1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include <tomcrypt_test.h>
10
11 #if defined(LTC_MDSA) && defined(LTC_TEST_MPI)
12
13 /* This is the private key from test_dsa.key */
14 static const unsigned char openssl_priv_dsa[] = {
15 0x30, 0x82, 0x01, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc5,
16 0x0a, 0x37, 0x51, 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a,
17 0x6f, 0x6b, 0x4a, 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d,
18 0x9a, 0x64, 0xd6, 0x4c, 0xb5, 0x96, 0x7a, 0xdc, 0xed, 0xac, 0xa8, 0xac,
19 0xc6, 0x1b, 0x65, 0x5a, 0xde, 0xdb, 0x00, 0x61, 0x25, 0x1a, 0x18, 0x2c,
20 0xee, 0xa1, 0x07, 0x90, 0x62, 0x5e, 0x4d, 0x12, 0x31, 0x90, 0xc7, 0x03,
21 0x21, 0xfa, 0x09, 0xe7, 0xb1, 0x73, 0xd7, 0x8e, 0xaf, 0xdb, 0xfd, 0xbf,
22 0xb3, 0xef, 0xad, 0xd1, 0xa1, 0x2a, 0x03, 0x6d, 0xe7, 0x06, 0x92, 0x4a,
23 0x85, 0x2a, 0xff, 0x7a, 0x01, 0x66, 0x53, 0x1f, 0xea, 0xc6, 0x67, 0x41,
24 0x84, 0x5a, 0xc0, 0x6c, 0xed, 0x62, 0xf9, 0xc2, 0x62, 0x62, 0x05, 0xa4,
25 0xfa, 0x48, 0xa0, 0x66, 0xec, 0x35, 0xc9, 0xa8, 0x11, 0xfe, 0xb9, 0x81,
26 0xab, 0xee, 0xbe, 0x31, 0xb6, 0xbf, 0xcf, 0x02, 0x15, 0x00, 0xaa, 0x5b,
27 0xd7, 0xf4, 0xe5, 0x06, 0x24, 0x13, 0xe5, 0x88, 0x35, 0xca, 0x00, 0xc7,
28 0xa6, 0x35, 0x71, 0x61, 0x94, 0xc5, 0x02, 0x81, 0x80, 0x3b, 0x92, 0xe4,
29 0xff, 0x59, 0x29, 0x15, 0x0b, 0x08, 0x99, 0x5a, 0x7b, 0xf2, 0xad, 0x14,
30 0x40, 0x55, 0x6f, 0xa0, 0x47, 0xff, 0x90, 0x99, 0xb3, 0x44, 0xb3, 0xd4,
31 0xfc, 0x45, 0x15, 0x05, 0xae, 0x67, 0x22, 0x43, 0x9c, 0xba, 0x37, 0x10,
32 0xa5, 0x89, 0x47, 0x37, 0xec, 0xcc, 0xf5, 0xae, 0xad, 0xa8, 0xb4, 0x7a,
33 0x35, 0xcb, 0x9d, 0x93, 0x5c, 0xed, 0xe6, 0xb0, 0x7e, 0x96, 0x94, 0xc4,
34 0xa6, 0x0c, 0x7d, 0xd6, 0x70, 0x8a, 0x09, 0x4f, 0x81, 0x4a, 0x0e, 0xc2,
35 0x13, 0xfb, 0xeb, 0x16, 0xbf, 0xea, 0xa4, 0xf4, 0x56, 0xff, 0x72, 0x30,
36 0x05, 0xde, 0x8a, 0x44, 0x3f, 0xbe, 0xc6, 0x85, 0x26, 0x55, 0xd6, 0x2d,
37 0x1d, 0x1e, 0xdb, 0x15, 0xda, 0xa4, 0x45, 0x83, 0x3c, 0x17, 0x97, 0x98,
38 0x0b, 0x8d, 0x87, 0xf3, 0x49, 0x0d, 0x90, 0xbd, 0xa9, 0xab, 0x67, 0x6e,
39 0x87, 0x68, 0x72, 0x23, 0xdc, 0x02, 0x81, 0x80, 0x53, 0x16, 0xb0, 0xfb,
40 0xbf, 0x59, 0x8a, 0x5e, 0x55, 0x95, 0xc1, 0x4f, 0xac, 0x43, 0xb8, 0x08,
41 0x53, 0xe6, 0xcf, 0x0d, 0x92, 0x23, 0xfa, 0xb1, 0x84, 0x59, 0x52, 0x39,
42 0xbf, 0xcb, 0xf2, 0x2d, 0x38, 0x3a, 0xdd, 0x93, 0x52, 0x05, 0x49, 0x7e,
43 0x2b, 0x12, 0xc4, 0x61, 0x73, 0xe3, 0x6f, 0x54, 0xbd, 0x96, 0xe5, 0xa7,
44 0xaa, 0xa9, 0x5a, 0x58, 0xa4, 0xb7, 0x67, 0xd2, 0xc0, 0xbd, 0xc8, 0x1e,
45 0xb1, 0x3a, 0x12, 0x4f, 0x98, 0xc0, 0x05, 0xef, 0x39, 0x5d, 0x6a, 0xba,
46 0xb7, 0x0b, 0x3b, 0xd8, 0xb7, 0x95, 0xdd, 0x79, 0x6e, 0xa2, 0xd2, 0x84,
47 0x73, 0x47, 0x03, 0x88, 0xb4, 0x64, 0xd9, 0xb9, 0xb8, 0x4f, 0xf1, 0xc9,
48 0x34, 0xbb, 0xf9, 0x73, 0x66, 0xf5, 0x7c, 0x2e, 0x11, 0xfe, 0xc3, 0x31,
49 0xe6, 0x08, 0x38, 0x59, 0x67, 0x81, 0xeb, 0x6d, 0x41, 0x27, 0xd7, 0x0d,
50 0x74, 0xaf, 0xa0, 0x35, 0x02, 0x15, 0x00, 0x99, 0x36, 0xe5, 0xe4, 0xe9,
51 0xfb, 0x28, 0xbe, 0x91, 0xf5, 0x06, 0x5f, 0xe8, 0xc9, 0x35, 0xb3, 0xf5,
52 0xd8, 0x1f, 0xc5
53 };
54
55 /* private key - raw hexadecimal numbers */
56 static const char *hex_g = "3B92E4FF5929150B08995A7BF2AD1440556FA047FF9099B344B3D4FC451505AE6722439CBA3710A5894737ECCCF5AEADA8B47A35CB9D935CEDE6B07E9694C4A60C7DD6708A094F814A0EC213FBEB16BFEAA4F456FF723005DE8A443FBEC6852655D62D1D1EDB15DAA445833C1797980B8D87F3490D90BDA9AB676E87687223DC";
57 static const char *hex_p = "C50A37515CABD618D5A270BD4A6F6B4AF9E139950F2B99387D9A64D64CB5967ADCEDACA8ACC61B655ADEDB0061251A182CEEA10790625E4D123190C70321FA09E7B173D78EAFDBFDBFB3EFADD1A12A036DE706924A852AFF7A0166531FEAC66741845AC06CED62F9C2626205A4FA48A066EC35C9A811FEB981ABEEBE31B6BFCF";
58 static const char *hex_q = "AA5BD7F4E5062413E58835CA00C7A635716194C5";
59 static const char *hex_x = "9936E5E4E9FB28BE91F5065FE8C935B3F5D81FC5";
60 static const char *hex_y = "5316B0FBBF598A5E5595C14FAC43B80853E6CF0D9223FAB184595239BFCBF22D383ADD935205497E2B12C46173E36F54BD96E5A7AAA95A58A4B767D2C0BDC81EB13A124F98C005EF395D6ABAB70B3BD8B795DD796EA2D28473470388B464D9B9B84FF1C934BBF97366F57C2E11FEC331E60838596781EB6D4127D70D74AFA035";
61
62 /* The public part of test_dsa.key in SubjectPublicKeyInfo format */
63 static const unsigned char openssl_pub_dsa[] = {
64 0x30, 0x82, 0x01, 0xb6, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86,
65 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81,
66 0x00, 0xc5, 0x0a, 0x37, 0x51, 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70,
67 0xbd, 0x4a, 0x6f, 0x6b, 0x4a, 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99,
68 0x38, 0x7d, 0x9a, 0x64, 0xd6, 0x4c, 0xb5, 0x96, 0x7a, 0xdc, 0xed, 0xac,
69 0xa8, 0xac, 0xc6, 0x1b, 0x65, 0x5a, 0xde, 0xdb, 0x00, 0x61, 0x25, 0x1a,
70 0x18, 0x2c, 0xee, 0xa1, 0x07, 0x90, 0x62, 0x5e, 0x4d, 0x12, 0x31, 0x90,
71 0xc7, 0x03, 0x21, 0xfa, 0x09, 0xe7, 0xb1, 0x73, 0xd7, 0x8e, 0xaf, 0xdb,
72 0xfd, 0xbf, 0xb3, 0xef, 0xad, 0xd1, 0xa1, 0x2a, 0x03, 0x6d, 0xe7, 0x06,
73 0x92, 0x4a, 0x85, 0x2a, 0xff, 0x7a, 0x01, 0x66, 0x53, 0x1f, 0xea, 0xc6,
74 0x67, 0x41, 0x84, 0x5a, 0xc0, 0x6c, 0xed, 0x62, 0xf9, 0xc2, 0x62, 0x62,
75 0x05, 0xa4, 0xfa, 0x48, 0xa0, 0x66, 0xec, 0x35, 0xc9, 0xa8, 0x11, 0xfe,
76 0xb9, 0x81, 0xab, 0xee, 0xbe, 0x31, 0xb6, 0xbf, 0xcf, 0x02, 0x15, 0x00,
77 0xaa, 0x5b, 0xd7, 0xf4, 0xe5, 0x06, 0x24, 0x13, 0xe5, 0x88, 0x35, 0xca,
78 0x00, 0xc7, 0xa6, 0x35, 0x71, 0x61, 0x94, 0xc5, 0x02, 0x81, 0x80, 0x3b,
79 0x92, 0xe4, 0xff, 0x59, 0x29, 0x15, 0x0b, 0x08, 0x99, 0x5a, 0x7b, 0xf2,
80 0xad, 0x14, 0x40, 0x55, 0x6f, 0xa0, 0x47, 0xff, 0x90, 0x99, 0xb3, 0x44,
81 0xb3, 0xd4, 0xfc, 0x45, 0x15, 0x05, 0xae, 0x67, 0x22, 0x43, 0x9c, 0xba,
82 0x37, 0x10, 0xa5, 0x89, 0x47, 0x37, 0xec, 0xcc, 0xf5, 0xae, 0xad, 0xa8,
83 0xb4, 0x7a, 0x35, 0xcb, 0x9d, 0x93, 0x5c, 0xed, 0xe6, 0xb0, 0x7e, 0x96,
84 0x94, 0xc4, 0xa6, 0x0c, 0x7d, 0xd6, 0x70, 0x8a, 0x09, 0x4f, 0x81, 0x4a,
85 0x0e, 0xc2, 0x13, 0xfb, 0xeb, 0x16, 0xbf, 0xea, 0xa4, 0xf4, 0x56, 0xff,
86 0x72, 0x30, 0x05, 0xde, 0x8a, 0x44, 0x3f, 0xbe, 0xc6, 0x85, 0x26, 0x55,
87 0xd6, 0x2d, 0x1d, 0x1e, 0xdb, 0x15, 0xda, 0xa4, 0x45, 0x83, 0x3c, 0x17,
88 0x97, 0x98, 0x0b, 0x8d, 0x87, 0xf3, 0x49, 0x0d, 0x90, 0xbd, 0xa9, 0xab,
89 0x67, 0x6e, 0x87, 0x68, 0x72, 0x23, 0xdc, 0x03, 0x81, 0x84, 0x00, 0x02,
90 0x81, 0x80, 0x53, 0x16, 0xb0, 0xfb, 0xbf, 0x59, 0x8a, 0x5e, 0x55, 0x95,
91 0xc1, 0x4f, 0xac, 0x43, 0xb8, 0x08, 0x53, 0xe6, 0xcf, 0x0d, 0x92, 0x23,
92 0xfa, 0xb1, 0x84, 0x59, 0x52, 0x39, 0xbf, 0xcb, 0xf2, 0x2d, 0x38, 0x3a,
93 0xdd, 0x93, 0x52, 0x05, 0x49, 0x7e, 0x2b, 0x12, 0xc4, 0x61, 0x73, 0xe3,
94 0x6f, 0x54, 0xbd, 0x96, 0xe5, 0xa7, 0xaa, 0xa9, 0x5a, 0x58, 0xa4, 0xb7,
95 0x67, 0xd2, 0xc0, 0xbd, 0xc8, 0x1e, 0xb1, 0x3a, 0x12, 0x4f, 0x98, 0xc0,
96 0x05, 0xef, 0x39, 0x5d, 0x6a, 0xba, 0xb7, 0x0b, 0x3b, 0xd8, 0xb7, 0x95,
97 0xdd, 0x79, 0x6e, 0xa2, 0xd2, 0x84, 0x73, 0x47, 0x03, 0x88, 0xb4, 0x64,
98 0xd9, 0xb9, 0xb8, 0x4f, 0xf1, 0xc9, 0x34, 0xbb, 0xf9, 0x73, 0x66, 0xf5,
99 0x7c, 0x2e, 0x11, 0xfe, 0xc3, 0x31, 0xe6, 0x08, 0x38, 0x59, 0x67, 0x81,
100 0xeb, 0x6d, 0x41, 0x27, 0xd7, 0x0d, 0x74, 0xaf, 0xa0, 0x35
101 };
102
103 static unsigned char dsaparam_der[] = {
104 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xc5, 0x0a, 0x37, 0x51,
105 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a, 0x6f, 0x6b, 0x4a,
106 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d, 0x9a, 0x64, 0xd6,
107 0x4c, 0xb5, 0x96, 0x7a, 0xdc, 0xed, 0xac, 0xa8, 0xac, 0xc6, 0x1b, 0x65,
108 0x5a, 0xde, 0xdb, 0x00, 0x61, 0x25, 0x1a, 0x18, 0x2c, 0xee, 0xa1, 0x07,
109 0x90, 0x62, 0x5e, 0x4d, 0x12, 0x31, 0x90, 0xc7, 0x03, 0x21, 0xfa, 0x09,
110 0xe7, 0xb1, 0x73, 0xd7, 0x8e, 0xaf, 0xdb, 0xfd, 0xbf, 0xb3, 0xef, 0xad,
111 0xd1, 0xa1, 0x2a, 0x03, 0x6d, 0xe7, 0x06, 0x92, 0x4a, 0x85, 0x2a, 0xff,
112 0x7a, 0x01, 0x66, 0x53, 0x1f, 0xea, 0xc6, 0x67, 0x41, 0x84, 0x5a, 0xc0,
113 0x6c, 0xed, 0x62, 0xf9, 0xc2, 0x62, 0x62, 0x05, 0xa4, 0xfa, 0x48, 0xa0,
114 0x66, 0xec, 0x35, 0xc9, 0xa8, 0x11, 0xfe, 0xb9, 0x81, 0xab, 0xee, 0xbe,
115 0x31, 0xb6, 0xbf, 0xcf, 0x02, 0x15, 0x00, 0xaa, 0x5b, 0xd7, 0xf4, 0xe5,
116 0x06, 0x24, 0x13, 0xe5, 0x88, 0x35, 0xca, 0x00, 0xc7, 0xa6, 0x35, 0x71,
117 0x61, 0x94, 0xc5, 0x02, 0x81, 0x80, 0x3b, 0x92, 0xe4, 0xff, 0x59, 0x29,
118 0x15, 0x0b, 0x08, 0x99, 0x5a, 0x7b, 0xf2, 0xad, 0x14, 0x40, 0x55, 0x6f,
119 0xa0, 0x47, 0xff, 0x90, 0x99, 0xb3, 0x44, 0xb3, 0xd4, 0xfc, 0x45, 0x15,
120 0x05, 0xae, 0x67, 0x22, 0x43, 0x9c, 0xba, 0x37, 0x10, 0xa5, 0x89, 0x47,
121 0x37, 0xec, 0xcc, 0xf5, 0xae, 0xad, 0xa8, 0xb4, 0x7a, 0x35, 0xcb, 0x9d,
122 0x93, 0x5c, 0xed, 0xe6, 0xb0, 0x7e, 0x96, 0x94, 0xc4, 0xa6, 0x0c, 0x7d,
123 0xd6, 0x70, 0x8a, 0x09, 0x4f, 0x81, 0x4a, 0x0e, 0xc2, 0x13, 0xfb, 0xeb,
124 0x16, 0xbf, 0xea, 0xa4, 0xf4, 0x56, 0xff, 0x72, 0x30, 0x05, 0xde, 0x8a,
125 0x44, 0x3f, 0xbe, 0xc6, 0x85, 0x26, 0x55, 0xd6, 0x2d, 0x1d, 0x1e, 0xdb,
126 0x15, 0xda, 0xa4, 0x45, 0x83, 0x3c, 0x17, 0x97, 0x98, 0x0b, 0x8d, 0x87,
127 0xf3, 0x49, 0x0d, 0x90, 0xbd, 0xa9, 0xab, 0x67, 0x6e, 0x87, 0x68, 0x72,
128 0x23, 0xdc
129 };
130
131
_dsa_compat_test(void)132 static int _dsa_compat_test(void)
133 {
134 dsa_key key;
135 unsigned char tmp[1024], buf[1024];
136 unsigned long x, len;
137 unsigned char key_parts[5][256];
138 unsigned long key_lens[5];
139 int stat;
140
141 DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key));
142
143 x = sizeof(tmp);
144 DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key));
145 if (compare_testvector(tmp, x, openssl_priv_dsa, sizeof(openssl_priv_dsa),
146 "DSA private export failed from dsa_import(priv_key)\n", __LINE__)) {
147 return CRYPT_FAIL_TESTVECTOR;
148 }
149
150 x = sizeof(tmp);
151 DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key));
152 if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa),
153 "DSA public export failed from dsa_import(priv_key)\n", __LINE__)) {
154 return CRYPT_FAIL_TESTVECTOR;
155 }
156 dsa_free(&key);
157
158 DO(dsa_import(openssl_pub_dsa, sizeof(openssl_pub_dsa), &key));
159
160 x = sizeof(tmp);
161 DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key));
162 if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa),
163 "DSA public export failed from dsa_import(pub_key)\n", __LINE__)) {
164 return CRYPT_FAIL_TESTVECTOR;
165 }
166 dsa_free(&key);
167
168 /* try import private key from raw hexadecimal numbers */
169 for (x = 0; x < 5; ++x) {
170 key_lens[x] = sizeof(key_parts[x]);
171 }
172 DO(radix_to_bin(hex_p, 16, key_parts[0], &key_lens[0]));
173 DO(radix_to_bin(hex_q, 16, key_parts[1], &key_lens[1]));
174 DO(radix_to_bin(hex_g, 16, key_parts[2], &key_lens[2]));
175 DO(radix_to_bin(hex_y, 16, key_parts[3], &key_lens[3]));
176 DO(radix_to_bin(hex_x, 16, key_parts[4], &key_lens[4]));
177
178 DO(dsa_set_pqg(key_parts[0], key_lens[0],
179 key_parts[1], key_lens[1],
180 key_parts[2], key_lens[2],
181 &key));
182 DO(dsa_set_key(key_parts[4], key_lens[4],
183 PK_PRIVATE,
184 &key));
185 len = sizeof(buf);
186 DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key));
187 if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa),
188 "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)) {
189 return CRYPT_FAIL_TESTVECTOR;
190 }
191 dsa_free(&key);
192
193 /* try import public key from raw hexadecimal numbers */
194 DO(dsa_set_pqg(key_parts[0], key_lens[0],
195 key_parts[1], key_lens[1],
196 key_parts[2], key_lens[2],
197 &key));
198 DO(dsa_set_key(key_parts[3], key_lens[3],
199 PK_PUBLIC,
200 &key));
201 len = sizeof(buf);
202 DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key));
203 if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa),
204 "DSA public export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)) {
205 return CRYPT_FAIL_TESTVECTOR;
206 }
207 dsa_free(&key);
208
209 /* try import dsaparam */
210 DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key));
211 DO(dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key));
212 /* verify it */
213 DO(dsa_verify_key(&key, &stat));
214 if (stat == 0) {
215 fprintf(stderr, "dsa_verify_key after dsa_set_pqg_dsaparam()");
216 return CRYPT_FAIL_TESTVECTOR;
217 }
218 dsa_free(&key);
219
220 /* try import dsaparam - our public key */
221 DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key));
222 DO(dsa_set_key(key_parts[3], key_lens[3],
223 PK_PUBLIC,
224 &key));
225 len = sizeof(buf);
226 DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key));
227 if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa),
228 "DSA public export failed from dsa_set_pqg_dsaparam()\n", __LINE__)) {
229 return CRYPT_FAIL_TESTVECTOR;
230 }
231 dsa_free(&key);
232
233 /* try import dsaparam - our private key */
234 DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key));
235 DO(dsa_set_key(key_parts[4], key_lens[4],
236 PK_PRIVATE,
237 &key));
238 len = sizeof(buf);
239 DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key));
240 if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa),
241 "DSA private export failed from dsa_set_pqg_dsaparam()\n", __LINE__)) {
242 return CRYPT_FAIL_TESTVECTOR;
243 }
244 dsa_free(&key);
245
246 return CRYPT_OK;
247 }
248
_dsa_wycheproof_test(void)249 static int _dsa_wycheproof_test(void)
250 {
251 /* test case from https://github.com/google/wycheproof/blob/master/testvectors/dsa_test.json
252 *
253 * "comment" : "appending unused 0's",
254 * "message" : "48656c6c6f",
255 * "result" : "invalid",
256 * "sig" : "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862360000",
257 * "tcId" : 55
258 */
259 unsigned char msg[] = { 0x48, 0x65, 0x6c, 0x6c, 0x6f };
260 unsigned char sig[] = { 0x30, 0x3d, 0x02, 0x1c, 0x1e, 0x41, 0xb4, 0x79, 0xad, 0x57, 0x69, 0x05, 0xb9, 0x60, 0xfe,
261 0x14, 0xea, 0xdb, 0x91, 0xb0, 0xcc, 0xf3, 0x48, 0x43, 0xda, 0xb9, 0x16, 0x17, 0x3b, 0xb8,
262 0xc9, 0xcd, 0x02, 0x1d, 0x00, 0xad, 0xe6, 0x59, 0x88, 0xd2, 0x37, 0xd3, 0x0f, 0x9e, 0xf4,
263 0x1d, 0xd4, 0x24, 0xa4, 0xe1, 0xc8, 0xf1, 0x69, 0x67, 0xcf, 0x33, 0x65, 0x81, 0x3f, 0xe8,
264 0x78, 0x62, 0x36, 0x00, 0x00 };
265 const char* b64key =
266 "MIIDQjCCAjUGByqGSM44BAEwggIoAoIBAQCPeTXZuarpv6vtiHrPSVG28y7FnjuvNxjo6sSWHz79"
267 "NgbnQ1GpxBgzObgJ58KuHFObp0dbhdARrbi0eYd1SYRpXKwOjxSzNggooi/6JxEKPWKpk0U0CaD+"
268 "aWxGWPhL3SCBnDcJoBBXsZWtzQAjPbpUhLYpH51kjviDRIZ3l5zsBLQ0pqwudemYXeI9sCkvwRGM"
269 "n/qdgYHnM423krcw17njSVkvaAmYchU5Feo9a4tGU8YzRY+AOzKkwuDycpAlbk4/ijsIOKHEUOTh"
270 "jBopo33fXqFD3ktm/wSQPtXPFiPhWNSHxgjpfyEc2B3KI8tuOAdl+CLjQr5ITAV2OTlgHNZnAh0A"
271 "uvaWpoV499/e5/pnyXfHhe8ysjO65YDAvNVpXQKCAQAWplxYIEhQcE51AqOXVwQNNNo6NHjBVNTk"
272 "pcAtJC7gT5bmHkvQkEq9rI837rHgnzGC0jyQQ8tkL4gAQWDt+coJsyB2p5wypifyRz6Rh5uixOdE"
273 "vSCBVEy1W4AsNo0fqD7UielOD6BojjJCilx4xHjGjQUntxyaOrsLC+EsRGiWOefTznTbEBplqiuH"
274 "9kxoJts+xy9LVZmDS7TtsC98kOmkltOlXVNb6/xF1PYZ9j897buHOSXC8iTgdzEpbaiH7B5HSPh+"
275 "+1/et1SEMWsiMt7lU92vAhErDR8C2jCXMiT+J67ai51LKSLZuovjntnhA6Y8UoELxoi34u1DFuHv"
276 "F9veA4IBBQACggEAHnf4QrGuD82ZKdOUFh1B4UYU/3UHqaMfSh8U0i4qYnofTllmJIg/GlsWjpQl"
277 "FG8i1fbuKHV0FHFLuZS6ESnwFdbgSnF+35tTCl1cq5TxRjHotM95rrNYzHQYRVU4QeisRhYw6ASm"
278 "L0Nna6Z5SvZomcN3uGnqYSp7n+ZhGqlr5S64tiyXkRe7vMqKfsHh/6scffz8cEhwDTrjhYE26Jdw"
279 "HXwpIbXf7x0fiX9Q2WyhtcLtxYytoYkZ41ZC8IB+6/oAyZoy9NCVwxiPeO1UcRvgMlxLUyrszWVA"
280 "pWfDJyJUQOoVMZveBlEEeaGGF5niW1fezHPANtdaBwK9NzyiMTSZMQ==";
281 unsigned char derkey[838];
282 unsigned long derlen = sizeof(derkey);
283 unsigned char hash[32];
284 unsigned long hashlen = sizeof(hash);
285 dsa_key key;
286 int stat;
287
288 DO(base64_decode((unsigned char*)b64key, strlen(b64key), derkey, &derlen));
289 if (derlen != 838) {
290 fprintf(stderr, "base64_decode failed, derlen=%lu (expected 838)\n", derlen);
291 return CRYPT_FAIL_TESTVECTOR;
292 }
293 DO(dsa_import(derkey, derlen, &key));
294 DO(hash_memory(find_hash("sha224"), msg, sizeof(msg), hash, &hashlen));
295 if (hashlen != 28) {
296 fprintf(stderr, "hash_memory failed, hashlen=%lu (expected 32)\n", hashlen);
297 return CRYPT_FAIL_TESTVECTOR;
298 }
299
300 stat = 666; /* intentionally not one, not zero */
301 DO(dsa_verify_hash(sig, sizeof(sig)-2, hash, hashlen, &stat, &key));
302 /* without the last two 0x00 bytes it is a valid signature */
303 if (stat != 1) {
304 fprintf(stderr, "dsa_verify_hash rejected valid signature\n");
305 return CRYPT_FAIL_TESTVECTOR;
306 }
307
308 stat = 666; /* intentionally not one, not zero */
309 DO(dsa_verify_hash(sig, sizeof(sig), hash, hashlen, &stat, &key));
310 /* this should be invalid */
311 if (stat != 0) {
312 fprintf(stderr, "dsa_verify_hash did not reject invalid signature\n");
313 return CRYPT_FAIL_TESTVECTOR;
314 }
315
316 dsa_free(&key);
317 return CRYPT_OK;
318 }
319
dsa_test(void)320 int dsa_test(void)
321 {
322 unsigned char msg[16], out[1024], out2[1024], ch;
323 unsigned long x, y;
324 int stat1, stat2;
325 dsa_key key, key2;
326
327 DO(_dsa_compat_test());
328 DO(_dsa_wycheproof_test());
329
330 /* make a random key */
331 DO(dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), 20, 128, &key));
332 DO(dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key));
333
334 /* verify it */
335 DO(dsa_verify_key(&key, &stat1));
336 if (stat1 == 0) { fprintf(stderr, "dsa_verify_key "); return 1; }
337
338 /* encrypt a message */
339 for (ch = 0; ch < 16; ch++) { msg[ch] = ch; }
340 x = sizeof(out);
341 DO(dsa_encrypt_key(msg, 16, out, &x, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &key));
342
343 /* decrypt */
344 y = sizeof(out2);
345 DO(dsa_decrypt_key(out, x, out2, &y, &key));
346
347 if (y != 16 || memcmp(out2, msg, 16)) {
348 fprintf(stderr, "dsa_decrypt failed, y == %lu\n", y);
349 return 1;
350 }
351
352 /* sign the message */
353 x = sizeof(out);
354 DO(dsa_sign_hash(msg, sizeof(msg), out, &x, &yarrow_prng, find_prng("yarrow"), &key));
355
356 /* verify it once */
357 DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key));
358
359 /* Modify and verify again */
360 msg[0] ^= 1;
361 DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat2, &key));
362 msg[0] ^= 1;
363 if (!(stat1 == 1 && stat2 == 0)) { fprintf(stderr, "dsa_verify %d %d", stat1, stat2); return 1; }
364
365 /* test exporting it */
366 y = sizeof(out2);
367 DO(dsa_export(out2, &y, PK_PRIVATE, &key));
368 DO(dsa_import(out2, y, &key2));
369
370 /* verify a signature with it */
371 DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2));
372 if (stat1 == 0) { fprintf(stderr, "dsa_verify (import private) %d ", stat1); return 1; }
373 dsa_free(&key2);
374
375 /* export as public now */
376 y = sizeof(out2);
377 DO(dsa_export(out2, &y, PK_PUBLIC, &key));
378
379 DO(dsa_import(out2, y, &key2));
380 /* verify a signature with it */
381 DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2));
382 if (stat1 == 0) { fprintf(stderr, "dsa_verify (import public) %d ", stat1); return 1; }
383 dsa_free(&key2);
384 dsa_free(&key);
385
386 return 0;
387 }
388
389 #else
390
dsa_test(void)391 int dsa_test(void)
392 {
393 return CRYPT_NOP;
394 }
395
396 #endif
397
398 /* ref: HEAD -> master, tag: v1.18.2 */
399 /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
400 /* commit time: 2018-07-01 22:49:01 +0200 */
401