static void
test_fuzz(void)
{
/* Fuzz a round-trip through both encoder and decoder */
struct base64_encode_ctx encode;
struct base64_decode_ctx decode;
unsigned i;
size_t length;
uint8_t input[1024];
struct knuth_lfib_ctx rand_ctx;
knuth_lfib_init(&rand_ctx, 39854);
for (i = 0; i < 10000; i++)
{
length = i % sizeof(input);
/* length could be 0, which is fine we need to test that case too */
knuth_lfib_random(&rand_ctx, length, input);
base64_encode_init(&encode);
base64_decode_init(&decode);
test_fuzz_once(&encode, &decode, length, input);
base64url_encode_init(&encode);
base64url_decode_init(&decode);
test_fuzz_once(&encode, &decode, length, input);
}
}
static void
test_cfb8_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CFB8_BULK_DATA];
uint8_t cipher[CFB8_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("f84bfd48206f5803 6ef86f4e69e9aec0");
struct CFB8_CTX(struct aes256_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CFB8_BULK_DATA);
knuth_lfib_random(&random, CFB8_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CFB8_BULK_DATA] = 17;
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_ENCRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, clear);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes256_set_encrypt_key(&aes.ctx, key);
CFB8_SET_IV(&aes, start_iv);
CFB8_DECRYPT(&aes, aes256_encrypt, CFB8_BULK_DATA, cipher, cipher);
ASSERT(cipher[CFB8_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CFB8_BULK_DATA, clear, cipher));
}
static void
test_cbc_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CBC_BULK_DATA];
uint8_t cipher[CBC_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5");
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CBC_BULK_DATA);
knuth_lfib_random(&random, CBC_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CBC_BULK_DATA] = 17;
aes_set_encrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes_set_decrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
}
void
test_dsa160(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
const struct dsa_signature *expected)
{
struct sha1_ctx sha1;
struct dsa_signature signature;
struct knuth_lfib_ctx lfib;
sha1_init(&sha1);
dsa_signature_init(&signature);
knuth_lfib_init(&lfib, 1111);
sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
ASSERT (dsa_sha1_sign(pub, key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&sha1, &signature));
if (verbose)
{
fprintf(stderr, "dsa160 signature: ");
mpz_out_str(stderr, 16, signature.r);
fprintf(stderr, ", ");
mpz_out_str(stderr, 16, signature.s);
fprintf(stderr, "\n");
}
if (expected)
ASSERT (mpz_cmp (signature.r, expected->r) == 0
&& mpz_cmp (signature.s, expected->s) == 0);
/* Try bad data */
ASSERT (!DSA_VERIFY(pub, sha1,
"The magick words are squeamish ossifrage",
&signature));
/* Try correct data */
ASSERT (DSA_VERIFY(pub, sha1,
"The magic words are squeamish ossifrage",
&signature));
/* Try bad signature */
