void
test_cipher_cbc(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iiv)
{
void *ctx = xalloc(cipher->context_size);
uint8_t *data;
uint8_t *iv = xalloc(cipher->block_size);
unsigned length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
ASSERT (iiv->length == cipher->block_size);
data = xalloc(length);
cipher->set_encrypt_key(ctx, key->length, key->data);
memcpy(iv, iiv->data, cipher->block_size);
cbc_encrypt(ctx, cipher->encrypt,
cipher->block_size, iv,
length, data, cleartext->data);
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "CBC encrypt failed:\nInput:");
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
cipher->set_decrypt_key(ctx, key->length, key->data);
memcpy(iv, iiv->data, cipher->block_size);
cbc_decrypt(ctx, cipher->decrypt,
cipher->block_size, iv,
length, data, data);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "CBC decrypt failed:\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(ctx);
free(data);
free(iv);
}
static void
_test_chacha(chacha_func *crypt,
const struct tstring *key,
const struct tstring *iv,
const struct tstring *cleartext,
const struct tstring *ciphertext)
{
struct chacha_ctx ctx;
uint8_t *data;
size_t length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
ASSERT (iv->length == CHACHA_IV_SIZE);
data = xalloc(length + 1);
chacha_set_key(&ctx, key->length, key->data);
chacha_set_iv(&ctx, iv->data);
data[length] = 17;
crypt(&ctx, length, data, cleartext->data);
if (data[length] != 17)
{
fprintf(stderr, "Encrypt of %lu bytes wrote too much!\nInput:",
(unsigned long) length);
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed:\nInput:");
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
chacha_set_key(&ctx, key->length, key->data);
chacha_set_iv(&ctx, iv->data);
crypt(&ctx, length, data, data);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed:\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
void
test_aead(const struct nettle_aead *aead,
const struct tstring *key,
const struct tstring *authtext,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iv,
const struct tstring *digest)
{
void *ctx = xalloc(aead->context_size);
uint8_t *data;
uint8_t *buffer = xalloc(aead->block_size);
unsigned length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
ASSERT (digest->length == aead->block_size);
data = xalloc(length);
/* encryption */
memset(buffer, 0, aead->block_size);
aead->set_key(ctx, key->length, key->data);
aead->set_iv(ctx, iv->length, iv->data);
if (authtext->length)
aead->update(ctx, authtext->length, authtext->data);
if (length)
aead->encrypt(ctx, length, data, cleartext->data);
aead->digest(ctx, aead->block_size, buffer);
ASSERT(MEMEQ(length, data, ciphertext->data));
ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
/* decryption */
memset(buffer, 0, aead->block_size);
aead->set_iv(ctx, iv->length, iv->data);
if (authtext->length)
aead->update(ctx, authtext->length, authtext->data);
if (length)
aead->decrypt(ctx, length, data, data);
aead->digest(ctx, aead->block_size, buffer);
ASSERT(MEMEQ(length, data, cleartext->data));
ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
free(ctx);
free(data);
free(buffer);
}
void
test_main(void)
{
ASSERT(BASE64_ENCODE_LENGTH(0) == 0); /* At most 4 bits */
ASSERT(BASE64_ENCODE_LENGTH(1) == 2); /* At most 12 bits */
ASSERT(BASE64_ENCODE_LENGTH(2) == 3); /* At most 20 bits */
ASSERT(BASE64_ENCODE_LENGTH(3) == 4); /* At most 28 bits */
ASSERT(BASE64_ENCODE_LENGTH(4) == 6); /* At most 36 bits */
ASSERT(BASE64_ENCODE_LENGTH(5) == 7); /* At most 44 bits */
ASSERT(BASE64_ENCODE_LENGTH(12) == 16); /* At most 100 bits */
ASSERT(BASE64_ENCODE_LENGTH(13) == 18); /* At most 108 bits */
ASSERT(BASE64_DECODE_LENGTH(0) == 0); /* At most 6 bits */
