1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#include "testutils.h"
#include "rsa.h"
#include "knuth-lfib.h"
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const unsigned char msg[] = "Squemish ossifrage";
size_t msg_length = LLENGTH(msg);
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(msg_length <= key.size);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(key.size + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, key.size + 1, decrypted);
after = decrypted[key.size];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[key.size] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* test side channel resistant variant */
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_sec_decrypt(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
decrypted_length, decrypted, gibberish));
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* test invalid length to rsa_sec_decrypt */
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
decrypted_length = msg_length - 1;
after = decrypted[decrypted_length] = 'X';
decrypted[0] = 'A';
ASSERT(!rsa_sec_decrypt(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
decrypted_length, decrypted, gibberish));
ASSERT(decrypted[decrypted_length] == after);
ASSERT(decrypted[0] == 'A');
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
|