7 #include "knuth-lfib.h"
9 #include "nettle-internal.h"
14 /* -1 means invalid */
15 static const signed char hex_digits[0x100] =
17 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
18 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
19 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
20 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
21 -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
22 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
23 -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
24 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
25 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
26 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
27 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
28 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
29 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
30 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
31 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
32 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
36 die(const char *format, ...)
39 va_start(args, format);
41 gmp_vfprintf(stderr, format, args);
43 vfprintf(stderr, format, args);
53 void *p = malloc(size);
56 fprintf(stderr, "Virtual memory exhausted.\n");
63 static struct tstring *tstring_first = NULL;
66 tstring_alloc (unsigned length)
68 struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
70 s->next = tstring_first;
80 struct tstring *s = tstring_first;
81 tstring_first = s->next;
87 tstring_data(unsigned length, const char *data)
89 struct tstring *s = tstring_alloc (length);
90 memcpy (s->data, data, length);
95 decode_hex_length(const char *h)
97 const unsigned char *hex = (const unsigned char *) h;
101 for (count = i = 0; hex[i]; i++)
105 if (hex_digits[hex[i]] < 0)
116 decode_hex(uint8_t *dst, const char *h)
118 const unsigned char *hex = (const unsigned char *) h;
125 while (*hex && isspace(*hex))
131 high = hex_digits[*hex++];
134 while (*hex && isspace(*hex))
139 low = hex_digits[*hex++];
142 dst[i++] = (high << 4) | low;
147 tstring_hex(const char *hex)
150 unsigned length = decode_hex_length(hex);
152 s = tstring_alloc(length);
154 decode_hex(s->data, hex);
159 tstring_print_hex(const struct tstring *s)
161 print_hex (s->length, s->data);
165 print_hex(unsigned length, const uint8_t *data)
169 for (i = 0; i < length; i++)
182 printf("%02x", data[i]);
190 main(int argc, char **argv)
194 if (argc == 2 && !strcmp(argv[1], "-v"))
198 fprintf(stderr, "Invalid argument `%s', only accepted option is `-v'.\n",
211 test_cipher(const struct nettle_cipher *cipher,
212 const struct tstring *key,
213 const struct tstring *cleartext,
214 const struct tstring *ciphertext)
216 void *ctx = xalloc(cipher->context_size);
217 uint8_t *data = xalloc(cleartext->length);
219 ASSERT (cleartext->length == ciphertext->length);
220 length = cleartext->length;
222 cipher->set_encrypt_key(ctx, key->length, key->data);
223 cipher->encrypt(ctx, length, data, cleartext->data);
225 if (!MEMEQ(length, data, ciphertext->data))
227 fprintf(stderr, "Encrypt failed:\nInput:");
228 tstring_print_hex(cleartext);
229 fprintf(stderr, "\nOutput: ");
230 print_hex(length, data);
231 fprintf(stderr, "\nExpected:");
232 tstring_print_hex(ciphertext);
233 fprintf(stderr, "\n");
236 cipher->set_decrypt_key(ctx, key->length, key->data);
237 cipher->decrypt(ctx, length, data, data);
239 if (!MEMEQ(length, data, cleartext->data))
241 fprintf(stderr, "Decrypt failed:\nInput:");
242 tstring_print_hex(ciphertext);
243 fprintf(stderr, "\nOutput: ");
244 print_hex(length, data);
245 fprintf(stderr, "\nExpected:");
246 tstring_print_hex(cleartext);
247 fprintf(stderr, "\n");
256 test_cipher_cbc(const struct nettle_cipher *cipher,
257 const struct tstring *key,
258 const struct tstring *cleartext,
259 const struct tstring *ciphertext,
260 const struct tstring *iiv)
262 void *ctx = xalloc(cipher->context_size);
264 uint8_t *iv = xalloc(cipher->block_size);
267 ASSERT (cleartext->length == ciphertext->length);
268 length = cleartext->length;
270 ASSERT (iiv->length == cipher->block_size);
272 data = xalloc(length);
273 cipher->set_encrypt_key(ctx, key->length, key->data);
274 memcpy(iv, iiv->data, cipher->block_size);
276 cbc_encrypt(ctx, cipher->encrypt,
277 cipher->block_size, iv,
278 length, data, cleartext->data);
280 if (!MEMEQ(length, data, ciphertext->data))
282 fprintf(stderr, "CBC encrypt failed:\nInput:");
283 tstring_print_hex(cleartext);
284 fprintf(stderr, "\nOutput: ");
285 print_hex(length, data);
286 fprintf(stderr, "\nExpected:");
287 tstring_print_hex(ciphertext);
288 fprintf(stderr, "\n");
291 cipher->set_decrypt_key(ctx, key->length, key->data);
292 memcpy(iv, iiv->data, cipher->block_size);
294 cbc_decrypt(ctx, cipher->decrypt,
295 cipher->block_size, iv,
298 if (!MEMEQ(length, data, cleartext->data))
300 fprintf(stderr, "CBC decrypt failed:\nInput:");
301 tstring_print_hex(ciphertext);
302 fprintf(stderr, "\nOutput: ");
303 print_hex(length, data);
304 fprintf(stderr, "\nExpected:");
305 tstring_print_hex(cleartext);
306 fprintf(stderr, "\n");
316 test_cipher_ctr(const struct nettle_cipher *cipher,
317 const struct tstring *key,
318 const struct tstring *cleartext,
319 const struct tstring *ciphertext,
320 const struct tstring *ictr)
322 void *ctx = xalloc(cipher->context_size);
324 uint8_t *ctr = xalloc(cipher->block_size);
325 uint8_t *octr = xalloc(cipher->block_size);
327 unsigned low, nblocks;
329 ASSERT (cleartext->length == ciphertext->length);
330 length = cleartext->length;
332 ASSERT (ictr->length == cipher->block_size);
334 /* Compute expected counter value after the operation. */
335 nblocks = (length + cipher->block_size - 1) / cipher->block_size;
336 ASSERT (nblocks < 0x100);
338 memcpy (octr, ictr->data, cipher->block_size - 1);
339 low = ictr->data[cipher->block_size - 1] + nblocks;
340 octr[cipher->block_size - 1] = low;
343 INCREMENT (cipher->block_size - 1, octr);
345 data = xalloc(length);
347 cipher->set_encrypt_key(ctx, key->length, key->data);
348 memcpy(ctr, ictr->data, cipher->block_size);
350 ctr_crypt(ctx, cipher->encrypt,
351 cipher->block_size, ctr,
352 length, data, cleartext->data);
354 if (!MEMEQ(length, data, ciphertext->data))
356 fprintf(stderr, "CTR encrypt failed:\nInput:");
357 tstring_print_hex(cleartext);
358 fprintf(stderr, "\nOutput: ");
359 print_hex(length, data);
360 fprintf(stderr, "\nExpected:");
361 tstring_print_hex(ciphertext);
362 fprintf(stderr, "\n");
366 ASSERT (MEMEQ (cipher->block_size, ctr, octr));
368 memcpy(ctr, ictr->data, cipher->block_size);
370 ctr_crypt(ctx, cipher->encrypt,
371 cipher->block_size, ctr,
374 if (!MEMEQ(length, data, cleartext->data))
376 fprintf(stderr, "CTR decrypt failed:\nInput:");
377 tstring_print_hex(ciphertext);
378 fprintf(stderr, "\nOutput: ");
379 print_hex(length, data);
380 fprintf(stderr, "\nExpected:");
381 tstring_print_hex(cleartext);
382 fprintf(stderr, "\n");
386 ASSERT (MEMEQ (cipher->block_size, ctr, octr));
395 test_cipher_stream(const struct nettle_cipher *cipher,
396 const struct tstring *key,
397 const struct tstring *cleartext,
398 const struct tstring *ciphertext)
402 void *ctx = xalloc(cipher->context_size);
406 ASSERT (cleartext->length == ciphertext->length);
407 length = cleartext->length;
409 data = xalloc(length + 1);
411 for (block = 1; block <= length; block++)
415 memset(data, 0x17, length + 1);
416 cipher->set_encrypt_key(ctx, key->length, key->data);
418 for (i = 0; i + block < length; i += block)
420 cipher->encrypt(ctx, block, data + i, cleartext->data + i);
421 ASSERT (data[i + block] == 0x17);
424 cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
425 ASSERT (data[length] == 0x17);
427 if (!MEMEQ(length, data, ciphertext->data))
429 fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
430 tstring_print_hex(cleartext);
431 fprintf(stderr, "\nOutput: ");
432 print_hex(length, data);
433 fprintf(stderr, "\nExpected:");
434 tstring_print_hex(ciphertext);
435 fprintf(stderr, "\n");
440 cipher->set_decrypt_key(ctx, key->length, key->data);
441 cipher->decrypt(ctx, length, data, data);
443 ASSERT (data[length] == 0x17);
445 if (!MEMEQ(length, data, cleartext->data))
447 fprintf(stderr, "Decrypt failed\nInput:");
448 tstring_print_hex(ciphertext);
449 fprintf(stderr, "\nOutput: ");
450 print_hex(length, data);
451 fprintf(stderr, "\nExpected:");
452 tstring_print_hex(cleartext);
453 fprintf(stderr, "\n");
462 test_aead(const struct nettle_aead *aead,
463 const struct tstring *key,
464 const struct tstring *authtext,
465 const struct tstring *cleartext,
466 const struct tstring *ciphertext,
467 const struct tstring *iv,
468 const struct tstring *digest)
470 void *ctx = xalloc(aead->context_size);
472 uint8_t *buffer = xalloc(aead->block_size);
475 ASSERT (cleartext->length == ciphertext->length);
476 length = cleartext->length;
478 ASSERT (digest->length == aead->block_size);
480 data = xalloc(length);
483 memset(buffer, 0, aead->block_size);
484 aead->set_key(ctx, key->length, key->data);
486 aead->set_iv(ctx, iv->length, iv->data);
488 if (authtext->length)
489 aead->update(ctx, authtext->length, authtext->data);
492 aead->encrypt(ctx, length, data, cleartext->data);
494 aead->digest(ctx, aead->block_size, buffer);
496 ASSERT(MEMEQ(length, data, ciphertext->data));
497 ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
500 memset(buffer, 0, aead->block_size);
501 aead->set_iv(ctx, iv->length, iv->data);
503 if (authtext->length)
504 aead->update(ctx, authtext->length, authtext->data);
507 aead->decrypt(ctx, length, data, data);
509 aead->digest(ctx, aead->block_size, buffer);
511 ASSERT(MEMEQ(length, data, cleartext->data));
512 ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
520 test_hash(const struct nettle_hash *hash,
521 const struct tstring *msg,
522 const struct tstring *digest)
524 void *ctx = xalloc(hash->context_size);
525 uint8_t *buffer = xalloc(hash->digest_size);
529 ASSERT (digest->length == hash->digest_size);
532 hash->update(ctx, msg->length, msg->data);
533 hash->digest(ctx, hash->digest_size, buffer);
535 if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
537 fprintf(stdout, "\nGot:\n");
538 print_hex(hash->digest_size, buffer);
539 fprintf(stdout, "\nExpected:\n");
540 print_hex(hash->digest_size, digest->data);
544 memset(buffer, 0, hash->digest_size);
547 hash->update(ctx, msg->length, msg->data);
548 hash->digest(ctx, hash->digest_size - 1, buffer);
550 ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
552 ASSERT(buffer[hash->digest_size - 1] == 0);
554 input = xalloc (msg->length + 16);
555 for (offset = 0; offset < 16; offset++)
557 memset (input, 0, msg->length + 16);
558 memcpy (input + offset, msg->data, msg->length);
559 hash->update (ctx, msg->length, input + offset);
560 hash->digest (ctx, hash->digest_size, buffer);
561 if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
563 fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
564 print_hex(hash->digest_size, buffer);
565 fprintf(stdout, "\nExpected:\n");
566 print_hex(hash->digest_size, digest->data);
576 test_hash_large(const struct nettle_hash *hash,
577 unsigned count, unsigned length,
579 const struct tstring *digest)
581 void *ctx = xalloc(hash->context_size);
582 uint8_t *buffer = xalloc(hash->digest_size);
583 uint8_t *data = xalloc(length);
586 ASSERT (digest->length == hash->digest_size);
588 memset(data, c, length);
591 for (i = 0; i < count; i++)
592 hash->update(ctx, length, data);
593 hash->digest(ctx, hash->digest_size, buffer);
595 print_hex(hash->digest_size, buffer);
597 ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
605 test_armor(const struct nettle_armor *armor,
606 unsigned data_length,
608 const uint8_t *ascii)
610 unsigned ascii_length = strlen(ascii);
611 uint8_t *buffer = xalloc(1 + ascii_length);
612 uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
613 void *encode = xalloc(armor->encode_context_size);
614 void *decode = xalloc(armor->decode_context_size);
618 <= (armor->encode_length(data_length) + armor->encode_final_length));
619 ASSERT(data_length <= armor->decode_length(ascii_length));
621 memset(buffer, 0x33, 1 + ascii_length);
622 memset(check, 0x55, 1 + data_length);
624 armor->encode_init(encode);
626 done = armor->encode_update(encode, buffer, data_length, data);
627 done += armor->encode_final(encode, buffer + done);
628 ASSERT(done == ascii_length);
630 ASSERT (MEMEQ(ascii_length, buffer, ascii));
631 ASSERT (0x33 == buffer[strlen(ascii)]);
633 armor->decode_init(decode);
634 done = armor->decode_length(ascii_length);
636 ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
637 ASSERT(done == data_length);
638 ASSERT(armor->decode_final(decode));
640 ASSERT (MEMEQ(data_length, check, data));
641 ASSERT (0x55 == check[data_length]);
650 /* Missing in current gmp */
652 mpz_togglebit (mpz_t x, unsigned long int bit)
654 if (mpz_tstbit(x, bit))
659 #endif /* HAVE_LIBGMP */
664 xalloc_limbs (mp_size_t n)
666 return xalloc (n * sizeof (mp_limb_t));
669 #define SIGN(key, hash, msg, signature) do { \
670 hash##_update(&hash, LDATA(msg)); \
671 ASSERT(rsa_##hash##_sign(key, &hash, signature)); \
674 #define VERIFY(key, hash, msg, signature) ( \
675 hash##_update(&hash, LDATA(msg)), \
676 rsa_##hash##_verify(key, &hash, signature) \
680 test_rsa_set_key_1(struct rsa_public_key *pub,
681 struct rsa_private_key *key)
683 /* Initialize key pair for test programs */
684 /* 1000-bit key, generated by
686 * lsh-keygen -a rsa -l 1000 -f advanced-hex
688 * (private-key (rsa-pkcs1
689 * (n #69abd505285af665 36ddc7c8f027e6f0 ed435d6748b16088
690 * 4fd60842b3a8d7fb bd8a3c98f0cc50ae 4f6a9f7dd73122cc
691 * ec8afa3f77134406 f53721973115fc2d 8cfbba23b145f28d
692 * 84f81d3b6ae8ce1e 2850580c026e809b cfbb52566ea3a3b3
693 * df7edf52971872a7 e35c1451b8636d22 279a8fb299368238
696 * (d #3240a56f4cd0dcc2 4a413eb4ea545259 5c83d771a1c2ba7b
697 * ec47c5b43eb4b374 09bd2aa1e236dd86 481eb1768811412f
