X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=test%2Ftest_crypto.c;h=b62ed3f3b7d72d836f4fabf3a144ca4f8331dc7b;hp=10faa9cb715a03bf657d9b53799174959242338c;hb=7fc1ef315f807170f63b0ad8255cf77314b50ca5;hpb=6dd8c51ba7e8ca106ede7ff58b5c507042bbf6eb diff --git a/test/test_crypto.c b/test/test_crypto.c index 10faa9c..b62ed3f 100644 --- a/test/test_crypto.c +++ b/test/test_crypto.c @@ -4113,11 +4113,13 @@ static const struct { }; static void -test_Poly1305_ctmul(void) +test_Poly1305_inner(const char *name, br_poly1305_run ipoly, + br_poly1305_run iref) { size_t u; + br_hmac_drbg_context rng; - printf("Test Poly1305_ctmul: "); + printf("Test %s: ", name); fflush(stdout); for (u = 0; KAT_POLY1305[u].skey; u ++) { @@ -4133,7 +4135,7 @@ test_Poly1305_ctmul(void) hextobin(tag, KAT_POLY1305[u].stag); memcpy(data, plain, len); - br_poly1305_ctmul_run(key, nonce, data, len, + ipoly(key, nonce, data, len, aad, aad_len, tmp, br_chacha20_ct_run, 1); if (memcmp(data, cipher, len) != 0) { fprintf(stderr, "ChaCha20+Poly1305 KAT failed (1)\n"); @@ -4143,7 +4145,7 @@ test_Poly1305_ctmul(void) fprintf(stderr, "ChaCha20+Poly1305 KAT failed (2)\n"); exit(EXIT_FAILURE); } - br_poly1305_ctmul_run(key, nonce, data, len, + ipoly(key, nonce, data, len, aad, aad_len, tmp, br_chacha20_ct_run, 0); if (memcmp(data, plain, len) != 0) { fprintf(stderr, "ChaCha20+Poly1305 KAT failed (3)\n"); @@ -4158,10 +4160,66 @@ test_Poly1305_ctmul(void) fflush(stdout); } + printf(" "); + fflush(stdout); + + /* + * We compare the "ipoly" and "iref" implementations together on + * a bunch of pseudo-random messages. + */ + br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17); + for (u = 0; u < 100; u ++) { + unsigned char plain[100], aad[100], tmp[100]; + unsigned char key[32], iv[12], tag1[16], tag2[16]; + + br_hmac_drbg_generate(&rng, key, sizeof key); + br_hmac_drbg_generate(&rng, iv, sizeof iv); + br_hmac_drbg_generate(&rng, plain, u); + br_hmac_drbg_generate(&rng, aad, u); + memcpy(tmp, plain, u); + memset(tmp + u, 0xFF, (sizeof tmp) - u); + ipoly(key, iv, tmp, u, aad, u, tag1, + &br_chacha20_ct_run, 1); + memset(tmp + u, 0x00, (sizeof tmp) - u); + iref(key, iv, tmp, u, aad, u, tag2, + &br_chacha20_ct_run, 0); + if (memcmp(tmp, plain, u) != 0) { + fprintf(stderr, "cross enc/dec failed\n"); + exit(EXIT_FAILURE); + } + if (memcmp(tag1, tag2, sizeof tag1) != 0) { + fprintf(stderr, "cross MAC failed\n"); + exit(EXIT_FAILURE); + } + printf("."); + fflush(stdout); + } + printf(" done.\n"); fflush(stdout); } +static void +test_Poly1305_ctmul(void) +{ + test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run, + &br_poly1305_i15_run); +} + +static void +test_Poly1305_ctmul32(void) +{ + test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run, + &br_poly1305_i15_run); +} + +static void +test_Poly1305_i15(void) +{ + test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run, + &br_poly1305_ctmul_run); +} + /* * A 1024-bit RSA key, generated with OpenSSL. */ @@ -4367,6 +4425,14 @@ test_RSA_sign(const char *name, br_rsa_private fpriv, fflush(stdout); } +static void +test_RSA_i15(void) +{ + test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private); + test_RSA_sign("RSA i15 sign", &br_rsa_i15_private, + &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy); +} + static void test_RSA_i31(void) { @@ -4813,6 +4879,15 @@ test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask) fflush(stdout); } +static void +test_EC_prime_i15(void) +{ + test_EC_KAT("EC_prime_i15", &br_ec_prime_i15, + (uint32_t)1 << BR_EC_secp256r1 + | (uint32_t)1 << BR_EC_secp384r1 + | (uint32_t)1 << BR_EC_secp521r1); +} + static void test_EC_prime_i31(void) { @@ -5201,7 +5276,8 @@ const ecdsa_kat_vector ECDSA_KAT[] = { }; static void -test_ECDSA_KAT(br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1) +test_ECDSA_KAT(const br_ec_impl *iec, + br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1) { size_t u; @@ -5228,28 +5304,28 @@ test_ECDSA_KAT(br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1) sig_len = hextobin(sig, kv->sraw); } - if (vrfy(&br_ec_prime_i31, hash, hash_len, + if (vrfy(iec, hash, hash_len, kv->pub, sig, sig_len) != 1) { fprintf(stderr, "ECDSA KAT verify failed (1)\n"); exit(EXIT_FAILURE); } hash[0] ^= 0x80; - if (vrfy(&br_ec_prime_i31, hash, hash_len, + if (vrfy(iec, hash, hash_len, kv->pub, sig, sig_len) != 0) { fprintf(stderr, "ECDSA KAT verify shoud have failed\n"); exit(EXIT_FAILURE); } hash[0] ^= 0x80; - if (vrfy(&br_ec_prime_i31, hash, hash_len, + if (vrfy(iec, hash, hash_len, kv->pub, sig, sig_len) != 1) { fprintf(stderr, "ECDSA KAT verify failed (2)\n"); exit(EXIT_FAILURE); } - sig2_len = sign(&br_ec_prime_i31, kv->hf, hash, kv->priv, sig2); + sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2); if (sig2_len == 0) { fprintf(stderr, "ECDSA KAT sign failed\n"); exit(EXIT_FAILURE); @@ -5271,10 +5347,29 @@ test_ECDSA_i31(void) fflush(stdout); printf("[raw]"); fflush(stdout); - test_ECDSA_KAT(&br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0); + test_ECDSA_KAT(&br_ec_prime_i31, + &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0); + printf(" [asn1]"); + fflush(stdout); + test_ECDSA_KAT(&br_ec_prime_i31, + &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1); + printf(" done.\n"); + fflush(stdout); +} + +static void +test_ECDSA_i15(void) +{ + printf("Test ECDSA/i15: "); + fflush(stdout); + printf("[raw]"); + fflush(stdout); + test_ECDSA_KAT(&br_ec_prime_i15, + &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0); printf(" [asn1]"); fflush(stdout); - test_ECDSA_KAT(&br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1); + test_ECDSA_KAT(&br_ec_prime_i31, + &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1); printf(" done.\n"); fflush(stdout); } @@ -5343,14 +5438,19 @@ static const struct { STU(DES_ct), STU(ChaCha20_ct), STU(Poly1305_ctmul), + STU(Poly1305_ctmul32), + STU(Poly1305_i15), + STU(RSA_i15), STU(RSA_i31), STU(RSA_i32), STU(GHASH_ctmul), STU(GHASH_ctmul32), STU(GHASH_ctmul64), + STU(EC_prime_i15), STU(EC_prime_i31), STU(EC_p256_i15), /* STU(EC_prime_i32), */ + STU(ECDSA_i15), STU(ECDSA_i31), { 0, 0 } };