comparison libtomcrypt/tests/dh_test.c @ 1471:6dba84798cd5

Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include <tomcrypt_test.h>
10
11 #if defined(LTC_MDH) && defined(LTC_TEST_MPI)
12
13 #ifdef LTC_DH4096
14 #define KEYSIZE 4096
15 #else
16 #define KEYSIZE 2048
17 #endif
18
19 static int _prime_test(void)
20 {
21 void *p, *g, *tmp;
22 int x, err, primality;
23
24 if ((err = mp_init_multi(&p, &g, &tmp, NULL)) != CRYPT_OK) { goto error; }
25
26 for (x = 0; ltc_dh_sets[x].size != 0; x++) {
27 if ((err = mp_read_radix(g, ltc_dh_sets[x].base, 16)) != CRYPT_OK) { goto error; }
28 if ((err = mp_read_radix(p, ltc_dh_sets[x].prime, 16)) != CRYPT_OK) { goto error; }
29
30 /* ensure p is prime */
31 if ((err = mp_prime_is_prime(p, 8, &primality)) != CRYPT_OK) { goto done; }
32 if (primality != LTC_MP_YES ) {
33 err = CRYPT_FAIL_TESTVECTOR;
34 goto done;
35 }
36
37 if ((err = mp_sub_d(p, 1, tmp)) != CRYPT_OK) { goto error; }
38 if ((err = mp_div_2(tmp, tmp)) != CRYPT_OK) { goto error; }
39
40 /* ensure (p-1)/2 is prime */
41 if ((err = mp_prime_is_prime(tmp, 8, &primality)) != CRYPT_OK) { goto done; }
42 if (primality == 0) {
43 err = CRYPT_FAIL_TESTVECTOR;
44 goto done;
45 }
46
47 /* now see if g^((p-1)/2) mod p is in fact 1 */
48 if ((err = mp_exptmod(g, tmp, p, tmp)) != CRYPT_OK) { goto error; }
49 if (mp_cmp_d(tmp, 1)) {
50 err = CRYPT_FAIL_TESTVECTOR;
51 goto done;
52 }
53 }
54 err = CRYPT_OK;
55 error:
56 done:
57 mp_clear_multi(tmp, g, p, NULL);
58 return err;
59 }
60
61 static int _dhparam_test(void)
62 {
63 dh_key k;
64 unsigned char buf[1024];
65 /* generated by: openssl dhparam -outform der -out dhparam.der 2048 */
66 unsigned char dhparam_der[] = {
67 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xae, 0xfe, 0x78, 0xce, 0x80, 0xd5, 0xd7,
68 0x8e, 0xcc, 0x4f, 0x0c, 0x1b, 0xb0, 0x95, 0x10, 0xe1, 0x41, 0x15, 0x53, 0x4d, 0x0e, 0x68, 0xb0,
69 0xf8, 0x5a, 0x41, 0x0e, 0x65, 0x2f, 0x9f, 0xac, 0x9c, 0x30, 0xb0, 0x76, 0xec, 0x02, 0xe9, 0x43,
70 0x55, 0x08, 0xb4, 0x20, 0x60, 0xd9, 0x52, 0xda, 0x2d, 0xab, 0x9a, 0xba, 0xe6, 0xcf, 0x11, 0xa7,
71 0x00, 0x44, 0xc2, 0x5e, 0xd1, 0xba, 0x9b, 0xaa, 0xfe, 0x03, 0xdd, 0xdc, 0xef, 0x41, 0x89, 0x9c,
72 0xac, 0x64, 0x13, 0xd9, 0x6a, 0x8a, 0x55, 0xa0, 0x5b, 0xff, 0x12, 0x92, 0x37, 0x52, 0x6a, 0x91,
73 0xa4, 0x6e, 0x9e, 0x61, 0xb7, 0xfe, 0xb0, 0x17, 0x8e, 0x67, 0x0f, 0x88, 0x46, 0xa7, 0x9e, 0xb1,
74 0xdb, 0x68, 0x77, 0x70, 0xb5, 0x77, 0xf2, 0x7e, 0x33, 0xb1, 0x3e, 0x10, 0xc4, 0x63, 0x36, 0xd0,
75 0x13, 0x27, 0xd3, 0x29, 0xc3, 0xb6, 0x5d, 0xf6, 0x5d, 0xa7, 0xd8, 0x25, 0x5c, 0x0b, 0x65, 0x99,
76 0xfa, 0xf9, 0x5f, 0x1d, 0xee, 0xd1, 0x86, 0x64, 0x7c, 0x44, 0xcb, 0xa0, 0x12, 0x52, 0x4c, 0xd4,
77 0x46, 0x81, 0xae, 0x07, 0xdb, 0xc7, 0x13, 0x29, 0xce, 0x9b, 0xcf, 0x1c, 0x06, 0xd2, 0x0f, 0x2d,
78 0xbb, 0x12, 0x33, 0xb9, 0xb1, 0x0f, 0x67, 0x5d, 0x3f, 0x0c, 0xe4, 0xfa, 0x67, 0x26, 0xe2, 0x89,
