TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 480f683d15d63d4c9b870ae406da6166622d13da / . / tests / suites / test_suite_ecdsa.function
blob: 1ca7c39712e7ecd659ec4d24bd558e8405b08db8 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdsa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]9
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
11void ecdsa_invalid_param( )
12{
13 mbedtls_ecdsa_context ctx;
14 mbedtls_ecp_keypair key;
15 mbedtls_ecp_group grp;
16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
17 mbedtls_ecp_point P;
18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
19 mbedtls_mpi m;
20 size_t slen;
21 unsigned char buf[42] = { 0 };
22
Gabor Mezei1b5800d2022-09-28 15:45:59 +0200[diff] [blame]23 mbedtls_ecdsa_init( &ctx );
24 mbedtls_ecp_keypair_init( &key );
25 mbedtls_ecp_group_init( &grp );
26 mbedtls_ecp_point_init( &P );
27 mbedtls_mpi_init( &m );
28
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]29 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
30 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
31
32#if defined(MBEDTLS_ECP_RESTARTABLE)
33 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
34 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
35#endif /* MBEDTLS_ECP_RESTARTABLE */
36
37 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
38 mbedtls_ecdsa_sign( NULL, &m, &m, &m,
39 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]40 mbedtls_test_rnd_std_rand,
41 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]42 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
43 mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
44 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]45 mbedtls_test_rnd_std_rand,
46 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
48 mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
49 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]50 mbedtls_test_rnd_std_rand,
51 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]52 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
53 mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
54 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]55 mbedtls_test_rnd_std_rand,
56 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]57 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
58 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
59 NULL, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]60 mbedtls_test_rnd_std_rand,
61 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]62 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
63 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
64 buf, sizeof( buf ),
65 NULL, NULL ) );
66
67#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
68 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]69 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
70 buf, sizeof( buf ),
71 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]72 mbedtls_test_rnd_std_rand,
73 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]74 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]75 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
76 buf, sizeof( buf ),
77 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]78 mbedtls_test_rnd_std_rand,
79 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]81 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
82 buf, sizeof( buf ),
83 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]84 mbedtls_test_rnd_std_rand,
85 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]87 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
88 buf, sizeof( buf ),
89 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]90 mbedtls_test_rnd_std_rand,
91 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]92 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]93 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
94 NULL, sizeof( buf ),
95 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]96 mbedtls_test_rnd_std_rand,
97 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]98#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
99
100 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
101 mbedtls_ecdsa_verify( NULL,
102 buf, sizeof( buf ),
103 &P, &m, &m ) );
104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
105 mbedtls_ecdsa_verify( &grp,
106 NULL, sizeof( buf ),
107 &P, &m, &m ) );
108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
109 mbedtls_ecdsa_verify( &grp,
110 buf, sizeof( buf ),
111 NULL, &m, &m ) );
112 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
113 mbedtls_ecdsa_verify( &grp,
114 buf, sizeof( buf ),
115 &P, NULL, &m ) );
116 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
117 mbedtls_ecdsa_verify( &grp,
118 buf, sizeof( buf ),
119 &P, &m, NULL ) );
120
121 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]122 mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
123 buf, &slen, mbedtls_test_rnd_std_rand,
124 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]125
126 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]127 mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
128 buf, &slen, mbedtls_test_rnd_std_rand,
129 NULL ) );
130
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]131 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]132 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
133 NULL, &slen, mbedtls_test_rnd_std_rand,
134 NULL ) );
135
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]137 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
138 buf, NULL, mbedtls_test_rnd_std_rand,
139 NULL ) );
140
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]142 mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
143 sizeof( buf ), buf, &slen,
144 mbedtls_test_rnd_std_rand,
145 NULL, NULL ) );
146
147 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
148 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
149 sizeof( buf ), buf, &slen,
150 mbedtls_test_rnd_std_rand,
151 NULL, NULL ) );
152
153 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
154 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
155 sizeof( buf ), NULL, &slen,
156 mbedtls_test_rnd_std_rand,
157 NULL, NULL ) );
158
159 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
160 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
161 sizeof( buf ), buf, NULL,
162 mbedtls_test_rnd_std_rand,
163 NULL, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]164
165 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
166 mbedtls_ecdsa_read_signature( NULL,
167 buf, sizeof( buf ),
168 buf, sizeof( buf ) ) );
169 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
170 mbedtls_ecdsa_read_signature( &ctx,
171 NULL, sizeof( buf ),
172 buf, sizeof( buf ) ) );
173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
174 mbedtls_ecdsa_read_signature( &ctx,
175 buf, sizeof( buf ),
176 NULL, sizeof( buf ) ) );
177
178 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
179 mbedtls_ecdsa_read_signature_restartable( NULL,
180 buf, sizeof( buf ),
181 buf, sizeof( buf ),
182 NULL ) );
183 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