698 * f8d91be3545912af b55c014cb55ceac6 54216af3b85d5c4f
699 * 4a32894e3b5dfcde 5b2875aa4dc8d9a8 6afd0ca92ef50d35
700 * bd09f1c47efb4c8d c631e07698d362aa 4a83fd304e66d6c5
702 * (p #0a66399919be4b4d e5a78c5ea5c85bf9 aba8c013cb4a8732
703 * 14557a12bd67711e bb4073fd39ad9a86 f4e80253ad809e5b
704 * f2fad3bc37f6f013 273c9552c9f489#)
705 * (q #0a294f069f118625 f5eae2538db9338c 776a298eae953329
706 * 9fd1eed4eba04e82 b2593bc98ba8db27 de034da7daaea795
707 * 2d55b07b5f9a5875 d1ca5f6dcab897#)
708 * (a #011b6c48eb592eee e85d1bb35cfb6e07 344ea0b5e5f03a28
709 * 5b405396cbc78c5c 868e961db160ba8d 4b984250930cf79a
710 * 1bf8a9f28963de53 128aa7d690eb87#)
711 * (b #0409ecf3d2557c88 214f1af5e1f17853 d8b2d63782fa5628
712 * 60cf579b0833b7ff 5c0529f2a97c6452 2fa1a8878a9635ab
713 * ce56debf431bdec2 70b308fa5bf387#)
714 * (c #04e103ee925cb5e6 6653949fa5e1a462 c9e65e1adcd60058
715 * e2df9607cee95fa8 daec7a389a7d9afc 8dd21fef9d83805a
716 * 40d46f49676a2f6b 2926f70c572c00#)))
720 "69abd505285af665" "36ddc7c8f027e6f0" "ed435d6748b16088"
721 "4fd60842b3a8d7fb" "bd8a3c98f0cc50ae" "4f6a9f7dd73122cc"
722 "ec8afa3f77134406" "f53721973115fc2d" "8cfbba23b145f28d"
723 "84f81d3b6ae8ce1e" "2850580c026e809b" "cfbb52566ea3a3b3"
724 "df7edf52971872a7" "e35c1451b8636d22" "279a8fb299368238"
726 mpz_set_str(pub->e, "0db2ad57", 16);
728 ASSERT (rsa_public_key_prepare(pub));
733 "3240a56f4cd0dcc2" "4a413eb4ea545259" "5c83d771a1c2ba7b"
734 "ec47c5b43eb4b374" "09bd2aa1e236dd86" "481eb1768811412f"
735 "f8d91be3545912af" "b55c014cb55ceac6" "54216af3b85d5c4f"
736 "4a32894e3b5dfcde" "5b2875aa4dc8d9a8" "6afd0ca92ef50d35"
737 "bd09f1c47efb4c8d" "c631e07698d362aa" "4a83fd304e66d6c5"
742 "0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
743 "14557a12bd67711e" "bb4073fd39ad9a86" "f4e80253ad809e5b"
744 "f2fad3bc37f6f013" "273c9552c9f489", 16);
747 "0a294f069f118625" "f5eae2538db9338c" "776a298eae953329"
748 "9fd1eed4eba04e82" "b2593bc98ba8db27" "de034da7daaea795"
749 "2d55b07b5f9a5875" "d1ca5f6dcab897", 16);
752 "011b6c48eb592eee" "e85d1bb35cfb6e07" "344ea0b5e5f03a28"
753 "5b405396cbc78c5c" "868e961db160ba8d" "4b984250930cf79a"
754 "1bf8a9f28963de53" "128aa7d690eb87", 16);
757 "0409ecf3d2557c88" "214f1af5e1f17853" "d8b2d63782fa5628"
758 "60cf579b0833b7ff" "5c0529f2a97c6452" "2fa1a8878a9635ab"
759 "ce56debf431bdec2" "70b308fa5bf387", 16);
762 "04e103ee925cb5e6" "6653949fa5e1a462" "c9e65e1adcd60058"
763 "e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
764 "40d46f49676a2f6b" "2926f70c572c00", 16);
766 ASSERT (rsa_private_key_prepare(key));
767 ASSERT (pub->size == key->size);
771 test_rsa_md5(struct rsa_public_key *pub,
772 struct rsa_private_key *key,
781 SIGN(key, md5, "The magic words are squeamish ossifrage", signature);
785 fprintf(stderr, "rsa-md5 signature: ");
786 mpz_out_str(stderr, 16, signature);
787 fprintf(stderr, "\n");
790 ASSERT (mpz_cmp(signature, expected) == 0);
793 ASSERT (!VERIFY(pub, md5,
794 "The magick words are squeamish ossifrage", signature));
796 /* Try correct data */
797 ASSERT (VERIFY(pub, md5,
798 "The magic words are squeamish ossifrage", signature));
800 /* Try bad signature */
801 mpz_togglebit(signature, 17);
802 ASSERT (!VERIFY(pub, md5,
803 "The magic words are squeamish ossifrage", signature));
805 mpz_clear(signature);
809 test_rsa_sha1(struct rsa_public_key *pub,
810 struct rsa_private_key *key,
813 struct sha1_ctx sha1;
819 SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);
823 fprintf(stderr, "rsa-sha1 signature: ");
824 mpz_out_str(stderr, 16, signature);
825 fprintf(stderr, "\n");
828 ASSERT (mpz_cmp(signature, expected) == 0);
831 ASSERT (!VERIFY(pub, sha1,
832 "The magick words are squeamish ossifrage", signature));
834 /* Try correct data */
835 ASSERT (VERIFY(pub, sha1,
836 "The magic words are squeamish ossifrage", signature));
838 /* Try bad signature */
839 mpz_togglebit(signature, 17);
840 ASSERT (!VERIFY(pub, sha1,
841 "The magic words are squeamish ossifrage", signature));
843 mpz_clear(signature);
847 test_rsa_sha256(struct rsa_public_key *pub,
848 struct rsa_private_key *key,
851 struct sha256_ctx sha256;
854 sha256_init(&sha256);
857 SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);
861 fprintf(stderr, "rsa-sha256 signature: ");
862 mpz_out_str(stderr, 16, signature);
863 fprintf(stderr, "\n");
866 ASSERT (mpz_cmp(signature, expected) == 0);
869 ASSERT (!VERIFY(pub, sha256,
870 "The magick words are squeamish ossifrage", signature));
872 /* Try correct data */
873 ASSERT (VERIFY(pub, sha256,
874 "The magic words are squeamish ossifrage", signature));
876 /* Try bad signature */
877 mpz_togglebit(signature, 17);
878 ASSERT (!VERIFY(pub, sha256,
879 "The magic words are squeamish ossifrage", signature));
881 mpz_clear(signature);
885 test_rsa_sha512(struct rsa_public_key *pub,
886 struct rsa_private_key *key,
889 struct sha512_ctx sha512;
892 sha512_init(&sha512);
895 SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);
899 fprintf(stderr, "rsa-sha512 signature: ");
900 mpz_out_str(stderr, 16, signature);
901 fprintf(stderr, "\n");
904 ASSERT (mpz_cmp(signature, expected) == 0);
907 ASSERT (!VERIFY(pub, sha512,
908 "The magick words are squeamish ossifrage", signature));
910 /* Try correct data */
911 ASSERT (VERIFY(pub, sha512,
912 "The magic words are squeamish ossifrage", signature));
914 /* Try bad signature */
915 mpz_togglebit(signature, 17);
916 ASSERT (!VERIFY(pub, sha512,
917 "The magic words are squeamish ossifrage", signature));
919 mpz_clear(signature);
926 test_rsa_key(struct rsa_public_key *pub,
927 struct rsa_private_key *key)
932 mpz_init(tmp); mpz_init(phi);
936 /* FIXME: Use gmp_printf */
937 fprintf(stderr, "Public key: n=");
938 mpz_out_str(stderr, 16, pub->n);
939 fprintf(stderr, "\n e=");
940 mpz_out_str(stderr, 16, pub->e);
942 fprintf(stderr, "\n\nPrivate key: d=");
943 mpz_out_str(stderr, 16, key->d);
944 fprintf(stderr, "\n p=");
945 mpz_out_str(stderr, 16, key->p);
946 fprintf(stderr, "\n q=");
947 mpz_out_str(stderr, 16, key->q);
948 fprintf(stderr, "\n a=");
949 mpz_out_str(stderr, 16, key->a);
950 fprintf(stderr, "\n b=");
951 mpz_out_str(stderr, 16, key->b);
952 fprintf(stderr, "\n c=");
953 mpz_out_str(stderr, 16, key->c);
954 fprintf(stderr, "\n\n");
958 mpz_mul(tmp, key->p, key->q);
959 ASSERT (mpz_cmp(tmp, pub->n)== 0);
961 /* Check c q = 1 mod p */
962 mpz_mul(tmp, key->c, key->q);
963 mpz_fdiv_r(tmp, tmp, key->p);
964 ASSERT (mpz_cmp_ui(tmp, 1) == 0);
966 /* Check ed = 1 (mod phi) */
967 mpz_sub_ui(phi, key->p, 1);
968 mpz_sub_ui(tmp, key->q, 1);
970 mpz_mul(phi, phi, tmp);
972 mpz_mul(tmp, pub->e, key->d);
973 mpz_fdiv_r(tmp, tmp, phi);
974 ASSERT (mpz_cmp_ui(tmp, 1) == 0);
976 /* Check a e = 1 (mod (p-1) ) */
977 mpz_sub_ui(phi, key->p, 1);
978 mpz_mul(tmp, pub->e, key->a);
979 mpz_fdiv_r(tmp, tmp, phi);
980 ASSERT (mpz_cmp_ui(tmp, 1) == 0);
982 /* Check b e = 1 (mod (q-1) ) */
983 mpz_sub_ui(phi, key->q, 1);
984 mpz_mul(tmp, pub->e, key->b);
985 mpz_fdiv_r(tmp, tmp, phi);
986 ASSERT (mpz_cmp_ui(tmp, 1) == 0);