79 0xa2, 0xd5, 0x66, 0x29, 0x1c, 0xe2, 0x8e, 0xbb, 0x7b, 0xcb, 0xcc, 0x70, 0x7e, 0x4f, 0x0e, 0xd3,
80 0x5d, 0x64, 0x64, 0x1b, 0x27, 0xbb, 0xda, 0xa9, 0x08, 0x2b, 0x62, 0xd4, 0xca, 0xc3, 0x3a, 0x23,
81 0x39, 0x58, 0x57, 0xaf, 0x7b, 0x8b, 0x0c, 0x5b, 0x2e, 0xfc, 0x42, 0x57, 0x59, 0x39, 0x2e, 0x6d,
82 0x39, 0x97, 0xdb, 0x5b, 0x5c, 0xb9, 0x59, 0x71, 0x42, 0xf3, 0xcd, 0xea, 0xda, 0x86, 0x54, 0x86,
83 0x61, 0x8d, 0x93, 0x66, 0xc7, 0x65, 0xd1, 0x98, 0xcb, 0x02, 0x01, 0x02
84 };
85 /* text dump: openssl dh -inform DER -in dhparam.der -text
86 DH Parameters: (2048 bit)
87 prime:
88 00:ae:fe:78:ce:80:d5:d7:8e:cc:4f:0c:1b:b0:95:
89 10:e1:41:15:53:4d:0e:68:b0:f8:5a:41:0e:65:2f:
90 9f:ac:9c:30:b0:76:ec:02:e9:43:55:08:b4:20:60:
91 d9:52:da:2d:ab:9a:ba:e6:cf:11:a7:00:44:c2:5e:
92 d1:ba:9b:aa:fe:03:dd:dc:ef:41:89:9c:ac:64:13:
93 d9:6a:8a:55:a0:5b:ff:12:92:37:52:6a:91:a4:6e:
94 9e:61:b7:fe:b0:17:8e:67:0f:88:46:a7:9e:b1:db:
95 68:77:70:b5:77:f2:7e:33:b1:3e:10:c4:63:36:d0:
96 13:27:d3:29:c3:b6:5d:f6:5d:a7:d8:25:5c:0b:65:
97 99:fa:f9:5f:1d:ee:d1:86:64:7c:44:cb:a0:12:52:
98 4c:d4:46:81:ae:07:db:c7:13:29:ce:9b:cf:1c:06:
99 d2:0f:2d:bb:12:33:b9:b1:0f:67:5d:3f:0c:e4:fa:
100 67:26:e2:89:a2:d5:66:29:1c:e2:8e:bb:7b:cb:cc:
101 70:7e:4f:0e:d3:5d:64:64:1b:27:bb:da:a9:08:2b:
102 62:d4:ca:c3:3a:23:39:58:57:af:7b:8b:0c:5b:2e:
103 fc:42:57:59:39:2e:6d:39:97:db:5b:5c:b9:59:71:
104 42:f3:cd:ea:da:86:54:86:61:8d:93:66:c7:65:d1:
105 98:cb
106 generator: 2 (0x2)
107 */
108 unsigned char prime[] = {
109 0xae, 0xfe, 0x78, 0xce, 0x80, 0xd5, 0xd7, 0x8e, 0xcc, 0x4f, 0x0c, 0x1b, 0xb0, 0x95,
110 0x10, 0xe1, 0x41, 0x15, 0x53, 0x4d, 0x0e, 0x68, 0xb0, 0xf8, 0x5a, 0x41, 0x0e, 0x65, 0x2f,
111 0x9f, 0xac, 0x9c, 0x30, 0xb0, 0x76, 0xec, 0x02, 0xe9, 0x43, 0x55, 0x08, 0xb4, 0x20, 0x60,
112 0xd9, 0x52, 0xda, 0x2d, 0xab, 0x9a, 0xba, 0xe6, 0xcf, 0x11, 0xa7, 0x00, 0x44, 0xc2, 0x5e,
113 0xd1, 0xba, 0x9b, 0xaa, 0xfe, 0x03, 0xdd, 0xdc, 0xef, 0x41, 0x89, 0x9c, 0xac, 0x64, 0x13,
114 0xd9, 0x6a, 0x8a, 0x55, 0xa0, 0x5b, 0xff, 0x12, 0x92, 0x37, 0x52, 0x6a, 0x91, 0xa4, 0x6e,
115 0x9e, 0x61, 0xb7, 0xfe, 0xb0, 0x17, 0x8e, 0x67, 0x0f, 0x88, 0x46, 0xa7, 0x9e, 0xb1, 0xdb,
116 0x68, 0x77, 0x70, 0xb5, 0x77, 0xf2, 0x7e, 0x33, 0xb1, 0x3e, 0x10, 0xc4, 0x63, 0x36, 0xd0,
117 0x13, 0x27, 0xd3, 0x29, 0xc3, 0xb6, 0x5d, 0xf6, 0x5d, 0xa7, 0xd8, 0x25, 0x5c, 0x0b, 0x65,
118 0x99, 0xfa, 0xf9, 0x5f, 0x1d, 0xee, 0xd1, 0x86, 0x64, 0x7c, 0x44, 0xcb, 0xa0, 0x12, 0x52,
119 0x4c, 0xd4, 0x46, 0x81, 0xae, 0x07, 0xdb, 0xc7, 0x13, 0x29, 0xce, 0x9b, 0xcf, 0x1c, 0x06,
120 0xd2, 0x0f, 0x2d, 0xbb, 0x12, 0x33, 0xb9, 0xb1, 0x0f, 0x67, 0x5d, 0x3f, 0x0c, 0xe4, 0xfa,
121 0x67, 0x26, 0xe2, 0x89, 0xa2, 0xd5, 0x66, 0x29, 0x1c, 0xe2, 0x8e, 0xbb, 0x7b, 0xcb, 0xcc,
122 0x70, 0x7e, 0x4f, 0x0e, 0xd3, 0x5d, 0x64, 0x64, 0x1b, 0x27, 0xbb, 0xda, 0xa9, 0x08, 0x2b,
123 0x62, 0xd4, 0xca, 0xc3, 0x3a, 0x23, 0x39, 0x58, 0x57, 0xaf, 0x7b, 0x8b, 0x0c, 0x5b, 0x2e,
124 0xfc, 0x42, 0x57, 0x59, 0x39, 0x2e, 0x6d, 0x39, 0x97, 0xdb, 0x5b, 0x5c, 0xb9, 0x59, 0x71,
125 0x42, 0xf3, 0xcd, 0xea, 0xda, 0x86, 0x54, 0x86, 0x61, 0x8d, 0x93, 0x66, 0xc7, 0x65, 0xd1,
126 0x98, 0xcb
127 };
128
129 DO(dh_set_pg_dhparam(dhparam_der, sizeof(dhparam_der), &k));
130 DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &k));
131 if (mp_unsigned_bin_size(k.prime) > sizeof(buf)) {
132 printf("dhparam_test: short buf\n");
133 dh_free(&k);
134 return CRYPT_ERROR;
135 }
136 DO(mp_to_unsigned_bin(k.prime, buf));
137 if (compare_testvector(buf, sizeof(prime), prime, sizeof(prime), "dhparam_test", 1)) {
138 printf("dhparam_test: prime mismatch\n");
139 dh_free(&k);
140 return CRYPT_ERROR;
141 }
142 if (mp_cmp_d(k.base, 2) != LTC_MP_EQ) {
143 printf("dhparam_test: base mismatch\n");
144 dh_free(&k);
145 return CRYPT_ERROR;
146 }
147 dh_free(&k);
148 return CRYPT_OK;
149 }
150
151 static int _set_test(void)
152 {
153 dh_key k1, k2, k3;
154 unsigned char buf[4096];
155 unsigned long len;
156 int i;
157 unsigned char gbin[] = { 0x02 };
158 unsigned char pbin[] = {
159 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
160 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
161 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
162 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
163 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
164 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
165 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
166 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
167 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
168 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
169 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
170 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
171 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
172 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
173 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
174 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
175 };
176 unsigned char xbin[] = {
177 0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE, 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C,
178 0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98, 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F,
179 0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1
180 };
181 unsigned char ybin[] = {
182 0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA, 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14,
183 0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3, 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07,
184 0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8, 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0,
