/* BEGIN_HEADER */ #include /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:POLARSSL_ECDSA_C:POLARSSL_ECP_C:POLARSSL_BIGNUM_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void ecdsa_prim_random( int id ) { ecp_group grp; ecp_point Q; mpi d, r, s; rnd_pseudo_info rnd_info; unsigned char buf[66]; ecp_group_init( &grp ); ecp_point_init( &Q ); mpi_init( &d ); mpi_init( &r ); mpi_init( &s ); memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); memset( buf, 0, sizeof( buf ) ); /* prepare material for signature */ TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 ); TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); ecp_group_free( &grp ); ecp_point_free( &Q ); mpi_free( &d ); mpi_free( &r ); mpi_free( &s ); } /* END_CASE */ /* BEGIN_CASE */ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, char *k_str, char *hash_str, char *r_str, char *s_str ) { ecp_group grp; ecp_point Q; mpi d, r, s, r_check, s_check; unsigned char buf[66]; size_t len; ecp_group_init( &grp ); ecp_point_init( &Q ); mpi_init( &d ); mpi_init( &r ); mpi_init( &s ); mpi_init( &r_check ); mpi_init( &s_check ); memset( buf, 0, sizeof( buf ) ); TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 ); TEST_ASSERT( ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); TEST_ASSERT( mpi_read_string( &d, 16, d_str ) == 0 ); TEST_ASSERT( mpi_read_string( &r_check, 16, r_str ) == 0 ); TEST_ASSERT( mpi_read_string( &s_check, 16, s_str ) == 0 ); len = unhexify(buf, hash_str); TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, len, ¬_rnd, k_str ) == 0 ); TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 ); TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 ); TEST_ASSERT( ecdsa_verify( &grp, buf, len, &Q, &r_check, &s_check ) == 0 ); ecp_group_free( &grp ); ecp_point_free( &Q ); mpi_free( &d ); mpi_free( &r ); mpi_free( &s ); mpi_free( &r_check ); mpi_free( &s_check ); } /* END_CASE */ /* BEGIN_CASE */ void ecdsa_write_read_random( int id ) { ecdsa_context ctx; rnd_pseudo_info rnd_info; unsigned char hash[66]; unsigned char sig[200]; size_t sig_len, i; ecdsa_init( &ctx ); memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0x2a, sizeof( sig ) ); /* prepare material for signature */ TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); /* generate signing key */ TEST_ASSERT( ecp_use_known_dp( &ctx.grp, id ) == 0 ); TEST_ASSERT( ecp_gen_keypair( &ctx.grp, &ctx.d, &ctx.Q, &rnd_pseudo_rand, &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ), sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); /* check we didn't write past the announced length */ for( i = sig_len; i < sizeof( sig ); i++ ) TEST_ASSERT( sig[i] == 0x2a ); /* try verification with invalid length */ TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len - 1 ) != 0 ); TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len + 1 ) != 0 ); /* try invalid sequence tag */ sig[0]++; TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) != 0 ); sig[0]--; /* try modifying r */ sig[10]++; TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) != 0 ); sig[10]--; /* try modifying s */ sig[sig_len - 1]++; TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) != 0 ); sig[sig_len - 1]--; ecdsa_free( &ctx ); } /* END_CASE */