testutils.c 31.2 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
12
#include <ctype.h>
Niels Möller's avatar
Niels Möller committed
13
#include <stdio.h>
Niels Möller's avatar
Niels Möller committed
14
#include <stdlib.h>
Niels Möller's avatar
Niels Möller committed
15
#include <string.h>
Niels Möller's avatar
Niels Möller committed
16

17
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
18
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
37

38
39
40
41
void *
xalloc(size_t size)
{
  void *p = malloc(size);
42
  if (size && !p)
43
44
45
46
47
48
49
50
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
static struct tstring *tstring_first = NULL;

struct tstring *
tstring_alloc (unsigned length)
{
  struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
  s->length = length;
  s->next = tstring_first;
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
tstring_data(unsigned length, const char *data)
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

static unsigned
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
  unsigned count;
  unsigned i;
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

103
static void
104
105
106
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
107
  unsigned i = 0;
108
  
Niels Möller's avatar
Niels Möller committed
109
110
111
112
  for (;;)
  {
    int high, low;
    
113
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
114
115
116
      hex++;

    if (!*hex)
117
      return;
Niels Möller's avatar
Niels Möller committed
118

119
    high = hex_digits[*hex++];
120
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
121

122
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
123
124
      hex++;

125
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
126

127
    low = hex_digits[*hex++];
128
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
129
130
131
132
133

    dst[i++] = (high << 4) | low;
  }
}

134
135
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
136
{
137
  struct tstring *s;
138
  unsigned length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
139

140
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
141

142
143
144
145
146
147
148
149
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
150
}
151

152
void
Niels Möller's avatar
Niels Möller committed
153
print_hex(unsigned length, const uint8_t *data)
154
155
156
157
158
{
  unsigned i;
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
159
160
161
162
163
164
165
166
167
168
169
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
170
171
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
172
  printf("\n");
173
174
}

Niels Möller's avatar
Niels Möller committed
175
176
177
178
179
int verbose = 0;

int
main(int argc, char **argv)
{
180
181
  if (argc > 1)
    {
182
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
183
	verbose = 1;
184
185
186
187
188
189
190
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
191

192
193
194
195
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
196
197
}

198
199
void
test_cipher(const struct nettle_cipher *cipher,
200
201
202
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
203
{
204
  void *ctx = xalloc(cipher->context_size);
205
206
207
208
  uint8_t *data = xalloc(cleartext->length);
  unsigned length;
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
209

210
211
  cipher->set_encrypt_key(ctx, key->length, key->data);
  cipher->encrypt(ctx, length, data, cleartext->data);
212

213
  if (!MEMEQ(length, data, ciphertext->data))
214
215
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
216
      tstring_print_hex(cleartext);
217
218
219
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
220
      tstring_print_hex(ciphertext);
221
222
223
      fprintf(stderr, "\n");
      FAIL();
    }
224
  cipher->set_decrypt_key(ctx, key->length, key->data);
225
226
  cipher->decrypt(ctx, length, data, data);

227
  if (!MEMEQ(length, data, cleartext->data))
228
229
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
230
      tstring_print_hex(ciphertext);
231
232
233
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
234
      tstring_print_hex(cleartext);
235
236
237
      fprintf(stderr, "\n");
      FAIL();
    }
238
239
240

  free(ctx);
  free(data);
241
242
243
244
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
245
246
247
248
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
249
{
250
  void *ctx = xalloc(cipher->context_size);
251
  uint8_t *data;
252
  uint8_t *iv = xalloc(cipher->block_size);
253
254
255
256
257
258
259
260
261
262
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
263
264
265

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
266
	      length, data, cleartext->data);
267

268
  if (!MEMEQ(length, data, ciphertext->data))
269
270
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
271
      tstring_print_hex(cleartext);
272
273
274
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
275
      tstring_print_hex(ciphertext);
276
277
278
      fprintf(stderr, "\n");
      FAIL();
    }
279
280
  cipher->set_decrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
281
282
283
284
285

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

286
  if (!MEMEQ(length, data, cleartext->data))
287
288
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
289
      tstring_print_hex(ciphertext);
290
291
292
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
293
      tstring_print_hex(cleartext);
294
295
296
      fprintf(stderr, "\n");
      FAIL();
    }
297

298
299
300
  free(ctx);
  free(data);
  free(iv);
301
302
}

303
304
void
test_cipher_ctr(const struct nettle_cipher *cipher,
305
306
307
308
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
309
310
{
  void *ctx = xalloc(cipher->context_size);
311
  uint8_t *data;
312
  uint8_t *ctr = xalloc(cipher->block_size);
313
  uint8_t *octr = xalloc(cipher->block_size);
314
  unsigned length;
315
  unsigned low, nblocks;
316
317
318
319
320

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (ictr->length == cipher->block_size);
321
322
323
324
325
326
327
328
329
330
331
332

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

333
334
335
336
  data = xalloc(length);  

  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(ctr, ictr->data, cipher->block_size);
337
338
339

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
340
	    length, data, cleartext->data);
341

342
  if (!MEMEQ(length, data, ciphertext->data))
343
344
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
345
      tstring_print_hex(cleartext);
346
347
348
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
349
      tstring_print_hex(ciphertext);
350
351
352
      fprintf(stderr, "\n");
      FAIL();
    }
353

354
355
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

356
  memcpy(ctr, ictr->data, cipher->block_size);
357
358
359
360
361

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

362
  if (!MEMEQ(length, data, cleartext->data))
363
364
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
365
      tstring_print_hex(ciphertext);
366
367
368
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
369
      tstring_print_hex(cleartext);
370
371
372
      fprintf(stderr, "\n");
      FAIL();
    }
373

374
375
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

376
377
  free(ctx);
  free(data);
378
  free(octr);
379
380
381
  free(ctr);
}

382
383
void
test_cipher_stream(const struct nettle_cipher *cipher,
384
385
386
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
387
388
389
{
  unsigned block;
  
390
  void *ctx = xalloc(cipher->context_size);
391
392
393
394
395
396
397
398
  uint8_t *data;
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

399
400
401
402
403
  for (block = 1; block <= length; block++)
    {
      unsigned i;

      memset(data, 0x17, length + 1);
404
      cipher->set_encrypt_key(ctx, key->length, key->data);
405
406
407

      for (i = 0; i + block < length; i += block)
	{
408
409
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
410
	}
411

412
413
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
414
      
415
      if (!MEMEQ(length, data, ciphertext->data))
416
417
	{
	  fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
418
	  tstring_print_hex(cleartext);
419
420
421
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
422
	  tstring_print_hex(ciphertext);
423
424
425
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
426
427
    }
  
428
  cipher->set_decrypt_key(ctx, key->length, key->data);
429
430
  cipher->decrypt(ctx, length, data, data);

431
  ASSERT (data[length] == 0x17);
432

433
  if (!MEMEQ(length, data, cleartext->data))
434
435
    {
      fprintf(stderr, "Decrypt failed\nInput:");
436
      tstring_print_hex(ciphertext);
437
438
439
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
440
      tstring_print_hex(cleartext);
441
442
443
      fprintf(stderr, "\n");
      FAIL();	    
    }
444
445
446

  free(ctx);
  free(data);
447
448
}

449
450
void
test_aead(const struct nettle_aead *aead,
451
452
453
454
455
456
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
457
458
{
  void *ctx = xalloc(aead->context_size);
459
  uint8_t *data;
460
  uint8_t *buffer = xalloc(aead->block_size);
461
462
463
464
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
465

466
467
468
469
  ASSERT (digest->length == aead->block_size);

  data = xalloc(length);
  
470
471
  /* encryption */
  memset(buffer, 0, aead->block_size);
472
  aead->set_key(ctx, key->length, key->data);
473

474
  aead->set_iv(ctx, iv->length, iv->data);
475

476
477
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
478
479
    
  if (length)
480
    aead->encrypt(ctx, length, data, cleartext->data);
481
482
483

  aead->digest(ctx, aead->block_size, buffer);

484
485
  ASSERT(MEMEQ(length, data, ciphertext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
486
487
488

  /* decryption */
  memset(buffer, 0, aead->block_size);
489
  aead->set_iv(ctx, iv->length, iv->data);
490

491
492
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
493
494
495
496
497
498
    
  if (length)
    aead->decrypt(ctx, length, data, data);

  aead->digest(ctx, aead->block_size, buffer);

499
500
  ASSERT(MEMEQ(length, data, cleartext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
501
502
503
504
505
506

  free(ctx);
  free(data);
  free(buffer);
}

507
508
void
test_hash(const struct nettle_hash *hash,
509
510
	  const struct tstring *msg,
	  const struct tstring *digest)
511
{
512
513
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
514

515
516
  ASSERT (digest->length == hash->digest_size);

