2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_HEADER */
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/ecdsa.h"
|
2022-08-08 09:49:10 +02:00
|
|
|
#include "legacy_or_psa.h"
|
|
|
|
|
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
|
|
|
|
|
( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) )
|
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
|
|
|
|
|
#endif
|
2022-08-11 15:19:42 +02:00
|
|
|
#define MBEDTLS_TEST_HASH_MAX_SIZE 64
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_HEADER */
|
2013-01-26 19:09:07 +01:00
|
|
|
|
2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_DEPENDENCIES
|
2015-04-08 12:49:31 +02:00
|
|
|
* depends_on:MBEDTLS_ECDSA_C
|
2013-08-20 11:48:36 +02:00
|
|
|
* END_DEPENDENCIES
|
|
|
|
|
*/
|
2013-01-26 19:09:07 +01:00
|
|
|
|
2021-04-07 19:16:18 +02:00
|
|
|
/* BEGIN_CASE */
|
|
|
|
|
void ecdsa_prim_zero( int id )
|
|
|
|
|
{
|
|
|
|
|
mbedtls_ecp_group grp;
|
|
|
|
|
mbedtls_ecp_point Q;
|
|
|
|
|
mbedtls_mpi d, r, s;
|
|
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
2022-08-11 15:19:42 +02:00
|
|
|
unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE];
|
2021-04-07 19:16:18 +02:00
|
|
|
|
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
|
|
|
mbedtls_ecp_point_init( &Q );
|
|
|
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
|
|
|
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
|
|
|
|
memset( buf, 0, sizeof( buf ) );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
|
|
|
|
|
|
|
|
|
|
exit:
|
|
|
|
|
mbedtls_ecp_group_free( &grp );
|
|
|
|
|
mbedtls_ecp_point_free( &Q );
|
|
|
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
|
|
|
|
|
2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_CASE */
|
|
|
|
|
void ecdsa_prim_random( int id )
|
2013-01-26 19:09:07 +01:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group grp;
|
|
|
|
|
mbedtls_ecp_point Q;
|
|
|
|
|
mbedtls_mpi d, r, s;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
2022-08-11 15:19:42 +02:00
|
|
|
unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE];
|
2013-01-26 19:09:07 +01:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
|
|
|
mbedtls_ecp_point_init( &Q );
|
|
|
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
2020-06-10 12:12:18 +02:00
|
|
|
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
2013-01-27 09:08:18 +01:00
|
|
|
memset( buf, 0, sizeof( buf ) );
|
2013-01-26 19:09:07 +01:00
|
|
|
|
2021-04-07 19:16:18 +02:00
|
|
|
/* prepare material for signature */
|
|
|
|
|
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
|
|
|
|
|
buf, sizeof( buf ) ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
|
2013-01-26 19:09:07 +01:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_free( &grp );
|
|
|
|
|
mbedtls_ecp_point_free( &Q );
|
|
|
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
2013-01-26 19:09:07 +01:00
|
|
|
}
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_CASE */
|
2013-01-27 08:10:28 +01:00
|
|
|
|
2013-08-20 11:48:36 +02:00
|
|
|
/* BEGIN_CASE */
|
2017-05-30 15:23:15 +02:00
|
|
|
void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
|
2018-06-29 12:05:32 +02:00
|
|
|
char * yQ_str, data_t * rnd_buf,
|
|
|
|
|
data_t * hash, char * r_str, char * s_str,
|
2017-05-30 15:23:15 +02:00
|
|
|
int result )
|
2013-01-27 08:10:28 +01:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group grp;
|
|
|
|
|
mbedtls_ecp_point Q;
|
2022-04-21 09:25:23 +02:00
|
|
|
mbedtls_mpi d, r, s, r_check, s_check, zero;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_buf_info rnd_info;
|
2013-01-27 08:10:28 +01:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
|
|
|
mbedtls_ecp_point_init( &Q );
|
|
|
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
|
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
2022-04-21 09:25:23 +02:00
|
|
|
mbedtls_mpi_init( &zero );
|
2013-01-27 08:10:28 +01:00
|
|
|
|
2015-05-11 18:46:47 +02:00
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
|