ASSERT(BASE64_DECODE_LENGTH(1) == 1); /* At most 12 bits */
ASSERT(BASE64_DECODE_LENGTH(2) == 2); /* At most 18 bits */
ASSERT(BASE64_DECODE_LENGTH(3) == 3); /* At most 24 bits */
ASSERT(BASE64_DECODE_LENGTH(4) == 3); /* At most 30 bits */
test_armor(&nettle_base64, LDATA(""), "");
test_armor(&nettle_base64, LDATA("H"), "SA==");
test_armor(&nettle_base64, LDATA("He"), "SGU=");
test_armor(&nettle_base64, LDATA("Hel"), "SGVs");
test_armor(&nettle_base64, LDATA("Hell"), "SGVsbA==");
test_armor(&nettle_base64, LDATA("Hello"), "SGVsbG8=");
test_armor(&nettle_base64, LDATA("Hello\0"), "SGVsbG8A");
test_armor(&nettle_base64, LDATA("Hello?>>>"), "SGVsbG8/Pj4+");
test_armor(&nettle_base64, LDATA("\xff\xff\xff\xff"), "/////w==");
test_armor(&nettle_base64url, LDATA(""), "");
test_armor(&nettle_base64url, LDATA("H"), "SA==");
test_armor(&nettle_base64url, LDATA("He"), "SGU=");
test_armor(&nettle_base64url, LDATA("Hel"), "SGVs");
test_armor(&nettle_base64url, LDATA("Hell"), "SGVsbA==");
test_armor(&nettle_base64url, LDATA("Hello"), "SGVsbG8=");
test_armor(&nettle_base64url, LDATA("Hello\0"), "SGVsbG8A");
test_armor(&nettle_base64url, LDATA("Hello?>>>"), "SGVsbG8_Pj4-");
test_armor(&nettle_base64url, LDATA("\xff\xff\xff\xff"), "_____w==");
{
/* Test overlapping areas */
uint8_t buffer[] = "Helloxxxx";
struct base64_decode_ctx ctx;
size_t dst_length;
ASSERT(BASE64_ENCODE_RAW_LENGTH(5) == 8);
base64_encode_raw(buffer, 5, buffer);
ASSERT(MEMEQ(9, buffer, "SGVsbG8=x"));
base64_decode_init(&ctx);
dst_length = 0; /* Output parameter only. */
ASSERT(base64_decode_update(&ctx, &dst_length, buffer, 8, buffer));
ASSERT(dst_length == 5);
ASSERT(MEMEQ(9, buffer, "HelloG8=x"));
}
test_fuzz ();
}
static void
test_cfb8_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CFB8_BULK_DATA];
uint8_t cipher[CFB8_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("f84bfd48206f5803 6ef86f4e69e9aec0");
struct CFB8_CTX(struct aes256_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CFB8_BULK_DATA);
knuth_lfib_random(&random, CFB8_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CFB8_BULK_DATA] = 17;
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_ENCRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, clear);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_DECRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, cipher);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CFB8_BULK_DATA, clear, cipher));
}
static void
test_cbc_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CBC_BULK_DATA];
uint8_t cipher[CBC_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5");
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CBC_BULK_DATA);
knuth_lfib_random(&random, CBC_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CBC_BULK_DATA] = 17;
aes_set_encrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes_set_decrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
}
void
test_hash(const struct nettle_hash *hash,
const struct tstring *msg,
const struct tstring *digest)
{
void *ctx = xalloc(hash->context_size);
uint8_t *buffer = xalloc(hash->digest_size);
uint8_t *input;
unsigned offset;
ASSERT (digest->length == hash->digest_size);
hash->init(ctx);
hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size, buffer);
if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
{
fprintf(stdout, "\nGot:\n");
print_hex(hash->digest_size, buffer);
fprintf(stdout, "\nExpected:\n");
print_hex(hash->digest_size, digest->data);
abort();
}
memset(buffer, 0, hash->digest_size);
hash->init(ctx);
hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size - 1, buffer);
ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
ASSERT(buffer[hash->digest_size - 1] == 0);
input = xalloc (msg->length + 16);