184 mbedtls_ecdsa_read_signature_restartable( &ctx,
185 NULL, sizeof( buf ),
186 buf, sizeof( buf ),
187 NULL ) );
188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
189 mbedtls_ecdsa_read_signature_restartable( &ctx,
190 buf, sizeof( buf ),
191 NULL, sizeof( buf ),
192 NULL ) );
193
194 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
195 mbedtls_ecdsa_genkey( NULL, valid_group,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]196 mbedtls_test_rnd_std_rand,
197 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]198 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
199 mbedtls_ecdsa_genkey( &ctx, valid_group,
200 NULL, NULL ) );
201
202
203 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
204 mbedtls_ecdsa_from_keypair( NULL, &key ) );
205 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
206 mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
207
208exit:
Gabor Mezei1b5800d2022-09-28 15:45:59 +0200[diff] [blame]209 mbedtls_ecdsa_free( &ctx );
210 mbedtls_ecp_keypair_free( &key );
211 mbedtls_ecp_group_free( &grp );
212 mbedtls_ecp_point_free( &P );
213 mbedtls_mpi_free( &m );
214
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]215 return;
216}
217/* END_CASE */
218
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]219/* BEGIN_CASE */
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]220void ecdsa_prim_zero( int id )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]221{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]222 mbedtls_ecp_group grp;
223 mbedtls_ecp_point Q;
224 mbedtls_mpi d, r, s;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]225 mbedtls_test_rnd_pseudo_info rnd_info;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]226 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]227
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 mbedtls_ecp_group_init( &grp );
229 mbedtls_ecp_point_init( &Q );
230 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]231 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnard450a1632013-01-27 09:08:18 +0100[diff] [blame]232 memset( buf, 0, sizeof( buf ) );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]233
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]234 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
235 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
236 &mbedtls_test_rnd_pseudo_rand,
237 &rnd_info ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]238
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]239 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
240 &mbedtls_test_rnd_pseudo_rand,
241 &rnd_info ) == 0 );
242 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
TRodziewicz5feb6702021-04-06 19:55:17 +0200[diff] [blame]243
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]244exit:
245 mbedtls_ecp_group_free( &grp );
246 mbedtls_ecp_point_free( &Q );
247 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
248}
249/* END_CASE */
250
251/* BEGIN_CASE */
252void ecdsa_prim_random( int id )
253{
254 mbedtls_ecp_group grp;
255 mbedtls_ecp_point Q;
256 mbedtls_mpi d, r, s;
257 mbedtls_test_rnd_pseudo_info rnd_info;
258 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
259
260 mbedtls_ecp_group_init( &grp );
261 mbedtls_ecp_point_init( &Q );
262 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
263 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
264 memset( buf, 0, sizeof( buf ) );
265
266 /* prepare material for signature */
267 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
268 buf, sizeof( buf ) ) == 0 );
269 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
270 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
271 &mbedtls_test_rnd_pseudo_rand,
272 &rnd_info ) == 0 );
273
274 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
275 &mbedtls_test_rnd_pseudo_rand,
276 &rnd_info ) == 0 );
277 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]278
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]279exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]280 mbedtls_ecp_group_free( &grp );
281 mbedtls_ecp_point_free( &Q );
282 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]283}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]284/* END_CASE */
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]285
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]286/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]287void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]288 char * yQ_str, data_t * rnd_buf,
289 data_t * hash, char * r_str, char * s_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]290 int result )
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]291{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292 mbedtls_ecp_group grp;
293 mbedtls_ecp_point Q;
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]294 mbedtls_mpi d, r, s, r_check, s_check, zero;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]295 mbedtls_test_rnd_buf_info rnd_info;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]296
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]297 mbedtls_ecp_group_init( &grp );
298 mbedtls_ecp_point_init( &Q );
299 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
300 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]301 mbedtls_mpi_init( &zero );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]302
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]303 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]304 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
Werner Lewis24b60782022-07-07 15:08:17 +0100[diff] [blame]305 TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
306 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
307 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]308 rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
309 rnd_info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]310 rnd_info.buf = rnd_buf->x;
311 rnd_info.length = rnd_buf->len;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]312
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]313 /* Fix rnd_buf->x by shifting it left if necessary */
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]314 if( grp.nbits % 8 != 0 )
315 {
316 unsigned char shift = 8 - ( grp.nbits % 8 );
317 size_t i;
318
319 for( i = 0; i < rnd_info.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]320 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]321
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]322 rnd_buf->x[rnd_info.length-1] <<= shift;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]323 }
324
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]325 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]326 mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]327
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]328 if ( result == 0)
329 {
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]330 /* Check we generated the expected values */
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]331 TEST_EQUAL( mbedtls_mpi_cmp_mpi( &r, &r_check ), 0 );
332 TEST_EQUAL( mbedtls_mpi_cmp_mpi( &s, &s_check ), 0 );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]333
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]334 /* Valid signature */
335 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
336 &Q, &r_check, &s_check ), 0 );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]337
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]338 /* Invalid signature: wrong public key (G instead of Q) */
339 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
340 &grp.G, &r_check, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]341
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]342 /* Invalid signatures: r or s or both one off */
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]343 TEST_EQUAL( mbedtls_mpi_sub_int( &r, &r_check, 1 ), 0 );
344 TEST_EQUAL( mbedtls_mpi_add_int( &s, &s_check, 1 ), 0 );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]345
346 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
347 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
348 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
349 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
350 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
351 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
352
353 /* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]354 TEST_EQUAL( mbedtls_mpi_lset( &zero, 0 ), 0 );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]355
356 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]357 &zero, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]358 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]359 &r_check, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]360 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]361 &zero, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]362
363 /* Invalid signatures: r, s or both are == N */
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]364 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
365 &grp.N, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
366 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
367 &r_check, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
368 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
369 &grp.N, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
370
371 /* Invalid signatures: r, s or both are negative */
372 TEST_EQUAL( mbedtls_mpi_sub_mpi( &r, &r_check, &grp.N ), 0 );
373 TEST_EQUAL( mbedtls_mpi_sub_mpi( &s, &s_check, &grp.N ), 0 );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]374
375 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
376 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
377 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
378 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
379 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
380 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
381
382 /* Invalid signatures: r or s or both are > N */
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]383 TEST_EQUAL( mbedtls_mpi_add_mpi( &r, &r_check, &grp.N ), 0 );
384 TEST_EQUAL( mbedtls_mpi_add_mpi( &s, &s_check, &grp.N ), 0 );
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame]385
386 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
387 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
388 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
389 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
390 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
391 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]392 }
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]393
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]394exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]395 mbedtls_ecp_group_free( &grp );
396 mbedtls_ecp_point_free( &Q );
397 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
398 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard5aeb61c2022-04-21 09:25:23 +0200[diff] [blame]399 mbedtls_mpi_free( &zero );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]400}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]401/* END_CASE */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]404void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
405 char * r_str, char * s_str )
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]406{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 mbedtls_ecp_group grp;
408 mbedtls_mpi d, r, s, r_check, s_check;
409 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]410 size_t hlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411 const mbedtls_md_info_t *md_info;
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]412
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]413 mbedtls_ecp_group_init( &grp );
414 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
415 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]416 memset( hash, 0, sizeof( hash ) );
417
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]418 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Werner Lewis24b60782022-07-07 15:08:17 +0100[diff] [blame]419 TEST_ASSERT( mbedtls_test_read_mpi( &d, d_str ) == 0 );
420 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, r_str ) == 0 );
421 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, s_str ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]422
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]423 md_info = mbedtls_md_info_from_type( md_alg );
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]424 TEST_ASSERT( md_info != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425 hlen = mbedtls_md_get_size( md_info );
Hanno Becker198611d2018-10-17 13:58:19 +0100[diff] [blame]426 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
427 strlen( msg ), hash ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]428
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]429 TEST_ASSERT(
430 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]431 md_alg, mbedtls_test_rnd_std_rand,
432 NULL )
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]433 == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]434
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]435 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
436 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]437
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]438exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]439 mbedtls_ecp_group_free( &grp );
440 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
441 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]442}
443/* END_CASE */
444
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]446void ecdsa_write_read_zero( int id )
447{
448 mbedtls_ecdsa_context ctx;
449 mbedtls_test_rnd_pseudo_info rnd_info;
450 unsigned char hash[32];
451 unsigned char sig[200];
452 size_t sig_len, i;
453
454 mbedtls_ecdsa_init( &ctx );
455 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
456 memset( hash, 0, sizeof( hash ) );
457 memset( sig, 0x2a, sizeof( sig ) );
