testutils.c 36.3 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "base16.h"
6
#include "cbc.h"
7
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
8
#include "knuth-lfib.h"
9
#include "macros.h"
10
#include "nettle-internal.h"
11

Niels Möller's avatar
Niels Möller committed
12
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
13
14
#include <ctype.h>

15
16
17
18
19
20
21
22
23
24
25
void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
  vfprintf(stderr, format, args);
  va_end(args);

  abort ();
}

26
27
28
29
void *
xalloc(size_t size)
{
  void *p = malloc(size);
30
  if (size && !p)
31
32
33
34
35
36
37
38
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

39
40
41
static struct tstring *tstring_first = NULL;

struct tstring *
Niels Möller's avatar
Niels Möller committed
42
tstring_alloc (size_t length)
43
{
Niels Möller's avatar
Niels Möller committed
44
  struct tstring *s = xalloc(sizeof(struct tstring) + length);
45
46
  s->length = length;
  s->next = tstring_first;
Niels Möller's avatar
Niels Möller committed
47
48
  /* NUL-terminate, for convenience. */
  s->data[length] = '\0';
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
Niels Möller's avatar
Niels Möller committed
65
tstring_data(size_t length, const char *data)
66
67
68
69
70
71
72
73
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
74
{
75
  struct base16_decode_ctx ctx;
76
  struct tstring *s;
77
  size_t length = strlen(hex);
Niels Möller's avatar
Niels Möller committed
78

79
80
81
82
83
  s = tstring_alloc(BASE16_DECODE_LENGTH (length));
  base16_decode_init (&ctx);
  ASSERT (base16_decode_update (&ctx, &s->length, s->data,
				length, hex));
  ASSERT (base16_decode_final (&ctx));
Niels Möller's avatar
Niels Möller committed
84

85
86
87
88
89
90
91
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
92
}
93

94
void
Niels Möller's avatar
Niels Möller committed
95
print_hex(size_t length, const uint8_t *data)
96
{
Niels Möller's avatar
Niels Möller committed
97
  size_t i;
98
99
100
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
101
102
103
104
105
106
107
108
109
110
111
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
112
113
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
114
  printf("\n");
115
116
}

Niels Möller's avatar
Niels Möller committed
117
118
119
120
121
int verbose = 0;

int
main(int argc, char **argv)
{
122
123
  if (argc > 1)
    {
124
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
125
	verbose = 1;
126
127
128
129
130
131
132
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
133

134
135
136
137
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
138
139
}

140
141
void
test_cipher(const struct nettle_cipher *cipher,
142
143
144
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
145
{
146
  void *ctx = xalloc(cipher->context_size);
147
  uint8_t *data = xalloc(cleartext->length);
Niels Möller's avatar
Niels Möller committed
148
  size_t length;
149
150
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
151

152
153
  ASSERT (key->length == cipher->key_size);
  cipher->set_encrypt_key(ctx, key->data);
154
  cipher->encrypt(ctx, length, data, cleartext->data);
155

156
  if (!MEMEQ(length, data, ciphertext->data))
157
158
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
159
      tstring_print_hex(cleartext);
160
161
162
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
163
      tstring_print_hex(ciphertext);
164
165
166
      fprintf(stderr, "\n");
      FAIL();
    }
167
  cipher->set_decrypt_key(ctx, key->data);
168
169
  cipher->decrypt(ctx, length, data, data);

170
  if (!MEMEQ(length, data, cleartext->data))
171
172
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
173
      tstring_print_hex(ciphertext);
174
175
176
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
177
      tstring_print_hex(cleartext);
178
179
180
      fprintf(stderr, "\n");
      FAIL();
    }
181
182
183

  free(ctx);
  free(data);
184
185
186
187
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
188
189
190
191
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
192
{
193
  void *ctx = xalloc(cipher->context_size);
194
  uint8_t *data;
195
  uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
196
  size_t length;
197
198
199
200

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

201
  ASSERT (key->length == cipher->key_size);
202
203
204
  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
205
  cipher->set_encrypt_key(ctx, key->data);
206
  memcpy(iv, iiv->data, cipher->block_size);
207
208
209

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
210
	      length, data, cleartext->data);
211

212
  if (!MEMEQ(length, data, ciphertext->data))
213
214
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
215
      tstring_print_hex(cleartext);
216
217
218
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
219
      tstring_print_hex(ciphertext);
220
221
222
      fprintf(stderr, "\n");
      FAIL();
    }
223
  cipher->set_decrypt_key(ctx, key->data);
224
  memcpy(iv, iiv->data, cipher->block_size);
225
226
227
228
229

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

230
  if (!MEMEQ(length, data, cleartext->data))
231
232
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
233
      tstring_print_hex(ciphertext);
234
235
236
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
237
      tstring_print_hex(cleartext);
238
239
240
      fprintf(stderr, "\n");
      FAIL();
    }
241

242
243
244
  free(ctx);
  free(data);
  free(iv);
245
246
}

247
248
void
test_cipher_ctr(const struct nettle_cipher *cipher,
249
250
251
252
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
253
254
{
  void *ctx = xalloc(cipher->context_size);
255
  uint8_t *data;
256
  uint8_t *ctr = xalloc(cipher->block_size);
257
  uint8_t *octr = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
258
259
  size_t length, nblocks;
  unsigned low;
260
261
262
263

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

264
  ASSERT (key->length == cipher->key_size);
265
  ASSERT (ictr->length == cipher->block_size);
266
267
268
269
270
271
272
273
274
275
276
277

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

278
279
  data = xalloc(length);  

280
  cipher->set_encrypt_key(ctx, key->data);
281
  memcpy(ctr, ictr->data, cipher->block_size);
282
283
284

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
285
	    length, data, cleartext->data);
286

287
  if (!MEMEQ(length, data, ciphertext->data))
288
289
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
290
      tstring_print_hex(cleartext);
291
292
293
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
294
      tstring_print_hex(ciphertext);
295
296
297
      fprintf(stderr, "\n");
      FAIL();
    }
298

299
300
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

301
  memcpy(ctr, ictr->data, cipher->block_size);
302
303
304
305
306

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

307
  if (!MEMEQ(length, data, cleartext->data))
308
309
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
310
      tstring_print_hex(ciphertext);
311
312
313
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
314
      tstring_print_hex(cleartext);
315
316
317
      fprintf(stderr, "\n");
      FAIL();
    }
318

319
320
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

321
322
  free(ctx);
  free(data);
323
  free(octr);
324
325
326
  free(ctr);
}

327
#if 0
328
329
void
test_cipher_stream(const struct nettle_cipher *cipher,
330
331
332
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
333
{
Niels Möller's avatar
Niels Möller committed
334
  size_t block;
335
  
336
  void *ctx = xalloc(cipher->context_size);
337
  uint8_t *data;
Niels Möller's avatar
Niels Möller committed
338
  size_t length;
339
340
341
342
343
344

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

345
346
  for (block = 1; block <= length; block++)
    {
Niels Möller's avatar
Niels Möller committed
347
      size_t i;
348
349

      memset(data, 0x17, length + 1);
350
      cipher->set_encrypt_key(ctx, key->length, key->data);
351
352
353

      for (i = 0; i + block < length; i += block)
	{
354
355
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
356
	}
357

358
359
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
360
      
361
      if (!MEMEQ(length, data, ciphertext->data))
362
	{
Niels Möller's avatar
Niels Möller committed
363
364
	  fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
		  (unsigned long) block);
365
	  tstring_print_hex(cleartext);
366
367
368
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
369
	  tstring_print_hex(ciphertext);
370
371
372
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
373
374
    }
  
375
  cipher->set_decrypt_key(ctx, key->length, key->data);
376
377
  cipher->decrypt(ctx, length, data, data);

378
  ASSERT (data[length] == 0x17);
379

380
  if (!MEMEQ(length, data, cleartext->data))
381
382
    {
      fprintf(stderr, "Decrypt failed\nInput:");
383
      tstring_print_hex(ciphertext);
384
385
386
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
387
      tstring_print_hex(cleartext);
388
389
390
      fprintf(stderr, "\n");
      FAIL();	    
    }
391
392
393

  free(ctx);
  free(data);
394
}
395
#endif
396

397
398
void
test_aead(const struct nettle_aead *aead,
399
	  nettle_hash_update_func *set_nonce,
400
401
402
403
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
404
	  const struct tstring *nonce,
405
	  const struct tstring *digest)
406
407
{
  void *ctx = xalloc(aead->context_size);
408
  uint8_t *data;
409
  uint8_t *buffer = xalloc(aead->digest_size);
Niels Möller's avatar
Niels Möller committed
410
  size_t length;
411
412
413

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
414

415
  ASSERT (key->length == aead->key_size);
416
  ASSERT (digest->length <= aead->digest_size);
417
418
419

  data = xalloc(length);
  
420
  /* encryption */
421
  memset(buffer, 0, aead->digest_size);
422
  aead->set_encrypt_key(ctx, key->data);
423

424
425
426
427
428
429
430
  if (nonce->length != aead->nonce_size)
    {
      ASSERT (set_nonce);
      set_nonce (ctx, nonce->length, nonce->data);
    }
  else
    aead->set_nonce(ctx, nonce->data);
431

432
433
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
434
435
    
  if (length)
436
    aead->encrypt(ctx, length, data, cleartext->data);
437

438
  aead->digest(ctx, digest->length, buffer);
439

440
  ASSERT(MEMEQ(length, data, ciphertext->data));
441
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
442
443

  /* decryption */
444
  memset(buffer, 0, aead->digest_size);
445
446
447
448
449
450
451
452
453
454

  aead->set_decrypt_key(ctx, key->data);

  if (nonce->length != aead->nonce_size)
    {
      ASSERT (set_nonce);
      set_nonce (ctx, nonce->length, nonce->data);
    }
  else
    aead->set_nonce(ctx, nonce->data);
455

456
457
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
458
459
460
461
    
  if (length)
    aead->decrypt(ctx, length, data, data);

462
  aead->digest(ctx, digest->length, buffer);
463

464
  ASSERT(MEMEQ(length, data, cleartext->data));
465
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
466
467
468
469
470
471

  free(ctx);
  free(data);
  free(buffer);
}

472
473
void
test_hash(const struct nettle_hash *hash,
474
475
	  const struct tstring *msg,
	  const struct tstring *digest)
476
{
477
478
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
479
480
  uint8_t *input;
  unsigned offset;
481

482
483
  ASSERT (digest->length == hash->digest_size);

484
  hash->init(ctx);
485
  hash->update(ctx, msg->length, msg->data);
486
487
  hash->digest(ctx, hash->digest_size, buffer);

488
489
490
491
492
493
494
495
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
496
497
498

  memset(buffer, 0, hash->digest_size);

499
  hash->update(ctx, msg->length, msg->data);
500
501
  hash->digest(ctx, hash->digest_size - 1, buffer);

502
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
503

504
  ASSERT(buffer[hash->digest_size - 1] == 0);
505

506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
  input = xalloc (msg->length + 16);
  for (offset = 0; offset < 16; offset++)
    {
      memset (input, 0, msg->length + 16);
      memcpy (input + offset, msg->data, msg->length);
      hash->update (ctx, msg->length, input + offset);
      hash->digest (ctx, hash->digest_size, buffer);
      if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
	{
	  fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
	  print_hex(hash->digest_size, buffer);
	  fprintf(stdout, "\nExpected:\n");
	  print_hex(hash->digest_size, digest->data);
	  abort();
	}      
    }
522
523
  free(ctx);
  free(buffer);
524
  free(input);
525
}
526

527
528
void
test_hash_large(const struct nettle_hash *hash,
Niels Möller's avatar
Niels Möller committed
529
		size_t count, size_t length,
530
		uint8_t c,
531
		const struct tstring *digest)
532
533
534
535
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
Niels Möller's avatar
Niels Möller committed
536
  size_t i;
537

538
539
  ASSERT (digest->length == hash->digest_size);

540
541
542
543
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
544
545
546
547
548
549
550
    {
      hash->update(ctx, length, data);
      if (i % (count / 50) == 0)
	fprintf (stderr, ".");
    }
  fprintf (stderr, "\n");
  
551
552
553
554
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

555
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
556
557
558
559
560
561

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
562
563
void
test_armor(const struct nettle_armor *armor,
Niels Möller's avatar
Niels Möller committed
564
           size_t data_length,
Niels Möller's avatar
Niels Möller committed
565
           const uint8_t *data,
566
           const char *ascii)
Niels Möller's avatar
Niels Möller committed
567
{
568
  size_t ascii_length = strlen(ascii);
569
  char *buffer = xalloc(1 + ascii_length);
570
571
572
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
573
  size_t done;
574
575
576
577

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
578
579
  
  memset(buffer, 0x33, 1 + ascii_length);
580
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
581

582
583
584
585
586
587
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

588
589
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
590

591
  armor->decode_init(decode);
592
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
593

594
595
596
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
597
  
598
599
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
600
601
602
603
604

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
605
606
}

607
608
#if WITH_HOGWEED

609
610
611
612
613
614
615
616
617
618
619
620
621
#ifndef mpn_zero_p
int
mpn_zero_p (mp_srcptr ap, mp_size_t n)
{
  while (--n >= 0)
    {
      if (ap[n] != 0)
	return 0;
    }
  return 1;
}
#endif

622
623
624
625
626
627
628
void
mpn_out_str (FILE *f, int base, const mp_limb_t *xp, mp_size_t xn)
{
  mpz_t x;
  mpz_out_str (f, base, mpz_roinit_n (x, xp, xn));
}

629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
#if NETTLE_USE_MINI_GMP
void
gmp_randinit_default (struct knuth_lfib_ctx *ctx)
{
  knuth_lfib_init (ctx, 17);
}
void
mpz_urandomb (mpz_t r, struct knuth_lfib_ctx *ctx, mp_bitcnt_t bits)
{
  size_t bytes = (bits+7)/8;
  uint8_t *buf = xalloc (bytes);

  knuth_lfib_random (ctx, bytes, buf);
  buf[bytes-1] &= 0xff >> (8*bytes - bits);
  nettle_mpz_set_str_256_u (r, bytes, buf);
  free (buf);
}
#endif /* NETTLE_USE_MINI_GMP */

Niels Möller's avatar
Niels Möller committed
648
649
650
651
652
653
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
/* Expects local variables pub, key, rstate, digest, signature */
#define SIGN(hash, msg, expected) do { \
  hash##_update(&hash, LDATA(msg));					\
  ASSERT(rsa_##hash##_sign(key, &hash, signature));			\
  if (verbose)								\
    {									\
      fprintf(stderr, "rsa-%s signature: ", #hash);			\
      mpz_out_str(stderr, 16, signature);				\
      fprintf(stderr, "\n");						\
    }									\
  ASSERT(mpz_cmp (signature, expected) == 0);				\
									\
  hash##_update(&hash, LDATA(msg));					\
  ASSERT(rsa_##hash##_sign_tr(pub, key, &rstate,			\
			      (nettle_random_func *) knuth_lfib_random,	\
			      &hash, signature));			\
  ASSERT(mpz_cmp (signature, expected) == 0);				\
									\
  hash##_update(&hash, LDATA(msg));					\
  hash##_digest(&hash, sizeof(digest), digest);				\
  ASSERT(rsa_##hash##_sign_digest(key, digest, signature));		\
  ASSERT(mpz_cmp (signature, expected) == 0);				\
									\
  ASSERT(rsa_##hash##_sign_digest_tr(pub, key, &rstate,			\
				     (nettle_random_func *)knuth_lfib_random, \
				     digest, signature));		\
  ASSERT(mpz_cmp (signature, expected) == 0);				\
681
682
683
684
685
686
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
687

688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

737
  ASSERT (rsa_public_key_prepare(pub));
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

775
776
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
777
778
}

779
780
781
782
783
784
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
785
786
  struct knuth_lfib_ctx rstate;
  uint8_t digest[MD5_DIGEST_SIZE];
787
788
789
790
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
791
  knuth_lfib_init (&rstate, 15);
792

793
  SIGN(md5, "The magic words are squeamish ossifrage", expected);
794
795

  /* Try bad data */
796
797
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
798
799

  /* Try correct data */
800
801
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
802
803

  /* Try bad signature */
804
  mpz_combit(signature, 17);
805
806
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
807
808
809
810
811
812

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
813
814
	      struct rsa_private_key *key,
	      mpz_t expected)
815
816
{
  struct sha1_ctx sha1;
817
818
  struct knuth_lfib_ctx rstate;
  uint8_t digest[SHA1_DIGEST_SIZE];
819
820
821
822
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);
823
  knuth_lfib_init (&rstate, 16);
824

825
  SIGN(sha1, "The magic words are squeamish ossifrage", expected);
826
827

  /* Try bad data */
828
829
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
830
831

  /* Try correct data */
832
833
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
834
835

  /* Try bad signature */
836
  mpz_combit(signature, 17);
837
838
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
839
840
841

  mpz_clear(signature);
}
842

843
844
void
test_rsa_sha256(struct rsa_public_key *pub,
845
846
		struct rsa_private_key *key,
		mpz_t expected)
847
848
{
  struct sha256_ctx sha256;
849
850
  struct knuth_lfib_ctx rstate;
  uint8_t digest[SHA256_DIGEST_SIZE];
851
852
853
854
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);
855
  knuth_lfib_init (&rstate, 17);
856

857
  SIGN(sha256, "The magic words are squeamish ossifrage", expected);
858
859

  /* Try bad data */
860
861
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
862
863

  /* Try correct data */
864
865
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
866
867

  /* Try bad signature */
868
  mpz_combit(signature, 17);
869
870
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
871
872
873
874

  mpz_clear(signature);
}

875
876
877
878
879
880
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
881
882
  struct knuth_lfib_ctx rstate;
  uint8_t digest[SHA512_DIGEST_SIZE];
883
884
885
886
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);
887
  knuth_lfib_init (&rstate, 18);
888

889
  SIGN(sha512, "The magic words are squeamish ossifrage", expected);
890
891

  /* Try bad data */
892
893
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
894
895

  /* Try correct data */
896
897
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
898
899

  /* Try bad signature */
900
  mpz_combit(signature, 17);
901
902
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
903
904
905
906

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
907
908
909
#undef SIGN
#undef VERIFY

910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
944
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
945
946
947
948

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
949
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
950
951
952
953
954
955
956
957
958

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
959
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
960
961
962
963
964

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
965
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
966
967
968
969
970
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
971
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
972
973
974
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
975

976
977
978
979
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
980
981

void
982
test_dsa160(const struct dsa_public_key *pub,
983
984
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
985
986
987
988
989
990
991
992
993
994
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
995
996
997
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
998

Niels Möller's avatar
Niels Möller committed
999
1000
  if (verbose)
    {
1001
1002
1003
1004
1005
1006
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
1007
1008

  if (expected)
1009
1010
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
1011
1012
  
  /* Try bad data */
1013
1014
1015
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1016
1017

  /* Try correct data */
1018
1019
1020
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
1021
1022

  /* Try bad signature */
1023
  mpz_combit(signature.r, 17);
1024
1025
1026
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1027
1028
1029
1030
1031
1032

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1033
1034
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1052
1053
1054
1055
1056
1057
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1058
  if (expected)
1059
1060
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1061
1062
  
