1/* BEGIN_HEADER */ 2#include "mbedtls/ecdsa.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_ECDSA_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 11void ecdsa_invalid_param( ) 12{ 13 mbedtls_ecdsa_context ctx; 14 mbedtls_ecp_keypair key; 15 mbedtls_ecp_group grp; 16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; 17 mbedtls_ecp_point P; 18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; 19 mbedtls_mpi m; 20 size_t slen; 21 unsigned char buf[42] = { 0 }; 22 23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) ); 24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) ); 25 26#if defined(MBEDTLS_ECP_RESTARTABLE) 27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) ); 28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) ); 29#endif /* MBEDTLS_ECP_RESTARTABLE */ 30 31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 32 mbedtls_ecdsa_sign( NULL, &m, &m, &m, 33 buf, sizeof( buf ), 34 rnd_std_rand, NULL ) ); 35 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 36 mbedtls_ecdsa_sign( &grp, NULL, &m, &m, 37 buf, sizeof( buf ), 38 rnd_std_rand, NULL ) ); 39 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 40 mbedtls_ecdsa_sign( &grp, &m, NULL, &m, 41 buf, sizeof( buf ), 42 rnd_std_rand, NULL ) ); 43 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 44 mbedtls_ecdsa_sign( &grp, &m, &m, NULL, 45 buf, sizeof( buf ), 46 rnd_std_rand, NULL ) ); 47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 48 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 49 NULL, sizeof( buf ), 50 rnd_std_rand, NULL ) ); 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 52 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 53 buf, sizeof( buf ), 54 NULL, NULL ) ); 55 56#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 57 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 58 mbedtls_ecdsa_sign_det( NULL, &m, &m, &m, 59 buf, sizeof( buf ), 60 valid_md ) ); 61 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 62 mbedtls_ecdsa_sign_det( &grp, NULL, &m, &m, 63 buf, sizeof( buf ), 64 valid_md ) ); 65 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 66 mbedtls_ecdsa_sign_det( &grp, &m, NULL, &m, 67 buf, sizeof( buf ), 68 valid_md ) ); 69 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 70 mbedtls_ecdsa_sign_det( &grp, &m, &m, NULL, 71 buf, sizeof( buf ), 72 valid_md ) ); 73 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 74 mbedtls_ecdsa_sign_det( &grp, &m, &m, &m, 75 NULL, sizeof( buf ), 76 valid_md ) ); 77 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 78 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, 79 buf, sizeof( buf ), 80 valid_md, 81 rnd_std_rand, NULL ) ); 82 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 83 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, 84 buf, sizeof( buf ), 85 valid_md, 86 rnd_std_rand, NULL ) ); 87 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 88 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, 89 buf, sizeof( buf ), 90 valid_md, 91 rnd_std_rand, NULL ) ); 92 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 93 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, 94 buf, sizeof( buf ), 95 valid_md, 96 rnd_std_rand, NULL ) ); 97 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 98 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, 99 NULL, sizeof( buf ), 100 valid_md, 101 rnd_std_rand, NULL ) ); 102#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 103 104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 105 mbedtls_ecdsa_verify( NULL, 106 buf, sizeof( buf ), 107 &P, &m, &m ) ); 108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 109 mbedtls_ecdsa_verify( &grp, 110 NULL, sizeof( buf ), 111 &P, &m, &m ) ); 112 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 113 mbedtls_ecdsa_verify( &grp, 114 buf, sizeof( buf ), 115 NULL, &m, &m ) ); 116 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 117 mbedtls_ecdsa_verify( &grp, 118 buf, sizeof( buf ), 119 &P, NULL, &m ) ); 120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 121 mbedtls_ecdsa_verify( &grp, 122 buf, sizeof( buf ), 123 &P, &m, NULL ) ); 124 125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 126 mbedtls_ecdsa_write_signature( NULL, 127 valid_md, 128 buf, sizeof( buf ), 129 buf, &slen, 130 rnd_std_rand, 131 NULL ) ); 132 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 133 mbedtls_ecdsa_write_signature( &ctx, 134 valid_md, 135 NULL, sizeof( buf ), 136 buf, &slen, 137 rnd_std_rand, 138 NULL ) ); 139 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 140 mbedtls_ecdsa_write_signature( &ctx, 141 valid_md, 142 buf, sizeof( buf ), 143 NULL, &slen, 144 rnd_std_rand, 145 NULL ) ); 146 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 147 mbedtls_ecdsa_write_signature( &ctx, 148 valid_md, 149 buf, sizeof( buf ), 150 buf, NULL, 151 rnd_std_rand, 152 NULL ) ); 153 154 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 155 mbedtls_ecdsa_write_signature_restartable( NULL, 156 valid_md, 157 buf, sizeof( buf ), 158 buf, &slen, 159 rnd_std_rand, 160 NULL, NULL ) ); 161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 162 mbedtls_ecdsa_write_signature_restartable( &ctx, 163 valid_md, 164 NULL, sizeof( buf ), 165 buf, &slen, 166 rnd_std_rand, 167 NULL, NULL ) ); 168 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 169 mbedtls_ecdsa_write_signature_restartable( &ctx, 170 valid_md, 171 buf, sizeof( buf ), 172 NULL, &slen, 173 rnd_std_rand, 174 NULL, NULL ) ); 175 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 176 mbedtls_ecdsa_write_signature_restartable( &ctx, 177 valid_md, 178 buf, sizeof( buf ), 179 buf, NULL, 180 rnd_std_rand, 181 NULL, NULL ) ); 182 183 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 184 mbedtls_ecdsa_read_signature( NULL, 185 buf, sizeof( buf ), 186 buf, sizeof( buf ) ) ); 187 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 188 mbedtls_ecdsa_read_signature( &ctx, 189 NULL, sizeof( buf ), 190 buf, sizeof( buf ) ) ); 191 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 192 mbedtls_ecdsa_read_signature( &ctx, 193 buf, sizeof( buf ), 194 NULL, sizeof( buf ) ) ); 195 196 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 197 mbedtls_ecdsa_read_signature_restartable( NULL, 198 buf, sizeof( buf ), 199 buf, sizeof( buf ), 200 NULL ) ); 201 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 202 mbedtls_ecdsa_read_signature_restartable( &ctx, 203 NULL, sizeof( buf ), 204 buf, sizeof( buf ), 205 NULL ) ); 206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 207 mbedtls_ecdsa_read_signature_restartable( &ctx, 208 buf, sizeof( buf ), 209 NULL, sizeof( buf ), 210 NULL ) ); 211 212 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 213 mbedtls_ecdsa_genkey( NULL, valid_group, 214 rnd_std_rand, NULL ) ); 215 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 216 mbedtls_ecdsa_genkey( &ctx, valid_group, 217 NULL, NULL ) ); 218 219 220 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 221 mbedtls_ecdsa_from_keypair( NULL, &key ) ); 222 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 223 mbedtls_ecdsa_from_keypair( &ctx, NULL ) ); 224 225exit: 226 return; 227} 228/* END_CASE */ 229 230/* BEGIN_CASE */ 231void ecdsa_prim_random( int id ) 232{ 233 mbedtls_ecp_group grp; 234 mbedtls_ecp_point Q; 235 mbedtls_mpi d, r, s; 236 rnd_pseudo_info rnd_info; 237 unsigned char buf[MBEDTLS_MD_MAX_SIZE]; 238 239 mbedtls_ecp_group_init( &grp ); 240 mbedtls_ecp_point_init( &Q ); 241 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 242 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 243 memset( buf, 0, sizeof( buf ) ); 244 245 /* prepare material for signature */ 246 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); 247 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 248 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) 249 == 0 ); 250 251 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), 252 &rnd_pseudo_rand, &rnd_info ) == 0 ); 253 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); 254 255exit: 256 mbedtls_ecp_group_free( &grp ); 257 mbedtls_ecp_point_free( &Q ); 258 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 259} 260/* END_CASE */ 261 262/* BEGIN_CASE */ 263void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, 264 char * yQ_str, data_t * rnd_buf, 265 data_t * hash, char * r_str, char * s_str, 266 int result ) 267{ 268 mbedtls_ecp_group grp; 269 mbedtls_ecp_point Q; 270 mbedtls_mpi d, r, s, r_check, s_check; 271 rnd_buf_info rnd_info; 272 273 mbedtls_ecp_group_init( &grp ); 274 mbedtls_ecp_point_init( &Q ); 275 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 276 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 277 278 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 279 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); 280 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); 281 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); 282 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); 283 rnd_info.buf = rnd_buf->x; 284 rnd_info.length = rnd_buf->len; 285 286 /* Fix rnd_buf->x by shifting it left if necessary */ 287 if( grp.nbits % 8 != 0 ) 288 { 289 unsigned char shift = 8 - ( grp.nbits % 8 ); 290 size_t i; 291 292 for( i = 0; i < rnd_info.length - 1; i++ ) 293 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift ); 294 295 rnd_buf->x[rnd_info.length-1] <<= shift; 296 } 297 298 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len, 299 rnd_buffer_rand, &rnd_info ) == result ); 300 301 if ( result == 0) 302 { 303 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 304 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 305 306 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 ); 307 308 TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); 309 TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); 310 311 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 312 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 313 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 314 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 315 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 316 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 317 } 318 319exit: 320 mbedtls_ecp_group_free( &grp ); 321 mbedtls_ecp_point_free( &Q ); 322 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 323 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 324} 325/* END_CASE */ 326 327/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */ 328void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, 329 char * r_str, char * s_str ) 330{ 331 mbedtls_ecp_group grp; 332 mbedtls_mpi d, r, s, r_check, s_check; 333 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 334 size_t hlen; 335 const mbedtls_md_info_t *md_info; 336 337 mbedtls_ecp_group_init( &grp ); 338 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 339 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 340 memset( hash, 0, sizeof( hash ) ); 341 342 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 343 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); 344 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); 345 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); 346 347 md_info = mbedtls_md_info_from_type( md_alg ); 348 TEST_ASSERT( md_info != NULL ); 349 hlen = mbedtls_md_get_size( md_info ); 350 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, 351 strlen( msg ), hash ) == 0 ); 352 353 TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 ); 354 355 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 356 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 357 358 mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 359 mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 360 361 TEST_ASSERT( 362 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, 363 md_alg, rnd_std_rand, NULL ) 364 == 0 ); 365 366 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 367 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 368exit: 369 mbedtls_ecp_group_free( &grp ); 370 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 371 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 372} 373/* END_CASE */ 374 375/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 376void ecdsa_write_read_random( int id ) 377{ 378 mbedtls_ecdsa_context ctx; 379 rnd_pseudo_info rnd_info; 380 unsigned char hash[32]; 381 unsigned char sig[200]; 382 size_t sig_len, i; 383 384 mbedtls_ecdsa_init( &ctx ); 385 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 386 memset( hash, 0, sizeof( hash ) ); 387 memset( sig, 0x2a, sizeof( sig ) ); 388 389 /* prepare material for signature */ 390 TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); 391 392 /* generate signing key */ 393 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 ); 394 395 /* generate and write signature, then read and verify it */ 396 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, 397 hash, sizeof( hash ), 398 sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); 399 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 400 sig, sig_len ) == 0 ); 401 402 /* check we didn't write past the announced length */ 403 for( i = sig_len; i < sizeof( sig ); i++ ) 404 TEST_ASSERT( sig[i] == 0x2a ); 405 406 /* try verification with invalid length */ 407 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 408 sig, sig_len - 1 ) != 0 ); 409 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 410 sig, sig_len + 1 ) != 0 ); 411 412 /* try invalid sequence tag */ 413 sig[0]++; 414 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 415 sig, sig_len ) != 0 ); 416 sig[0]--; 417 418 /* try modifying r */ 419 sig[10]++; 420 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 421 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 422 sig[10]--; 423 424 /* try modifying s */ 425 sig[sig_len - 1]++; 426 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 427 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 428 sig[sig_len - 1]--; 429 430exit: 431 mbedtls_ecdsa_free( &ctx ); 432} 433/* END_CASE */ 434 435/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 436void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig, 437 int max_ops, int min_restart, int max_restart ) 438{ 439 mbedtls_ecdsa_context ctx; 440 mbedtls_ecdsa_restart_ctx rs_ctx; 441 int ret, cnt_restart; 442 443 mbedtls_ecdsa_init( &ctx ); 444 mbedtls_ecdsa_restart_init( &rs_ctx ); 445 446 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 447 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, 448 pk->x, pk->len ) == 0 ); 449 450 mbedtls_ecp_set_max_ops( max_ops ); 451 452 cnt_restart = 0; 453 do { 454 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 455 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 456 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 457 458 TEST_ASSERT( ret == 0 ); 459 TEST_ASSERT( cnt_restart >= min_restart ); 460 TEST_ASSERT( cnt_restart <= max_restart ); 461 462 /* try modifying r */ 463 464 TEST_ASSERT( sig->len > 10 ); 465 sig->x[10]++; 466 do { 467 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 468 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 469 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 470 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 471 sig->x[10]--; 472 473 /* try modifying s */ 474 sig->x[sig->len - 1]++; 475 do { 476 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 477 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 478 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 479 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 480 sig->x[sig->len - 1]--; 481 482 /* Do we leak memory when aborting an operation? 483 * This test only makes sense when we actually restart */ 484 if( min_restart > 0 ) 485 { 486 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 487 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 488 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 489 } 490 491exit: 492 mbedtls_ecdsa_free( &ctx ); 493 mbedtls_ecdsa_restart_free( &rs_ctx ); 494} 495/* END_CASE */ 496 497/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ 498void ecdsa_write_restart( int id, char *d_str, int md_alg, 499 char *msg, data_t *sig_check, 500 int max_ops, int min_restart, int max_restart ) 501{ 502 int ret, cnt_restart; 503 mbedtls_ecdsa_restart_ctx rs_ctx; 504 mbedtls_ecdsa_context ctx; 505 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 506 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 507 size_t hlen, slen; 508 const mbedtls_md_info_t *md_info; 509 510 mbedtls_ecdsa_restart_init( &rs_ctx ); 511 mbedtls_ecdsa_init( &ctx ); 512 memset( hash, 0, sizeof( hash ) ); 513 memset( sig, 0, sizeof( sig ) ); 514 515 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 516 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 ); 517 518 md_info = mbedtls_md_info_from_type( md_alg ); 519 TEST_ASSERT( md_info != NULL ); 520 521 hlen = mbedtls_md_get_size( md_info ); 522 TEST_ASSERT( mbedtls_md( md_info, 523 (const unsigned char *) msg, strlen( msg ), 524 hash ) == 0 ); 525 526 mbedtls_ecp_set_max_ops( max_ops ); 527 528 slen = sizeof( sig ); 529 cnt_restart = 0; 530 do { 531 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 532 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 533 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 534 535 TEST_ASSERT( ret == 0 ); 536 TEST_ASSERT( slen == sig_check->len ); 537 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); 538 539 TEST_ASSERT( cnt_restart >= min_restart ); 540 TEST_ASSERT( cnt_restart <= max_restart ); 541 542 /* Do we leak memory when aborting an operation? 543 * This test only makes sense when we actually restart */ 544 if( min_restart > 0 ) 545 { 546 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 547 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 548 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 549 } 550 551exit: 552 mbedtls_ecdsa_restart_free( &rs_ctx ); 553 mbedtls_ecdsa_free( &ctx ); 554} 555/* END_CASE */ 556