TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 14a5645cbfd50a44a41bd7f5c5bcd6f5d57ab9db / . / tests / suites / test_suite_ecdsa.function
blob: 7b1718fb2eaded28f8b754297785c5bda69965d2 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdsa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]9
Hanno Beckeraf05a902018-12-14 16:43:38 +0000[diff] [blame]10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
11void ecdsa_invalid_param( )
12{
13 mbedtls_ecdsa_context ctx;
14 mbedtls_ecp_keypair key;
15 mbedtls_ecp_group grp;
16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
17 mbedtls_ecp_point P;
18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
19 mbedtls_mpi m;
20 size_t slen;
21 unsigned char buf[42] = { 0 };
22
23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
25
26#if defined(MBEDTLS_ECP_RESTARTABLE)
27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
29#endif /* MBEDTLS_ECP_RESTARTABLE */
30
31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
32 mbedtls_ecdsa_sign( NULL, &m, &m, &m,
33 buf, sizeof( buf ),
34 rnd_std_rand, NULL ) );
35 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
36 mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
37 buf, sizeof( buf ),
38 rnd_std_rand, NULL ) );
39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
40 mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
41 buf, sizeof( buf ),
42 rnd_std_rand, NULL ) );
43 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
44 mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
45 buf, sizeof( buf ),
46 rnd_std_rand, NULL ) );
47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
48 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
49 NULL, sizeof( buf ),
50 rnd_std_rand, NULL ) );
51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
52 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
53 buf, sizeof( buf ),
54 NULL, NULL ) );
55
56#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
57 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
58 mbedtls_ecdsa_sign_det( NULL, &m, &m, &m,
59 buf, sizeof( buf ),
60 valid_md ) );
61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
62 mbedtls_ecdsa_sign_det( &grp, NULL, &m, &m,
63 buf, sizeof( buf ),
64 valid_md ) );
65 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
66 mbedtls_ecdsa_sign_det( &grp, &m, NULL, &m,
67 buf, sizeof( buf ),
68 valid_md ) );
69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
70 mbedtls_ecdsa_sign_det( &grp, &m, &m, NULL,
71 buf, sizeof( buf ),
72 valid_md ) );
73 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
74 mbedtls_ecdsa_sign_det( &grp, &m, &m, &m,
75 NULL, sizeof( buf ),
76 valid_md ) );
Janos Follath7e833442019-01-16 14:32:03 +0000[diff] [blame]77 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
78 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
79 buf, sizeof( buf ),
80 valid_md,
81 rnd_std_rand, NULL ) );
82 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
83 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
84 buf, sizeof( buf ),
85 valid_md,
86 rnd_std_rand, NULL ) );
87 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
88 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
89 buf, sizeof( buf ),
90 valid_md,
91 rnd_std_rand, NULL ) );
92 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
93 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
94 buf, sizeof( buf ),
95 valid_md,
96 rnd_std_rand, NULL ) );
97 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
98 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
99 NULL, sizeof( buf ),
100 valid_md,
101 rnd_std_rand, NULL ) );
Hanno Beckeraf05a902018-12-14 16:43:38 +0000[diff] [blame]102#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
103
104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
105 mbedtls_ecdsa_verify( NULL,
106 buf, sizeof( buf ),
107 &P, &m, &m ) );
108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
109 mbedtls_ecdsa_verify( &grp,
110 NULL, sizeof( buf ),
111 &P, &m, &m ) );
112 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
113 mbedtls_ecdsa_verify( &grp,
114 buf, sizeof( buf ),
115 NULL, &m, &m ) );
116 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
117 mbedtls_ecdsa_verify( &grp,
118 buf, sizeof( buf ),
119 &P, NULL, &m ) );
120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
121 mbedtls_ecdsa_verify( &grp,
122 buf, sizeof( buf ),
123 &P, &m, NULL ) );
124
125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
126 mbedtls_ecdsa_write_signature( NULL,
127 valid_md,
128 buf, sizeof( buf ),
129 buf, &slen,
130 rnd_std_rand,
131 NULL ) );
132 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
133 mbedtls_ecdsa_write_signature( &ctx,
134 valid_md,
135 NULL, sizeof( buf ),
136 buf, &slen,
137 rnd_std_rand,
138 NULL ) );
139 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
140 mbedtls_ecdsa_write_signature( &ctx,
141 valid_md,
142 buf, sizeof( buf ),
143 NULL, &slen,
144 rnd_std_rand,
145 NULL ) );
146 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
147 mbedtls_ecdsa_write_signature( &ctx,
148 valid_md,
149 buf, sizeof( buf ),
150 buf, NULL,
151 rnd_std_rand,
152 NULL ) );
153
154 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
155 mbedtls_ecdsa_write_signature_restartable( NULL,
156 valid_md,
157 buf, sizeof( buf ),
158 buf, &slen,
159 rnd_std_rand,
160 NULL, NULL ) );
161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
162 mbedtls_ecdsa_write_signature_restartable( &ctx,
163 valid_md,
164 NULL, sizeof( buf ),
165 buf, &slen,
166 rnd_std_rand,
167 NULL, NULL ) );
168 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
169 mbedtls_ecdsa_write_signature_restartable( &ctx,
170 valid_md,
171 buf, sizeof( buf ),
172 NULL, &slen,
173 rnd_std_rand,
174 NULL, NULL ) );
175 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
176 mbedtls_ecdsa_write_signature_restartable( &ctx,
177 valid_md,
178 buf, sizeof( buf ),
179 buf, NULL,
180 rnd_std_rand,
181 NULL, NULL ) );
182
Hanno Beckeraf05a902018-12-14 16:43:38 +0000[diff] [blame]183 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
184 mbedtls_ecdsa_read_signature( NULL,
185 buf, sizeof( buf ),
186 buf, sizeof( buf ) ) );
187 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
188 mbedtls_ecdsa_read_signature( &ctx,
189 NULL, sizeof( buf ),
190 buf, sizeof( buf ) ) );
191 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
192 mbedtls_ecdsa_read_signature( &ctx,
193 buf, sizeof( buf ),
194 NULL, sizeof( buf ) ) );
195
196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
197 mbedtls_ecdsa_read_signature_restartable( NULL,
198 buf, sizeof( buf ),
199 buf, sizeof( buf ),
200 NULL ) );
201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
202 mbedtls_ecdsa_read_signature_restartable( &ctx,
203 NULL, sizeof( buf ),
204 buf, sizeof( buf ),
205 NULL ) );
206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
207 mbedtls_ecdsa_read_signature_restartable( &ctx,
208 buf, sizeof( buf ),
209 NULL, sizeof( buf ),
210 NULL ) );
211
212 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
213 mbedtls_ecdsa_genkey( NULL, valid_group,
214 rnd_std_rand, NULL ) );
215 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
216 mbedtls_ecdsa_genkey( &ctx, valid_group,
217 NULL, NULL ) );
218
219
220 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
221 mbedtls_ecdsa_from_keypair( NULL, &key ) );
222 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
223 mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
224
225exit:
226 return;
227}
228/* END_CASE */
229
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]230/* BEGIN_CASE */
231void ecdsa_prim_random( int id )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]232{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233 mbedtls_ecp_group grp;
234 mbedtls_ecp_point Q;
235 mbedtls_mpi d, r, s;
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]236 rnd_pseudo_info rnd_info;
Ron Eldor7a977882018-11-19 13:45:22 +0200[diff] [blame]237 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]238
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]239 mbedtls_ecp_group_init( &grp );
240 mbedtls_ecp_point_init( &Q );
241 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]242 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
Manuel Pégourié-Gonnard450a1632013-01-27 09:08:18 +0100[diff] [blame]243 memset( buf, 0, sizeof( buf ) );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]244
245 /* prepare material for signature */
246 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]247 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]248 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]249 == 0 );
250
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]251 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]252 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]253 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]254
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]255exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256 mbedtls_ecp_group_free( &grp );
257 mbedtls_ecp_point_free( &Q );
258 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]259}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]260/* END_CASE */
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]261
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]262/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]263void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]264 char * yQ_str, data_t * rnd_buf,
265 data_t * hash, char * r_str, char * s_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]266 int result )
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]267{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]268 mbedtls_ecp_group grp;
269 mbedtls_ecp_point Q;
270 mbedtls_mpi d, r, s, r_check, s_check;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]271 rnd_buf_info rnd_info;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]272
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]273 mbedtls_ecp_group_init( &grp );
274 mbedtls_ecp_point_init( &Q );
275 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
276 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]277
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]278 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]279 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
280 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
281 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
282 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]283 rnd_info.buf = rnd_buf->x;
284 rnd_info.length = rnd_buf->len;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]285
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]286 /* Fix rnd_buf->x by shifting it left if necessary */
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]287 if( grp.nbits % 8 != 0 )
288 {
289 unsigned char shift = 8 - ( grp.nbits % 8 );
290 size_t i;
291
292 for( i = 0; i < rnd_info.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]293 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]294
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]295 rnd_buf->x[rnd_info.length-1] <<= shift;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]296 }
297
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]298 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]299 rnd_buffer_rand, &rnd_info ) == result );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]300
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]301 if ( result == 0)
302 {
303 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
304 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]305
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]306 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]307
308 TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
309 TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
310
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]311 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]312 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]313 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]314 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]315 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]316 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]317 }
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]318
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]319exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]320 mbedtls_ecp_group_free( &grp );
321 mbedtls_ecp_point_free( &Q );
322 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
323 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]324}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]325/* END_CASE */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]326
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]327/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]328void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
329 char * r_str, char * s_str )
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]330{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]331 mbedtls_ecp_group grp;
332 mbedtls_mpi d, r, s, r_check, s_check;
333 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]334 size_t hlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]335 const mbedtls_md_info_t *md_info;
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]336
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 mbedtls_ecp_group_init( &grp );
338 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
339 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]340 memset( hash, 0, sizeof( hash ) );
341
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]342 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]343 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
344 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
345 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]346
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]347 md_info = mbedtls_md_info_from_type( md_alg );
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]348 TEST_ASSERT( md_info != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]349 hlen = mbedtls_md_get_size( md_info );
Hanno Becker198611d2018-10-17 13:58:19 +0100[diff] [blame]350 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
351 strlen( msg ), hash ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]352
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]353 TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]354
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]355 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
356 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]357
Janos Follath7e833442019-01-16 14:32:03 +0000[diff] [blame]358 mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
359 mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
360
361 TEST_ASSERT(
362 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
363 md_alg, rnd_std_rand, NULL )
364 == 0 );
365
366 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
367 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]368exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]369 mbedtls_ecp_group_free( &grp );
370 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
371 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]372}
373/* END_CASE */
374
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]375/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]376void ecdsa_write_read_random( int id )
377{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]378 mbedtls_ecdsa_context ctx;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]379 rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]380 unsigned char hash[32];
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]381 unsigned char sig[200];
382 size_t sig_len, i;
383
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]384 mbedtls_ecdsa_init( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]385 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
386 memset( hash, 0, sizeof( hash ) );
387 memset( sig, 0x2a, sizeof( sig ) );
388
389 /* prepare material for signature */
390 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
391
392 /* generate signing key */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]394
395 /* generate and write signature, then read and verify it */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]396 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]397 hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]398 sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]400 sig, sig_len ) == 0 );
401
402 /* check we didn't write past the announced length */
403 for( i = sig_len; i < sizeof( sig ); i++ )
404 TEST_ASSERT( sig[i] == 0x2a );
405
406 /* try verification with invalid length */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]408 sig, sig_len - 1 ) != 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]410 sig, sig_len + 1 ) != 0 );
411
412 /* try invalid sequence tag */
413 sig[0]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]415 sig, sig_len ) != 0 );
416 sig[0]--;
417
418 /* try modifying r */
419 sig[10]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]420 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnard1ed25052017-04-21 10:04:02 +0200[diff] [blame]421 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]422 sig[10]--;
423
424 /* try modifying s */
425 sig[sig_len - 1]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnard1ed25052017-04-21 10:04:02 +0200[diff] [blame]427 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]428 sig[sig_len - 1]--;
429
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]430exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_ecdsa_free( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]432}
433/* END_CASE */
Manuel Pégourié-Gonnard937340b2014-01-06 10:27:16 +0100[diff] [blame]434
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]435/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]436void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]437 int max_ops, int min_restart, int max_restart )
438{
439 mbedtls_ecdsa_context ctx;
440 mbedtls_ecdsa_restart_ctx rs_ctx;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]441 int ret, cnt_restart;
442
443 mbedtls_ecdsa_init( &ctx );
444 mbedtls_ecdsa_restart_init( &rs_ctx );
445
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]446 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]447 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
448 pk->x, pk->len ) == 0 );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]449
450 mbedtls_ecp_set_max_ops( max_ops );
451
452 cnt_restart = 0;
453 do {
454 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]455 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]456 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
457
458 TEST_ASSERT( ret == 0 );
459 TEST_ASSERT( cnt_restart >= min_restart );
460 TEST_ASSERT( cnt_restart <= max_restart );
461
462 /* try modifying r */
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]463
464 TEST_ASSERT( sig->len > 10 );
465 sig->x[10]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]466 do {
467 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]468 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]469 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
470 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]471 sig->x[10]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]472
473 /* try modifying s */
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]474 sig->x[sig->len - 1]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]475 do {
476 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]477 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]478 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
479 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]480 sig->x[sig->len - 1]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]481
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]482 /* Do we leak memory when aborting an operation?
483 * This test only makes sense when we actually restart */
484 if( min_restart > 0 )
485 {
486 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]487 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]488 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
489 }
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]490
491exit:
492 mbedtls_ecdsa_free( &ctx );
493 mbedtls_ecdsa_restart_free( &rs_ctx );
494}
495/* END_CASE */
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]496
497/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
498void ecdsa_write_restart( int id, char *d_str, int md_alg,
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]499 char *msg, data_t *sig_check,
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]500 int max_ops, int min_restart, int max_restart )
501{
502 int ret, cnt_restart;
503 mbedtls_ecdsa_restart_ctx rs_ctx;
504 mbedtls_ecdsa_context ctx;
505 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
506 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]507 size_t hlen, slen;
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]508 const mbedtls_md_info_t *md_info;
509
510 mbedtls_ecdsa_restart_init( &rs_ctx );
511 mbedtls_ecdsa_init( &ctx );
512 memset( hash, 0, sizeof( hash ) );
513 memset( sig, 0, sizeof( sig ) );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]514
515 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
516 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]517
518 md_info = mbedtls_md_info_from_type( md_alg );
519 TEST_ASSERT( md_info != NULL );
520
521 hlen = mbedtls_md_get_size( md_info );
Gilles Peskine75aab522020-01-21 16:52:08 +0100[diff] [blame]522 TEST_ASSERT( mbedtls_md( md_info,
523 (const unsigned char *) msg, strlen( msg ),
524 hash ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]525
526 mbedtls_ecp_set_max_ops( max_ops );
527
528 slen = sizeof( sig );
529 cnt_restart = 0;
530 do {
531 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
532 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
533 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
534
535 TEST_ASSERT( ret == 0 );
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame^]536 TEST_ASSERT( slen == sig_check->len );
537 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]538
539 TEST_ASSERT( cnt_restart >= min_restart );
540 TEST_ASSERT( cnt_restart <= max_restart );
541
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]542 /* Do we leak memory when aborting an operation?
543 * This test only makes sense when we actually restart */
544 if( min_restart > 0 )
545 {
546 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
547 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
548 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
549 }
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]550
551exit:
552 mbedtls_ecdsa_restart_free( &rs_ctx );
553 mbedtls_ecdsa_free( &ctx );
554}
555/* END_CASE */