diff options
Diffstat (limited to 'src/util/gnunet-crypto-tvg.c')
-rw-r--r-- | src/util/gnunet-crypto-tvg.c | 1092 |
1 files changed, 0 insertions, 1092 deletions
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c deleted file mode 100644 index 28e44e28b..000000000 --- a/src/util/gnunet-crypto-tvg.c +++ /dev/null | |||
@@ -1,1092 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2020 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/gnunet-crypto-tgv.c | ||
23 | * @brief Generate test vectors for cryptographic operations. | ||
24 | * @author Florian Dold | ||
25 | * | ||
26 | * Note that this program shouldn't depend on code in src/json/, | ||
27 | * so we're using raw jansson and no GNUnet JSON helpers. | ||
28 | * | ||
29 | * Test vectors have the following format (TypeScript pseudo code): | ||
30 | * | ||
31 | * interface TestVectorFile { | ||
32 | * encoding: "base32crockford"; | ||
33 | * producer?: string; | ||
34 | * vectors: TestVector[]; | ||
35 | * } | ||
36 | * | ||
37 | * enum Operation { | ||
38 | * Hash("hash"), | ||
39 | * ... | ||
40 | * } | ||
41 | * | ||
42 | * interface TestVector { | ||
43 | * operation: Operation; | ||
44 | * // Inputs for the operation | ||
45 | * [ k: string]: string | number; | ||
46 | * }; | ||
47 | * | ||
48 | * | ||
49 | */ | ||
50 | #include "platform.h" | ||
51 | #include "gnunet_util_lib.h" | ||
52 | #include "gnunet_signatures.h" | ||
53 | #include "gnunet_testing_lib.h" | ||
54 | #include <jansson.h> | ||
55 | #include <gcrypt.h> | ||
56 | |||
57 | GNUNET_NETWORK_STRUCT_BEGIN | ||
58 | |||
59 | /** | ||
60 | * Sample signature struct. | ||
61 | * | ||
62 | * Purpose is #GNUNET_SIGNATURE_PURPOSE_TEST | ||
63 | */ | ||
64 | struct TestSignatureDataPS | ||
65 | { | ||
66 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
67 | uint32_t testval; | ||
68 | }; | ||
69 | |||
70 | GNUNET_NETWORK_STRUCT_END | ||
71 | |||
72 | |||
73 | /** | ||
74 | * Should we verify or output test vectors? | ||
75 | */ | ||
76 | static int verify_flag = GNUNET_NO; | ||
77 | |||
78 | |||
79 | /** | ||
80 | * Global exit code. | ||
81 | */ | ||
82 | static int global_ret = 0; | ||
83 | |||
84 | |||
85 | /** | ||
86 | * Create a fresh test vector for a given operation label. | ||
87 | * | ||
88 | * @param vecs array of vectors to append the new vector to | ||
89 | * @param vecname label for the operation of the vector | ||
90 | * @returns the fresh test vector | ||
91 | */ | ||
92 | static json_t * | ||
93 | vec_for (json_t *vecs, const char *vecname) | ||
94 | { | ||
95 | json_t *t = json_object (); | ||
96 | |||
97 | json_object_set_new (t, | ||
98 | "operation", | ||
99 | json_string (vecname)); | ||
100 | json_array_append_new (vecs, t); | ||
101 | return t; | ||
102 | } | ||
103 | |||
104 | |||
105 | /** | ||
106 | * Add a base32crockford encoded value | ||
107 | * to a test vector. | ||
108 | * | ||
109 | * @param vec test vector to add to | ||
110 | * @param label label for the value | ||
111 | * @param data data to add | ||
112 | * @param size size of data | ||
113 | */ | ||
114 | static void | ||
115 | d2j (json_t *vec, | ||
116 | const char *label, | ||
117 | const void *data, | ||
118 | size_t size) | ||
119 | { | ||
120 | char *buf; | ||
121 | json_t *json; | ||
122 | |||
123 | buf = GNUNET_STRINGS_data_to_string_alloc (data, size); | ||
124 | json = json_string (buf); | ||
125 | GNUNET_free (buf); | ||
126 | GNUNET_break (NULL != json); | ||
127 | |||
128 | json_object_set_new (vec, label, json); | ||
129 | } | ||
130 | |||
131 | |||
132 | /** | ||
133 | * Add a number to a test vector. | ||
134 | * | ||
135 | * @param vec test vector to add to | ||
136 | * @param label label for the value | ||
137 | * @param data data to add | ||
138 | * @param size size of data | ||
139 | */ | ||
140 | static void | ||
141 | uint2j (json_t *vec, | ||
142 | const char *label, | ||
143 | unsigned int num) | ||
144 | { | ||
145 | json_t *json = json_integer (num); | ||
146 | |||
147 | json_object_set_new (vec, label, json); | ||
148 | } | ||
149 | |||
150 | |||
151 | static int | ||
