/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the Contribution as delivered hereunder
- * (or portions thereof), provided that such covenant shall not apply:
- * 1) for code that a licensee deletes from the Contribution;
- * 2) separates from the Contribution; or
- * 3) for infringements caused by:
- * i) the modification of the Contribution or
- * ii) the combination of the Contribution with other software or
- * devices where such combination causes the infringement.
- *
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <time.h>
-
-#ifdef CLOCKS_PER_SEC
- /* "To determine the time in seconds, the value returned
- * by the clock function should be divided by the value
- * of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899 */
-# define UNIT "s"
-#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
-# define UNIT "units"
-# define CLOCKS_PER_SEC 1
-#endif
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
#ifdef OPENSSL_NO_ECDSA
-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+int main(int argc, char * argv[])
+ {
+ puts("Elliptic curves are disabled.");
+ return 0;
+ }
#else
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
-#include <openssl/x509.h>
+#include <openssl/bn.h>
#include <openssl/ecdsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
+#include <openssl/rand.h>
-static BIO *bio_err=NULL;
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-#define ECDSA_NIST_TESTS 10
-ECDSA_SIG* signatures[ECDSA_NIST_TESTS];
-unsigned char digest[ECDSA_NIST_TESTS][20];
-
-/* some declarations */
-void clear_ecdsa(EC_KEY *);
-int set_p192_param(EC_KEY *);
-int set_p239_param(EC_KEY *);
-int test_sig_vrf(EC_KEY *, const unsigned char *);
-int test_x962_sig_vrf(EC_KEY *, const unsigned char *,
- const char *, const char *, const char *);
-int ecdsa_cmp(const EC_KEY *, const EC_KEY *);
-
-void clear_ecdsa(EC_KEY *ecdsa)
-{
- if (!ecdsa)
- return;
- if (ecdsa->group)
- {
- EC_GROUP_free(ecdsa->group);
- ecdsa->group = NULL;
- }
- if (ecdsa->pub_key)
- {
- EC_POINT_free(ecdsa->pub_key);
- ecdsa->pub_key = NULL;
- }
- if (ecdsa->priv_key)
- {
- BN_free(ecdsa->priv_key);
- ecdsa->priv_key = NULL;
- }
-}
+static const char rnd_seed[] = "string to make the random number generator "
+ "think it has entropy";
-int set_p192_param(EC_KEY *ecdsa)
-{
- BN_CTX *ctx=NULL;
- int ret=0;
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
- if (!ecdsa)
- return 0;
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- clear_ecdsa(ecdsa);
-
- if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime192v1)) == NULL)
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
{
- BIO_printf(bio_err,"ECDSA_SET_GROUP_P_192_V1() failed \n");
- goto err;
+ /* save old rand method */
+ if ((old_rand = RAND_get_rand_method()) == NULL)
+ return 0;
+
+ fake_rand.seed = old_rand->seed;
+ fake_rand.cleanup = old_rand->cleanup;
+ fake_rand.add = old_rand->add;
+ fake_rand.status = old_rand->status;
+ /* use own random function */
+ fake_rand.bytes = fbytes;
+ fake_rand.pseudorand = old_rand->bytes;
+ /* set new RAND_METHOD */
+ if (!RAND_set_rand_method(&fake_rand))
+ return 0;
+ return 1;
}
- if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
+
+int restore_rand(void)
{
- BIO_printf(bio_err,"EC_POINT_new failed \n");
- goto err;
+ if (!RAND_set_rand_method(old_rand))
+ return 0;
+ else
+ return 1;
}
- if (!BN_dec2bn(&(ecdsa->priv_key), "651056770906015076056810763456358567190100156695615665659")) goto err;
- if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
