AuroraMiddleware/libtomcrypt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add Curve25519 API

Browse Source
This commit is contained in:
Steffen Jaeckel 2018-02-20 16:50:55 +01:00
parent 59190c4f3c
commit 52a24ca3a3
20 changed files with 1335 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/headers/tomcrypt_custom.h
View File

@ -431,6 +431,12 @@
/* Digital Signature Algorithm */
#define LTC_MDSA
/* Ed25519 */
#define LTC_ED25519
/* X25519 */
#define LTC_X25519
/* ECC */
#define LTC_MECC
@ -461,6 +467,11 @@
#define LTC_ECC_TIMING_RESISTANT
#endif
#if defined(LTC_X25519) || defined(LTC_ED25519)
/* Enable curve25519 shared functionality */
#define LTC_CURVE25519
#endif
/* PKCS #1 (RSA) and #5 (Password Handling) stuff */
#ifndef LTC_NO_PKCS

66
src/headers/tomcrypt_pk.h
View File

@ -325,6 +325,72 @@ int ecc_recover_key(const unsigned char *sig, unsigned long siglen,
#endif
#ifdef LTC_CURVE25519
typedef struct {
/** The key type, PK_PRIVATE or PK_PUBLIC */
enum public_key_type type;
/** The PK-algorithm, PKA_ED25519 or PKA_X25519 */
/** This was supposed to be:
* enum public_key_algorithms algo;
* but that enum is now in tomcrypt_private.h
*/
int algo;
/** The private key */
unsigned char priv[32];
/** The public key */
unsigned char pub[32];
} curve25519_key;
#endif /* LTC_CURVE25519 */
#ifdef LTC_ED25519
int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key);
int ed25519_export( unsigned char *out, unsigned long *outlen,
int which,
const curve25519_key *key);
int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key);
int ed25519_set_key(const unsigned char *sk, unsigned long sklen,
const unsigned char *pk, unsigned long pklen,
curve25519_key *key);
int ed25519_sign(const unsigned char *msg, unsigned long msglen,
unsigned char *sig, unsigned long *siglen,
const curve25519_key *private_key);
int ed25519_verify(const unsigned char *msg, unsigned long msglen,
const unsigned char *sig, unsigned long siglen,
int *stat, const curve25519_key *public_key);
#endif /* LTC_ED25519 */
#ifdef LTC_X25519
int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key);
int x25519_export( unsigned char *out, unsigned long *outlen,
int which,
const curve25519_key *key);
int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key);
int x25519_set_ku(const unsigned char *k, unsigned long klen,
const unsigned char *u, unsigned long ulen,
curve25519_key *key);
int x25519_shared_secret(const curve25519_key *private_key,
const curve25519_key *public_key,
unsigned char *out, unsigned long *outlen);
#endif /* LTC_X25519 */
#ifdef LTC_MDSA
/* Max diff between group and modulus size in bytes */

27
src/headers/tomcrypt_private.h
View File

@ -23,7 +23,9 @@ enum ltc_oid_id {
PKA_RSA,
PKA_DSA,
PKA_EC,
PKA_EC_PRIMEF
PKA_EC_PRIMEF,
PKA_X25519,
PKA_ED25519,
};
/*
@ -297,6 +299,29 @@ int dsa_int_validate_pqg(const dsa_key *key, int *stat);
int dsa_int_validate_primes(const dsa_key *key, int *stat);
#endif /* LTC_MDSA */
#ifdef LTC_ED25519
int crypto_sign(
unsigned char *sm,unsigned long long *smlen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *sk, const unsigned char *pk);
int crypto_sign_open(
unsigned char *m,unsigned long long *mlen,
const unsigned char *sm,unsigned long long smlen,
const unsigned char *pk);
int crypto_sign_keypair(prng_state *prng, int wprng, unsigned char *pk,unsigned char *sk);
int crypto_sk_to_pk(unsigned char *pk, const unsigned char *sk);
#endif /* LTC_ED25519 */
#ifdef LTC_X25519
int crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p);
int crypto_scalarmult_base(unsigned char *q,const unsigned char *n);
#endif /* LTC_X25519 */
#ifdef LTC_DER
#define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))