185 0x3A, 0x57, 0x05, 0x31, 0x8D, 0x12, 0x97, 0x54, 0xCD, 0xF4, 0x00, 0x3A, 0x8C, 0x39, 0x92, 0x40,
186 0xFB, 0xB8, 0xF1, 0x62, 0x49, 0x0F, 0x6F, 0x0D, 0xC7, 0x0E, 0x41, 0x4B, 0x6F, 0xEE, 0x88, 0x08,
187 0x6A, 0xFA, 0xA4, 0x8E, 0x9F, 0x3A, 0x24, 0x8E, 0xDC, 0x09, 0x34, 0x52, 0x66, 0x3D, 0x34, 0xE0,
188 0xE8, 0x09, 0xD4, 0xF6, 0xBA, 0xDB, 0xB3, 0x6F, 0x80, 0xB6, 0x81, 0x3E, 0xBF, 0x7C, 0x32, 0x81,
189 0xB8, 0x62, 0x20, 0x9E, 0x56, 0x04, 0xBD, 0xEA, 0x8B, 0x8F, 0x5F, 0x7B, 0xFD, 0xC3, 0xEE, 0xB7,
190 0xAD, 0xB7, 0x30, 0x48, 0x28, 0x9B, 0xCE, 0xA0, 0xF5, 0xA5, 0xCD, 0xEE, 0x7D, 0xF9, 0x1C, 0xD1,
191 0xF0, 0xBA, 0x63, 0x2F, 0x06, 0xDB, 0xE9, 0xBA, 0x7E, 0xF0, 0x14, 0xB8, 0x4B, 0x02, 0xD4, 0x97,
192 0xCA, 0x7D, 0x0C, 0x60, 0xF7, 0x34, 0x75, 0x2A, 0x64, 0x9D, 0xA4, 0x96, 0x94, 0x6B, 0x4E, 0x53,
193 0x1B, 0x30, 0xD9, 0xF8, 0x2E, 0xDD, 0x85, 0x56, 0x36, 0xC0, 0xB0, 0xF2, 0xAE, 0x23, 0x2E, 0x41,
194 0x86, 0x45, 0x4E, 0x88, 0x87, 0xBB, 0x42, 0x3E, 0x32, 0xA5, 0xA2, 0x49, 0x5E, 0xAC, 0xBA, 0x99,
195 0x62, 0x0A, 0xCD, 0x03, 0xA3, 0x83, 0x45, 0xEB, 0xB6, 0x73, 0x5E, 0x62, 0x33, 0x0A, 0x8E, 0xE9,
196 0xAA, 0x6C, 0x83, 0x70, 0x41, 0x0F, 0x5C, 0xD4, 0x5A, 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B,
197 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C
198 };
199
200 struct {
201 int radix;
202 void* g; int glen;
203 void* p; int plen;
204 void* x; int xlen;
205 void* y; int ylen;
206 } test[1] = {
207 { 256, gbin, sizeof(gbin), pbin, sizeof(pbin), xbin, sizeof(xbin), ybin, sizeof(ybin) }
208 };
209
210 unsigned char export_private[] = {
211 0x30, 0x82, 0x01, 0x3A, 0x02, 0x01, 0x00, 0x03, 0x02, 0x07, 0x80, 0x02, 0x82, 0x01, 0x01, 0x00,
212 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
213 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
214 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
215 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
216 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
217 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
218 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
219 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
220 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
221 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
222 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
223 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
224 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
225 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
226 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
227 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
228 0x02, 0x01, 0x02, 0x02, 0x29, 0x00, 0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE,
229 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C, 0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98,
230 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F, 0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1
231 };
232 unsigned char export_public[] = {
233 0x30, 0x82, 0x02, 0x13, 0x02, 0x01, 0x00, 0x03, 0x02, 0x07, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
234 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
235 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
236 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
237 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
238 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
239 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
240 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
241 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
242 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
243 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
244 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
245 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
246 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
247 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
248 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
249 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
250 0x02, 0x01, 0x02, 0x02, 0x82, 0x01, 0x00, 0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA,
251 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14, 0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3,
252 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07, 0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8,
253 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0, 0x3A, 0x57, 0x05, 0x31, 0x8D, 0x12, 0x97, 0x54, 0xCD,
254 0xF4, 0x00, 0x3A, 0x8C, 0x39, 0x92, 0x40, 0xFB, 0xB8, 0xF1, 0x62, 0x49, 0x0F, 0x6F, 0x0D, 0xC7,
255 0x0E, 0x41, 0x4B, 0x6F, 0xEE, 0x88, 0x08, 0x6A, 0xFA, 0xA4, 0x8E, 0x9F, 0x3A, 0x24, 0x8E, 0xDC,
256 0x09, 0x34, 0x52, 0x66, 0x3D, 0x34, 0xE0, 0xE8, 0x09, 0xD4, 0xF6, 0xBA, 0xDB, 0xB3, 0x6F, 0x80,
257 0xB6, 0x81, 0x3E, 0xBF, 0x7C, 0x32, 0x81, 0xB8, 0x62, 0x20, 0x9E, 0x56, 0x04, 0xBD, 0xEA, 0x8B,
258 0x8F, 0x5F, 0x7B, 0xFD, 0xC3, 0xEE, 0xB7, 0xAD, 0xB7, 0x30, 0x48, 0x28, 0x9B, 0xCE, 0xA0, 0xF5,
259 0xA5, 0xCD, 0xEE, 0x7D, 0xF9, 0x1C, 0xD1, 0xF0, 0xBA, 0x63, 0x2F, 0x06, 0xDB, 0xE9, 0xBA, 0x7E,
260 0xF0, 0x14, 0xB8, 0x4B, 0x02, 0xD4, 0x97, 0xCA, 0x7D, 0x0C, 0x60, 0xF7, 0x34, 0x75, 0x2A, 0x64,
261 0x9D, 0xA4, 0x96, 0x94, 0x6B, 0x4E, 0x53, 0x1B, 0x30, 0xD9, 0xF8, 0x2E, 0xDD, 0x85, 0x56, 0x36,
262 0xC0, 0xB0, 0xF2, 0xAE, 0x23, 0x2E, 0x41, 0x86, 0x45, 0x4E, 0x88, 0x87, 0xBB, 0x42, 0x3E, 0x32,
263 0xA5, 0xA2, 0x49, 0x5E, 0xAC, 0xBA, 0x99, 0x62, 0x0A, 0xCD, 0x03, 0xA3, 0x83, 0x45, 0xEB, 0xB6,
264 0x73, 0x5E, 0x62, 0x33, 0x0A, 0x8E, 0xE9, 0xAA, 0x6C, 0x83, 0x70, 0x41, 0x0F, 0x5C, 0xD4, 0x5A,
265 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C,
266 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C
267 };
268
269 for (i = 0; i < 1; i++) {
270 DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1));
271 DO(dh_set_key(test[i].x, test[i].xlen, PK_PRIVATE, &k1));
272
273 len = sizeof(buf);
274 DO(dh_export(buf, &len, PK_PRIVATE, &k1));
275 if (compare_testvector(buf, len, export_private, sizeof(export_private), "radix_test", i*10 + 0)) {
276 printf("radix_test: dh_export+PK_PRIVATE mismatch\n");
277 dh_free(&k1);
278 return CRYPT_ERROR;
279 }
280 len = sizeof(buf);
281 DO(dh_export(buf, &len, PK_PUBLIC, &k1));
282 if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 1)) {
283 printf("radix_test: dh_export+PK_PUBLIC mismatch\n");
284 dh_free(&k1);
285 return CRYPT_ERROR;
286 }
287 len = sizeof(buf);
288 DO(dh_export_key(buf, &len, PK_PRIVATE, &k1));
289 if (compare_testvector(buf, len, xbin, sizeof(xbin), "radix_test", i*10 + 2)) {
290 printf("radix_test: dh_export+PK_PRIVATE mismatch\n");
291 dh_free(&k1);
292 return CRYPT_ERROR;
293 }
294 len = sizeof(buf);
295 DO(dh_export_key(buf, &len, PK_PUBLIC, &k1));
296 if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 3)) {
297 printf("radix_test: dh_export+PK_PUBLIC mismatch\n");
298 dh_free(&k1);
299 return CRYPT_ERROR;
300 }
301 dh_free(&k1);
302
303 DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1));
304 DO(dh_set_key(test[i].x, test[i].xlen, PK_PRIVATE, &k1));
305
306 len = sizeof(buf);
307 DO(dh_export(buf, &len, PK_PRIVATE, &k1));
308 if (compare_testvector(buf, len, export_private, sizeof(export_private), "radix_test", i*10 + 4)) {
309 printf("radix_test: dh_export+PK_PRIVATE mismatch\n");
310 dh_free(&k1);
311 return CRYPT_ERROR;
312 }
313 len = sizeof(buf);
314 DO(dh_export(buf, &len, PK_PUBLIC, &k1));
315 if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 5)) {
316 printf("radix_test: dh_export+PK_PUBLIC mismatch\n");
317 dh_free(&k1);
318 return CRYPT_ERROR;
319 }
320 dh_free(&k1);
321
322 DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k2));
323 DO(dh_set_key(test[i].y, test[i].ylen, PK_PUBLIC, &k2));
324
325 len = sizeof(buf);
326 DO(dh_export(buf, &len, PK_PUBLIC, &k2));
327 if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 6)) {
328 printf("radix_test: dh_export+PK_PUBLIC mismatch\n");
329 dh_free(&k2);
330 return CRYPT_ERROR;
331 }
332 len = sizeof(buf);
333 DO(dh_export_key(buf, &len, PK_PUBLIC, &k2));
334 if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 7)) {
335 printf("radix_test: dh_export+PK_PUBLIC mismatch\n");
336 dh_free(&k2);
337 return CRYPT_ERROR;
338 }
339 dh_free(&k2);
340
341 DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k3));
342 DO(dh_generate_key(&yarrow_prng, find_prng("yarrow"), &k3));
343
344 len = mp_unsigned_bin_size(k3.prime);
345 DO(mp_to_unsigned_bin(k3.prime, buf));
346 if (compare_testvector(buf, len, pbin, sizeof(pbin), "radix_test", i*10 + 8)) {