988 mpz_clear(tmp); mpz_clear(phi);
991 /* Requires that the context is named like the hash algorithm. */
992 #define DSA_VERIFY(key, hash, msg, signature) \
993 (hash##_update(&hash, LDATA(msg)), \
994 dsa_##hash##_verify(key, &hash, signature))
997 test_dsa160(const struct dsa_public_key *pub,
998 const struct dsa_private_key *key,
999 const struct dsa_signature *expected)
1001 struct sha1_ctx sha1;
1002 struct dsa_signature signature;
1003 struct knuth_lfib_ctx lfib;
1006 dsa_signature_init(&signature);
1007 knuth_lfib_init(&lfib, 1111);
1009 sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
1010 ASSERT (dsa_sha1_sign(pub, key,
1011 &lfib, (nettle_random_func *) knuth_lfib_random,
1012 &sha1, &signature));
1016 fprintf(stderr, "dsa160 signature: ");
1017 mpz_out_str(stderr, 16, signature.r);
1018 fprintf(stderr, ", ");
1019 mpz_out_str(stderr, 16, signature.s);
1020 fprintf(stderr, "\n");
1024 ASSERT (mpz_cmp (signature.r, expected->r) == 0
1025 && mpz_cmp (signature.s, expected->s) == 0);
1028 ASSERT (!DSA_VERIFY(pub, sha1,
1029 "The magick words are squeamish ossifrage",
1032 /* Try correct data */
1033 ASSERT (DSA_VERIFY(pub, sha1,
1034 "The magic words are squeamish ossifrage",
1037 /* Try bad signature */
1038 mpz_togglebit(signature.r, 17);
1039 ASSERT (!DSA_VERIFY(pub, sha1,
1040 "The magic words are squeamish ossifrage",
1043 dsa_signature_clear(&signature);
1047 test_dsa256(const struct dsa_public_key *pub,
1048 const struct dsa_private_key *key,
1049 const struct dsa_signature *expected)
1051 struct sha256_ctx sha256;
1052 struct dsa_signature signature;
1053 struct knuth_lfib_ctx lfib;
1055 sha256_init(&sha256);
1056 dsa_signature_init(&signature);
1057 knuth_lfib_init(&lfib, 1111);
1059 sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
1060 ASSERT (dsa_sha256_sign(pub, key,
1061 &lfib, (nettle_random_func *) knuth_lfib_random,
1062 &sha256, &signature));
1066 fprintf(stderr, "dsa256 signature: ");
1067 mpz_out_str(stderr, 16, signature.r);
1068 fprintf(stderr, ", ");
1069 mpz_out_str(stderr, 16, signature.s);
1070 fprintf(stderr, "\n");
1074 ASSERT (mpz_cmp (signature.r, expected->r) == 0
1075 && mpz_cmp (signature.s, expected->s) == 0);
1078 ASSERT (!DSA_VERIFY(pub, sha256,
1079 "The magick words are squeamish ossifrage",
1082 /* Try correct data */
1083 ASSERT (DSA_VERIFY(pub, sha256,
1084 "The magic words are squeamish ossifrage",
1087 /* Try bad signature */
1088 mpz_togglebit(signature.r, 17);
1089 ASSERT (!DSA_VERIFY(pub, sha256,
1090 "The magic words are squeamish ossifrage",
1093 dsa_signature_clear(&signature);
1097 test_dsa_key(struct dsa_public_key *pub,
1098 struct dsa_private_key *key,
1105 ASSERT(mpz_sizeinbase(pub->q, 2) == q_size);
1106 ASSERT(mpz_sizeinbase(pub->p, 2) >= DSA_SHA1_MIN_P_BITS);
1108 ASSERT(mpz_probab_prime_p(pub->p, 10));
1110 ASSERT(mpz_probab_prime_p(pub->q, 10));
1112 mpz_fdiv_r(t, pub->p, pub->q);
1114 ASSERT(0 == mpz_cmp_ui(t, 1));
1116 ASSERT(mpz_cmp_ui(pub->g, 1) > 0);
1118 mpz_powm(t, pub->g, pub->q, pub->p);
1119 ASSERT(0 == mpz_cmp_ui(t, 1));
1121 mpz_powm(t, pub->g, key->x, pub->p);
1122 ASSERT(0 == mpz_cmp(t, pub->y));
1127 const struct ecc_curve * const ecc_curves[] = {
1137 test_mpn (const char *ref, const mp_limb_t *xp, mp_size_t n)
1142 mpz_init_set_str (r, ref, 16);
1143 while (n > 0 && xp[n-1] == 0)
1146 res = (mpz_limbs_cmp (r, xp, n) == 0);
1151 struct ecc_ref_point
1158 test_ecc_point (const struct ecc_curve *ecc,
1159 const struct ecc_ref_point *ref,