8
src/misc/crypt/crypt.c
View File

@ -353,6 +353,14 @@ const char *crypt_build_settings =
#if defined(LTC_MDSA)
" DSA\n"
#endif
#if defined(LTC_CURVE25519)
#if defined(LTC_ED25519)
" Ed25519\n"
#endif
#if defined(LTC_X25519)
" X25519\n"
#endif
#endif
#if defined(LTC_PK_MAX_RETRIES)
" "NAME_VALUE(LTC_PK_MAX_RETRIES)"\n"
#endif

2
src/pk/asn1/oid/pk_get_oid.c
View File

@ -20,6 +20,8 @@ static const oid_table_entry pka_oids[] = {
{ PKA_DSA, "1.2.840.10040.4.1" },
{ PKA_EC, "1.2.840.10045.2.1" },
{ PKA_EC_PRIMEF, "1.2.840.10045.1.1" },
{ PKA_X25519, "1.3.101.110" },
{ PKA_ED25519, "1.3.101.112" },
};
/*

87
src/pk/ed25519/ed25519_export.c Normal file
View File

@ -0,0 +1,87 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_export.c
Export a Ed25519 key to a binary packet, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Export a Ed25519 key to a binary packet
@param out [out] The destination for the key
@param outlen [in/out] The max size and resulting size of the Ed25519 key
@param type Which type of key (PK_PRIVATE, PK_PUBLIC|PK_STD or PK_PUBLIC)
@param key The key you wish to export
@return CRYPT_OK if successful
*/
int ed25519_export( unsigned char *out, unsigned long *outlen,
int which,
const curve25519_key *key)
{
int err, std;
oid_st oid;
ltc_asn1_list alg_id[1];
unsigned char private_key[34];
unsigned long version, private_key_len = sizeof(private_key);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
if (key->algo != PKA_ED25519) return CRYPT_PK_INVALID_TYPE;
std = which & PK_STD;
which &= ~PK_STD;
if (which == PK_PRIVATE) {
if(key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;
if ((err = pk_get_oid(PKA_ED25519, &oid)) != CRYPT_OK) {
return err;
}
LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen);
/* encode private key as PKCS#8 */
if ((err = der_encode_octet_string(key->priv, 32uL, private_key, &private_key_len)) != CRYPT_OK) {
return err;
}
version = 0;
err = der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1uL, &version,
LTC_ASN1_SEQUENCE, 1uL, alg_id,
LTC_ASN1_OCTET_STRING, private_key_len, private_key,
LTC_ASN1_EOL, 0uL, NULL);
} else {
if (std == PK_STD) {
/* encode public key as SubjectPublicKeyInfo */
err = x509_encode_subject_public_key_info(out, outlen, PKA_ED25519, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0);
} else {
if (*outlen < sizeof(key->pub)) {
err = CRYPT_BUFFER_OVERFLOW;
} else {
XMEMCPY(out, key->pub, sizeof(key->pub));
err = CRYPT_OK;
}
*outlen = sizeof(key->pub);
}
}
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

103
src/pk/ed25519/ed25519_import.c Normal file
View File

@ -0,0 +1,103 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_import.c
Import a Ed25519 key from a binary packet, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Import a Ed25519 key from a binary packet
@param in The packet to read
@param inlen The length of the input packet
@param key [out] Where to import the key to
@return CRYPT_OK if successful, on error all allocated memory is freed automatically
*/
int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key)
{
int err;
oid_st oid;
ltc_asn1_list alg_id[1];
unsigned char private_key[34];
unsigned long version, key_len;
unsigned long tmpoid[16];
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
/* There's only one case where the inlen is equal to the pubkey-size
* and that's a raw pubkey, so let's just do a raw import.
*/
if (inlen == sizeof(key->pub)) {
XMEMCPY(key->pub, in, sizeof(key->pub));
key->type = PK_PUBLIC;
key->algo = PKA_ED25519;
return CRYPT_OK;
}
key_len = sizeof(key->pub);
if ((err = x509_decode_subject_public_key_info(in, inlen, PKA_ED25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) {
key->type = PK_PUBLIC;
key->algo = PKA_ED25519;
return CRYPT_OK;
}
LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
key_len = sizeof(private_key);
err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_SHORT_INTEGER, 1uL, &version,
LTC_ASN1_SEQUENCE, 1uL, alg_id,
LTC_ASN1_OCTET_STRING, key_len, private_key,
LTC_ASN1_EOL, 0uL, NULL);
if (err != CRYPT_OK) {
if ((err == CRYPT_INPUT_TOO_LONG) && (version == 1)) {
version = 0;
} else {
goto out;
}
}
if ((err = pk_get_oid(PKA_ED25519, &oid)) != CRYPT_OK) {
goto out;
}
if ((alg_id[0].size != oid.OIDlen) ||
XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) {
/* OID mismatch */
err = CRYPT_PK_INVALID_TYPE;
goto out;
}
if (version == 0) {
key_len = sizeof(key->priv);
if ((err = der_decode_octet_string(private_key, sizeof(private_key), key->priv, &key_len)) == CRYPT_OK) {
crypto_sk_to_pk(key->pub, key->priv);
key->type = PK_PRIVATE;
key->algo = PKA_ED25519;
}
} else {
err = CRYPT_PK_INVALID_TYPE;
}
out:
#ifdef LTC_CLEAN_STACK
zeromem(private_key, sizeof(private_key));
#endif
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

