OLD | NEW |
1 /* crypto/ecdsa/ecdsatest.c */ | 1 /* crypto/ecdsa/ecdsatest.c */ |
2 /* | 2 /* |
3 * Written by Nils Larsch for the OpenSSL project. | 3 * Written by Nils Larsch for the OpenSSL project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 return 0; | 161 return 0; |
162 tmp = BN_new(); | 162 tmp = BN_new(); |
163 if (!tmp) | 163 if (!tmp) |
164 return 0; | 164 return 0; |
165 if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) | 165 if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) |
166 { | 166 { |
167 BN_free(tmp); | 167 BN_free(tmp); |
168 return 0; | 168 return 0; |
169 } | 169 } |
170 fbytes_counter ++; | 170 fbytes_counter ++; |
171 » ret = BN_bn2bin(tmp, buf);» | 171 » if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) |
172 » if (ret == 0 || ret != num) | |
173 ret = 0; | 172 ret = 0; |
174 » else | 173 » else |
175 ret = 1; | 174 ret = 1; |
176 if (tmp) | 175 if (tmp) |
177 BN_free(tmp); | 176 BN_free(tmp); |
178 return ret; | 177 return ret; |
179 } | 178 } |
180 | 179 |
181 /* some tests from the X9.62 draft */ | 180 /* some tests from the X9.62 draft */ |
182 int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) | 181 int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) |
183 { | 182 { |
184 int ret = 0; | 183 int ret = 0; |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
280 ret = 0; | 279 ret = 0; |
281 return ret; | 280 return ret; |
282 } | 281 } |
283 | 282 |
284 int test_builtin(BIO *out) | 283 int test_builtin(BIO *out) |
285 { | 284 { |
286 EC_builtin_curve *curves = NULL; | 285 EC_builtin_curve *curves = NULL; |
287 size_t crv_len = 0, n = 0; | 286 size_t crv_len = 0, n = 0; |
288 EC_KEY *eckey = NULL, *wrong_eckey = NULL; | 287 EC_KEY *eckey = NULL, *wrong_eckey = NULL; |
289 EC_GROUP *group; | 288 EC_GROUP *group; |
| 289 ECDSA_SIG *ecdsa_sig = NULL; |
290 unsigned char digest[20], wrong_digest[20]; | 290 unsigned char digest[20], wrong_digest[20]; |
291 » unsigned char» *signature = NULL; | 291 » unsigned char» *signature = NULL; |
292 » unsigned int» sig_len; | 292 » unsigned char» *sig_ptr; |
| 293 » unsigned char» *raw_buf = NULL; |
| 294 » unsigned int» sig_len, degree, r_len, s_len, bn_len, buf_len; |
293 int nid, ret = 0; | 295 int nid, ret = 0; |
294 | 296 |
295 /* fill digest values with some random data */ | 297 /* fill digest values with some random data */ |
296 if (!RAND_pseudo_bytes(digest, 20) || | 298 if (!RAND_pseudo_bytes(digest, 20) || |
297 !RAND_pseudo_bytes(wrong_digest, 20)) | 299 !RAND_pseudo_bytes(wrong_digest, 20)) |
298 { | 300 { |
299 BIO_printf(out, "ERROR: unable to get random data\n"); | 301 BIO_printf(out, "ERROR: unable to get random data\n"); |
300 goto builtin_err; | 302 goto builtin_err; |
301 } | 303 } |
302 | 304 |
(...skipping 29 matching lines...) Expand all Loading... |
332 continue; | 334 continue; |
333 /* create new ecdsa key (== EC_KEY) */ | 335 /* create new ecdsa key (== EC_KEY) */ |
334 if ((eckey = EC_KEY_new()) == NULL) | 336 if ((eckey = EC_KEY_new()) == NULL) |
335 goto builtin_err; | 337 goto builtin_err; |
336 group = EC_GROUP_new_by_curve_name(nid); | 338 group = EC_GROUP_new_by_curve_name(nid); |
337 if (group == NULL) | 339 if (group == NULL) |
338 goto builtin_err; | 340 goto builtin_err; |
339 if (EC_KEY_set_group(eckey, group) == 0) | 341 if (EC_KEY_set_group(eckey, group) == 0) |
340 goto builtin_err; | 342 goto builtin_err; |
341 EC_GROUP_free(group); | 343 EC_GROUP_free(group); |
342 » » if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) | 344 » » degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); |
| 345 » » if (degree < 160) |
343 /* drop the curve */ | 346 /* drop the curve */ |
344 { | 347 { |
345 EC_KEY_free(eckey); | 348 EC_KEY_free(eckey); |
346 eckey = NULL; | 349 eckey = NULL; |
347 continue; | 350 continue; |
348 } | 351 } |
349 BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); | 352 BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); |
350 /* create key */ | 353 /* create key */ |
351 if (!EC_KEY_generate_key(eckey)) | 354 if (!EC_KEY_generate_key(eckey)) |
352 { | 355 { |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
408 (void)BIO_flush(out); | 411 (void)BIO_flush(out); |
409 /* wrong digest */ | 412 /* wrong digest */ |
410 if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, | 413 if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, |
411 eckey) == 1) | 414 eckey) == 1) |
412 { | 415 { |
413 BIO_printf(out, " failed\n"); | 416 BIO_printf(out, " failed\n"); |
414 goto builtin_err; | 417 goto builtin_err; |
415 } | 418 } |
416 BIO_printf(out, "."); | 419 BIO_printf(out, "."); |
417 (void)BIO_flush(out); | 420 (void)BIO_flush(out); |
418 » » /* modify a single byte of the signature */ | 421 » » /* wrong length */ |
419 » » offset = signature[10] % sig_len; | 422 » » if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, |
420 » » dirt = signature[11]; | 423 » » » eckey) == 1) |
421 » » signature[offset] ^= dirt ? dirt : 1; | 424 » » » { |
| 425 » » » BIO_printf(out, " failed\n"); |
| 426 » » » goto builtin_err; |
| 427 » » » } |
| 428 » » BIO_printf(out, "."); |
| 429 » » (void)BIO_flush(out); |
| 430 |
| 431 » » /* Modify a single byte of the signature: to ensure we don't |
| 432 » » * garble the ASN1 structure, we read the raw signature and |
| 433 » » * modify a byte in one of the bignums directly. */ |
| 434 » » sig_ptr = signature; |
| 435 » » if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL
) |
| 436 » » » { |
| 437 » » » BIO_printf(out, " failed\n"); |
| 438 » » » goto builtin_err; |
| 439 » » » } |
| 440 |
| 441 » » /* Store the two BIGNUMs in raw_buf. */ |
| 442 » » r_len = BN_num_bytes(ecdsa_sig->r); |
| 443 » » s_len = BN_num_bytes(ecdsa_sig->s); |
| 444 » » bn_len = (degree + 7) / 8; |
| 445 » » if ((r_len > bn_len) || (s_len > bn_len)) |
| 446 » » » { |
| 447 » » » BIO_printf(out, " failed\n"); |
| 448 » » » goto builtin_err; |
| 449 » » » } |
| 450 » » buf_len = 2 * bn_len; |
| 451 » » if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) |
| 452 » » » goto builtin_err; |
| 453 » » /* Pad the bignums with leading zeroes. */ |
| 454 » » memset(raw_buf, 0, buf_len); |
| 455 » » BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); |
| 456 » » BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); |
| 457 |
| 458 » » /* Modify a single byte in the buffer. */ |
| 459 » » offset = raw_buf[10] % buf_len; |
| 460 » » dirt = raw_buf[11] ? raw_buf[11] : 1; |
| 461 » » raw_buf[offset] ^= dirt; |
| 462 » » /* Now read the BIGNUMs back in from raw_buf. */ |
| 463 » » if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || |
| 464 » » » (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NU
LL)) |
| 465 » » » goto builtin_err; |
| 466 |
| 467 » » sig_ptr = signature; |
| 468 » » sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); |
422 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) | 469 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) |
423 { | 470 { |
424 BIO_printf(out, " failed\n"); | 471 BIO_printf(out, " failed\n"); |
425 goto builtin_err; | 472 goto builtin_err; |
426 } | 473 } |
| 474 /* Sanity check: undo the modification and verify signature. */ |
| 475 raw_buf[offset] ^= dirt; |
| 476 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || |
| 477 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NU
LL)) |
| 478 goto builtin_err; |
| 479 |
| 480 sig_ptr = signature; |
| 481 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); |
| 482 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) |
| 483 { |
| 484 BIO_printf(out, " failed\n"); |
| 485 goto builtin_err; |
| 486 } |
427 BIO_printf(out, "."); | 487 BIO_printf(out, "."); |
428 (void)BIO_flush(out); | 488 (void)BIO_flush(out); |
429 | 489 |
430 BIO_printf(out, " ok\n"); | 490 BIO_printf(out, " ok\n"); |
431 /* cleanup */ | 491 /* cleanup */ |
| 492 /* clean bogus errors */ |
| 493 ERR_clear_error(); |
432 OPENSSL_free(signature); | 494 OPENSSL_free(signature); |
433 signature = NULL; | 495 signature = NULL; |
434 EC_KEY_free(eckey); | 496 EC_KEY_free(eckey); |
435 eckey = NULL; | 497 eckey = NULL; |
436 EC_KEY_free(wrong_eckey); | 498 EC_KEY_free(wrong_eckey); |
437 wrong_eckey = NULL; | 499 wrong_eckey = NULL; |
| 500 ECDSA_SIG_free(ecdsa_sig); |
| 501 ecdsa_sig = NULL; |
| 502 OPENSSL_free(raw_buf); |
| 503 raw_buf = NULL; |
438 } | 504 } |
439 | 505 |
440 ret = 1; | 506 ret = 1; |
441 builtin_err: | 507 builtin_err: |
442 if (eckey) | 508 if (eckey) |
443 EC_KEY_free(eckey); | 509 EC_KEY_free(eckey); |
444 if (wrong_eckey) | 510 if (wrong_eckey) |
445 EC_KEY_free(wrong_eckey); | 511 EC_KEY_free(wrong_eckey); |
| 512 if (ecdsa_sig) |
| 513 ECDSA_SIG_free(ecdsa_sig); |
446 if (signature) | 514 if (signature) |
447 OPENSSL_free(signature); | 515 OPENSSL_free(signature); |
| 516 if (raw_buf) |
| 517 OPENSSL_free(raw_buf); |
448 if (curves) | 518 if (curves) |
449 OPENSSL_free(curves); | 519 OPENSSL_free(curves); |
450 | 520 |
451 return ret; | 521 return ret; |
452 } | 522 } |
453 | 523 |
454 int main(void) | 524 int main(void) |
455 { | 525 { |
456 int ret = 1; | 526 int ret = 1; |
457 BIO *out; | 527 BIO *out; |
(...skipping 25 matching lines...) Expand all Loading... |
483 | 553 |
484 ret = 0; | 554 ret = 0; |
485 err: | 555 err: |
486 if (ret) | 556 if (ret) |
487 BIO_printf(out, "\nECDSA test failed\n"); | 557 BIO_printf(out, "\nECDSA test failed\n"); |
488 else | 558 else |
489 BIO_printf(out, "\nECDSA test passed\n"); | 559 BIO_printf(out, "\nECDSA test passed\n"); |
490 if (ret) | 560 if (ret) |
491 ERR_print_errors(out); | 561 ERR_print_errors(out); |
492 CRYPTO_cleanup_all_ex_data(); | 562 CRYPTO_cleanup_all_ex_data(); |
493 » ERR_remove_state(0); | 563 » ERR_remove_thread_state(NULL); |
494 ERR_free_strings(); | 564 ERR_free_strings(); |
495 CRYPTO_mem_leaks(out); | 565 CRYPTO_mem_leaks(out); |
496 if (out != NULL) | 566 if (out != NULL) |
497 BIO_free(out); | 567 BIO_free(out); |
498 return ret; | 568 return ret; |
499 } | 569 } |
500 #endif | 570 #endif |
OLD | NEW |