2022-07-07 12:02:27 +02:00
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
|
2021-03-24 00:48:57 +01:00
|
|
|
rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
|
|
|
|
|
rnd_info.fallback_p_rng = NULL;
|
2017-06-09 05:32:58 +02:00
|
|
|
rnd_info.buf = rnd_buf->x;
|
|
|
|
|
rnd_info.length = rnd_buf->len;
|
2014-01-06 11:00:07 +01:00
|
|
|
|
2017-06-09 05:32:58 +02:00
|
|
|
/* Fix rnd_buf->x by shifting it left if necessary */
|
2014-01-06 11:00:07 +01:00
|
|
|
if( grp.nbits % 8 != 0 )
|
|
|
|
|
{
|
|
|
|
|
unsigned char shift = 8 - ( grp.nbits % 8 );
|
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
for( i = 0; i < rnd_info.length - 1; i++ )
|
2017-06-09 05:32:58 +02:00
|
|
|
rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
|
2014-01-06 11:00:07 +01:00
|
|
|
|
2017-06-09 05:32:58 +02:00
|
|
|
rnd_buf->x[rnd_info.length-1] <<= shift;
|
2014-01-06 11:00:07 +01:00
|
|
|
}
|
2013-01-27 08:10:28 +01:00
|
|
|
|
2017-06-09 05:32:58 +02:00
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
|
2013-01-27 08:10:28 +01:00
|
|
|
|
2017-11-17 18:09:31 +01:00
|
|
|
if ( result == 0)
|
|
|
|
|
{
|
2022-04-21 09:25:23 +02:00
|
|
|
/* Check we generated the expected values */
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_mpi_cmp_mpi( &r, &r_check ), 0 );
|
|
|
|
|
TEST_EQUAL( mbedtls_mpi_cmp_mpi( &s, &s_check ), 0 );
|
|
|
|
|
|
|
|
|
|
/* Valid signature */
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
|
|
|
|
|
&Q, &r_check, &s_check ), 0 );
|
|
|
|
|
|
|
|
|
|
/* Invalid signature: wrong public key (G instead of Q) */
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
|
|
|
|
|
&grp.G, &r_check, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
|
|
|
|
|
/* Invalid signatures: r or s or both one off */
|
2022-04-21 09:25:23 +02:00
|
|
|
TEST_EQUAL( mbedtls_mpi_sub_int( &r, &r_check, 1 ), 0 );
|
|
|
|
|
TEST_EQUAL( mbedtls_mpi_add_int( &s, &s_check, 1 ), 0 );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
|
|
|
|
|
/* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
|
2022-04-21 09:25:23 +02:00
|
|
|
TEST_EQUAL( mbedtls_mpi_lset( &zero, 0 ), 0 );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&zero, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&r_check, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&zero, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
2022-04-21 09:25:23 +02:00
|
|
|
/* Invalid signatures: r, s or both are == N */
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&grp.N, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&r_check, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
2022-04-21 09:25:23 +02:00
|
|
|
&grp.N, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
2022-04-21 09:25:23 +02:00
|
|
|
/* Invalid signatures: r, s or both are negative */
|
|
|
|
|
TEST_EQUAL( mbedtls_mpi_sub_mpi( &r, &r_check, &grp.N ), 0 );
|
|
|
|
|
TEST_EQUAL( mbedtls_mpi_sub_mpi( &s, &s_check, &grp.N ), 0 );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
|
|
|
|
|
/* Invalid signatures: r or s or both are > N */
|
2022-04-21 09:25:23 +02:00
|
|
|
TEST_EQUAL( mbedtls_mpi_add_mpi( &r, &r_check, &grp.N ), 0 );
|
|
|
|
|
TEST_EQUAL( mbedtls_mpi_add_mpi( &s, &s_check, &grp.N ), 0 );
|
2022-04-20 10:34:22 +02:00
|
|
|
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
|
|
|
|
|
&r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2018-06-13 09:53:21 +02:00
|
|
|
}
|
2017-04-21 10:04:02 +02:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_free( &grp );
|
|
|
|
|
mbedtls_ecp_point_free( &Q );
|
|
|
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
|
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
2022-04-21 09:25:23 +02:00
|
|
|
mbedtls_mpi_free( &zero );
|
2013-01-27 08:10:28 +01:00
|
|
|
}
|
2013-08-20 11:48:36 +02:00
|
|
|
/* END_CASE */
|
2013-08-08 13:30:57 +02:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
|
2022-07-19 16:54:28 +02:00
|
|
|
void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, data_t * hash,
|
2017-05-30 15:23:15 +02:00
|
|
|
char * r_str, char * s_str )
|
2014-01-06 14:25:56 +01:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group grp;
|
|
|
|
|
mbedtls_mpi d, r, s, r_check, s_check;
|
2014-01-06 14:25:56 +01:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
|
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
|
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
2014-01-06 14:25:56 +01:00
|
|
|
|
2015-05-11 18:46:47 +02:00
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
2022-07-07 12:02:27 +02:00
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
|
2014-01-06 14:25:56 +01:00
|
|
|
|
2019-01-04 16:51:24 +01:00
|
|
|
TEST_ASSERT(
|
2022-07-19 16:54:28 +02:00
|
|
|
mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d,
|
|
|
|
|
hash->x, hash->len, md_alg,
|
|
|
|
|
mbedtls_test_rnd_std_rand,
|
2020-06-10 14:08:26 +02:00
|
|
|
NULL )
|
2019-01-04 16:51:24 +01:00
|
|
|
== 0 );
|
2014-01-06 14:25:56 +01:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
|
2014-01-06 14:25:56 +01:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecp_group_free( &grp );
|
|
|
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
|
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
2014-01-06 14:25:56 +01:00
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
|
|
|
|
|
2022-08-08 09:49:10 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC */
|
2021-04-07 19:16:18 +02:00
|
|
|
void ecdsa_write_read_zero( int id )
|
2013-08-08 13:30:57 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecdsa_context ctx;
|
2020-06-10 12:12:18 +02:00
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
2015-03-31 11:41:42 +02:00
|
|
|
unsigned char hash[32];
|
2013-08-08 13:30:57 +02:00
|
|
|
unsigned char sig[200];
|
|
|
|
|
size_t sig_len, i;
|
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecdsa_init( &ctx );
|
2020-06-10 12:12:18 +02:00
|
|
|
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
2013-08-08 13:30:57 +02:00
|
|
|
memset( hash, 0, sizeof( hash ) );
|
2021-04-07 19:16:18 +02:00
|
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
|
|
|
|
|
|
/* generate signing key */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
|
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
|
|
|
|
|
hash, sizeof( hash ),
|
2021-06-22 00:09:00 +02:00
|
|
|
sig, sizeof( sig ), &sig_len, &mbedtls_test_rnd_pseudo_rand,
|
2021-04-07 19:16:18 +02:00
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == 0 );
|
|
|
|
|
|
|
|
|
|
/* check we didn't write past the announced length */
|
|
|
|
|
for( i = sig_len; i < sizeof( sig ); i++ )
|
|
|
|
|
TEST_ASSERT( sig[i] == 0x2a );
|
|
|
|
|
|
|
|
|
|
/* try verification with invalid length */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len - 1 ) != 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len + 1 ) != 0 );
|
|
|
|
|
|
|
|
|
|
/* try invalid sequence tag */
|
|
|
|
|
sig[0]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) != 0 );
|
|
|
|
|
sig[0]--;
|
|
|
|
|
|
|
|
|
|
/* try modifying r */
|
|
|
|
|
sig[10]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
sig[10]--;
|
|
|
|
|
|
|
|
|
|
/* try modifying s */
|
|
|
|
|
sig[sig_len - 1]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
sig[sig_len - 1]--;
|
2021-04-06 19:55:17 +02:00
|
|
|
|
2021-04-07 19:16:18 +02:00
|
|
|
exit:
|
|
|
|
|
mbedtls_ecdsa_free( &ctx );
|
|
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
|
|
|
|
|
2022-08-08 09:49:10 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC */
|
2021-04-07 19:16:18 +02:00
|
|
|
void ecdsa_write_read_random( int id )
|
|
|
|
|
{
|
|
|
|
|
mbedtls_ecdsa_context ctx;
|
|
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
|
|
|
|
unsigned char hash[32];
|
|
|
|
|
unsigned char sig[200];
|
|
|
|
|
size_t sig_len, i;
|
|
|
|
|
|
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
|
|
|
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
|
|
|
|
memset( hash, 0, sizeof( hash ) );
|
|
|
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
|
|
|
|
|
|
/* prepare material for signature */
|
|
|
|
|
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
|
|
|
|
|
hash, sizeof( hash ) ) == 0 );
|
|
|
|
|
|
|
|
|
|
/* generate signing key */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
|
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
|
|
|
|
|
hash, sizeof( hash ),
|
2021-06-22 00:09:00 +02:00
|
|
|
sig, sizeof( sig ), &sig_len, &mbedtls_test_rnd_pseudo_rand,
|
2021-04-07 19:16:18 +02:00
|
|
|
&rnd_info ) == 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == 0 );
|
|
|
|
|
|
|
|
|
|
/* check we didn't write past the announced length */
|
|
|
|
|
for( i = sig_len; i < sizeof( sig ); i++ )
|
|
|
|
|
TEST_ASSERT( sig[i] == 0x2a );
|
|
|
|
|
|
|
|
|
|
/* try verification with invalid length */
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len - 1 ) != 0 );
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len + 1 ) != 0 );
|
|
|
|
|
|
|
|
|
|
/* try invalid sequence tag */
|
|
|
|
|
sig[0]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) != 0 );
|
|
|
|
|
sig[0]--;
|
|
|
|
|
|
|
|
|
|
/* try modifying r */
|
|
|
|
|
sig[10]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
sig[10]--;
|
|
|
|
|
|
|
|
|
|
/* try modifying s */
|
|
|
|
|
sig[sig_len - 1]++;
|
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
|
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
|
|
|
sig[sig_len - 1]--;
|
2013-08-08 13:30:57 +02:00
|
|
|
|
2014-07-10 15:26:12 +02:00
|
|
|
exit:
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ecdsa_free( &ctx );
|
2013-08-08 13:30:57 +02:00
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
2014-01-06 10:27:16 +01:00
|
|
|
|
2017-04-21 11:04:47 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
|
2020-06-25 09:03:34 +02:00
|
|
|
void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
|
2017-04-21 11:04:47 +02:00
|
|
|
int max_ops, int min_restart, int max_restart )
|
|
|
|
|
{
|
|
|
|
|
mbedtls_ecdsa_context ctx;
|
|
|
|
|
mbedtls_ecdsa_restart_ctx rs_ctx;
|
|
|
|
|
int ret, cnt_restart;
|
|
|
|
|
|
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
|
|
|
mbedtls_ecdsa_restart_init( &rs_ctx );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
|
2020-06-25 09:03:34 +02:00
|
|
|
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
|
|
|
|
|
pk->x, pk->len ) == 0 );
|
2017-04-21 11:04:47 +02:00
|
|
|
|
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
|
|
|
|
|
|
cnt_restart = 0;
|
|
|
|
|
do {
|
|
|
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
2020-06-25 09:03:34 +02:00
|
|
|
hash->x, hash->len, sig->x, sig->len, &rs_ctx );
|
2017-04-21 11:04:47 +02:00
|
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
|
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
|
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
|
|
|
|
|
|
/* try modifying r */
|
2020-06-25 09:03:34 +02:00
|
|
|
|
|
|
|
|
TEST_ASSERT( sig->len > 10 );
|
|
|
|
|
sig->x[10]++;
|
2017-04-21 11:04:47 +02:00
|
|
|
do {
|
|
|
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
2020-06-25 09:03:34 +02:00
|
|
|
hash->x, hash->len, sig->x, sig->len, &rs_ctx );
|
2017-04-21 11:04:47 +02:00
|
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
|
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2020-06-25 09:03:34 +02:00
|
|
|
sig->x[10]--;
|
2017-04-21 11:04:47 +02:00
|
|
|
|
|
|
|
|
/* try modifying s */
|
2020-06-25 09:03:34 +02:00
|
|
|
sig->x[sig->len - 1]++;
|
2017-04-21 11:04:47 +02:00
|
|
|
do {
|
|
|
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
2020-06-25 09:03:34 +02:00
|
|
|
hash->x, hash->len, sig->x, sig->len, &rs_ctx );
|
2017-04-21 11:04:47 +02:00
|
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
|
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
2020-06-25 09:03:34 +02:00
|
|
|
sig->x[sig->len - 1]--;
|
2017-04-21 11:04:47 +02:00
|
|
|
|
2017-08-28 12:20:39 +02:00
|
|
|
/* Do we leak memory when aborting an operation?
|
|
|
|
|
* This test only makes sense when we actually restart */
|
|
|
|
|
if( min_restart > 0 )
|
|
|
|
|
{
|
|
|
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
2020-06-25 09:03:34 +02:00
|
|
|
hash->x, hash->len, sig->x, sig->len, &rs_ctx );
|
2017-08-28 12:20:39 +02:00
|
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
|
|
|
}
|
2017-04-21 11:04:47 +02:00
|
|
|
|
|
|
|
|
exit:
|
|
|
|
|
mbedtls_ecdsa_free( &ctx );
|
|
|
|
|
mbedtls_ecdsa_restart_free( &rs_ctx );
|
|
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
2017-04-25 10:57:30 +02:00
|
|
|
|
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
|
|
|
void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
2022-07-19 16:54:28 +02:00
|
|
|
data_t *hash, data_t *sig_check,
|
2017-04-25 10:57:30 +02:00
|
|
|
int max_ops, int min_restart, int max_restart )
|
|
|
|
|
{
|
|
|
|
|
int ret, cnt_restart;
|
|
|
|
|
mbedtls_ecdsa_restart_ctx rs_ctx;
|
|
|
|
|
mbedtls_ecdsa_context ctx;
|
|
|
|
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
2022-07-19 16:54:28 +02:00
|
|
|
size_t slen;
|
2017-04-25 10:57:30 +02:00
|
|
|
|
|
|
|
|
mbedtls_ecdsa_restart_init( &rs_ctx );
|
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
|
|
|
memset( sig, 0, sizeof( sig ) );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
|
2022-07-07 12:02:27 +02:00
|
|
|
TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, d_str ) == 0 );
|
2017-04-25 10:57:30 +02:00
|
|
|
|
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
|
|
|
|
|
|
slen = sizeof( sig );
|
|
|
|
|
cnt_restart = 0;
|
|
|
|
|
do {
|
|
|
|
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
2022-07-19 16:54:28 +02:00
|
|
|
md_alg, hash->x, hash->len, sig, sizeof( sig ), &slen,
|
2021-06-22 00:09:00 +02:00
|
|
|
mbedtls_test_rnd_std_rand, NULL, &rs_ctx );
|
2017-04-25 10:57:30 +02:00
|
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
|
|
|
|
|
|
TEST_ASSERT( ret == 0 );
|
2020-06-25 09:03:34 +02:00
|
|
|
TEST_ASSERT( slen == sig_check->len );
|
|
|
|
|
TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
|
2017-04-25 10:57:30 +02:00
|
|
|
|
|
|
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
|
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
|
|
2017-08-28 12:20:39 +02:00
|
|
|
/* Do we leak memory when aborting an operation?
|
|
|
|
|
* This test only makes sense when we actually restart */
|
|
|
|
|
if( min_restart > 0 )
|
|
|
|
|
{
|
|
|
|
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
2022-07-19 16:54:28 +02:00
|
|
|
md_alg, hash->x, hash->len, sig, sizeof( sig ), &slen,
|
2021-06-22 00:09:00 +02:00
|
|
|
mbedtls_test_rnd_std_rand, NULL, &rs_ctx );
|
2017-08-28 12:20:39 +02:00
|
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
|
|
|
}
|
2017-04-25 10:57:30 +02:00
|
|
|
|
|
|
|
|
exit:
|
|
|
|
|
mbedtls_ecdsa_restart_free( &rs_ctx );
|
|
|
|
|
mbedtls_ecdsa_free( &ctx );
|
|
|
|
|
}
|
|
|
|
|
/* END_CASE */
|
