testutils.c 31.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
12
13
#include <ctype.h>

14
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
15
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
#if WITH_HOGWEED
  gmp_vfprintf(stderr, format, args);
#else
  vfprintf(stderr, format, args);
#endif
  va_end(args);

  abort ();
}

50
51
52
53
void *
xalloc(size_t size)
{
  void *p = malloc(size);
54
  if (size && !p)
55
56
57
58
59
60
61
62
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

63
64
65
static struct tstring *tstring_first = NULL;

struct tstring *
Niels Möller's avatar
Niels Möller committed
66
tstring_alloc (size_t length)
67
{
Niels Möller's avatar
Niels Möller committed
68
  struct tstring *s = xalloc(sizeof(struct tstring) + length);
69
70
  s->length = length;
  s->next = tstring_first;
Niels Möller's avatar
Niels Möller committed
71
72
  /* NUL-terminate, for convenience. */
  s->data[length] = '\0';
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
Niels Möller's avatar
Niels Möller committed
89
tstring_data(size_t length, const char *data)
90
91
92
93
94
95
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

Niels Möller's avatar
Niels Möller committed
96
static size_t
97
98
99
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
100
101
  size_t count;
  size_t i;
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

117
static void
118
119
120
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
121
  size_t i = 0;
122
  
Niels Möller's avatar
Niels Möller committed
123
124
125
126
  for (;;)
  {
    int high, low;
    
127
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
128
129
130
      hex++;

    if (!*hex)
131
      return;
Niels Möller's avatar
Niels Möller committed
132

133
    high = hex_digits[*hex++];
134
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
135

136
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
137
138
      hex++;

139
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
140

141
    low = hex_digits[*hex++];
142
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
143
144
145
146
147

    dst[i++] = (high << 4) | low;
  }
}

148
149
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
150
{
151
  struct tstring *s;
Niels Möller's avatar
Niels Möller committed
152
  size_t length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
153

154
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
155

156
157
158
159
160
161
162
163
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
164
}
165

166
void
Niels Möller's avatar
Niels Möller committed
167
print_hex(size_t length, const uint8_t *data)
168
{
Niels Möller's avatar
Niels Möller committed
169
  size_t i;
170
171
172
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
173
174
175
176
177
178
179
180
181
182
183
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
184
185
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
186
  printf("\n");
187
188
}

Niels Möller's avatar
Niels Möller committed
189
190
191
192
193
int verbose = 0;

int
main(int argc, char **argv)
{
194
195
  if (argc > 1)
    {
196
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
197
	verbose = 1;
198
199
200
201
202
203
204
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
205

206
207
208
209
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
210
211
}

212
213
void
test_cipher(const struct nettle_cipher *cipher,
214
215
216
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
217
{
218
  void *ctx = xalloc(cipher->context_size);
219
  uint8_t *data = xalloc(cleartext->length);
Niels Möller's avatar
Niels Möller committed
220
  size_t length;
221
222
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
223

224
225
  cipher->set_encrypt_key(ctx, key->length, key->data);
  cipher->encrypt(ctx, length, data, cleartext->data);
226

227
  if (!MEMEQ(length, data, ciphertext->data))
228
229
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
230
      tstring_print_hex(cleartext);
231
232
233
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
234
      tstring_print_hex(ciphertext);
235
236
237
      fprintf(stderr, "\n");
      FAIL();
    }
238
  cipher->set_decrypt_key(ctx, key->length, key->data);
239
240
  cipher->decrypt(ctx, length, data, data);

241
  if (!MEMEQ(length, data, cleartext->data))
242
243
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
244
      tstring_print_hex(ciphertext);
245
246
247
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
248
      tstring_print_hex(cleartext);
249
250
251
      fprintf(stderr, "\n");
      FAIL();
    }
252
253
254

  free(ctx);
  free(data);
255
256
257
258
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
259
260
261
262
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
263
{
264
  void *ctx = xalloc(cipher->context_size);
265
  uint8_t *data;
266
  uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
267
  size_t length;
268
269
270
271
272
273
274
275
276

