release/src/router/dropbear/libtomcrypt/testprof/ecc_test.c

   1 #include <tomcrypt_test.h>
   2
   3 #ifdef MECC
   4
   5 static int sizes[] = {
   6 #ifdef ECC112
   7 14,
   8 #endif
   9 #ifdef ECC128
  10 16,
  11 #endif
  12 #ifdef ECC160
  13 20,
  14 #endif
  15 #ifdef ECC192
  16 24,
  17 #endif
  18 #ifdef ECC224
  19 28,
  20 #endif
  21 #ifdef ECC256
  22 32,
  23 #endif
  24 #ifdef ECC384
  25 48,
  26 #endif
  27 #ifdef ECC521
  28 65
  29 #endif
  30 };
  31
  32 #ifdef LTC_ECC_SHAMIR
  33 int ecc_test_shamir(void)
  34 {
  35    void *modulus, *mp, *kA, *kB, *rA, *rB;
  36    ecc_point *G, *A, *B, *C1, *C2;
  37    int x, y, z;
  38    unsigned char buf[ECC_BUF_SIZE];
  39
  40    DO(mp_init_multi(&kA, &kB, &rA, &rB, &modulus, NULL));
  41    LTC_ARGCHK((G  = ltc_ecc_new_point()) != NULL);
  42    LTC_ARGCHK((A  = ltc_ecc_new_point()) != NULL);
  43    LTC_ARGCHK((B  = ltc_ecc_new_point()) != NULL);
  44    LTC_ARGCHK((C1 = ltc_ecc_new_point()) != NULL);
  45    LTC_ARGCHK((C2 = ltc_ecc_new_point()) != NULL);
  46
  47    for (x = 0; x < (int)(sizeof(sizes)/sizeof(sizes[0])); x++) {
  48        /* get the base point */
  49        for (z = 0; ltc_ecc_sets[z].name; z++) {
  50            if (sizes[z] < ltc_ecc_sets[z].size) break;
  51        }
  52        LTC_ARGCHK(ltc_ecc_sets[z].name != NULL);
  53
  54        /* load it */
  55        DO(mp_read_radix(G->x, ltc_ecc_sets[z].Gx, 16));
  56        DO(mp_read_radix(G->y, ltc_ecc_sets[z].Gy, 16));
  57        DO(mp_set(G->z, 1));
  58        DO(mp_read_radix(modulus, ltc_ecc_sets[z].prime, 16));
  59        DO(mp_montgomery_setup(modulus, &mp));
  60
  61        /* do 100 random tests */
  62        for (y = 0; y < 100; y++) {
  63           /* pick a random r1, r2 */
  64           LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
  65           DO(mp_read_unsigned_bin(rA, buf, sizes[x]));
  66           LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
  67           DO(mp_read_unsigned_bin(rB, buf, sizes[x]));
  68
  69           /* compute rA * G = A */
  70           DO(ltc_mp.ecc_ptmul(rA, G, A, modulus, 1));
  71
  72           /* compute rB * G = B */
  73           DO(ltc_mp.ecc_ptmul(rB, G, B, modulus, 1));
  74
  75           /* pick a random kA, kB */
  76           LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
  77           DO(mp_read_unsigned_bin(kA, buf, sizes[x]));
  78           LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
  79           DO(mp_read_unsigned_bin(kB, buf, sizes[x]));
  80
  81           /* now, compute kA*A + kB*B = C1 using the older method */
  82           DO(ltc_mp.ecc_ptmul(kA, A, C1, modulus, 0));
  83           DO(ltc_mp.ecc_ptmul(kB, B, C2, modulus, 0));
  84           DO(ltc_mp.ecc_ptadd(C1, C2, C1, modulus, mp));
  85           DO(ltc_mp.ecc_map(C1, modulus, mp));
  86
  87           /* now compute using mul2add */
  88           DO(ltc_mp.ecc_mul2add(A, kA, B, kB, C2, modulus));
  89
  90           /* is they the sames?  */
  91           if ((mp_cmp(C1->x, C2->x) != LTC_MP_EQ) || (mp_cmp(C1->y, C2->y) != LTC_MP_EQ) || (mp_cmp(C1->z, C2->z) != LTC_MP_EQ)) {
  92              fprintf(stderr, "ECC failed shamir test: size=%d, testno=%d\n", sizes[x], y);
  93              return 1;
  94           }
  95       }
  96       mp_montgomery_free(mp);
  97   }
  98   ltc_ecc_del_point(C2);
  99   ltc_ecc_del_point(C1);
 100   ltc_ecc_del_point(B);
 101   ltc_ecc_del_point(A);
 102   ltc_ecc_del_point(G);
 103   mp_clear_multi(kA, kB, rA, rB, modulus, NULL);
 104   return 0;
 105 }
 106 #endif
 107
 108 int ecc_tests (void)
 109 {
 110   unsigned char buf[4][4096];
 111   unsigned long x, y, z, s;
 112   int           stat, stat2;
 113   ecc_key usera, userb, pubKey, privKey;
 114
 115   DO(ecc_test ());
 116   DO(ecc_test ());
 117   DO(ecc_test ());
 118   DO(ecc_test ());
 119   DO(ecc_test ());
 120
 121   for (s = 0; s < (sizeof(sizes)/sizeof(sizes[0])); s++) {
 122      /* make up two keys */
 123      DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
 124      DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &userb));
 125
 126      /* make the shared secret */
 127      x = sizeof(buf[0]);
 128      DO(ecc_shared_secret (&usera, &userb, buf[0], &x));
 129
 130      y = sizeof(buf[1]);
 131      DO(ecc_shared_secret (&userb, &usera, buf[1], &y));
 132
 133      if (y != x) {
 134        fprintf(stderr, "ecc Shared keys are not same size.");
 135        return 1;
 136      }
 137
 138      if (memcmp (buf[0], buf[1], x)) {
 139        fprintf(stderr, "ecc Shared keys not same contents.");
 140        return 1;
 141      }
 142
 143      /* now export userb */
 144      y = sizeof(buf[0]);
 145      DO(ecc_export (buf[1], &y, PK_PUBLIC, &userb));
 146      ecc_free (&userb);
 147
 148      /* import and make the shared secret again */
 149      DO(ecc_import (buf[1], y, &userb));
 150
 151      z = sizeof(buf[0]);
 152      DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
 153
 154      if (z != x) {
 155        fprintf(stderr, "failed.  Size don't match?");
 156        return 1;
 157      }
 158      if (memcmp (buf[0], buf[2], x)) {
 159        fprintf(stderr, "Failed.  Contents didn't match.");
 160        return 1;
 161      }
 162
 163      /* export with ANSI X9.63 */
 164      y = sizeof(buf[1]);
 165      DO(ecc_ansi_x963_export(&userb, buf[1], &y));
 166      ecc_free (&userb);
 167
 168      /* now import the ANSI key */
 169      DO(ecc_ansi_x963_import(buf[1], y, &userb));
 170
 171      /* shared secret */
 172      z = sizeof(buf[0]);
 173      DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
 174
 175      if (z != x) {
 176        fprintf(stderr, "failed.  Size don't match?");
 177        return 1;
 178      }
 179      if (memcmp (buf[0], buf[2], x)) {
 180        fprintf(stderr, "Failed.  Contents didn't match.");
 181        return 1;
 182      }
 183
 184      ecc_free (&usera);
 185      ecc_free (&userb);
 186
 187      /* test encrypt_key */
 188      DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
 189
 190      /* export key */
 191      x = sizeof(buf[0]);
 192      DO(ecc_export(buf[0], &x, PK_PUBLIC, &usera));
 193      DO(ecc_import(buf[0], x, &pubKey));
 194      x = sizeof(buf[0]);
 195      DO(ecc_export(buf[0], &x, PK_PRIVATE, &usera));
 196      DO(ecc_import(buf[0], x, &privKey));
 197
 198      for (x = 0; x < 32; x++) {
 199         buf[0][x] = x;
 200      }
 201      y = sizeof (buf[1]);
 202      DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &yarrow_prng, find_prng ("yarrow"), find_hash ("sha256"), &pubKey));
 203      zeromem (buf[0], sizeof (buf[0]));
 204      x = sizeof (buf[0]);
 205      DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey));
 206      if (x != 32) {
 207        fprintf(stderr, "Failed (length)");
 208        return 1;
 209      }
 210      for (x = 0; x < 32; x++) {
 211         if (buf[0][x] != x) {
 212            fprintf(stderr, "Failed (contents)");
 213            return 1;
 214         }
 215      }
 216      /* test sign_hash */
 217      for (x = 0; x < 16; x++) {
 218         buf[0][x] = x;
 219      }
 220      x = sizeof (buf[1]);
 221      DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey));
 222      DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey));
 223      buf[0][0] ^= 1;
 224      DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey));
 225      if (!(stat == 1 && stat2 == 0)) {
 226         fprintf(stderr, "ecc_verify_hash failed %d, %d, ", stat, stat2);
 227         return 1;
 228      }
 229      ecc_free (&usera);
 230      ecc_free (&pubKey);
 231      ecc_free (&privKey);
 232   }
 233 #ifdef LTC_ECC_SHAMIR
 234   return ecc_test_shamir();
 235 #else
 236   return 0;
 237 #endif
 238 }
 239
 240 #else
 241
 242 int ecc_tests(void)
 243 {
 244    fprintf(stderr, "NOP");
 245    return 0;
 246 }
 247
 248 #endif
 249
 250 /* $Source: /cvs/libtom/libtomcrypt/testprof/ecc_test.c,v $ */
 251 /* $Revision: 1.21 $ */
 252 /* $Date: 2006/12/04 03:21:03 $ */