testutils.c 31.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
12
13
#include <ctype.h>

14
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
15
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
#if WITH_HOGWEED
  gmp_vfprintf(stderr, format, args);
#else
  vfprintf(stderr, format, args);
#endif
  va_end(args);

  abort ();
}

50
51
52
53
void *
xalloc(size_t size)
{
  void *p = malloc(size);
54
  if (size && !p)
55
56
57
58
59
60
61
62
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

63
64
65
static struct tstring *tstring_first = NULL;

struct tstring *
Niels Möller's avatar
Niels Möller committed
66
tstring_alloc (size_t length)
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{
  struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
  s->length = length;
  s->next = tstring_first;
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
Niels Möller's avatar
Niels Möller committed
87
tstring_data(size_t length, const char *data)
88
89
90
91
92
93
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

Niels Möller's avatar
Niels Möller committed
94
static size_t
95
96
97
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
98
99
  size_t count;
  size_t i;
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

115
static void
116
117
118
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
119
  size_t i = 0;
120
  
Niels Möller's avatar
Niels Möller committed
121
122
123
124
  for (;;)
  {
    int high, low;
    
125
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
126
127
128
      hex++;

    if (!*hex)
129
      return;
Niels Möller's avatar
Niels Möller committed
130

131
    high = hex_digits[*hex++];
132
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
133

134
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
135
136
      hex++;

137
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
138

139
    low = hex_digits[*hex++];
140
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
141
142
143
144
145

    dst[i++] = (high << 4) | low;
  }
}

146
147
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
148
{
149
  struct tstring *s;
Niels Möller's avatar
Niels Möller committed
150
  size_t length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
151

152
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
153

154
155
156
157
158
159
160
161
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
162
}
163

164
void
Niels Möller's avatar
Niels Möller committed
165
print_hex(size_t length, const uint8_t *data)
166
{
Niels Möller's avatar
Niels Möller committed
167
  size_t i;
168
169
170
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
171
172
173
174
175
176
177
178
179
180
181
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
182
183
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
184
  printf("\n");
185
186
}

Niels Möller's avatar
Niels Möller committed
187
188
189
190
191
int verbose = 0;

int
main(int argc, char **argv)
{
192
193
  if (argc > 1)
    {
194
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
195
	verbose = 1;
196
197
198
199
200
201
202
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
203

204
205
206
207
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
208
209
}

210
211
void
test_cipher(const struct nettle_cipher *cipher,
212
213
214
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
215
{
216
  void *ctx = xalloc(cipher->context_size);
217
  uint8_t *data = xalloc(cleartext->length);
Niels Möller's avatar
Niels Möller committed
218
  size_t length;
219
220
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
221

222
223
  cipher->set_encrypt_key(ctx, key->length, key->data);
  cipher->encrypt(ctx, length, data, cleartext->data);
224

225
  if (!MEMEQ(length, data, ciphertext->data))
226
227
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
228
      tstring_print_hex(cleartext);
229
230
231
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
232
      tstring_print_hex(ciphertext);
233
234
235
      fprintf(stderr, "\n");
      FAIL();
    }
236
  cipher->set_decrypt_key(ctx, key->length, key->data);
237
238
  cipher->decrypt(ctx, length, data, data);

239
  if (!MEMEQ(length, data, cleartext->data))
240
241
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
242
      tstring_print_hex(ciphertext);
243
244
245
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
246
      tstring_print_hex(cleartext);
247
248
249
      fprintf(stderr, "\n");
      FAIL();
    }
250
251
252

  free(ctx);
  free(data);
253
254
255
256
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
257
258
259
260
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
261
{
262
  void *ctx = xalloc(cipher->context_size);
263
  uint8_t *data;
264
  uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
265
  size_t length;
266
267
268
269
270
271
272
273
274

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
275
276
277

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
278
	      length, data, cleartext->data);
279

280
  if (!MEMEQ(length, data, ciphertext->data))
281
282
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
283
      tstring_print_hex(cleartext);
284
285
286
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
287
      tstring_print_hex(ciphertext);
288
289
290
      fprintf(stderr, "\n");
      FAIL();
    }
291
292
  cipher->set_decrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
293
294
295
296
297

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

298
  if (!MEMEQ(length, data, cleartext->data))
299
300
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
301
      tstring_print_hex(ciphertext);
302
303
304
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
305
      tstring_print_hex(cleartext);
306
307
308
      fprintf(stderr, "\n");
      FAIL();
    }
309

310
311
312
  free(ctx);
  free(data);
  free(iv);
313
314
}

315
316
void
test_cipher_ctr(const struct nettle_cipher *cipher,
317
318
319
320
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
321
322
{
  void *ctx = xalloc(cipher->context_size);
323
  uint8_t *data;
324
  uint8_t *ctr = xalloc(cipher->block_size);
325
  uint8_t *octr = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
326
327
  size_t length, nblocks;
  unsigned low;
328
329
330
331
332

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (ictr->length == cipher->block_size);
333
334
335
336
337
338
339
340
341
342
343
344

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

345
346
347
348
  data = xalloc(length);  

  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(ctr, ictr->data, cipher->block_size);
349
350
351

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
352
	    length, data, cleartext->data);
353

354
  if (!MEMEQ(length, data, ciphertext->data))
355
356
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
357
      tstring_print_hex(cleartext);
358
359
360
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
361
      tstring_print_hex(ciphertext);
362
363
364
      fprintf(stderr, "\n");
      FAIL();
    }
365

366
367
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

368
  memcpy(ctr, ictr->data, cipher->block_size);
369
370
371
372
373

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

374
  if (!MEMEQ(length, data, cleartext->data))
375
376
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
377
      tstring_print_hex(ciphertext);
378
379
380
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
381
      tstring_print_hex(cleartext);
382
383
384
      fprintf(stderr, "\n");
      FAIL();
    }
385

386
387
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

388
389
  free(ctx);
  free(data);
390
  free(octr);
391
392
393
  free(ctr);
}

394
395
void
test_cipher_stream(const struct nettle_cipher *cipher,
396
397
398
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
399
{
Niels Möller's avatar
Niels Möller committed
400
  size_t block;
401
  
402
  void *ctx = xalloc(cipher->context_size);
403
  uint8_t *data;
Niels Möller's avatar
Niels Möller committed
404
  size_t length;
405
406
407
408
409
410

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

411
412
  for (block = 1; block <= length; block++)
    {
Niels Möller's avatar
Niels Möller committed
413
      size_t i;
414
415

      memset(data, 0x17, length + 1);
416
      cipher->set_encrypt_key(ctx, key->length, key->data);
417
418
419

      for (i = 0; i + block < length; i += block)
	{
420
421
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
422
	}
423

424
425
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
426
      
427
      if (!MEMEQ(length, data, ciphertext->data))
428
	{
Niels Möller's avatar
Niels Möller committed
429
430
	  fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
		  (unsigned long) block);
431
	  tstring_print_hex(cleartext);
432
433
434
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
435
	  tstring_print_hex(ciphertext);
436
437
438
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
439
440
    }
  
441
  cipher->set_decrypt_key(ctx, key->length, key->data);
442
443
  cipher->decrypt(ctx, length, data, data);

444
  ASSERT (data[length] == 0x17);
445

446
  if (!MEMEQ(length, data, cleartext->data))
447
448
    {
      fprintf(stderr, "Decrypt failed\nInput:");
449
      tstring_print_hex(ciphertext);
450
451
452
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
453
      tstring_print_hex(cleartext);
454
455
456
      fprintf(stderr, "\n");
      FAIL();	    
    }
457
458
459

  free(ctx);
  free(data);
460
461
}

462
463
void
test_aead(const struct nettle_aead *aead,
464
465
466
467
468
469
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
470
471
{
  void *ctx = xalloc(aead->context_size);
472
  uint8_t *data;
473
  uint8_t *buffer = xalloc(aead->block_size);
Niels Möller's avatar
Niels Möller committed
474
  size_t length;
475
476
477

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
478

479
480
481
482
  ASSERT (digest->length == aead->block_size);

  data = xalloc(length);
  
483
484
  /* encryption */
  memset(buffer, 0, aead->block_size);
485
  aead->set_key(ctx, key->length, key->data);
486

487
  aead->set_iv(ctx, iv->length, iv->data);
488

489
490
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
491
492
    
  if (length)
493
    aead->encrypt(ctx, length, data, cleartext->data);
494
495
496

  aead->digest(ctx, aead->block_size, buffer);

497
498
  ASSERT(MEMEQ(length, data, ciphertext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
499
500
501

  /* decryption */
  memset(buffer, 0, aead->block_size);
502
  aead->set_iv(ctx, iv->length, iv->data);
503

504
505
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
506
507
508
509
510
511
    
  if (length)
    aead->decrypt(ctx, length, data, data);

  aead->digest(ctx, aead->block_size, buffer);

512
513
  ASSERT(MEMEQ(length, data, cleartext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
514
515
516
517
518
519

  free(ctx);
  free(data);
  free(buffer);
}

520
521
void
test_hash(const struct nettle_hash *hash,
522
523
	  const struct tstring *msg,
	  const struct tstring *digest)
524
{
525
526
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
527
528
  uint8_t *input;
  unsigned offset;
529

530
531
  ASSERT (digest->length == hash->digest_size);

532
  hash->init(ctx);
533
  hash->update(ctx, msg->length, msg->data);
534
535
  hash->digest(ctx, hash->digest_size, buffer);

536
537
538
539
540
541
542
543
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
544
545
546
547

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
548
  hash->update(ctx, msg->length, msg->data);
549
550
  hash->digest(ctx, hash->digest_size - 1, buffer);

