static void
test_fuzz(void)
{
/* Fuzz a round-trip through both encoder and decoder */
struct base64_encode_ctx encode;
struct base64_decode_ctx decode;
unsigned i;
size_t length;
uint8_t input[1024];
struct knuth_lfib_ctx rand_ctx;
knuth_lfib_init(&rand_ctx, 39854);
for (i = 0; i < 10000; i++)
{
length = i % sizeof(input);
/* length could be 0, which is fine we need to test that case too */
knuth_lfib_random(&rand_ctx, length, input);
base64_encode_init(&encode);
base64_decode_init(&decode);
test_fuzz_once(&encode, &decode, length, input);
base64url_encode_init(&encode);
base64url_decode_init(&decode);
test_fuzz_once(&encode, &decode, length, input);
}
}
static void
test_cfb8_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CFB8_BULK_DATA];
uint8_t cipher[CFB8_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("f84bfd48206f5803 6ef86f4e69e9aec0");
struct CFB8_CTX(struct aes256_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CFB8_BULK_DATA);
knuth_lfib_random(&random, CFB8_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CFB8_BULK_DATA] = 17;
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_ENCRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, clear);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_DECRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, cipher);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CFB8_BULK_DATA, clear, cipher));
}
static void
test_cbc_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CBC_BULK_DATA];
uint8_t cipher[CBC_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5");
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CBC_BULK_DATA);
knuth_lfib_random(&random, CBC_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CBC_BULK_DATA] = 17;
aes_set_encrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes_set_decrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
}
void
test_main(void)
{
uint8_t src[MAX_SIZE];
uint8_t dst[MAX_SIZE];
uint8_t res[MAX_SIZE];
struct knuth_lfib_ctx random_ctx;
knuth_lfib_init (&random_ctx, 11);
size_t size;
for (size = 1; size < 50; size++)
{
knuth_lfib_random (&random_ctx, size, src);
knuth_lfib_random (&random_ctx, size, dst);
memcpy (res, dst, size);
cnd_memcpy_for_test (0, res, src, size);
ASSERT (memcmp (res, dst, size) == 0);
cnd_memcpy_for_test (1, res, src, size);
ASSERT (memcmp (res, src, size) == 0);
}
}
static void
bench_curve25519 (void)
{
double mul_g;
double mul;
struct knuth_lfib_ctx lfib;
struct curve25519_ctx ctx;
knuth_lfib_init (&lfib, 2);
knuth_lfib_random (&lfib, sizeof(ctx.s), ctx.s);
curve25519_mul_g (ctx.x, ctx.s);
mul_g = time_function (bench_curve25519_mul_g, &ctx);
mul = time_function (bench_curve25519_mul, &ctx);
printf("%16s %4d %9.4f %9.4f\n",
"curve25519", 255, 1e-3/mul_g, 1e-3/mul);
}
int
main(int argc, char **argv)
{
struct knuth_lfib_ctx ctx;
uint32_t seed;
if (argc == 1)
seed = time(NULL);
else if (argc == 2)
{
seed = atoi(argv[1]);
if (!seed)
{
usage();
return EXIT_FAILURE;
}
}
else
{
usage();
return EXIT_FAILURE;
}
knuth_lfib_init(&ctx, seed);
for (;;)
{
char buffer[BUFSIZE];
knuth_lfib_random(&ctx, BUFSIZE, buffer);
if (fwrite(buffer, 1, BUFSIZE, stdout) < BUFSIZE
|| fflush(stdout) < 0)
return EXIT_FAILURE;
}
/* Not reached. This program is usually terminated by SIGPIPE */
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