for (offset = 0; offset < 16; offset++)
{
memset (input, 0, msg->length + 16);
memcpy (input + offset, msg->data, msg->length);
hash->update (ctx, msg->length, input + offset);
hash->digest (ctx, hash->digest_size, buffer);
if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
{
fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
print_hex(hash->digest_size, buffer);
fprintf(stdout, "\nExpected:\n");
print_hex(hash->digest_size, digest->data);
abort();
}
}
free(ctx);
free(buffer);
free(input);
}
static void
test_salsa20(unsigned key_length,
const uint8_t *key,
const uint8_t *iv,
unsigned length,
const uint8_t *cleartext,
const uint8_t *ciphertext)
{
struct salsa20_ctx ctx;
uint8_t *data = xalloc(length + 1);
salsa20_set_key(&ctx, key_length, key);
salsa20_set_iv(&ctx, iv);
data[length] = 17;
salsa20_crypt(&ctx, length, data, cleartext);
if (data[length] != 17)
{
fprintf(stderr, "Encrypt of %u bytes wrote too much!\nInput:", length);
print_hex(length, cleartext);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ(length, data, ciphertext))
{
fprintf(stderr, "Encrypt failed:\nInput:");
print_hex(length, cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, ciphertext);
fprintf(stderr, "\n");
FAIL();
}
salsa20_set_key(&ctx, key_length, key);
salsa20_set_iv(&ctx, iv);
salsa20_crypt(&ctx, length, data, data);
if (!MEMEQ(length, data, cleartext))
{
fprintf(stderr, "Decrypt failed:\nInput:");
print_hex(length, ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
static void
test_des(const struct tstring *key, int expected_parity,
const struct tstring *cleartext,
const struct tstring *ciphertext)
{
struct des_ctx ctx;
uint8_t *data;
unsigned length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
ASSERT (key->length == DES_KEY_SIZE);
data = xalloc(length);
ASSERT (des_check_parity(8, key->data) == expected_parity);
ASSERT (des_set_key(&ctx, key->data));
des_encrypt(&ctx, length, data, cleartext->data);
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed:\nInput:");
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
des_decrypt(&ctx, length, data, data);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed:\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
static void
test_memxor (const uint8_t *a, const uint8_t *b, const uint8_t *c,
size_t size, unsigned align_dst, unsigned align_src)
{
uint8_t dst_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t src_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t *dst = set_align (dst_buf, align_dst);
uint8_t *src = set_align (src_buf, align_src);
if (verbose)
fprintf(stderr, "size = %d, align_dst = %d, align_src = %d\n",
(int) size, align_dst, align_src);
memcpy (dst, a, size);
dst[-1] = 17;
dst[size] = 17;
memcpy (src, b, size);
memxor (dst, src, size);
ASSERT (MEMEQ (size, dst, c));
ASSERT (dst[-1] == 17);
ASSERT (dst[size] == 17);
}
void
test_hash_large(const struct nettle_hash *hash,
unsigned count, unsigned length,
uint8_t c,
const struct tstring *digest)
{
void *ctx = xalloc(hash->context_size);
uint8_t *buffer = xalloc(hash->digest_size);
uint8_t *data = xalloc(length);
unsigned i;
ASSERT (digest->length == hash->digest_size);
memset(data, c, length);
hash->init(ctx);
for (i = 0; i < count; i++)
hash->update(ctx, length, data);
hash->digest(ctx, hash->digest_size, buffer);
print_hex(hash->digest_size, buffer);
ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
free(ctx);
free(buffer);
free(data);
}
static void
test_bignum(const char *hex, unsigned length, const uint8_t *base256)
{
mpz_t a;
mpz_t b;
uint8_t *buf;
mpz_init_set_str(a, hex, 16);
nettle_mpz_init_set_str_256_s(b, length, base256);
if (mpz_cmp(a, b))
FAIL();
buf = xalloc(length + 1);
memset(buf, 17, length + 1);
