CHECK_RETVAL \
static int selfTest( void )
{
CONTEXT_INFO contextInfo;
PKC_INFO contextData, *pkcInfo = &contextData;
int status;
/* Initialise the key components */
status = staticInitContext( &contextInfo, CONTEXT_PKC,
getDHCapability(), &contextData,
sizeof( PKC_INFO ), NULL );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_FAILED );
status = importBignum( &pkcInfo->dlpParam_p, dlpTestKey.p,
dlpTestKey.pLen, DLPPARAM_MIN_P,
DLPPARAM_MAX_P, NULL, KEYSIZE_CHECK_PKC );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_g, dlpTestKey.g,
dlpTestKey.gLen, DLPPARAM_MIN_G,
DLPPARAM_MAX_G, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_q, dlpTestKey.q,
dlpTestKey.qLen, DLPPARAM_MIN_Q,
DLPPARAM_MAX_Q, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_y, dlpTestKey.y,
dlpTestKey.yLen, DLPPARAM_MIN_Y,
DLPPARAM_MAX_Y, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_x, dlpTestKey.x,
dlpTestKey.xLen, DLPPARAM_MIN_X,
DLPPARAM_MAX_X, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusError( status ) )
{
staticDestroyContext( &contextInfo );
retIntError();
}
ENSURES( sanityCheckPKCInfo( pkcInfo ) );
/* Perform the test key exchange on a block of data */
status = contextInfo.capabilityInfo->initKeyFunction( &contextInfo, NULL, 0 );
if( cryptStatusOK( status ) && \
!pairwiseConsistencyTest( &contextInfo ) )
status = CRYPT_ERROR_FAILED;
/* Clean up */
staticDestroyContext( &contextInfo );
return( status );
}
CHECK_RETVAL \
static int selfTest( void )
{
CONTEXT_INFO contextInfo;
PKC_INFO contextData, *pkcInfo = &contextData;
const CAPABILITY_INFO *capabilityInfoPtr;
int status;
/* Initialise the key components */
status = staticInitContext( &contextInfo, CONTEXT_PKC,
getECDHCapability(), &contextData,
sizeof( PKC_INFO ), NULL );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_FAILED );
pkcInfo->curveType = CRYPT_ECCCURVE_P256;
status = importBignum( &pkcInfo->eccParam_qx, ecdhTestKey.qx,
ecdhTestKey.qxLen, ECCPARAM_MIN_QX,
ECCPARAM_MAX_QX, NULL, KEYSIZE_CHECK_ECC );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->eccParam_qy, ecdhTestKey.qy,
ecdhTestKey.qyLen, ECCPARAM_MIN_QY,
ECCPARAM_MAX_QY, NULL, KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->eccParam_d, ecdhTestKey.d,
ecdhTestKey.dLen, ECCPARAM_MIN_D,
ECCPARAM_MAX_D, NULL, KEYSIZE_CHECK_NONE );
if( cryptStatusError( status ) )
{
staticDestroyContext( &contextInfo );
retIntError();
}
capabilityInfoPtr = contextInfo.capabilityInfo;
/* Perform the test key exchange on a block of data */
status = capabilityInfoPtr->initKeyFunction( &contextInfo, NULL, 0 );
if( cryptStatusError( status ) || \
!pairwiseConsistencyTest( &contextInfo ) )
{
staticDestroyContext( &contextInfo );
return( CRYPT_ERROR_FAILED );
}
/* Clean up */
staticDestroyContext( &contextInfo );
return( CRYPT_OK );
}
static int initContext( INOUT CONTEXT_INFO *contextInfo,
INOUT PKC_INFO *pkcInfo )
{
int status;
assert( isWritePtr( contextInfo, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( pkcInfo, sizeof( PKC_INFO ) ) );
status = staticInitContext( contextInfo, CONTEXT_PKC,
getRSACapability(), pkcInfo,
sizeof( PKC_INFO ), NULL );
if( cryptStatusError( status ) )
return( status );
status = importBignum( &pkcInfo->rsaParam_n, rsaTestKey.n,
rsaTestKey.nLen, RSAPARAM_MIN_N,
RSAPARAM_MAX_N, NULL, KEYSIZE_CHECK_PKC );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_e, rsaTestKey.e,
rsaTestKey.eLen, RSAPARAM_MIN_E,
RSAPARAM_MAX_E, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_d, rsaTestKey.d,
rsaTestKey.dLen, RSAPARAM_MIN_D,
RSAPARAM_MAX_D, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_p, rsaTestKey.p,
rsaTestKey.pLen, RSAPARAM_MIN_P,
RSAPARAM_MAX_P, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_q, rsaTestKey.q,
rsaTestKey.qLen, RSAPARAM_MIN_Q,
RSAPARAM_MAX_Q, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_u, rsaTestKey.u,
rsaTestKey.uLen, RSAPARAM_MIN_U,
RSAPARAM_MAX_U, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_exponent1, rsaTestKey.e1,
rsaTestKey.e1Len, RSAPARAM_MIN_EXP1,
RSAPARAM_MAX_EXP1, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->rsaParam_exponent2, rsaTestKey.e2,
rsaTestKey.e2Len, RSAPARAM_MIN_EXP2,
RSAPARAM_MAX_EXP2, &pkcInfo->rsaParam_n,
KEYSIZE_CHECK_NONE );
return( status );
}
CHECK_RETVAL \
static int selfTest( void )
{
CONTEXT_INFO contextInfo;
PKC_INFO contextData, *pkcInfo = &contextData;
const CAPABILITY_INFO *capabilityInfoPtr;
DLP_PARAMS dlpParams;
BYTE buffer[ ( CRYPT_MAX_PKCSIZE * 2 ) + 32 + 8 ];
int status;
/* Initialise the key components */
status = staticInitContext( &contextInfo, CONTEXT_PKC,
getElgamalCapability(), &contextData,
sizeof( PKC_INFO ), NULL );
if( cryptStatusError( status ) )
return( status );
status = importBignum( &pkcInfo->dlpParam_p, dlpTestKey.p,
dlpTestKey.pLen, DLPPARAM_MIN_P,
DLPPARAM_MAX_P, NULL, KEYSIZE_CHECK_PKC );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_g, dlpTestKey.g,
dlpTestKey.gLen, DLPPARAM_MIN_G,
DLPPARAM_MAX_G, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_q, dlpTestKey.q,
dlpTestKey.qLen, DLPPARAM_MIN_Q,
DLPPARAM_MAX_Q, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_y, dlpTestKey.y,
dlpTestKey.yLen, DLPPARAM_MIN_Y,
DLPPARAM_MAX_Y, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_x, dlpTestKey.x,
dlpTestKey.xLen, DLPPARAM_MIN_X,
DLPPARAM_MAX_X, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusError( status ) )
{
staticDestroyContext( &contextInfo );
retIntError();
}
capabilityInfoPtr = contextInfo.capabilityInfo;
ENSURES( sanityCheckPKCInfo( pkcInfo ) );
/* Perform a test a sig generation/check and test en/decryption */
#if 0 /* See comment in sig.code */
memset( buffer, '*', 20 );
status = capabilityInfoPtr->signFunction( &contextInfoPtr, buffer, -1 );
if( !cryptStatusError( status ) )
{
memmove( buffer + 20, buffer, status );
memset( buffer, '*', 20 );
status = capabilityInfoPtr->sigCheckFunction( &contextInfoPtr,
buffer, 20 + status );
}
if( status != CRYPT_OK )
status = CRYPT_ERROR_FAILED;
#endif /* 0 */
status = capabilityInfoPtr->initKeyFunction( &contextInfo, NULL, 0 );
if( cryptStatusError( status ) || \
!pairwiseConsistencyTest( &contextInfo, FALSE ) )
{
staticDestroyContext( &contextInfo );
return( CRYPT_ERROR_FAILED );
}
/* Finally, make sure that the memory fault-detection is working */
pkcInfo->dlpParam_p.d[ 8 ] ^= 0x0011;
memset( buffer, 0, CRYPT_MAX_PKCSIZE );
memcpy( buffer + 1, "abcde", 5 );
setDLPParams( &dlpParams, buffer,
bitsToBytes( contextInfo.ctxPKC->keySizeBits ),
buffer, ( CRYPT_MAX_PKCSIZE * 2 ) + 32 );
status = capabilityInfoPtr->encryptFunction( &contextInfo,
( BYTE * ) &dlpParams, sizeof( DLP_PARAMS ) );
if( cryptStatusOK( status ) )
{
/* The fault-detection couldn't detect a bit-flip, there's a
problem */
staticDestroyContext( &contextInfo );
return( CRYPT_ERROR_FAILED );
}
/* Clean up */
staticDestroyContext( &contextInfo );
return( CRYPT_OK );
}
assert( isWritePtr( bignum, sizeof( BIGNUM ) ) );
assert( isReadPtr( hash, hashLength ) );
assert( isReadPtr( n, sizeof( BIGNUM ) ) );
REQUIRES( sanityCheckBignum( bignum ) );
REQUIRES( hashLength >= 20 && hashLength <= CRYPT_MAX_HASHSIZE );
REQUIRES( nLen >= 20 && nLen <= bytesToBits( CRYPT_MAX_PKCSIZE_ECC ) );
/* Convert the hash value into a bignum. We have to be careful when
we specify the bounds because, with increasingly smaller
probabilities, the leading bytes of the hash value may be zero.