46
src/pk/ed25519/ed25519_make_key.c Normal file
View File

@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_make_key.c
Create a Ed25519 key, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Create a Ed25519 key
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful
*/
int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key)
{
int err;
LTC_ARGCHK(prng != NULL);
LTC_ARGCHK(key != NULL);
if ((err = crypto_sign_keypair(prng, wprng, key->pub, key->priv)) != CRYPT_OK) {
return err;
}
key->type = PK_PRIVATE;
key->algo = PKA_ED25519;
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

65
src/pk/ed25519/ed25519_set_key.c Normal file
View File

@ -0,0 +1,65 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_set_ku.c
Set the parameters of a Ed25519 key, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Set the parameters of a Ed25519 key
In case sk and pk are given it is validated that pk is really the
corresponding public part of the key pair.
@param sk The secret key
@param sklen The length of sk
@param pk The public key
@param pklen The length of pk
@param key [out] Destination of the key
@return CRYPT_OK if successful
*/
int ed25519_set_key(const unsigned char *sk, unsigned long sklen,
const unsigned char *pk, unsigned long pklen,
curve25519_key *key)
{
LTC_ARGCHK(key != NULL);
if (sk != NULL) {
LTC_ARGCHK(sklen == 32uL);
XMEMCPY(key->priv, sk, sizeof(key->priv));
crypto_sk_to_pk(key->pub, key->priv);
if (pk != NULL) {
LTC_ARGCHK(pklen == 32uL);
if (XMEM_NEQ(pk, key->pub, sizeof(key->pub)) != 0) {
zeromem(key, sizeof(*key));
return CRYPT_INVALID_ARG;
}
}
key->type = PK_PRIVATE;
} else if (pk != NULL) {
LTC_ARGCHK(pklen == 32uL);
XMEMCPY(key->pub, pk, sizeof(key->pub));
key->type = PK_PUBLIC;
} else {
return CRYPT_INVALID_ARG;
}
key->algo = PKA_ED25519;
return CRYPT_OK;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

70
src/pk/ed25519/ed25519_sign.c Normal file
View File

@ -0,0 +1,70 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_shared_secret.c
Create a Ed25519 signature, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Create a Ed25519 signature.
@param private_key The private ed25519 key in the pair
@param public_key The public ed25519 key in the pair
@param out [out] The destination of the shared data
@param outlen [in/out] The max size and resulting size of the shared data.
@return CRYPT_OK if successful
*/
int ed25519_sign(const unsigned char *msg, unsigned long msglen,
unsigned char *sig, unsigned long *siglen,
const curve25519_key *private_key)
{
unsigned char *s;
unsigned long long smlen;
int err;
LTC_ARGCHK(msg != NULL);
LTC_ARGCHK(sig != NULL);
LTC_ARGCHK(siglen != NULL);
LTC_ARGCHK(private_key != NULL);
if (private_key->algo != PKA_ED25519) return CRYPT_PK_INVALID_TYPE;
if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;
if (*siglen < 64uL) {
*siglen = 64uL;
return CRYPT_BUFFER_OVERFLOW;
}
smlen = msglen + 64;
s = XMALLOC(smlen);
if (s == NULL) return CRYPT_MEM;
err = crypto_sign(s, &smlen,
msg, msglen,
private_key->priv, private_key->pub);
XMEMCPY(sig, s, 64uL);
*siglen = 64uL;
#ifdef LTC_CLEAN_STACK
zeromem(s, smlen);
#endif
XFREE(s);
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