nettle_mpz_get_str_256(length, buf, a);
if (!MEMEQ(length, buf, base256))
FAIL();
if (buf[length] != 17)
FAIL();
mpz_clear(a); mpz_clear(b);
free(buf);
}
static void
test_memxor3 (const uint8_t *ain, const uint8_t *bin, const uint8_t *c,
size_t size, unsigned align_dst, unsigned align_a, unsigned align_b)
{
uint8_t dst_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t a_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t b_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t *dst = set_align (dst_buf, align_dst);
uint8_t *a = set_align (a_buf, align_a);
uint8_t *b = set_align (b_buf, align_b);
if (verbose)
fprintf(stderr, "size = %d, align_dst = %d, align_a = %d, align_b = %d\n",
(int) size, align_dst, align_a, align_b);
memset (dst, 0, size);
dst[-1] = 17;
dst[size] = 17;
memcpy (a, ain, size);
memcpy (b, bin, size);
memxor3 (dst, a, b, size);
ASSERT (MEMEQ (size, dst, c));
ASSERT (dst[-1] == 17);
ASSERT (dst[size] == 17);
}
static void
test_fuzz_once(struct base64_encode_ctx *encode,
struct base64_decode_ctx *decode,
size_t size, const uint8_t *input)
{
size_t base64_len = BASE64_ENCODE_RAW_LENGTH (size);
size_t out_len;
uint8_t *base64 = xalloc (base64_len + 2);
uint8_t *decoded = xalloc (size + 2);
*base64++ = 0x12;
base64[base64_len] = 0x34;
*decoded++ = 0x56;
decoded[size] = 0x78;
out_len = base64_encode_update(encode, base64, size, input);
ASSERT (out_len <= base64_len);
out_len += base64_encode_final(encode, base64 + out_len);
ASSERT (out_len == base64_len);
ASSERT (base64[-1] == 0x12);
ASSERT (base64[base64_len] == 0x34);
ASSERT(base64_decode_update(decode, &out_len, decoded,
base64_len, base64));
ASSERT(base64_decode_final(decode));
ASSERT (out_len == size);
ASSERT (decoded[-1] == 0x56);
ASSERT (decoded[size] == 0x78);
ASSERT(MEMEQ(size, input, decoded));
free (base64 - 1);
free (decoded - 1);
}
static void
test_hkdf_sha1(const struct tstring *ikm,
const struct tstring *salt,
const struct tstring *info,
const struct tstring *extract_output,
const struct tstring *expand_output)
{
struct hmac_sha1_ctx ctx;
uint8_t prk[SHA1_DIGEST_SIZE];
uint8_t *buffer = xalloc(expand_output->length);
hmac_sha1_set_key(&ctx, salt->length, salt->data);
hkdf_extract(&ctx,
(nettle_hash_update_func*) hmac_sha1_update,
(nettle_hash_digest_func*) hmac_sha1_digest,
SHA1_DIGEST_SIZE,
ikm->length, ikm->data,
prk);
if (MEMEQ(SHA1_DIGEST_SIZE, prk, extract_output->data) == 0)
{
fprintf(stdout, "\nGot:\n");
print_hex(SHA1_DIGEST_SIZE, prk);
fprintf(stdout, "\nExpected:\n");
print_hex(extract_output->length, extract_output->data);
abort();
}
hmac_sha1_set_key(&ctx, SHA1_DIGEST_SIZE, prk);
hkdf_expand(&ctx,
(nettle_hash_update_func*) hmac_sha1_update,
(nettle_hash_digest_func*) hmac_sha1_digest,
SHA1_DIGEST_SIZE,
info->length, info->data,
expand_output->length, buffer);
if (MEMEQ(expand_output->length, expand_output->data, buffer) == 0)
{
fprintf(stdout, "\nGot:\n");
print_hex(expand_output->length, buffer);
fprintf(stdout, "\nExpected:\n");
print_hex(expand_output->length, expand_output->data);
abort();
}
free(buffer);
}
static void
test_des(const uint8_t *key, int expected_parity,
unsigned length,
const uint8_t *cleartext,
const uint8_t *ciphertext)
{
struct des_ctx ctx;
uint8_t *data = xalloc(length);
if (des_check_parity(8, key) != expected_parity)
FAIL();
if (!des_set_key(&ctx, key))
FAIL();
des_encrypt(&ctx, length, data, cleartext);
if (!MEMEQ(length, data, ciphertext))
{
fprintf(stderr, "Encrypt failed:\nInput:");
print_hex(length, cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, ciphertext);
fprintf(stderr, "\n");
FAIL();
}
des_decrypt(&ctx, length, data, data);
if (!MEMEQ(length, data, cleartext))
{
fprintf(stderr, "Decrypt failed:\nInput:");
print_hex(length, ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
static void
test_invert(const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext)
{
struct camellia_ctx encrypt;
struct camellia_ctx decrypt;
uint8_t *data;
unsigned length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
data = xalloc(length);
camellia_set_encrypt_key (&encrypt, key->length, key->data);
camellia_crypt (&encrypt, length, data, cleartext->data);
if (!MEMEQ(length, data, ciphertext->data))
{
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
camellia_invert_key (&decrypt, &encrypt);
camellia_crypt (&decrypt, length, data, data);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "test_invert: Decrypt failed:\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free (data);
}
void
test_armor(const struct nettle_armor *armor,
unsigned data_length,
const uint8_t *data,
const uint8_t *ascii)
{
unsigned ascii_length = strlen(ascii);
uint8_t *buffer = xalloc(1 + ascii_length);
uint8_t *check = xalloc(1 + armor->decode_length(ascii_length));
void *encode = xalloc(armor->encode_context_size);
void *decode = xalloc(armor->decode_context_size);
unsigned done;
ASSERT(ascii_length
<= (armor->encode_length(data_length) + armor->encode_final_length));
ASSERT(data_length <= armor->decode_length(ascii_length));
memset(buffer, 0x33, 1 + ascii_length);
memset(check, 0x55, 1 + data_length);
armor->encode_init(encode);
done = armor->encode_update(encode, buffer, data_length, data);
done += armor->encode_final(encode, buffer + done);
ASSERT(done == ascii_length);
ASSERT (MEMEQ(ascii_length, buffer, ascii));
ASSERT (0x33 == buffer[strlen(ascii)]);
armor->decode_init(decode);
done = armor->decode_length(ascii_length);
ASSERT(armor->decode_update(decode, &done, check, ascii_length, buffer));
ASSERT(done == data_length);
ASSERT(armor->decode_final(decode));
ASSERT (MEMEQ(data_length, check, data));
ASSERT (0x55 == check[data_length]);
free(buffer);
free(check);
free(encode);
free(decode);
}
static void
test_gcm_hash (const struct tstring *msg, const struct tstring *ref)
{
struct gcm_aes128_ctx ctx;
const uint8_t z16[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
uint8_t digest[16];
ASSERT (ref->length == sizeof(digest));
gcm_aes128_set_key (&ctx, z16);
gcm_aes128_set_iv (&ctx, 16, z16);
gcm_aes128_update (&ctx, msg->length, msg->data);
gcm_aes128_digest (&ctx, sizeof(digest), digest);
if (!MEMEQ (ref->length, ref->data, digest))
{
fprintf (stderr, "gcm_hash failed, msg: %s\nOutput: ", msg->data);
print_hex (16, digest);
fprintf(stderr, "Expected:");
tstring_print_hex(ref);
fprintf(stderr, "\n");
FAIL();
}
}
static void
test_salsa20_stream(const struct tstring *key,
const struct tstring *iv,
const struct tstring *ciphertext,
const struct tstring *xor_ref)
{
struct salsa20_ctx ctx;
uint8_t data[STREAM_LENGTH + 1];
uint8_t stream[STREAM_LENGTH + 1];
uint8_t xor[SALSA20_BLOCK_SIZE];
unsigned j;
ASSERT (iv->length == SALSA20_IV_SIZE);
ASSERT (ciphertext->length == 4*SALSA20_BLOCK_SIZE);
ASSERT (xor_ref->length == SALSA20_BLOCK_SIZE);
salsa20_set_key(&ctx, key->length, key->data);
salsa20_set_iv(&ctx, iv->data);
memset(stream, 0, STREAM_LENGTH + 1);
salsa20_crypt(&ctx, STREAM_LENGTH, stream, stream);
if (stream[STREAM_LENGTH])
{
fprintf(stderr, "Stream of %d bytes wrote too much!\n", STREAM_LENGTH);
FAIL();
}
if (!MEMEQ (64, stream, ciphertext->data))
{
fprintf(stderr, "Error failed, offset 0:\n");
fprintf(stderr, "\nOutput: ");
print_hex(64, stream);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ (128, stream + 192, ciphertext->data + 64))
{
fprintf(stderr, "Error failed, offset 192:\n");
fprintf(stderr, "\nOutput: ");
print_hex(128, stream + 192);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data + 64);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ (64, stream + 448, ciphertext->data + 192))
{
fprintf(stderr, "Error failed, offset 448:\n");
fprintf(stderr, "\nOutput: ");
print_hex(64, stream + 448);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data + 192);
fprintf(stderr, "\n");
FAIL();
}
memxor3 (xor, stream, stream + SALSA20_BLOCK_SIZE, SALSA20_BLOCK_SIZE);
for (j = 2*SALSA20_BLOCK_SIZE; j < STREAM_LENGTH; j += SALSA20_BLOCK_SIZE)
memxor (xor, stream + j, SALSA20_BLOCK_SIZE);
if (!MEMEQ (SALSA20_BLOCK_SIZE, xor, xor_ref->data))
{
fprintf(stderr, "Error failed, bad xor 448:\n");
fprintf(stderr, "\nOutput: ");
print_hex(SALSA20_BLOCK_SIZE, xor);
fprintf(stderr, "\nExpected:");
print_hex(SALSA20_BLOCK_SIZE, xor_ref->data);
fprintf(stderr, "\n");
FAIL();
}
for (j = 1; j <= STREAM_LENGTH; j++)
{
memset(data, 0, STREAM_LENGTH + 1);
salsa20_set_iv(&ctx, iv->data);
salsa20_crypt(&ctx, j, data, data);
if (!MEMEQ(j, data, stream))
{
fprintf(stderr, "Encrypt failed for length %u:\n", j);
fprintf(stderr, "\nOutput: ");
print_hex(j, data);
fprintf(stderr, "\nExpected:");
print_hex(j, stream);
fprintf(stderr, "\n");
FAIL();
}
if (!memzero_p (data + j, STREAM_LENGTH + 1 - j))
{
fprintf(stderr, "Encrypt failed for length %u, wrote too much:\n", j);
fprintf(stderr, "\nOutput: ");
print_hex(STREAM_LENGTH + 1 - j, data + j);
fprintf(stderr, "\n");
FAIL();
}
}
}
static void
test_arcfour(const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext)
{
size_t block;
struct arcfour_ctx ctx;
uint8_t *data;
size_t length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
data = xalloc(length + 1);
for (block = 1; block <= length; block++)
{
size_t i;
memset(data, 0x17, length + 1);
arcfour_set_key(&ctx, key->length, key->data);
for (i = 0; i + block < length; i += block)
{
arcfour_crypt(&ctx, block, data + i, cleartext->data + i);
ASSERT (data[i + block] == 0x17);
}
arcfour_crypt(&ctx, length - i, data + i, cleartext->data + i);
ASSERT (data[length] == 0x17);
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed, block size %lu\nInput:",
(unsigned long) block);
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
}
arcfour_set_key(&ctx, key->length, key->data);
arcfour_crypt(&ctx, length, data, data);
ASSERT (data[length] == 0x17);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
void
test_cipher_stream(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext)
{
unsigned block;
void *ctx = xalloc(cipher->context_size);
uint8_t *data;
unsigned length;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
data = xalloc(length + 1);
for (block = 1; block <= length; block++)
{
unsigned i;
memset(data, 0x17, length + 1);
cipher->set_encrypt_key(ctx, key->length, key->data);
for (i = 0; i + block < length; i += block)
{
cipher->encrypt(ctx, block, data + i, cleartext->data + i);
ASSERT (data[i + block] == 0x17);
}
cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
ASSERT (data[length] == 0x17);
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
}
cipher->set_decrypt_key(ctx, key->length, key->data);
cipher->decrypt(ctx, length, data, data);
ASSERT (data[length] == 0x17);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(ctx);
free(data);
}
void
test_cipher_ctr(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *ictr)
{
void *ctx = xalloc(cipher->context_size);
uint8_t *data;
uint8_t *ctr = xalloc(cipher->block_size);
uint8_t *octr = xalloc(cipher->block_size);
unsigned length;
unsigned low, nblocks;
ASSERT (cleartext->length == ciphertext->length);
length = cleartext->length;
ASSERT (ictr->length == cipher->block_size);
/* Compute expected counter value after the operation. */
nblocks = (length + cipher->block_size - 1) / cipher->block_size;
ASSERT (nblocks < 0x100);