+static int fbytes_counter = 0, use_fake = 0;
+static const char *numbers[8] = {
+ "651056770906015076056810763456358567190100156695615665659",
+ "6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
+ "7000000175690566466555057817571571075705015757757057795755"
+ "55657156756655",
+ "1275552191113212300012030439187146164646146646466749494799",
+ "1542725565216523985789236956265265265235675811949404040041",
+ "1456427555219115346513212300075341203043918714616464614664"
+ "64667494947990",
+ "1712787255652165239672857892369562652652652356758119494040"
+ "40041670216363"};
+
+int fbytes(unsigned char *buf, int num)
{
- BIO_printf(bio_err,"EC_POINT_mul() failed \n");
- goto err;
- }
- ret = 1;
+ int ret;
+ BIGNUM *tmp = NULL;
-err : if (ctx) BN_CTX_free(ctx);
- return ret;
-}
+ if (use_fake == 0)
+ return old_rand->bytes(buf, num);
-int set_p239_param(EC_KEY *ecdsa)
-{
- BN_CTX *ctx=NULL;
- int ret=0;
+ use_fake = 0;
- if (!ecdsa)
+ if (fbytes_counter >= 8)
return 0;
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- clear_ecdsa(ecdsa);
-
- if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime239v1)) == NULL)
- {
- BIO_printf(bio_err,"ECDSA_SET_GROUP_P_239_V1() failed \n");
- goto err;
+ tmp = BN_new();
+ if (!tmp)
+ return 0;
+ if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+ {
+ BN_free(tmp);
+ return 0;
+ }
+ fbytes_counter ++;
+ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+ ret = 0;
+ else
+ ret = 1;
+ if (tmp)
+ BN_free(tmp);
+ return ret;
}
- if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
{
- BIO_printf(bio_err,"EC_POINT_new failed \n");
- goto err;
+ int ret = 0;
+ const char message[] = "abc";
+ unsigned char digest[20];
+ unsigned int dgst_len = 0;
+ EVP_MD_CTX md_ctx;
+ EC_KEY *key = NULL;
+ ECDSA_SIG *signature = NULL;
+ BIGNUM *r = NULL, *s = NULL;
+ BIGNUM *kinv = NULL, *rp = NULL;
+
+ EVP_MD_CTX_init(&md_ctx);
+ /* get the message digest */
+ if (!EVP_DigestInit(&md_ctx, EVP_ecdsa())
+ || !EVP_DigestUpdate(&md_ctx, (const void*)message, 3)
+ || !EVP_DigestFinal(&md_ctx, digest, &dgst_len))
+ goto x962_int_err;
+
+ BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+ /* create the key */
+ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+ goto x962_int_err;
+ use_fake = 1;
+ if (!EC_KEY_generate_key(key))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create the signature */
+ use_fake = 1;
+ /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
+ if (!ECDSA_sign_setup(key, NULL, &kinv, &rp))
+ goto x962_int_err;
+ signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key);
+ if (signature == NULL)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* compare the created signature with the expected signature */
+ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+ goto x962_int_err;
+ if (!BN_dec2bn(&r, r_in) ||
+ !BN_dec2bn(&s, s_in))
+ goto x962_int_err;
+ if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify the signature */
+ if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ ret = 1;
+x962_int_err:
+ if (!ret)
+ BIO_printf(out, " failed\n");
+ if (key)
+ EC_KEY_free(key);
+ if (signature)
+ ECDSA_SIG_free(signature);
+ if (r)
+ BN_free(r);
+ if (s)
+ BN_free(s);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ if (kinv)
+ BN_clear_free(kinv);
+ if (rp)
+ BN_clear_free(rp);
+ return ret;
}
- if (!BN_dec2bn(&(ecdsa->priv_key), "876300101507107567501066130761671078357010671067781776716671676178726717")) goto err;
- if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
+int x9_62_tests(BIO *out)
{
- BIO_printf(bio_err,"EC_POINT_mul() failed \n");
- goto err;
- }
+ int ret = 0;
+
+ BIO_printf(out, "some tests from X9.62:\n");
+
+ /* set own rand method */
+ if (!change_rand())
+ goto x962_err;
+
+ if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+ "3342403536405981729393488334694600415596881826869351677613",
+ "5735822328888155254683894997897571951568553642892029982342"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+ "3086361431751678114926225473006680188549593787585317781474"
+ "62058306432176",
+ "3238135532097973577080787768312505059318910517550078427819"
+ "78505179448783"))
+ goto x962_err;
+#ifndef OPENSSL_NO_EC2M
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+ "87194383164871543355722284926904419997237591535066528048",
+ "308992691965804947361541664549085895292153777025772063598"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+ "2159633321041961198501834003903461262881815148684178964245"
+ "5876922391552",
+ "1970303740007316867383349976549972270528498040721988191026"
+ "49413465737174"))
+ goto x962_err;
+#endif
ret = 1;
-
-err : if (ctx) BN_CTX_free(ctx);
+x962_err:
+ if (!restore_rand())
+ ret = 0;
return ret;
-}
-
-int test_sig_vrf(EC_KEY *ecdsa, const unsigned char* dgst)
-{
- int ret=0,type=0;
- unsigned char *buffer=NULL;
- unsigned int buf_len;
- clock_t tim;
-
- if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
- return 0;
- if ((buf_len = ECDSA_size(ecdsa)) == 0)
- {
- BIO_printf(bio_err, "ECDSA_size() == 0 \n");
- goto err;
- }
- if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
- goto err;
-
- tim = clock();
- if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa))
- {
- BIO_printf(bio_err, "ECDSA_sign() FAILED \n");
- goto err;
- }
- tim = clock() - tim;
- BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)tim/(CLOCKS_PER_SEC));
-
- tim = clock();
- ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa);
- if (ret != 1)
- {
- BIO_printf(bio_err, "ECDSA_verify() FAILED \n");
- goto err;
- }
- tim = clock() - tim;
- BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)tim/(CLOCKS_PER_SEC));
-
-err: OPENSSL_free(buffer);
- return(ret == 1);
-}
-
-int test_x962_sig_vrf(EC_KEY *eckey, const unsigned char *dgst,
- const char *k_in, const char *r_in, const char *s_in)
-{
- int ret=0;
- ECDSA_SIG *sig=NULL;
- EC_POINT *point=NULL;
- BIGNUM *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL;
- BN_CTX *ctx=NULL;
- char *tmp_char=NULL;
- ECDSA_DATA *ecdsa = ecdsa_check(eckey);;
+ }
+
+int test_builtin(BIO *out)
+ {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ EC_KEY *eckey = NULL, *wrong_eckey = NULL;
+ EC_GROUP *group;
+ ECDSA_SIG *ecdsa_sig = NULL;
+ unsigned char digest[20], wrong_digest[20];
+ unsigned char *signature = NULL;
+ const unsigned char *sig_ptr;
+ unsigned char *sig_ptr2;
+ unsigned char *raw_buf = NULL;
+ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+ int nid, ret = 0;
- if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key
- || !ecdsa)
- return 0;
- if ((point = EC_POINT_new(eckey->group)) == NULL) goto err;
- if ((r = BN_new()) == NULL || (s = BN_new()) == NULL
- || (k = BN_new()) == NULL || (x = BN_new()) == NULL ||
- (y = BN_new()) == NULL || (m = BN_new()) == NULL ||
- (ord = BN_new()) == NULL) goto err;
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- if (!BN_bin2bn(dgst, 20, m)) goto err;
- if (!BN_dec2bn(&k, k_in)) goto err;
- if (!EC_POINT_mul(eckey->group, point, k, NULL, NULL, ctx)) goto err;
- if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, point, x, y,
- ctx)) goto err;
