mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 17:41:03 +00:00
651eac8c5e
In preparation of deprecating the old and less secure deterministic ECDSA signature function we need to remove it from the test. At the same time, the new function needs to be tested. Modifying the tests to use the new function achieves both of these goals.
535 lines
23 KiB
Plaintext
535 lines
23 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/ecdsa.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_ECDSA_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
|
void ecdsa_invalid_param( )
|
|
{
|
|
mbedtls_ecdsa_context ctx;
|
|
mbedtls_ecp_keypair key;
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
|
|
mbedtls_ecp_point P;
|
|
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
|
|
mbedtls_mpi m;
|
|
size_t slen;
|
|
unsigned char buf[42] = { 0 };
|
|
|
|
TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
|
|
TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
|
|
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
|
|
TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
|
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( NULL, &m, &m, &m,
|
|
buf, sizeof( buf ),
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
|
|
buf, sizeof( buf ),
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
|
|
buf, sizeof( buf ),
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
|
|
buf, sizeof( buf ),
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( &grp, &m, &m, &m,
|
|
NULL, sizeof( buf ),
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign( &grp, &m, &m, &m,
|
|
buf, sizeof( buf ),
|
|
NULL, NULL ) );
|
|
|
|
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
|
|
buf, sizeof( buf ),
|
|
valid_md,
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
|
|
buf, sizeof( buf ),
|
|
valid_md,
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
|
|
buf, sizeof( buf ),
|
|
valid_md,
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
|
|
buf, sizeof( buf ),
|
|
valid_md,
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
|
|
NULL, sizeof( buf ),
|
|
valid_md,
|
|
rnd_std_rand, NULL ) );
|
|
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_verify( NULL,
|
|
buf, sizeof( buf ),
|
|
&P, &m, &m ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_verify( &grp,
|
|
NULL, sizeof( buf ),
|
|
&P, &m, &m ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_verify( &grp,
|
|
buf, sizeof( buf ),
|
|
NULL, &m, &m ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_verify( &grp,
|
|
buf, sizeof( buf ),
|
|
&P, NULL, &m ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_verify( &grp,
|
|
buf, sizeof( buf ),
|
|
&P, &m, NULL ) );
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature( NULL,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
buf, &slen,
|
|
rnd_std_rand,
|
|
NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature( &ctx,
|
|
valid_md,
|
|
NULL, sizeof( buf ),
|
|
buf, &slen,
|
|
rnd_std_rand,
|
|
NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature( &ctx,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
NULL, &slen,
|
|
rnd_std_rand,
|
|
NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature( &ctx,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
buf, NULL,
|
|
rnd_std_rand,
|
|
NULL ) );
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature_restartable( NULL,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
buf, &slen,
|
|
rnd_std_rand,
|
|
NULL, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature_restartable( &ctx,
|
|
valid_md,
|
|
NULL, sizeof( buf ),
|
|
buf, &slen,
|
|
rnd_std_rand,
|
|
NULL, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature_restartable( &ctx,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
NULL, &slen,
|
|
rnd_std_rand,
|
|
NULL, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_write_signature_restartable( &ctx,
|
|
valid_md,
|
|
buf, sizeof( buf ),
|
|
buf, NULL,
|
|
rnd_std_rand,
|
|
NULL, NULL ) );
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature( NULL,
|
|
buf, sizeof( buf ),
|
|
buf, sizeof( buf ) ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature( &ctx,
|
|
NULL, sizeof( buf ),
|
|
buf, sizeof( buf ) ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature( &ctx,
|
|
buf, sizeof( buf ),
|
|
NULL, sizeof( buf ) ) );
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature_restartable( NULL,
|
|
buf, sizeof( buf ),
|
|
buf, sizeof( buf ),
|
|
NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
NULL, sizeof( buf ),
|
|
buf, sizeof( buf ),
|
|
NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
buf, sizeof( buf ),
|
|
NULL, sizeof( buf ),
|
|
NULL ) );
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_genkey( NULL, valid_group,
|
|
rnd_std_rand, NULL ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_genkey( &ctx, valid_group,
|
|
NULL, NULL ) );
|
|
|
|
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_from_keypair( NULL, &key ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
|
mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
|
|
|
|
exit:
|
|
return;
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_random( int id )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_ecp_point Q;
|
|
mbedtls_mpi d, r, s;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_ecp_point_init( &Q );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( buf, 0, sizeof( buf ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
|
|
== 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
|
|
&rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_ecp_point_free( &Q );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
|
|
char * yQ_str, data_t * rnd_buf,
|
|
data_t * hash, char * r_str, char * s_str,
|
|
int result )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_ecp_point Q;
|
|
mbedtls_mpi d, r, s, r_check, s_check;
|
|
rnd_buf_info rnd_info;
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_ecp_point_init( &Q );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
rnd_info.buf = rnd_buf->x;
|
|
rnd_info.length = rnd_buf->len;
|
|
|
|
/* Fix rnd_buf->x by shifting it left if necessary */
|
|
if( grp.nbits % 8 != 0 )
|
|
{
|
|
unsigned char shift = 8 - ( grp.nbits % 8 );
|
|
size_t i;
|
|
|
|
for( i = 0; i < rnd_info.length - 1; i++ )
|
|
rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
|
|
|
|
rnd_buf->x[rnd_info.length-1] <<= shift;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
|
|
rnd_buffer_rand, &rnd_info ) == result );
|
|
|
|
if ( result == 0)
|
|
{
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
|
|
&Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
|
|
&Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
|
|
&grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_ecp_point_free( &Q );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
|
|
char * r_str, char * s_str )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_mpi d, r, s, r_check, s_check;
|
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
size_t hlen;
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
TEST_ASSERT( md_info != NULL );
|
|
hlen = mbedtls_md_get_size( md_info );
|
|
TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
|
|
strlen( msg ), hash ) == 0 );
|
|
|
|
TEST_ASSERT(
|
|
mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
|
|
md_alg, rnd_std_rand, NULL )
|
|
== 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
|
void ecdsa_write_read_random( int id )
|
|
{
|
|
mbedtls_ecdsa_context ctx;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char hash[32];
|
|
unsigned char sig[200];
|
|
size_t sig_len, i;
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
|
|
|
|
/* generate signing key */
|
|
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
|
|
hash, sizeof( hash ),
|
|
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == 0 );
|
|
|
|
/* check we didn't write past the announced length */
|
|
for( i = sig_len; i < sizeof( sig ); i++ )
|
|
TEST_ASSERT( sig[i] == 0x2a );
|
|
|
|
/* try verification with invalid length */
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len - 1 ) != 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len + 1 ) != 0 );
|
|
|
|
/* try invalid sequence tag */
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[0]--;
|
|
|
|
/* try modifying r */
|
|
sig[10]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
sig[10]--;
|
|
|
|
/* try modifying s */
|
|
sig[sig_len - 1]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
sig[sig_len - 1]--;
|
|
|
|
exit:
|
|
mbedtls_ecdsa_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
|
|
void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str,
|
|
int max_ops, int min_restart, int max_restart )
|
|
{
|
|
mbedtls_ecdsa_context ctx;
|
|
mbedtls_ecdsa_restart_ctx rs_ctx;
|
|
unsigned char hash[64];
|
|
unsigned char sig[200];
|
|
unsigned char pk[65];
|
|
size_t sig_len, hash_len, pk_len;
|
|
int ret, cnt_restart;
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
mbedtls_ecdsa_restart_init( &rs_ctx );
|
|
|
|
hash_len = unhexify(hash, h_str);
|
|
sig_len = unhexify(sig, s_str);
|
|
pk_len = unhexify(pk, k_str);
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 );
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
hash, hash_len, sig, sig_len, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
/* try modifying r */
|
|
sig[10]++;
|
|
do {
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
hash, hash_len, sig, sig_len, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
sig[10]--;
|
|
|
|
/* try modifying s */
|
|
sig[sig_len - 1]++;
|
|
do {
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
hash, hash_len, sig, sig_len, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
|
sig[sig_len - 1]--;
|
|
|
|
/* Do we leak memory when aborting an operation?
|
|
* This test only makes sense when we actually restart */
|
|
if( min_restart > 0 )
|
|
{
|
|
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
|
|
hash, hash_len, sig, sig_len, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_ecdsa_free( &ctx );
|
|
mbedtls_ecdsa_restart_free( &rs_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
|
char *msg, char *sig_str,
|
|
int max_ops, int min_restart, int max_restart )
|
|
{
|
|
int ret, cnt_restart;
|
|
mbedtls_ecdsa_restart_ctx rs_ctx;
|
|
mbedtls_ecdsa_context ctx;
|
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
|
unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
|
|
size_t hlen, slen, slen_check;
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
mbedtls_ecdsa_restart_init( &rs_ctx );
|
|
mbedtls_ecdsa_init( &ctx );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0, sizeof( sig ) );
|
|
memset( sig_check, 0, sizeof( sig_check ) );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
|
|
slen_check = unhexify( sig_check, sig_str );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
TEST_ASSERT( md_info != NULL );
|
|
|
|
hlen = mbedtls_md_get_size( md_info );
|
|
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
|
|
|
mbedtls_ecp_set_max_ops( max_ops );
|
|
|
|
slen = sizeof( sig );
|
|
cnt_restart = 0;
|
|
do {
|
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
|
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
|
|
|
TEST_ASSERT( ret == 0 );
|
|
TEST_ASSERT( slen == slen_check );
|
|
TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
|
|
|
|
TEST_ASSERT( cnt_restart >= min_restart );
|
|
TEST_ASSERT( cnt_restart <= max_restart );
|
|
|
|
/* Do we leak memory when aborting an operation?
|
|
* This test only makes sense when we actually restart */
|
|
if( min_restart > 0 )
|
|
{
|
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
|
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_ecdsa_restart_free( &rs_ctx );
|
|
mbedtls_ecdsa_free( &ctx );
|
|
}
|
|
/* END_CASE */
|