347 printf("radix_test: dh_make_key_ex prime mismatch\n");
348 dh_free(&k3);
349 return CRYPT_ERROR;
350 }
351 len = mp_unsigned_bin_size(k3.base);
352 DO(mp_to_unsigned_bin(k3.base, buf));
353 if (compare_testvector(buf, len, gbin, sizeof(gbin), "radix_test", i*10 + 9)) {
354 printf("radix_test: dh_make_key_ex base mismatch\n");
355 dh_free(&k3);
356 return CRYPT_ERROR;
357 }
358 dh_free(&k3);
359 }
360
361 return CRYPT_OK;
362 }
363
364 static int _basic_test(void)
365 {
366 unsigned char buf[3][4096];
367 unsigned long x, y, z;
368 int size;
369 dh_key usera, userb;
370
371 /* make up two keys */
372 DO(dh_set_pg_groupsize(KEYSIZE/8, &usera));
373 DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &usera));
374 DO(dh_set_pg_groupsize(KEYSIZE/8, &userb));
375 DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &userb));
376
377 /* make the shared secret */
378 x = KEYSIZE;
379 DO(dh_shared_secret (&usera, &userb, buf[0], &x));
380
381 y = KEYSIZE;
382 DO(dh_shared_secret (&userb, &usera, buf[1], &y));
383 if (y != x) {
384 fprintf(stderr, "DH Shared keys are not same size.\n");
385 dh_free (&usera);
386 dh_free (&userb);
387 return CRYPT_ERROR;
388 }
389 if (memcmp (buf[0], buf[1], x)) {
390 fprintf(stderr, "DH Shared keys not same contents.\n");
391 dh_free (&usera);
392 dh_free (&userb);
393 return CRYPT_ERROR;
394 }
395
396 /* now export userb */
397 y = KEYSIZE;
398 DO(dh_export (buf[1], &y, PK_PUBLIC, &userb));
399 dh_free (&userb);
400
401 /* import and make the shared secret again */
402 DO(dh_import (buf[1], y, &userb));
403 z = KEYSIZE;
404 DO(dh_shared_secret (&usera, &userb, buf[2], &z));
405
406 dh_free (&usera);
407 dh_free (&userb);
408
409 if (z != x) {
410 fprintf(stderr, "failed. Size don't match?\n");
411 return CRYPT_ERROR;
412 }
413 if (memcmp (buf[0], buf[2], x)) {
414 fprintf(stderr, "Failed. Content didn't match.\n");
415 return CRYPT_ERROR;
416 }
417
418 for (x = 0; ltc_dh_sets[x].size != 0; x++) {
419 DO(dh_set_pg_groupsize(ltc_dh_sets[x].size, &usera));
420 DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &usera));
421 size = dh_get_groupsize(&usera);
422 dh_free(&usera);
423 if (size != ltc_dh_sets[x].size) {
424 fprintf(stderr, "dh_groupsize mismatch %d %d\n", size, ltc_dh_sets[x].size);
425 return CRYPT_ERROR;
426 }
427 dh_free(&usera);
428 }
429
430 return CRYPT_OK;
431 }
432
433 int dh_test(void)
434 {
435 int fails = 0;
436 if (_prime_test() != CRYPT_OK) fails++;
437 if (_basic_test() != CRYPT_OK) fails++;
438 if (_dhparam_test() != CRYPT_OK) fails++;
439 if (_set_test() != CRYPT_OK) fails++;
440 return fails > 0 ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK;
441 }
442
443 #else
444
445 int dh_test(void)
446 {
447 return CRYPT_NOP;
448 }
449
450 #endif
451
452 /* ref: $Format:%D$ */
453 /* git commit: $Format:%H$ */
454 /* commit time: $Format:%ai$ */