mpz_togglebit(signature.r, 17);
ASSERT (!DSA_VERIFY(pub, sha1,
"The magic words are squeamish ossifrage",
&signature));
dsa_signature_clear(&signature);
}
static void
bench_curve25519 (void)
{
double mul_g;
double mul;
struct knuth_lfib_ctx lfib;
struct curve25519_ctx ctx;
knuth_lfib_init (&lfib, 2);
knuth_lfib_random (&lfib, sizeof(ctx.s), ctx.s);
curve25519_mul_g (ctx.x, ctx.s);
mul_g = time_function (bench_curve25519_mul_g, &ctx);
mul = time_function (bench_curve25519_mul, &ctx);
printf("%16s %4d %9.4f %9.4f\n",
"curve25519", 255, 1e-3/mul_g, 1e-3/mul);
}
static void *
bench_dsa_init (unsigned size)
{
struct dsa_ctx *ctx;
struct sexp_iterator i;
unsigned char dsa1024[] =
"{KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToA2q4hOXEClLMXXMOl9xaPcGC/GeGmCMv"
" VCaaW0uWc50DvvmJDPQPdCehyfZr/1dv2UDbx06TC7ls/IFd+BsDzGBRxqIQ44J20cn+0gt"
" NMIXAocE1QhCCFaT5gXrk8zMlqBEGaP3RdpgxNanEXkTj2Wma8r1GtrLX3HPafio62jicpK"
" DE6cTIxOgDN9pcW3exdVAesC9WsxwCGoJK24ykoMTpnMTI5OgCJr9DmKdiE0WJZB7HACESv"
" Tpg1qZgc8E15byQ+OsHUyOTRrJRTcrgKZJW7dFRJ9cXmyi7XYCd3bJtu/2HRHLY1vd4qMvU"
" 7Y8x08ooCoABGV7nGqcmdQfEho1OY6TZh2NikmPKZLeur3PZFpcZ8Dl+KVWtwC55plNC7Om"
" iAQy8MaCkoMTp5MTI5OgDakk0LOUQwzOKt9FHOBmBKrWsvTm7549eScTUqH4OMm3btjUsXz"
" MmlqEe+imwQCOW/AE3Xw9pXZeETWK0jlLe8k5vnKcNskerFwZ1eQKtOPPQty8IqQ9PEfF6B"
" 0oVQiJg2maHUDWFnDkIBd7ZR1z8FnZMUxH9mH4kEUo6YQgtCdykoMTp4MjA6cOl3ijiiMjI"
" pesFD8jxESWb2mn8pKSk=}";
ctx = xalloc(sizeof(*ctx));
dsa_params_init (&ctx->params);
mpz_init (ctx->pub);
mpz_init (ctx->key);
dsa_signature_init (&ctx->s);
knuth_lfib_init (&ctx->lfib, 1);
if (size != 1024)
die ("Internal error.\n");
if (! (sexp_transport_iterator_first (&i, sizeof(dsa1024) - 1, dsa1024)
&& sexp_iterator_check_type (&i, "private-key")
&& sexp_iterator_check_type (&i, "dsa")
&& dsa_keypair_from_sexp_alist (&ctx->params, ctx->pub, ctx->key,
0, DSA_SHA1_Q_BITS, &i)) )
die ("Internal error.\n");
ctx->digest = hash_string (&nettle_sha1, "foo");
dsa_sign (&ctx->params, ctx->key,
&ctx->lfib, (nettle_random_func *)knuth_lfib_random,
SHA1_DIGEST_SIZE, ctx->digest, &ctx->s);
return ctx;
}
int
test_main(void)
{
struct knuth_lfib_ctx ctx;
uint32_t a[2009];
uint32_t x;
unsigned m;
knuth_lfib_init(&ctx, 310952);
for (m = 0; m<2009; m++)
knuth_lfib_get_array(&ctx, 1009, a);
x = knuth_lfib_get(&ctx);
if (x != 461390032)
FAIL();
SUCCESS();
}
int
main(int argc, char **argv)
{
struct knuth_lfib_ctx ctx;
uint32_t seed;
if (argc == 1)
seed = time(NULL);
else if (argc == 2)
{
seed = atoi(argv[1]);
if (!seed)
{
usage();
return EXIT_FAILURE;
}
}
else
{
usage();
return EXIT_FAILURE;
}
knuth_lfib_init(&ctx, seed);
for (;;)
{
char buffer[BUFSIZE];
knuth_lfib_random(&ctx, BUFSIZE, buffer);
if (fwrite(buffer, 1, BUFSIZE, stdout) < BUFSIZE
|| fflush(stdout) < 0)
return EXIT_FAILURE;
}
/* Not reached. This program is usually terminated by SIGPIPE */
}
void
test_main(void)
{
uint8_t src[MAX_SIZE];
uint8_t dst[MAX_SIZE];
uint8_t res[MAX_SIZE];
