testutils.c 34.6 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
12
13
#include <ctype.h>

14
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
15
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
#if WITH_HOGWEED
  gmp_vfprintf(stderr, format, args);
#else
  vfprintf(stderr, format, args);
#endif
  va_end(args);

  abort ();
}

50
51
52
53
void *
xalloc(size_t size)
{
  void *p = malloc(size);
54
  if (size && !p)
55
56
57
58
59
60
61
62
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

63
64
65
static struct tstring *tstring_first = NULL;

struct tstring *
Niels Möller's avatar
Niels Möller committed
66
tstring_alloc (size_t length)
67
{
Niels Möller's avatar
Niels Möller committed
68
  struct tstring *s = xalloc(sizeof(struct tstring) + length);
69
70
  s->length = length;
  s->next = tstring_first;
Niels Möller's avatar
Niels Möller committed
71
72
  /* NUL-terminate, for convenience. */
  s->data[length] = '\0';
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
Niels Möller's avatar
Niels Möller committed
89
tstring_data(size_t length, const char *data)
90
91
92
93
94
95
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

Niels Möller's avatar
Niels Möller committed
96
static size_t
97
98
99
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
100
101
  size_t count;
  size_t i;
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

117
static void
118
119
120
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
121
  size_t i = 0;
122
  
Niels Möller's avatar
Niels Möller committed
123
124
125
126
  for (;;)
  {
    int high, low;
    
127
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
128
129
130
      hex++;

    if (!*hex)
131
      return;
Niels Möller's avatar
Niels Möller committed
132

133
    high = hex_digits[*hex++];
134
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
135

136
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
137
138
      hex++;

139
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
140

141
    low = hex_digits[*hex++];
142
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
143
144
145
146
147

    dst[i++] = (high << 4) | low;
  }
}

148
149
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
150
{
151
  struct tstring *s;
Niels Möller's avatar
Niels Möller committed
152
  size_t length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
153

154
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
155

156
157
158
159
160
161
162
163
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
164
}
165

166
void
Niels Möller's avatar
Niels Möller committed
167
print_hex(size_t length, const uint8_t *data)
168
{
Niels Möller's avatar
Niels Möller committed
169
  size_t i;
170
171
172
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
173
174
175
176
177
178
179
180
181
182
183
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
184
185
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
186
  printf("\n");
187
188
}

Niels Möller's avatar
Niels Möller committed
189
190
191
192
193
int verbose = 0;

int
main(int argc, char **argv)
{
194
195
  if (argc > 1)
    {
196
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
197
	verbose = 1;
198
199
200
201
202
203
204
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
205

206
207
208
209
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
210
211
}

212
213
void
test_cipher(const struct nettle_cipher *cipher,
214
215
216
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
217
{
218
  void *ctx = xalloc(cipher->context_size);
219
  uint8_t *data = xalloc(cleartext->length);
Niels Möller's avatar
Niels Möller committed
220
  size_t length;
221
222
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
223

224
225
  ASSERT (key->length == cipher->key_size);
  cipher->set_encrypt_key(ctx, key->data);
226
  cipher->encrypt(ctx, length, data, cleartext->data);
227

228
  if (!MEMEQ(length, data, ciphertext->data))
229
230
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
231
      tstring_print_hex(cleartext);
232
233
234
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
235
      tstring_print_hex(ciphertext);
236
237
238
      fprintf(stderr, "\n");
      FAIL();
    }
239
  cipher->set_decrypt_key(ctx, key->data);
240
241
  cipher->decrypt(ctx, length, data, data);

242
  if (!MEMEQ(length, data, cleartext->data))
243
244
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
245
      tstring_print_hex(ciphertext);
246
247
248
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
249
      tstring_print_hex(cleartext);
250
251
252
      fprintf(stderr, "\n");
      FAIL();
    }
253
254
255

  free(ctx);
  free(data);
256
257
258
259
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
260
261
262
263
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
264
{
265
  void *ctx = xalloc(cipher->context_size);
266
  uint8_t *data;
267
  uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
268
  size_t length;
269
270
271
272

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

273
  ASSERT (key->length == cipher->key_size);
274
275
276
  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
277
  cipher->set_encrypt_key(ctx, key->data);
278
  memcpy(iv, iiv->data, cipher->block_size);
279
280
281

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
282
	      length, data, cleartext->data);
283

284
  if (!MEMEQ(length, data, ciphertext->data))
285
286
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
287
      tstring_print_hex(cleartext);
288
289
290
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
291
      tstring_print_hex(ciphertext);
292
293
294
      fprintf(stderr, "\n");
      FAIL();
    }
295
  cipher->set_decrypt_key(ctx, key->data);
296
  memcpy(iv, iiv->data, cipher->block_size);
297
298
299
300
301

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

302
  if (!MEMEQ(length, data, cleartext->data))
303
304
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
305
      tstring_print_hex(ciphertext);
306
307
308
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
309
      tstring_print_hex(cleartext);
310
311
312
      fprintf(stderr, "\n");
      FAIL();
    }
313

314
315
316
  free(ctx);
  free(data);
  free(iv);
317
318
}

319
320
void
test_cipher_ctr(const struct nettle_cipher *cipher,
321
322
323
324
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
325
326
{
  void *ctx = xalloc(cipher->context_size);
327
  uint8_t *data;
328
  uint8_t *ctr = xalloc(cipher->block_size);
329
  uint8_t *octr = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
330
331
  size_t length, nblocks;
  unsigned low;
332
333
334
335

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

336
  ASSERT (key->length == cipher->key_size);
337
  ASSERT (ictr->length == cipher->block_size);
338
339
340
341
342
343
344
345
346
347
348
349

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

350
351
  data = xalloc(length);  

352
  cipher->set_encrypt_key(ctx, key->data);
353
  memcpy(ctr, ictr->data, cipher->block_size);
354
355
356

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
357
	    length, data, cleartext->data);
358

359
  if (!MEMEQ(length, data, ciphertext->data))
360
361
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
362
      tstring_print_hex(cleartext);
363
364
365
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
366
      tstring_print_hex(ciphertext);
367
368
369
      fprintf(stderr, "\n");
      FAIL();
    }
370

371
372
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

373
  memcpy(ctr, ictr->data, cipher->block_size);
374
375
376
377
378

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

379
  if (!MEMEQ(length, data, cleartext->data))
380
381
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
382
      tstring_print_hex(ciphertext);
383
384
385
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
386
      tstring_print_hex(cleartext);
387
388
389
      fprintf(stderr, "\n");
      FAIL();
    }
390

391
392
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

393
394
  free(ctx);
  free(data);
395
  free(octr);
396
397
398
  free(ctr);
}

399
#if 0
400
401
void
test_cipher_stream(const struct nettle_cipher *cipher,
402
403
404
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
405
{
Niels Möller's avatar
Niels Möller committed
406
  size_t block;
407
  
408
  void *ctx = xalloc(cipher->context_size);
409
  uint8_t *data;
Niels Möller's avatar
Niels Möller committed
410
  size_t length;
411
412
413
414
415
416

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

417
418
  for (block = 1; block <= length; block++)
    {
Niels Möller's avatar
Niels Möller committed
419
      size_t i;
420
421

      memset(data, 0x17, length + 1);
422
      cipher->set_encrypt_key(ctx, key->length, key->data);
423
424
425

      for (i = 0; i + block < length; i += block)
	{
426
427
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
428
	}
429

430
431
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
432
      
433
      if (!MEMEQ(length, data, ciphertext->data))
434
	{
Niels Möller's avatar
Niels Möller committed
435
436
	  fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
		  (unsigned long) block);
437
	  tstring_print_hex(cleartext);
438
439
440
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
441
	  tstring_print_hex(ciphertext);
442
443
444
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
445
446
    }
  
447
  cipher->set_decrypt_key(ctx, key->length, key->data);
448
449
  cipher->decrypt(ctx, length, data, data);

450
  ASSERT (data[length] == 0x17);
451

452
  if (!MEMEQ(length, data, cleartext->data))
453
454
    {
      fprintf(stderr, "Decrypt failed\nInput:");
455
      tstring_print_hex(ciphertext);
456
457
458
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
459
      tstring_print_hex(cleartext);
460
461
462
      fprintf(stderr, "\n");
      FAIL();	    
    }
463
464
465

  free(ctx);
  free(data);
466
}
467
#endif
468

469
470
void
test_aead(const struct nettle_aead *aead,
471
472
473
474
475
476
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
477
478
{
  void *ctx = xalloc(aead->context_size);
479
  uint8_t *data;
480
  uint8_t *buffer = xalloc(aead->block_size);
Niels Möller's avatar
Niels Möller committed
481
  size_t length;
482
483
484

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
485

486
  ASSERT (key->length == aead->key_size);
487
  ASSERT (digest->length <= aead->block_size);
488
489
490

  data = xalloc(length);
  
491
492
  /* encryption */
  memset(buffer, 0, aead->block_size);
493
  aead->set_key(ctx, key->data);
494

495
  aead->set_iv(ctx, iv->length, iv->data);
496

497
498
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
499
500
    
  if (length)
501
    aead->encrypt(ctx, length, data, cleartext->data);
502

503
  aead->digest(ctx, digest->length, buffer);
504

505
  ASSERT(MEMEQ(length, data, ciphertext->data));
506
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
507
508
509

  /* decryption */
  memset(buffer, 0, aead->block_size);
510
  aead->set_iv(ctx, iv->length, iv->data);
511

512
513
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
514
515
516
517
    
  if (length)
    aead->decrypt(ctx, length, data, data);

518
  aead->digest(ctx, digest->length, buffer);
519

520
  ASSERT(MEMEQ(length, data, cleartext->data));
521
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
522
523
524
525
526
527

  free(ctx);
  free(data);
  free(buffer);
}

528
529
void
test_hash(const struct nettle_hash *hash,
530
531
	  const struct tstring *msg,
	  const struct tstring *digest)
532
{
533
534
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
535
536
  uint8_t *input;
  unsigned offset;
537

538
539
  ASSERT (digest->length == hash->digest_size);

540
  hash->init(ctx);
541
  hash->update(ctx, msg->length, msg->data);
542
543
  hash->digest(ctx, hash->digest_size, buffer);

544
545
546
547
548
549
550
551
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
552
553
554
555

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
556
  hash->update(ctx, msg->length, msg->data);
557
558
  hash->digest(ctx, hash->digest_size - 1, buffer);

559
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
560

561
  ASSERT(buffer[hash->digest_size - 1] == 0);
562

563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
  input = xalloc (msg->length + 16);
  for (offset = 0; offset < 16; offset++)
    {
      memset (input, 0, msg->length + 16);
      memcpy (input + offset, msg->data, msg->length);
      hash->update (ctx, msg->length, input + offset);
      hash->digest (ctx, hash->digest_size, buffer);
      if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
	{
	  fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
	  print_hex(hash->digest_size, buffer);
	  fprintf(stdout, "\nExpected:\n");
	  print_hex(hash->digest_size, digest->data);
	  abort();
	}      
    }
579
580
  free(ctx);
  free(buffer);
581
  free(input);
582
}
583

584
585
void
test_hash_large(const struct nettle_hash *hash,
Niels Möller's avatar
Niels Möller committed
586
		size_t count, size_t length,
587
		uint8_t c,
588
		const struct tstring *digest)
589
590
591
592
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
Niels Möller's avatar
Niels Möller committed
593
  size_t i;
594

595
596
  ASSERT (digest->length == hash->digest_size);

597
598
599
600
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
601
602
603
604
605
606
607
    {
      hash->update(ctx, length, data);
      if (i % (count / 50) == 0)
	fprintf (stderr, ".");
    }
  fprintf (stderr, "\n");
  
608
609
610
611
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

612
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
613
614
615
616
617
618