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]458
459 /* generate signing key */
460 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
461 &mbedtls_test_rnd_pseudo_rand,
462 &rnd_info ) == 0 );
463
464 /* generate and write signature, then read and verify it */
465 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
466 hash, sizeof( hash ),
467 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
468 &rnd_info ) == 0 );
469 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
470 sig, sig_len ) == 0 );
471
472 /* check we didn't write past the announced length */
473 for( i = sig_len; i < sizeof( sig ); i++ )
474 TEST_ASSERT( sig[i] == 0x2a );
475
476 /* try verification with invalid length */
477 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
478 sig, sig_len - 1 ) != 0 );
479 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
480 sig, sig_len + 1 ) != 0 );
481
482 /* try invalid sequence tag */
483 sig[0]++;
484 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
485 sig, sig_len ) != 0 );
486 sig[0]--;
487
488 /* try modifying r */
489 sig[10]++;
490 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
491 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
492 sig[10]--;
493
494 /* try modifying s */
495 sig[sig_len - 1]++;
496 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
497 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
498 sig[sig_len - 1]--;
499
500exit:
501 mbedtls_ecdsa_free( &ctx );
502}
503/* END_CASE */
504
505/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]506void ecdsa_write_read_random( int id )
507{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]508 mbedtls_ecdsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]509 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]510 unsigned char hash[32];
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]511 unsigned char sig[200];
512 size_t sig_len, i;
513
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514 mbedtls_ecdsa_init( &ctx );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]515 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]516 memset( hash, 0, sizeof( hash ) );
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]517 memset( sig, 0x2a, sizeof( sig ) );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]518
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]519 /* prepare material for signature */
520 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
521 hash, sizeof( hash ) ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]522
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]523 /* generate signing key */
524 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
525 &mbedtls_test_rnd_pseudo_rand,
526 &rnd_info ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]527
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]528 /* generate and write signature, then read and verify it */
529 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
530 hash, sizeof( hash ),
531 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
532 &rnd_info ) == 0 );
533 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
534 sig, sig_len ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]535
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]536 /* check we didn't write past the announced length */
537 for( i = sig_len; i < sizeof( sig ); i++ )
538 TEST_ASSERT( sig[i] == 0x2a );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]539
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]540 /* try verification with invalid length */
541 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
542 sig, sig_len - 1 ) != 0 );
543 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
544 sig, sig_len + 1 ) != 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]545
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]546 /* try invalid sequence tag */
547 sig[0]++;
548 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
549 sig, sig_len ) != 0 );
550 sig[0]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]551
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]552 /* try modifying r */
553 sig[10]++;
554 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
555 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
556 sig[10]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]557
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]558 /* try modifying s */
559 sig[sig_len - 1]++;
560 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
561 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
562 sig[sig_len - 1]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]563
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]564exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]565 mbedtls_ecdsa_free( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]566}
567/* END_CASE */
Manuel Pégourié-Gonnard937340b2014-01-06 10:27:16 +0100[diff] [blame]568
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]569/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]570void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]571 int max_ops, int min_restart, int max_restart )
572{
573 mbedtls_ecdsa_context ctx;
574 mbedtls_ecdsa_restart_ctx rs_ctx;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]575 int ret, cnt_restart;
576
577 mbedtls_ecdsa_init( &ctx );
578 mbedtls_ecdsa_restart_init( &rs_ctx );
579
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]580 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]581 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
582 pk->x, pk->len ) == 0 );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]583
584 mbedtls_ecp_set_max_ops( max_ops );
585
586 cnt_restart = 0;
587 do {
588 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]589 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]590 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
591
592 TEST_ASSERT( ret == 0 );
593 TEST_ASSERT( cnt_restart >= min_restart );
594 TEST_ASSERT( cnt_restart <= max_restart );
595
596 /* try modifying r */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]597
598 TEST_ASSERT( sig->len > 10 );
599 sig->x[10]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]600 do {
601 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]602 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]603 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
604 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]605 sig->x[10]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]606
607 /* try modifying s */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]608 sig->x[sig->len - 1]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]609 do {
610 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]611 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]612 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
613 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]614 sig->x[sig->len - 1]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]615
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]616 /* Do we leak memory when aborting an operation?
