Fix the Changelog and extend tests to cover the hash of all-bits zero

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz 2021-04-06 19:55:17 +02:00
parent 782a7eab14
commit 5feb6702dd
2 changed files with 78 additions and 50 deletions

View file

@ -1,4 +1,4 @@
Bugfix
* Fix a bug in ECDSA that would cause it to fail when the payload is all-bits
* Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
zero.
Fixes #1792

View file

@ -212,6 +212,7 @@ void ecdsa_prim_random( int id )
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
int test_runs = 2;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
@ -219,18 +220,31 @@ void ecdsa_prim_random( int id )
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( buf, 0, sizeof( buf ) );
/* prepare material for signature */
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
buf, sizeof( buf ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
while ( test_runs-- )
{
/* prepare material for signature */
if ( test_runs == 1 )
{
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
buf, sizeof( buf ) )
== 0 );
} else {
TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL,
buf, sizeof( buf ) )
== 0 );
}
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s )
== 0 );
}
exit:
mbedtls_ecp_group_free( &grp );
@ -354,56 +368,70 @@ void ecdsa_write_read_random( int id )
unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
int test_runs = 2;
mbedtls_ecdsa_init( &ctx );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0x2a, sizeof( sig ) );
/* prepare material for signature */
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
hash, sizeof( hash ) ) == 0 );
while ( test_runs-- )
{
memset( sig, 0x2a, sizeof( sig ) );
/* generate signing key */
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
/* prepare material for signature */
if ( test_runs == 1 )
{
TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
hash, sizeof( hash ) )
== 0 );
} else {
TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL,
hash, sizeof( hash ) )
== 0 );
}
/* generate and write signature, then read and verify it */
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
hash, sizeof( hash ),
sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
/* generate signing key */
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
/* check we didn't write past the announced length */
for( i = sig_len; i < sizeof( sig ); i++ )
TEST_ASSERT( sig[i] == 0x2a );
/* generate and write signature, then read and verify it */
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
hash, sizeof( hash ),
sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
/* try verification with invalid length */
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len - 1 ) != 0 );
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len + 1 ) != 0 );
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
/* try invalid sequence tag */
sig[0]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) != 0 );
sig[0]--;
/* check we didn't write past the announced length */
for( i = sig_len; i < sizeof( sig ); i++ )
TEST_ASSERT( sig[i] == 0x2a );
/* try modifying r */
sig[10]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[10]--;
/* try verification with invalid length */
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len - 1 ) != 0 );
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len + 1 ) != 0 );
/* try modifying s */
sig[sig_len - 1]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[sig_len - 1]--;
/* try invalid sequence tag */
sig[0]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) != 0 );
sig[0]--;
/* try modifying r */
sig[10]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[sig_len - 1]--;
}
exit:
mbedtls_ecdsa_free( &ctx );