Add test for restartable signature
Test relies on deterministic signature as this uses plain sig internally, so if deterministic works, then so does non-deterministic, while the reciprocal is false. (Also, deterministic is enabled by default in config.h.) Test case is taken from a RFC 6979 test vector, just manually converting (r,s) to the encoded signature.
This commit is contained in:
parent
addb10efac
commit
eb402f3cd3
2 changed files with 61 additions and 0 deletions
|
@ -265,3 +265,7 @@ ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387
|
|||
ECDSA restartable read-verify: max_ops=250
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":250:4:64
|
||||
|
||||
ECDSA restartable sign-write: secp256r1 restart disabled
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
|
||||
|
|
|
@ -264,3 +264,60 @@ exit:
|
|||
mbedtls_ecdsa_restart_free( &rs_ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
||||
char *msg, char *sig_str,
|
||||
int max_ops, int min_restart, int max_restart )
|
||||
{
|
||||
int ret, cnt_restart;
|
||||
mbedtls_ecdsa_restart_ctx rs_ctx;
|
||||
mbedtls_ecdsa_context ctx;
|
||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
||||
unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
|
||||
size_t hlen, slen, slen_check;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
mbedtls_ecdsa_restart_init( &rs_ctx );
|
||||
mbedtls_ecdsa_init( &ctx );
|
||||
memset( hash, 0, sizeof( hash ) );
|
||||
memset( sig, 0, sizeof( sig ) );
|
||||
memset( sig_check, 0, sizeof( sig_check ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
|
||||
slen_check = unhexify( sig_check, sig_str );
|
||||
|
||||
md_info = mbedtls_md_info_from_type( md_alg );
|
||||
TEST_ASSERT( md_info != NULL );
|
||||
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
||||
|
||||
mbedtls_ecp_set_max_ops( max_ops );
|
||||
|
||||
slen = sizeof( sig );
|
||||
cnt_restart = 0;
|
||||
do {
|
||||
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
||||
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
||||
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
||||
|
||||
TEST_ASSERT( ret == 0 );
|
||||
TEST_ASSERT( slen == slen_check );
|
||||
TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
|
||||
|
||||
TEST_ASSERT( cnt_restart >= min_restart );
|
||||
TEST_ASSERT( cnt_restart <= max_restart );
|
||||
|
||||
/* do we leak memory when aborting? */
|
||||
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
||||
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
|
||||
exit:
|
||||
mbedtls_ecdsa_restart_free( &rs_ctx );
|
||||
mbedtls_ecdsa_free( &ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue