X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fecdsa%2Fecdsatest.c;h=65f4870474ddef1171796a4c7ee20573da5bb271;hp=339f654516b7b6dfc2b7f576d6bed273cb058f27;hb=ac9c6e10a42ae993f5d23db35743d699e4b801a8;hpb=d8309efc72ea30da49800233896fef4e43c51ed5 diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 339f654516..65f4870474 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -1,4 +1,7 @@ /* crypto/ecdsa/ecdsatest.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -52,641 +55,441 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include -#include + +#include /* To see if OPENSSL_NO_ECDSA is defined */ + +#ifdef OPENSSL_NO_ECDSA +int main(int argc, char * argv[]) + { + puts("Elliptic curves are disabled."); + return 0; + } +#else + #include #include #include -#include #include #include #include -#ifdef CLOCKS_PER_SEC - /* "To determine the time in seconds, the value returned - * by the clock function should be divided by the value - * of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 */ -# define UNIT "s" -#else - /* "`CLOCKS_PER_SEC' undeclared (first use this function)" - * -- cc on NeXTstep/OpenStep */ -# define UNIT "units" -# define CLOCKS_PER_SEC 1 -#endif +static const char rnd_seed[] = "string to make the random number generator " + "think it has entropy"; -#ifdef OPENSSL_NO_ECDSA -int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; } -#else +/* declaration of the test functions */ +int x9_62_tests(BIO *); +int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); +int test_builtin(BIO *); -static BIO *bio_err=NULL; -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +/* functions to change the RAND_METHOD */ +int change_rand(void); +int restore_rand(void); +int fbytes(unsigned char *buf, int num); -#define ECDSA_NIST_TESTS 10 -ECDSA_SIG* signatures[ECDSA_NIST_TESTS]; -unsigned char digest[ECDSA_NIST_TESTS][20]; +RAND_METHOD fake_rand; +const RAND_METHOD *old_rand; -void clear_ecdsa(ECDSA *ecdsa) -{ - if (!ecdsa) - return; - if (ecdsa->group) +int change_rand(void) { - EC_GROUP_free(ecdsa->group); - ecdsa->group = NULL; - } - if (ecdsa->pub_key) - { - EC_POINT_free(ecdsa->pub_key); - ecdsa->pub_key = NULL; - } - if (ecdsa->priv_key) - { - BN_free(ecdsa->priv_key); - ecdsa->priv_key = NULL; - } -} - -int set_p192_param(ECDSA *ecdsa) -{ - BN_CTX *ctx=NULL; - int ret=0; + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; - if (!ecdsa) + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = fbytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) return 0; - if ((ctx = BN_CTX_new()) == NULL) goto err; - clear_ecdsa(ecdsa); - - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V1)) == NULL) - { - BIO_printf(bio_err,"ECDSA_SET_GROUP_P_192_V1() failed \n"); - goto err; - } - if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL) - { - BIO_printf(bio_err,"EC_POINT_new failed \n"); - goto err; + return 1; } - if (!BN_dec2bn(&(ecdsa->priv_key), "651056770906015076056810763456358567190100156695615665659")) goto err; - if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx)) +int restore_rand(void) { - BIO_printf(bio_err,"EC_POINT_mul() failed \n"); - goto err; + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; } - ret = 1; -err : if (ctx) BN_CTX_free(ctx); - return ret; -} - -int set_p239_param(ECDSA *ecdsa) -{ - BN_CTX *ctx=NULL; - int ret=0; +static int fbytes_counter = 0; +static const char *numbers[8] = { + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363"}; + +int fbytes(unsigned char *buf, int num) + { + int ret; + BIGNUM *tmp = NULL; - if (!ecdsa) + if (fbytes_counter >= 8) return 0; - if ((ctx = BN_CTX_new()) == NULL) goto err; - clear_ecdsa(ecdsa); - - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V1)) == NULL) - { - BIO_printf(bio_err,"ECDSA_SET_GROUP_P_239_V1() failed \n"); - goto err; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) + { + BN_free(tmp); + return 0; + } + fbytes_counter ++; + ret = BN_bn2bin(tmp, buf); + if (ret == 0 || ret != num) + ret = 0; + else + ret = 1; + if (tmp) + BN_free(tmp); + return ret; } - if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL) + +/* some tests from the X9.62 draft */ +int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) { - BIO_printf(bio_err,"EC_POINT_new failed \n"); - goto err; + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX md_ctx; + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + + EVP_MD_CTX_init(&md_ctx); + /* get the message digest */ + EVP_DigestInit(&md_ctx, EVP_ecdsa()); + EVP_DigestUpdate(&md_ctx, (const void*)message, 3); + EVP_DigestFinal(&md_ctx, digest, &dgst_len); + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new()) == NULL) + goto x962_int_err; + if ((key->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto x962_int_err; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* create the signature */ + signature = ECDSA_do_sign(digest, 20, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || + !BN_dec2bn(&s, s_in)) + goto x962_int_err; + if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; +x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + if (key) + EC_KEY_free(key); + if (signature) + ECDSA_SIG_free(signature); + if (r) + BN_free(r); + if (s) + BN_free(s); + EVP_MD_CTX_cleanup(&md_ctx); + return ret; } - if (!BN_dec2bn(&(ecdsa->priv_key), "876300101507107567501066130761671078357010671067781776716671676178726717")) goto err; - if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx)) +int x9_62_tests(BIO *out) { - BIO_printf(bio_err,"EC_POINT_mul() failed \n"); - goto err; - } - ret = 1; + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; -err : if (ctx) BN_CTX_free(ctx); + ret = 1; +x962_err: + if (!restore_rand()) + ret = 0; return ret; -} - -int test_sig_vrf(ECDSA *ecdsa, const unsigned char* dgst) -{ - int ret=0,type=0; - unsigned char *buffer=NULL; - unsigned int buf_len; - clock_t time; - - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) - return 0; - if ((buf_len = ECDSA_size(ecdsa)) == 0) - { - BIO_printf(bio_err, "ECDSA_size() == 0 \n"); - goto err; - } - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - goto err; - - time = clock(); - if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa)) - { - BIO_printf(bio_err, "ECDSA_sign() FAILED \n"); - goto err; - } - time = clock() - time; - BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)time/(CLOCKS_PER_SEC)); - - time = clock(); - ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa); - if (ret != 1) - { - BIO_printf(bio_err, "ECDSA_verify() FAILED \n"); - goto err; - } - time = clock() - time; - BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)time/(CLOCKS_PER_SEC)); - -err: OPENSSL_free(buffer); - return(ret == 1); -} - -int test_x962_sig_vrf(ECDSA *ecdsa, const unsigned char *dgst, - const char *k_in, const char *r_in, const char *s_in) -{ - int ret=0; - ECDSA_SIG *sig=NULL; - EC_POINT *point=NULL; - BIGNUM *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL; - BN_CTX *ctx=NULL; - char *tmp_char=NULL; - - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) - return 0; - if ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err; - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL || (k = BN_new()) == NULL || - (x = BN_new()) == NULL || (y = BN_new()) == NULL || (m = BN_new()) == NULL || - (ord = BN_new()) == NULL) goto err; - if ((ctx = BN_CTX_new()) == NULL) goto err; - if (!BN_bin2bn(dgst, 20, m)) goto err; - if (!BN_dec2bn(&k, k_in)) goto err; - if (!EC_POINT_mul(ecdsa->group, point, k, NULL, NULL, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(ecdsa->group, point, x, y, ctx)) goto err; - if (!EC_GROUP_get_order(ecdsa->group, ord, ctx)) goto err; - if ((ecdsa->r = BN_dup(x)) == NULL) goto err; - if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL) goto err; - - if ((sig = ECDSA_do_sign(dgst, 20, ecdsa)) == NULL) - { - BIO_printf(bio_err,"ECDSA_do_sign() failed \n"); - goto err; - } - - if (!BN_dec2bn(&r, r_in)) goto err; - if (!BN_dec2bn(&s, s_in)) goto err; - if (BN_cmp(sig->r,r) != 0 || BN_cmp(sig->s,s) != 0) - { - tmp_char = OPENSSL_malloc(128); - if (tmp_char == NULL) goto err; - tmp_char = BN_bn2dec(sig->r); - BIO_printf(bio_err,"unexpected signature \n"); - BIO_printf(bio_err,"sig->r = %s\n",tmp_char); - tmp_char = BN_bn2dec(sig->s); - BIO_printf(bio_err,"sig->s = %s\n",tmp_char); - goto err; - } - ret = ECDSA_do_verify(dgst, 20, sig, ecdsa); - if (ret != 1) - { - BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n"); - goto err; - } - - ret = 1; -err : if (r) BN_free(r); - if (s) BN_free(s); - if (k) BN_free(k); - if (x) BN_free(x); - if (y) BN_free(y); - if (m) BN_free(m); - if (ord) BN_free(ord); - if (sig) ECDSA_SIG_free(sig); - if (ctx) BN_CTX_free(ctx); - if (point) EC_POINT_free(point); - if (tmp_char) OPENSSL_free(tmp_char); - return(ret == 1); -} - -int ecdsa_cmp(const ECDSA *a, const ECDSA *b) -{ - int ret=1; - BN_CTX *ctx=NULL; - BIGNUM *tmp_a1=NULL, *tmp_a2=NULL, *tmp_a3=NULL; - BIGNUM *tmp_b1=NULL, *tmp_b2=NULL, *tmp_b3=NULL; - - if ((ctx = BN_CTX_new()) == NULL) return 1; - if ((tmp_a1 = BN_new()) == NULL || (tmp_a2 = BN_new()) == NULL || (tmp_a3 = BN_new()) == NULL) goto err; - if ((tmp_b1 = BN_new()) == NULL || (tmp_b2 = BN_new()) == NULL || (tmp_b3 = BN_new()) == NULL) goto err; - - if (a->pub_key && b->pub_key) - if (EC_POINT_cmp(a->group, a->pub_key, b->pub_key, ctx) != 0) goto err; - if (a->priv_key && b->priv_key) - if (BN_cmp(a->priv_key, b->priv_key) != 0) goto err; - if (!EC_GROUP_get_curve_GFp(a->group, tmp_a1, tmp_a2, tmp_a3, ctx)) goto err; - if (!EC_GROUP_get_curve_GFp(a->group, tmp_b1, tmp_b2, tmp_b3, ctx)) goto err; - if (BN_cmp(tmp_a1, tmp_b1) != 0) goto err; - if (BN_cmp(tmp_a2, tmp_b2) != 0) goto err; - if (BN_cmp(tmp_a3, tmp_b3) != 0) goto err; - - ret = 0; -err: if (tmp_a1) BN_free(tmp_a1); - if (tmp_a2) BN_free(tmp_a2); - if (tmp_a3) BN_free(tmp_a3); - if (tmp_b1) BN_free(tmp_b1); - if (tmp_b2) BN_free(tmp_b2); - if (tmp_b3) BN_free(tmp_b3); - if (ctx) BN_CTX_free(ctx); - return(ret); -} + } -int main(void) -{ - ECDSA *ecdsa=NULL, *ret_ecdsa=NULL; - BIGNUM *d=NULL; - X509_PUBKEY *x509_pubkey=NULL; - PKCS8_PRIV_KEY_INFO *pkcs8=NULL; - EVP_PKEY *pkey=NULL, *ret_pkey=NULL; - int dgst_len=0; - unsigned char *dgst=NULL; - int ret = 0, i=0; - clock_t time; - unsigned char *buffer=NULL; - unsigned char *pp; - long buf_len=0; - double time_d; - EVP_MD_CTX *md_ctx=NULL; +int test_builtin(BIO *out) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + unsigned char digest[20], wrong_digest[20]; + unsigned char *signature = NULL; + unsigned int sig_len; + int nid, ret = 0; - - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - - if ((ecdsa = ECDSA_new()) == NULL) goto err; - - set_p192_param(ecdsa); - ECDSA_print(bio_err, ecdsa, 0); - - /* en- decode tests */ - - /* i2d_ - d2i_ECDSAParameters() */ - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n"); - buf_len = i2d_ECDSAParameters(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECDSAParameters(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECDSAParameters(&ret_ecdsa, (const unsigned char **)&pp, - buf_len)) == NULL) goto err; - ECDSAParameters_print(bio_err, ret_ecdsa); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - OPENSSL_free(buffer); - buffer = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - - /* i2d_ - d2i_ECDSAPrivateKey() */ - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n"); - buf_len = i2d_ECDSAPrivateKey(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECDSAPrivateKey(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECDSAPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, - buf_len)) == NULL) goto err; - ECDSA_print(bio_err, ret_ecdsa, 0); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - OPENSSL_free(buffer); - buffer = NULL; - - /* i2d_ - d2i_ECDSAPublicKey() */ - - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPublicKey \n"); - buf_len = i2d_ECDSAPublicKey(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECDSAPublicKey(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECDSAPublicKey(&ret_ecdsa , (const unsigned char**)&pp, - buf_len)) == NULL) goto err; - ECDSA_print(bio_err, ret_ecdsa, 0); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - OPENSSL_free(buffer); - buffer = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; + /* fill digest values with some random data */ + if (!RAND_pseudo_bytes(digest, 20) || + !RAND_pseudo_bytes(wrong_digest, 20)) + { + BIO_printf(out, "ERROR: unable to get random data\n"); + goto builtin_err; + } + + /* create and verify a ecdsa signature with every availble curve + * (with ) */ + BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); + + /* get a list of all internal curves */ + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) + { + BIO_printf(out, "malloc error\n"); + goto builtin_err; + } - /* X509_PUBKEY_set() & X509_PUBKEY_get() */ - - BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set} : "); - if ((pkey = EVP_PKEY_new()) == NULL) goto err; - EVP_PKEY_assign_ECDSA(pkey, ecdsa); - if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err; - if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err; + if (!EC_get_builtin_curves(curves, crv_len)) + { + BIO_printf(out, "unable to get internal curves\n"); + goto builtin_err; + } + + /* now create and verify a signature for every curve */ + for (n = 0; n < crv_len; n++) + { + unsigned char dirt, offset; + + nid = curves[n].nid; + /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) + goto builtin_err; + if ((eckey->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto builtin_err; + if (EC_GROUP_get_degree(eckey->group) < 160) + /* drop the curve */ + { + EC_KEY_free(eckey); + eckey = NULL; + continue; + } + BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + /* create key */ + if (!EC_KEY_generate_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) + goto builtin_err; + if ((wrong_eckey->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto builtin_err; + if (!EC_KEY_generate_key(wrong_eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + BIO_printf(out, "."); + BIO_flush(out); + /* check key */ + if (!EC_KEY_check_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* create signature */ + sig_len = ECDSA_size(eckey); + if ((signature = OPENSSL_malloc(sig_len)) == NULL) + goto builtin_err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature with the wrong key */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, + wrong_eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* wrong digest */ + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, + eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* modify a single byte of the signature */ + offset = signature[10] % sig_len; + dirt = signature[11]; + signature[offset] ^= dirt ? dirt : 1; + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; + } + + ret = 1; +builtin_err: + if (eckey) + EC_KEY_free(eckey); + if (wrong_eckey) + EC_KEY_free(wrong_eckey); + if (signature); + OPENSSL_free(signature); + if (curves) + OPENSSL_free(curves); - if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - X509_PUBKEY_free(x509_pubkey); - x509_pubkey = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - - /* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */ - BIO_printf(bio_err, "Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY : \n"); - BIO_printf(bio_err, "PKCS8_OK : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_NO_OCTET : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NO_OCTET)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_EMBEDDED_PARAM : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_EMBEDDED_PARAM)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - BIO_printf(bio_err, "PKCS8_NS_DB : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NS_DB)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - pkcs8 = NULL; - - /* sign and verify tests */ - if ((d = BN_new()) == NULL) goto err; - - if (!BN_dec2bn(&d, "968236873715988614170569073515315707566766479517")) goto err; - dgst_len = BN_num_bytes(d); - if ((dgst = OPENSSL_malloc(dgst_len)) == NULL) goto err; - if (!BN_bn2bin(d, dgst)) goto err; - - BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n"); - - BIO_printf(bio_err, "PRIME_192_V1 : "); - if ((ecdsa = ECDSA_new()) == NULL) goto err; - if (!set_p192_param(ecdsa)) goto err; - if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654", - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) - goto err; - else - BIO_printf(bio_err, "OK\n"); - BIO_printf(bio_err, "PRIME_239_V1 : "); - if (!set_p239_param(ecdsa)) - goto err; - if (!test_x962_sig_vrf(ecdsa, dgst, "700000017569056646655505781757157107570501575775705779575555657156756655", - "308636143175167811492622547300668018854959378758531778147462058306432176", - "323813553209797357708078776831250505931891051755007842781978505179448783")) - goto err; - else - BIO_printf(bio_err, "OK\n"); - - ECDSA_free(ecdsa); - ecdsa = NULL; - OPENSSL_free(dgst); - dgst = NULL; - - - /* NIST PRIME CURVES TESTS */ - /* EC_GROUP_NIST_PRIME_192 */ - for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); - for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); - for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); - for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); - for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); - ECDSA_free(ecdsa); - ecdsa = NULL; - for (i=0; i