testutils.c 27 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2 3 4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <ctype.h>
Niels Möller's avatar
Niels Möller committed
12
#include <stdio.h>
Niels Möller's avatar
Niels Möller committed
13
#include <stdlib.h>
Niels Möller's avatar
Niels Möller committed
14
#include <string.h>
Niels Möller's avatar
Niels Möller committed
15

16
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
17
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
36

37 38 39 40
void *
xalloc(size_t size)
{
  void *p = malloc(size);
41
  if (size && !p)
42 43 44 45 46 47 48 49
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
static struct tstring *tstring_first = NULL;

struct tstring *
tstring_alloc (unsigned length)
{
  struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
  s->length = length;
  s->next = tstring_first;
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
tstring_data(unsigned length, const char *data)
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

static unsigned
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
  unsigned count;
  unsigned i;
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

102
static void
103 104 105
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
106
  unsigned i = 0;
107
  
Niels Möller's avatar
Niels Möller committed
108 109 110 111
  for (;;)
  {
    int high, low;
    
112
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
113 114 115
      hex++;

    if (!*hex)
116
      return;
Niels Möller's avatar
Niels Möller committed
117

118
    high = hex_digits[*hex++];
119
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
120

121
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
122 123
      hex++;

124
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
125

126
    low = hex_digits[*hex++];
127
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
128 129 130 131 132

    dst[i++] = (high << 4) | low;
  }
}

133 134
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
135
{
136
  struct tstring *s;
137
  unsigned length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
138

139
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
140

141 142 143 144 145 146 147 148
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
149
}
150

151
void
Niels Möller's avatar
Niels Möller committed
152
print_hex(unsigned length, const uint8_t *data)
153 154 155 156 157
{
  unsigned i;
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
158 159 160 161 162 163 164 165 166 167 168
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
169 170
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
171
  printf("\n");
172 173
}

Niels Möller's avatar
Niels Möller committed
174 175 176 177 178
int verbose = 0;

int
main(int argc, char **argv)
{
179 180
  if (argc > 1)
    {
181
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
182
	verbose = 1;
183 184 185 186 187 188 189
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
190

191 192 193 194
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
195 196
}

197 198
void
test_cipher(const struct nettle_cipher *cipher,
199 200 201
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
202
{
203
  void *ctx = xalloc(cipher->context_size);
204 205 206 207
  uint8_t *data = xalloc(cleartext->length);
  unsigned length;
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
208

209 210
  cipher->set_encrypt_key(ctx, key->length, key->data);
  cipher->encrypt(ctx, length, data, cleartext->data);
211

212
  if (!MEMEQ(length, data, ciphertext->data))
213 214
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
215
      tstring_print_hex(cleartext);
216 217 218
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
219
      tstring_print_hex(ciphertext);
220 221 222
      fprintf(stderr, "\n");
      FAIL();
    }
223
  cipher->set_decrypt_key(ctx, key->length, key->data);
224 225
  cipher->decrypt(ctx, length, data, data);

226
  if (!MEMEQ(length, data, cleartext->data))
227 228
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
229
      tstring_print_hex(ciphertext);
230 231 232
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
233
      tstring_print_hex(cleartext);
234 235 236
      fprintf(stderr, "\n");
      FAIL();
    }
237 238 239

  free(ctx);
  free(data);
240 241 242 243
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
244 245 246 247
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
248
{
249
  void *ctx = xalloc(cipher->context_size);
250
  uint8_t *data;
251
  uint8_t *iv = xalloc(cipher->block_size);
252 253 254 255 256 257 258 259 260 261
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
262 263 264

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
265
	      length, data, cleartext->data);
266

267
  if (!MEMEQ(length, data, ciphertext->data))
268 269
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
270
      tstring_print_hex(cleartext);
271 272 273
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
274
      tstring_print_hex(ciphertext);
275 276 277
      fprintf(stderr, "\n");
      FAIL();
    }
278 279
  cipher->set_decrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
280 281 282 283 284

