X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=test%2Ftest_crypto.c;h=a8119be4387b2baf7825d61d6ee175204bc1a042;hp=e37034ceea121293764273ba937029e3e240f19e;hb=c1e540575c63e09e6ab25c0c7826601d77b18d97;hpb=dddc412922f42f9c7dd6177133828be724f44424 diff --git a/test/test_crypto.c b/test/test_crypto.c index e37034c..a8119be 100644 --- a/test/test_crypto.c +++ b/test/test_crypto.c @@ -4759,6 +4759,11 @@ test_RSA_sign(const char *name, br_rsa_private fpriv, { unsigned char t1[128], t2[128]; unsigned char hv[20], tmp[20]; + unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64]; + unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64]; + br_rsa_public_key rsa_pk; + br_rsa_private_key rsa_sk; + unsigned char hv2[64], tmp2[64], sig[128]; br_sha1_context hc; size_t u; @@ -4812,6 +4817,41 @@ test_RSA_sign(const char *name, br_rsa_private fpriv, fflush(stdout); } + /* + * Another KAT test, which historically showed a bug. + */ + rsa_pk.n = rsa_n; + rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB"); + rsa_pk.e = rsa_e; + rsa_pk.elen = hextobin(rsa_e, "010001"); + + rsa_sk.n_bitlen = 1024; + rsa_sk.p = rsa_p; + rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357"); + rsa_sk.q = rsa_q; + rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D"); + rsa_sk.dp = rsa_dp; + rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3"); + rsa_sk.dq = rsa_dq; + rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981"); + rsa_sk.iq = rsa_iq; + rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9"); + hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2"); + + hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4"); + if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) { + fprintf(stderr, "Signature generation failed (2)\n"); + exit(EXIT_FAILURE); + } + check_equals("Regenerated signature (2)", t2, sig, sizeof t2); + if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512, + sizeof tmp2, &rsa_pk, tmp2)) + { + fprintf(stderr, "Signature verification failed (2)\n"); + exit(EXIT_FAILURE); + } + check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2); + printf(" done.\n"); fflush(stdout); } @@ -5526,6 +5566,7 @@ test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt) size_t plain_len, key_len, nonce_len, aad_len; br_aes_gen_ctrcbc_keys bc; br_eax_context ec; + br_eax_state st; unsigned char tmp[100], out[16]; size_t v, tag_len; @@ -5649,6 +5690,63 @@ test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt) printf("."); fflush(stdout); + + /* + * For capture tests, we need the message to be non-empty. + */ + if (plain_len == 0) { + continue; + } + + /* + * Captured state, pre-AAD. This requires the AAD and the + * message to be non-empty. + */ + br_eax_capture(&ec, &st); + + if (aad_len > 0) { + br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len); + br_eax_aad_inject(&ec, aad, aad_len); + br_eax_flip(&ec); + memcpy(tmp, plain, plain_len); + br_eax_run(&ec, 1, tmp, plain_len); + br_eax_get_tag(&ec, out); + check_equals("KAT EAX 9", tmp, cipher, plain_len); + check_equals("KAT EAX 10", out, tag, 16); + + br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len); + br_eax_aad_inject(&ec, aad, aad_len); + br_eax_flip(&ec); + br_eax_run(&ec, 0, tmp, plain_len); + br_eax_get_tag(&ec, out); + check_equals("KAT EAX 11", tmp, plain, plain_len); + check_equals("KAT EAX 12", out, tag, 16); + } + + /* + * Captured state, post-AAD. This requires the message to + * be non-empty. + */ + br_eax_reset(&ec, nonce, nonce_len); + br_eax_aad_inject(&ec, aad, aad_len); + br_eax_flip(&ec); + br_eax_get_aad_mac(&ec, &st); + + br_eax_reset_post_aad(&ec, &st, nonce, nonce_len); + memcpy(tmp, plain, plain_len); + br_eax_run(&ec, 1, tmp, plain_len); + br_eax_get_tag(&ec, out); + check_equals("KAT EAX 13", tmp, cipher, plain_len); + check_equals("KAT EAX 14", out, tag, 16); + + br_eax_reset_post_aad(&ec, &st, nonce, nonce_len); + br_eax_run(&ec, 0, tmp, plain_len); + br_eax_get_tag(&ec, out); + check_equals("KAT EAX 15", tmp, plain, plain_len); + check_equals("KAT EAX 16", out, tag, 16); + + printf("."); + fflush(stdout); } printf(" done.\n");