551
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
552

553
  ASSERT(buffer[hash->digest_size - 1] == 0);
554

555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
  input = xalloc (msg->length + 16);
  for (offset = 0; offset < 16; offset++)
    {
      memset (input, 0, msg->length + 16);
      memcpy (input + offset, msg->data, msg->length);
      hash->update (ctx, msg->length, input + offset);
      hash->digest (ctx, hash->digest_size, buffer);
      if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
	{
	  fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
	  print_hex(hash->digest_size, buffer);
	  fprintf(stdout, "\nExpected:\n");
	  print_hex(hash->digest_size, digest->data);
	  abort();
	}      
    }
571
572
  free(ctx);
  free(buffer);
573
  free(input);
574
}
575

576
577
void
test_hash_large(const struct nettle_hash *hash,
Niels Möller's avatar
Niels Möller committed
578
		size_t count, size_t length,
579
		uint8_t c,
580
		const struct tstring *digest)
581
582
583
584
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
Niels Möller's avatar
Niels Möller committed
585
  size_t i;
586

587
588
  ASSERT (digest->length == hash->digest_size);

589
590
591
592
593
594
595
596
597
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
    hash->update(ctx, length, data);
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

598
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
599
600
601
602
603
604

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
605
606
void
test_armor(const struct nettle_armor *armor,
Niels Möller's avatar
Niels Möller committed
607
           size_t data_length,
Niels Möller's avatar
Niels Möller committed
608
609
610
           const uint8_t *data,
           const uint8_t *ascii)
{
611
  size_t ascii_length = strlen(ascii);
612
613
614
615
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
616
  size_t done;
617
618
619
620

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
621
622
  
  memset(buffer, 0x33, 1 + ascii_length);
623
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
624

625
626
627
628
629
630
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

631
632
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
633

634
  armor->decode_init(decode);
635
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
636

637
638
639
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
640
  
641
642
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
643
644
645
646
647

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
648
649
}

650
651
652
653
#if WITH_HOGWEED

#ifndef mpz_combit
/* Missing in older gmp */
654
static void
655
mpz_combit (mpz_t x, unsigned long int bit)
656
657
658
659
660
661
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
662
#endif
663

Niels Möller's avatar
Niels Möller committed
664
665
666
667
668
669
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

670
#define SIGN(key, hash, msg, signature) do {		\
671
  hash##_update(&hash, LDATA(msg));		\
672
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
673
674
675
676
677
678
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
679

680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

729
  ASSERT (rsa_public_key_prepare(pub));
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

767
768
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
769
770
}

771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

791
  ASSERT (mpz_cmp(signature, expected) == 0);
792
793
  
  /* Try bad data */
794
795
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
796
797

  /* Try correct data */
798
799
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
800
801

  /* Try bad signature */
802
  mpz_combit(signature, 17);
803
804
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
805
806
807
808
809
810

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
811
812
	      struct rsa_private_key *key,
	      mpz_t expected)
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

829
  ASSERT (mpz_cmp(signature, expected) == 0);
830
831
  
  /* Try bad data */
832
833
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
834
835

  /* Try correct data */
836
837
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
838
839

  /* Try bad signature */
840
  mpz_combit(signature, 17);
841
842
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
843
844
845

  mpz_clear(signature);
}
846

847
848
void
test_rsa_sha256(struct rsa_public_key *pub,
849
850
		struct rsa_private_key *key,
		mpz_t expected)
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

867
  ASSERT (mpz_cmp(signature, expected) == 0);
868
869
  
  /* Try bad data */
870
871
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
872
873

  /* Try correct data */
874
875
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
876
877

  /* Try bad signature */
878
  mpz_combit(signature, 17);
879
880
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
881
882
883
884

  mpz_clear(signature);
}

885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

905
  ASSERT (mpz_cmp(signature, expected) == 0);
906
907
  
  /* Try bad data */
908
909
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
910
911

  /* Try correct data */
912
913
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
914
915

  /* Try bad signature */
916
  mpz_combit(signature, 17);
917
918
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
919
920
921
922

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
923
924
925
#undef SIGN
#undef VERIFY

926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
960
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
961
962
963
964

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
965
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
966
967
968
969
970
971
972
973
974

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
975
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
976
977
978
979
980

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
981
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
982
983
984
985
986
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
987
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
988
989
990
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
991

992
993
994
995
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
996
997

void
998
test_dsa160(const struct dsa_public_key *pub,
999
1000
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
1011
1012
1013
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
1014

Niels Möller's avatar
Niels Möller committed
1015
1016
  if (verbose)
    {
1017
1018
1019
1020
1021
1022
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
1023
1024

  if (expected)
1025
1026
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
1027
1028
  
  /* Try bad data */
1029
1030
1031
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1032
1033

  /* Try correct data */
1034
1035
1036
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
1037
1038

  /* Try bad signature */
1039
  mpz_combit(signature.r, 17);
1040
1041
1042
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1043
1044
1045
1046
1047
1048

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1049
1050
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1068
1069
1070
1071
1072
1073
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1074
  if (expected)
1075
1076
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1077
1078