Fix Changelog, add separate test functions for hash of all-zero bits
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt
index bd3d248..9949bf4 100644
--- a/ChangeLog.d/issue1792.txt
+++ b/ChangeLog.d/issue1792.txt
@@ -1,4 +1,3 @@
Bugfix
* Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
- zero.
- Fixes #1792
+ zero. Fixes #1792
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index 889f684..8039d9b 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -3,6 +3,26 @@
ECDSA primitive random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1
+
+ECDSA primitive random #2
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP224R1
+
+ECDSA primitive random #3
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP256R1
+
+ECDSA primitive random #4
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP384R1
+
+ECDSA primitive random #5
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP521R1
+
+ECDSA primitive random #1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1
ECDSA primitive random #2
@@ -35,6 +55,26 @@
ECDSA write-read random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP192R1
+
+ECDSA write-read random #2
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP224R1
+
+ECDSA write-read random #3
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP256R1
+
+ECDSA write-read random #4
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP384R1
+
+ECDSA write-read random #5
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP521R1
+
+ECDSA write-read random #1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_write_read_random:MBEDTLS_ECP_DP_SECP192R1
ECDSA write-read random #2
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 5c72d97..f3e1727 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -205,14 +205,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_prim_random( int id )
+void ecdsa_prim_zero( int id )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
- int test_runs = 2;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
@@ -220,31 +219,50 @@
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( buf, 0, sizeof( buf ) );
- while ( test_runs-- )
- {
- /* prepare material for signature */
- if ( test_runs == 1 )
- {
- TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
- buf, sizeof( buf ) )
- == 0 );
- } else {
- TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL,
- buf, sizeof( buf ) )
- == 0 );
- }
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s )
- == 0 );
- }
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &Q );
+ mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdsa_prim_random( int id )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point Q;
+ mbedtls_mpi d, r, s;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &Q );
+ mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset( buf, 0, sizeof( buf ) );
+
+ /* prepare material for signature */
+ TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
+ buf, sizeof( buf ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
exit:
mbedtls_ecp_group_free( &grp );
@@ -361,6 +379,68 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void ecdsa_write_read_zero( int id )
+{
+ mbedtls_ecdsa_context ctx;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ unsigned char hash[32];
+ unsigned char sig[200];
+ size_t sig_len, i;
+
+ mbedtls_ecdsa_init( &ctx );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset( hash, 0, sizeof( hash ) );
+ memset( sig, 0x2a, sizeof( sig ) );
+
+ TEST_ASSERT(0);
+
+ /* generate signing key */
+ TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+
+ /* generate and write signature, then read and verify it */
+ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
+ hash, sizeof( hash ),
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == 0 );
+
+ /* check we didn't write past the announced length */
+ for( i = sig_len; i < sizeof( sig ); i++ )
+ TEST_ASSERT( sig[i] == 0x2a );
+
+ /* try verification with invalid length */
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len - 1 ) != 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len + 1 ) != 0 );
+
+ /* try invalid sequence tag */
+ sig[0]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) != 0 );
+ sig[0]--;
+
+ /* try modifying r */
+ sig[10]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[10]--;
+
+ /* try modifying s */
+ sig[sig_len - 1]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[sig_len - 1]--;
+
+exit:
+ mbedtls_ecdsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void ecdsa_write_read_random( int id )
{
mbedtls_ecdsa_context ctx;
@@ -368,70 +448,56 @@
unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
- int test_runs = 2;
mbedtls_ecdsa_init( &ctx );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( hash, 0, sizeof( hash ) );
+ memset( sig, 0x2a, sizeof( sig ) );
- while ( test_runs-- )
- {
- memset( sig, 0x2a, sizeof( sig ) );
+ /* prepare material for signature */
+ TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
+ hash, sizeof( hash ) ) == 0 );
- /* prepare material for signature */
- if ( test_runs == 1 )
- {
- TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
- hash, sizeof( hash ) )
- == 0 );
- } else {
- TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL,
- hash, sizeof( hash ) )
- == 0 );
- }
+ /* generate signing key */
+ TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
- /* generate signing key */
- TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ /* generate and write signature, then read and verify it */
+ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
+ hash, sizeof( hash ),
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == 0 );
- /* generate and write signature, then read and verify it */
- TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
- hash, sizeof( hash ),
- sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
+ /* check we didn't write past the announced length */
+ for( i = sig_len; i < sizeof( sig ); i++ )
+ TEST_ASSERT( sig[i] == 0x2a );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == 0 );
+ /* try verification with invalid length */
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len - 1 ) != 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len + 1 ) != 0 );
- /* check we didn't write past the announced length */
- for( i = sig_len; i < sizeof( sig ); i++ )
- TEST_ASSERT( sig[i] == 0x2a );
+ /* try invalid sequence tag */
+ sig[0]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) != 0 );
+ sig[0]--;
- /* try verification with invalid length */
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len - 1 ) != 0 );
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len + 1 ) != 0 );
+ /* try modifying r */
+ sig[10]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[10]--;
- /* try invalid sequence tag */
- sig[0]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
- sig[0]--;
-
- /* try modifying r */
- sig[10]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- sig[10]--;
-
- /* try modifying s */
- sig[sig_len - 1]++;
- TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- sig[sig_len - 1]--;
- }
+ /* try modifying s */
+ sig[sig_len - 1]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[sig_len - 1]--;
exit:
mbedtls_ecdsa_free( &ctx );