1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
|
#ifndef NETTLE_TESTUTILS_H_INCLUDED
#define NETTLE_TESTUTILS_H_INCLUDED
/* config.h should usually be first in each .c file. This is an
exception, include it here to reduce clutter in the test cases. */
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "nettle-types.h"
#include "version.h"
#if WITH_HOGWEED
# include "rsa.h"
# include "dsa-compat.h"
# include "ecc-curve.h"
# include "ecc.h"
# include "ecc-internal.h"
# include "ecdsa.h"
# include "gmp-glue.h"
# if NETTLE_USE_MINI_GMP
# include "knuth-lfib.h"
# endif
/* Undo dsa-compat name mangling */
#undef dsa_generate_keypair
#define dsa_generate_keypair nettle_dsa_generate_keypair
#else /* !WITH_HOGWEED */
/* Make sure either gmp or mini-gmp is available for tests. */
#include "mini-gmp.h"
#endif /* !WITH_HOGWEED */
#include "nettle-meta.h"
#ifdef __cplusplus
extern "C" {
#endif
void
die(const char *format, ...) PRINTF_STYLE (1, 2) NORETURN;
void *
xalloc(size_t size);
struct tstring {
struct tstring *next;
size_t length;
uint8_t data[1];
};
struct tstring *
tstring_alloc (size_t length);
void
tstring_clear(void);
struct tstring *
tstring_data(size_t length, const uint8_t *data);
struct tstring *
tstring_hex(const char *hex);
void
tstring_print_hex(const struct tstring *s);
/* Decodes a NUL-terminated hex string. */
void
print_hex(size_t length, const uint8_t *data);
/* If side-channel tests are requested, attach valgrind annotations on
given memory area. */
void
mark_bytes_undefined (size_t size, const void *p);
void
mark_bytes_defined (size_t size, const void *p);
/* The main program */
void
test_main(void);
extern int verbose;
extern int test_side_channel;
typedef void
nettle_encrypt_message_func(void *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src);
typedef int
nettle_decrypt_message_func(void *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t mlength, uint8_t *dst, const uint8_t *src);
struct nettle_aead_message
{
const char *name;
unsigned context_size;
unsigned key_size;
unsigned digest_size;
int supports_inplace;
nettle_set_key_func *set_encrypt_key;
nettle_set_key_func *set_decrypt_key;
nettle_encrypt_message_func *encrypt;
nettle_decrypt_message_func *decrypt;
};
struct nettle_xof {
const char *name;
unsigned context_size;
unsigned block_size;
nettle_hash_init_func *init;
nettle_hash_update_func *update;
nettle_hash_digest_func *digest;
nettle_hash_digest_func *output;
};
void
test_cipher(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext);
void
test_cipher_cbc(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iv);
void
test_cipher_cfb(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iv);
void
test_cipher_cfb8(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iv);
void
test_cipher_ctr(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *iv);
void
test_cipher_stream(const struct nettle_cipher *cipher,
const struct tstring *key,
const struct tstring *cleartext,
const struct tstring *ciphertext);
void
test_aead(const struct nettle_aead *aead,
nettle_hash_update_func *set_nonce,
const struct tstring *key,
const struct tstring *authtext,
const struct tstring *cleartext,
const struct tstring *ciphertext,
const struct tstring *nonce,
const struct tstring *digest);
void
test_aead_message(const struct nettle_aead_message *aead,
const struct tstring *key,
const struct tstring *adata,
const struct tstring *nonce,
const struct tstring *clear,
const struct tstring *cipher);
void
test_hash(const struct nettle_hash *hash,
const struct tstring *msg,
const struct tstring *digest);
void
test_hash_large(const struct nettle_hash *hash,
size_t count, size_t length,
uint8_t c,
const struct tstring *digest);
void
test_xof (const struct nettle_xof *xof,
const struct tstring *msg,
const struct tstring *digest);
void
test_mac(const struct nettle_mac *mac,
nettle_hash_update_func *set_key,
const struct tstring *key,
const struct tstring *msg,
const struct tstring *digest);
void
test_armor(const struct nettle_armor *armor,
size_t data_length,
const uint8_t *data,
const char *ascii);
#if WITH_HOGWEED
#if NETTLE_USE_MINI_GMP
typedef struct knuth_lfib_ctx gmp_randstate_t[1];
void gmp_randinit_default (struct knuth_lfib_ctx *ctx);
#define gmp_randclear(state)
void mpz_urandomb (mpz_t r, struct knuth_lfib_ctx *ctx, mp_bitcnt_t bits);
void mpz_urandomm (mpz_t r, struct knuth_lfib_ctx *ctx, const mpz_t n);
/* This is cheating */
#define mpz_rrandomb mpz_urandomb
#define mpz_rrandomm mpz_urandomm
static inline int
test_randomize (gmp_randstate_t rands UNUSED) { return 0; }
#else /* !NETTLE_USE_MINI_GMP */
int
test_randomize (gmp_randstate_t rands);
#endif /* !NETTLE_USE_MINI_GMP */
void
mpn_out_str (FILE *f, int base, const mp_limb_t *xp, mp_size_t xn);
mp_limb_t *
xalloc_limbs (mp_size_t n);
void
write_mpn (FILE *f, int base, const mp_limb_t *xp, mp_size_t n);
void
test_rsa_set_key_1(struct rsa_public_key *pub,
struct rsa_private_key *key);
void
test_rsa_set_key_2(struct rsa_public_key *pub,
struct rsa_private_key *key);
void
test_rsa_md5(struct rsa_public_key *pub,
struct rsa_private_key *key,
mpz_t expected);
void
test_rsa_sha1(struct rsa_public_key *pub,
struct rsa_private_key *key,
mpz_t expected);
void
test_rsa_sha256(struct rsa_public_key *pub,
struct rsa_private_key *key,
mpz_t expected);
void
test_rsa_sha512(struct rsa_public_key *pub,
struct rsa_private_key *key,
mpz_t expected);
void
test_rsa_key(struct rsa_public_key *pub,
struct rsa_private_key *key);
void
test_dsa160(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
const struct dsa_signature *expected);
void
test_dsa256(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
const struct dsa_signature *expected);
#if 0
void
test_dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
const struct nettle_hash *hash,
const struct dsa_signature *expected);
#endif
void
test_dsa_verify(const struct dsa_params *params,
const mpz_t pub,
const struct nettle_hash *hash,
struct tstring *msg,
const struct dsa_signature *ref);
void
test_dsa_key(const struct dsa_params *params,
const mpz_t pub,
const mpz_t key,
unsigned q_size);
extern const struct ecc_curve * const ecc_curves[];
/* Check that given point satisfyes curve equation. */
int
test_ecc_point_valid_p (struct ecc_point *pub);
struct ecc_ref_point
{
const char *x;
const char *y;
};
void
test_ecc_point (const struct ecc_curve *ecc,
const struct ecc_ref_point *ref,
const mp_limb_t *p);
void
test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p);
void
test_ecc_mul_h (unsigned curve, unsigned n, const mp_limb_t *p);
/* Checks that p == g (affine coordinates) */
void
test_ecc_ga (unsigned curve, const mp_limb_t *p);
/* Gets the curve generator, with coordinates in redc form, if
appropriate, and with an appended z = 1 coordinate. */
void
test_ecc_get_g (unsigned curve, mp_limb_t *rp);
/* Variant with only two coordinates, and no redc. */
void
test_ecc_get_ga (unsigned curve, mp_limb_t *rp);
#endif /* WITH_HOGWEED */
/* String literal of type unsigned char. The GNUC version is safer. */
#if __GNUC__
#define US(s) ({ static const unsigned char us_s[] = s; us_s; })
#else
#define US(s) ((const uint8_t *) (s))
#endif
/* LDATA needs to handle NUL characters. */
#define LLENGTH(x) (sizeof(x) - 1)
#define LDATA(x) LLENGTH(x), US(x)
#define LDUP(x) strlen(x), strdup(x)
#define SHEX(x) (tstring_hex(x))
#define SDATA(x) ((const struct tstring *)tstring_data(LLENGTH(x), US(x)))
#define H(x) (SHEX(x)->data)
#define MEMEQ(length, a, b) (!memcmp((a), (b), (length)))
#define FAIL() abort()
#define SKIP() exit(77)
#define ASSERT(x) do { \
if (!(x)) \
{ \
fprintf(stderr, "Assert failed: %s:%d: %s\n", \
__FILE__, __LINE__, #x); \
FAIL(); \
} \
} while(0)
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_TESTUTILS_H_INCLUDED */
|