617 * This test only makes sense when we actually restart */
618 if( min_restart > 0 )
619 {
620 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]621 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]622 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
623 }
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]624
625exit:
626 mbedtls_ecdsa_free( &ctx );
627 mbedtls_ecdsa_restart_free( &rs_ctx );
628}
629/* END_CASE */
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]630
631/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
632void ecdsa_write_restart( int id, char *d_str, int md_alg,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]633 char *msg, data_t *sig_check,
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]634 int max_ops, int min_restart, int max_restart )
635{
636 int ret, cnt_restart;
637 mbedtls_ecdsa_restart_ctx rs_ctx;
638 mbedtls_ecdsa_context ctx;
639 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
640 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]641 size_t hlen, slen;
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]642 const mbedtls_md_info_t *md_info;
643
644 mbedtls_ecdsa_restart_init( &rs_ctx );
645 mbedtls_ecdsa_init( &ctx );
646 memset( hash, 0, sizeof( hash ) );
647 memset( sig, 0, sizeof( sig ) );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]648
649 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
Werner Lewis24b60782022-07-07 15:08:17 +0100[diff] [blame]650 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, d_str ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]651
652 md_info = mbedtls_md_info_from_type( md_alg );
653 TEST_ASSERT( md_info != NULL );
654
655 hlen = mbedtls_md_get_size( md_info );
Gilles Peskine84984ae2020-01-21 16:52:08 +0100[diff] [blame]656 TEST_ASSERT( mbedtls_md( md_info,
657 (const unsigned char *) msg, strlen( msg ),
658 hash ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]659
660 mbedtls_ecp_set_max_ops( max_ops );
661
662 slen = sizeof( sig );
663 cnt_restart = 0;
664 do {
665 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
666 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
667 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
668
669 TEST_ASSERT( ret == 0 );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]670 TEST_ASSERT( slen == sig_check->len );
671 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]672
673 TEST_ASSERT( cnt_restart >= min_restart );
674 TEST_ASSERT( cnt_restart <= max_restart );
675
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]676 /* Do we leak memory when aborting an operation?
677 * This test only makes sense when we actually restart */
678 if( min_restart > 0 )
679 {
680 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
681 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
682 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
683 }
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]684
685exit:
686 mbedtls_ecdsa_restart_free( &rs_ctx );
687 mbedtls_ecdsa_free( &ctx );
688}
689/* END_CASE */
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]690
691/* BEGIN_CASE */
Dave Rodgman53cac342022-08-19 11:26:32 +0100[diff] [blame]692void ecdsa_verify( int grp_id, char * x, char * y, char * r, char * s, data_t * content, int expected )
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]693{
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]694 mbedtls_ecdsa_context ctx;
695 mbedtls_mpi sig_r, sig_s;
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]696
697 mbedtls_ecdsa_init( &ctx );
698 mbedtls_mpi_init( &sig_r );
699 mbedtls_mpi_init( &sig_s );
700
701 /* Prepare ECP group context */
Dave Rodgman584200c2022-10-27 20:24:46 +0100[diff] [blame]702 TEST_EQUAL( mbedtls_ecp_group_load( &ctx.grp, grp_id ), 0 );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]703
704 /* Prepare public key */
Dave Rodgmanb9579fd2022-08-11 13:47:35 +0100[diff] [blame]705 TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.X, x ), 0 );
706 TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.Y, y ), 0 );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]707 TEST_EQUAL( mbedtls_mpi_lset( &ctx.Q.Z, 1 ), 0 );
708
709 /* Prepare signature R & S */
Dave Rodgmanb9579fd2022-08-11 13:47:35 +0100[diff] [blame]710 TEST_EQUAL( mbedtls_test_read_mpi( &sig_r, r ), 0 );
711 TEST_EQUAL( mbedtls_test_read_mpi( &sig_s, s ), 0 );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]712
713 /* Test whether public key has expected validity */
Dave Rodgman53cac342022-08-19 11:26:32 +0100[diff] [blame]714 TEST_EQUAL( mbedtls_ecp_check_pubkey( &ctx.grp, &ctx.Q ),
715 expected == MBEDTLS_ERR_ECP_INVALID_KEY ? MBEDTLS_ERR_ECP_INVALID_KEY : 0 );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]716
717 /* Verification */
Dave Rodgmanbcbe3332022-08-18 15:48:46 +0100[diff] [blame]718 int result = mbedtls_ecdsa_verify( &ctx.grp, content->x, content->len, &ctx.Q, &sig_r, &sig_s );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]719
720 TEST_EQUAL( result, expected );
Dave Rodgman535dcce2022-08-10 11:32:07 +0100[diff] [blame]721exit:
722 mbedtls_ecdsa_free( &ctx );
723 mbedtls_mpi_free( &sig_r );
724 mbedtls_mpi_free( &sig_s );
725}
Dave Rodgmanc763e172022-08-10 12:21:23 +0100[diff] [blame]726/* END_CASE */