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

285
  if (!MEMEQ(length, data, cleartext->data))
286 287
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
288
      tstring_print_hex(ciphertext);
289 290 291
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
292
      tstring_print_hex(cleartext);
293 294 295
      fprintf(stderr, "\n");
      FAIL();
    }
296

297 298 299
  free(ctx);
  free(data);
  free(iv);
300 301
}

302 303
void
test_cipher_ctr(const struct nettle_cipher *cipher,
304 305 306 307
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
308 309
{
  void *ctx = xalloc(cipher->context_size);
310
  uint8_t *data;
311
  uint8_t *ctr = xalloc(cipher->block_size);
312
  uint8_t *octr = xalloc(cipher->block_size);
313
  unsigned length;
314
  unsigned low, nblocks;
315 316 317 318 319

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (ictr->length == cipher->block_size);
320 321 322 323 324 325 326 327 328 329 330 331

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

332 333 334 335
  data = xalloc(length);  

  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(ctr, ictr->data, cipher->block_size);
336 337 338

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
339
	    length, data, cleartext->data);
340

341
  if (!MEMEQ(length, data, ciphertext->data))
342 343
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
344
      tstring_print_hex(cleartext);
345 346 347
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
348
      tstring_print_hex(ciphertext);
349 350 351
      fprintf(stderr, "\n");
      FAIL();
    }
352

353 354
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

355
  memcpy(ctr, ictr->data, cipher->block_size);
356 357 358 359 360

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

361
  if (!MEMEQ(length, data, cleartext->data))
362 363
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
364
      tstring_print_hex(ciphertext);
365 366 367
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
368
      tstring_print_hex(cleartext);
369 370 371
      fprintf(stderr, "\n");
      FAIL();
    }
372

373 374
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

375 376
  free(ctx);
  free(data);
377
  free(octr);
378 379 380
  free(ctr);
}

381 382
void
test_cipher_stream(const struct nettle_cipher *cipher,
383 384 385
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
386 387 388
{
  unsigned block;
  
389
  void *ctx = xalloc(cipher->context_size);
390 391 392 393 394 395 396 397
  uint8_t *data;
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

398 399 400 401 402
  for (block = 1; block <= length; block++)
    {
      unsigned i;

      memset(data, 0x17, length + 1);
403
      cipher->set_encrypt_key(ctx, key->length, key->data);
404 405 406

      for (i = 0; i + block < length; i += block)
	{
407 408
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
409
	}
410

411 412
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
413
      
414
      if (!MEMEQ(length, data, ciphertext->data))
415 416
	{
	  fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
417
	  tstring_print_hex(cleartext);
418 419 420
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
421
	  tstring_print_hex(ciphertext);
422 423 424
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
425 426
    }
  
427
  cipher->set_decrypt_key(ctx, key->length, key->data);
428 429
  cipher->decrypt(ctx, length, data, data);

430
  ASSERT (data[length] == 0x17);
431

432
  if (!MEMEQ(length, data, cleartext->data))
433 434
    {
      fprintf(stderr, "Decrypt failed\nInput:");
435
      tstring_print_hex(ciphertext);
436 437 438
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
439
      tstring_print_hex(cleartext);
440 441 442
      fprintf(stderr, "\n");
      FAIL();	    
    }
443 444 445

  free(ctx);
  free(data);
446 447
}

448 449
void
test_aead(const struct nettle_aead *aead,
450 451 452 453 454 455
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
456 457
{
  void *ctx = xalloc(aead->context_size);
458
  uint8_t *data;
459
  uint8_t *buffer = xalloc(aead->block_size);
460 461 462 463
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
464

465 466 467 468
  ASSERT (digest->length == aead->block_size);

  data = xalloc(length);
  
469 470
  /* encryption */
  memset(buffer, 0, aead->block_size);
471
  aead->set_key(ctx, key->length, key->data);
472

473
  aead->set_iv(ctx, iv->length, iv->data);
474

475 476
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
477 478
    
  if (length)
479
    aead->encrypt(ctx, length, data, cleartext->data);
480 481 482

  aead->digest(ctx, aead->block_size, buffer);

483 484
  ASSERT(MEMEQ(length, data, ciphertext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
485 486 487

  /* decryption */
  memset(buffer, 0, aead->block_size);
488
  aead->set_iv(ctx, iv->length, iv->data);
489

490 491
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
492 493 494 495 496 497
    
  if (length)
    aead->decrypt(ctx, length, data, data);

  aead->digest(ctx, aead->block_size, buffer);

498 499
  ASSERT(MEMEQ(length, data, cleartext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
500 501 502 503 504 505

  free(ctx);
  free(data);
  free(buffer);
}

506 507
void
test_hash(const struct nettle_hash *hash,
508 509
	  const struct tstring *msg,
	  const struct tstring *digest)
510
{
511 512
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
513

514 515
  ASSERT (digest->length == hash->digest_size);

516
  hash->init(ctx);
517
  hash->update(ctx, msg->length, msg->data);
518 519
  hash->digest(ctx, hash->digest_size, buffer);

520 521 522 523 524 525 526 527
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
528 529 530 531

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
532
  hash->update(ctx, msg->length, msg->data);
533 534
  hash->digest(ctx, hash->digest_size - 1, buffer);

535
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
536

537
  ASSERT(buffer[hash->digest_size - 1] == 0);
538 539 540

  free(ctx);
  free(buffer);
541
}
542

543 544 545 546
void
test_hash_large(const struct nettle_hash *hash,
		unsigned count, unsigned length,
		uint8_t c,
547
		const struct tstring *digest)
548 549 550 551 552 553
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
  unsigned i;

554 555
  ASSERT (digest->length == hash->digest_size);

556 557 558 559 560 561 562 563 564
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
    hash->update(ctx, length, data);
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

565
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
566 567 568 569 570 571

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
572 573 574 575 576 577
void
test_armor(const struct nettle_armor *armor,
           unsigned data_length,
           const uint8_t *data,
           const uint8_t *ascii)
{
578
  unsigned ascii_length = strlen(ascii);
579 580 581 582
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
583
  unsigned done;
584 585 586 587

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
588 589
  
  memset(buffer, 0x33, 1 + ascii_length);
590
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
591

592 593 594 595 596 597
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

598 599
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
600

601
  armor->decode_init(decode);
602
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
603

604 605 606
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
607
  
608 609
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
610 611 612 613 614

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
615 616
}

617 618 619 620 621 622 623 624 625 626
#if HAVE_LIBGMP
/* Missing in current gmp */
static void
mpz_togglebit (mpz_t x, unsigned long int bit)
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
627 628
#endif /* HAVE_LIBGMP */

629
#if WITH_HOGWEED
630

631
#define SIGN(key, hash, msg, signature) do {		\
632
  hash##_update(&hash, LDATA(msg));		\
633
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
634 635 636 637 638 639
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
640

641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

690
  ASSERT (rsa_public_key_prepare(pub));
691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

728 729
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
730 731
}

732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

752
  ASSERT (mpz_cmp(signature, expected) == 0);
753 754
  
  /* Try bad data */
755 756
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
757 758

  /* Try correct data */
759 760
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
761 762 763

  /* Try bad signature */
  mpz_togglebit(signature, 17);
764 765
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
766 767 768 769 770 771

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
772 773
	      struct rsa_private_key *key,
	      mpz_t expected)
774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

790
  ASSERT (mpz_cmp(signature, expected) == 0);
791 792
  
  /* Try bad data */
793 794
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
795 796

  /* Try correct data */
797 798
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
799 800 801

  /* Try bad signature */
  mpz_togglebit(signature, 17);
802 803
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
804 805 806

  mpz_clear(signature);
}
807

808 809
void
test_rsa_sha256(struct rsa_public_key *pub,
810 811
		struct rsa_private_key *key,
		mpz_t expected)
812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

828
  ASSERT (mpz_cmp(signature, expected) == 0);
829 830
  
  /* Try bad data */
831 832
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
833 834

  /* Try correct data */
835 836
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
837 838 839

  /* Try bad signature */
  mpz_togglebit(signature, 17);
840 841
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
842 843 844 845

  mpz_clear(signature);
}

846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

866
  ASSERT (mpz_cmp(signature, expected) == 0);
867 868
  
  /* Try bad data */
869 870
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
871 872

  /* Try correct data */
873 874
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
875 876 877

  /* Try bad signature */
  mpz_togglebit(signature, 17);
878 879
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
880 881 882 883

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
884 885 886
#undef SIGN
#undef VERIFY

887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
921
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
922 923 924 925

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
926
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
927 928 929 930 931 932 933 934 935

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
936
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
937 938 939 940 941

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
942
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
943 944 945 946 947
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
948
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
949 950 951
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
952

953 954 955 956
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
957 958

void
959
test_dsa160(const struct dsa_public_key *pub,
960 961
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
962 963 964 965 966 967 968 969 970 971
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
972 973 974
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
975

Niels Möller's avatar
Niels Möller committed
976 977
  if (verbose)
    {
978 979 980 981 982 983
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
984 985

  if (expected)
986 987
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
988 989
  
  /* Try bad data */
990 991 992
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
993 994

  /* Try correct data */
995 996 997
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
998 999 1000

  /* Try bad signature */
  mpz_togglebit(signature.r, 17);
1001 1002 1003
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1004 1005 1006 1007 1008 1009

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1010 1011
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1029 1030 1031 1032 1033 1034
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1035
  if (expected)
1036 1037
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1038 1039
  
  /* Try bad data */
1040 1041 1042
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magick words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1043 1044

  /* Try correct data */
1045 1046 1047
  ASSERT (DSA_VERIFY(pub, sha256,
		     "The magic words are squeamish ossifrage",
		     &signature));
Niels Möller's avatar
Niels Möller committed
1048 1049 1050

  /* Try bad signature */
  mpz_togglebit(signature.r, 17);
1051 1052 1053
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magic words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1054 1055 1056 1057

  dsa_signature_clear(&signature);
}

1058 1059
void
test_dsa_key(struct dsa_public_key *pub,
1060 1061
	     struct dsa_private_key *key,
	     unsigned q_size)
1062 1063 1064 1065 1066
{
  mpz_t t;

  mpz_init(t);

1067
  ASSERT(mpz_sizeinbase(pub->q, 2) == q_size);
1068
  ASSERT(mpz_sizeinbase(pub->p, 2) >= DSA_SHA1_MIN_P_BITS);
1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084
  
  ASSERT(mpz_probab_prime_p(pub->p, 10));

  ASSERT(mpz_probab_prime_p(pub->q, 10));

  mpz_fdiv_r(t, pub->p, pub->q);

  ASSERT(0 == mpz_cmp_ui(t, 1));

  ASSERT(mpz_cmp_ui(pub->g, 1) > 0);
  
  mpz_powm(t, pub->g, pub->q, pub->p);
  ASSERT(0 == mpz_cmp_ui(t, 1));
  
  mpz_powm(t, pub->g, key->x, pub->p);
  ASSERT(0 == mpz_cmp(t, pub->y));
1085 1086

  mpz_clear(t);
1087
}
1088

Niels Möller's avatar
Niels Möller committed
1089 1090 1091 1092 1093 1094 1095 1096 1097
const struct ecc_curve * const ecc_curves[] = {
  &nettle_secp_192r1,
  &nettle_secp_224r1,
  &nettle_secp_256r1,
  &nettle_secp_384r1,
  &nettle_secp_521r1,
  NULL
};

1098
#endif /* WITH_HOGWEED */
1099