diff options
author | Simo Sorce <simo@redhat.com> | 2019-05-17 14:05:37 -0400 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-05-23 11:35:12 +0200 |
commit | 12d98928e776ddc09f78d3e2c5b615872576c720 (patch) | |
tree | 880b4f021b23ef555ac20110c4d6483c7aedf3bc /tests | |
parent | d0f8c4421a400feea96ba18f564b34ee594a7b85 (diff) | |
download | gnutls-12d98928e776ddc09f78d3e2c5b615872576c720.tar.gz |
Add plumbing to handle Q parameter in DH exchanges
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/dh-compute.c | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/tests/dh-compute.c b/tests/dh-compute.c index 173729312e..217b23b762 100644 --- a/tests/dh-compute.c +++ b/tests/dh-compute.c @@ -41,8 +41,8 @@ int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, const gnutls_datum_t *pub_key, const gnutls_datum_t *peer_key, gnutls_datum_t *Z); -static void params(gnutls_dh_params_t *dh_params, unsigned int key_bits, - const gnutls_datum_t *p, const gnutls_datum_t *g) +static void params(gnutls_dh_params_t *dh_params, const gnutls_datum_t *p, + const gnutls_datum_t *q, const gnutls_datum_t *g) { int ret; @@ -50,7 +50,7 @@ static void params(gnutls_dh_params_t *dh_params, unsigned int key_bits, if (ret != 0) fail("error\n"); - ret = gnutls_dh_params_import_raw2(*dh_params, p, g, key_bits); + ret = gnutls_dh_params_import_raw3(*dh_params, p, q, g); if (ret != 0) fail("error\n"); } @@ -65,32 +65,33 @@ static void genkey(gnutls_dh_params_t *dh_params, fail("error\n"); } -static void compute_key(gnutls_dh_params_t *dh_params, +static void compute_key(const char *name, gnutls_dh_params_t *dh_params, gnutls_datum_t *priv_key, gnutls_datum_t *pub_key, const gnutls_datum_t *peer_key, int expect_error, gnutls_datum_t *result, bool expect_success) { - gnutls_datum_t Z; + gnutls_datum_t Z = { 0 }; bool success; int ret; ret = _gnutls_dh_compute_key(*dh_params, priv_key, pub_key, peer_key, &Z); if (expect_error != ret) - fail("error (%d)\n", ret); + fail("%s: error %d (expected %d)\n", name, ret, expect_error); if (result) { success = (Z.size != result->size && memcmp(Z.data, result->data, Z.size)); if (success != expect_success) - fail("error\n"); + fail("%s: failed to match result\n", name); } gnutls_free(Z.data); } struct dh_test_data { - const unsigned int key_size; + const char *name; const gnutls_datum_t prime; + const gnutls_datum_t q; const gnutls_datum_t generator; const gnutls_datum_t peer_key; int expected_error; @@ -100,45 +101,60 @@ void doit(void) { struct dh_test_data test_data[] = { { - /* y == 0 */ - gnutls_ffdhe_2048_key_bits, + "[y == 0]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, { (void *)"\x00", 1 }, GNUTLS_E_MPI_SCAN_FAILED }, { - /* y < 2 */ - gnutls_ffdhe_2048_key_bits, + "[y < 2]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, { (void *)"\x01", 1 }, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER }, { - /* y > p - 2 */ - gnutls_ffdhe_2048_key_bits, + "[y > p - 2]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, gnutls_ffdhe_2048_group_prime, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER }, - { 0 } + { + "[y ^ q mod p == 1]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + gnutls_ffdhe_2048_group_q, + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER + }, + { + "Legal Input", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + { (void *)"\x02", 1 }, + 0 + }, + { NULL } }; - for (int i = 0; test_data[i].key_size != 0; i++) { + for (int i = 0; test_data[i].name != NULL; i++) { gnutls_datum_t priv_key, pub_key; gnutls_dh_params_t dh_params; - params(&dh_params, test_data[i].key_size, - &test_data[i].prime, &test_data[i].generator); + params(&dh_params, &test_data[i].prime, &test_data[i].q, + &test_data[i].generator); genkey(&dh_params, &priv_key, &pub_key); - compute_key(&dh_params, &priv_key, &pub_key, - &test_data[i].peer_key, - test_data[i].expected_error, - NULL, 0); + compute_key(test_data[i].name, &dh_params, &priv_key, + &pub_key, &test_data[i].peer_key, + test_data[i].expected_error, NULL, 0); gnutls_dh_params_deinit(dh_params); gnutls_free(priv_key.data); |