mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 12:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add unit tests for mbedtls_ecp_gen_privkey_mx

Browse Source 
Test the exact output from known RNG input. This is overly
constraining, but ensures that the code has good properties.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-03-24 12:01:02 +01:00
parent ecacc3c9d2
commit 6ff8a01a57
2 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tests/suites/test_suite_ecp.data
View File

@ -276,6 +276,48 @@ ECP gen keypair wrapper
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
ECP generate Montgomery key: Curve25519, random in range
genkey_mx_known_answer:254:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
ECP generate Montgomery key: Curve25519, set high bit
genkey_mx_known_answer:254:"0f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
ECP generate Montgomery key: Curve25519, clear higher bit
## If the bit 255 is set, the library shifts the random number right.
genkey_mx_known_answer:254:"ff0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8":"7f808101820283038404850586068707880889098a0a8b0b8c0c8d0d8e0e8f78"
ECP generate Montgomery key: Curve25519, clear low bits
genkey_mx_known_answer:254:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1eff":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
# ECP generate Montgomery key: Curve25519, random = all-bits-zero
## Currently explicitly rejected in the library, but the specification
## says it shouldn't be.
# genkey_mx_known_answer:254:"0000000000000000000000000000000000000000000000000000000000000000":"4000000000000000000000000000000000000000000000000000000000000000"
ECP generate Montgomery key: Curve25519, random = all-bits-one
genkey_mx_known_answer:254:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8"
ECP generate Montgomery key: Curve25519, not enough entropy
genkey_mx_known_answer:254:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
ECP generate Montgomery key: Curve448, random in range
genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
ECP generate Montgomery key: Curve448, set high bit
genkey_mx_known_answer:447:"0f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"8f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
ECP generate Montgomery key: Curve448, clear low bits
genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536ff":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
# ECP generate Montgomery key: Curve448, random = all-bits-zero
# genkey_mx_known_answer:447:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ECP generate Montgomery key: Curve448, random = all-bits-one
genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"
ECP generate Montgomery key: Curve448, not enough entropy
genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":""
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0

49
tests/suites/test_suite_ecp.function
View File

@ -1237,6 +1237,55 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
void genkey_mx_known_answer( int bits, data_t *seed, data_t *expected )
{
mbedtls_test_rnd_buf_info rnd_info;
mbedtls_mpi d;
int ret;
uint8_t *actual = NULL;
mbedtls_mpi_init( &d );
rnd_info.buf = seed->x;
rnd_info.length = seed->len;
rnd_info.fallback_f_rng = NULL;
rnd_info.fallback_p_rng = NULL;
ASSERT_ALLOC( actual, expected->len );
ret = mbedtls_ecp_gen_privkey_mx( bits, &d,
mbedtls_test_rnd_buffer_rand, &rnd_info );
if( expected->len == 0 )
{
/* Expecting an error (happens if there isn't enough randomness) */
TEST_ASSERT( ret != 0 );
}
else
{
TEST_EQUAL( ret, 0 );
TEST_EQUAL( (size_t) bits + 1, mbedtls_mpi_bitlen( &d ) );
TEST_EQUAL( 0, mbedtls_mpi_write_binary( &d, actual, expected->len ) );
/* Test the exact result. This assumes that the output of the
* RNG is used in a specific way, which is overly constraining.
* The advantage is that it's easier to test the expected properties
* of the generated key:
* - The most significant bit must be at a specific positions
* (can be enforced by checking the bit-length).
* - The least significant bits must have specific values
* (can be enforced by checking these bits).
* - Other bits must be random (by testing with different RNG outputs,
* we validate that those bits are indeed influenced by the RNG). */
ASSERT_COMPARE( expected->x, expected->len,
actual, expected->len );
}
exit:
mbedtls_free( actual );
mbedtls_mpi_free( &d );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ecp_selftest( )
{