testutils.c 35.2 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <assert.h>
Niels Möller's avatar
Niels Möller committed
12
13
#include <ctype.h>

14
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
15
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
34

35
36
37
38
39
40
41
42
43
44
45
void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
  vfprintf(stderr, format, args);
  va_end(args);

  abort ();
}

46
47
48
49
void *
xalloc(size_t size)
{
  void *p = malloc(size);
50
  if (size && !p)
51
52
53
54
55
56
57
58
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

59
60
61
static struct tstring *tstring_first = NULL;

struct tstring *
Niels Möller's avatar
Niels Möller committed
62
tstring_alloc (size_t length)
63
{
Niels Möller's avatar
Niels Möller committed
64
  struct tstring *s = xalloc(sizeof(struct tstring) + length);
65
66
  s->length = length;
  s->next = tstring_first;
Niels Möller's avatar
Niels Möller committed
67
68
  /* NUL-terminate, for convenience. */
  s->data[length] = '\0';
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
Niels Möller's avatar
Niels Möller committed
85
tstring_data(size_t length, const char *data)
86
87
88
89
90
91
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

Niels Möller's avatar
Niels Möller committed
92
static size_t
93
94
95
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
96
97
  size_t count;
  size_t i;
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

113
static void
114
115
116
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
117
  size_t i = 0;
118
  
Niels Möller's avatar
Niels Möller committed
119
120
121
122
  for (;;)
  {
    int high, low;
    
123
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
124
125
126
      hex++;

    if (!*hex)
127
      return;
Niels Möller's avatar
Niels Möller committed
128

129
    high = hex_digits[*hex++];
130
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
131

132
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
133
134
      hex++;

135
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
136

137
    low = hex_digits[*hex++];
138
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
139
140
141
142
143

    dst[i++] = (high << 4) | low;
  }
}

144
145
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
146
{
147
  struct tstring *s;
Niels Möller's avatar
Niels Möller committed
148
  size_t length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
149

150
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
151

152
153
154
155
156
157
158
159
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
160
}
161

162
void
Niels Möller's avatar
Niels Möller committed
163
print_hex(size_t length, const uint8_t *data)
164
{
Niels Möller's avatar
Niels Möller committed
165
  size_t i;
166
167
168
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
169
170
171
172
173
174
175
176
177
178
179
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
180
181
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
182
  printf("\n");
183
184
}

Niels Möller's avatar
Niels Möller committed
185
186
187
188
189
int verbose = 0;

int
main(int argc, char **argv)
{
190
191
  if (argc > 1)
    {
192
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
193
	verbose = 1;
194
195
196
197
198
199
200
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
201

202
203
204
205
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
206
207
}

208
209
void
test_cipher(const struct nettle_cipher *cipher,
210
211
212
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
213
{
214
  void *ctx = xalloc(cipher->context_size);
215
  uint8_t *data = xalloc(cleartext->length);
Niels Möller's avatar
Niels Möller committed
216
  size_t length;
217
218
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
219

220
221
  ASSERT (key->length == cipher->key_size);
  cipher->set_encrypt_key(ctx, key->data);
222
  cipher->encrypt(ctx, length, data, cleartext->data);
223

224
  if (!MEMEQ(length, data, ciphertext->data))
225
226
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
227
      tstring_print_hex(cleartext);
228
229
230
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
231
      tstring_print_hex(ciphertext);
232
233
234
      fprintf(stderr, "\n");
      FAIL();
    }
235
  cipher->set_decrypt_key(ctx, key->data);
236
237
  cipher->decrypt(ctx, length, data, data);

238
  if (!MEMEQ(length, data, cleartext->data))
239
240
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
241
      tstring_print_hex(ciphertext);
242
243
244
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
245
      tstring_print_hex(cleartext);
246
247
248
      fprintf(stderr, "\n");
      FAIL();
    }
249
250
251

  free(ctx);
  free(data);
252
253
254
255
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
256
257
258
259
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
260
{
261
  void *ctx = xalloc(cipher->context_size);
262
  uint8_t *data;
263
  uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
264
  size_t length;
265
266
267
268

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

269
  ASSERT (key->length == cipher->key_size);
270
271
272
  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
273
  cipher->set_encrypt_key(ctx, key->data);
274
  memcpy(iv, iiv->data, cipher->block_size);
275
276
277

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
278
	      length, data, cleartext->data);
279