struct knuth_lfib_ctx random_ctx;
knuth_lfib_init (&random_ctx, 11);
size_t size;
for (size = 1; size < 50; size++)
{
knuth_lfib_random (&random_ctx, size, src);
knuth_lfib_random (&random_ctx, size, dst);
memcpy (res, dst, size);
cnd_memcpy_for_test (0, res, src, size);
ASSERT (memcmp (res, dst, size) == 0);
cnd_memcpy_for_test (1, res, src, size);
ASSERT (memcmp (res, src, size) == 0);
}
}
void
test_main(void)
{
struct knuth_lfib_ctx lfib;
mpz_t p;
unsigned bits;
knuth_lfib_init(&lfib, 17);
mpz_init(p);
for (bits = 6; bits < 1000; bits = bits + 1 + bits/20)
{
if (verbose)
fprintf(stderr, "bits = %d\n", bits);
nettle_random_prime(p, bits, 0,
&lfib, (nettle_random_func *) knuth_lfib_random,
NULL, NULL);
ASSERT (mpz_sizeinbase (p, 2) == bits);
ASSERT (mpz_probab_prime_p(p, 25));
}
mpz_clear(p);
}
static void *
bench_ecdsa_init (unsigned size)
{
struct ecdsa_ctx *ctx;
const struct ecc_curve *ecc;
const char *xs;
const char *ys;
const char *zs;
mpz_t x, y, z;
ctx = xalloc (sizeof(*ctx));
dsa_signature_init (&ctx->s);
knuth_lfib_init (&ctx->rctx, 17);
switch (size)
{
case 192:
ecc = &_nettle_secp_192r1;
xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
ctx->digest = hash_string (&nettle_sha1, "abc");
ctx->digest_size = 20;
break;
case 224:
ecc = &_nettle_secp_224r1;
xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
ctx->digest = hash_string (&nettle_sha224, "abc");
ctx->digest_size = 28;
break;
/* From RFC 4754 */
case 256:
ecc = &_nettle_secp_256r1;
xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";
ys = "6FC98BD7 E50211A4 A27102FA 3549DF79 EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D";
zs = "DC51D386 6A15BACD E33D96F9 92FCA99D A7E6EF09 34E70975 59C27F16 14C88A7F";
ctx->digest = hash_string (&nettle_sha256, "abc");
ctx->digest_size = 32;
break;
case 384:
ecc = &_nettle_secp_384r1;
xs = "96281BF8 DD5E0525 CA049C04 8D345D30 82968D10 FEDF5C5A CA0C64E6 465A97EA"
"5CE10C9D FEC21797 41571072 1F437922";
ys = "447688BA 94708EB6 E2E4D59F 6AB6D7ED FF9301D2 49FE49C3 3096655F 5D502FAD"
"3D383B91 C5E7EDAA 2B714CC9 9D5743CA";
zs = "0BEB6466 34BA8773 5D77AE48 09A0EBEA 865535DE 4C1E1DCB 692E8470 8E81A5AF"
"62E528C3 8B2A81B3 5309668D 73524D9F";
ctx->digest = hash_string (&nettle_sha384, "abc");
ctx->digest_size = 48;
break;
case 521:
ecc = &_nettle_secp_521r1;
xs = "0151518F 1AF0F563 517EDD54 85190DF9 5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
"7AFE0A6D DEB8BEDB CD6A197E 592D4018 8901CECD 650699C9 B5E456AE A5ADD190"
"52A8";
ys = "006F3B14 2EA1BFFF 7E2837AD 44C9E4FF 6D2D34C7 3184BBAD 90026DD5 E6E85317"
"D9DF45CA D7803C6C 20035B2F 3FF63AFF 4E1BA64D 1C077577 DA3F4286 C58F0AEA"
"E643";
zs = "0065FDA3 409451DC AB0A0EAD 45495112 A3D813C1 7BFD34BD F8C1209D 7DF58491"
"20597779 060A7FF9 D704ADF7 8B570FFA D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
"5FA1";
ctx->digest = hash_string (&nettle_sha512, "abc");
ctx->digest_size = 64;
break;
default:
die ("Internal error.\n");
}
ecc_point_init (&ctx->pub, ecc);
ecc_scalar_init (&ctx->key, ecc);
mpz_init_set_str (x, xs, 16);
mpz_init_set_str (y, ys, 16);
mpz_init_set_str (z, zs, 16);
ecc_point_set (&ctx->pub, x, y);
ecc_scalar_set (&ctx->key, z);
mpz_clear (x);
mpz_clear (y);
mpz_clear (z);
ecdsa_sign (&ctx->key,
&ctx->rctx, (nettle_random_func *) knuth_lfib_random,
ctx->digest_size, ctx->digest,
&ctx->s);
return ctx;
}
static void *
bench_rsa_init (unsigned size)
{
unsigned char rsa1024[] =
"{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjEyOToA90+K5EmjbFJBeJD"
" xP2KD2Df+0Twc9425uB+vhqTrVijtd2PnwEQDfR2VoducgkKcXJzYYyCNILQJbFAi2Km/sD"
" jImERBqDtaI217Ze+tOKEmImexYTAgFuqEptp2F3M4DqgRQ7s/3nJQ/bPE5Hfi1OZhJSShu"
" I80ATTU4fUgrPspKDE6ZTM6AQABKSgxOmQxMjk6APAhKckzvxxkWfHJOpXDACWnaSKcbbvo"
" vtWK3pGr/F2ya7CrLtE+uOx5F1sLs9G+/7flCy5k4uNILIYg4VTirZ1zQ8fNKPrjK1VMRls"
" JiRRU/0VAs9d7HdncJfs6rbvRQbCRSRYURo4hWir3Lq8V3UUQVBprc4dO+uWmplvwQ5qxKS"
" gxOnA2NToA+8aIVkdbk8Jg8dJOuzc7m/hZnwkKSs6eVDw4N/2T0CJKGJYT+B3Ct+fPkxhUR"
" ggd2DQ9OpkTra7SXHTNkzdPVSkoMTpxNjU6APt11P8vXNnGYF0OC/cPsR8zhSYuFmtRuX6G"
" ES+DdG0VCU07UeNQkok1UoW5sXqY0IGr1jkJq8AMSgKoNbLQ6w8pKDE6YTY0Ohzkxsan/8F"
" wQDHgQbrIduXKVXaj0fONzKu8EXOTfUAYf0pdBsOlnq/+QVsPIrS6v7oNHK253YFEG84SdX"
" kcktUpKDE6YjY1OgCR+cRtY3RWY+f6/TWK9gwPndv03xpasLWrMm71ky1aSbT9pasS9+opR"
" tAiGzthfSbFsBiLQgb3VOr+AeIybT+XKSgxOmM2NDojigqARWN5u1CVDVuD2L2ManpoGiM6"
" kQ6FaJjqRjxeRRKFrQxGJa9tM1hqStxokC1oJidgaOLGnn60iwzToug9KSkp}";
unsigned char rsa2048[] =
"{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjI1NzoAtxWXiglIdunDK48"
" 8I0vW0wTqnh/riW9pLk8n1F8MUPBFdhvkkl0bDQqSJPUvSHy+w4fLVwcEzeI4qFyo3b2Avz"
" JK20MFbt/WfHD1TbxuK8rNqXyqmqjJ9vgjtV9nPzAz7CM9ogs3/RJHpcfZPQF15ifizleUZ"
" aQT0GAXHZL7cePj10yGI2u3hgTkokVzdNC/1T34guKYpErg0pt0B/KejWpsFTb84z3tkR+B"
" YVx07p/OoByZwoABgncS/uALl31fRS8jyJ2JqUiZOqe7XoO9hkDHYNCWUGUfNGQ7ZgVp9+e"
" NQpracSjrp6Jnrj7r/oxJUx5ZDVNi18AzQadE/oKOrSkoMTplMzoBAAEpKDE6ZDI1NjogBT"
" C5vaHk2kF+LtDvw2XRBj0aZq7FHK0ioklvBSicR0l+vKYfSxVeFIk22YLphJfAjtFraRjYA"
" Uaze3E1Rt1rkxoweupKV++lWAQvElOaaR/LErirz/Vysjdck1D1ZjLOi+NNofSq2DWbsvY1"
" iznZhQRP3lVf6XBls0iXrYs4gb0pBZqXLQW+j9Ihx6eantf1/6ZMKPgCkzcAZ0ABsCfaFSg"
" ouNCzilblsgFEspEbb8QqrNQoStS3F/gMwWgDsr3+vQzBqt+7ykWoCJ9wctbYy9kEPq+hX3"
" GP0hG6HdS81r9E8pgdf3wloNNMzYUHwn7poXGpOi8tG0pmR56TqD/BKSgxOnAxMjk6AN4AJ"
" TiGPm9We2ga3Y0jpTfA3mWpUbhYgaXYLWA1/riniwq16fqxRIkWQT/O2KKpBVe6WSvNYq9u"
" lM8N6bdPtDytJs6AOXy0X5vtJ953ZYVMhHbhmUxhIL9I+s0O1+LxMF8b9U4CrFyaTxd8Un/"
" FXP1BvYJRrkoup6HYvOlGx36lKSgxOnExMjk6ANMfrfH6z/3o7K56aW6kSiloDDbKZQ0+W5"
" 8LzP2ZOBLf6LX6jLhN3olU1Z0KGTM0S/1AxvwGjuRqhu+LcOJ7oUCUH3uusR5c5nSnArYPq"
" +0wbco4BQngot/HmGN7U0EDsIWqPt/qoa/b8bCk+TOwJlknNq/PnZU26SPj48XS05lpKSgx"
" OmExMjk6AJM2n3gLNW3ZeH5BindkktQU9qWNkV5geqDCaNyrEZ3bpI1WsrEGSj9p3Zz1ipz"
" a3msdbLJqQS26c72WKUzg8tFltR0s1HJInjolGtIgdNbfNdwrn9+RbQjL2VyPokOg0wXO4W"
" 14wlmqDhax33dRJmfe50964MvaglkGA8fhorrtKSgxOmIxMjk6AKMe+vrX2xRHf3dfxU5jS"
" ZmsdqNuxZzx7UB5kazvUU/kCJ1yNH/CSoq5LULkpovVgFDwV84qEwWQ+SjkCBg1hWWsDJc3"
" ZkobZUQENigM+72LiYiQt/PlyHI2eRuEEdNN0nm0DFhdpQeHXLoq/RBerYJ8tdgpBYxgnMn"
" KLhaOykbhKSgxOmMxMjg6MVlKj2bjb7qFQVkLO1OPg28jSrtRpnQCR+qegN4ZmNam/qbest"
" 8yn0JQ6gxX7PvP382+jx7uHHWHYYqPq/Flf8gqtOOcjqS5TJgVHz3F3xHWquo1ZofGtCMro"
" Dd2c0xjRjIVGvLV6Ngs+HRdljRav40vRpTyEoEdlzHBQiILesopKSk=}";
struct rsa_ctx *ctx;
struct sexp_iterator i;
int res;
ctx = xalloc(sizeof(*ctx));
rsa_public_key_init (&ctx->pub);
rsa_private_key_init (&ctx->key);
mpz_init (ctx->s);
knuth_lfib_init (&ctx->lfib, 1);
/* NOTE: Base64-decodes the strings in-place */
if (size == 1024)
res = sexp_transport_iterator_first (&i, sizeof(rsa1024) - 1, rsa1024);
else if (size == 2048)
res = sexp_transport_iterator_first (&i, sizeof(rsa2048) - 1, rsa2048);
else
die ("Internal error.\n");
if (! (res
&& sexp_iterator_check_type (&i, "private-key")
&& sexp_iterator_check_type (&i, "rsa-pkcs1-sha1")
&& rsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, &i)))
die ("Internal error.\n");
ctx->digest = hash_string (&nettle_sha256, "foo");
rsa_sha256_sign_digest (&ctx->key, ctx->digest, ctx->s);
return ctx;
}
void
test_main (void)
{
unsigned i;
struct knuth_lfib_ctx rctx;
struct dsa_signature signature;
struct tstring *digest;
knuth_lfib_init (&rctx, 4711);
dsa_signature_init (&signature);
digest = SHEX (/* sha256("abc") */
"BA7816BF 8F01CFEA 414140DE 5DAE2223"
"B00361A3 96177A9C B410FF61 F20015AD");
for (i = 0; ecc_curves[i]; i++)
{
const struct ecc_curve *ecc = ecc_curves[i];
struct ecc_point pub;
struct ecc_scalar key;
if (verbose)
fprintf (stderr, "Curve %d\n", ecc->bit_size);
ecc_point_init (&pub, ecc);
ecc_scalar_init (&key, ecc);
ecdsa_generate_keypair (&pub, &key,
&rctx,
(nettle_random_func *) knuth_lfib_random);
if (verbose)
{
gmp_fprintf (stderr,
"Public key:\nx = %Nx\ny = %Nx\n",
pub.p, ecc->size, pub.p + ecc->size, ecc->size);
gmp_fprintf (stderr,
"Private key: %Nx\n", key.p, ecc->size);
}
if (!ecc_valid_p (&pub))
die ("ecdsa_generate_keypair produced an invalid point.\n");
ecdsa_sign (&key,
&rctx, (nettle_random_func *) knuth_lfib_random,
digest->length, digest->data,
&signature);
if (!ecdsa_verify (&pub, digest->length, digest->data,
&signature))
die ("ecdsa_verify failed.\n");
digest->data[3] ^= 17;
if (ecdsa_verify (&pub, digest->length, digest->data,
&signature))
die ("ecdsa_verify returned success with invalid digest.\n");
digest->data[3] ^= 17;
mpz_combit (signature.r, 117);
if (ecdsa_verify (&pub, digest->length, digest->data,
&signature))
die ("ecdsa_verify returned success with invalid signature.r.\n");
mpz_combit (signature.r, 117);
mpz_combit (signature.s, 93);
if (ecdsa_verify (&pub, digest->length, digest->data,
&signature))
die ("ecdsa_verify returned success with invalid signature.s.\n");
ecc_point_clear (&pub);
ecc_scalar_clear (&key);
}
dsa_signature_clear (&signature);
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
