TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 351f0eee205f5cc99407ca0b83b88d292a834e32 / . / tests / suites / test_suite_ecdsa.function
blob: afee710e49483ff3e37d0220244e5160c3449e91 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdsa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]9
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
11void ecdsa_invalid_param( )
12{
13 mbedtls_ecdsa_context ctx;
14 mbedtls_ecp_keypair key;
15 mbedtls_ecp_group grp;
16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
17 mbedtls_ecp_point P;
18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
19 mbedtls_mpi m;
20 size_t slen;
21 unsigned char buf[42] = { 0 };
22
23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
25
26#if defined(MBEDTLS_ECP_RESTARTABLE)
27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
29#endif /* MBEDTLS_ECP_RESTARTABLE */
30
31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
32 mbedtls_ecdsa_sign( NULL, &m, &m, &m,
33 buf, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]34 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]35 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
36 mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
37 buf, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]38 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
40 mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
41 buf, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]42 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]43 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
44 mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
45 buf, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]46 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
48 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
49 NULL, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]50 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
52 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
53 buf, sizeof( buf ),
54 NULL, NULL ) );
55
56#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
57 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]58 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
59 buf, sizeof( buf ),
60 valid_md,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]61 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]62 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]63 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
64 buf, sizeof( buf ),
65 valid_md,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]66 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]67 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]68 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
69 buf, sizeof( buf ),
70 valid_md,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]71 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]72 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]73 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
74 buf, sizeof( buf ),
75 valid_md,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]76 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]77 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]78 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
79 NULL, sizeof( buf ),
80 valid_md,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]81 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]82#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
83
84 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
85 mbedtls_ecdsa_verify( NULL,
86 buf, sizeof( buf ),
87 &P, &m, &m ) );
88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
89 mbedtls_ecdsa_verify( &grp,
90 NULL, sizeof( buf ),
91 &P, &m, &m ) );
92 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
93 mbedtls_ecdsa_verify( &grp,
94 buf, sizeof( buf ),
95 NULL, &m, &m ) );
96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
97 mbedtls_ecdsa_verify( &grp,
98 buf, sizeof( buf ),
99 &P, NULL, &m ) );
100 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
101 mbedtls_ecdsa_verify( &grp,
102 buf, sizeof( buf ),
103 &P, &m, NULL ) );
104
105 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
106 mbedtls_ecdsa_write_signature( NULL,
107 valid_md,
108 buf, sizeof( buf ),
109 buf, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]110 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]111 NULL ) );
112 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
113 mbedtls_ecdsa_write_signature( &ctx,
114 valid_md,
115 NULL, sizeof( buf ),
116 buf, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]117 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]118 NULL ) );
119 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
120 mbedtls_ecdsa_write_signature( &ctx,
121 valid_md,
122 buf, sizeof( buf ),
123 NULL, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]124 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]125 NULL ) );
126 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
127 mbedtls_ecdsa_write_signature( &ctx,
128 valid_md,
129 buf, sizeof( buf ),
130 buf, NULL,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]131 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]132 NULL ) );
133
134 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
135 mbedtls_ecdsa_write_signature_restartable( NULL,
136 valid_md,
137 buf, sizeof( buf ),
138 buf, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]139 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]140 NULL, NULL ) );
141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
142 mbedtls_ecdsa_write_signature_restartable( &ctx,
143 valid_md,
144 NULL, sizeof( buf ),
145 buf, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]146 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]147 NULL, NULL ) );
148 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
149 mbedtls_ecdsa_write_signature_restartable( &ctx,
150 valid_md,
151 buf, sizeof( buf ),
152 NULL, &slen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]153 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]154 NULL, NULL ) );
155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
156 mbedtls_ecdsa_write_signature_restartable( &ctx,
157 valid_md,
158 buf, sizeof( buf ),
159 buf, NULL,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]160 mbedtls_test_rnd_std_rand,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]161 NULL, NULL ) );
162
163 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
164 mbedtls_ecdsa_read_signature( NULL,
165 buf, sizeof( buf ),
166 buf, sizeof( buf ) ) );
167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
168 mbedtls_ecdsa_read_signature( &ctx,
169 NULL, sizeof( buf ),
170 buf, sizeof( buf ) ) );
171 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
172 mbedtls_ecdsa_read_signature( &ctx,
173 buf, sizeof( buf ),
174 NULL, sizeof( buf ) ) );
175
176 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
177 mbedtls_ecdsa_read_signature_restartable( NULL,
178 buf, sizeof( buf ),
179 buf, sizeof( buf ),
180 NULL ) );
181 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
182 mbedtls_ecdsa_read_signature_restartable( &ctx,
183 NULL, sizeof( buf ),
184 buf, sizeof( buf ),
185 NULL ) );
186 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
187 mbedtls_ecdsa_read_signature_restartable( &ctx,
188 buf, sizeof( buf ),
189 NULL, sizeof( buf ),
190 NULL ) );
191
192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
193 mbedtls_ecdsa_genkey( NULL, valid_group,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]194 mbedtls_test_rnd_std_rand, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]195 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
196 mbedtls_ecdsa_genkey( &ctx, valid_group,
197 NULL, NULL ) );
198
199
200 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
201 mbedtls_ecdsa_from_keypair( NULL, &key ) );
202 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
203 mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
204
205exit:
206 return;
207}
208/* END_CASE */
209
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]210/* BEGIN_CASE */
211void ecdsa_prim_random( int id )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]212{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]213 mbedtls_ecp_group grp;
214 mbedtls_ecp_point Q;
215 mbedtls_mpi d, r, s;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]216 mbedtls_test_rnd_pseudo_info rnd_info;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]217 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]218
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]219 mbedtls_ecp_group_init( &grp );
220 mbedtls_ecp_point_init( &Q );
221 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]222 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnard450a1632013-01-27 09:08:18 +0100[diff] [blame]223 memset( buf, 0, sizeof( buf ) );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]224
225 /* prepare material for signature */
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]226 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]227 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]228 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]229 == 0 );
230
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]231 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]232 &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]234
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]235exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]236 mbedtls_ecp_group_free( &grp );
237 mbedtls_ecp_point_free( &Q );
238 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]239}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]240/* END_CASE */
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]241
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]242/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]243void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]244 char * yQ_str, data_t * rnd_buf,
245 data_t * hash, char * r_str, char * s_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]246 int result )
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]247{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]248 mbedtls_ecp_group grp;
249 mbedtls_ecp_point Q;
250 mbedtls_mpi d, r, s, r_check, s_check;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]251 mbedtls_test_rnd_buf_info rnd_info;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]252
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]253 mbedtls_ecp_group_init( &grp );
254 mbedtls_ecp_point_init( &Q );
255 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
256 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]257
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]258 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]259 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
260 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
261 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
262 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]263 rnd_info.buf = rnd_buf->x;
264 rnd_info.length = rnd_buf->len;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]265
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]266 /* Fix rnd_buf->x by shifting it left if necessary */
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]267 if( grp.nbits % 8 != 0 )
268 {
269 unsigned char shift = 8 - ( grp.nbits % 8 );
270 size_t i;
271
272 for( i = 0; i < rnd_info.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]273 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]274
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]275 rnd_buf->x[rnd_info.length-1] <<= shift;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]276 }
277
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]278 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]279 mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]280
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]281 if ( result == 0)
282 {
283 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
284 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]285
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]286 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]287
288 TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
289 TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
290
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]291 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]292 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]293 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]294 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnard125af942018-09-11 11:08:12 +0200[diff] [blame]295 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]296 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]297 }
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]298
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]299exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]300 mbedtls_ecp_group_free( &grp );
301 mbedtls_ecp_point_free( &Q );
302 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
303 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]304}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]305/* END_CASE */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]306
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]308void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
309 char * r_str, char * s_str )
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]310{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]311 mbedtls_ecp_group grp;
312 mbedtls_mpi d, r, s, r_check, s_check;
313 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]314 size_t hlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]315 const mbedtls_md_info_t *md_info;
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]316
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]317 mbedtls_ecp_group_init( &grp );
318 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
319 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]320 memset( hash, 0, sizeof( hash ) );
321
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]322 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]323 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
324 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
325 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]326
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]327 md_info = mbedtls_md_info_from_type( md_alg );
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]328 TEST_ASSERT( md_info != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]329 hlen = mbedtls_md_get_size( md_info );
Hanno Becker198611d2018-10-17 13:58:19 +0100[diff] [blame]330 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
331 strlen( msg ), hash ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]332
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]333 TEST_ASSERT(
334 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]335 md_alg, mbedtls_test_rnd_std_rand, NULL )
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]336 == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]337
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]338 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
339 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]340
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]341exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]342 mbedtls_ecp_group_free( &grp );
343 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
344 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]345}
346/* END_CASE */
347
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]348/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]349void ecdsa_write_read_random( int id )
350{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]351 mbedtls_ecdsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]352 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]353 unsigned char hash[32];
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]354 unsigned char sig[200];
355 size_t sig_len, i;
356
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]357 mbedtls_ecdsa_init( &ctx );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]358 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]359 memset( hash, 0, sizeof( hash ) );
360 memset( sig, 0x2a, sizeof( sig ) );
361
362 /* prepare material for signature */
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]363 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]364
365 /* generate signing key */
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]366 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]367
368 /* generate and write signature, then read and verify it */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]369 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]370 hash, sizeof( hash ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame^]371 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]372 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]373 sig, sig_len ) == 0 );
374
375 /* check we didn't write past the announced length */
376 for( i = sig_len; i < sizeof( sig ); i++ )
377 TEST_ASSERT( sig[i] == 0x2a );
378
379 /* try verification with invalid length */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]380 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]381 sig, sig_len - 1 ) != 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]382 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]383 sig, sig_len + 1 ) != 0 );
384
385 /* try invalid sequence tag */
386 sig[0]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]387 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]388 sig, sig_len ) != 0 );
389 sig[0]--;
390
391 /* try modifying r */
392 sig[10]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnard1ed25052017-04-21 10:04:02 +0200[diff] [blame]394 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]395 sig[10]--;
396
397 /* try modifying s */
398 sig[sig_len - 1]++;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
Manuel Pégourié-Gonnard1ed25052017-04-21 10:04:02 +0200[diff] [blame]400 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]401 sig[sig_len - 1]--;
402
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]403exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]404 mbedtls_ecdsa_free( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]405}
406/* END_CASE */
Manuel Pégourié-Gonnard937340b2014-01-06 10:27:16 +0100[diff] [blame]407
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]408/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
409void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str,
410 int max_ops, int min_restart, int max_restart )
411{
412 mbedtls_ecdsa_context ctx;
413 mbedtls_ecdsa_restart_ctx rs_ctx;
414 unsigned char hash[64];
415 unsigned char sig[200];
416 unsigned char pk[65];
417 size_t sig_len, hash_len, pk_len;
418 int ret, cnt_restart;
419
420 mbedtls_ecdsa_init( &ctx );
421 mbedtls_ecdsa_restart_init( &rs_ctx );
422
Ronald Cron72d628f2020-06-08 17:05:57 +0200[diff] [blame]423 hash_len = mbedtls_test_unhexify(hash, h_str);
424 sig_len = mbedtls_test_unhexify(sig, s_str);
425 pk_len = mbedtls_test_unhexify(pk, k_str);
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]426
427 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
428 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 );
429
430 mbedtls_ecp_set_max_ops( max_ops );
431
432 cnt_restart = 0;
433 do {
434 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
435 hash, hash_len, sig, sig_len, &rs_ctx );
436 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
437
438 TEST_ASSERT( ret == 0 );
439 TEST_ASSERT( cnt_restart >= min_restart );
440 TEST_ASSERT( cnt_restart <= max_restart );
441
442 /* try modifying r */
443 sig[10]++;
444 do {
445 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
446 hash, hash_len, sig, sig_len, &rs_ctx );
447 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
448 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
449 sig[10]--;
450
451 /* try modifying s */
452 sig[sig_len - 1]++;
453 do {
454 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
455 hash, hash_len, sig, sig_len, &rs_ctx );
456 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
457 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
458 sig[sig_len - 1]--;
459
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]460 /* Do we leak memory when aborting an operation?
461 * This test only makes sense when we actually restart */
462 if( min_restart > 0 )
463 {
464 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
465 hash, hash_len, sig, sig_len, &rs_ctx );
466 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
467 }
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]468
469exit:
470 mbedtls_ecdsa_free( &ctx );
471 mbedtls_ecdsa_restart_free( &rs_ctx );
472}
473/* END_CASE */
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]474
475/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
476void ecdsa_write_restart( int id, char *d_str, int md_alg,
477 char *msg, char *sig_str,
478 int max_ops, int min_restart, int max_restart )
479{
480 int ret, cnt_restart;
481 mbedtls_ecdsa_restart_ctx rs_ctx;
482 mbedtls_ecdsa_context ctx;
483 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
484 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
485 unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
486 size_t hlen, slen, slen_check;
487 const mbedtls_md_info_t *md_info;
488
489 mbedtls_ecdsa_restart_init( &rs_ctx );
490 mbedtls_ecdsa_init( &ctx );
491 memset( hash, 0, sizeof( hash ) );
492 memset( sig, 0, sizeof( sig ) );
493 memset( sig_check, 0, sizeof( sig_check ) );
494
495 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
496 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
Ronald Cron72d628f2020-06-08 17:05:57 +0200[diff] [blame]497 slen_check = mbedtls_test_unhexify( sig_check, sig_str );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]498
499 md_info = mbedtls_md_info_from_type( md_alg );
500 TEST_ASSERT( md_info != NULL );
501
502 hlen = mbedtls_md_get_size( md_info );
Gilles Peskine84984ae2020-01-21 16:52:08 +0100[diff] [blame]503 TEST_ASSERT( mbedtls_md( md_info,
504 (const unsigned char *) msg, strlen( msg ),
505 hash ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]506
507 mbedtls_ecp_set_max_ops( max_ops );
508
509 slen = sizeof( sig );
510 cnt_restart = 0;
511 do {
512 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
513 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
514 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
515
516 TEST_ASSERT( ret == 0 );
517 TEST_ASSERT( slen == slen_check );
518 TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
519
520 TEST_ASSERT( cnt_restart >= min_restart );
521 TEST_ASSERT( cnt_restart <= max_restart );
522
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]523 /* Do we leak memory when aborting an operation?
524 * This test only makes sense when we actually restart */
525 if( min_restart > 0 )
526 {
527 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
528 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
529 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
530 }
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]531
532exit:
533 mbedtls_ecdsa_restart_free( &rs_ctx );
534 mbedtls_ecdsa_free( &ctx );
535}
536/* END_CASE */