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
277
278
279

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
280
	      length, data, cleartext->data);
281

282
  if (!MEMEQ(length, data, ciphertext->data))
283
284
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
285
      tstring_print_hex(cleartext);
286
287
288
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
289
      tstring_print_hex(ciphertext);
290
291
292
      fprintf(stderr, "\n");
      FAIL();
    }
293
294
  cipher->set_decrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
295
296
297
298
299

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

300
  if (!MEMEQ(length, data, cleartext->data))
301
302
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
303
      tstring_print_hex(ciphertext);
304
305
306
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
307
      tstring_print_hex(cleartext);
308
309
310
      fprintf(stderr, "\n");
      FAIL();
    }
311

312
313
314
  free(ctx);
  free(data);
  free(iv);
315
316
}

317
318
void
test_cipher_ctr(const struct nettle_cipher *cipher,
319
320
321
322
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
323
324
{
  void *ctx = xalloc(cipher->context_size);
325
  uint8_t *data;
326
  uint8_t *ctr = xalloc(cipher->block_size);
327
  uint8_t *octr = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
328
329
  size_t length, nblocks;
  unsigned low;
330
331
332
333
334

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (ictr->length == cipher->block_size);
335
336
337
338
339
340
341
342
343
344
345
346

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

347
348
349
350
  data = xalloc(length);  

  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(ctr, ictr->data, cipher->block_size);
351
352
353

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
354
	    length, data, cleartext->data);
355

356
  if (!MEMEQ(length, data, ciphertext->data))
357
358
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
359
      tstring_print_hex(cleartext);
360
361
362
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
363
      tstring_print_hex(ciphertext);
364
365
366
      fprintf(stderr, "\n");
      FAIL();
    }
367

368
369
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

370
  memcpy(ctr, ictr->data, cipher->block_size);
371
372
373
374
375

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

376
  if (!MEMEQ(length, data, cleartext->data))
377
378
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
379
      tstring_print_hex(ciphertext);
380
381
382
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
383
      tstring_print_hex(cleartext);
384
385
386
      fprintf(stderr, "\n");
      FAIL();
    }
387

388
389
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

390
391
  free(ctx);
  free(data);
392
  free(octr);
393
394
395
  free(ctr);
}

396
397
void
test_cipher_stream(const struct nettle_cipher *cipher,
398
399
400
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
401
{
Niels Möller's avatar
Niels Möller committed
402
  size_t block;
403
  
404
  void *ctx = xalloc(cipher->context_size);
405
  uint8_t *data;
Niels Möller's avatar
Niels Möller committed
406
  size_t length;
407
408
409
410
411
412

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

413
414
  for (block = 1; block <= length; block++)
    {
Niels Möller's avatar
Niels Möller committed
415
      size_t i;
416
417

      memset(data, 0x17, length + 1);
418
      cipher->set_encrypt_key(ctx, key->length, key->data);
419
420
421

      for (i = 0; i + block < length; i += block)
	{
422
423
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
424
	}
425

426
427
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
428
      
429
      if (!MEMEQ(length, data, ciphertext->data))
430
	{
Niels Möller's avatar
Niels Möller committed
431
432
	  fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
		  (unsigned long) block);
433
	  tstring_print_hex(cleartext);
434
435
436
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
437
	  tstring_print_hex(ciphertext);
438
439
440
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
441
442
    }
  
443
  cipher->set_decrypt_key(ctx, key->length, key->data);
444
445
  cipher->decrypt(ctx, length, data, data);

446
  ASSERT (data[length] == 0x17);
447

448
  if (!MEMEQ(length, data, cleartext->data))
449
450
    {
      fprintf(stderr, "Decrypt failed\nInput:");
451
      tstring_print_hex(ciphertext);
452
453
454
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
455
      tstring_print_hex(cleartext);
456
457
458
      fprintf(stderr, "\n");
      FAIL();	    
    }
459
460
461

  free(ctx);
  free(data);
462
463
}

464
465
void
test_aead(const struct nettle_aead *aead,
466
467
468
469
470
471
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
472
473
{
  void *ctx = xalloc(aead->context_size);
474
  uint8_t *data;
475
  uint8_t *buffer = xalloc(aead->block_size);
Niels Möller's avatar
Niels Möller committed
476
  size_t length;
477
478
479

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
480

481
  ASSERT (digest->length <= aead->block_size);
482
483
484

  data = xalloc(length);
  
485
486
  /* encryption */
  memset(buffer, 0, aead->block_size);
487
  aead->set_key(ctx, key->length, key->data);
488

489
  aead->set_iv(ctx, iv->length, iv->data);
490

491
492
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
493
494
    
  if (length)
495
    aead->encrypt(ctx, length, data, cleartext->data);
496

497
  aead->digest(ctx, digest->length, buffer);
498

499
  ASSERT(MEMEQ(length, data, ciphertext->data));
500
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
501
502
503

  /* decryption */
  memset(buffer, 0, aead->block_size);
504
  aead->set_iv(ctx, iv->length, iv->data);
505

506
507
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
508
509
510
511
    
  if (length)
    aead->decrypt(ctx, length, data, data);

512
  aead->digest(ctx, digest->length, buffer);
513

514
  ASSERT(MEMEQ(length, data, cleartext->data));
515
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
516
517
518
519
520
521

  free(ctx);
  free(data);
  free(buffer);
}

522
523
void
test_hash(const struct nettle_hash *hash,
524
525
	  const struct tstring *msg,
	  const struct tstring *digest)
526
{
527
528
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
529
530
  uint8_t *input;
  unsigned offset;
531

532
533
  ASSERT (digest->length == hash->digest_size);

534
  hash->init(ctx);
535
  hash->update(ctx, msg->length, msg->data);
536
537
  hash->digest(ctx, hash->digest_size, buffer);

538
539
540
541
542
543
544
545
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
546
547
548
549

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
550
  hash->update(ctx, msg->length, msg->data);
551
552
  hash->digest(ctx, hash->digest_size - 1, buffer);

553
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
554

555
  ASSERT(buffer[hash->digest_size - 1] == 0);
556

557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
  input = xalloc (msg->length + 16);
  for (offset = 0; offset < 16; offset++)
    {
      memset (input, 0, msg->length + 16);
      memcpy (input + offset, msg->data, msg->length);
      hash->update (ctx, msg->length, input + offset);
      hash->digest (ctx, hash->digest_size, buffer);
      if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
	{
	  fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
	  print_hex(hash->digest_size, buffer);
	  fprintf(stdout, "\nExpected:\n");
	  print_hex(hash->digest_size, digest->data);
	  abort();
	}      
    }
573
574
  free(ctx);
  free(buffer);
575
  free(input);
576
}
577

578
579
void
test_hash_large(const struct nettle_hash *hash,
Niels Möller's avatar
Niels Möller committed
580
		size_t count, size_t length,
581
		uint8_t c,
582
		const struct tstring *digest)
583
584
585
586
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
Niels Möller's avatar
Niels Möller committed
587
  size_t i;
588

589
590
  ASSERT (digest->length == hash->digest_size);

591
592
593
594
595
596
597
598
599
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
    hash->update(ctx, length, data);
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

600
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
601
602
603
604
605
606

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
607
608
void
test_armor(const struct nettle_armor *armor,
Niels Möller's avatar
Niels Möller committed
609
           size_t data_length,
Niels Möller's avatar
Niels Möller committed
610
611
612
           const uint8_t *data,
           const uint8_t *ascii)
{
613
  size_t ascii_length = strlen(ascii);
614
615
616
617
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
618
  size_t done;
619
620
621
622

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
623
624
  
  memset(buffer, 0x33, 1 + ascii_length);
625
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
626

627
628
629
630
631
632
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

633
634
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
635

636
  armor->decode_init(decode);
637
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
638

639
640
641
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
642
  
643
644
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
645
646
647
648
649

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
650
651
}

652
653
654
655
#if WITH_HOGWEED

#ifndef mpz_combit
/* Missing in older gmp */
656
static void
657
mpz_combit (mpz_t x, unsigned long int bit)
658
659
660
661
662
663
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
664
#endif
665