280
  if (!MEMEQ(length, data, ciphertext->data))
281
282
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
283
      tstring_print_hex(cleartext);
284
285
286
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
287
      tstring_print_hex(ciphertext);
288
289
290
      fprintf(stderr, "\n");
      FAIL();
    }
291
  cipher->set_decrypt_key(ctx, key->data);
292
  memcpy(iv, iiv->data, cipher->block_size);
293
294
295
296
297

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

298
  if (!MEMEQ(length, data, cleartext->data))
299
300
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
301
      tstring_print_hex(ciphertext);
302
303
304
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
305
      tstring_print_hex(cleartext);
306
307
308
      fprintf(stderr, "\n");
      FAIL();
    }
309

310
311
312
  free(ctx);
  free(data);
  free(iv);
313
314
}

315
316
void
test_cipher_ctr(const struct nettle_cipher *cipher,
317
318
319
320
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
321
322
{
  void *ctx = xalloc(cipher->context_size);
323
  uint8_t *data;
324
  uint8_t *ctr = xalloc(cipher->block_size);
325
  uint8_t *octr = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
326
327
  size_t length, nblocks;
  unsigned low;
328
329
330
331

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

332
  ASSERT (key->length == cipher->key_size);
333
  ASSERT (ictr->length == cipher->block_size);
334
335
336
337
338
339
340
341
342
343
344
345

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

346
347
  data = xalloc(length);  

348
  cipher->set_encrypt_key(ctx, key->data);
349
  memcpy(ctr, ictr->data, cipher->block_size);
350
351
352

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
353
	    length, data, cleartext->data);
354

355
  if (!MEMEQ(length, data, ciphertext->data))
356
357
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
358
      tstring_print_hex(cleartext);
359
360
361
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
362
      tstring_print_hex(ciphertext);
363
364
365
      fprintf(stderr, "\n");
      FAIL();
    }
366

367
368
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

369
  memcpy(ctr, ictr->data, cipher->block_size);
370
371
372
373
374

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

375
  if (!MEMEQ(length, data, cleartext->data))
376
377
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
378
      tstring_print_hex(ciphertext);
379
380
381
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
382
      tstring_print_hex(cleartext);
383
384
385
      fprintf(stderr, "\n");
      FAIL();
    }
386

387
388
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

389
390
  free(ctx);
  free(data);
391
  free(octr);
392
393
394
  free(ctr);
}

395
#if 0
396
397
void
test_cipher_stream(const struct nettle_cipher *cipher,
398
399
400
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
401
{
Niels Möller's avatar
Niels Möller committed
402
  size_t block;
403
  
404
  void *ctx = xalloc(cipher->context_size);
405
  uint8_t *data;
Niels Möller's avatar
Niels Möller committed
406
  size_t length;
407
408
409
410
411
412

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

413
414
  for (block = 1; block <= length; block++)
    {
Niels Möller's avatar
Niels Möller committed
415
      size_t i;
416
417

      memset(data, 0x17, length + 1);
418
      cipher->set_encrypt_key(ctx, key->length, key->data);
419
420
421

      for (i = 0; i + block < length; i += block)
	{
422
423
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
424
	}
425

426
427
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
428
      
429
      if (!MEMEQ(length, data, ciphertext->data))
430
	{
Niels Möller's avatar
Niels Möller committed
431
432
	  fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
		  (unsigned long) block);
433
	  tstring_print_hex(cleartext);
434
435
436
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
437
	  tstring_print_hex(ciphertext);
438
439
440
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
441
442
    }
  
443
  cipher->set_decrypt_key(ctx, key->length, key->data);
444
445
  cipher->decrypt(ctx, length, data, data);

446
  ASSERT (data[length] == 0x17);
447

448
  if (!MEMEQ(length, data, cleartext->data))
449
450
    {
      fprintf(stderr, "Decrypt failed\nInput:");
451
      tstring_print_hex(ciphertext);
452
453
454
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
455
      tstring_print_hex(cleartext);
456
457
458
      fprintf(stderr, "\n");
      FAIL();	    
    }
459
460
461

  free(ctx);
  free(data);
462
}
463
#endif
464

465
466
void
test_aead(const struct nettle_aead *aead,
467
	  nettle_hash_update_func *set_nonce,
468
469
470
471
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
472
	  const struct tstring *nonce,
473
	  const struct tstring *digest)
474
475
{
  void *ctx = xalloc(aead->context_size);
476
  uint8_t *data;
477
  uint8_t *buffer = xalloc(aead->digest_size);
Niels Möller's avatar
Niels Möller committed
478
  size_t length;
479
480
481

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
482

483
  ASSERT (key->length == aead->key_size);
484
  ASSERT (digest->length <= aead->digest_size);
485
486
487

  data = xalloc(length);
  
488
  /* encryption */
489
  memset(buffer, 0, aead->digest_size);
490
  aead->set_encrypt_key(ctx, key->data);
491

492
493
494
495
496
497
498
  if (nonce->length != aead->nonce_size)
    {
      ASSERT (set_nonce);
      set_nonce (ctx, nonce->length, nonce->data);
    }
  else
    aead->set_nonce(ctx, nonce->data);
499

500
501
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
502
503
    
  if (length)
504
    aead->encrypt(ctx, length, data, cleartext->data);
505

506
  aead->digest(ctx, digest->length, buffer);
507

508
  ASSERT(MEMEQ(length, data, ciphertext->data));
509
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
510
511

  /* decryption */
512
  memset(buffer, 0, aead->digest_size);
513
514
515
516
517
518
519
520
521
522

  aead->set_decrypt_key(ctx, key->data);

  if (nonce->length != aead->nonce_size)
    {
      ASSERT (set_nonce);
      set_nonce (ctx, nonce->length, nonce->data);
    }
  else
    aead->set_nonce(ctx, nonce->data);
523

524
525
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
526
527
528
529
    
  if (length)
    aead->decrypt(ctx, length, data, data);

530
  aead->digest(ctx, digest->length, buffer);
531

532
  ASSERT(MEMEQ(length, data, cleartext->data));
533
  ASSERT(MEMEQ(digest->length, buffer, digest->data));
534
535
536
537
538
539

  free(ctx);
  free(data);
  free(buffer);
}

540
541
void
test_hash(const struct nettle_hash *hash,
542
543
	  const struct tstring *msg,
	  const struct tstring *digest)
544
{
545
546
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
547
548
  uint8_t *input;
  unsigned offset;
549

550
551
  ASSERT (digest->length == hash->digest_size);

552
  hash->init(ctx);
553
  hash->update(ctx, msg->length, msg->data);
554
555
  hash->digest(ctx, hash->digest_size, buffer);

556
557
558
559
560
561
562
563
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
564
565
566

  memset(buffer, 0, hash->digest_size);

567
  hash->update(ctx, msg->length, msg->data);
568
569
  hash->digest(ctx, hash->digest_size - 1, buffer);

570
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
571

572
  ASSERT(buffer[hash->digest_size - 1] == 0);
573

574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
  input = xalloc (msg->length + 16);
  for (offset = 0; offset < 16; offset++)
    {
      memset (input, 0, msg->length + 16);
      memcpy (input + offset, msg->data, msg->length);
      hash->update (ctx, msg->length, input + offset);
      hash->digest (ctx, hash->digest_size, buffer);
      if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
	{
	  fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
	  print_hex(hash->digest_size, buffer);
	  fprintf(stdout, "\nExpected:\n");
	  print_hex(hash->digest_size, digest->data);
	  abort();
	}      
    }
590
591
  free(ctx);
  free(buffer);
592
  free(input);
593
}
594

595
596
void
test_hash_large(const struct nettle_hash *hash,
Niels Möller's avatar
Niels Möller committed
597
		size_t count, size_t length,
598
		uint8_t c,
599
		const struct tstring *digest)
600
601
602
603
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
Niels Möller's avatar
Niels Möller committed
604
  size_t i;
605

606
607
  ASSERT (digest->length == hash->digest_size);

608
609
610
611
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
612
613
614
615
616
617
618
    {
      hash->update(ctx, length, data);
      if (i % (count / 50) == 0)
	fprintf (stderr, ".");
    }
  fprintf (stderr, "\n");
  
619
620
621
622
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

623
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
624
625
626
627
628
629

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
630
631
void
test_armor(const struct nettle_armor *armor,
Niels Möller's avatar
Niels Möller committed
632
           size_t data_length,
Niels Möller's avatar
Niels Möller committed
633
634
635
           const uint8_t *data,
           const uint8_t *ascii)
{
636
  size_t ascii_length = strlen(ascii);
637
638
639
640
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
641
  size_t done;
642
643
644
645

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
646
647
  
  memset(buffer, 0x33, 1 + ascii_length);
648
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
649

650
651
652
653
654
655
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

656
657
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
658

659
  armor->decode_init(decode);
660
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
661

662
663
664
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
665
  
666
667
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
668
669
670
671
672

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
673
674
}

675
676
677
678
#if WITH_HOGWEED

#ifndef mpz_combit
/* Missing in older gmp */
679
static void
680
mpz_combit (mpz_t x, unsigned long int bit)
681
682
683
684
685
686
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
687
#endif
688

Niels Möller's avatar
Niels Möller committed
689
690
691
692
693
694
mp_limb_t *
xalloc_limbs (mp_size_t n)
{
  return xalloc (n * sizeof (mp_limb_t));
}

695
#define SIGN(key, hash, msg, signature) do {		\
696
  hash##_update(&hash, LDATA(msg));		\
697
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
698
699
700
701
702
703
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
704

705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

754
  ASSERT (rsa_public_key_prepare(pub));
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

792
793
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
794
795
}

796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

816
  ASSERT (mpz_cmp(signature, expected) == 0);
817
818
  
  /* Try bad data */
819
820
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
821
822

  /* Try correct data */
823
824
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
825
826

  /* Try bad signature */
827
  mpz_combit(signature, 17);
828
829
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
830
831
832
833
834
835

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
836
837
	      struct rsa_private_key *key,
	      mpz_t expected)
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

854
  ASSERT (mpz_cmp(signature, expected) == 0);
855
856
  
  /* Try bad data */
857
858
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
859
860

  /* Try correct data */
861
862
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
863
864

  /* Try bad signature */
865
  mpz_combit(signature, 17);
866
867
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
868
869
870

  mpz_clear(signature);
}
871

872
873
void
test_rsa_sha256(struct rsa_public_key *pub,
874
875
		struct rsa_private_key *key,
		mpz_t expected)
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

892
  ASSERT (mpz_cmp(signature, expected) == 0);
893
894
  
  /* Try bad data */
895
896
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
897
898

  /* Try correct data */
899
900
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
901
902

  /* Try bad signature */
903
  mpz_combit(signature, 17);
904
905
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
906
907
908
909

  mpz_clear(signature);
}

910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

930
  ASSERT (mpz_cmp(signature, expected) == 0);
931
932
  
  /* Try bad data */
933
934
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
935
936

  /* Try correct data */
937
938
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
939
940

  /* Try bad signature */
941
  mpz_combit(signature, 17);
942
943
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
944
945
946
947

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
948
949
950
#undef SIGN
#undef VERIFY

951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
985
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
986
987
988
989

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
990
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
991
992
993
994
995
996
997
998
999

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
1000
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
1001
1002
1003
1004
1005

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
1006
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
1007
1008
1009
1010
1011
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
1012
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
1013
1014
1015
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
1016

1017
1018
1019
1020
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
1021
1022

void
1023
test_dsa160(const struct dsa_public_key *pub,
1024
1025
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
1036
1037
1038
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
1039

Niels Möller's avatar
Niels Möller committed
1040
1041
  if (verbose)
    {
1042
1043
1044
1045
1046
1047
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
1048
1049

  if (expected)
1050
1051
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
1052
1053
  
  /* Try bad data */
1054
1055
1056
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
1057
1058

  /* Try correct data */
1059
1060
1061
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
1062
1063

  /* Try bad signature */
1064
  mpz_combit(signature.r, 17);
1065
1066
1067
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magic words are squeamish ossifrage",
		      &signature));
1068
1069
1070
1071
1072
1073

  dsa_signature_clear(&signature);
}

void
test_dsa256(const struct dsa_public_key *pub,
1074
1075
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
{
  struct sha256_ctx sha256;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha256_init(&sha256);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
  ASSERT (dsa_sha256_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha256, &signature));
  
  if (verbose)
    {
      fprintf(stderr, "dsa256 signature: ");
Niels Möller's avatar
Niels Möller committed
1093
1094
1095
1096
1097
1098
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }

1099
  if (expected)
1100
1101
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
Niels Möller's avatar
Niels Möller committed
1102
1103
  
  /* Try bad data */
1104
1105
1106
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magick words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1107
1108

  /* Try correct data */
1109
1110
1111
  ASSERT (DSA_VERIFY(pub, sha256,
		     "The magic words are squeamish ossifrage",
		     &signature));
Niels Möller's avatar
Niels Möller committed
1112
1113

  /* Try bad signature */
1114
  mpz_combit(signature.r, 17);
1115
1116
1117
  ASSERT (!DSA_VERIFY(pub, sha256,
		      "The magic words are squeamish ossifrage",
		      &signature));
Niels Möller's avatar
Niels Möller committed
1118
1119
1120
1121

  dsa_signature_clear(&signature);
}

Niels Möller's avatar
Niels Möller committed
1122
#if 0
Niels Möller's avatar
Niels Möller committed
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150