74
src/pk/ed25519/ed25519_verify.c Normal file
View File

@ -0,0 +1,74 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file ed25519_verify.c
Verify a Ed25519 signature, Steffen Jaeckel
*/
#ifdef LTC_ED25519
/**
Verify a Ed25519 signature.
@param private_key The private curve25519 key in the pair
@param public_key The public curve25519 key in the pair
@param out [out] The destination of the shared data
@param outlen [in/out] The max size and resulting size of the shared data.
@param stat [out] The result of the signature verification, 1==valid, 0==invalid
@return CRYPT_OK if successful
*/
int ed25519_verify(const unsigned char *msg, unsigned long msglen,
const unsigned char *sig, unsigned long siglen,
int *stat, const curve25519_key *public_key)
{
unsigned char* m;
unsigned long long mlen;
int err;
LTC_ARGCHK(msg != NULL);
LTC_ARGCHK(sig != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(public_key != NULL);
*stat = 0;
if (siglen != 64uL) return CRYPT_INVALID_ARG;
if (public_key->algo != PKA_ED25519) return CRYPT_PK_INVALID_TYPE;
mlen = msglen + siglen;
if ((mlen < msglen) || (mlen < siglen)) return CRYPT_OVERFLOW;
m = XMALLOC(mlen);
if (m == NULL) return CRYPT_MEM;
XMEMCPY(m, sig, siglen);
XMEMCPY(m + siglen, msg, msglen);
err = crypto_sign_open(m, &mlen,
m, mlen,
public_key->pub);
#ifdef LTC_CLEAN_STACK
zeromem(m, mlen);
#endif
XFREE(m);
if (err == CRYPT_OK) {
*stat = 1;
}
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

87
src/pk/x25519/x25519_export.c Normal file
View File

@ -0,0 +1,87 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file x25519_export.c
Export a X25519 key to a binary packet, Steffen Jaeckel
*/
#ifdef LTC_X25519
/**
Export a X25519 key to a binary packet
@param out [out] The destination for the key
@param outlen [in/out] The max size and resulting size of the X25519 key
@param type Which type of key (PK_PRIVATE, PK_PUBLIC|PK_STD or PK_PUBLIC)
@param key The key you wish to export
@return CRYPT_OK if successful
*/
int x25519_export( unsigned char *out, unsigned long *outlen,
int which,
const curve25519_key *key)
{
int err, std;
oid_st oid;
ltc_asn1_list alg_id[1];
unsigned char private_key[34];
unsigned long version, private_key_len = sizeof(private_key);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
if (key->algo != PKA_X25519) return CRYPT_PK_INVALID_TYPE;
std = which & PK_STD;
which &= ~PK_STD;
if (which == PK_PRIVATE) {
if(key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;
if ((err = pk_get_oid(PKA_X25519, &oid)) != CRYPT_OK) {
return err;
}
LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen);
/* encode private key as PKCS#8 */
if ((err = der_encode_octet_string(key->priv, 32uL, private_key, &private_key_len)) != CRYPT_OK) {
return err;
}
version = 0;
err = der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1uL, &version,
LTC_ASN1_SEQUENCE, 1uL, alg_id,
LTC_ASN1_OCTET_STRING, private_key_len, private_key,
LTC_ASN1_EOL, 0uL, NULL);
} else {
if (std == PK_STD) {
/* encode public key as SubjectPublicKeyInfo */
err = x509_encode_subject_public_key_info(out, outlen, PKA_X25519, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0uL);
} else {
if (*outlen < sizeof(key->pub)) {
err = CRYPT_BUFFER_OVERFLOW;
} else {
XMEMCPY(out, key->pub, sizeof(key->pub));
err = CRYPT_OK;
}
*outlen = sizeof(key->pub);
}
}
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

98
src/pk/x25519/x25519_import.c Normal file
View File

@ -0,0 +1,98 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file x25519_import.c
Import a X25519 key from a binary packet, Steffen Jaeckel
*/
#ifdef LTC_X25519
/**
Import a X25519 key from a binary packet
@param in The packet to read
@param inlen The length of the input packet
@param key [out] Where to import the key to
@return CRYPT_OK if successful, on error all allocated memory is freed automatically
*/
int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key)
{
int err;
oid_st oid;
ltc_asn1_list alg_id[1];
unsigned char private_key[34];
unsigned long version, key_len;
unsigned long tmpoid[16];
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
/* There's only one case where the inlen is equal to the pubkey-size
* and that's a raw pubkey, so let's just do a raw import.
*/
if (inlen == sizeof(key->pub)) {
XMEMCPY(key->pub, in, sizeof(key->pub));
key->type = PK_PUBLIC;
key->algo = PKA_X25519;
return CRYPT_OK;
}
key_len = sizeof(key->pub);
if ((err = x509_decode_subject_public_key_info(in, inlen, PKA_X25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) {
key->type = PK_PUBLIC;
key->algo = PKA_X25519;
return CRYPT_OK;
}
LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
key_len = sizeof(private_key);
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_SHORT_INTEGER, 1uL, &version,
LTC_ASN1_SEQUENCE, 1uL, alg_id,
LTC_ASN1_OCTET_STRING, key_len, private_key,
LTC_ASN1_EOL, 0uL, NULL)) != CRYPT_OK) {
goto out;
}
if ((err = pk_get_oid(PKA_X25519, &oid)) != CRYPT_OK) {
goto out;
}
if ((alg_id[0].size != oid.OIDlen) ||
XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) {
/* OID mismatch */
err = CRYPT_PK_INVALID_TYPE;
goto out;
}
if (version == 0) {
key_len = sizeof(key->priv);
if ((err = der_decode_octet_string(private_key, sizeof(private_key), key->priv, &key_len)) == CRYPT_OK) {
crypto_scalarmult_base(key->pub, key->priv);
key->type = PK_PRIVATE;
key->algo = PKA_X25519;
}
} else {
err = CRYPT_PK_INVALID_TYPE;
}
out:
#ifdef LTC_CLEAN_STACK
zeromem(private_key, sizeof(private_key));
#endif
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

52
src/pk/x25519/x25519_make_key.c Normal file
View File

@ -0,0 +1,52 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file x25519_make_key.c
Create a X25519 key, Steffen Jaeckel
*/
#ifdef LTC_X25519
/**
Create a X25519 key
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful
*/
int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key)
{
int err;
LTC_ARGCHK(prng != NULL);
LTC_ARGCHK(key != NULL);
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if (prng_descriptor[wprng].read(key->priv, sizeof(key->priv), prng) != sizeof(key->priv)) {
return CRYPT_ERROR_READPRNG;
}
crypto_scalarmult_base(key->pub, key->priv);
key->type = PK_PRIVATE;
key->algo = PKA_X25519;
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

65
src/pk/x25519/x25519_set_ku.c Normal file
View File

@ -0,0 +1,65 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file x25519_set_ku.c
Set the parameters of a X25519 key, Steffen Jaeckel
*/
#ifdef LTC_X25519
/**
Set the parameters of a X25519 key
In case k and u are given it is validated that u is really the
corresponding public part of the key pair
@param k The k value (a.k.a scalar or private part)
@param klen The length of k
@param u The u-coordinate (a.k.a public part)
@param ulen The length of u
@param key [out] Destination of the key
@return CRYPT_OK if successful
*/
int x25519_set_ku(const unsigned char *k, unsigned long klen,
const unsigned char *u, unsigned long ulen,
curve25519_key *key)
{
LTC_ARGCHK(key != NULL);
if (k != NULL) {
LTC_ARGCHK(klen == 32uL);
XMEMCPY(key->priv, k, sizeof(key->priv));
crypto_scalarmult_base(key->pub, key->priv);
if (u != NULL) {
LTC_ARGCHK(ulen == 32uL);
if (XMEM_NEQ(u, key->pub, sizeof(key->pub)) != 0) {
zeromem(key, sizeof(*key));
return CRYPT_INVALID_ARG;
}
}
key->type = PK_PRIVATE;
} else if (u != NULL) {
LTC_ARGCHK(ulen == 32uL);
XMEMCPY(key->pub, u, sizeof(key->pub));
key->type = PK_PUBLIC;
} else {
return CRYPT_INVALID_ARG;
}
key->algo = PKA_X25519;
return CRYPT_OK;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

52
src/pk/x25519/x25519_shared_secret.c Normal file
View File

@ -0,0 +1,52 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file x25519_shared_secret.c
Create a X25519 shared secret, Steffen Jaeckel
*/
#ifdef LTC_X25519
/**
Create a X25519 shared secret.
@param private_key The private Curve25519 key in the pair
@param public_key The public Curve25519 key in the pair
@param out [out] The destination of the shared data
@param outlen [in/out] The max size and resulting size of the shared data.
@return CRYPT_OK if successful
*/
int x25519_shared_secret(const curve25519_key *private_key,
const curve25519_key *public_key,
unsigned char *out, unsigned long *outlen)
{
LTC_ARGCHK(private_key != NULL);
LTC_ARGCHK(public_key != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
if(private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;
if(*outlen < 32uL) {
*outlen = 32uL;
return CRYPT_BUFFER_OVERFLOW;
}
crypto_scalarmult(out, private_key->priv, public_key->pub);
*outlen = 32uL;
return CRYPT_OK;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

227
tests/ed25519_test.c Normal file
View File

@ -0,0 +1,227 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_test.h"
/**
@file ed25519_test.c
Ed25519 tests, Steffen Jaeckel
*/
#ifdef LTC_ED25519
static int _draft_ietf_curdle_pkix_07_10_test(void)
{
const struct {
const char* b64;
int type;
} draft_ietf_curdle_pkix_07_10[] = {
{ "MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=", PK_PUBLIC | PK_STD },
#if 0
{ "MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX"
"N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD"
"DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj"
"ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg"
"BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v"
"/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg"
"w1AH9efZBw==", -1 },
#endif
{ "MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC", PK_PRIVATE | PK_STD },
{ "MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC"
"oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB"
"Z9w7lshQhqowtrbLDFw4rXAxZuE=", -1 },
};
unsigned n;
curve25519_key key;
unsigned char buf[512];
char tmp[512];
unsigned long buflen, tmplen;
for (n = 0; n < sizeof(draft_ietf_curdle_pkix_07_10)/sizeof(draft_ietf_curdle_pkix_07_10[0]); ++n) {
buflen = sizeof(buf);
DO(base64_decode(draft_ietf_curdle_pkix_07_10[n].b64, strlen(draft_ietf_curdle_pkix_07_10[n].b64), buf, &buflen));
DO(ed25519_import(buf, buflen, &key));
zeromem(buf, sizeof(buf));
if (draft_ietf_curdle_pkix_07_10[n].type != -1) {
buflen = sizeof(buf);
DO(ed25519_export(buf, &buflen, draft_ietf_curdle_pkix_07_10[n].type, &key));
tmplen = sizeof(tmp);
DO(base64_encode(buf, buflen, tmp, &tmplen));
DO(do_compare_testvector(tmp, tmplen, draft_ietf_curdle_pkix_07_10[n].b64, strlen(draft_ietf_curdle_pkix_07_10[n].b64), "Ed25519 export-import", n));
}
}
return CRYPT_OK;
}
typedef struct {
const char* secret_key;
const char* public_key;
const char* message;
const char* signature;
} rfc_8032_7_1_t;
static int _rfc_8032_7_1_test(void)
{
const rfc_8032_7_1_t rfc_8032_7_1[] = {
{
/* SECRET KEY */
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
/* PUBLIC KEY */
"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a",
/* MESSAGE (length 0 bytes) */
"",
/* SIGNATURE */
"e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e06522490155"
"5fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"
},
{
/* SECRET KEY */
"4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb",
/* PUBLIC KEY */
"3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c",
/* MESSAGE (length 1 byte) */
"72",
/* SIGNATURE */
"92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da"
"085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00"
},
{
/* SECRET KEY */
"c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7",
/* PUBLIC KEY */
"fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025",
/* MESSAGE (length 2 bytes) */
"af82",
/* SIGNATURE */
"6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac"
"18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a"
},
{
/* SECRET KEY */
"f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5",
/* PUBLIC KEY */
"278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e",
/* MESSAGE (length 1023 bytes) */
"08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98"
"fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d8"
"79de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d"
"658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc"
"1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4fe"
"ba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e"
"06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbef"
"efd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7"
"aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed1"
"85ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2"
"d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24"
"554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f270"
"88d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc"
"2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b07"
"07e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128ba"
"b27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51a"
"ddd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429e"
"c96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb7"
"51fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c"
"42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8"
"ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34df"
"f7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08"
"d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649"
"de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e4"
"88acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a3"
"2ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e"
"6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5f"
"b93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b5"
"0d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1"
"369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380d"
"b2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c"
"0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0",
/* SIGNATURE */
"0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350"
"aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03"
},
{
/* SECRET KEY */
"833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42",
/* PUBLIC KEY */
"ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf",
/* MESSAGE (length 64 bytes) */
"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
"2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f",
/* SIGNATURE */
"dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b589"
"09351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704"
}
};
unsigned int n;
unsigned long mlen, slen, plen, siglen, buflen;
unsigned char msg[1024], sec[32], pub[32], sig[64], buf[64];
curve25519_key key, key2;
int ret;
const int should = 1;
for (n = 0; n < sizeof(rfc_8032_7_1)/sizeof(rfc_8032_7_1[0]); ++n) {
slen = sizeof(sec);
DO(base16_decode(rfc_8032_7_1[n].secret_key, strlen(rfc_8032_7_1[n].secret_key), sec, &slen));
plen = sizeof(pub);
DO(base16_decode(rfc_8032_7_1[n].public_key, strlen(rfc_8032_7_1[n].public_key), pub, &plen));
mlen = sizeof(msg);
DO(base16_decode(rfc_8032_7_1[n].message, strlen(rfc_8032_7_1[n].message), msg, &mlen));
siglen = sizeof(sig);
DO(base16_decode(rfc_8032_7_1[n].signature, strlen(rfc_8032_7_1[n].signature), sig, &siglen));
DO(ed25519_set_key(sec, slen, pub, plen, &key));
buflen = sizeof(buf);
DO(ed25519_sign(msg, mlen, buf, &buflen, &key));
DO(do_compare_testvector(buf, buflen, sig, siglen, "Ed25519 RFC8032 7.1 - sign", n));
DO(ed25519_verify(msg, mlen, sig, siglen, &ret, &key));
DO(do_compare_testvector(&ret, sizeof(ret), &should, sizeof(should), "Ed25519 RFC8032 7.1 - verify w/ privkey", n));
plen = sizeof(pub);
DO(base16_decode(rfc_8032_7_1[n].public_key, strlen(rfc_8032_7_1[n].public_key), pub, &plen));
mlen = sizeof(msg);
DO(base16_decode(rfc_8032_7_1[n].message, strlen(rfc_8032_7_1[n].message), msg, &mlen));
siglen = sizeof(sig);
DO(base16_decode(rfc_8032_7_1[n].signature, strlen(rfc_8032_7_1[n].signature), sig, &siglen));
DO(ed25519_set_key(NULL, 0, pub, plen, &key2));
DO(ed25519_verify(msg, mlen, sig, siglen, &ret, &key2));
DO(do_compare_testvector(&ret, sizeof(ret), &should, sizeof(should), "Ed25519 RFC8032 7.1 - verify w/ pubkey", n));
zeromem(&key, sizeof(key));
zeromem(&key2, sizeof(key2));
}
return CRYPT_OK;
}
/**
Test the ed25519 system
@return CRYPT_OK if successful
*/
int ed25519_test(void)
{
int ret;
if (ltc_mp.name == NULL) return CRYPT_NOP;
if ((ret = _rfc_8410_10_test()) != CRYPT_OK) {
return ret;
}
if ((ret = _rfc_8032_7_1_test()) != CRYPT_OK) {
return ret;
}
return ret;
}
#else
int ed25519_test(void)
{
return CRYPT_NOP;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

