TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / bcaba030ec8fe5162f99eb1553c361a5b9482210 / . / tests / suites / test_suite_ecdsa.function
blob: 3182b98bf55610e8c74f63bfdca7cab35ab66370 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdsa.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDSA_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]9
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
11void ecdsa_invalid_param( )
12{
13 mbedtls_ecdsa_context ctx;
14 mbedtls_ecp_keypair key;
15 mbedtls_ecp_group grp;
16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
17 mbedtls_ecp_point P;
18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
19 mbedtls_mpi m;
20 size_t slen;
21 unsigned char buf[42] = { 0 };
22
23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
25
26#if defined(MBEDTLS_ECP_RESTARTABLE)
27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
29#endif /* MBEDTLS_ECP_RESTARTABLE */
30
31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
32 mbedtls_ecdsa_sign( NULL, &m, &m, &m,
33 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]34 mbedtls_test_rnd_std_rand,
35 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
37 mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
38 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]39 mbedtls_test_rnd_std_rand,
40 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]41 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
42 mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
43 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]44 mbedtls_test_rnd_std_rand,
45 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]46 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
47 mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
48 buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]49 mbedtls_test_rnd_std_rand,
50 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
52 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
53 NULL, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]54 mbedtls_test_rnd_std_rand,
55 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]56 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
57 mbedtls_ecdsa_sign( &grp, &m, &m, &m,
58 buf, sizeof( buf ),
59 NULL, NULL ) );
60
61#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
62 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]63 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
64 buf, sizeof( buf ),
65 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]66 mbedtls_test_rnd_std_rand,
67 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]68 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]69 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
70 buf, sizeof( buf ),
71 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]72 mbedtls_test_rnd_std_rand,
73 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]74 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]75 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
76 buf, sizeof( buf ),
77 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]78 mbedtls_test_rnd_std_rand,
79 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]81 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
82 buf, sizeof( buf ),
83 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]84 mbedtls_test_rnd_std_rand,
85 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]87 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
88 NULL, sizeof( buf ),
89 valid_md,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]90 mbedtls_test_rnd_std_rand,
91 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]92#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
93
94 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
95 mbedtls_ecdsa_verify( NULL,
96 buf, sizeof( buf ),
97 &P, &m, &m ) );
98 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
99 mbedtls_ecdsa_verify( &grp,
100 NULL, sizeof( buf ),
101 &P, &m, &m ) );
102 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
103 mbedtls_ecdsa_verify( &grp,
104 buf, sizeof( buf ),
105 NULL, &m, &m ) );
106 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
107 mbedtls_ecdsa_verify( &grp,
108 buf, sizeof( buf ),
109 &P, NULL, &m ) );
110 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
111 mbedtls_ecdsa_verify( &grp,
112 buf, sizeof( buf ),
113 &P, &m, NULL ) );
114
115 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]116 mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
117 buf, &slen, mbedtls_test_rnd_std_rand,
118 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]119
120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]121 mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
122 buf, &slen, mbedtls_test_rnd_std_rand,
123 NULL ) );
124
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]126 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
127 NULL, &slen, mbedtls_test_rnd_std_rand,
128 NULL ) );
129
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]131 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
132 buf, NULL, mbedtls_test_rnd_std_rand,
133 NULL ) );
134
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]135 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]136 mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
137 sizeof( buf ), buf, &slen,
138 mbedtls_test_rnd_std_rand,
139 NULL, NULL ) );
140
141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
142 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
143 sizeof( buf ), buf, &slen,
144 mbedtls_test_rnd_std_rand,
145 NULL, NULL ) );
146
147 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
148 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
149 sizeof( buf ), NULL, &slen,
150 mbedtls_test_rnd_std_rand,
151 NULL, NULL ) );
152
153 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
154 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
155 sizeof( buf ), buf, NULL,
156 mbedtls_test_rnd_std_rand,
157 NULL, NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]158
159 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
160 mbedtls_ecdsa_read_signature( NULL,
161 buf, sizeof( buf ),
162 buf, sizeof( buf ) ) );
163 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
164 mbedtls_ecdsa_read_signature( &ctx,
165 NULL, sizeof( buf ),
166 buf, sizeof( buf ) ) );
167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
168 mbedtls_ecdsa_read_signature( &ctx,
169 buf, sizeof( buf ),
170 NULL, sizeof( buf ) ) );
171
172 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
173 mbedtls_ecdsa_read_signature_restartable( NULL,
174 buf, sizeof( buf ),
175 buf, sizeof( buf ),
176 NULL ) );
177 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
178 mbedtls_ecdsa_read_signature_restartable( &ctx,
179 NULL, sizeof( buf ),
180 buf, sizeof( buf ),
181 NULL ) );
182 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
183 mbedtls_ecdsa_read_signature_restartable( &ctx,
184 buf, sizeof( buf ),
185 NULL, sizeof( buf ),
186 NULL ) );
187
188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
189 mbedtls_ecdsa_genkey( NULL, valid_group,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]190 mbedtls_test_rnd_std_rand,
191 NULL ) );
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
193 mbedtls_ecdsa_genkey( &ctx, valid_group,
194 NULL, NULL ) );
195
196
197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
198 mbedtls_ecdsa_from_keypair( NULL, &key ) );
199 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
200 mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
201
202exit:
203 return;
204}
205/* END_CASE */
206
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]207/* BEGIN_CASE */
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]208void ecdsa_prim_zero( int id )
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]209{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210 mbedtls_ecp_group grp;
211 mbedtls_ecp_point Q;
212 mbedtls_mpi d, r, s;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]213 mbedtls_test_rnd_pseudo_info rnd_info;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]214 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]215
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 mbedtls_ecp_group_init( &grp );
217 mbedtls_ecp_point_init( &Q );
218 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]219 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnard450a1632013-01-27 09:08:18 +0100[diff] [blame]220 memset( buf, 0, sizeof( buf ) );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]221
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]222 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
223 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
224 &mbedtls_test_rnd_pseudo_rand,
225 &rnd_info ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]226
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]227 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
228 &mbedtls_test_rnd_pseudo_rand,
229 &rnd_info ) == 0 );
230 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
TRodziewicz5feb6702021-04-06 19:55:17 +0200[diff] [blame]231
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]232exit:
233 mbedtls_ecp_group_free( &grp );
234 mbedtls_ecp_point_free( &Q );
235 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
236}
237/* END_CASE */
238
239/* BEGIN_CASE */
240void ecdsa_prim_random( int id )
241{
242 mbedtls_ecp_group grp;
243 mbedtls_ecp_point Q;
244 mbedtls_mpi d, r, s;
245 mbedtls_test_rnd_pseudo_info rnd_info;
246 unsigned char buf[MBEDTLS_MD_MAX_SIZE];
247
248 mbedtls_ecp_group_init( &grp );
249 mbedtls_ecp_point_init( &Q );
250 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
251 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
252 memset( buf, 0, sizeof( buf ) );
253
254 /* prepare material for signature */
255 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
256 buf, sizeof( buf ) ) == 0 );
257 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
258 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
259 &mbedtls_test_rnd_pseudo_rand,
260 &rnd_info ) == 0 );
261
262 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
263 &mbedtls_test_rnd_pseudo_rand,
264 &rnd_info ) == 0 );
265 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]266
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]267exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]268 mbedtls_ecp_group_free( &grp );
269 mbedtls_ecp_point_free( &Q );
270 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
Manuel Pégourié-Gonnardd1c71502013-01-26 19:09:07 +0100[diff] [blame]271}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]272/* END_CASE */
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]273
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]274/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]275void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]276 char * yQ_str, data_t * rnd_buf,
277 data_t * hash, char * r_str, char * s_str,
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]278 int result )
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]279{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]280 mbedtls_ecp_group grp;
281 mbedtls_ecp_point Q;
282 mbedtls_mpi d, r, s, r_check, s_check;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]283 mbedtls_test_rnd_buf_info rnd_info;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]284
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]285 mbedtls_ecp_group_init( &grp );
286 mbedtls_ecp_point_init( &Q );
287 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
288 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]289
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]290 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
Gilles Peskinea0f4e102021-06-10 23:18:39 +0200[diff] [blame]292 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
293 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
294 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]295 rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
296 rnd_info.fallback_p_rng = NULL;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]297 rnd_info.buf = rnd_buf->x;
298 rnd_info.length = rnd_buf->len;
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]299
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]300 /* Fix rnd_buf->x by shifting it left if necessary */
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]301 if( grp.nbits % 8 != 0 )
302 {
303 unsigned char shift = 8 - ( grp.nbits % 8 );
304 size_t i;
305
306 for( i = 0; i < rnd_info.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]307 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]308
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]309 rnd_buf->x[rnd_info.length-1] <<= shift;
Manuel Pégourié-Gonnardfae079e2014-01-06 11:00:07 +0100[diff] [blame]310 }
311
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]312 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]313 mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]314
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]315 if ( result == 0)
316 {
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame^]317 /* save correct values; we'll generate incorrect ones below */
318 TEST_EQUAL( mbedtls_mpi_cmp_mpi( &r, &r_check ), 0 );
319 TEST_EQUAL( mbedtls_mpi_cmp_mpi( &s, &s_check ), 0 );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]320
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame^]321 /* Valid signature */
322 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
323 &Q, &r_check, &s_check ), 0 );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]324
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame^]325 /* Invalid signature: wrong public key (G instead of Q) */
326 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
327 &grp.G, &r_check, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Manuel Pégourié-Gonnardd0a66cc2018-06-13 09:53:21 +0200[diff] [blame]328
Manuel Pégourié-Gonnardbcaba032022-04-20 10:34:22 +0200[diff] [blame^]329 /* Invalid signatures: r or s or both one off */
330 TEST_EQUAL( mbedtls_mpi_sub_int( &r, &r, 1 ), 0 );
331 TEST_EQUAL( mbedtls_mpi_add_int( &s, &s, 1 ), 0 );
332
333 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
334 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
335 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
336 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
337 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
338 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
339
340 /* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
341 TEST_EQUAL( mbedtls_mpi_lset( &r, 0 ), 0 );
342 TEST_EQUAL( mbedtls_mpi_lset( &s, 0 ), 0 );
343
344 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
345 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
346 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
347 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
348 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
349 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
350
351 /* Invalid signatures: r, s or both are negative */
352 TEST_EQUAL( mbedtls_mpi_lset( &r, -1 ), 0 );
353 TEST_EQUAL( mbedtls_mpi_lset( &s, -1 ), 0 );
354
355 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
356 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
357 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
358 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
359 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
360 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
361
362 /* Invalid signatures: r, s or both are == N */
363 TEST_EQUAL( mbedtls_mpi_copy( &r, &grp.N ), 0 );
364 TEST_EQUAL( mbedtls_mpi_copy( &s, &grp.N ), 0 );
365
366 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
367 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
368 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
369 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
370 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
371 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
372
373 /* Invalid signatures: r or s or both are > N */
374 TEST_EQUAL( mbedtls_mpi_add_int( &r, &grp.N, 1 ), 0 );
375 TEST_EQUAL( mbedtls_mpi_add_int( &s, &grp.N, 1 ), 0 );
376
377 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
378 &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
379 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
380 &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
381 TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
382 &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
Darryl Greenf5bcbed2017-11-17 17:09:31 +0000[diff] [blame]383 }
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]384
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]385exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]386 mbedtls_ecp_group_free( &grp );
387 mbedtls_ecp_point_free( &Q );
388 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
389 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100[diff] [blame]390}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]391/* END_CASE */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]392
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]394void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
395 char * r_str, char * s_str )
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]396{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]397 mbedtls_ecp_group grp;
398 mbedtls_mpi d, r, s, r_check, s_check;
399 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]400 size_t hlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]401 const mbedtls_md_info_t *md_info;
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403 mbedtls_ecp_group_init( &grp );
404 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
405 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]406 memset( hash, 0, sizeof( hash ) );
407
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]408 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Gilles Peskinea0f4e102021-06-10 23:18:39 +0200[diff] [blame]409 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
410 TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
411 TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]412
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]413 md_info = mbedtls_md_info_from_type( md_alg );
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]414 TEST_ASSERT( md_info != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415 hlen = mbedtls_md_get_size( md_info );
Hanno Becker198611d2018-10-17 13:58:19 +0100[diff] [blame]416 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
417 strlen( msg ), hash ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]418
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]419 TEST_ASSERT(
420 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]421 md_alg, mbedtls_test_rnd_std_rand,
422 NULL )
Janos Follath651eac82019-01-04 15:51:24 +0000[diff] [blame]423 == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]424
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
426 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]427
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]428exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]429 mbedtls_ecp_group_free( &grp );
430 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
431 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
Manuel Pégourié-Gonnard4daaef72014-01-06 14:25:56 +0100[diff] [blame]432}
433/* END_CASE */
434
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]435/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]436void ecdsa_write_read_zero( int id )
437{
438 mbedtls_ecdsa_context ctx;
439 mbedtls_test_rnd_pseudo_info rnd_info;
440 unsigned char hash[32];
441 unsigned char sig[200];
442 size_t sig_len, i;
443
444 mbedtls_ecdsa_init( &ctx );
445 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
446 memset( hash, 0, sizeof( hash ) );
447 memset( sig, 0x2a, sizeof( sig ) );
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]448
449 /* generate signing key */
450 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
451 &mbedtls_test_rnd_pseudo_rand,
452 &rnd_info ) == 0 );
453
454 /* generate and write signature, then read and verify it */
455 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
456 hash, sizeof( hash ),
457 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
458 &rnd_info ) == 0 );
459 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
460 sig, sig_len ) == 0 );
461
462 /* check we didn't write past the announced length */
463 for( i = sig_len; i < sizeof( sig ); i++ )
464 TEST_ASSERT( sig[i] == 0x2a );
465
466 /* try verification with invalid length */
467 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
468 sig, sig_len - 1 ) != 0 );
469 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
470 sig, sig_len + 1 ) != 0 );
471
472 /* try invalid sequence tag */
473 sig[0]++;
474 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
475 sig, sig_len ) != 0 );
476 sig[0]--;
477
478 /* try modifying r */
479 sig[10]++;
480 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
481 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
482 sig[10]--;
483
484 /* try modifying s */
485 sig[sig_len - 1]++;
486 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
487 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
488 sig[sig_len - 1]--;
489
490exit:
491 mbedtls_ecdsa_free( &ctx );
492}
493/* END_CASE */
494
495/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]496void ecdsa_write_read_random( int id )
497{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]498 mbedtls_ecdsa_context ctx;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]499 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarddfdcac92015-03-31 11:41:42 +0200[diff] [blame]500 unsigned char hash[32];
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]501 unsigned char sig[200];
502 size_t sig_len, i;
503
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]504 mbedtls_ecdsa_init( &ctx );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]505 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]506 memset( hash, 0, sizeof( hash ) );
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]507 memset( sig, 0x2a, sizeof( sig ) );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]508
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]509 /* prepare material for signature */
510 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
511 hash, sizeof( hash ) ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]512
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]513 /* generate signing key */
514 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
515 &mbedtls_test_rnd_pseudo_rand,
516 &rnd_info ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]517
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]518 /* generate and write signature, then read and verify it */
519 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
520 hash, sizeof( hash ),
521 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
522 &rnd_info ) == 0 );
523 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
524 sig, sig_len ) == 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]525
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]526 /* check we didn't write past the announced length */
527 for( i = sig_len; i < sizeof( sig ); i++ )
528 TEST_ASSERT( sig[i] == 0x2a );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]529
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]530 /* try verification with invalid length */
531 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
532 sig, sig_len - 1 ) != 0 );
533 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
534 sig, sig_len + 1 ) != 0 );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]535
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]536 /* try invalid sequence tag */
537 sig[0]++;
538 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
539 sig, sig_len ) != 0 );
540 sig[0]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]541
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]542 /* try modifying r */
543 sig[10]++;
544 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
545 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
546 sig[10]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]547
TRodziewicz40de3c92021-04-07 19:16:18 +0200[diff] [blame]548 /* try modifying s */
549 sig[sig_len - 1]++;
550 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
551 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
552 sig[sig_len - 1]--;
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]553
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]554exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 mbedtls_ecdsa_free( &ctx );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]556}
557/* END_CASE */
Manuel Pégourié-Gonnard937340b2014-01-06 10:27:16 +0100[diff] [blame]558
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]559/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]560void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]561 int max_ops, int min_restart, int max_restart )
562{
563 mbedtls_ecdsa_context ctx;
564 mbedtls_ecdsa_restart_ctx rs_ctx;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]565 int ret, cnt_restart;
566
567 mbedtls_ecdsa_init( &ctx );
568 mbedtls_ecdsa_restart_init( &rs_ctx );
569
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]570 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]571 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
572 pk->x, pk->len ) == 0 );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]573
574 mbedtls_ecp_set_max_ops( max_ops );
575
576 cnt_restart = 0;
577 do {
578 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]579 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]580 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
581
582 TEST_ASSERT( ret == 0 );
583 TEST_ASSERT( cnt_restart >= min_restart );
584 TEST_ASSERT( cnt_restart <= max_restart );
585
586 /* try modifying r */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]587
588 TEST_ASSERT( sig->len > 10 );
589 sig->x[10]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]590 do {
591 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]592 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]593 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
594 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]595 sig->x[10]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]596
597 /* try modifying s */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]598 sig->x[sig->len - 1]++;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]599 do {
600 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]601 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]602 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
603 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]604 sig->x[sig->len - 1]--;
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]605
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]606 /* Do we leak memory when aborting an operation?
607 * This test only makes sense when we actually restart */
608 if( min_restart > 0 )
609 {
610 ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]611 hash->x, hash->len, sig->x, sig->len, &rs_ctx );
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]612 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
613 }
Manuel Pégourié-Gonnard722e5152017-04-21 11:04:47 +0200[diff] [blame]614
615exit:
616 mbedtls_ecdsa_free( &ctx );
617 mbedtls_ecdsa_restart_free( &rs_ctx );
618}
619/* END_CASE */
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]620
621/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
622void ecdsa_write_restart( int id, char *d_str, int md_alg,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]623 char *msg, data_t *sig_check,
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]624 int max_ops, int min_restart, int max_restart )
625{
626 int ret, cnt_restart;
627 mbedtls_ecdsa_restart_ctx rs_ctx;
628 mbedtls_ecdsa_context ctx;
629 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
630 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]631 size_t hlen, slen;
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]632 const mbedtls_md_info_t *md_info;
633
634 mbedtls_ecdsa_restart_init( &rs_ctx );
635 mbedtls_ecdsa_init( &ctx );
636 memset( hash, 0, sizeof( hash ) );
637 memset( sig, 0, sizeof( sig ) );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]638
639 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
Gilles Peskinea0f4e102021-06-10 23:18:39 +0200[diff] [blame]640 TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]641
642 md_info = mbedtls_md_info_from_type( md_alg );
643 TEST_ASSERT( md_info != NULL );
644
645 hlen = mbedtls_md_get_size( md_info );
Gilles Peskine84984ae2020-01-21 16:52:08 +0100[diff] [blame]646 TEST_ASSERT( mbedtls_md( md_info,
647 (const unsigned char *) msg, strlen( msg ),
648 hash ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]649
650 mbedtls_ecp_set_max_ops( max_ops );
651
652 slen = sizeof( sig );
653 cnt_restart = 0;
654 do {
655 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
656 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
657 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
658
659 TEST_ASSERT( ret == 0 );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]660 TEST_ASSERT( slen == sig_check->len );
661 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]662
663 TEST_ASSERT( cnt_restart >= min_restart );
664 TEST_ASSERT( cnt_restart <= max_restart );
665
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]666 /* Do we leak memory when aborting an operation?
667 * This test only makes sense when we actually restart */
668 if( min_restart > 0 )
669 {
670 ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
671 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
672 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
673 }
Manuel Pégourié-Gonnardeb402f32017-04-25 10:57:30 +0200[diff] [blame]674
675exit:
676 mbedtls_ecdsa_restart_free( &rs_ctx );
677 mbedtls_ecdsa_free( &ctx );
678}
679/* END_CASE */