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
619
620
void
test_armor(const struct nettle_armor *armor,
Niels Möller's avatar
Niels Möller committed
621
           size_t data_length,
Niels Möller's avatar
Niels Möller committed
622
623
624
           const uint8_t *data,
           const uint8_t *ascii)
{
625
  size_t ascii_length = strlen(ascii);
626
627
628
629
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
630
  size_t done;
631
632
633
634

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
635
636
  
  memset(buffer, 0x33, 1 + ascii_length);
637
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
638

639
640
641
642
643
644
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

645
646
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
647

648
  armor->decode_init(decode);
649
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
650

651
652
653
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
654
  
655
656
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
657
658
659
660
661

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
662
663
}

664
665
666
667
#if WITH_HOGWEED

#ifndef mpz_combit
/* Missing in older gmp */
668
static void
669
mpz_combit (mpz_t x, unsigned long int bit)
670
671
672
673
674
675
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
676
#endif
677

Niels Möller's avatar
Niels Möller committed
678
679
680
681
682
683
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

684
#define SIGN(key, hash, msg, signature) do {		\
685
  hash##_update(&hash, LDATA(msg));		\
686
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
687
688
689
690
691
692
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
693

694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

743
  ASSERT (rsa_public_key_prepare(pub));
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

781
782
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
783
784
}

785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

805
  ASSERT (mpz_cmp(signature, expected) == 0);
806
807
  
  /* Try bad data */
808
809
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
810
811

  /* Try correct data */
812
813
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
814
815

  /* Try bad signature */
816
  mpz_combit(signature, 17);
817
818
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
819
820
821
822
823
824

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
825
826
	      struct rsa_private_key *key,
	      mpz_t expected)
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

843
  ASSERT (mpz_cmp(signature, expected) == 0);
844
845
  
  /* Try bad data */
846
847
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
848
849

  /* Try correct data */
850
851
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
852
853

  /* Try bad signature */
854
  mpz_combit(signature, 17);
855
856
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
857
858
859

  mpz_clear(signature);
}
860

861
862
void
test_rsa_sha256(struct rsa_public_key *pub,
863
864
		struct rsa_private_key *key,
		mpz_t expected)
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

881
  ASSERT (mpz_cmp(signature, expected) == 0);
882
883
  
  /* Try bad data */
884
885
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
886
887

  /* Try correct data */
888
889
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
890
891

  /* Try bad signature */
892
  mpz_combit(signature, 17);
893
894
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
895
896
897
898

  mpz_clear(signature);
}

899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

919
  ASSERT (mpz_cmp(signature, expected) == 0);
920
921
  
  /* Try bad data */
922
923
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
924
925

  /* Try correct data */
926
927
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
928
929

  /* Try bad signature */
930
  mpz_combit(signature, 17);
931
932
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
933
934
935
936

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
937
938
939
#undef SIGN
#undef VERIFY

940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
974
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
975
976
977
978

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
979
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
980
981
982
983
984
985
986
987
988

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
989
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
990
991
992
993
994

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
995
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
996
997
998
999
1000
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
1001
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
1002
1003
1004
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
1005

1006
1007
1008
1009
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
1010
1011

void
1012
test_dsa160(const struct dsa_public_key *pub,
1013
1014
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
1025
1026
1027
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
1028

Niels Möller's avatar
Niels Möller committed
1029
1030
  if (verbose)
    {
1031
1032
1033
1034
1035
1036
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
1037
1038

  if (expected)
1039
1040
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
1041
1042
  
  /* Try bad data */
1043
1044
1045
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1046
1047

  /* Try correct data */
1048
1049
1050
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
1051
1052

  /* Try bad signature */
1053
  mpz_combit(signature.r, 17);
1054
1055
1056
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1057
1058
1059
1060
1061
1062

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1063
1064
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1082
1083
1084
1085
1086
1087
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1088
  if (expected)
1089
1090
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1091
1092
  
  /* Try bad data */
1093
1094
1095
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magick words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1096
1097

  /* Try correct data */
1098
1099
1100
  ASSERT (DSA_VERIFY(pub, sha256,
		     "The magic words are squeamish ossifrage",
		     &signature));
Niels Möller's avatar
Niels Möller committed
1101
1102