2
tests/test.c
View File

@ -38,6 +38,8 @@ static const test_function test_functions[] =
LTC_TEST_FN(dh_test),
LTC_TEST_FN(ecc_test),
LTC_TEST_FN(dsa_test),
LTC_TEST_FN(ed25519_test),
LTC_TEST_FN(x25519_test),
LTC_TEST_FN(file_test),
LTC_TEST_FN(multi_test),
/* keep the prng_test always at the end as

2
tests/tomcrypt_test.h
View File

@ -44,6 +44,8 @@ int multi_test(void);
int prng_test(void);
int mpi_test(void);
int padding_test(void);
int x25519_test(void);
int ed25519_test(void);
int ssh_test(void);
#ifdef LTC_PKCS_1

192
tests/x25519_test.c Normal file
View File

@ -0,0 +1,192 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_test.h"
/**
@file x25519_test.c
x25519 tests, Steffen Jaeckel
*/
#ifdef LTC_X25519
static int _rfc_7748_5_2_test(void)
{
/* RFC 7748 Ch. 5.2 */
const struct {
unsigned char scalar[32];
unsigned char u_in[32];
unsigned char u_out[32];
} rfc_7748_5_2[] = {
{
{ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 },
{ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c },
{ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 }
},
{
{ 0x4b, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c,
0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5,
0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x0d },
{ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3,
0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c,
0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e,
0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x93 },
{ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d,
0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8,
0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52,
0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 }
}
};
unsigned char out[32];
unsigned long n;
for (n = 0; n < sizeof(rfc_7748_5_2)/sizeof(rfc_7748_5_2[0]); ++n) {
crypto_scalarmult(out, rfc_7748_5_2[n].scalar, rfc_7748_5_2[n].u_in);
if (compare_testvector(out, sizeof(out), rfc_7748_5_2[n].u_out, sizeof(rfc_7748_5_2[n].u_out), "x25519 RFC 7748 Ch. 5.2", n) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
}
static int _rfc_7748_6_test(void)
{
/* RFC 7748 Ch. 6 */
const unsigned char alice_private[] = {
0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d,
0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45,
0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a
};
const unsigned char alice_public[] = {
0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54,
0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a,
0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4,
0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a
};
const unsigned char bob_private[] = {
0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b,
0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6,
0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd,
0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb
};
const unsigned char bob_public[] = {
0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4,
0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37,
0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d,
0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f
};
const unsigned char shared_secret[] = {
0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42
};
curve25519_key alice_priv, alice_pub, bob_priv, bob_pub;
unsigned char buf[32];
unsigned long buflen = sizeof(buf);
DO(x25519_set_ku(alice_private, sizeof(alice_private), alice_public, sizeof(alice_public), &alice_priv));
DO(x25519_set_ku(bob_private, sizeof(bob_private), bob_public, sizeof(bob_public), &bob_priv));
DO(x25519_set_ku(NULL, 0, alice_public, sizeof(alice_public), &alice_pub));
DO(x25519_set_ku(NULL, 0, bob_public, sizeof(bob_public), &bob_pub));
DO(x25519_shared_secret(&alice_priv, &bob_pub, buf, &buflen));
DO(compare_testvector(buf, buflen, shared_secret, sizeof(shared_secret), "x25519 - RFC 7748 Ch. 6", 0));
XMEMSET(buf, 0, sizeof(buf));
DO(x25519_shared_secret(&bob_priv, &alice_pub, buf, &buflen));
DO(compare_testvector(buf, buflen, shared_secret, sizeof(shared_secret), "x25519 - RFC 7748 Ch. 6", 1));
return CRYPT_OK;
}
static int _x25519_compat_test(void)
{
curve25519_key priv, pub, imported;
unsigned char buf[1024];
unsigned long buflen = sizeof(buf);
int prng_idx = find_prng("yarrow");
XMEMSET(&priv, 0, sizeof(priv));
XMEMSET(&pub, 0, sizeof(pub));
XMEMSET(&imported, 0, sizeof(imported));
DO(x25519_make_key(&yarrow_prng, prng_idx, &priv));
DO(x25519_export(buf, &buflen, PK_PRIVATE, &priv));
DO(x25519_import(buf, buflen, &imported));
DO(do_compare_testvector(&priv, sizeof(priv), &imported, sizeof(imported), "priv after ex-&import", __LINE__));
XMEMSET(&imported, 0, sizeof(imported));
buflen = sizeof(buf);
DO(x25519_export(buf, &buflen, PK_PUBLIC, &priv));
DO(x25519_import(buf, buflen, &pub));
buflen = sizeof(buf);
DO(x25519_export(buf, &buflen, PK_PUBLIC | PK_STD, &priv));
DO(x25519_import(buf, buflen, &imported));
DO(do_compare_testvector(&pub, sizeof(pub), &imported, sizeof(imported), "pub after private ex-&import", __LINE__));
XMEMSET(&imported, 0, sizeof(imported));
buflen = sizeof(buf);
DO(x25519_export(buf, &buflen, PK_PUBLIC | PK_STD, &pub));
DO(x25519_import(buf, buflen, &imported));
DO(do_compare_testvector(&pub, sizeof(pub), &imported, sizeof(imported), "pub after public ex-&import", __LINE__));
return CRYPT_OK;
}
/**
Test the x25519 system
@return CRYPT_OK if successful
*/
int x25519_test(void)
{
int ret;
if (ltc_mp.name == NULL) return CRYPT_NOP;
if ((ret = _rfc_7748_5_2_test()) != CRYPT_OK) {
return ret;
}
if ((ret = _rfc_7748_6_test()) != CRYPT_OK) {
return ret;
}
if ((ret = _x25519_compat_test()) != CRYPT_OK) {
return ret;
}
return ret;
}
#else
int x25519_test(void)
{
return CRYPT_NOP;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */