testutils.c 26.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
/* testutils.c */
Niels Möller's avatar
Niels Möller committed
2
3
4

#include "testutils.h"

5
#include "cbc.h"
6
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
7
#include "knuth-lfib.h"
8
#include "macros.h"
9
#include "nettle-internal.h"
10

Niels Möller's avatar
Niels Möller committed
11
#include <ctype.h>
Niels Möller's avatar
Niels Möller committed
12
#include <stdio.h>
Niels Möller's avatar
Niels Möller committed
13
#include <stdlib.h>
Niels Möller's avatar
Niels Möller committed
14
#include <string.h>
Niels Möller's avatar
Niels Möller committed
15

16
/* -1 means invalid */
Niels Möller's avatar
Niels Möller committed
17
static const signed char hex_digits[0x100] =
Niels Möller's avatar
Niels Möller committed
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
  {
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
     0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
  };
36

37
38
39
40
void *
xalloc(size_t size)
{
  void *p = malloc(size);
41
  if (size && !p)
42
43
44
45
46
47
48
49
    {
      fprintf(stderr, "Virtual memory exhausted.\n");
      abort();
    }

  return p;
}

50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
static struct tstring *tstring_first = NULL;

struct tstring *
tstring_alloc (unsigned length)
{
  struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
  s->length = length;
  s->next = tstring_first;
  tstring_first = s;
  return s;
}

void
tstring_clear(void)
{
  while (tstring_first)
    {
      struct tstring *s = tstring_first;
      tstring_first = s->next;
      free(s);
    }
}

struct tstring *
tstring_data(unsigned length, const char *data)
{
  struct tstring *s = tstring_alloc (length);
  memcpy (s->data, data, length);
  return s;
}

static unsigned
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
decode_hex_length(const char *h)
{
  const unsigned char *hex = (const unsigned char *) h;
  unsigned count;
  unsigned i;
  
  for (count = i = 0; hex[i]; i++)
    {
      if (isspace(hex[i]))
	continue;
      if (hex_digits[hex[i]] < 0)
	abort();
      count++;
    }

  if (count % 2)
    abort();
  return count / 2;  
}

102
static void
103
104
105
decode_hex(uint8_t *dst, const char *h)
{  
  const unsigned char *hex = (const unsigned char *) h;
Niels Möller's avatar
Niels Möller committed
106
  unsigned i = 0;
107
  
Niels Möller's avatar
Niels Möller committed
108
109
110
111
  for (;;)
  {
    int high, low;
    
112
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
113
114
115
      hex++;

    if (!*hex)
116
      return;
Niels Möller's avatar
Niels Möller committed
117

118
    high = hex_digits[*hex++];
119
    ASSERT (high >= 0);
Niels Möller's avatar
Niels Möller committed
120

121
    while (*hex && isspace(*hex))
Niels Möller's avatar
Niels Möller committed
122
123
      hex++;

124
    ASSERT (*hex);
Niels Möller's avatar
Niels Möller committed
125

126
    low = hex_digits[*hex++];
127
    ASSERT (low >= 0);
Niels Möller's avatar
Niels Möller committed
128
129
130
131
132

    dst[i++] = (high << 4) | low;
  }
}

133
134
struct tstring *
tstring_hex(const char *hex)
Niels Möller's avatar
Niels Möller committed
135
{
136
  struct tstring *s;
137
  unsigned length = decode_hex_length(hex);
Niels Möller's avatar
Niels Möller committed
138

139
  s = tstring_alloc(length);
Niels Möller's avatar
Niels Möller committed
140

141
142
143
144
145
146
147
148
  decode_hex(s->data, hex);
  return s;
}

void
tstring_print_hex(const struct tstring *s)
{
  print_hex (s->length, s->data);
Niels Möller's avatar
Niels Möller committed
149
}
150

151
void
Niels Möller's avatar
Niels Möller committed
152
print_hex(unsigned length, const uint8_t *data)
153
154
155
156
157
{
  unsigned i;
  
  for (i = 0; i < length; i++)
    {
Niels Möller's avatar
Niels Möller committed
158
159
160
161
162
163
164
165
166
167
168
      switch (i % 16)
	{
	default:
	  break;
	case 0:
	  printf("\n");
	  break;
	case 8:
	  printf(" ");
	  break;
	}
169
170
      printf("%02x", data[i]);
    }
Niels Möller's avatar
Niels Möller committed
171
  printf("\n");
172
173
}

Niels Möller's avatar
Niels Möller committed
174
175
176
177
178
int verbose = 0;

int
main(int argc, char **argv)
{
179
180
  if (argc > 1)
    {
181
      if (argc == 2 && !strcmp(argv[1], "-v"))
Niels Möller's avatar
Niels Möller committed
182
	verbose = 1;
183
184
185
186
187
188
189
      else
	{
	  fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
		  argv[1]);
	  return 1;
	}
    }
Niels Möller's avatar
Niels Möller committed
190

191
192
193
194
  test_main();

  tstring_clear();
  return EXIT_SUCCESS;
Niels Möller's avatar
Niels Möller committed
195
196
}

197
198
void
test_cipher(const struct nettle_cipher *cipher,
199
200
201
	    const struct tstring *key,
	    const struct tstring *cleartext,
	    const struct tstring *ciphertext)
202
{
203
  void *ctx = xalloc(cipher->context_size);
204
205
206
207
  uint8_t *data = xalloc(cleartext->length);
  unsigned length;
  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
208

209
210
  cipher->set_encrypt_key(ctx, key->length, key->data);
  cipher->encrypt(ctx, length, data, cleartext->data);
211

212
  if (!MEMEQ(length, data, ciphertext->data))
213
214
    {
      fprintf(stderr, "Encrypt failed:\nInput:");
215
      tstring_print_hex(cleartext);
216
217
218
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
219
      tstring_print_hex(ciphertext);
220
221
222
      fprintf(stderr, "\n");
      FAIL();
    }
223
  cipher->set_decrypt_key(ctx, key->length, key->data);
224
225
  cipher->decrypt(ctx, length, data, data);

226
  if (!MEMEQ(length, data, cleartext->data))
227
228
    {
      fprintf(stderr, "Decrypt failed:\nInput:");
229
      tstring_print_hex(ciphertext);
230
231
232
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
233
      tstring_print_hex(cleartext);
234
235
236
      fprintf(stderr, "\n");
      FAIL();
    }
237
238
239

  free(ctx);
  free(data);
240
241
242
243
}

void
test_cipher_cbc(const struct nettle_cipher *cipher,
244
245
246
247
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *iiv)
248
{
249
  void *ctx = xalloc(cipher->context_size);
250
  uint8_t *data;
251
  uint8_t *iv = xalloc(cipher->block_size);
252
253
254
255
256
257
258
259
260
261
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (iiv->length == cipher->block_size);

  data = xalloc(length);  
  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
262
263
264

  cbc_encrypt(ctx, cipher->encrypt,
	      cipher->block_size, iv,
265
	      length, data, cleartext->data);
266

267
  if (!MEMEQ(length, data, ciphertext->data))
268
269
    {
      fprintf(stderr, "CBC encrypt failed:\nInput:");
270
      tstring_print_hex(cleartext);
271
272
273
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
274
      tstring_print_hex(ciphertext);
275
276
277
      fprintf(stderr, "\n");
      FAIL();
    }
278
279
  cipher->set_decrypt_key(ctx, key->length, key->data);
  memcpy(iv, iiv->data, cipher->block_size);
280
281
282
283
284

  cbc_decrypt(ctx, cipher->decrypt,
	      cipher->block_size, iv,
	      length, data, data);

285
  if (!MEMEQ(length, data, cleartext->data))
286
287
    {
      fprintf(stderr, "CBC decrypt failed:\nInput:");
288
      tstring_print_hex(ciphertext);
289
290
291
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
292
      tstring_print_hex(cleartext);
293
294
295
      fprintf(stderr, "\n");
      FAIL();
    }
296

297
298
299
  free(ctx);
  free(data);
  free(iv);
300
301
}

302
303
void
test_cipher_ctr(const struct nettle_cipher *cipher,
304
305
306
307
		const struct tstring *key,
		const struct tstring *cleartext,
		const struct tstring *ciphertext,
		const struct tstring *ictr)
308
309
{
  void *ctx = xalloc(cipher->context_size);
310
  uint8_t *data;
311
  uint8_t *ctr = xalloc(cipher->block_size);
312
  uint8_t *octr = xalloc(cipher->block_size);
313
  unsigned length;
314
  unsigned low, nblocks;
315
316
317
318
319

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  ASSERT (ictr->length == cipher->block_size);
320
321
322
323
324
325
326
327
328
329
330
331

  /* Compute expected counter value after the operation. */
  nblocks = (length + cipher->block_size - 1) / cipher->block_size;
  ASSERT (nblocks < 0x100);

  memcpy (octr, ictr->data, cipher->block_size - 1);
  low = ictr->data[cipher->block_size - 1] + nblocks;
  octr[cipher->block_size - 1] = low;

  if (low >= 0x100)
    INCREMENT (cipher->block_size - 1, octr);

332
333
334
335
  data = xalloc(length);  

  cipher->set_encrypt_key(ctx, key->length, key->data);
  memcpy(ctr, ictr->data, cipher->block_size);
336
337
338

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
339
	    length, data, cleartext->data);
340

341
  if (!MEMEQ(length, data, ciphertext->data))
342
343
    {
      fprintf(stderr, "CTR encrypt failed:\nInput:");
344
      tstring_print_hex(cleartext);
345
346
347
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
348
      tstring_print_hex(ciphertext);
349
350
351
      fprintf(stderr, "\n");
      FAIL();
    }
352

353
354
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

355
  memcpy(ctr, ictr->data, cipher->block_size);
356
357
358
359
360

  ctr_crypt(ctx, cipher->encrypt,
	    cipher->block_size, ctr,
	    length, data, data);

361
  if (!MEMEQ(length, data, cleartext->data))
362
363
    {
      fprintf(stderr, "CTR decrypt failed:\nInput:");
364
      tstring_print_hex(ciphertext);
365
366
367
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
368
      tstring_print_hex(cleartext);
369
370
371
      fprintf(stderr, "\n");
      FAIL();
    }
372

373
374
  ASSERT (MEMEQ (cipher->block_size, ctr, octr));

375
376
  free(ctx);
  free(data);
377
  free(octr);
378
379
380
  free(ctr);
}

381
382
void
test_cipher_stream(const struct nettle_cipher *cipher,
383
384
385
		   const struct tstring *key,
		   const struct tstring *cleartext,
		   const struct tstring *ciphertext)
386
387
388
{
  unsigned block;
  
389
  void *ctx = xalloc(cipher->context_size);
390
391
392
393
394
395
396
397
  uint8_t *data;
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;

  data = xalloc(length + 1);

398
399
400
401
402
  for (block = 1; block <= length; block++)
    {
      unsigned i;

      memset(data, 0x17, length + 1);
403
      cipher->set_encrypt_key(ctx, key->length, key->data);
404
405
406

      for (i = 0; i + block < length; i += block)
	{
407
408
	  cipher->encrypt(ctx, block, data + i, cleartext->data + i);
	  ASSERT (data[i + block] == 0x17);
409
	}
410

411
412
      cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
      ASSERT (data[length] == 0x17);
413
      
414
      if (!MEMEQ(length, data, ciphertext->data))
415
416
	{
	  fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
417
	  tstring_print_hex(cleartext);
418
419
420
	  fprintf(stderr, "\nOutput: ");
	  print_hex(length, data);
	  fprintf(stderr, "\nExpected:");
421
	  tstring_print_hex(ciphertext);
422
423
424
	  fprintf(stderr, "\n");
	  FAIL();	    
	}
425
426
    }
  
427
  cipher->set_decrypt_key(ctx, key->length, key->data);
428
429
  cipher->decrypt(ctx, length, data, data);

430
  ASSERT (data[length] == 0x17);
431

432
  if (!MEMEQ(length, data, cleartext->data))
433
434
    {
      fprintf(stderr, "Decrypt failed\nInput:");
435
      tstring_print_hex(ciphertext);
436
437
438
      fprintf(stderr, "\nOutput: ");
      print_hex(length, data);
      fprintf(stderr, "\nExpected:");
439
      tstring_print_hex(cleartext);
440
441
442
      fprintf(stderr, "\n");
      FAIL();	    
    }
443
444
445

  free(ctx);
  free(data);
446
447
}

448
449
void
test_aead(const struct nettle_aead *aead,
450
451
452
453
454
455
	  const struct tstring *key,
	  const struct tstring *authtext,
	  const struct tstring *cleartext,
	  const struct tstring *ciphertext,
	  const struct tstring *iv,
	  const struct tstring *digest)
456
457
{
  void *ctx = xalloc(aead->context_size);
458
  uint8_t *data;
459
  uint8_t *buffer = xalloc(aead->block_size);
460
461
462
463
  unsigned length;

  ASSERT (cleartext->length == ciphertext->length);
  length = cleartext->length;
464

465
466
467
468
  ASSERT (digest->length == aead->block_size);

  data = xalloc(length);
  
469
470
  /* encryption */
  memset(buffer, 0, aead->block_size);
471
  aead->set_key(ctx, key->length, key->data);
472

473
  aead->set_iv(ctx, iv->length, iv->data);
474

475
476
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
477
478
    
  if (length)
479
    aead->encrypt(ctx, length, data, cleartext->data);
480
481
482

  aead->digest(ctx, aead->block_size, buffer);

483
484
  ASSERT(MEMEQ(length, data, ciphertext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
485
486
487

  /* decryption */
  memset(buffer, 0, aead->block_size);
488
  aead->set_iv(ctx, iv->length, iv->data);
489

490
491
  if (authtext->length)
    aead->update(ctx, authtext->length, authtext->data);
492
493
494
495
496
497
    
  if (length)
    aead->decrypt(ctx, length, data, data);

  aead->digest(ctx, aead->block_size, buffer);

498
499
  ASSERT(MEMEQ(length, data, cleartext->data));
  ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
500
501
502
503
504
505

  free(ctx);
  free(data);
  free(buffer);
}

506
507
void
test_hash(const struct nettle_hash *hash,
508
509
	  const struct tstring *msg,
	  const struct tstring *digest)
510
{
511
512
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
513

514
515
  ASSERT (digest->length == hash->digest_size);

516
  hash->init(ctx);
517
  hash->update(ctx, msg->length, msg->data);
518
519
  hash->digest(ctx, hash->digest_size, buffer);

520
521
522
523
524
525
526
527
  if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
    {
      fprintf(stdout, "\nGot:\n");
      print_hex(hash->digest_size, buffer);
      fprintf(stdout, "\nExpected:\n");
      print_hex(hash->digest_size, digest->data);
      abort();
    }
528
529
530
531

  memset(buffer, 0, hash->digest_size);

  hash->init(ctx);
532
  hash->update(ctx, msg->length, msg->data);
533
534
  hash->digest(ctx, hash->digest_size - 1, buffer);

535
  ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
536

537
  ASSERT(buffer[hash->digest_size - 1] == 0);
538
539
540

  free(ctx);
  free(buffer);
541
}
542

543
544
545
546
void
test_hash_large(const struct nettle_hash *hash,
		unsigned count, unsigned length,
		uint8_t c,
547
		const struct tstring *digest)
548
549
550
551
552
553
{
  void *ctx = xalloc(hash->context_size);
  uint8_t *buffer = xalloc(hash->digest_size);
  uint8_t *data = xalloc(length);
  unsigned i;

554
555
  ASSERT (digest->length == hash->digest_size);

556
557
558
559
560
561
562
563
564
  memset(data, c, length);

  hash->init(ctx);
  for (i = 0; i < count; i++)
    hash->update(ctx, length, data);
  hash->digest(ctx, hash->digest_size, buffer);

  print_hex(hash->digest_size, buffer);

565
  ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
566
567
568
569
570
571

  free(ctx);
  free(buffer);
  free(data);
}

Niels Möller's avatar
Niels Möller committed
572
573
574
575
576
577
void
test_armor(const struct nettle_armor *armor,
           unsigned data_length,
           const uint8_t *data,
           const uint8_t *ascii)
{
578
  unsigned ascii_length = strlen(ascii);
579
580
581
582
  uint8_t *buffer = xalloc(1 + ascii_length);
  uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
  void *encode = xalloc(armor->encode_context_size);
  void *decode = xalloc(armor->decode_context_size);
583
  unsigned done;
584
585
586
587

  ASSERT(ascii_length
	 <= (armor->encode_length(data_length) + armor->encode_final_length));
  ASSERT(data_length <= armor->decode_length(ascii_length));
588
589
  
  memset(buffer, 0x33, 1 + ascii_length);
590
  memset(check, 0x55, 1 + data_length);
Niels Möller's avatar
Niels Möller committed
591

592
593
594
595
596
597
  armor->encode_init(encode);
  
  done = armor->encode_update(encode, buffer, data_length, data);
  done += armor->encode_final(encode, buffer + done);
  ASSERT(done == ascii_length);

598
599
  ASSERT (MEMEQ(ascii_length, buffer, ascii));
  ASSERT (0x33 == buffer[strlen(ascii)]);
Niels Möller's avatar
Niels Möller committed
600

601
  armor->decode_init(decode);
602
  done = armor->decode_length(ascii_length);
Niels Möller's avatar
Niels Möller committed
603

604
605
606
  ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
  ASSERT(done == data_length);
  ASSERT(armor->decode_final(decode));
607
  
608
609
  ASSERT (MEMEQ(data_length, check, data));
  ASSERT (0x55 == check[data_length]);
610
611
612
613
614

  free(buffer);
  free(check);
  free(encode);
  free(decode);
Niels Möller's avatar
Niels Möller committed
615
616
}

617
618
619
620
621
622
623
624
625
626
#if HAVE_LIBGMP
/* Missing in current gmp */
static void
mpz_togglebit (mpz_t x, unsigned long int bit)
{
  if (mpz_tstbit(x, bit))
    mpz_clrbit(x, bit);
  else
    mpz_setbit(x, bit);
}
627
628
#endif /* HAVE_LIBGMP */

629
#if WITH_HOGWEED
630

631
#define SIGN(key, hash, msg, signature) do {		\
632
  hash##_update(&hash, LDATA(msg));		\
633
  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
634
635
636
637
638
639
} while(0)

#define VERIFY(key, hash, msg, signature) (	\
  hash##_update(&hash, LDATA(msg)),		\
  rsa_##hash##_verify(key, &hash, signature)	\
)
640

641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
void
test_rsa_set_key_1(struct rsa_public_key *pub,
		   struct rsa_private_key *key)
{
  /* Initialize key pair for test programs */
  /* 1000-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 1000 -f advanced-hex
   *
   * (private-key (rsa-pkcs1 
   *        (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
   *            4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
   *            ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
   *            84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
   *            df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
   *            e545fbb4cf#)
   *        (e #0db2ad57#)
   *        (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
   *            ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
   *            f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
   *            4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
   *            bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
   *            468863c307#)
   *        (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
   *            14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
   *            f2fad3bc37f6f013 273c9552c9f489#)
   *        (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
   *            9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
   *            2d55b07b5f9a5875 d1ca5f6dcab897#)
   *        (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
   *            5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
   *            1bf8a9f28963de53 128aa7d690eb87#)
   *        (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
   *            60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
   *            ce56debf431bdec2 70b308fa5bf387#)
   *        (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
   *            e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
   *            40d46f49676a2f6b 2926f70c572c00#)))
   */
  
  mpz_set_str(pub->n,
	      "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
	      "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
	      "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
	      "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
	      "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
	      "e545fbb4cf", 16);
  mpz_set_str(pub->e, "0db2ad57", 16);

690
  ASSERT (rsa_public_key_prepare(pub));
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
  
  /* d is not used */
#if 0  
  mpz_set_str(key->d,
	      "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
	      "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
	      "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
	      "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
	      "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
	      "468863c307", 16);
#endif
  
  mpz_set_str(key->p,
	      "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
	      "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
	      "f2fad3bc37f6f013" "273c9552c9f489", 16);

  mpz_set_str(key->q,
	      "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
	      "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
	      "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
  
  mpz_set_str(key->a,
	      "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
	      "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
	      "1bf8a9f28963de53" "128aa7d690eb87", 16);
  
  mpz_set_str(key->b,
	      "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
	      "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
	      "ce56debf431bdec2" "70b308fa5bf387", 16);
  
  mpz_set_str(key->c,
	      "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
	      "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
	      "40d46f49676a2f6b" "2926f70c572c00", 16);

728
729
  ASSERT (rsa_private_key_prepare(key));
  ASSERT (pub->size == key->size);
730
731
}

732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
void
test_rsa_md5(struct rsa_public_key *pub,
	     struct rsa_private_key *key,
	     mpz_t expected)
{
  struct md5_ctx md5;
  mpz_t signature;

  md5_init(&md5);
  mpz_init(signature);
  
  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-md5 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

752
  ASSERT (mpz_cmp(signature, expected) == 0);
753
754
  
  /* Try bad data */
755
756
  ASSERT (!VERIFY(pub, md5,
		  "The magick words are squeamish ossifrage", signature));
757
758

  /* Try correct data */
759
760
  ASSERT (VERIFY(pub, md5,
		 "The magic words are squeamish ossifrage", signature));
761
762
763

  /* Try bad signature */
  mpz_togglebit(signature, 17);
764
765
  ASSERT (!VERIFY(pub, md5,
		  "The magic words are squeamish ossifrage", signature));
766
767
768
769
770
771

  mpz_clear(signature);
}

void
test_rsa_sha1(struct rsa_public_key *pub,
772
773
	      struct rsa_private_key *key,
	      mpz_t expected)
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
{
  struct sha1_ctx sha1;
  mpz_t signature;

  sha1_init(&sha1);
  mpz_init(signature);

  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha1 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

790
  ASSERT (mpz_cmp(signature, expected) == 0);
791
792
  
  /* Try bad data */
793
794
  ASSERT (!VERIFY(pub, sha1,
		  "The magick words are squeamish ossifrage", signature));
795
796

  /* Try correct data */
797
798
  ASSERT (VERIFY(pub, sha1,
		 "The magic words are squeamish ossifrage", signature));
799
800
801

  /* Try bad signature */
  mpz_togglebit(signature, 17);
802
803
  ASSERT (!VERIFY(pub, sha1,
		  "The magic words are squeamish ossifrage", signature));
804
805
806

  mpz_clear(signature);
}
807

808
809
void
test_rsa_sha256(struct rsa_public_key *pub,
810
811
		struct rsa_private_key *key,
		mpz_t expected)
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
{
  struct sha256_ctx sha256;
  mpz_t signature;

  sha256_init(&sha256);
  mpz_init(signature);

  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha256 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

828
  ASSERT (mpz_cmp(signature, expected) == 0);
829
830
  
  /* Try bad data */
831
832
  ASSERT (!VERIFY(pub, sha256,
		  "The magick words are squeamish ossifrage", signature));
833
834

  /* Try correct data */
835
836
  ASSERT (VERIFY(pub, sha256,
		 "The magic words are squeamish ossifrage", signature));
837
838
839

  /* Try bad signature */
  mpz_togglebit(signature, 17);
840
841
  ASSERT (!VERIFY(pub, sha256,
		  "The magic words are squeamish ossifrage", signature));
842
843
844
845

  mpz_clear(signature);
}

846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
void
test_rsa_sha512(struct rsa_public_key *pub,
		struct rsa_private_key *key,
		mpz_t expected)
{
  struct sha512_ctx sha512;
  mpz_t signature;

  sha512_init(&sha512);
  mpz_init(signature);

  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);

  if (verbose)
    {
      fprintf(stderr, "rsa-sha512 signature: ");
      mpz_out_str(stderr, 16, signature);
      fprintf(stderr, "\n");
    }

866
  ASSERT (mpz_cmp(signature, expected) == 0);
867
868
  
  /* Try bad data */
869
870
  ASSERT (!VERIFY(pub, sha512,
		  "The magick words are squeamish ossifrage", signature));
871
872

  /* Try correct data */
873
874
  ASSERT (VERIFY(pub, sha512,
		 "The magic words are squeamish ossifrage", signature));
875
876
877

  /* Try bad signature */
  mpz_togglebit(signature, 17);
878
879
  ASSERT (!VERIFY(pub, sha512,
		  "The magic words are squeamish ossifrage", signature));
880
881
882
883

  mpz_clear(signature);
}

Niels Möller's avatar
Niels Möller committed
884
885
886
#undef SIGN
#undef VERIFY

887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
void
test_rsa_key(struct rsa_public_key *pub,
	     struct rsa_private_key *key)
{
  mpz_t tmp;
  mpz_t phi;
  
  mpz_init(tmp); mpz_init(phi);
  
  if (verbose)
    {
      /* FIXME: Use gmp_printf */
      fprintf(stderr, "Public key: n=");
      mpz_out_str(stderr, 16, pub->n);
      fprintf(stderr, "\n    e=");
      mpz_out_str(stderr, 16, pub->e);

      fprintf(stderr, "\n\nPrivate key: d=");
      mpz_out_str(stderr, 16, key->d);
      fprintf(stderr, "\n    p=");
      mpz_out_str(stderr, 16, key->p);
      fprintf(stderr, "\n    q=");
      mpz_out_str(stderr, 16, key->q);
      fprintf(stderr, "\n    a=");
      mpz_out_str(stderr, 16, key->a);
      fprintf(stderr, "\n    b=");
      mpz_out_str(stderr, 16, key->b);
      fprintf(stderr, "\n    c=");
      mpz_out_str(stderr, 16, key->c);
      fprintf(stderr, "\n\n");
    }

  /* Check n = p q */
  mpz_mul(tmp, key->p, key->q);
921
  ASSERT (mpz_cmp(tmp, pub->n)== 0);
922
923
924
925

  /* Check c q = 1 mod p */
  mpz_mul(tmp, key->c, key->q);
  mpz_fdiv_r(tmp, tmp, key->p);
926
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
927
928
929
930
931
932
933
934
935

  /* Check ed = 1 (mod phi) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_sub_ui(tmp, key->q, 1);

  mpz_mul(phi, phi, tmp);

  mpz_mul(tmp, pub->e, key->d);
  mpz_fdiv_r(tmp, tmp, phi);
936
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
937
938
939
940
941

  /* Check a e = 1 (mod (p-1) ) */
  mpz_sub_ui(phi, key->p, 1);
  mpz_mul(tmp, pub->e, key->a);
  mpz_fdiv_r(tmp, tmp, phi);
942
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
943
944
945
946
947
  
  /* Check b e = 1 (mod (q-1) ) */
  mpz_sub_ui(phi, key->q, 1);
  mpz_mul(tmp, pub->e, key->b);
  mpz_fdiv_r(tmp, tmp, phi);
948
  ASSERT (mpz_cmp_ui(tmp, 1) == 0);
949
950
951
  
  mpz_clear(tmp); mpz_clear(phi);
}
Niels Möller's avatar
Niels Möller committed
952

953
954
955
956
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(key, hash, msg, signature)	\
  (hash##_update(&hash, LDATA(msg)),		\
   dsa_##hash##_verify(key, &hash, signature))
Niels Möller's avatar
Niels Möller committed
957
958

void
959
test_dsa160(const struct dsa_public_key *pub,
960
961
	    const struct dsa_private_key *key,
	    const struct dsa_signature *expected)
Niels Möller's avatar
Niels Möller committed
962
963
964
965
966
967
968
969
970
971
{
  struct sha1_ctx sha1;
  struct dsa_signature signature;
  struct knuth_lfib_ctx lfib;
  
  sha1_init(&sha1);
  dsa_signature_init(&signature);
  knuth_lfib_init(&lfib, 1111);
  
  sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
972
973
974
  ASSERT (dsa_sha1_sign(pub, key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&sha1, &signature));
975

Niels Möller's avatar
Niels Möller committed
976
977
  if (verbose)
    {
978
979
980
981
982
983
      fprintf(stderr, "dsa160 signature: ");
      mpz_out_str(stderr, 16, signature.r);
      fprintf(stderr, ", ");
      mpz_out_str(stderr, 16, signature.s);
      fprintf(stderr, "\n");
    }
984
985

  if (expected)
986
987
    ASSERT (mpz_cmp (signature.r, expected->r) == 0
	    && mpz_cmp (signature.s, expected->s) == 0);
988
989
  
  /* Try bad data */
990
991
992
  ASSERT (!DSA_VERIFY(pub, sha1,
		      "The magick words are squeamish ossifrage",
		      &signature));
993
994

  /* Try correct data */
995
996
997
  ASSERT (DSA_VERIFY(pub, sha1,
		     "The magic words are squeamish ossifrage",
		     &signature));
998
999
1000

  /* Try bad signature */
  mpz_togglebit(signature.r, 17);