1162 if (! (test_mpn (ref->x, p, ecc->size)
1163 && test_mpn (ref->y, p + ecc->size, ecc->size) ))
1165 gmp_fprintf (stderr, "Incorrect point!\n"
1170 p, ecc->size, p + ecc->size, ecc->size,
1177 test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
1179 /* For each curve, the points 2 g, 3 g and 4 g */
1180 static const struct ecc_ref_point ref[5][3] = {
1181 { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
1182 "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
1183 { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
1184 "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
1185 { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
1186 "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
1188 { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
1189 "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
1190 { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
1191 "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
1192 { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
1193 "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
1195 { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
1196 "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
1197 { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
1198 "8734640c4998ff7e374b06ce1a64a2ecd82ab036384fb83d9a79b127a27d5032" },
1199 { "e2534a3532d08fbba02dde659ee62bd0031fe2db785596ef509302446b030852",
1200 "e0f1575a4c633cc719dfee5fda862d764efc96c3f30ee0055c42c23f184ed8c6" },
1202 { { "8d999057ba3d2d969260045c55b97f089025959a6f434d651d207d19fb96e9e"
1203 "4fe0e86ebe0e64f85b96a9c75295df61",
1204 "8e80f1fa5b1b3cedb7bfe8dffd6dba74b275d875bc6cc43e904e505f256ab425"
1205 "5ffd43e94d39e22d61501e700a940e80" },
1206 { "77a41d4606ffa1464793c7e5fdc7d98cb9d3910202dcd06bea4f240d3566da6"
1207 "b408bbae5026580d02d7e5c70500c831",
1208 "c995f7ca0b0c42837d0bbe9602a9fc998520b41c85115aa5f7684c0edc111eac"
1209 "c24abd6be4b5d298b65f28600a2f1df1" },
1210 { "138251cd52ac9298c1c8aad977321deb97e709bd0b4ca0aca55dc8ad51dcfc9d"
1211 "1589a1597e3a5120e1efd631c63e1835",
1212 "cacae29869a62e1631e8a28181ab56616dc45d918abc09f3ab0e63cf792aa4dc"
1213 "ed7387be37bba569549f1c02b270ed67" },
1216 "3c219024277e7e682fcb288148c282747403279b1ccc06352c6e5505d769be97"
1217 "b3b204da6ef55507aa104a3a35c5af41cf2fa364d60fd967f43e3933ba6d783d",
1219 "bb8cc7f86db26700a7f3eceeeed3f0b5c6b5107c4da97740ab21a29906c42dbb"
1220 "b3e377de9f251f6b93937fa99a3248f4eafcbe95edc0f4f71be356d661f41b02"
1223 "3d352443de29195dd91d6a64b5959479b52a6e5b123d9ab9e5ad7a112d7a8dd1"
1224 "ad3f164a3a4832051da6bd16b59fe21baeb490862c32ea05a5919d2ede37ad7d",
1226 "9b03b97dfa62ddd9979f86c6cab814f2f1557fa82a9d0317d2f8ab1fa355ceec"
1227 "2e2dd4cf8dc575b02d5aced1dec3c70cf105c9bc93a590425f588ca1ee86c0e5" },
1229 "b5df64ae2ac204c354b483487c9070cdc61c891c5ff39afc06c5d55541d3ceac"
1230 "8659e24afe3d0750e8b88e9f078af066a1d5025b08e5a5e2fbc87412871902f3",
1232 "096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f2"
1233 "79f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d" },
1237 assert (n >= 2 && n <= 4);
1238 test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
1242 test_ecc_mul_j (unsigned curve, unsigned n, const mp_limb_t *p)
1244 const struct ecc_curve *ecc = ecc_curves[curve];
1245 mp_limb_t *np = xalloc_limbs (ecc_size_a (ecc));
1246 mp_limb_t *scratch = xalloc_limbs (ecc_j_to_a_itch(ecc));
1247 ecc_j_to_a (ecc, 1, np, p, scratch);
1249 test_ecc_mul_a (curve, n, np);
1255 #endif /* WITH_HOGWEED */