Niels Möller's avatar
Niels Möller committed
666
667
668
669
670
671
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

672
#define SIGN(key, hash, msg, signature) do {		\
673
  hash##_update(&hash, LDATA(msg));		\
674
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
675
676
677
678
679
680
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
681

682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

731
  ASSERT (rsa_public_key_prepare(pub));
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

769
770
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
771
772
}

773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

793
  ASSERT (mpz_cmp(signature, expected) == 0);
794
795
  
  /* Try bad data */
796
797
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
798
799

  /* Try correct data */
800
801
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
802
803

  /* Try bad signature */
804
  mpz_combit(signature, 17);
805
806
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
807
808
809
810
811
812

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
813
814
	      struct rsa_private_key *key,
	      mpz_t expected)
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

831
  ASSERT (mpz_cmp(signature, expected) == 0);
832
833
  
  /* Try bad data */
834
835
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
836
837

  /* Try correct data */
838
839
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
840
841

  /* Try bad signature */
842
  mpz_combit(signature, 17);
843
844
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
845
846
847

  mpz_clear(signature);
}
848

849
850
void
test_rsa_sha256(struct rsa_public_key *pub,
851
852
		struct rsa_private_key *key,
		mpz_t expected)
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

869
  ASSERT (mpz_cmp(signature, expected) == 0);
870
871
  
  /* Try bad data */
872
873
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
874
875

  /* Try correct data */
876
877
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
878
879

  /* Try bad signature */
880
  mpz_combit(signature, 17);
881
882
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
883
884
885
886

  mpz_clear(signature);
}

887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

907
  ASSERT (mpz_cmp(signature, expected) == 0);
908
909
  
  /* Try bad data */
910
911
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
912
913

  /* Try correct data */
914
915
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
916
917

  /* Try bad signature */
918
  mpz_combit(signature, 17);
919
920
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
921
922
923
924

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
925
926
927
#undef SIGN
#undef VERIFY

928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
962
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
963
964
965
966

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
967
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
968
969
970
971
972
973
974
975
976

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
977
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
978
979
980
981
982

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
983
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
984
985
986
987
988
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
989
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
990
991
992
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
993

994
995
996
997
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
998
999

void
1000
test_dsa160(const struct dsa_public_key *pub,
1001
1002
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
1013
1014
1015
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
1016

Niels Möller's avatar
Niels Möller committed
1017
1018
  if (verbose)
    {
1019
1020
1021
1022
1023
1024
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
1025
1026

  if (expected)
1027
1028
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
1029
1030
  
  /* Try bad data */
1031
1032
1033
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1034
1035

  /* Try correct data */
1036
1037
1038
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
1039
1040

  /* Try bad signature */
1041
  mpz_combit(signature.r, 17);
1042
1043
1044
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1045
1046
1047
1048
1049
1050

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1051
1052
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1070
1071
1072
1073
1074
1075
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1076
  if (expected)
1077
1078
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1079
1080
  
  /* Try bad data */
1081
1082
1083
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magick words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1084
1085

  /* Try correct data */
1086
1087
1088
  ASSERT (DSA_VERIFY(pub, sha256,
		     "The magic words are squeamish ossifrage",
		     &signature));
Niels Möller's avatar
Niels Möller committed
1089
1090

  /* Try bad signature */
1091
  mpz_combit(signature.r, 17);
1092
1093
1094
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magic words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1095
1096
1097
1098

  dsa_signature_clear(&signature);
}

1099
1100
void
test_dsa_key(struct dsa_public_key *pub,
1101
1102
	     struct dsa_private_key *key,
	     unsigned q_size)
1103
1104
1105
1106
1107
{
  mpz_t t;

  mpz_init(t);

1108
  ASSERT(mpz_sizeinbase(pub->q, 2) == q_size);
1109
  ASSERT(mpz_sizeinbase(pub->p, 2) >= DSA_SHA1_MIN_P_BITS);
1110
1111
1112