memcpy (octr, ictr->data, cipher->block_size - 1);
low = ictr->data[cipher->block_size - 1] + nblocks;
octr[cipher->block_size - 1] = low;
if (low >= 0x100)
INCREMENT (cipher->block_size - 1, octr);
data = xalloc(length);
cipher->set_encrypt_key(ctx, key->length, key->data);
memcpy(ctr, ictr->data, cipher->block_size);
ctr_crypt(ctx, cipher->encrypt,
cipher->block_size, ctr,
length, data, cleartext->data);
if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "CTR encrypt failed:\nInput:");
tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
ASSERT (MEMEQ (cipher->block_size, ctr, octr));
memcpy(ctr, ictr->data, cipher->block_size);
ctr_crypt(ctx, cipher->encrypt,
cipher->block_size, ctr,
length, data, data);
if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "CTR decrypt failed:\nInput:");
tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
ASSERT (MEMEQ (cipher->block_size, ctr, octr));
free(ctx);
free(data);
free(octr);
free(ctr);
}
void
test_main(void)
{
struct sexp_iterator i;
uint32_t x;
ASSERT(sexp_iterator_first(&i, LDATA("")));
ASSERT(i.type == SEXP_END);
ASSERT(sexp_iterator_first(&i, LDATA("()")));
ASSERT(i.type == SEXP_LIST
&& sexp_iterator_enter_list(&i)
&& i.type == SEXP_END
&& sexp_iterator_exit_list(&i)
&& i.type == SEXP_END);
ASSERT(sexp_iterator_first(&i, LDATA("(")));
ASSERT(i.type == SEXP_LIST
&& !sexp_iterator_enter_list(&i));
/* Check integers. */
ASSERT(sexp_iterator_first(&i, LDATA("1:\0"
"1:\x11"
"2:\x00\x11"
"2:\x00\x80"
"5:\x00\xaa\xbb\xcc\xdd")));
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0x11);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0x11);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0x80);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0xaabbccdd);
ASSERT(sexp_iterator_first(&i, LDATA("3:foo0:[3:bar]12:xxxxxxxxxxxx")));
ASSERT(i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& i.atom_length == 3 && MEMEQ(3, "foo", i.atom)
&& sexp_iterator_next(&i) && i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& !i.atom_length && i.atom
&& sexp_iterator_next(&i) && i.type == SEXP_ATOM
&& i.display_length == 3 && MEMEQ(3, "bar", i.display)
&& i.atom_length == 12 && MEMEQ(12, "xxxxxxxxxxxx", i.atom)
&& sexp_iterator_next(&i) && i.type == SEXP_END);
/* Same data, transport encoded. */
{
struct tstring *s
= tstring_data(LDATA("{Mzpmb28=} {MDo=} {WzM6YmFyXTEyOnh4eHh4eHh4eHh4eA==}"));
ASSERT(sexp_transport_iterator_first (&i, s->length, s->data));
ASSERT(i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& i.atom_length == 3 && MEMEQ(3, "foo", i.atom)
&& sexp_iterator_next(&i) && i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& !i.atom_length && i.atom
&& sexp_iterator_next(&i) && i.type == SEXP_ATOM
&& i.display_length == 3 && MEMEQ(3, "bar", i.display)
&& i.atom_length == 12 && MEMEQ(12, "xxxxxxxxxxxx", i.atom)
&& sexp_iterator_next(&i) && i.type == SEXP_END);
}
{
static const uint8_t *keys[2] = { "n", "e" };
struct sexp_iterator v[2];
ASSERT(sexp_iterator_first(&i, LDATA("((1:n2:xx3:foo)0:(1:y)(1:e))")));
ASSERT(sexp_iterator_enter_list(&i)
&& sexp_iterator_assoc(&i, 2, keys, v));
ASSERT(v[0].type == SEXP_ATOM
&& !v[0].display_length && !v[0].display
&& v[0].atom_length == 2 && MEMEQ(2, "xx", v[0].atom)
&& sexp_iterator_next(&v[0]) && v[0].type == SEXP_ATOM
&& !v[0].display_length && !v[0].display
&& v[0].atom_length == 3 && MEMEQ(3, "foo", v[0].atom)
&& sexp_iterator_next(&v[0]) && v[0].type == SEXP_END);
ASSERT(v[1].type == SEXP_END);
ASSERT(sexp_iterator_first(&i, LDATA("((1:n))")));
ASSERT(sexp_iterator_enter_list(&i)
&& !sexp_iterator_assoc(&i, 2, keys, v));
ASSERT(sexp_iterator_first(&i, LDATA("((1:n)(1:n3:foo))")));
ASSERT(sexp_iterator_enter_list(&i)
&& !sexp_iterator_assoc(&i, 2, keys, v));
}
}
