test RSA 2048 */
		if (!verbose && rsa_key_nbits[i] != RSA_BITS_2048)
			continue;

		for (j = 0; j < ARRAY_SIZE(test_rsa_tbl); j++) {
			if (!test_rsa_tbl[j].do_test) {
				if (verbose)
					printf("\n");

				continue;
			}

			data_size =  test_rsa_tbl[j].data_size ? : (rsa_key_nbits[i] / 8);
			res = test_rsa_tbl[j].do_test(test_rsa_tbl[j].padding,
						      test_rsa_tbl[j].padding_name,
						      rsa_key_nbits[i],
						      data_size,
						      verbose);
			if (res)
				goto exit;
		}

		if (verbose)
			printf("\n");
	}
exit:
	rk_crypto_deinit();
	return res;
}