if (c >= '0' && c <= '9') {
c -= '0';
} else if (c >= 'A' && c <= 'F') {
- c -= ('A' - 10); \
+ c -= ('A' - 10);
} else if (c >= 'a' && c <= 'f') {
- c -= ('a' - 10); \
+ c -= ('a' - 10);
} else {
continue;
}
}
static void
-check_equals(char *banner, const void *v1, const void *v2, size_t len)
+check_equals(const char *banner, const void *v1, const void *v2, size_t len)
{
size_t u;
const unsigned char *b;
};
static void
-test_RSA_core(char *name, br_rsa_public fpub, br_rsa_private fpriv)
+test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
{
unsigned char t1[128], t2[128], t3[128];
fflush(stdout);
}
+static const unsigned char SHA1_OID[] = {
+ 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
+};
+
+static void
+test_RSA_sign(const char *name, br_rsa_private fpriv,
+ br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
+{
+ unsigned char t1[128], t2[128];
+ unsigned char hv[20], tmp[20];
+ br_sha1_context hc;
+ size_t u;
+
+ printf("Test %s: ", name);
+ fflush(stdout);
+
+ /*
+ * Verify the KAT test (computed with OpenSSL).
+ */
+ hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
+ br_sha1_init(&hc);
+ br_sha1_update(&hc, "test", 4);
+ br_sha1_out(&hc, hv);
+ if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
+ fprintf(stderr, "Signature verification failed\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("Extracted hash value", hv, tmp, sizeof tmp);
+
+ /*
+ * Regenerate the signature. This should yield the same value as
+ * the KAT test, since PKCS#1 v1.5 signatures are deterministic
+ * (except the usual detail about hash function parameter
+ * encoding, but OpenSSL uses the same convention as BearSSL).
+ */
+ if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
+ fprintf(stderr, "Signature generation failed\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("Regenerated signature", t1, t2, sizeof t1);
+
+ /*
+ * Use the raw private core to generate fake signatures, where
+ * one byte of the padded hash value is altered. They should all be
+ * rejected.
+ */
+ hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
+ for (u = 0; u < (sizeof t2) - 20; u ++) {
+ memcpy(t1, t2, sizeof t2);
+ t1[u] ^= 0x01;
+ if (!fpriv(t1, &RSA_SK)) {
+ fprintf(stderr, "RSA private key operation failed\n");
+ exit(EXIT_FAILURE);
+ }
+ if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
+ fprintf(stderr,
+ "Signature verification should have failed\n");
+ exit(EXIT_FAILURE);
+ }
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_RSA_i15(void)
+{
+ test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
+ test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
+ &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
+}
+
static void
test_RSA_i31(void)
{
test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
- /* FIXME
- test_RSA_sign("RSA i31 sign",
- &br_rsa_i31_pkcs1_vrfy, &br_rsa_i31_pkcs1_sign);
- */
+ test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
+ &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
}
static void
test_RSA_i32(void)
{
test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
- /* FIXME
- test_RSA_sign("RSA i32 sign",
- &br_rsa_i32_pkcs1_vrfy, &br_rsa_i32_pkcs1_sign);
- */
+ test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
+ &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
}
#if 0
};
static void
-test_GHASH(char *name, br_ghash gh)
+test_GHASH(const char *name, br_ghash gh)
{
size_t u;
fflush(stdout);
}
+static void
+test_EC_prime_i15(void)
+{
+ test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
+ (uint32_t)1 << BR_EC_secp256r1
+ | (uint32_t)1 << BR_EC_secp384r1
+ | (uint32_t)1 << BR_EC_secp521r1);
+}
+
static void
test_EC_prime_i31(void)
{
| (uint32_t)1 << BR_EC_secp521r1);
}
+static void
+test_EC_p256_i15(void)
+{
+ test_EC_KAT("EC_p256_i15", &br_ec_p256_i15,
+ (uint32_t)1 << BR_EC_secp256r1);
+}
+
static const unsigned char EC_P256_PUB_POINT[] = {
0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
};
static void
-test_ECDSA_KAT(br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
+test_ECDSA_KAT(const br_ec_impl *iec,
+ br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
{
size_t u;
sig_len = hextobin(sig, kv->sraw);
}
- if (vrfy(&br_ec_prime_i31, hash, hash_len,
+ if (vrfy(iec, hash, hash_len,
kv->pub, sig, sig_len) != 1)
{
fprintf(stderr, "ECDSA KAT verify failed (1)\n");
exit(EXIT_FAILURE);
}
hash[0] ^= 0x80;
- if (vrfy(&br_ec_prime_i31, hash, hash_len,
+ if (vrfy(iec, hash, hash_len,
kv->pub, sig, sig_len) != 0)
{
fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
exit(EXIT_FAILURE);
}
hash[0] ^= 0x80;
- if (vrfy(&br_ec_prime_i31, hash, hash_len,
+ if (vrfy(iec, hash, hash_len,
kv->pub, sig, sig_len) != 1)
{
fprintf(stderr, "ECDSA KAT verify failed (2)\n");
exit(EXIT_FAILURE);
}
- sig2_len = sign(&br_ec_prime_i31, kv->hf, hash, kv->priv, sig2);
+ sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
if (sig2_len == 0) {
fprintf(stderr, "ECDSA KAT sign failed\n");
exit(EXIT_FAILURE);
fflush(stdout);
printf("[raw]");
fflush(stdout);
- test_ECDSA_KAT(&br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
+ test_ECDSA_KAT(&br_ec_prime_i31,
+ &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
+ printf(" [asn1]");
+ fflush(stdout);
+ test_ECDSA_KAT(&br_ec_prime_i31,
+ &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_ECDSA_i15(void)
+{
+ printf("Test ECDSA/i15: ");
+ fflush(stdout);
+ printf("[raw]");
+ fflush(stdout);
+ test_ECDSA_KAT(&br_ec_prime_i15,
+ &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
printf(" [asn1]");
fflush(stdout);
- test_ECDSA_KAT(&br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
+ test_ECDSA_KAT(&br_ec_prime_i31,
+ &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
printf(" done.\n");
fflush(stdout);
}
static const struct {
void (*fn)(void);
- char *name;
+ const char *name;
} tfns[] = {
STU(MD5),
STU(SHA1),
STU(DES_ct),
STU(ChaCha20_ct),
STU(Poly1305_ctmul),
+ STU(RSA_i15),
STU(RSA_i31),
STU(RSA_i32),
STU(GHASH_ctmul),
STU(GHASH_ctmul32),
STU(GHASH_ctmul64),
+ STU(EC_prime_i15),
STU(EC_prime_i31),
+ STU(EC_p256_i15),
/* STU(EC_prime_i32), */
+ STU(ECDSA_i15),
STU(ECDSA_i31),
{ 0, 0 }
};