517
  hash->init(ctx);
518
  hash->update(ctx, msg->length, msg->data);
519
520
  hash->digest(ctx, hash->digest_size, buffer);

521
522
523
524
525
526
527
528
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
529
530
531
532

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
533
  hash->update(ctx, msg->length, msg->data);
534
535
  hash->digest(ctx, hash->digest_size - 1, buffer);

536
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
537

538
  ASSERT(buffer[hash->digest_size - 1] == 0);
539
540
541

  free(ctx);
  free(buffer);
542
}
543

544
545
546
547
void
test_hash_large(const struct nettle_hash *hash,
		unsigned count, unsigned length,
		uint8_t c,
548
		const struct tstring *digest)
549
550
551
552
553
554
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
  unsigned i;

555
556
  ASSERT (digest->length == hash->digest_size);

557
558
559
560
561
562
563
564
565
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
    hash->update(ctx, length, data);
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

566
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
567
568
569
570
571
572

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
573
574
575
576
577
578
void
test_armor(const struct nettle_armor *armor,
           unsigned data_length,
           const uint8_t *data,
           const uint8_t *ascii)
{
579
  unsigned ascii_length = strlen(ascii);
580
581
582
583
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
584
  unsigned done;
585
586
587
588

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
589
590
  
  memset(buffer, 0x33, 1 + ascii_length);
591
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
592

593
594
595
596
597
598
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

599
600
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
601

602
  armor->decode_init(decode);
603
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
604

605
606
607
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
608
  
609
610
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
611
612
613
614
615

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
616
617
}

618
619
620
621
622
623
624
625
626
627
#if HAVE_LIBGMP
/* Missing in current gmp */
static void
mpz_togglebit (mpz_t x, unsigned long int bit)
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
628
629
#endif /* HAVE_LIBGMP */

630
#if WITH_HOGWEED
631

Niels Möller's avatar
Niels Möller committed
632
633
634
635
636
637
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

638
#define SIGN(key, hash, msg, signature) do {		\
639
  hash##_update(&hash, LDATA(msg));		\
640
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
641
642
643
644
645
646
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
647

648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

697
  ASSERT (rsa_public_key_prepare(pub));
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

735
736
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
737
738
}

739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

759
  ASSERT (mpz_cmp(signature, expected) == 0);
760
761
  
  /* Try bad data */
762
763
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
764
765

  /* Try correct data */
766
767
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
768
769
770

  /* Try bad signature */
  mpz_togglebit(signature, 17);
771
772
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
773
774
775
776
777
778

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
779
780
	      struct rsa_private_key *key,
	      mpz_t expected)
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

797
  ASSERT (mpz_cmp(signature, expected) == 0);
798
799
  
  /* Try bad data */
800
801
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
802
803

  /* Try correct data */
804
805
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
806
807
808

  /* Try bad signature */
  mpz_togglebit(signature, 17);
809
810
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
811
812
813

  mpz_clear(signature);
}
814

815
816
void
test_rsa_sha256(struct rsa_public_key *pub,
817
818
		struct rsa_private_key *key,
		mpz_t expected)
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

835
  ASSERT (mpz_cmp(signature, expected) == 0);
836
837
  
  /* Try bad data */
838
839
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
840
841

  /* Try correct data */
842
843
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
844
845
846

  /* Try bad signature */
  mpz_togglebit(signature, 17);
847
848
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
849
850
851
852

  mpz_clear(signature);
}

853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

873
  ASSERT (mpz_cmp(signature, expected) == 0);
874
875
  
  /* Try bad data */
876
877
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
878
879

  /* Try correct data */
880
881
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
882
883
884

  /* Try bad signature */
  mpz_togglebit(signature, 17);
885
886
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
887
888
889
890

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
891
892
893
#undef SIGN
#undef VERIFY

894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
928
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
929
930
931
932

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
933
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
934
935
936
937
938
939
940
941
942

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
943
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
944
945
946
947
948

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
949
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
950
951
952
953
954
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
955
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
956
957
958
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
959

960
961
962
963
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
964
965

void
966
test_dsa160(const struct dsa_public_key *pub,
967
968
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
969
970
971
972
973
974
975
976
977
978
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
979
980
981
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
982

Niels Möller's avatar
Niels Möller committed
983
984
  if (verbose)
    {
985
986
987
988
989
990
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
991
992

  if (expected)
993
994
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
995
996
  
  /* Try bad data */
997
998
999
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1000

For faster browsing, not all history is shown. View entire blame