  /* Try bad data */
1063
1064
1065
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magick words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1066
1067

  /* Try correct data */
1068
1069
1070
  ASSERT (DSA_VERIFY(pub, sha256,
		     "The magic words are squeamish ossifrage",
		     &signature));
Niels Möller's avatar
Niels Möller committed
1071
1072

  /* Try bad signature */
1073
  mpz_combit(signature.r, 17);
1074
1075
1076
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magic words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1077
1078
1079
1080

  dsa_signature_clear(&signature);
}

Niels Möller's avatar
Niels Möller committed
1081
#if 0
Niels Möller's avatar
Niels Möller committed
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
void
test_dsa_sign(const struct dsa_public_key *pub,
	      const struct dsa_private_key *key,
	      const struct nettle_hash *hash,
	      const struct dsa_signature *expected)
{
  void *ctx = xalloc (hash->context_size);
  uint8_t *digest = xalloc (hash->digest_size);
  uint8_t *bad_digest = xalloc (hash->digest_size);
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);

  hash->init(ctx);
  
  hash->update(ctx, LDATA("The magic words are squeamish ossifrage"));
  hash->digest(ctx, hash->digest_size, digest);
  ASSERT (dsa_sign(pub, key,
		   &lfib, (nettle_random_func *) knuth_lfib_random,
		   hash->digest_size, digest, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa-%s signature: ", hash->name);
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

  if (expected)
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
  
  /* Try correct data */
  ASSERT (dsa_verify(pub, hash->digest_size, digest,
		     &signature));
  /* Try bad data */
  hash->update(ctx, LDATA("The magick words are squeamish ossifrage"));
  hash->digest(ctx, hash->digest_size, bad_digest);
  
  ASSERT (!dsa_verify(pub, hash->digest_size, bad_digest,
		      &signature));

  /* Try bad signature */
  mpz_combit(signature.r, 17);
  ASSERT (!dsa_verify(pub, hash->digest_size, digest,
		      &signature));

  free (ctx);
  free (digest);
  free (bad_digest);
  dsa_signature_clear(&signature);
}
Niels Möller's avatar
Niels Möller committed
1138
#endif
Niels Möller's avatar
Niels Möller committed
1139
1140

void
1141
1142
test_dsa_verify(const struct dsa_params *params,
		const mpz_t pub,
Niels Möller's avatar
Niels Möller committed
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
		const struct nettle_hash *hash,
		struct tstring *msg,
		const struct dsa_signature *ref)
{
  void *ctx = xalloc (hash->context_size);
  uint8_t *digest = xalloc (hash->digest_size);
  struct dsa_signature signature;

  dsa_signature_init (&signature);

  hash->init(ctx);
  
  hash->update (ctx, msg->length, msg->data);
  hash->digest (ctx, hash->digest_size, digest);

  mpz_set (signature.r, ref->r);
  mpz_set (signature.s, ref->s);

1161
1162
1163
  ASSERT (dsa_verify (params, pub,
		       hash->digest_size, digest,
		       &signature));
Niels Möller's avatar
Niels Möller committed
1164
1165
1166

  /* Try bad signature */
  mpz_combit(signature.r, 17);
1167
1168
  ASSERT (!dsa_verify (params, pub,
		       hash->digest_size, digest,
Niels Möller's avatar
Niels Möller committed
1169
1170
1171
1172
		       &signature));
  
  /* Try bad data */
  digest[hash->digest_size / 2-1] ^= 8;
1173
1174
  ASSERT (!dsa_verify (params, pub,
		       hash->digest_size, digest,
Niels Möller's avatar
Niels Möller committed
1175
1176
1177
1178
1179
1180
1181
		       ref));

  free (ctx);
  free (digest);
  dsa_signature_clear(&signature);  
}

1182
void
1183
1184
1185
test_dsa_key(const struct dsa_params *params,
	     const mpz_t pub,
	     const mpz_t key,