- if (!EC_GROUP_get_order(eckey->group, ord, ctx)) goto err;
- if ((ecdsa->r = BN_dup(x)) == NULL) goto err;
- if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL)
- goto err;
-
- if ((sig = ECDSA_do_sign(dgst, 20, eckey)) == NULL)
- {
- BIO_printf(bio_err,"ECDSA_do_sign() failed \n");
- goto err;
- }
-
- if (!BN_dec2bn(&r, r_in)) goto err;
- if (!BN_dec2bn(&s, s_in)) goto err;
- if (BN_cmp(sig->r,r) != 0 || BN_cmp(sig->s,s) != 0)
- {
- tmp_char = OPENSSL_malloc(128);
- if (tmp_char == NULL) goto err;
- tmp_char = BN_bn2dec(sig->r);
- BIO_printf(bio_err,"unexpected signature \n");
- BIO_printf(bio_err,"sig->r = %s\n",tmp_char);
- tmp_char = BN_bn2dec(sig->s);
- BIO_printf(bio_err,"sig->s = %s\n",tmp_char);
- goto err;
- }
- ret = ECDSA_do_verify(dgst, 20, sig, eckey);
- if (ret != 1)
- {
- BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n");
- goto err;
- }
-
- ret = 1;
-err : if (r) BN_free(r);
- if (s) BN_free(s);
- if (k) BN_free(k);
- if (x) BN_free(x);
- if (y) BN_free(y);
- if (m) BN_free(m);
- if (ord) BN_free(ord);
- if (sig) ECDSA_SIG_free(sig);
- if (ctx) BN_CTX_free(ctx);
- if (point) EC_POINT_free(point);
- if (tmp_char) OPENSSL_free(tmp_char);
- return(ret == 1);
-}
-
-int ecdsa_cmp(const EC_KEY *a, const EC_KEY *b)
-{
- int ret=1;
- BN_CTX *ctx=NULL;
- BIGNUM *tmp_a1=NULL, *tmp_a2=NULL, *tmp_a3=NULL;
- BIGNUM *tmp_b1=NULL, *tmp_b2=NULL, *tmp_b3=NULL;
-
- if ((ctx = BN_CTX_new()) == NULL) return 1;
- if ((tmp_a1 = BN_new()) == NULL || (tmp_a2 = BN_new()) == NULL || (tmp_a3 = BN_new()) == NULL) goto err;
- if ((tmp_b1 = BN_new()) == NULL || (tmp_b2 = BN_new()) == NULL || (tmp_b3 = BN_new()) == NULL) goto err;
-
- if (a->pub_key && b->pub_key)
- if (EC_POINT_cmp(a->group, a->pub_key, b->pub_key, ctx) != 0) goto err;
- if (a->priv_key && b->priv_key)
- if (BN_cmp(a->priv_key, b->priv_key) != 0) goto err;
- if (!EC_GROUP_get_curve_GFp(a->group, tmp_a1, tmp_a2, tmp_a3, ctx)) goto err;
- if (!EC_GROUP_get_curve_GFp(a->group, tmp_b1, tmp_b2, tmp_b3, ctx)) goto err;
- if (BN_cmp(tmp_a1, tmp_b1) != 0) goto err;
- if (BN_cmp(tmp_a2, tmp_b2) != 0) goto err;
- if (BN_cmp(tmp_a3, tmp_b3) != 0) goto err;
+ /* fill digest values with some random data */
+ if (!RAND_pseudo_bytes(digest, 20) ||
+ !RAND_pseudo_bytes(wrong_digest, 20))
+ {
+ BIO_printf(out, "ERROR: unable to get random data\n");
+ goto builtin_err;
+ }
- ret = 0;
-err: if (tmp_a1) BN_free(tmp_a1);
- if (tmp_a2) BN_free(tmp_a2);
- if (tmp_a3) BN_free(tmp_a3);
- if (tmp_b1) BN_free(tmp_b1);
- if (tmp_b2) BN_free(tmp_b2);
- if (tmp_b3) BN_free(tmp_b3);
- if (ctx) BN_CTX_free(ctx);
- return(ret);
-}
+ /* create and verify a ecdsa signature with every availble curve
+ * (with ) */
+ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+ "with some internal curves:\n");
+
+ /* get a list of all internal curves */
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL)
+ {
+ BIO_printf(out, "malloc error\n");
+ goto builtin_err;
+ }
+
+ if (!EC_get_builtin_curves(curves, crv_len))
+ {
+ BIO_printf(out, "unable to get internal curves\n");
+ goto builtin_err;
+ }
+
+ /* now create and verify a signature for every curve */
+ for (n = 0; n < crv_len; n++)
+ {
+ unsigned char dirt, offset;
+
+ nid = curves[n].nid;
+ if (nid == NID_ipsec4)
+ continue;
+ /* create new ecdsa key (== EC_KEY) */
+ if ((eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+ if (degree < 160)
+ /* drop the curve */
+ {
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ continue;
+ }
+ BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+ /* create key */
+ if (!EC_KEY_generate_key(eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /* create second key */
+ if ((wrong_eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(wrong_eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ if (!EC_KEY_generate_key(wrong_eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* check key */
+ if (!EC_KEY_check_key(eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create signature */
+ sig_len = ECDSA_size(eckey);
+ if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+ goto builtin_err;
+ if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature with the wrong key */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len,
+ wrong_eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong digest */
+ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+ eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong length */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
+ eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ /* Modify a single byte of the signature: to ensure we don't
+ * garble the ASN1 structure, we read the raw signature and
+ * modify a byte in one of the bignums directly. */
+ sig_ptr = signature;
+ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ /* Store the two BIGNUMs in raw_buf. */
+ r_len = BN_num_bytes(ecdsa_sig->r);
+ s_len = BN_num_bytes(ecdsa_sig->s);
+ bn_len = (degree + 7) / 8;
+ if ((r_len > bn_len) || (s_len > bn_len))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ buf_len = 2 * bn_len;
+ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+ goto builtin_err;
+ /* Pad the bignums with leading zeroes. */
+ memset(raw_buf, 0, buf_len);
+ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+
+ /* Modify a single byte in the buffer. */
+ offset = raw_buf[10] % buf_len;
+ dirt = raw_buf[11] ? raw_buf[11] : 1;
+ raw_buf[offset] ^= dirt;
+ /* Now read the BIGNUMs back in from raw_buf. */
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /* Sanity check: undo the modification and verify signature. */
+ raw_buf[offset] ^= dirt;
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ /* cleanup */
+ /* clean bogus errors */
+ ERR_clear_error();
+ OPENSSL_free(signature);
+ signature = NULL;
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ EC_KEY_free(wrong_eckey);
+ wrong_eckey = NULL;
+ ECDSA_SIG_free(ecdsa_sig);
+ ecdsa_sig = NULL;
+ OPENSSL_free(raw_buf);
+ raw_buf = NULL;
+ }
+
+ ret = 1;
+builtin_err:
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (wrong_eckey)
+ EC_KEY_free(wrong_eckey);
+ if (ecdsa_sig)
+ ECDSA_SIG_free(ecdsa_sig);
+ if (signature)
+ OPENSSL_free(signature);
+ if (raw_buf)
+ OPENSSL_free(raw_buf);
+ if (curves)
+ OPENSSL_free(curves);
+
+ return ret;
+ }
int main(void)
-{
- EC_KEY *ecdsa=NULL, *ret_ecdsa=NULL;
- BIGNUM *d=NULL;
- X509_PUBKEY *x509_pubkey=NULL;
- PKCS8_PRIV_KEY_INFO *pkcs8=NULL;
- EVP_PKEY *pkey=NULL, *ret_pkey=NULL;
- int dgst_len=0;
- unsigned char *dgst=NULL;
- int ret = 0, i=0;
- clock_t tim;
- unsigned char *buffer=NULL;
- unsigned char *pp;
- long buf_len=0;
- double tim_d;
- EVP_MD_CTX *md_ctx=NULL;
+ {
+ int ret = 1;
+ BIO *out;
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
/* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
+ (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
{
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
ERR_load_crypto_strings();
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
+ /* initialize the prng */
RAND_seed(rnd_seed, sizeof(rnd_seed));
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
-
- set_p192_param(ecdsa);
- EC_KEY_print(bio_err, ecdsa, 0);
-
- /* en- decode tests */
-
- /* i2d_ - d2i_ECParameters() */
- BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n");
- buf_len = i2d_ECParameters(ecdsa, NULL);
- if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
- pp = buffer;
- if (!i2d_ECParameters(ecdsa, &pp)) goto err;
- pp = buffer;
- if ((ret_ecdsa = d2i_ECParameters(&ret_ecdsa, (const unsigned char **)&pp,
- buf_len)) == NULL) goto err;
- ECParameters_print(bio_err, ret_ecdsa);
- if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
- OPENSSL_free(buffer);
- buffer = NULL;
- EC_KEY_free(ret_ecdsa);
- ret_ecdsa = NULL;
-
- /* i2d_ - d2i_ECPrivateKey() */
- BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n");
- buf_len = i2d_ECPrivateKey(ecdsa, NULL);
- if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
- pp = buffer;
- if (!i2d_ECPrivateKey(ecdsa, &pp)) goto err;
- pp = buffer;
- if ((ret_ecdsa = d2i_ECPrivateKey(&ret_ecdsa, (const unsigned char**)&pp,
- buf_len)) == NULL) goto err;
- EC_KEY_print(bio_err, ret_ecdsa, 0);
- if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
- EC_KEY_free(ret_ecdsa);
- ret_ecdsa = NULL;
- OPENSSL_free(buffer);
- buffer = NULL;
-
- /* X509_PUBKEY_set() & X509_PUBKEY_get() */
-
- BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set} : ");
- if ((pkey = EVP_PKEY_new()) == NULL) goto err;
- EVP_PKEY_assign_EC_KEY(pkey, ecdsa);
- if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err;
- if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err;
-
- if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err;
- ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey);
- EVP_PKEY_free(ret_pkey);
- ret_pkey = NULL;
-
- if (ecdsa_cmp(ecdsa, ret_ecdsa))
- {
- BIO_printf(bio_err, "TEST FAILED \n");
- goto err;
- }
- else BIO_printf(bio_err, "TEST OK \n");
- X509_PUBKEY_free(x509_pubkey);
- x509_pubkey = NULL;
- EC_KEY_free(ret_ecdsa);
- ret_ecdsa = NULL;
-
- /* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */
- BIO_printf(bio_err, "Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY : \n");
- BIO_printf(bio_err, "PKCS8_OK : ");
- if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err;
- if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
- ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey);
- if (ecdsa_cmp(ecdsa, ret_ecdsa))
- {
- BIO_printf(bio_err, "TEST FAILED \n");
- goto err;
- }
- else BIO_printf(bio_err, "TEST OK \n");
- EVP_PKEY_free(ret_pkey);
- ret_pkey = NULL;
- EC_KEY_free(ret_ecdsa);
- ret_ecdsa = NULL;
- PKCS8_PRIV_KEY_INFO_free(pkcs8);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- ecdsa = NULL;
- pkcs8 = NULL;
-
- /* sign and verify tests */
- if ((d = BN_new()) == NULL) goto err;
-
- if (!BN_dec2bn(&d, "968236873715988614170569073515315707566766479517")) goto err;
- dgst_len = BN_num_bytes(d);
- if ((dgst = OPENSSL_malloc(dgst_len)) == NULL) goto err;
- if (!BN_bn2bin(d, dgst)) goto err;
-
- BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n");
-
- BIO_printf(bio_err, "PRIME_192_V1 : ");
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if (!set_p192_param(ecdsa)) goto err;
- if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654",
- "3342403536405981729393488334694600415596881826869351677613",
- "5735822328888155254683894997897571951568553642892029982342"))
- goto err;
- else
- BIO_printf(bio_err, "OK\n");
- BIO_printf(bio_err, "PRIME_239_V1 : ");
- if (!set_p239_param(ecdsa))
- goto err;
- if (!test_x962_sig_vrf(ecdsa, dgst, "700000017569056646655505781757157107570501575775705779575555657156756655",
- "308636143175167811492622547300668018854959378758531778147462058306432176",
- "323813553209797357708078776831250505931891051755007842781978505179448783"))
- goto err;
- else
- BIO_printf(bio_err, "OK\n");
-
- EC_KEY_free(ecdsa);
- ecdsa = NULL;
- OPENSSL_free(dgst);
- dgst = NULL;
-
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!RAND_bytes(digest[i], 20)) goto err;
-
- BIO_printf(bio_err, "\n");
-
-/* Macro for each test */
-#define ECDSA_GROUP_TEST(text, curve) \
- BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \
- EC_KEY_free(ecdsa); \
- if ((ecdsa = EC_KEY_new()) == NULL) goto err; \
- if ((ecdsa->group = EC_GROUP_new_by_nid(curve)) == NULL) goto err; \
- if (!EC_KEY_generate_key(ecdsa)) goto err; \
- tim = clock(); \
- for (i=0; i<ECDSA_NIST_TESTS; i++) \
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \
- tim = clock() - tim; \
- tim_d = (double)tim / CLOCKS_PER_SEC; \
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" \
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \
- tim = clock(); \
- for (i=0; i<ECDSA_NIST_TESTS; i++) \
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \
- tim = clock() - tim; \
- tim_d = (double)tim / CLOCKS_PER_SEC; \
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \
- for (i=0; i<ECDSA_NIST_TESTS; i++) \
- { \
- ECDSA_SIG_free(signatures[i]); \
- signatures[i] = NULL; \
- }
-
- /* NIST PRIME CURVES TESTS */
- ECDSA_GROUP_TEST("NIST Prime-Curve P-192", NID_X9_62_prime192v1);
- ECDSA_GROUP_TEST("NIST Prime-Curve P-224", NID_secp224r1);
- ECDSA_GROUP_TEST("NIST Prime-Curve P-256", NID_X9_62_prime256v1);
- ECDSA_GROUP_TEST("NIST Prime-Curve P-384", NID_secp384r1);
- ECDSA_GROUP_TEST("NIST Prime-Curve P-521", NID_secp521r1);
- /* NIST BINARY CURVES TESTS */
- ECDSA_GROUP_TEST("NIST Binary-Curve K-163", NID_sect163k1);
- ECDSA_GROUP_TEST("NIST Binary-Curve B-163", NID_sect163r2);
- ECDSA_GROUP_TEST("NIST Binary-Curve K-233", NID_sect233k1);
- ECDSA_GROUP_TEST("NIST Binary-Curve B-233", NID_sect233r1);
- ECDSA_GROUP_TEST("NIST Binary-Curve K-283", NID_sect283k1);
- ECDSA_GROUP_TEST("NIST Binary-Curve B-283", NID_sect283r1);
- ECDSA_GROUP_TEST("NIST Binary-Curve K-409", NID_sect409k1);
- ECDSA_GROUP_TEST("NIST Binary-Curve B-409", NID_sect409r1);
- ECDSA_GROUP_TEST("NIST Binary-Curve K-571", NID_sect571k1);
- ECDSA_GROUP_TEST("NIST Binary-Curve B-571", NID_sect571r1);
-#undef ECDSA_GROUP_TEST
-
- EC_KEY_free(ecdsa);
- ecdsa = NULL;
- OPENSSL_free(buffer);
- buffer = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
+ /* the tests */
+ if (!x9_62_tests(out)) goto err;
+ if (!test_builtin(out)) goto err;
- ret = 1;
-err: if (!ret)
- BIO_printf(bio_err, "TEST FAILED \n");
+ ret = 0;
+err:
+ if (ret)
+ BIO_printf(out, "\nECDSA test failed\n");
else
- BIO_printf(bio_err, "TEST PASSED \n");
- if (!ret)
- ERR_print_errors(bio_err);
- if (ecdsa) EC_KEY_free(ecdsa);
- if (d) BN_free(d);
- if (dgst) OPENSSL_free(dgst);
- if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
- if (pkey) EVP_PKEY_free(pkey);
+ BIO_printf(out, "\nECDSA test passed\n");
+ if (ret)
+ ERR_print_errors(out);
CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
+ ERR_remove_thread_state(NULL);
ERR_free_strings();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- {
- BIO_free(bio_err);
- bio_err = NULL;
- }
- return(0);
-}
-
+ CRYPTO_mem_leaks(out);
+ if (out != NULL)
+ BIO_free(out);
+ return ret;
+ }
#endif
projects / openssl.git / blobdiff