From 2b32b2819187564e450539f94d5ae9716a11c757 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Wed, 4 Dec 2002 17:38:40 +0000 Subject: [PATCH] Don't compute timings here, we can do this elsewhere. Include X9.62 signature examples. Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 805 +++++++++++++++++---------------------- 1 file changed, 352 insertions(+), 453 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 26b98e0ff1..3f284125a2 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -1,4 +1,7 @@ /* crypto/ecdsa/ecdsatest.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -69,298 +72,377 @@ #include #include #include -#include - -#ifdef CLOCKS_PER_SEC - /* "To determine the time in seconds, the value returned - * by the clock function should be divided by the value - * of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 */ -# define UNIT "s" -#else - /* "`CLOCKS_PER_SEC' undeclared (first use this function)" - * -- cc on NeXTstep/OpenStep */ -# define UNIT "units" -# define CLOCKS_PER_SEC 1 -#endif #ifdef OPENSSL_NO_ECDSA -int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; } +int main(int argc, char * argv[]) + { + puts("Elliptic curves are disabled."); + return 0; + } #else #include #include #include -#include #include #include #include -static BIO *bio_err=NULL; -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -#define ECDSA_NIST_TESTS 10 -ECDSA_SIG* signatures[ECDSA_NIST_TESTS]; -unsigned char digest[ECDSA_NIST_TESTS][20]; - -/* some declarations */ -void clear_ecdsa(EC_KEY *); -int set_p192_param(EC_KEY *); -int set_p239_param(EC_KEY *); -int test_sig_vrf(EC_KEY *, const unsigned char *); -int test_x962_sig_vrf(EC_KEY *, const unsigned char *, - const char *, const char *, const char *); -int ecdsa_cmp(const EC_KEY *, const EC_KEY *); - -void clear_ecdsa(EC_KEY *ecdsa) -{ - if (!ecdsa) - return; - if (ecdsa->group) - { - EC_GROUP_free(ecdsa->group); - ecdsa->group = NULL; - } - if (ecdsa->pub_key) +static const char rnd_seed[] = "string to make the random number generator " + "think it has entropy"; + +/* declaration of the test functions */ +int x9_62_tests(BIO *); +int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); +int test_builtin(BIO *); + +/* functions to change the RAND_METHOD */ +int change_rand(void); +int restore_rand(void); +int fbytes(unsigned char *buf, int num); + +RAND_METHOD fake_rand; +const RAND_METHOD *old_rand; + +int change_rand(void) { - EC_POINT_free(ecdsa->pub_key); - ecdsa->pub_key = NULL; + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; + + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = fbytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) + return 0; + return 1; } - if (ecdsa->priv_key) + +int restore_rand(void) { - BN_free(ecdsa->priv_key); - ecdsa->priv_key = NULL; + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; } -} -int set_p192_param(EC_KEY *ecdsa) -{ - BN_CTX *ctx=NULL; - int ret=0; +static int fbytes_counter = 0; +static const char *numbers[8] = { + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363"}; + +int fbytes(unsigned char *buf, int num) + { + int ret; + BIGNUM *tmp = NULL; - if (!ecdsa) + if (fbytes_counter >= 8) return 0; - if ((ctx = BN_CTX_new()) == NULL) goto err; - clear_ecdsa(ecdsa); - - if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime192v1)) == NULL) - { - BIO_printf(bio_err,"ECDSA_SET_GROUP_P_192_V1() failed \n"); - goto err; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) + { + BN_free(tmp); + return 0; + } + fbytes_counter ++; + ret = BN_bn2bin(tmp, buf); + if (ret == 0 || ret != num) + ret = 0; + else + ret = 1; + if (tmp) + BN_free(tmp); + return ret; } - if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL) + +/* some tests from the X9.62 draft */ +int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) { - BIO_printf(bio_err,"EC_POINT_new failed \n"); - goto err; + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX md_ctx; + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + + EVP_MD_CTX_init(&md_ctx); + /* get the message digest */ + EVP_DigestInit(&md_ctx, EVP_ecdsa()); + EVP_DigestUpdate(&md_ctx, (const void*)message, 3); + EVP_DigestFinal(&md_ctx, digest, &dgst_len); + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new()) == NULL) + goto x962_int_err; + if ((key->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto x962_int_err; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* create the signature */ + signature = ECDSA_do_sign(digest, 20, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || + !BN_dec2bn(&s, s_in)) + goto x962_int_err; + if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; +x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + if (key) + EC_KEY_free(key); + if (signature) + ECDSA_SIG_free(signature); + if (r) + BN_free(r); + if (s) + BN_free(s); + EVP_MD_CTX_cleanup(&md_ctx); + return ret; } - if (!BN_dec2bn(&(ecdsa->priv_key), "651056770906015076056810763456358567190100156695615665659")) goto err; - if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx)) +int x9_62_tests(BIO *out) { - BIO_printf(bio_err,"EC_POINT_mul() failed \n"); - goto err; - } - ret = 1; + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; -err : if (ctx) BN_CTX_free(ctx); + ret = 1; +x962_err: + if (!restore_rand()) + ret = 0; return ret; -} + } + +int test_builtin(BIO *out) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + unsigned char digest[20], wrong_digest[20]; + unsigned char *signature; + unsigned int sig_len; + int nid, ret = 0; + + /* fill digest values with some random data */ + if (!RAND_pseudo_bytes(digest, 20) || + !RAND_pseudo_bytes(wrong_digest, 20)) + { + BIO_printf(out, "ERROR: unable to get random data\n"); + goto builtin_err; + } -int set_p239_param(EC_KEY *ecdsa) -{ - BN_CTX *ctx=NULL; - int ret=0; + /* create and verify a ecdsa signature with every availble curve + * (with ) */ + BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); - if (!ecdsa) - return 0; - if ((ctx = BN_CTX_new()) == NULL) goto err; - clear_ecdsa(ecdsa); + /* get a list of all internal curves */ + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) + { + BIO_printf(out, "malloc error\n"); + goto builtin_err; + } - if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime239v1)) == NULL) - { - BIO_printf(bio_err,"ECDSA_SET_GROUP_P_239_V1() failed \n"); - goto err; - } - if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL) - { - BIO_printf(bio_err,"EC_POINT_new failed \n"); - goto err; - } + if (!EC_get_builtin_curves(curves, crv_len)) + { + BIO_printf(out, "unable to get internal curves\n"); + goto builtin_err; + } - if (!BN_dec2bn(&(ecdsa->priv_key), "876300101507107567501066130761671078357010671067781776716671676178726717")) goto err; - if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx)) - { - BIO_printf(bio_err,"EC_POINT_mul() failed \n"); - goto err; - } - ret = 1; + /* now create and verify a signature for every curve */ + for (n = 0; n < crv_len; n++) + { + nid = curves[n].nid; + /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) + goto builtin_err; + if ((eckey->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto builtin_err; + if (EC_GROUP_get_degree(eckey->group) < 160) + /* drop the curve */ + { + EC_KEY_free(eckey); + eckey = NULL; + continue; + } + BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + /* create key */ + if (!EC_KEY_generate_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) + goto builtin_err; + if ((wrong_eckey->group = EC_GROUP_new_by_nid(nid)) == NULL) + goto builtin_err; + if (!EC_KEY_generate_key(wrong_eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + BIO_printf(out, "."); + BIO_flush(out); + /* check key */ + if (!EC_KEY_check_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* create signature */ + sig_len = ECDSA_size(eckey); + if ((signature = OPENSSL_malloc(sig_len)) == NULL) + goto builtin_err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature with the wrong key */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, + wrong_eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* wrong digest */ + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, + eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* modify signature */ + signature[((int)signature[0])%sig_len] ^= + signature[((int)signature[1])%sig_len]; + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; + } + + ret = 1; +builtin_err: + if (eckey) + EC_KEY_free(eckey); + if (wrong_eckey) + EC_KEY_free(wrong_eckey); + if (signature); + OPENSSL_free(signature); + if (curves) + OPENSSL_free(curves); -err : if (ctx) BN_CTX_free(ctx); return ret; -} - -int test_sig_vrf(EC_KEY *ecdsa, const unsigned char* dgst) -{ - int ret=0,type=0; - unsigned char *buffer=NULL; - unsigned int buf_len; - clock_t tim; - - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) - return 0; - if ((buf_len = ECDSA_size(ecdsa)) == 0) - { - BIO_printf(bio_err, "ECDSA_size() == 0 \n"); - goto err; - } - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - goto err; - - tim = clock(); - if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa)) - { - BIO_printf(bio_err, "ECDSA_sign() FAILED \n"); - goto err; - } - tim = clock() - tim; - BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)tim/(CLOCKS_PER_SEC)); - - tim = clock(); - ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa); - if (ret != 1) - { - BIO_printf(bio_err, "ECDSA_verify() FAILED \n"); - goto err; - } - tim = clock() - tim; - BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)tim/(CLOCKS_PER_SEC)); - -err: OPENSSL_free(buffer); - return(ret == 1); -} - -int test_x962_sig_vrf(EC_KEY *eckey, const unsigned char *dgst, - const char *k_in, const char *r_in, const char *s_in) -{ - int ret=0; - ECDSA_SIG *sig=NULL; - EC_POINT *point=NULL; - BIGNUM *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL; - BN_CTX *ctx=NULL; - char *tmp_char=NULL; - ECDSA_DATA *ecdsa = ecdsa_check(eckey);; - - if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key - || !ecdsa) - return 0; - if ((point = EC_POINT_new(eckey->group)) == NULL) goto err; - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL - || (k = BN_new()) == NULL || (x = BN_new()) == NULL || - (y = BN_new()) == NULL || (m = BN_new()) == NULL || - (ord = BN_new()) == NULL) goto err; - if ((ctx = BN_CTX_new()) == NULL) goto err; - if (!BN_bin2bn(dgst, 20, m)) goto err; - if (!BN_dec2bn(&k, k_in)) goto err; - if (!EC_POINT_mul(eckey->group, point, k, NULL, NULL, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, point, x, y, - ctx)) goto err; - if (!EC_GROUP_get_order(eckey->group, ord, ctx)) goto err; - if ((ecdsa->r = BN_dup(x)) == NULL) goto err; - if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL) - goto err; - - if ((sig = ECDSA_do_sign(dgst, 20, eckey)) == NULL) - { - BIO_printf(bio_err,"ECDSA_do_sign() failed \n"); - goto err; - } - - if (!BN_dec2bn(&r, r_in)) goto err; - if (!BN_dec2bn(&s, s_in)) goto err; - if (BN_cmp(sig->r,r) != 0 || BN_cmp(sig->s,s) != 0) - { - tmp_char = OPENSSL_malloc(128); - if (tmp_char == NULL) goto err; - tmp_char = BN_bn2dec(sig->r); - BIO_printf(bio_err,"unexpected signature \n"); - BIO_printf(bio_err,"sig->r = %s\n",tmp_char); - tmp_char = BN_bn2dec(sig->s); - BIO_printf(bio_err,"sig->s = %s\n",tmp_char); - goto err; - } - ret = ECDSA_do_verify(dgst, 20, sig, eckey); - if (ret != 1) - { - BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n"); - goto err; - } - - ret = 1; -err : if (r) BN_free(r); - if (s) BN_free(s); - if (k) BN_free(k); - if (x) BN_free(x); - if (y) BN_free(y); - if (m) BN_free(m); - if (ord) BN_free(ord); - if (sig) ECDSA_SIG_free(sig); - if (ctx) BN_CTX_free(ctx); - if (point) EC_POINT_free(point); - if (tmp_char) OPENSSL_free(tmp_char); - return(ret == 1); -} - -int ecdsa_cmp(const EC_KEY *a, const EC_KEY *b) -{ - int ret=1; - BN_CTX *ctx=NULL; - BIGNUM *tmp_a1=NULL, *tmp_a2=NULL, *tmp_a3=NULL; - BIGNUM *tmp_b1=NULL, *tmp_b2=NULL, *tmp_b3=NULL; - - if ((ctx = BN_CTX_new()) == NULL) return 1; - if ((tmp_a1 = BN_new()) == NULL || (tmp_a2 = BN_new()) == NULL || (tmp_a3 = BN_new()) == NULL) goto err; - if ((tmp_b1 = BN_new()) == NULL || (tmp_b2 = BN_new()) == NULL || (tmp_b3 = BN_new()) == NULL) goto err; - - if (a->pub_key && b->pub_key) - if (EC_POINT_cmp(a->group, a->pub_key, b->pub_key, ctx) != 0) goto err; - if (a->priv_key && b->priv_key) - if (BN_cmp(a->priv_key, b->priv_key) != 0) goto err; - if (!EC_GROUP_get_curve_GFp(a->group, tmp_a1, tmp_a2, tmp_a3, ctx)) goto err; - if (!EC_GROUP_get_curve_GFp(a->group, tmp_b1, tmp_b2, tmp_b3, ctx)) goto err; - if (BN_cmp(tmp_a1, tmp_b1) != 0) goto err; - if (BN_cmp(tmp_a2, tmp_b2) != 0) goto err; - if (BN_cmp(tmp_a3, tmp_b3) != 0) goto err; - - ret = 0; -err: if (tmp_a1) BN_free(tmp_a1); - if (tmp_a2) BN_free(tmp_a2); - if (tmp_a3) BN_free(tmp_a3); - if (tmp_b1) BN_free(tmp_b1); - if (tmp_b2) BN_free(tmp_b2); - if (tmp_b3) BN_free(tmp_b3); - if (ctx) BN_CTX_free(ctx); - return(ret); -} + } int main(void) -{ - EC_KEY *ecdsa=NULL, *ret_ecdsa=NULL; - BIGNUM *d=NULL; - X509_PUBKEY *x509_pubkey=NULL; - PKCS8_PRIV_KEY_INFO *pkcs8=NULL; - EVP_PKEY *pkey=NULL, *ret_pkey=NULL; - int dgst_len=0; - unsigned char *dgst=NULL; - int ret = 0, i=0; - clock_t tim; - unsigned char *buffer=NULL; - unsigned char *pp; - long buf_len=0; - double tim_d; - EVP_MD_CTX *md_ctx=NULL; + { + int ret = 0; + BIO *out; + + out = BIO_new_fp(stdout, BIO_NOCLOSE); /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && + (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); @@ -374,210 +456,27 @@ int main(void) ERR_load_crypto_strings(); - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); - + /* initialize the prng */ RAND_seed(rnd_seed, sizeof(rnd_seed)); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - - set_p192_param(ecdsa); - EC_KEY_print(bio_err, ecdsa, 0); - - /* en- decode tests */ - - /* i2d_ - d2i_ECParameters() */ - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n"); - buf_len = i2d_ECParameters(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECParameters(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECParameters(&ret_ecdsa, (const unsigned char **)&pp, - buf_len)) == NULL) goto err; - ECParameters_print(bio_err, ret_ecdsa); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - OPENSSL_free(buffer); - buffer = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - - /* i2d_ - d2i_ECPrivateKey() */ - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n"); - buf_len = i2d_ECPrivateKey(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECPrivateKey(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, - buf_len)) == NULL) goto err; - EC_KEY_print(bio_err, ret_ecdsa, 0); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - OPENSSL_free(buffer); - buffer = NULL; - - /* X509_PUBKEY_set() & X509_PUBKEY_get() */ - - BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set} : "); - if ((pkey = EVP_PKEY_new()) == NULL) goto err; - EVP_PKEY_assign_EC_KEY(pkey, ecdsa); - if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err; - if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err; - - if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - X509_PUBKEY_free(x509_pubkey); - x509_pubkey = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - - /* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */ - BIO_printf(bio_err, "Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY : \n"); - BIO_printf(bio_err, "PKCS8_OK : "); - if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err; - if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) - { - BIO_printf(bio_err, "TEST FAILED \n"); - goto err; - } - else BIO_printf(bio_err, "TEST OK \n"); - EVP_PKEY_free(ret_pkey); - ret_pkey = NULL; - EC_KEY_free(ret_ecdsa); - ret_ecdsa = NULL; - PKCS8_PRIV_KEY_INFO_free(pkcs8); - EVP_PKEY_free(pkey); - pkey = NULL; - ecdsa = NULL; - pkcs8 = NULL; - - /* sign and verify tests */ - if ((d = BN_new()) == NULL) goto err; - - if (!BN_dec2bn(&d, "968236873715988614170569073515315707566766479517")) goto err; - dgst_len = BN_num_bytes(d); - if ((dgst = OPENSSL_malloc(dgst_len)) == NULL) goto err; - if (!BN_bn2bin(d, dgst)) goto err; - - BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n"); - - BIO_printf(bio_err, "PRIME_192_V1 : "); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if (!set_p192_param(ecdsa)) goto err; - if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654", - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) - goto err; - else - BIO_printf(bio_err, "OK\n"); - BIO_printf(bio_err, "PRIME_239_V1 : "); - if (!set_p239_param(ecdsa)) - goto err; - if (!test_x962_sig_vrf(ecdsa, dgst, "700000017569056646655505781757157107570501575775705779575555657156756655", - "308636143175167811492622547300668018854959378758531778147462058306432176", - "323813553209797357708078776831250505931891051755007842781978505179448783")) - goto err; - else - BIO_printf(bio_err, "OK\n"); - - EC_KEY_free(ecdsa); - ecdsa = NULL; - OPENSSL_free(dgst); - dgst = NULL; - - for (i=0; igroup = EC_GROUP_new_by_nid(curve)) == NULL) goto err; \ - if (!EC_KEY_generate_key(ecdsa)) goto err; \ - tim = clock(); \ - for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" \ - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \ - tim = clock(); \ - for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" \ - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \ - for (i=0; i