TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 19d858e8e6c1e44136b79e10367ccf28f6b1585a / . / tests / suites / test_suite_ecdsa.function
blob: 48ce586beb9356842a5ba654f37e0e01617a19d1 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdsa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]9
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]10/* BEGIN_CASE */
11void ecdsa_prim_random( int id )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]12{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]13 mbedtls_ecp_group grp;
14 mbedtls_ecp_point Q;
15 mbedtls_mpi d, r, s;
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]16 rnd_pseudo_info rnd_info;
17 unsigned char buf[66];
18
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]19 mbedtls_ecp_group_init( &grp );
20 mbedtls_ecp_point_init( &Q );
21 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]22 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
Manuel Pégourié-Gonnard450a1632013-01-27 09:08:18 +0100[diff] [blame]23 memset( buf, 0, sizeof( buf ) );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]24
25 /* prepare material for signature */
26 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]27 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]29 == 0 );
30
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]32 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]34
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]35exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]36 mbedtls_ecp_group_free( &grp );
37 mbedtls_ecp_point_free( &Q );
38 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]39}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]40/* END_CASE */
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]41
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]42/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]43void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]44 char * yQ_str, data_t * rnd_buf,
45 data_t * hash, char * r_str, char * s_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]46 int result )
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]47{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48 mbedtls_ecp_group grp;
49 mbedtls_ecp_point Q;
50 mbedtls_mpi d, r, s, r_check, s_check;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]51 rnd_buf_info rnd_info;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]52
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]53 mbedtls_ecp_group_init( &grp );
54 mbedtls_ecp_point_init( &Q );
55 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
56 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]57
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]58 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]59 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
60 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
61 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
62 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]63 rnd_info.buf = rnd_buf->x;
64 rnd_info.length = rnd_buf->len;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]65
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]66 /* Fix rnd_buf->x by shifting it left if necessary */
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]67 if( grp.nbits % 8 != 0 )
68 {
69 unsigned char shift = 8 - ( grp.nbits % 8 );
70 size_t i;
71
72 for( i = 0; i < rnd_info.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]73 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]74
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]75 rnd_buf->x[rnd_info.length-1] <<= shift;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]76 }
77
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]78 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]79 rnd_buffer_rand, &rnd_info ) == result );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]80
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]81 if ( result == 0)
82 {
83 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
84 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]85
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]86 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]87 }
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]88
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]89exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90 mbedtls_ecp_group_free( &grp );
91 mbedtls_ecp_point_free( &Q );
92 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
93 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]94}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]95/* END_CASE */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]96
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]98void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
99 char * r_str, char * s_str )
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]100{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 mbedtls_ecp_group grp;
102 mbedtls_mpi d, r, s, r_check, s_check;
103 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]104 size_t hlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]105 const mbedtls_md_info_t *md_info;
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]106
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]107 mbedtls_ecp_group_init( &grp );
108 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
109 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]110 memset( hash, 0, sizeof( hash ) );
111
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]112 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
114 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
115 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]116
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]117 md_info = mbedtls_md_info_from_type( md_alg );
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]118 TEST_ASSERT( md_info != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]119 hlen = mbedtls_md_get_size( md_info );
120 mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]121
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]122 TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]123
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
125 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]126
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]127exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]128 mbedtls_ecp_group_free( &grp );
129 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
130 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]131}
132/* END_CASE */
133
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]134/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]135void ecdsa_write_read_random( int id )
136{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]137 mbedtls_ecdsa_context ctx;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]138 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]139 unsigned char hash[32];
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]140 unsigned char sig[200];
141 size_t sig_len, i;
142
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]143 mbedtls_ecdsa_init( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]144 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
145 memset( hash, 0, sizeof( hash ) );
146 memset( sig, 0x2a, sizeof( sig ) );
147
148 /* prepare material for signature */
149 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
150
151 /* generate signing key */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]152 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]153
154 /* generate and write signature, then read and verify it */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]155 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]156 hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]157 sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]158 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]159 sig, sig_len ) == 0 );
160
161 /* check we didn't write past the announced length */
162 for( i = sig_len; i < sizeof( sig ); i++ )
163 TEST_ASSERT( sig[i] == 0x2a );
164
165 /* try verification with invalid length */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]166 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]167 sig, sig_len - 1 ) != 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]169 sig, sig_len + 1 ) != 0 );
170
171 /* try invalid sequence tag */
172 sig[0]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]173 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]174 sig, sig_len ) != 0 );
175 sig[0]--;
176
177 /* try modifying r */
178 sig[10]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]179 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]180 sig, sig_len ) != 0 );
181 sig[10]--;
182
183 /* try modifying s */
184 sig[sig_len - 1]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]186 sig, sig_len ) != 0 );
187 sig[sig_len - 1]--;
188
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]189exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]190 mbedtls_ecdsa_free( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]191}
192/* END_CASE */
Manuel Pégourié-Gonnard937340b2014-01-06 10:27:16 +0100[diff] [blame]193