1/* BEGIN_HEADER */ 2#include "mbedtls/ecdsa.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_ECDSA_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 11void ecdsa_invalid_param( ) 12{ 13 mbedtls_ecdsa_context ctx; 14 mbedtls_ecp_keypair key; 15 mbedtls_ecp_group grp; 16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; 17 mbedtls_ecp_point P; 18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; 19 mbedtls_mpi m; 20 size_t slen; 21 unsigned char buf[42] = { 0 }; 22 23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) ); 24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) ); 25 26#if defined(MBEDTLS_ECP_RESTARTABLE) 27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) ); 28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) ); 29#endif /* MBEDTLS_ECP_RESTARTABLE */ 30 31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 32 mbedtls_ecdsa_sign( NULL, &m, &m, &m, 33 buf, sizeof( buf ), 34 mbedtls_test_rnd_std_rand, 35 NULL ) ); 36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 37 mbedtls_ecdsa_sign( &grp, NULL, &m, &m, 38 buf, sizeof( buf ), 39 mbedtls_test_rnd_std_rand, 40 NULL ) ); 41 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 42 mbedtls_ecdsa_sign( &grp, &m, NULL, &m, 43 buf, sizeof( buf ), 44 mbedtls_test_rnd_std_rand, 45 NULL ) ); 46 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 47 mbedtls_ecdsa_sign( &grp, &m, &m, NULL, 48 buf, sizeof( buf ), 49 mbedtls_test_rnd_std_rand, 50 NULL ) ); 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 52 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 53 NULL, sizeof( buf ), 54 mbedtls_test_rnd_std_rand, 55 NULL ) ); 56 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 57 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 58 buf, sizeof( buf ), 59 NULL, NULL ) ); 60 61#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 62 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 63 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, 64 buf, sizeof( buf ), 65 valid_md, 66 mbedtls_test_rnd_std_rand, 67 NULL ) ); 68 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 69 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, 70 buf, sizeof( buf ), 71 valid_md, 72 mbedtls_test_rnd_std_rand, 73 NULL ) ); 74 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 75 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, 76 buf, sizeof( buf ), 77 valid_md, 78 mbedtls_test_rnd_std_rand, 79 NULL ) ); 80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 81 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, 82 buf, sizeof( buf ), 83 valid_md, 84 mbedtls_test_rnd_std_rand, 85 NULL ) ); 86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 87 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, 88 NULL, sizeof( buf ), 89 valid_md, 90 mbedtls_test_rnd_std_rand, 91 NULL ) ); 92#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 93 94 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 95 mbedtls_ecdsa_verify( NULL, 96 buf, sizeof( buf ), 97 &P, &m, &m ) ); 98 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 99 mbedtls_ecdsa_verify( &grp, 100 NULL, sizeof( buf ), 101 &P, &m, &m ) ); 102 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 103 mbedtls_ecdsa_verify( &grp, 104 buf, sizeof( buf ), 105 NULL, &m, &m ) ); 106 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 107 mbedtls_ecdsa_verify( &grp, 108 buf, sizeof( buf ), 109 &P, NULL, &m ) ); 110 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 111 mbedtls_ecdsa_verify( &grp, 112 buf, sizeof( buf ), 113 &P, &m, NULL ) ); 114 115 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 116 mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ), 117 buf, &slen, mbedtls_test_rnd_std_rand, 118 NULL ) ); 119 120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 121 mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), 122 buf, &slen, mbedtls_test_rnd_std_rand, 123 NULL ) ); 124 125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 126 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), 127 NULL, &slen, mbedtls_test_rnd_std_rand, 128 NULL ) ); 129 130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 131 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), 132 buf, NULL, mbedtls_test_rnd_std_rand, 133 NULL ) ); 134 135 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 136 mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf, 137 sizeof( buf ), buf, &slen, 138 mbedtls_test_rnd_std_rand, 139 NULL, NULL ) ); 140 141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 142 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, 143 sizeof( buf ), buf, &slen, 144 mbedtls_test_rnd_std_rand, 145 NULL, NULL ) ); 146 147 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 148 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, 149 sizeof( buf ), NULL, &slen, 150 mbedtls_test_rnd_std_rand, 151 NULL, NULL ) ); 152 153 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 154 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, 155 sizeof( buf ), buf, NULL, 156 mbedtls_test_rnd_std_rand, 157 NULL, NULL ) ); 158 159 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 160 mbedtls_ecdsa_read_signature( NULL, 161 buf, sizeof( buf ), 162 buf, sizeof( buf ) ) ); 163 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 164 mbedtls_ecdsa_read_signature( &ctx, 165 NULL, sizeof( buf ), 166 buf, sizeof( buf ) ) ); 167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 168 mbedtls_ecdsa_read_signature( &ctx, 169 buf, sizeof( buf ), 170 NULL, sizeof( buf ) ) ); 171 172 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 173 mbedtls_ecdsa_read_signature_restartable( NULL, 174 buf, sizeof( buf ), 175 buf, sizeof( buf ), 176 NULL ) ); 177 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 178 mbedtls_ecdsa_read_signature_restartable( &ctx, 179 NULL, sizeof( buf ), 180 buf, sizeof( buf ), 181 NULL ) ); 182 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 183 mbedtls_ecdsa_read_signature_restartable( &ctx, 184 buf, sizeof( buf ), 185 NULL, sizeof( buf ), 186 NULL ) ); 187 188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 189 mbedtls_ecdsa_genkey( NULL, valid_group, 190 mbedtls_test_rnd_std_rand, 191 NULL ) ); 192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 193 mbedtls_ecdsa_genkey( &ctx, valid_group, 194 NULL, NULL ) ); 195 196 197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 198 mbedtls_ecdsa_from_keypair( NULL, &key ) ); 199 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 200 mbedtls_ecdsa_from_keypair( &ctx, NULL ) ); 201 202exit: 203 return; 204} 205/* END_CASE */ 206 207/* BEGIN_CASE */ 208void ecdsa_prim_zero( int id ) 209{ 210 mbedtls_ecp_group grp; 211 mbedtls_ecp_point Q; 212 mbedtls_mpi d, r, s; 213 mbedtls_test_rnd_pseudo_info rnd_info; 214 unsigned char buf[MBEDTLS_MD_MAX_SIZE]; 215 216 mbedtls_ecp_group_init( &grp ); 217 mbedtls_ecp_point_init( &Q ); 218 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 219 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 220 memset( buf, 0, sizeof( buf ) ); 221 222 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 223 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, 224 &mbedtls_test_rnd_pseudo_rand, 225 &rnd_info ) == 0 ); 226 227 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), 228 &mbedtls_test_rnd_pseudo_rand, 229 &rnd_info ) == 0 ); 230 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); 231 232exit: 233 mbedtls_ecp_group_free( &grp ); 234 mbedtls_ecp_point_free( &Q ); 235 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 236} 237/* END_CASE */ 238 239/* BEGIN_CASE */ 240void ecdsa_prim_random( int id ) 241{ 242 mbedtls_ecp_group grp; 243 mbedtls_ecp_point Q; 244 mbedtls_mpi d, r, s; 245 mbedtls_test_rnd_pseudo_info rnd_info; 246 unsigned char buf[MBEDTLS_MD_MAX_SIZE]; 247 248 mbedtls_ecp_group_init( &grp ); 249 mbedtls_ecp_point_init( &Q ); 250 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 251 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 252 memset( buf, 0, sizeof( buf ) ); 253 254 /* prepare material for signature */ 255 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, 256 buf, sizeof( buf ) ) == 0 ); 257 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 258 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, 259 &mbedtls_test_rnd_pseudo_rand, 260 &rnd_info ) == 0 ); 261 262 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), 263 &mbedtls_test_rnd_pseudo_rand, 264 &rnd_info ) == 0 ); 265 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); 266 267exit: 268 mbedtls_ecp_group_free( &grp ); 269 mbedtls_ecp_point_free( &Q ); 270 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 271} 272/* END_CASE */ 273 274/* BEGIN_CASE */ 275void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, 276 char * yQ_str, data_t * rnd_buf, 277 data_t * hash, char * r_str, char * s_str, 278 int result ) 279{ 280 mbedtls_ecp_group grp; 281 mbedtls_ecp_point Q; 282 mbedtls_mpi d, r, s, r_check, s_check; 283 mbedtls_test_rnd_buf_info rnd_info; 284 285 mbedtls_ecp_group_init( &grp ); 286 mbedtls_ecp_point_init( &Q ); 287 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 288 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 289 290 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 291 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); 292 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); 293 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); 294 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); 295 rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand; 296 rnd_info.fallback_p_rng = NULL; 297 rnd_info.buf = rnd_buf->x; 298 rnd_info.length = rnd_buf->len; 299 300 /* Fix rnd_buf->x by shifting it left if necessary */ 301 if( grp.nbits % 8 != 0 ) 302 { 303 unsigned char shift = 8 - ( grp.nbits % 8 ); 304 size_t i; 305 306 for( i = 0; i < rnd_info.length - 1; i++ ) 307 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift ); 308 309 rnd_buf->x[rnd_info.length-1] <<= shift; 310 } 311 312 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len, 313 mbedtls_test_rnd_buffer_rand, &rnd_info ) == result ); 314 315 if ( result == 0) 316 { 317 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 318 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 319 320 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 ); 321 322 TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); 323 TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); 324 325 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 326 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 327 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 328 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 329 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 330 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 331 } 332 333exit: 334 mbedtls_ecp_group_free( &grp ); 335 mbedtls_ecp_point_free( &Q ); 336 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 337 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 338} 339/* END_CASE */ 340 341/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */ 342void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, 343 char * r_str, char * s_str ) 344{ 345 mbedtls_ecp_group grp; 346 mbedtls_mpi d, r, s, r_check, s_check; 347 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 348 size_t hlen; 349 const mbedtls_md_info_t *md_info; 350 351 mbedtls_ecp_group_init( &grp ); 352 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 353 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 354 memset( hash, 0, sizeof( hash ) ); 355 356 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 357 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); 358 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); 359 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); 360 361 md_info = mbedtls_md_info_from_type( md_alg ); 362 TEST_ASSERT( md_info != NULL ); 363 hlen = mbedtls_md_get_size( md_info ); 364 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, 365 strlen( msg ), hash ) == 0 ); 366 367 TEST_ASSERT( 368 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, 369 md_alg, mbedtls_test_rnd_std_rand, 370 NULL ) 371 == 0 ); 372 373 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 374 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 375 376exit: 377 mbedtls_ecp_group_free( &grp ); 378 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 379 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 380} 381/* END_CASE */ 382 383/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 384void ecdsa_write_read_zero( int id ) 385{ 386 mbedtls_ecdsa_context ctx; 387 mbedtls_test_rnd_pseudo_info rnd_info; 388 unsigned char hash[32]; 389 unsigned char sig[200]; 390 size_t sig_len, i; 391 392 mbedtls_ecdsa_init( &ctx ); 393 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 394 memset( hash, 0, sizeof( hash ) ); 395 memset( sig, 0x2a, sizeof( sig ) ); 396 397 /* generate signing key */ 398 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, 399 &mbedtls_test_rnd_pseudo_rand, 400 &rnd_info ) == 0 ); 401 402 /* generate and write signature, then read and verify it */ 403 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, 404 hash, sizeof( hash ), 405 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, 406 &rnd_info ) == 0 ); 407 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 408 sig, sig_len ) == 0 ); 409 410 /* check we didn't write past the announced length */ 411 for( i = sig_len; i < sizeof( sig ); i++ ) 412 TEST_ASSERT( sig[i] == 0x2a ); 413 414 /* try verification with invalid length */ 415 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 416 sig, sig_len - 1 ) != 0 ); 417 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 418 sig, sig_len + 1 ) != 0 ); 419 420 /* try invalid sequence tag */ 421 sig[0]++; 422 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 423 sig, sig_len ) != 0 ); 424 sig[0]--; 425 426 /* try modifying r */ 427 sig[10]++; 428 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 429 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 430 sig[10]--; 431 432 /* try modifying s */ 433 sig[sig_len - 1]++; 434 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 435 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 436 sig[sig_len - 1]--; 437 438exit: 439 mbedtls_ecdsa_free( &ctx ); 440} 441/* END_CASE */ 442 443/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 444void ecdsa_write_read_random( int id ) 445{ 446 mbedtls_ecdsa_context ctx; 447 mbedtls_test_rnd_pseudo_info rnd_info; 448 unsigned char hash[32]; 449 unsigned char sig[200]; 450 size_t sig_len, i; 451 452 mbedtls_ecdsa_init( &ctx ); 453 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 454 memset( hash, 0, sizeof( hash ) ); 455 memset( sig, 0x2a, sizeof( sig ) ); 456 457 /* prepare material for signature */ 458 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, 459 hash, sizeof( hash ) ) == 0 ); 460 461 /* generate signing key */ 462 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, 463 &mbedtls_test_rnd_pseudo_rand, 464 &rnd_info ) == 0 ); 465 466 /* generate and write signature, then read and verify it */ 467 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, 468 hash, sizeof( hash ), 469 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, 470 &rnd_info ) == 0 ); 471 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 472 sig, sig_len ) == 0 ); 473 474 /* check we didn't write past the announced length */ 475 for( i = sig_len; i < sizeof( sig ); i++ ) 476 TEST_ASSERT( sig[i] == 0x2a ); 477 478 /* try verification with invalid length */ 479 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 480 sig, sig_len - 1 ) != 0 ); 481 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 482 sig, sig_len + 1 ) != 0 ); 483 484 /* try invalid sequence tag */ 485 sig[0]++; 486 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 487 sig, sig_len ) != 0 ); 488 sig[0]--; 489 490 /* try modifying r */ 491 sig[10]++; 492 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 493 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 494 sig[10]--; 495 496 /* try modifying s */ 497 sig[sig_len - 1]++; 498 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 499 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 500 sig[sig_len - 1]--; 501 502exit: 503 mbedtls_ecdsa_free( &ctx ); 504} 505/* END_CASE */ 506 507/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 508void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig, 509 int max_ops, int min_restart, int max_restart ) 510{ 511 mbedtls_ecdsa_context ctx; 512 mbedtls_ecdsa_restart_ctx rs_ctx; 513 int ret, cnt_restart; 514 515 mbedtls_ecdsa_init( &ctx ); 516 mbedtls_ecdsa_restart_init( &rs_ctx ); 517 518 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 519 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, 520 pk->x, pk->len ) == 0 ); 521 522 mbedtls_ecp_set_max_ops( max_ops ); 523 524 cnt_restart = 0; 525 do { 526 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 527 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 528 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 529 530 TEST_ASSERT( ret == 0 ); 531 TEST_ASSERT( cnt_restart >= min_restart ); 532 TEST_ASSERT( cnt_restart <= max_restart ); 533 534 /* try modifying r */ 535 536 TEST_ASSERT( sig->len > 10 ); 537 sig->x[10]++; 538 do { 539 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 540 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 541 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 542 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 543 sig->x[10]--; 544 545 /* try modifying s */ 546 sig->x[sig->len - 1]++; 547 do { 548 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 549 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 550 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 551 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 552 sig->x[sig->len - 1]--; 553 554 /* Do we leak memory when aborting an operation? 555 * This test only makes sense when we actually restart */ 556 if( min_restart > 0 ) 557 { 558 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 559 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 560 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 561 } 562 563exit: 564 mbedtls_ecdsa_free( &ctx ); 565 mbedtls_ecdsa_restart_free( &rs_ctx ); 566} 567/* END_CASE */ 568 569/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ 570void ecdsa_write_restart( int id, char *d_str, int md_alg, 571 char *msg, data_t *sig_check, 572 int max_ops, int min_restart, int max_restart ) 573{ 574 int ret, cnt_restart; 575 mbedtls_ecdsa_restart_ctx rs_ctx; 576 mbedtls_ecdsa_context ctx; 577 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 578 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 579 size_t hlen, slen; 580 const mbedtls_md_info_t *md_info; 581 582 mbedtls_ecdsa_restart_init( &rs_ctx ); 583 mbedtls_ecdsa_init( &ctx ); 584 memset( hash, 0, sizeof( hash ) ); 585 memset( sig, 0, sizeof( sig ) ); 586 587 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 588 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 ); 589 590 md_info = mbedtls_md_info_from_type( md_alg ); 591 TEST_ASSERT( md_info != NULL ); 592 593 hlen = mbedtls_md_get_size( md_info ); 594 TEST_ASSERT( mbedtls_md( md_info, 595 (const unsigned char *) msg, strlen( msg ), 596 hash ) == 0 ); 597 598 mbedtls_ecp_set_max_ops( max_ops ); 599 600 slen = sizeof( sig ); 601 cnt_restart = 0; 602 do { 603 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 604 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 605 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 606 607 TEST_ASSERT( ret == 0 ); 608 TEST_ASSERT( slen == sig_check->len ); 609 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); 610 611 TEST_ASSERT( cnt_restart >= min_restart ); 612 TEST_ASSERT( cnt_restart <= max_restart ); 613 614 /* Do we leak memory when aborting an operation? 615 * This test only makes sense when we actually restart */ 616 if( min_restart > 0 ) 617 { 618 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 619 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 620 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 621 } 622 623exit: 624 mbedtls_ecdsa_restart_free( &rs_ctx ); 625 mbedtls_ecdsa_free( &ctx ); 626} 627/* END_CASE */ 628