The check used here gives one in 4 billion chance of a false
positive */
status = importBignum( bignum, hash, hashLength,
hashLength - 3, hashLength + 1, NULL,
KEYSIZE_CHECK_NONE );
if( cryptStatusError( status ) )
return( status );
/* Shift out any extra bits */
if( hLen > nLen )
{
CK( BN_rshift( bignum, bignum, hLen - nLen ) );
if( bnStatusError( bnStatus ) )
return( getBnStatus( bnStatus ) );
}
/* Make sure that the value really is smaller than the group order */
if( BN_cmp( bignum, n ) >= 0 )
{
CHECK_RETVAL_BOOL \
static BOOLEAN selfTestGeneralOps2( void )
{
BIGNUM a;
int status;
/* More complex tests that need higher-level routines like importBignum(),
run after the tests of components of importBignum() have concluded */
BN_init( &a );
#if BN_BITS2 == 64
status = importBignum( &a, "\x01\x00\x00\x00\x00\x00\x00\x00\x00", 9,
1, 128, NULL, KEYSIZE_CHECK_NONE );
#else
status = importBignum( &a, "\x01\x00\x00\x00\x00", 5, 1, 128, NULL,
KEYSIZE_CHECK_NONE );
#endif /* 64- vs 32-bit */
if( cryptStatusError( status ) )
return( FALSE );
if( BN_is_zero( &a ) || BN_is_one( &a ) )
return( FALSE );
if( BN_is_word( &a, 0 ) || BN_is_word( &a, 1 ) )
return( FALSE );
if( BN_is_odd( &a ) )
return( FALSE );
if( BN_get_word( &a ) != BN_NAN )
return( FALSE );
if( BN_num_bytes( &a ) != ( BN_BITS2 / 8 ) + 1 )
return( FALSE );
if( BN_num_bits( &a ) != BN_BITS2 + 1 )
return( FALSE );
if( !BN_is_bit_set( &a, BN_BITS2 ) )
return( FALSE );
if( BN_is_bit_set( &a, 17 ) || !BN_set_bit( &a, 17 ) || \
!BN_is_bit_set( &a, 17 ) )
return( FALSE );
#if BN_BITS2 == 64
status = importBignum( &a, "\x01\x00\x00\x00\x00\x00\x00\x00\x01", 9,
1, 128, NULL, KEYSIZE_CHECK_NONE );
#else
status = importBignum( &a, "\x01\x00\x00\x00\x01", 5, 1, 128, NULL,
KEYSIZE_CHECK_NONE );
#endif /* 64- vs 32-bit */
if( cryptStatusError( status ) )
return( FALSE );
if( BN_is_zero( &a ) || BN_is_one( &a ) )
return( FALSE );
if( BN_is_word( &a, 0 ) || BN_is_word( &a, 1 ) )
return( FALSE );
if( !BN_is_odd( &a ) )
return( FALSE );
if( BN_num_bytes( &a ) != ( BN_BITS2 / 8 ) + 1 )
return( FALSE );
if( BN_get_word( &a ) != BN_NAN )
return( FALSE );
if( BN_num_bits( &a ) != BN_BITS2 + 1 )
return( FALSE );
if( !BN_is_bit_set( &a, BN_BITS2 ) )
return( FALSE );
if( BN_is_bit_set( &a, BN_BITS2 + 27 ) || \
!BN_set_bit( &a, BN_BITS2 + 27 ) || \
!BN_is_bit_set( &a, BN_BITS2 + 27 ) )
return( FALSE );
/* Setting a bit off the end of a bignum extends its size, which is why
the following value doesn't match the one from a few lines earlier */
if( BN_num_bytes( &a ) != ( BN_BITS2 / 8 ) + 4 )
return( FALSE );
/* The bit index for indexing bits is zero-based (since 1 == 1 << 0) but
for counting bits is one-based, which is why the following comparison
looks wrong. Yet another one of OpenSSL's many booby-traps */
if( BN_num_bits( &a ) != BN_BITS2 + 28 )
return( FALSE );
BN_clear( &a );
return( TRUE );
}
