2013-08-17 12:20:15 +00:00
|
|
|
/**
|
2014-05-22 18:54:58 +00:00
|
|
|
* Copyright (c) 2013-2014 Tomas Dzetkulic
|
|
|
|
* Copyright (c) 2013-2014 Pavol Rusnak
|
2013-08-17 12:20:15 +00:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
* a copy of this software and associated documentation files (the "Software"),
|
|
|
|
* to deal in the Software without restriction, including without limitation
|
|
|
|
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
|
|
* and/or sell copies of the Software, and to permit persons to whom the
|
|
|
|
* Software is furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included
|
|
|
|
* in all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
|
|
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
|
|
|
|
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
|
|
|
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
|
|
* OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <openssl/ecdsa.h>
|
|
|
|
#include <openssl/obj_mac.h>
|
|
|
|
#include <openssl/sha.h>
|
2013-08-18 15:30:23 +00:00
|
|
|
#include <stdio.h>
|
2013-08-17 12:20:15 +00:00
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
#include "ecdsa.h"
|
|
|
|
#include "rand.h"
|
2017-12-09 23:22:41 +00:00
|
|
|
#include "hasher.h"
|
2017-06-05 15:02:21 +00:00
|
|
|
|
|
|
|
#include "nist256p1.h"
|
2015-05-27 14:48:57 +00:00
|
|
|
#include "secp256k1.h"
|
|
|
|
|
2017-06-05 15:02:21 +00:00
|
|
|
void openssl_check(unsigned int iterations, int nid, const ecdsa_curve *curve)
|
2013-08-17 12:20:15 +00:00
|
|
|
{
|
2013-09-24 13:54:36 +00:00
|
|
|
uint8_t sig[64], pub_key33[33], pub_key65[65], priv_key[32], msg[256], buffer[1000], hash[32], *p;
|
2013-08-17 12:20:15 +00:00
|
|
|
SHA256_CTX sha256;
|
|
|
|
EC_GROUP *ecgroup;
|
|
|
|
|
2017-06-05 15:02:21 +00:00
|
|
|
ecgroup = EC_GROUP_new_by_curve_name(nid);
|
|
|
|
|
|
|
|
for (unsigned int iter = 0; iter < iterations; iter++) {
|
2013-08-17 12:20:15 +00:00
|
|
|
|
|
|
|
// random message len between 1 and 256
|
2017-06-05 15:02:21 +00:00
|
|
|
int msg_len = (random32() & 0xFF) + 1;
|
2013-08-17 12:20:15 +00:00
|
|
|
// create random message
|
2017-06-05 15:02:21 +00:00
|
|
|
random_buffer(msg, msg_len);
|
|
|
|
|
2013-08-17 12:20:15 +00:00
|
|
|
// new ECDSA key
|
|
|
|
EC_KEY *eckey = EC_KEY_new();
|
|
|
|
EC_KEY_set_group(eckey, ecgroup);
|
2013-09-23 19:09:42 +00:00
|
|
|
|
2013-08-17 12:20:15 +00:00
|
|
|
// generate the key
|
|
|
|
EC_KEY_generate_key(eckey);
|
|
|
|
// copy key to buffer
|
2013-09-23 19:09:42 +00:00
|
|
|
p = buffer;
|
2013-08-17 12:20:15 +00:00
|
|
|
i2d_ECPrivateKey(eckey, &p);
|
|
|
|
|
|
|
|
// size of the key is in buffer[8] and the key begins right after that
|
2017-06-05 15:02:21 +00:00
|
|
|
int s = buffer[8];
|
2013-08-17 12:20:15 +00:00
|
|
|
// extract key data
|
2017-06-05 15:02:21 +00:00
|
|
|
if (s > 32) {
|
|
|
|
for (int j = 0; j < 32; j++) {
|
|
|
|
priv_key[j] = buffer[j + s - 23];
|
2013-08-17 12:20:15 +00:00
|
|
|
}
|
|
|
|
} else {
|
2017-06-05 15:02:21 +00:00
|
|
|
for (int j = 0; j < 32 - s; j++) {
|
2013-08-17 12:20:15 +00:00
|
|
|
priv_key[j] = 0;
|
|
|
|
}
|
2017-06-05 15:02:21 +00:00
|
|
|
for (int j = 0; j < s; j++) {
|
|
|
|
priv_key[j + 32 - s] = buffer[j + 9];
|
2013-08-17 12:20:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// use our ECDSA signer to sign the message with the key
|
2017-12-09 23:22:41 +00:00
|
|
|
if (ecdsa_sign(curve, HASHER_SHA2, priv_key, msg, msg_len, sig, NULL, NULL) != 0) {
|
2013-10-08 12:18:35 +00:00
|
|
|
printf("trezor-crypto signing failed\n");
|
2017-06-05 15:02:21 +00:00
|
|
|
return;
|
2013-09-27 13:42:52 +00:00
|
|
|
}
|
2013-08-17 12:20:15 +00:00
|
|
|
|
2013-09-09 15:52:25 +00:00
|
|
|
// generate public key from private key
|
2017-06-05 15:02:21 +00:00
|
|
|
ecdsa_get_public_key33(curve, priv_key, pub_key33);
|
|
|
|
ecdsa_get_public_key65(curve, priv_key, pub_key65);
|
2013-09-09 15:52:25 +00:00
|
|
|
|
|
|
|
// use our ECDSA verifier to verify the message signature
|
2017-12-09 23:22:41 +00:00
|
|
|
if (ecdsa_verify(curve, HASHER_SHA2, pub_key65, sig, msg, msg_len) != 0) {
|
2013-10-08 12:18:35 +00:00
|
|
|
printf("trezor-crypto verification failed (pub_key_len = 65)\n");
|
2017-06-05 15:02:21 +00:00
|
|
|
return;
|
2013-09-24 13:54:36 +00:00
|
|
|
}
|
2017-12-09 23:22:41 +00:00
|
|
|
if (ecdsa_verify(curve, HASHER_SHA2, pub_key33, sig, msg, msg_len) != 0) {
|
2013-10-08 12:18:35 +00:00
|
|
|
printf("trezor-crypto verification failed (pub_key_len = 33)\n");
|
2017-06-05 15:02:21 +00:00
|
|
|
return;
|
2013-09-09 15:52:25 +00:00
|
|
|
}
|
|
|
|
|
2013-08-17 12:20:15 +00:00
|
|
|
// copy signature to the OpenSSL struct
|
2013-09-23 19:09:42 +00:00
|
|
|
ECDSA_SIG *signature = ECDSA_SIG_new();
|
|
|
|
BN_bin2bn(sig, 32, signature->r);
|
|
|
|
BN_bin2bn(sig + 32, 32, signature->s);
|
2013-08-17 12:20:15 +00:00
|
|
|
|
|
|
|
// compute the digest of the message
|
|
|
|
SHA256_Init(&sha256);
|
|
|
|
SHA256_Update(&sha256, msg, msg_len);
|
|
|
|
SHA256_Final(hash, &sha256);
|
|
|
|
|
|
|
|
// verify all went well, i.e. we can decrypt our signature with OpenSSL
|
|
|
|
if (ECDSA_do_verify(hash, 32, signature, eckey) != 1) {
|
2013-09-09 15:52:25 +00:00
|
|
|
printf("OpenSSL verification failed\n");
|
2017-06-05 15:02:21 +00:00
|
|
|
return;
|
2013-08-17 12:20:15 +00:00
|
|
|
}
|
2017-06-05 15:02:21 +00:00
|
|
|
|
2013-08-17 12:20:15 +00:00
|
|
|
ECDSA_SIG_free(signature);
|
|
|
|
EC_KEY_free(eckey);
|
2017-06-05 15:02:21 +00:00
|
|
|
if (((iter + 1) % 100) == 0) printf("Passed ... %d\n", iter + 1);
|
2013-08-17 12:20:15 +00:00
|
|
|
}
|
|
|
|
EC_GROUP_free(ecgroup);
|
2017-06-05 15:02:21 +00:00
|
|
|
printf("All OK\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
if (argc != 2) {
|
|
|
|
printf("Usage: test_openssl iterations\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
unsigned int iterations;
|
|
|
|
sscanf(argv[1], "%u", &iterations);
|
|
|
|
|
|
|
|
printf("Testing secp256k1:\n");
|
|
|
|
openssl_check(iterations, NID_secp256k1, &secp256k1);
|
|
|
|
|
|
|
|
printf("Testing nist256p1:\n");
|
|
|
|
openssl_check(iterations, NID_X9_62_prime256v1, &nist256p1);
|
|
|
|
|
2013-08-17 12:20:15 +00:00
|
|
|
return 0;
|
|
|
|
}
|