Mercurial > dropbear

comparison libtomcrypt/tests/ecc_test.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include <tomcrypt_test.h>
10
11 #if defined(LTC_MECC) && defined(LTC_TEST_MPI)
12
13 static unsigned int sizes[] = {
14 #ifdef LTC_ECC112
15 14,
16 #endif
17 #ifdef LTC_ECC128
18 16,
19 #endif
20 #ifdef LTC_ECC160
21 20,
22 #endif
23 #ifdef LTC_ECC192
24 24,
25 #endif
26 #ifdef LTC_ECC224
27 28,
28 #endif
29 #ifdef LTC_ECC256
30 32,
31 #endif
32 #ifdef LTC_ECC384
33 48,
34 #endif
35 #ifdef LTC_ECC521
36 65
37 #endif
38 };
39
40 #ifdef LTC_ECC_SHAMIR
41 int ecc_test_shamir(void)
42 {
43 void *modulus, *mp, *kA, *kB, *rA, *rB;
44 ecc_point *G, *A, *B, *C1, *C2;
45 int x, y, z;
46 unsigned char buf[ECC_BUF_SIZE];
47
48 DO(mp_init_multi(&kA, &kB, &rA, &rB, &modulus, NULL));
49 LTC_ARGCHK((G = ltc_ecc_new_point()) != NULL);
50 LTC_ARGCHK((A = ltc_ecc_new_point()) != NULL);
51 LTC_ARGCHK((B = ltc_ecc_new_point()) != NULL);
52 LTC_ARGCHK((C1 = ltc_ecc_new_point()) != NULL);
53 LTC_ARGCHK((C2 = ltc_ecc_new_point()) != NULL);
54
55 for (x = 0; x < (int)(sizeof(sizes)/sizeof(sizes[0])); x++) {
56 /* get the base point */
57 for (z = 0; ltc_ecc_sets[z].name; z++) {
58 if (sizes[z] < (unsigned int)ltc_ecc_sets[z].size) break;
59 }
60 LTC_ARGCHK(ltc_ecc_sets[z].name != NULL);
61
62 /* load it */
63 DO(mp_read_radix(G->x, ltc_ecc_sets[z].Gx, 16));
64 DO(mp_read_radix(G->y, ltc_ecc_sets[z].Gy, 16));
65 DO(mp_set(G->z, 1));
66 DO(mp_read_radix(modulus, ltc_ecc_sets[z].prime, 16));
67 DO(mp_montgomery_setup(modulus, &mp));
68
69 /* do 100 random tests */
70 for (y = 0; y < 100; y++) {
71 /* pick a random r1, r2 */
72 LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
73 DO(mp_read_unsigned_bin(rA, buf, sizes[x]));
74 LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
75 DO(mp_read_unsigned_bin(rB, buf, sizes[x]));
76
77 /* compute rA * G = A */
78 DO(ltc_mp.ecc_ptmul(rA, G, A, modulus, 1));
79
80 /* compute rB * G = B */
81 DO(ltc_mp.ecc_ptmul(rB, G, B, modulus, 1));
82
83 /* pick a random kA, kB */
84 LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
85 DO(mp_read_unsigned_bin(kA, buf, sizes[x]));
86 LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
87 DO(mp_read_unsigned_bin(kB, buf, sizes[x]));
88
89 /* now, compute kA*A + kB*B = C1 using the older method */
90 DO(ltc_mp.ecc_ptmul(kA, A, C1, modulus, 0));
91 DO(ltc_mp.ecc_ptmul(kB, B, C2, modulus, 0));
92 DO(ltc_mp.ecc_ptadd(C1, C2, C1, modulus, mp));
93 DO(ltc_mp.ecc_map(C1, modulus, mp));
94
95 /* now compute using mul2add */
96 DO(ltc_mp.ecc_mul2add(A, kA, B, kB, C2, modulus));
97
98 /* is they the sames? */
99 if ((mp_cmp(C1->x, C2->x) != LTC_MP_EQ) || (mp_cmp(C1->y, C2->y) != LTC_MP_EQ) || (mp_cmp(C1->z, C2->z) != LTC_MP_EQ)) {
100 fprintf(stderr, "ECC failed shamir test: size=%d, testno=%d\n", sizes[x], y);
101 return 1;
102 }
103 }
104 mp_montgomery_free(mp);
105 }
106 ltc_ecc_del_point(C2);
107 ltc_ecc_del_point(C1);
108 ltc_ecc_del_point(B);
109 ltc_ecc_del_point(A);
110 ltc_ecc_del_point(G);
111 mp_clear_multi(kA, kB, rA, rB, modulus, NULL);
112 return 0;
113 }
114 #endif
115
116 int ecc_tests (void)
117 {
118 unsigned char buf[4][4096], ch;
119 unsigned long x, y, z, s;
120 int stat, stat2;
121 ecc_key usera, userb, pubKey, privKey;
122
123 DO(ecc_test ());
124
125 for (s = 0; s < (sizeof(sizes)/sizeof(sizes[0])); s++) {
126 /* make up two keys */
127 DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
128 DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &userb));
129
130 /* make the shared secret */
131 x = sizeof(buf[0]);
132 DO(ecc_shared_secret (&usera, &userb, buf[0], &x));
133
134 y = sizeof(buf[1]);
135 DO(ecc_shared_secret (&userb, &usera, buf[1], &y));
136
137 if (y != x) {
138 fprintf(stderr, "ecc Shared keys are not same size.");
139 return 1;
140 }
141
142 if (memcmp (buf[0], buf[1], x)) {
143 fprintf(stderr, "ecc Shared keys not same contents.");
144 return 1;
145 }
146
147 /* now export userb */
148 y = sizeof(buf[0]);
149 DO(ecc_export (buf[1], &y, PK_PUBLIC, &userb));
150 ecc_free (&userb);
151
152 /* import and make the shared secret again */
153 DO(ecc_import (buf[1], y, &userb));
154
155 z = sizeof(buf[0]);
156 DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
157
158 if (z != x) {
159 fprintf(stderr, "failed. Size don't match?");
160 return 1;
161 }
162 if (memcmp (buf[0], buf[2], x)) {
163 fprintf(stderr, "Failed. Contents didn't match.");
164 return 1;
165 }
166
167 /* export with ANSI X9.63 */
168 y = sizeof(buf[1]);
169 DO(ecc_ansi_x963_export(&userb, buf[1], &y));
170 ecc_free (&userb);
171
172 /* now import the ANSI key */
173 DO(ecc_ansi_x963_import(buf[1], y, &userb));
174
175 /* shared secret */
176 z = sizeof(buf[0]);
177 DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
178
179 if (z != x) {
180 fprintf(stderr, "failed. Size don't match?");
181 return 1;
182 }
183 if (memcmp (buf[0], buf[2], x)) {
184 fprintf(stderr, "Failed. Contents didn't match.");
185 return 1;
186 }
187
188 ecc_free (&usera);
189 ecc_free (&userb);
190
191 /* test encrypt_key */
192 DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
193
194 /* export key */
195 x = sizeof(buf[0]);
196 DO(ecc_export(buf[0], &x, PK_PUBLIC, &usera));
197 DO(ecc_import(buf[0], x, &pubKey));
198 x = sizeof(buf[0]);
199 DO(ecc_export(buf[0], &x, PK_PRIVATE, &usera));
200 DO(ecc_import(buf[0], x, &privKey));
201
202 for (ch = 0; ch < 32; ch++) {
203 buf[0][ch] = ch;
204 }
205 y = sizeof (buf[1]);
206 DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &yarrow_prng, find_prng ("yarrow"), find_hash ("sha256"), &pubKey));
207 zeromem (buf[0], sizeof (buf[0]));
208 x = sizeof (buf[0]);
209 DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey));
210 if (x != 32) {
211 fprintf(stderr, "Failed (length)");
212 return 1;
213 }
214 for (ch = 0; ch < 32; ch++) {
215 if (buf[0][ch] != ch) {
216 fprintf(stderr, "Failed (contents)");
217 return 1;
218 }
219 }
220 /* test sign_hash */
221 for (ch = 0; ch < 16; ch++) {
222 buf[0][ch] = ch;
223 }
224 x = sizeof (buf[1]);
225 DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey));
226 DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey));
227 buf[0][0] ^= 1;
228 DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey));
229 if (!(stat == 1 && stat2 == 0)) {
230 fprintf(stderr, "ecc_verify_hash failed %d, %d, ", stat, stat2);
231 return 1;
232 }
233 /* test sign_hash_rfc7518 */
234 for (ch = 0; ch < 16; ch++) {
235 buf[0][ch] = ch;
236 }
237 x = sizeof (buf[1]);
238 DO(ecc_sign_hash_rfc7518(buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey));
239 DO(ecc_verify_hash_rfc7518(buf[1], x, buf[0], 16, &stat, &pubKey));
240 buf[0][0] ^= 1;
241 DO(ecc_verify_hash_rfc7518(buf[1], x, buf[0], 16, &stat2, &privKey));
242 if (!(stat == 1 && stat2 == 0)) {
243 fprintf(stderr, "ecc_verify_hash_rfc7518 failed %d, %d, ", stat, stat2);
244 return 1;
245 }
246 ecc_free (&usera);
247 ecc_free (&pubKey);
248 ecc_free (&privKey);
249 }
250 #ifdef LTC_ECC_SHAMIR
251 return ecc_test_shamir();
252 #else
253 return 0;
254 #endif
255 }
256
257 #else
258
259 int ecc_tests(void)
260 {
261 return CRYPT_NOP;
262 }
263
264 #endif
265
266 /* ref: $Format:%D$ */
267 /* git commit: $Format:%H$ */
268 /* commit time: $Format:%ai$ */