kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
528 Incheckningar
12 Grenar
38 MiB
Träd: f4b4952719
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'f4b4952719'
${ noResults }
boringssl/crypto/ecdsa/ecdsa_test.c

ecdsa_test.c 9.4 KiB
Normal vy Historik

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
10 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
10 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
10 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311 
  1. /* ====================================================================

  2.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@OpenSSL.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ====================================================================

  48.  *

  49.  * This product includes cryptographic software written by Eric Young

  50.  * (eay@cryptsoft.com).  This product includes software written by Tim

  51.  * Hudson (tjh@cryptsoft.com). */

  52. 

  53. #include <openssl/ecdsa.h>

  54. 

  55. #include <openssl/bio.h>

  56. #include <openssl/bn.h>

  57. #include <openssl/crypto.h>

  58. #include <openssl/ec.h>

  59. #include <openssl/err.h>

  60. #include <openssl/mem.h>

  61. #include <openssl/obj.h>

  62. #include <openssl/rand.h>

  63. 

  64. 

  65. int test_builtin(BIO *out) {

  66.   size_t n = 0;

  67.   EC_KEY *eckey = NULL, *wrong_eckey = NULL;

  68.   EC_GROUP *group;

  69.   ECDSA_SIG *ecdsa_sig = NULL;

  70.   unsigned char digest[20], wrong_digest[20];

  71.   unsigned char *signature = NULL;

  72.   const unsigned char *sig_ptr;

  73.   unsigned char *sig_ptr2;

  74.   unsigned char *raw_buf = NULL;

  75.   unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;

  76.   int nid, ret = 0;

  77. 

  78.   /* fill digest values with some random data */

  79.   if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) {

  80.     BIO_printf(out, "ERROR: unable to get random data\n");

  81.     goto builtin_err;

  82.   }

  83. 

  84.   /* create and verify a ecdsa signature with every availble curve

  85.    * (with ) */

  86.   BIO_printf(out,

  87.              "\ntesting ECDSA_sign() and ECDSA_verify() "

  88.              "with some internal curves:\n");

  89. 

  90.   static const int kCurveNIDs[] = {NID_secp224r1, NID_X9_62_prime256v1,

  91.                                    NID_secp384r1, NID_secp521r1, NID_undef};

  92. 

  93.   /* now create and verify a signature for every curve */

  94.   for (n = 0; kCurveNIDs[n] != NID_undef; n++) {

  95.     unsigned char dirt, offset;

  96. 

  97.     nid = kCurveNIDs[n];

  98.     /* create new ecdsa key (== EC_KEY) */

  99.     eckey = EC_KEY_new();

  100.     if (eckey == NULL) {

  101.       goto builtin_err;

  102.     }

  103.     group = EC_GROUP_new_by_curve_name(nid);

  104.     if (group == NULL) {

  105.       goto builtin_err;

  106.     }

  107.     if (!EC_KEY_set_group(eckey, group)) {

  108.       goto builtin_err;

  109.     }

  110.     EC_GROUP_free(group);

  111.     degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));

  112.     if (degree < 160) {

  113.       /* Too small to test. */

  114.       EC_KEY_free(eckey);

  115.       eckey = NULL;

  116.       continue;

  117.     }

  118. 

  119.     BIO_printf(out, "%s: ", OBJ_nid2sn(nid));

  120.     /* create key */

  121.     if (!EC_KEY_generate_key(eckey)) {

  122.       BIO_printf(out, " failed\n");

  123.       goto builtin_err;

  124.     }

  125.     /* create second key */

  126.     wrong_eckey = EC_KEY_new();

  127.     if (wrong_eckey == NULL) {

  128.       goto builtin_err;

  129.     }

  130.     group = EC_GROUP_new_by_curve_name(nid);

  131.     if (group == NULL) {

  132.       goto builtin_err;

  133.     }

  134.     if (EC_KEY_set_group(wrong_eckey, group) == 0) {

  135.       goto builtin_err;

  136.     }

  137.     EC_GROUP_free(group);

  138.     if (!EC_KEY_generate_key(wrong_eckey)) {

  139.       BIO_printf(out, " failed\n");

  140.       goto builtin_err;

  141.     }

  142. 

  143.     BIO_printf(out, ".");

  144.     (void)BIO_flush(out);

  145.     /* check key */

  146.     if (!EC_KEY_check_key(eckey)) {

  147.       BIO_printf(out, " failed\n");

  148.       goto builtin_err;

  149.     }

  150.     BIO_printf(out, ".");

  151.     (void)BIO_flush(out);

  152.     /* create signature */

  153.     sig_len = ECDSA_size(eckey);

  154.     signature = OPENSSL_malloc(sig_len);

  155.     if (signature == NULL) {

  156.       goto builtin_err;

  157.     }

  158.     if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {

  159.       BIO_printf(out, " failed\n");

  160.       goto builtin_err;

  161.     }

  162.     BIO_printf(out, ".");

  163.     (void)BIO_flush(out);

  164.     /* verify signature */

  165.     if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {

  166.       BIO_printf(out, " failed\n");

  167.       goto builtin_err;

  168.     }

  169.     BIO_printf(out, ".");

  170.     (void)BIO_flush(out);

  171.     /* verify signature with the wrong key */

  172.     if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {

  173.       BIO_printf(out, " failed\n");

  174.       goto builtin_err;

  175.     }

  176.     BIO_printf(out, ".");

  177.     (void)BIO_flush(out);

  178.     /* wrong digest */

  179.     if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {

  180.       BIO_printf(out, " failed\n");

  181.       goto builtin_err;

  182.     }

  183.     BIO_printf(out, ".");

  184.     (void)BIO_flush(out);

  185.     /* wrong length */

  186.     if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {

  187.       BIO_printf(out, " failed\n");

  188.       goto builtin_err;

  189.     }

  190.     BIO_printf(out, ".");

  191.     (void)BIO_flush(out);

  192. 

  193.     /* Modify a single byte of the signature: to ensure we don't

  194.      * garble the ASN1 structure, we read the raw signature and

  195.      * modify a byte in one of the bignums directly. */

  196.     sig_ptr = signature;

  197.     ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len);

  198.     if (ecdsa_sig == NULL) {

  199.       BIO_printf(out, " failed\n");

  200.       goto builtin_err;

  201.     }

  202. 

  203.     /* Store the two BIGNUMs in raw_buf. */

  204.     r_len = BN_num_bytes(ecdsa_sig->r);

  205.     s_len = BN_num_bytes(ecdsa_sig->s);

  206.     bn_len = (degree + 7) / 8;

  207.     if (r_len > bn_len || s_len > bn_len) {

  208.       BIO_printf(out, " failed\n");

  209.       goto builtin_err;

  210.     }

  211.     buf_len = 2 * bn_len;

  212.     raw_buf = OPENSSL_malloc(buf_len);

  213.     if (raw_buf == NULL) {

  214.       goto builtin_err;

  215.     }

  216.     /* Pad the bignums with leading zeroes. */

  217.     memset(raw_buf, 0, buf_len);

  218.     BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);

  219.     BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);

  220. 

  221.     /* Modify a single byte in the buffer. */

  222.     offset = raw_buf[10] % buf_len;

  223.     dirt = raw_buf[11] ? raw_buf[11] : 1;

  224.     raw_buf[offset] ^= dirt;

  225.     /* Now read the BIGNUMs back in from raw_buf. */

  226.     if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL ||

  227.         BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) {

  228.       goto builtin_err;

  229.     }

  230. 

  231.     sig_ptr2 = signature;

  232.     sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);

  233.     if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {

  234.       BIO_printf(out, " failed\n");

  235.       goto builtin_err;

  236.     }

  237.     /* Sanity check: undo the modification and verify signature. */

  238.     raw_buf[offset] ^= dirt;

  239.     if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL ||

  240.         BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) {

  241.       goto builtin_err;

  242.     }

  243. 

  244.     sig_ptr2 = signature;

  245.     sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);

  246.     if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {

  247.       BIO_printf(out, " failed\n");

  248.       goto builtin_err;

  249.     }

  250.     BIO_printf(out, ".");

  251.     (void)BIO_flush(out);

  252. 

  253.     BIO_printf(out, " ok\n");

  254.     /* cleanup */

  255.     /* clean bogus errors */

  256.     ERR_clear_error();

  257.     OPENSSL_free(signature);

  258.     signature = NULL;

  259.     EC_KEY_free(eckey);

  260.     eckey = NULL;

  261.     EC_KEY_free(wrong_eckey);

  262.     wrong_eckey = NULL;

  263.     ECDSA_SIG_free(ecdsa_sig);

  264.     ecdsa_sig = NULL;

  265.     OPENSSL_free(raw_buf);

  266.     raw_buf = NULL;

  267.   }

  268. 

  269.   ret = 1;

  270. builtin_err:

  271.   if (eckey)

  272.     EC_KEY_free(eckey);

  273.   if (wrong_eckey)

  274.     EC_KEY_free(wrong_eckey);

  275.   if (ecdsa_sig)

  276.     ECDSA_SIG_free(ecdsa_sig);

  277.   if (signature)

  278.     OPENSSL_free(signature);

  279.   if (raw_buf)

  280.     OPENSSL_free(raw_buf);

  281. 

  282.   return ret;

  283. }

  284. 

  285. int main(void) {

  286.   int ret = 1;

  287.   BIO *out;

  288. 

  289.   CRYPTO_library_init();

  290.   ERR_load_crypto_strings();

  291. 

  292.   out = BIO_new_fp(stdout, BIO_NOCLOSE);

  293. 

  294.   if (!test_builtin(out))

  295.     goto err;

  296. 

  297.   ret = 0;

  298. 

  299. err:

  300.   if (ret)

  301.     BIO_printf(out, "\nECDSA test failed\n");

  302.   else

  303.     BIO_printf(out, "\nPASS\n");

  304.   if (ret)

  305.     BIO_print_errors(out);

  306. 

  307.   if (out != NULL)

  308.     BIO_free(out);

  309. 

  310.   return ret;

  311. }