152 | expect_data_fixed (json_t *vec, | ||
153 | const char *name, | ||
154 | void *data, | ||
155 | size_t expect_len) | ||
156 | { | ||
157 | const char *s = json_string_value (json_object_get (vec, name)); | ||
158 | |||
159 | if (NULL == s) | ||
160 | return GNUNET_NO; | ||
161 | |||
162 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, | ||
163 | strlen (s), | ||
164 | data, | ||
165 | expect_len)) | ||
166 | return GNUNET_NO; | ||
167 | return GNUNET_OK; | ||
168 | } | ||
169 | |||
170 | |||
171 | static int | ||
172 | expect_data_dynamic (json_t *vec, | ||
173 | const char *name, | ||
174 | void **data, | ||
175 | size_t *ret_len) | ||
176 | { | ||
177 | const char *s = json_string_value (json_object_get (vec, name)); | ||
178 | char *tmp; | ||
179 | size_t len; | ||
180 | |||
181 | if (NULL == s) | ||
182 | return GNUNET_NO; | ||
183 | |||
184 | len = (strlen (s) * 5) / 8; | ||
185 | if (NULL != ret_len) | ||
186 | *ret_len = len; | ||
187 | tmp = GNUNET_malloc (len); | ||
188 | |||
189 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len)) | ||
190 | { | ||
191 | GNUNET_free (tmp); | ||
192 | return GNUNET_NO; | ||
193 | } | ||
194 | *data = tmp; | ||
195 | return GNUNET_OK; | ||
196 | } | ||
197 | |||
198 | |||
199 | /** | ||
200 | * Check a single vector. | ||
201 | * | ||
202 | * @param operation operator of the vector | ||
203 | * @param vec the vector, a JSON object. | ||
204 | * | ||
205 | * @returns GNUNET_OK if the vector is okay | ||
206 | */ | ||
207 | static int | ||
208 | checkvec (const char *operation, | ||
209 | json_t *vec) | ||
210 | { | ||
211 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
212 | "checking %s\n", operation); | ||
213 | |||
214 | if (0 == strcmp (operation, "hash")) | ||
215 | { | ||
216 | void *data; | ||
217 | size_t data_len; | ||
218 | struct GNUNET_HashCode hash_out; | ||
219 | struct GNUNET_HashCode hc; | ||
220 | |||
221 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
222 | "input", | ||
223 | &data, | ||
224 | &data_len)) | ||
225 | { | ||
226 | GNUNET_break (0); | ||
227 | return GNUNET_SYSERR; | ||
228 | } | ||
229 | if (GNUNET_OK != expect_data_fixed (vec, | ||
230 | "output", | ||
231 | &hash_out, | ||
232 | sizeof (hash_out))) | ||
233 | { | ||
234 | GNUNET_free (data); | ||
235 | GNUNET_break (0); | ||
236 | return GNUNET_NO; | ||
237 | } | ||
238 | |||
239 | GNUNET_CRYPTO_hash (data, data_len, &hc); | ||
240 | |||
241 | if (0 != GNUNET_memcmp (&hc, &hash_out)) | ||
242 | { | ||
243 | GNUNET_free (data); | ||
244 | GNUNET_break (0); | ||
245 | return GNUNET_NO; | ||
246 | } | ||
247 | GNUNET_free (data); | ||
248 | } | ||
249 | else if (0 == strcmp (operation, "ecc_ecdh")) | ||
250 | { | ||
251 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
252 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
253 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
254 | struct GNUNET_HashCode skm; | ||
255 | struct GNUNET_HashCode skm_comp; | ||
256 | |||
257 | if (GNUNET_OK != expect_data_fixed (vec, | ||
258 | "priv1", | ||
259 | &priv1, | ||
260 | sizeof (priv1))) | ||
261 | { | ||
262 | GNUNET_break (0); | ||
263 | return GNUNET_NO; | ||
264 | } | ||
265 | if (GNUNET_OK != expect_data_fixed (vec, | ||
266 | "priv2", | ||
267 | &priv2, | ||
268 | sizeof (priv2))) | ||
269 | { | ||
270 | GNUNET_break (0); | ||
271 | return GNUNET_NO; | ||
272 | } | ||
273 | if (GNUNET_OK != expect_data_fixed (vec, | ||
274 | "pub1", | ||
275 | &pub1, | ||
276 | sizeof (pub1))) | ||
277 | { | ||
278 | GNUNET_break (0); | ||
279 | return GNUNET_NO; | ||
280 | } | ||
281 | if (GNUNET_OK != expect_data_fixed (vec, | ||
282 | "skm", | ||
283 | &skm, | ||
284 | sizeof (skm))) | ||
285 | { | ||
286 | GNUNET_break (0); | ||
287 | return GNUNET_NO; | ||
288 | } | ||
289 | GNUNET_assert (GNUNET_OK == | ||
290 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
291 | &pub1, | ||
292 | &skm_comp)); | ||
293 | if (0 != GNUNET_memcmp (&skm, &skm_comp)) | ||
294 | { | ||
295 | GNUNET_break (0); | ||
296 | return GNUNET_NO; | ||
297 | } | ||
298 | } | ||
299 | else if (0 == strcmp (operation, "eddsa_key_derivation")) | ||
300 | { | ||
301 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
302 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
303 | struct GNUNET_CRYPTO_EddsaPublicKey pub_comp; | ||
304 | |||
305 | if (GNUNET_OK != expect_data_fixed (vec, | ||
306 | "priv", | ||
307 | &priv, | ||
308 | sizeof (priv))) | ||
309 | { | ||
310 | GNUNET_break (0); | ||
311 | return GNUNET_NO; | ||
312 | } | ||
313 | |||
314 | if (GNUNET_OK != expect_data_fixed (vec, | ||
315 | "pub", | ||
316 | &pub, | ||
317 | sizeof (pub))) | ||
318 | { | ||
319 | GNUNET_break (0); | ||
320 | return GNUNET_NO; | ||
321 | } | ||
322 | |||
323 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
324 | &pub_comp); | ||
325 | if (0 != GNUNET_memcmp (&pub, &pub_comp)) | ||
326 | { | ||
327 | GNUNET_break (0); | ||
328 | return GNUNET_NO; | ||
329 | } | ||
330 | |||
331 | } | ||
332 | else if (0 == strcmp (operation, "eddsa_signing")) | ||
333 | { | ||
334 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
335 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
336 | struct TestSignatureDataPS data = { 0 }; | ||
337 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
338 | struct GNUNET_CRYPTO_EddsaSignature sig_comp; | ||
339 | |||
340 | if (GNUNET_OK != expect_data_fixed (vec, | ||
341 | "priv", | ||
342 | &priv, | ||
343 | sizeof (priv))) | ||
344 | { | ||
345 | GNUNET_break (0); | ||
346 | return GNUNET_NO; | ||
347 | } | ||
348 | |||
349 | if (GNUNET_OK != expect_data_fixed (vec, | ||
350 | "pub", | ||
351 | &pub, | ||
352 | sizeof (pub))) | ||
353 | { | ||
354 | GNUNET_break (0); | ||
355 | return GNUNET_NO; | ||
356 | } | ||
357 | |||
358 | if (GNUNET_OK != expect_data_fixed (vec, | ||
359 | "data", | ||
360 | &data, | ||
361 | sizeof (data))) | ||
362 | { | ||
363 | GNUNET_break (0); | ||
364 | return GNUNET_NO; | ||
365 | } | ||
366 | |||
367 | if (GNUNET_OK != expect_data_fixed (vec, | ||
368 | "sig", | ||
369 | &sig, | ||
370 | sizeof (sig))) | ||
371 | { | ||
372 | GNUNET_break (0); | ||
373 | return GNUNET_NO; | ||
374 | } | ||
375 | |||
376 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
377 | &data, | ||
378 | &sig_comp); | ||
379 | GNUNET_assert (GNUNET_OK == | ||
380 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
381 | &data, | ||
382 | &sig, | ||
383 | &pub)); | ||
384 | if (0 != GNUNET_memcmp (&sig, &sig_comp)) | ||
385 | { | ||
386 | GNUNET_break (0); | ||
387 | return GNUNET_NO; | ||
388 | } | ||
389 | } | ||
390 | else if (0 == strcmp (operation, "kdf")) | ||
391 | { | ||
392 | size_t out_len; | ||
393 | void *out; | ||
394 | size_t out_len_comp; | ||
395 | void *out_comp; | ||
396 | void *ikm; | ||
397 | size_t ikm_len; | ||
398 | void *salt; | ||
399 | size_t salt_len; | ||
400 | void *ctx; | ||
401 | size_t ctx_len; | ||
402 | |||
403 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
404 | "out", | ||
405 | &out, | ||
406 | &out_len)) | ||
407 | { | ||
408 | GNUNET_break (0); | ||
409 | return GNUNET_SYSERR; | ||
410 | } | ||
411 | |||
412 | out_len_comp = out_len; | ||
413 | out_comp = GNUNET_malloc (out_len_comp); | ||
414 | |||
415 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
416 | "ikm", | ||
417 | &ikm, | ||
418 | &ikm_len)) | ||
419 | { | ||
420 | GNUNET_free (out); | ||
421 | GNUNET_free (out_comp); | ||
422 | GNUNET_break (0); | ||
423 | return GNUNET_SYSERR; | ||
424 | } | ||
425 | |||
426 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
427 | "salt", | ||
428 | &salt, | ||
429 | &salt_len)) | ||
430 | { | ||
431 | GNUNET_free (out); | ||
432 | GNUNET_free (out_comp); | ||
433 | GNUNET_free (ikm); | ||
434 | GNUNET_break (0); | ||
435 | return GNUNET_SYSERR; | ||
436 | } | ||
437 | |||
438 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
439 | "ctx", | ||
440 | &ctx, | ||
441 | &ctx_len)) | ||
442 | { | ||
443 | GNUNET_free (out); | ||
444 | GNUNET_free (out_comp); | ||
445 | GNUNET_free (ikm); | ||
446 | GNUNET_free (salt); | ||
447 | GNUNET_break (0); | ||
448 | return GNUNET_SYSERR; | ||
449 | } | ||
450 | |||
451 | GNUNET_assert (GNUNET_OK == | ||
452 | GNUNET_CRYPTO_kdf (out_comp, | ||
453 | out_len_comp, | ||
454 | salt, | ||
455 | salt_len, | ||
456 | ikm, | ||
457 | ikm_len, | ||
458 | ctx, | ||
459 | ctx_len, | ||
460 | NULL)); | ||
461 | |||
462 | if (0 != memcmp (out, out_comp, out_len)) | ||
463 | { | ||
464 | GNUNET_free (out); | ||
465 | GNUNET_free (out_comp); | ||
466 | GNUNET_free (ikm); | ||
467 | GNUNET_free (salt); | ||
468 | GNUNET_free (ctx); | ||
469 | GNUNET_break (0); | ||
470 | return GNUNET_NO; | ||
471 | } | ||
472 | GNUNET_free (out); | ||
473 | GNUNET_free (out_comp); | ||
474 | GNUNET_free (ikm); | ||
475 | GNUNET_free (salt); | ||
476 | GNUNET_free (ctx); | ||
477 | } | ||
478 | else if (0 == strcmp (operation, "eddsa_ecdh")) | ||
479 | { | ||
480 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
481 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
482 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
483 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
484 | struct GNUNET_HashCode key_material; | ||
485 | struct GNUNET_HashCode key_material_comp; | ||
486 | |||
487 | if (GNUNET_OK != expect_data_fixed (vec, | ||
488 | "priv_ecdhe", | ||
489 | &priv_ecdhe, | ||
490 | sizeof (priv_ecdhe))) | ||
491 | { | ||
492 | GNUNET_break (0); | ||
493 | return GNUNET_NO; | ||
494 | } | ||
495 | |||
496 | if (GNUNET_OK != expect_data_fixed (vec, | ||
497 | "pub_ecdhe", | ||
498 | &pub_ecdhe, | ||
499 | sizeof (pub_ecdhe))) | ||
500 | { | ||
501 | GNUNET_break (0); | ||
502 | return GNUNET_NO; | ||
503 | } | ||
504 | |||
505 | if (GNUNET_OK != expect_data_fixed (vec, | ||
506 | "priv_eddsa", | ||
507 | &priv_eddsa, | ||
508 | sizeof (priv_eddsa))) | ||
509 | { | ||
510 | GNUNET_break (0); | ||
511 | return GNUNET_NO; | ||
512 | } | ||
513 | |||
514 | if (GNUNET_OK != expect_data_fixed (vec, | ||
515 | "pub_eddsa", | ||
516 | &pub_eddsa, | ||
517 | sizeof (pub_eddsa))) | ||
518 | { | ||
519 | GNUNET_break (0); | ||
520 | return GNUNET_NO; | ||
521 | } | ||
522 | |||
523 | if (GNUNET_OK != expect_data_fixed (vec, | ||
524 | "key_material", | ||
525 | &key_material, | ||
526 | sizeof (key_material))) | ||
527 | { | ||
528 | GNUNET_break (0); | ||
529 | return GNUNET_NO; | ||
530 | } | ||
531 | |||
532 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp); | ||
533 | |||
534 | if (0 != GNUNET_memcmp (&key_material, &key_material_comp)) | ||
535 | { | ||
536 | GNUNET_break (0); | ||
537 | return GNUNET_NO; | ||
538 | } | ||
539 | } | ||
540 | else if (0 == strcmp (operation, "rsa_blind_signing")) | ||
541 | { | ||
542 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
543 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
544 | struct GNUNET_HashCode message_hash; | ||
545 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
546 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
547 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
548 | void *blinded_data; | ||
549 | size_t blinded_len; | ||
550 | void *blinded_data_comp; | ||
551 | size_t blinded_len_comp; | ||
552 | void *public_enc_data; | ||
553 | size_t public_enc_len; | ||
554 | void *secret_enc_data; | ||
555 | size_t secret_enc_len; | ||
556 | void *sig_enc_data; | ||
557 | size_t sig_enc_length; | ||
558 | void *sig_enc_data_comp; | ||
559 | size_t sig_enc_length_comp; | ||
560 | |||
561 | if (GNUNET_OK != expect_data_fixed (vec, | ||
562 | "message_hash", | ||
563 | &message_hash, | ||
564 | sizeof (message_hash))) | ||
565 | { | ||
566 | GNUNET_break (0); | ||
567 | return GNUNET_SYSERR; | ||
568 | } | ||
569 | |||
570 | if (GNUNET_OK != expect_data_fixed (vec, | ||
571 | "blinding_key_secret", | ||
572 | &bks, | ||
573 | sizeof (bks))) | ||
574 | { | ||
575 | GNUNET_break (0); | ||
576 | return GNUNET_SYSERR; | ||
577 | } | ||
578 | |||
579 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
580 | "blinded_message", | ||
581 | &blinded_data, | ||
582 | &blinded_len)) | ||
583 | { | ||
584 | GNUNET_break (0); | ||
585 | return GNUNET_SYSERR; | ||
586 | } | ||
587 | |||
588 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
589 | "rsa_public_key", | ||
590 | &public_enc_data, | ||
591 | &public_enc_len)) | ||
592 | { | ||
593 | GNUNET_free (blinded_data); | ||
594 | GNUNET_break (0); | ||
595 | return GNUNET_SYSERR; | ||
596 | } | ||
597 | |||
598 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
599 | "rsa_private_key", | ||
600 | &secret_enc_data, | ||
601 | &secret_enc_len)) | ||
602 | { | ||
603 | GNUNET_free (blinded_data); | ||
604 | GNUNET_free (public_enc_data); | ||
605 | GNUNET_break (0); | ||
606 | return GNUNET_SYSERR; | ||
607 | } | ||
608 | |||
609 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
610 | "sig", | ||
611 | &sig_enc_data, | ||
612 | &sig_enc_length)) | ||
613 | { | ||
614 | GNUNET_free (blinded_data); | ||
615 | GNUNET_free (public_enc_data); | ||
616 | GNUNET_free (secret_enc_data); | ||
617 | GNUNET_break (0); | ||
618 | return GNUNET_SYSERR; | ||
619 | } | ||
620 | |||
621 | pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data, | ||
622 | public_enc_len); | ||
623 | GNUNET_assert (NULL != pkey); | ||
624 | skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data, | ||
625 | secret_enc_len); | ||
626 | GNUNET_assert (NULL != skey); | ||
627 | |||
628 | GNUNET_assert (GNUNET_YES == | ||
629 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
630 | &bks, | ||
631 | pkey, | ||
632 | &blinded_data_comp, | ||
633 | &blinded_len_comp)); | ||
634 | if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data, | ||
635 | blinded_data_comp, | ||
636 | blinded_len)) ) | ||
637 | { | ||
638 | GNUNET_free (blinded_data); | ||
639 | GNUNET_free (public_enc_data); | ||
640 | GNUNET_free (secret_enc_data); | ||
641 | GNUNET_free (sig_enc_data); | ||
642 | GNUNET_free (skey); | ||
643 | GNUNET_break (0); | ||
644 | return GNUNET_NO; | ||
645 | } | ||
646 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
647 | blinded_len); | ||
648 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
649 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
650 | pkey)); | ||
651 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
652 | &public_enc_data); | ||
653 | sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, | ||
654 | &sig_enc_data_comp); | ||
655 | |||
656 | if ( (sig_enc_length != sig_enc_length_comp) || | ||
657 | (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) )) | ||
658 | { | ||
659 | GNUNET_free (blinded_sig); | ||
660 | GNUNET_free (blinded_data); | ||
661 | GNUNET_free (public_enc_data); | ||
662 | GNUNET_free (secret_enc_data); | ||
663 | GNUNET_free (sig_enc_data); | ||
664 | GNUNET_free (skey); | ||
665 | GNUNET_break (0); | ||
666 | return GNUNET_NO; | ||
667 | } | ||
668 | GNUNET_free (blinded_sig); | ||
669 | GNUNET_free (blinded_data); | ||
670 | GNUNET_free (public_enc_data); | ||
671 | GNUNET_free (secret_enc_data); | ||
672 | GNUNET_free (sig_enc_data); | ||
673 | GNUNET_free (skey); | ||
674 | } | ||
675 | else | ||
676 | { | ||
677 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
678 | "unsupported operation '%s'\n", operation); | ||
679 | } | ||
680 | |||
681 | return GNUNET_OK; | ||
682 | } | ||
683 | |||
684 | |||
685 | /** | ||
686 | * Check test vectors from stdin. | ||
687 | * | ||
688 | * @returns global exit code | ||
689 | */ | ||
690 | static int | ||
691 | check_vectors () | ||
692 | { | ||
693 | json_error_t err; | ||
694 | json_t *vecfile = json_loadf (stdin, 0, &err); | ||
695 | const char *encoding; | ||
696 | json_t *vectors; | ||
697 | |||
698 | if (NULL == vecfile) | ||
699 | { | ||
700 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n"); | ||
701 | return 1; | ||
702 | } | ||
703 | encoding = json_string_value (json_object_get (vecfile, | ||
704 | "encoding")); | ||
705 | if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) ) | ||
706 | { | ||
707 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n"); | ||
708 | json_decref (vecfile); | ||
709 | return 1; | ||
710 | } | ||
711 | vectors = json_object_get (vecfile, "vectors"); | ||
712 | if (! json_is_array (vectors)) | ||
713 | { | ||
714 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n"); | ||
715 | json_decref (vecfile); | ||
716 | return 1; | ||
717 | } | ||
718 | { | ||
719 | /* array is a JSON array */ | ||
720 | size_t index; | ||
721 | json_t *value; | ||
722 | int ret; | ||
723 | |||
724 | json_array_foreach (vectors, index, value) { | ||
725 | const char *op = json_string_value (json_object_get (value, | ||
726 | "operation")); | ||
727 | |||
728 | if (NULL == op) | ||
729 | { | ||
730 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
731 | "missing operation\n"); | ||
732 | ret = GNUNET_SYSERR; | ||
733 | break; | ||
734 | } | ||
735 | ret = checkvec (op, value); | ||
736 | if (GNUNET_OK != ret) | ||
737 | { | ||
738 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
739 | "bad vector %u\n", | ||
740 | (unsigned int) index); | ||
741 | break; | ||
742 | } | ||
743 | } | ||
744 | return (ret == GNUNET_OK) ? 0 : 1; | ||
745 | } | ||
746 | } | ||
747 | |||
748 | |||
749 | /** | ||
750 | * Output test vectors. | ||
751 | * | ||
752 | * @returns global exit code | ||
753 | */ | ||
754 | static int | ||
755 | output_vectors () | ||
756 | { | ||
757 | json_t *vecfile = json_object (); | ||
758 | json_t *vecs = json_array (); | ||
759 | |||
760 | json_object_set_new (vecfile, | ||
761 | "encoding", | ||
762 | json_string ("base32crockford")); | ||
763 | json_object_set_new (vecfile, | ||
764 | "producer", | ||
765 | json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION)); | ||
766 | json_object_set_new (vecfile, | ||
767 | "vectors", | ||
768 | vecs); | ||
769 | |||
770 | { | ||
771 | json_t *vec = vec_for (vecs, "hash"); | ||
772 | struct GNUNET_HashCode hc; | ||
773 | char *str = "Hello, GNUnet"; | ||
774 | |||
775 | GNUNET_CRYPTO_hash (str, strlen (str), &hc); | ||
776 | |||
777 | d2j (vec, "input", str, strlen (str)); | ||
778 | d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode)); | ||
779 | } | ||
780 | { | ||
781 | json_t *vec = vec_for (vecs, "ecc_ecdh"); | ||
782 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
783 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
784 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
785 | struct GNUNET_HashCode skm; | ||
786 | |||
787 | GNUNET_CRYPTO_ecdhe_key_create (&priv1); | ||
788 | GNUNET_CRYPTO_ecdhe_key_create (&priv2); | ||
789 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv1, | ||
790 | &pub1); | ||
791 | GNUNET_assert (GNUNET_OK == | ||
792 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
793 | &pub1, | ||
794 | &skm)); | ||
795 | |||
796 | d2j (vec, | ||
797 | "priv1", | ||
798 | &priv1, | ||
799 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
800 | d2j (vec, | ||
801 | "pub1", | ||
802 | &pub1, | ||
803 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
804 | d2j (vec, | ||
805 | "priv2", | ||
806 | &priv2, | ||
807 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
808 | d2j (vec, | ||
809 | "skm", | ||
810 | &skm, | ||
811 | sizeof (struct GNUNET_HashCode)); | ||
812 | } | ||
813 | |||
814 | { | ||
815 | json_t *vec = vec_for (vecs, "eddsa_key_derivation"); | ||
816 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
817 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
818 | |||
819 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
820 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
821 | &pub); | ||
822 | |||
823 | d2j (vec, | ||
824 | "priv", | ||
825 | &priv, | ||
826 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
827 | d2j (vec, | ||
828 | "pub", | ||
829 | &pub, | ||
830 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
831 | } | ||
832 | { | ||
833 | json_t *vec = vec_for (vecs, "eddsa_signing"); | ||
834 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
835 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
836 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
837 | struct TestSignatureDataPS data = { 0 }; | ||
838 | |||
839 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
840 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
841 | &pub); | ||
842 | data.purpose.size = htonl (sizeof (data)); | ||
843 | data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | ||
844 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
845 | &data, | ||
846 | &sig); | ||
847 | GNUNET_assert (GNUNET_OK == | ||
848 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
849 | &data, | ||
850 | &sig, | ||
851 | &pub)); | ||
852 | |||
853 | d2j (vec, | ||
854 | "priv", | ||
855 | &priv, | ||
856 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
857 | d2j (vec, | ||
858 | "pub", | ||
859 | &pub, | ||
860 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
861 | d2j (vec, | ||
862 | "data", | ||
863 | &data, | ||
864 | sizeof (struct TestSignatureDataPS)); | ||
865 | d2j (vec, | ||
866 | "sig", | ||
867 | &sig, | ||
868 | sizeof (struct GNUNET_CRYPTO_EddsaSignature)); | ||
869 | } | ||
870 | |||
871 | { | ||
872 | json_t *vec = vec_for (vecs, "kdf"); | ||
873 | size_t out_len = 64; | ||
874 | char out[out_len]; | ||
875 | char *ikm = "I'm the secret input key material"; | ||
876 | char *salt = "I'm very salty"; | ||
877 | char *ctx = "I'm a context chunk, also known as 'info' in the RFC"; | ||
878 | |||
879 | GNUNET_assert (GNUNET_OK == | ||
880 | GNUNET_CRYPTO_kdf (&out, | ||
881 | out_len, | ||
882 | salt, | ||
883 | strlen (salt), | ||
884 | ikm, | ||
885 | strlen (ikm), | ||
886 | ctx, | ||
887 | strlen (ctx), | ||
888 | NULL)); | ||
889 | |||
890 | d2j (vec, | ||
891 | "salt", | ||
892 | salt, | ||
893 | strlen (salt)); | ||
894 | d2j (vec, | ||
895 | "ikm", | ||
896 | ikm, | ||
897 | strlen (ikm)); | ||
898 | d2j (vec, | ||
899 | "ctx", | ||
900 | ctx, | ||
901 | strlen (ctx)); | ||
902 | uint2j (vec, | ||
903 | "out_len", | ||
904 | (unsigned int) out_len); | ||
905 | d2j (vec, | ||
906 | "out", | ||
907 | out, | ||
908 | out_len); | ||
909 | } | ||
910 | { | ||
911 | json_t *vec = vec_for (vecs, "eddsa_ecdh"); | ||
912 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
913 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
914 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
915 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
916 | struct GNUNET_HashCode key_material; | ||
917 | |||
918 | GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe); | ||
919 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe); | ||
920 | GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa); | ||
921 | GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa); | ||
922 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material); | ||
923 | |||
924 | d2j (vec, "priv_ecdhe", | ||
925 | &priv_ecdhe, | ||
926 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
927 | d2j (vec, "pub_ecdhe", | ||
928 | &pub_ecdhe, | ||
929 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
930 | d2j (vec, "priv_eddsa", | ||
931 | &priv_eddsa, | ||
932 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
933 | d2j (vec, "pub_eddsa", | ||
934 | &pub_eddsa, | ||
935 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
936 | d2j (vec, "key_material", | ||
937 | &key_material, | ||
938 | sizeof (struct GNUNET_HashCode)); | ||
939 | } | ||
940 | |||
941 | { | ||
942 | json_t *vec = vec_for (vecs, "rsa_blind_signing"); | ||
943 | |||
944 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
945 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
946 | struct GNUNET_HashCode message_hash; | ||
947 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
948 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
949 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
950 | void *blinded_data; | ||
951 | size_t blinded_len; | ||
952 | void *public_enc_data; | ||
953 | size_t public_enc_len; | ||
954 | void *secret_enc_data; | ||
955 | size_t secret_enc_len; | ||
956 | void *blinded_sig_enc_data; | ||
957 | size_t blinded_sig_enc_length; | ||
958 | void *sig_enc_data; | ||
959 | size_t sig_enc_length; | ||
960 | |||
961 | skey = GNUNET_CRYPTO_rsa_private_key_create (2048); | ||
962 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey); | ||
963 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
964 | &message_hash, | ||
965 | sizeof (struct GNUNET_HashCode)); | ||
966 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
967 | &bks, | ||
968 | sizeof (struct | ||
969 | GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
970 | GNUNET_assert (GNUNET_YES == | ||
971 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
972 | &bks, | ||
973 | pkey, | ||
974 | &blinded_data, | ||
975 | &blinded_len)); | ||
976 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
977 | blinded_len); | ||
978 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
979 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
980 | pkey)); | ||
981 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
982 | &public_enc_data); | ||
983 | secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey, | ||
984 | &secret_enc_data); | ||
985 | blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig, | ||
986 | & | ||
987 | blinded_sig_enc_data); | ||
988 | sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data); | ||
989 | d2j (vec, | ||
990 | "message_hash", | ||
991 | &message_hash, | ||
992 | sizeof (struct GNUNET_HashCode)); | ||
993 | d2j (vec, | ||
994 | "rsa_public_key", | ||
995 | public_enc_data, | ||
996 | public_enc_len); | ||
997 | d2j (vec, | ||
998 | "rsa_private_key", | ||
999 | secret_enc_data, | ||
1000 | secret_enc_len); | ||
1001 | d2j (vec, | ||
1002 | "blinding_key_secret", | ||
1003 | &bks, | ||
1004 | sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
1005 | d2j (vec, | ||
1006 | "blinded_message", | ||
1007 | blinded_data, | ||
1008 | blinded_len); | ||
1009 | d2j (vec, | ||
1010 | "blinded_sig", | ||
1011 | blinded_sig_enc_data, | ||
1012 | blinded_sig_enc_length); | ||
1013 | d2j (vec, | ||
1014 | "sig", | ||
1015 | sig_enc_data, | ||
1016 | sig_enc_length); | ||
1017 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
1018 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
1019 | GNUNET_CRYPTO_rsa_signature_free (sig); | ||
1020 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | ||
1021 | GNUNET_free (public_enc_data); | ||
1022 | GNUNET_free (blinded_data); | ||
1023 | GNUNET_free (sig_enc_data); | ||
1024 | GNUNET_free (blinded_sig_enc_data); | ||
1025 | GNUNET_free (secret_enc_data); | ||
1026 | } | ||
1027 | |||
1028 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | ||
1029 | json_decref (vecfile); | ||
1030 | printf ("\n"); | ||
1031 | |||
1032 | return 0; | ||
1033 | } | ||
1034 | |||
1035 | |||
1036 | /** | ||
1037 | * Main function that will be run. | ||
1038 | * | ||
1039 | * @param cls closure | ||
1040 | * @param args remaining command-line arguments | ||
1041 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
1042 | * @param cfg configuration | ||
1043 | */ | ||
1044 | static void | ||
1045 | run (void *cls, | ||
1046 | char *const *args, | ||
1047 | const char *cfgfile, | ||
1048 | const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
1049 | { | ||
1050 | if (GNUNET_YES == verify_flag) | ||
1051 | global_ret = check_vectors (); | ||
1052 | else | ||
1053 | global_ret = output_vectors (); | ||
1054 | } | ||
1055 | |||
1056 | |||
1057 | /** | ||
1058 | * The main function of the test vector generation tool. | ||
1059 | * | ||
1060 | * @param argc number of arguments from the command line | ||
1061 | * @param argv command line arguments | ||
1062 | * @return 0 ok, 1 on error | ||
1063 | */ | ||
1064 | int | ||
1065 | main (int argc, | ||
1066 | char *const *argv) | ||
1067 | { | ||
1068 | const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
1069 | GNUNET_GETOPT_option_flag ('V', | ||
1070 | "verify", | ||
1071 | gettext_noop ( | ||
1072 | "verify a test vector from stdin"), | ||
1073 | &verify_flag), | ||
1074 | GNUNET_GETOPT_OPTION_END | ||
1075 | }; | ||
1076 | |||
1077 | GNUNET_assert (GNUNET_OK == | ||
1078 | GNUNET_log_setup ("gnunet-crypto-tvg", | ||
1079 | "INFO", | ||
1080 | NULL)); | ||
1081 | if (GNUNET_OK != | ||
1082 | GNUNET_PROGRAM_run (argc, argv, | ||
1083 | "gnunet-crypto-tvg", | ||
1084 | "Generate test vectors for cryptographic operations", | ||
1085 | options, | ||
1086 | &run, NULL)) | ||
1087 | return 1; | ||
1088 | return global_ret; | ||
1089 | } | ||
1090 | |||
1091 | |||
1092 | /* end of gnunet-crypto-tvg.c */ | ||