mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-29 09:21:19 +00:00
220 lines
7.0 KiB
Plaintext
220 lines
7.0 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include <polarssl/ecdsa.h>
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:POLARSSL_ECDSA_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_random( int id )
|
|
{
|
|
ecp_group grp;
|
|
ecp_point Q;
|
|
mpi d, r, s;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char buf[66];
|
|
|
|
ecp_group_init( &grp );
|
|
ecp_point_init( &Q );
|
|
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( buf, 0, sizeof( buf ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
|
|
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
|
|
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
|
|
== 0 );
|
|
|
|
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
|
|
&rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
|
|
|
|
ecp_group_free( &grp );
|
|
ecp_point_free( &Q );
|
|
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
|
|
char *k_str, char *hash_str, char *r_str,
|
|
char *s_str )
|
|
{
|
|
ecp_group grp;
|
|
ecp_point Q;
|
|
mpi d, r, s, r_check, s_check;
|
|
unsigned char hash[66], rnd_buf[66];
|
|
size_t hlen;
|
|
rnd_buf_info rnd_info;
|
|
|
|
ecp_group_init( &grp );
|
|
ecp_point_init( &Q );
|
|
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
|
|
mpi_init( &r_check ); mpi_init( &s_check );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( rnd_buf, 0, sizeof( rnd_buf ) );
|
|
|
|
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
|
|
TEST_ASSERT( ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
hlen = unhexify(hash, hash_str);
|
|
rnd_info.buf = rnd_buf;
|
|
rnd_info.length = unhexify( rnd_buf, k_str );
|
|
|
|
/* Fix rnd_buf by shifting it left if necessary */
|
|
if( grp.nbits % 8 != 0 )
|
|
{
|
|
unsigned char shift = 8 - ( grp.nbits % 8 );
|
|
size_t i;
|
|
|
|
for( i = 0; i < rnd_info.length - 1; i++ )
|
|
rnd_buf[i] = rnd_buf[i] << shift | rnd_buf[i+1] >> ( 8 - shift );
|
|
|
|
rnd_buf[rnd_info.length-1] <<= shift;
|
|
}
|
|
|
|
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, hash, hlen,
|
|
rnd_buffer_rand, &rnd_info ) == 0 );
|
|
|
|
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
TEST_ASSERT( ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
|
|
|
|
ecp_group_free( &grp );
|
|
ecp_point_free( &Q );
|
|
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
|
|
mpi_free( &r_check ); mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
|
|
void ecdsa_det_test_vectors( int id, char *d_str, int md_alg,
|
|
char *msg, char *r_str, char *s_str )
|
|
{
|
|
ecp_group grp;
|
|
mpi d, r, s, r_check, s_check;
|
|
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
|
size_t hlen;
|
|
const md_info_t *md_info;
|
|
|
|
ecp_group_init( &grp );
|
|
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
|
|
mpi_init( &r_check ); mpi_init( &s_check );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
|
|
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
|
|
TEST_ASSERT( ( md_info = md_info_from_type( md_alg ) ) != NULL );
|
|
hlen = md_info->size;
|
|
md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
|
|
|
TEST_ASSERT( ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 );
|
|
|
|
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
ecp_group_free( &grp );
|
|
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
|
|
mpi_free( &r_check ); mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_write_read_random( int id )
|
|
{
|
|
ecdsa_context ctx;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char hash[66];
|
|
unsigned char sig[200];
|
|
size_t sig_len, i;
|
|
|
|
ecdsa_init( &ctx );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
|
|
|
|
/* generate signing key */
|
|
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
|
|
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == 0 );
|
|
|
|
/* check we didn't write past the announced length */
|
|
for( i = sig_len; i < sizeof( sig ); i++ )
|
|
TEST_ASSERT( sig[i] == 0x2a );
|
|
|
|
/* try verification with invalid length */
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len - 1 ) != 0 );
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len + 1 ) != 0 );
|
|
|
|
/* try invalid sequence tag */
|
|
sig[0]++;
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[0]--;
|
|
|
|
/* try modifying r */
|
|
sig[10]++;
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[10]--;
|
|
|
|
/* try modifying s */
|
|
sig[sig_len - 1]++;
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[sig_len - 1]--;
|
|
|
|
ecdsa_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
|
|
void ecdsa_write_read_det_random( int id, int md_alg )
|
|
{
|
|
ecdsa_context ctx;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char msg[100];
|
|
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
|
unsigned char sig[200];
|
|
size_t sig_len;
|
|
|
|
ecdsa_init( &ctx );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 );
|
|
md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash );
|
|
|
|
/* generate signing key */
|
|
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ),
|
|
sig, &sig_len, md_alg ) == 0 );
|
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == 0 );
|
|
|
|
ecdsa_free( &ctx );
|
|
}
|
|
/* END_CASE */
|