"Fossies" - the Fresh Open Source Software Archive

Member "nettle-3.7.3/testsuite/rsa-sec-decrypt-test.c" (6 Jun 2021, 4672 Bytes) of package /linux/privat/nettle-3.7.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "rsa-sec-decrypt-test.c": 3.7.2_vs_3.7.3.

    1 #include "testutils.h"
    2 
    3 #include "rsa.h"
    4 #include "knuth-lfib.h"
    5 
    6 #if HAVE_VALGRIND_MEMCHECK_H
    7 # include <valgrind/memcheck.h>
    8 
    9 #define MARK_MPZ_LIMBS_UNDEFINED(parm) \
   10   VALGRIND_MAKE_MEM_UNDEFINED (mpz_limbs_read (parm), \
   11                                mpz_size (parm) * sizeof (mp_limb_t))
   12 #define MARK_MPZ_LIMBS_DEFINED(parm) \
   13   VALGRIND_MAKE_MEM_DEFINED (mpz_limbs_read (parm), \
   14                                mpz_size (parm) * sizeof (mp_limb_t))
   15 static int
   16 rsa_decrypt_for_test(const struct rsa_public_key *pub,
   17                      const struct rsa_private_key *key,
   18                      void *random_ctx, nettle_random_func *random,
   19                      size_t length, uint8_t *message,
   20                      const mpz_t gibberish)
   21 {
   22   int ret;
   23   /* Makes valgrind trigger on any branches depending on the input
   24      data. Except that (i) we have to allow rsa_sec_compute_root_tr to
   25      check that p and q are odd, (ii) mpn_sec_div_r may leak
   26      information about the most significant bits of p and q, due to
   27      normalization check and table lookup in invert_limb, and (iii)
   28      mpn_sec_powm may leak information about the least significant
   29      bits of p and q, due to table lookup in binvert_limb. */
   30   VALGRIND_MAKE_MEM_UNDEFINED (message, length);
   31   MARK_MPZ_LIMBS_UNDEFINED(gibberish);
   32   MARK_MPZ_LIMBS_UNDEFINED(key->a);
   33   MARK_MPZ_LIMBS_UNDEFINED(key->b);
   34   MARK_MPZ_LIMBS_UNDEFINED(key->c);
   35   VALGRIND_MAKE_MEM_UNDEFINED(mpz_limbs_read (key->p) + 1,
   36                   (mpz_size (key->p) - 3) * sizeof(mp_limb_t));
   37   VALGRIND_MAKE_MEM_UNDEFINED(mpz_limbs_read (key->q) + 1,
   38                   (mpz_size (key->q) - 3) * sizeof(mp_limb_t));
   39 
   40   ret = rsa_sec_decrypt (pub, key, random_ctx, random, length, message, gibberish);
   41 
   42   VALGRIND_MAKE_MEM_DEFINED (message, length);
   43   VALGRIND_MAKE_MEM_DEFINED (&ret, sizeof(ret));
   44   MARK_MPZ_LIMBS_DEFINED(gibberish);
   45   MARK_MPZ_LIMBS_DEFINED(key->a);
   46   MARK_MPZ_LIMBS_DEFINED(key->b);
   47   MARK_MPZ_LIMBS_DEFINED(key->c);
   48   MARK_MPZ_LIMBS_DEFINED(key->p);
   49   MARK_MPZ_LIMBS_DEFINED(key->q);
   50 
   51   return ret;
   52 }
   53 #else
   54 #define rsa_decrypt_for_test rsa_sec_decrypt
   55 #endif
   56 
   57 #define PAYLOAD_SIZE 50
   58 #define DECRYPTED_SIZE 256
   59 void
   60 test_main(void)
   61 {
   62   struct rsa_public_key pub;
   63   struct rsa_private_key key;
   64   struct knuth_lfib_ctx random_ctx;
   65 
   66   uint8_t plaintext[PAYLOAD_SIZE];
   67   uint8_t decrypted[DECRYPTED_SIZE];
   68   uint8_t verifybad[PAYLOAD_SIZE];
   69   unsigned n_size = 1024;
   70   mpz_t gibberish;
   71   mpz_t garbage;
   72   size_t size;
   73 
   74   rsa_private_key_init(&key);
   75   rsa_public_key_init(&pub);
   76   mpz_init(gibberish);
   77   mpz_init(garbage);
   78 
   79   knuth_lfib_init (&random_ctx, 19);
   80 
   81   memset(verifybad, 'A', PAYLOAD_SIZE);
   82 
   83   for (size = 1; size < 51; size++)
   84     {
   85       ASSERT (rsa_generate_keypair(&pub, &key, &random_ctx,
   86                        (nettle_random_func *) knuth_lfib_random,
   87                        NULL, NULL, n_size, 17));
   88 
   89       /* the next key will be 19 bits larger */
   90       n_size += 19;
   91 
   92       knuth_lfib_random (&random_ctx, PAYLOAD_SIZE, plaintext);
   93       ASSERT(rsa_encrypt(&pub, &random_ctx,
   94                          (nettle_random_func *) knuth_lfib_random,
   95                          PAYLOAD_SIZE, plaintext, gibberish));
   96 
   97       /* good decryption */
   98       ASSERT (rsa_decrypt_for_test (&pub, &key, &random_ctx,
   99                                     (nettle_random_func *) knuth_lfib_random,
  100                                     PAYLOAD_SIZE, decrypted, gibberish) == 1);
  101       ASSERT (MEMEQ (PAYLOAD_SIZE, plaintext, decrypted));
  102 
  103       ASSERT (pub.size > 10);
  104       ASSERT (pub.size <= DECRYPTED_SIZE);
  105 
  106       /* Check that too large message length is rejected, largest
  107      valid size is pub.size - 11. */
  108       ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx,
  109                      (nettle_random_func *) knuth_lfib_random,
  110                      pub.size - 10, decrypted, gibberish));
  111 
  112       /* This case used to result in arithmetic underflow and a crash. */
  113       ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx,
  114                      (nettle_random_func *) knuth_lfib_random,
  115                      pub.size, decrypted, gibberish));
  116 
  117       /* bad one */
  118       memcpy(decrypted, verifybad, PAYLOAD_SIZE);
  119       nettle_mpz_random_size(garbage, &random_ctx,
  120                              (nettle_random_func *) knuth_lfib_random,
  121                              mpz_sizeinbase(gibberish, 2));
  122 
  123       ASSERT (rsa_decrypt_for_test (&pub, &key, &random_ctx,
  124                                     (nettle_random_func *) knuth_lfib_random,
  125                                     PAYLOAD_SIZE, decrypted, garbage) == 0);
  126       ASSERT (MEMEQ (PAYLOAD_SIZE, verifybad, decrypted));
  127     }
  128 
  129   rsa_private_key_clear(&key);
  130   rsa_public_key_clear(&pub);
  131   mpz_clear(gibberish);
  132   mpz_clear(garbage);
  133 }
  134