Mercurial > dropbear
view libtomcrypt/tests/multi_test.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ /* test the multi helpers... */ #include <tomcrypt_test.h> int multi_test(void) { unsigned char key[32] = { 0 }; unsigned char buf[2][MAXBLOCKSIZE]; unsigned long len, len2; /* register algos */ register_hash(&sha256_desc); register_cipher(&aes_desc); /* HASH testing */ len = sizeof(buf[0]); hash_memory(find_hash("sha256"), (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL, 0); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #ifdef LTC_HMAC len = sizeof(buf[0]); hmac_memory(find_hash("sha256"), key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_OMAC len = sizeof(buf[0]); omac_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_PMAC len = sizeof(buf[0]); pmac_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_XCBC len = sizeof(buf[0]); xcbc_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); xcbc_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); xcbc_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); xcbc_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_F9 len = sizeof(buf[0]); f9_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); f9_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); f9_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); f9_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_PELICAN /* TODO: there is no pelican_memory_multi(..) */ #endif #ifdef LTC_POLY1305 len = sizeof(buf[0]); poly1305_memory(key, 32, (unsigned char*)"hello", 5, buf[0], &len); len2 = sizeof(buf[0]); poly1305_memory_multi(key, 32, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); poly1305_memory_multi(key, 32, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = sizeof(buf[0]); poly1305_memory_multi(key, 32, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_BLAKE2SMAC len = 32; blake2smac_memory(key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = 32; blake2smac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = 32; blake2smac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = 32; blake2smac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif #ifdef LTC_BLAKE2BMAC len = 64; blake2bmac_memory(key, 16, (unsigned char*)"hello", 5, buf[0], &len); len2 = 64; blake2bmac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = 64; blake2bmac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } len2 = 64; blake2bmac_memory_multi(key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL); if (len != len2 || memcmp(buf[0], buf[1], len)) { printf("Failed: %d %lu %lu\n", __LINE__, len, len2); return CRYPT_FAIL_TESTVECTOR; } #endif return CRYPT_OK; } /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */