mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 05:54:16 +01:00
bce41d373a
Expose ecdsa_signature_to_asn1 in the API. It's useful when converting between RFC 4492 format and other representations that might be used in external crypto processors.
200 lines
6.8 KiB
Plaintext
200 lines
6.8 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/ecdsa.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_ECDSA_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_random( int id )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_ecp_point Q;
|
|
mbedtls_mpi d, r, s;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char buf[66];
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_ecp_point_init( &Q );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( buf, 0, sizeof( buf ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
|
|
== 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
|
|
&rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_ecp_point_free( &Q );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
|
|
char *k_str, char *hash_str, char *r_str,
|
|
char *s_str, int result )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_ecp_point Q;
|
|
mbedtls_mpi d, r, s, r_check, s_check;
|
|
unsigned char hash[66], rnd_buf[66];
|
|
size_t hlen;
|
|
rnd_buf_info rnd_info;
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_ecp_point_init( &Q );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( rnd_buf, 0, sizeof( rnd_buf ) );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
hlen = unhexify(hash, hash_str);
|
|
rnd_info.buf = rnd_buf;
|
|
rnd_info.length = unhexify( rnd_buf, k_str );
|
|
|
|
/* Fix rnd_buf by shifting it left if necessary */
|
|
if( grp.nbits % 8 != 0 )
|
|
{
|
|
unsigned char shift = 8 - ( grp.nbits % 8 );
|
|
size_t i;
|
|
|
|
for( i = 0; i < rnd_info.length - 1; i++ )
|
|
rnd_buf[i] = rnd_buf[i] << shift | rnd_buf[i+1] >> ( 8 - shift );
|
|
|
|
rnd_buf[rnd_info.length-1] <<= shift;
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash, hlen,
|
|
rnd_buffer_rand, &rnd_info ) == result );
|
|
|
|
if ( result == 0)
|
|
{
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_ecp_point_free( &Q );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
|
|
void ecdsa_det_test_vectors( int id, char *d_str, int md_alg,
|
|
char *msg, char *r_str, char *s_str )
|
|
{
|
|
mbedtls_ecp_group grp;
|
|
mbedtls_mpi d, r, s, r_check, s_check;
|
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
size_t hlen;
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
mbedtls_ecp_group_init( &grp );
|
|
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
|
|
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
|
|
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
TEST_ASSERT( md_info != NULL );
|
|
hlen = mbedtls_md_get_size( md_info );
|
|
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
|
|
|
TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
|
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_ecp_group_free( &grp );
|
|
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
|
|
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
|
void ecdsa_write_read_random( int id )
|
|
{
|
|
mbedtls_ecdsa_context ctx;
|
|
rnd_pseudo_info rnd_info;
|
|
unsigned char hash[32];
|
|
unsigned char sig[200];
|
|
size_t sig_len, max_sig_len, i;
|
|
|
|
mbedtls_ecdsa_init( &ctx );
|
|
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
memset( hash, 0, sizeof( hash ) );
|
|
memset( sig, 0x2a, sizeof( sig ) );
|
|
|
|
/* prepare material for signature */
|
|
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
|
|
|
|
/* generate signing key */
|
|
TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
|
|
/* generate and write signature, then read and verify it */
|
|
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
|
|
hash, sizeof( hash ),
|
|
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) == 0 );
|
|
|
|
/* check we didn't write past the maximum length */
|
|
max_sig_len = MBEDTLS_ECDSA_MAX_SIG_LEN( ctx.grp.pbits );
|
|
TEST_ASSERT( sig_len <= max_sig_len );
|
|
for( i = max_sig_len; i < sizeof( sig ); i++ )
|
|
TEST_ASSERT( sig[i] == 0x2a );
|
|
|
|
/* try verification with invalid length */
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len - 1 ) != 0 );
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len + 1 ) != 0 );
|
|
|
|
/* try invalid sequence tag */
|
|
sig[0]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[0]--;
|
|
|
|
/* try modifying r */
|
|
sig[10]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[10]--;
|
|
|
|
/* try modifying s */
|
|
sig[sig_len - 1]++;
|
|
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
sig, sig_len ) != 0 );
|
|
sig[sig_len - 1]--;
|
|
|
|
exit:
|
|
mbedtls_ecdsa_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|