mbedtls/tests/suites/test_suite_ecdsa.function
2013-08-20 20:04:16 +02:00

138 lines
4.4 KiB
Text

/* BEGIN_HEADER */
#include <polarssl/ecdsa.h>
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:POLARSSL_ECDSA_C:POLARSSL_ECP_C:POLARSSL_BIGNUM_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void ecdsa_prim_random( int id )
{
ecp_group grp;
ecp_point Q;
mpi d, r, s;
rnd_pseudo_info rnd_info;
unsigned char buf[66];
ecp_group_init( &grp );
ecp_point_init( &Q );
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
memset( buf, 0, sizeof( buf ) );
/* prepare material for signature */
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
char *k_str, char *hash_str, char *r_str,
char *s_str )
{
ecp_group grp;
ecp_point Q;
mpi d, r, s, r_check, s_check;
unsigned char buf[66];
size_t len;
ecp_group_init( &grp );
ecp_point_init( &Q );
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
mpi_init( &r_check ); mpi_init( &s_check );
memset( buf, 0, sizeof( buf ) );
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
TEST_ASSERT( ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
TEST_ASSERT( mpi_read_string( &d, 16, d_str ) == 0 );
TEST_ASSERT( mpi_read_string( &r_check, 16, r_str ) == 0 );
TEST_ASSERT( mpi_read_string( &s_check, 16, s_str ) == 0 );
len = unhexify(buf, hash_str);
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, len,
&not_rnd, k_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
TEST_ASSERT( ecdsa_verify( &grp, buf, len, &Q, &r_check, &s_check ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
mpi_free( &r_check ); mpi_free( &s_check );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdsa_write_read_random( int id )
{
ecdsa_context ctx;
rnd_pseudo_info rnd_info;
unsigned char hash[66];
unsigned char sig[200];
size_t sig_len, i;
ecdsa_init( &ctx );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0x2a, sizeof( sig ) );
/* prepare material for signature */
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
/* generate signing key */
TEST_ASSERT( ecp_use_known_dp( &ctx.grp, id ) == 0 );
TEST_ASSERT( ecp_gen_keypair( &ctx.grp, &ctx.d, &ctx.Q,
&rnd_pseudo_rand, &rnd_info ) == 0 );
/* generate and write signature, then read and verify it */
TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
/* check we didn't write past the announced length */
for( i = sig_len; i < sizeof( sig ); i++ )
TEST_ASSERT( sig[i] == 0x2a );
/* try verification with invalid length */
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len - 1 ) != 0 );
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len + 1 ) != 0 );
/* try invalid sequence tag */
sig[0]++;
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) != 0 );
sig[0]--;
/* try modifying r */
sig[10]++;
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) != 0 );
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) != 0 );
sig[sig_len - 1]--;
ecdsa_free( &ctx );
}
/* END_CASE */