diff options
author | Richard Levitte <levitte@openssl.org> | 2015-03-26 21:33:18 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2015-03-31 20:16:01 +0200 |
commit | dee502be89e78e2979e3bd1d7724cf79daa6ef61 (patch) | |
tree | 53e97582c488f1a484bd42e570de6a99768fd1df /crypto/ecdsa | |
parent | 30cd4ff294252c4b6a4b69cbef6a5b4117705d22 (diff) | |
download | openssl-dee502be89e78e2979e3bd1d7724cf79daa6ef61.tar.gz |
Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/ecdsa')
-rw-r--r-- | crypto/ecdsa/ecdsa.h | 333 | ||||
-rw-r--r-- | crypto/ecdsa/ecdsatest.c | 565 |
2 files changed, 0 insertions, 898 deletions
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h deleted file mode 100644 index f60c229c40..0000000000 --- a/crypto/ecdsa/ecdsa.h +++ /dev/null @@ -1,333 +0,0 @@ -/* crypto/ecdsa/ecdsa.h */ -/** - * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions - * \author Written by Nils Larsch for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_ECDSA_H -# define HEADER_ECDSA_H - -# include <openssl/opensslconf.h> - -# ifdef OPENSSL_NO_EC -# error EC is disabled. -# endif - -# include <openssl/ec.h> -# include <openssl/ossl_typ.h> -# ifdef OPENSSL_USE_DEPRECATED -# include <openssl/bn.h> -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -} ECDSA_SIG; - -/** Allocates and initialize a ECDSA_SIG structure - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_SIG_new(void); - -/** frees a ECDSA_SIG structure - * \param sig pointer to the ECDSA_SIG structure - */ -void ECDSA_SIG_free(ECDSA_SIG *sig); - -/** DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param sig pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 - */ -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); - -/** Decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). - * \param sig pointer to ECDSA_SIG pointer (may be NULL) - * \param pp memory buffer with the DER encoded signature - * \param len length of the buffer - * \return pointer to the decoded ECDSA_SIG structure (or NULL) - */ -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); - -/** Computes the ECDSA signature of the given hash value using - * the supplied private key and returns the created signature. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param eckey EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, - EC_KEY *eckey); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), - * see ECDSA_sign_setup - * \param eckey EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey); - -/** Verifies that the supplied signature is a valid ECDSA - * signature of the supplied hash value using the supplied public key. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param sig ECDSA_SIG structure - * \param eckey EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid - * and -1 on error - */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - -const ECDSA_METHOD *ECDSA_OpenSSL(void); - -/** Sets the default ECDSA method - * \param meth new default ECDSA_METHOD - */ -void ECDSA_set_default_method(const ECDSA_METHOD *meth); - -/** Returns the default ECDSA method - * \return pointer to ECDSA_METHOD structure containing the default method - */ -const ECDSA_METHOD *ECDSA_get_default_method(void); - -/** Sets method to be used for the ECDSA operations - * \param eckey EC_KEY object - * \param meth new method - * \return 1 on success and 0 otherwise - */ -int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); - -/** Returns the maximum length of the DER encoded signature - * \param eckey EC_KEY object - * \return numbers of bytes required for the DER encoded signature - */ -int ECDSA_size(const EC_KEY *eckey); - -/** Precompute parts of the signing operation - * \param eckey EC_KEY object containing a private EC key - * \param ctx BN_CTX object (optional) - * \param kinv BIGNUM pointer for the inverse of k - * \param rp BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig memory for the DER encoded created signature - * \param siglen pointer to the length of the returned signature - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), - * see ECDSA_sign_setup - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); - -/** Verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid - * and -1 on error - */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - -/* the standard ex_data functions */ -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); -void *ECDSA_get_ex_data(EC_KEY *d, int idx); - -/** Allocates and initialize a ECDSA_METHOD structure - * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) - * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred - */ - -ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); - -/** frees a ECDSA_METHOD structure - * \param ecdsa_method pointer to the ECDSA_METHOD structure - */ -void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); - -/** Sets application specific data in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param app application specific data to set - */ - -void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); - -/** Returns application specific data from a ECDSA_METHOD structure - * \param ecdsa_method pointer to ECDSA_METHOD structure - * \return pointer to application specific data. - */ - -void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); - -/** Set the ECDSA_do_sign function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_do_sign a funtion of type ECDSA_do_sign - */ - -void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, - ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char - *dgst, int dgst_len, - const BIGNUM *inv, - const BIGNUM *rp, - EC_KEY *eckey)); - -/** Set the ECDSA_sign_setup function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup - */ - -void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_sign_setup) (EC_KEY *eckey, - BN_CTX *ctx, - BIGNUM **kinv, - BIGNUM **r)); - -/** Set the ECDSA_do_verify function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_do_verify a funtion of type ECDSA_do_verify - */ - -void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_do_verify) (const unsigned char - *dgst, int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)); - -void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); - -/** Set the flags field in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param flags flags value to set - */ - -void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); - -/** Set the name field in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param name name to set - */ - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_ECDSA_strings(void); - -/* Error codes for the ECDSA functions. */ - -/* Function codes. */ -# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 -# define ECDSA_F_ECDSA_DO_SIGN 101 -# define ECDSA_F_ECDSA_DO_VERIFY 102 -# define ECDSA_F_ECDSA_METHOD_NEW 105 -# define ECDSA_F_ECDSA_SIGN_SETUP 103 - -/* Reason codes. */ -# define ECDSA_R_BAD_SIGNATURE 100 -# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 -# define ECDSA_R_ERR_EC_LIB 102 -# define ECDSA_R_MISSING_PARAMETERS 103 -# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 -# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 -# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c deleted file mode 100644 index 3a455b4747..0000000000 --- a/crypto/ecdsa/ecdsatest.c +++ /dev/null @@ -1,565 +0,0 @@ -/* crypto/ecdsa/ecdsatest.c */ -/* - * Written by Nils Larsch for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */ - -#ifdef OPENSSL_NO_EC -int main(int argc, char *argv[]) -{ - puts("Elliptic curves are disabled."); - return 0; -} -#else - -# include <openssl/crypto.h> -# include <openssl/bio.h> -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/ecdsa.h> -# ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -# endif -# include <openssl/err.h> -# include <openssl/rand.h> - -static const char rnd_seed[] = "string to make the random number generator " - "think it has entropy"; - -/* declaration of the test functions */ -int x9_62_tests(BIO *); -int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); -int test_builtin(BIO *); - -/* functions to change the RAND_METHOD */ -int change_rand(void); -int restore_rand(void); -int fbytes(unsigned char *buf, int num); - -RAND_METHOD fake_rand; -const RAND_METHOD *old_rand; - -int change_rand(void) -{ - /* save old rand method */ - if ((old_rand = RAND_get_rand_method()) == NULL) - return 0; - - fake_rand.seed = old_rand->seed; - fake_rand.cleanup = old_rand->cleanup; - fake_rand.add = old_rand->add; - fake_rand.status = old_rand->status; - /* use own random function */ - fake_rand.bytes = fbytes; - fake_rand.pseudorand = old_rand->bytes; - /* set new RAND_METHOD */ - if (!RAND_set_rand_method(&fake_rand)) - return 0; - return 1; -} - -int restore_rand(void) -{ - if (!RAND_set_rand_method(old_rand)) - return 0; - else - return 1; -} - -static int fbytes_counter = 0, use_fake = 0; -static const char *numbers[8] = { - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" - "55657156756655", - "1275552191113212300012030439187146164646146646466749494799", - "1542725565216523985789236956265265265235675811949404040041", - "1456427555219115346513212300075341203043918714616464614664" - "64667494947990", - "1712787255652165239672857892369562652652652356758119494040" - "40041670216363" -}; - -int fbytes(unsigned char *buf, int num) -{ - int ret; - BIGNUM *tmp = NULL; - - if (use_fake == 0) - return old_rand->bytes(buf, num); - - use_fake = 0; - - if (fbytes_counter >= 8) - return 0; - tmp = BN_new(); - if (!tmp) - return 0; - if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) { - BN_free(tmp); - return 0; - } - fbytes_counter++; - if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) - ret = 0; - else - ret = 1; - BN_free(tmp); - return ret; -} - -/* some tests from the X9.62 draft */ -int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) -{ - int ret = 0; - const char message[] = "abc"; - unsigned char digest[20]; - unsigned int dgst_len = 0; - EVP_MD_CTX md_ctx; - EC_KEY *key = NULL; - ECDSA_SIG *signature = NULL; - BIGNUM *r = NULL, *s = NULL; - BIGNUM *kinv = NULL, *rp = NULL; - - EVP_MD_CTX_init(&md_ctx); - /* get the message digest */ - if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) - || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) - || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) - goto x962_int_err; - - BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); - /* create the key */ - if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) - goto x962_int_err; - use_fake = 1; - if (!EC_KEY_generate_key(key)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create the signature */ - use_fake = 1; - /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ - if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) - goto x962_int_err; - signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); - if (signature == NULL) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* compare the created signature with the expected signature */ - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) - goto x962_int_err; - if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) - goto x962_int_err; - if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify the signature */ - if (ECDSA_do_verify(digest, 20, signature, key) != 1) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - ret = 1; - x962_int_err: - if (!ret) - BIO_printf(out, " failed\n"); - EC_KEY_free(key); - if (signature) - ECDSA_SIG_free(signature); - if (r) - BN_free(r); - if (s) - BN_free(s); - EVP_MD_CTX_cleanup(&md_ctx); - if (kinv) - BN_clear_free(kinv); - if (rp) - BN_clear_free(rp); - return ret; -} - -int x9_62_tests(BIO *out) -{ - int ret = 0; - - BIO_printf(out, "some tests from X9.62:\n"); - - /* set own rand method */ - if (!change_rand()) - goto x962_err; - - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) - goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_prime239v1, - "3086361431751678114926225473006680188549593787585317781474" - "62058306432176", - "3238135532097973577080787768312505059318910517550078427819" - "78505179448783")) - goto x962_err; -# ifndef OPENSSL_NO_EC2M - if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, - "87194383164871543355722284926904419997237591535066528048", - "308992691965804947361541664549085895292153777025772063598")) - goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, - "2159633321041961198501834003903461262881815148684178964245" - "5876922391552", - "1970303740007316867383349976549972270528498040721988191026" - "49413465737174")) - goto x962_err; -# endif - ret = 1; - x962_err: - if (!restore_rand()) - ret = 0; - return ret; -} - -int test_builtin(BIO *out) -{ - EC_builtin_curve *curves = NULL; - size_t crv_len = 0, n = 0; - EC_KEY *eckey = NULL, *wrong_eckey = NULL; - EC_GROUP *group; - ECDSA_SIG *ecdsa_sig = NULL; - unsigned char digest[20], wrong_digest[20]; - unsigned char *signature = NULL; - const unsigned char *sig_ptr; - unsigned char *sig_ptr2; - unsigned char *raw_buf = NULL; - unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; - int nid, ret = 0; - - /* fill digest values with some random data */ - if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) { - BIO_printf(out, "ERROR: unable to get random data\n"); - goto builtin_err; - } - - /* - * create and verify a ecdsa signature with every availble curve (with ) - */ - BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " - "with some internal curves:\n"); - - /* get a list of all internal curves */ - crv_len = EC_get_builtin_curves(NULL, 0); - - curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); - - if (curves == NULL) { - BIO_printf(out, "malloc error\n"); - goto builtin_err; - } - - if (!EC_get_builtin_curves(curves, crv_len)) { - BIO_printf(out, "unable to get internal curves\n"); - goto builtin_err; - } - - /* now create and verify a signature for every curve */ - for (n = 0; n < crv_len; n++) { - unsigned char dirt, offset; - - nid = curves[n].nid; - if (nid == NID_ipsec4) - continue; - /* create new ecdsa key (== EC_KEY) */ - if ((eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(eckey, group) == 0) - goto builtin_err; - EC_GROUP_free(group); - degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); - if (degree < 160) { - /* drop the curve */ - EC_KEY_free(eckey); - eckey = NULL; - continue; - } - BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); - /* create key */ - if (!EC_KEY_generate_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* create second key */ - if ((wrong_eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(wrong_eckey, group) == 0) - goto builtin_err; - EC_GROUP_free(group); - if (!EC_KEY_generate_key(wrong_eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - BIO_printf(out, "."); - (void)BIO_flush(out); - /* check key */ - if (!EC_KEY_check_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create signature */ - sig_len = ECDSA_size(eckey); - if ((signature = OPENSSL_malloc(sig_len)) == NULL) - goto builtin_err; - if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature with the wrong key */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong digest */ - if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong length */ - if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - /* - * Modify a single byte of the signature: to ensure we don't garble - * the ASN1 structure, we read the raw signature and modify a byte in - * one of the bignums directly. - */ - sig_ptr = signature; - if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - /* Store the two BIGNUMs in raw_buf. */ - r_len = BN_num_bytes(ecdsa_sig->r); - s_len = BN_num_bytes(ecdsa_sig->s); - bn_len = (degree + 7) / 8; - if ((r_len > bn_len) || (s_len > bn_len)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - buf_len = 2 * bn_len; - if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) - goto builtin_err; - /* Pad the bignums with leading zeroes. */ - memset(raw_buf, 0, buf_len); - BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); - BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); - - /* Modify a single byte in the buffer. */ - offset = raw_buf[10] % buf_len; - dirt = raw_buf[11] ? raw_buf[11] : 1; - raw_buf[offset] ^= dirt; - /* Now read the BIGNUMs back in from raw_buf. */ - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* - * Sanity check: undo the modification and verify signature. - */ - raw_buf[offset] ^= dirt; - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - /* cleanup */ - /* clean bogus errors */ - ERR_clear_error(); - OPENSSL_free(signature); - signature = NULL; - EC_KEY_free(eckey); - eckey = NULL; - EC_KEY_free(wrong_eckey); - wrong_eckey = NULL; - ECDSA_SIG_free(ecdsa_sig); - ecdsa_sig = NULL; - OPENSSL_free(raw_buf); - raw_buf = NULL; - } - - ret = 1; - builtin_err: - EC_KEY_free(eckey); - EC_KEY_free(wrong_eckey); - if (ecdsa_sig) - ECDSA_SIG_free(ecdsa_sig); - if (signature) - OPENSSL_free(signature); - if (raw_buf) - OPENSSL_free(raw_buf); - if (curves) - OPENSSL_free(curves); - - return ret; -} - -int main(void) -{ - int ret = 1; - BIO *out; - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && - (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } else { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - - /* initialize the prng */ - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ - if (!x9_62_tests(out)) - goto err; - if (!test_builtin(out)) - goto err; - - ret = 0; - err: - if (ret) - BIO_printf(out, "\nECDSA test failed\n"); - else - BIO_printf(out, "\nECDSA test passed\n"); - if (ret) - ERR_print_errors(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks(out); - BIO_free(out); - return ret; -} -#endif |