| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524 |
- /* BEGIN_HEADER */
- #include "mbedtls/ecdsa.h"
- #include "hash_info.h"
- #include "mbedtls/legacy_or_psa.h"
- #if (defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C)) || \
- (!defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA))
- #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
- #endif
- /* END_HEADER */
- /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ECDSA_C
- * END_DEPENDENCIES
- */
- /* BEGIN_CASE */
- void ecdsa_prim_zero(int id)
- {
- mbedtls_ecp_group grp;
- mbedtls_ecp_point Q;
- mbedtls_mpi d, r, s;
- mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
- mbedtls_ecp_group_init(&grp);
- mbedtls_ecp_point_init(&Q);
- mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
- memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- memset(buf, 0, sizeof(buf));
- TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, buf, sizeof(buf),
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_verify(&grp, buf, sizeof(buf), &Q, &r, &s) == 0);
- exit:
- mbedtls_ecp_group_free(&grp);
- mbedtls_ecp_point_free(&Q);
- mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
- }
- /* END_CASE */
- /* BEGIN_CASE */
- void ecdsa_prim_random(int id)
- {
- mbedtls_ecp_group grp;
- mbedtls_ecp_point Q;
- mbedtls_mpi d, r, s;
- mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
- mbedtls_ecp_group_init(&grp);
- mbedtls_ecp_point_init(&Q);
- mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
- memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- memset(buf, 0, sizeof(buf));
- /* prepare material for signature */
- TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
- buf, sizeof(buf)) == 0);
- TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, buf, sizeof(buf),
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_verify(&grp, buf, sizeof(buf), &Q, &r, &s) == 0);
- exit:
- mbedtls_ecp_group_free(&grp);
- mbedtls_ecp_point_free(&Q);
- mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
- }
- /* END_CASE */
- /* BEGIN_CASE */
- void ecdsa_prim_test_vectors(int id, char *d_str, char *xQ_str,
- char *yQ_str, data_t *rnd_buf,
- data_t *hash, char *r_str, char *s_str,
- int result)
- {
- mbedtls_ecp_group grp;
- mbedtls_ecp_point Q;
- mbedtls_mpi d, r, s, r_check, s_check, zero;
- mbedtls_test_rnd_buf_info rnd_info;
- mbedtls_ecp_group_init(&grp);
- mbedtls_ecp_point_init(&Q);
- mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
- mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
- mbedtls_mpi_init(&zero);
- TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT(mbedtls_ecp_point_read_string(&Q, 16, xQ_str, yQ_str) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&s_check, s_str) == 0);
- rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
- rnd_info.fallback_p_rng = NULL;
- rnd_info.buf = rnd_buf->x;
- rnd_info.length = rnd_buf->len;
- /* Fix rnd_buf->x by shifting it left if necessary */
- if (grp.nbits % 8 != 0) {
- unsigned char shift = 8 - (grp.nbits % 8);
- size_t i;
- for (i = 0; i < rnd_info.length - 1; i++) {
- rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> (8 - shift);
- }
- rnd_buf->x[rnd_info.length-1] <<= shift;
- }
- TEST_ASSERT(mbedtls_ecdsa_sign(&grp, &r, &s, &d, hash->x, hash->len,
- mbedtls_test_rnd_buffer_rand, &rnd_info) == result);
- if (result == 0) {
- /* Check we generated the expected values */
- TEST_EQUAL(mbedtls_mpi_cmp_mpi(&r, &r_check), 0);
- TEST_EQUAL(mbedtls_mpi_cmp_mpi(&s, &s_check), 0);
- /* Valid signature */
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len,
- &Q, &r_check, &s_check), 0);
- /* Invalid signature: wrong public key (G instead of Q) */
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len,
- &grp.G, &r_check, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- /* Invalid signatures: r or s or both one off */
- TEST_EQUAL(mbedtls_mpi_sub_int(&r, &r_check, 1), 0);
- TEST_EQUAL(mbedtls_mpi_add_int(&s, &s_check, 1), 0);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- /* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
- TEST_EQUAL(mbedtls_mpi_lset(&zero, 0), 0);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &zero, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r_check, &zero), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &zero, &zero), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- /* Invalid signatures: r, s or both are == N */
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &grp.N, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r_check, &grp.N), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &grp.N, &grp.N), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- /* Invalid signatures: r, s or both are negative */
- TEST_EQUAL(mbedtls_mpi_sub_mpi(&r, &r_check, &grp.N), 0);
- TEST_EQUAL(mbedtls_mpi_sub_mpi(&s, &s_check, &grp.N), 0);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- /* Invalid signatures: r or s or both are > N */
- TEST_EQUAL(mbedtls_mpi_add_mpi(&r, &r_check, &grp.N), 0);
- TEST_EQUAL(mbedtls_mpi_add_mpi(&s, &s_check, &grp.N), 0);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s_check), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r_check, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- TEST_EQUAL(mbedtls_ecdsa_verify(&grp, hash->x, hash->len, &Q,
- &r, &s), MBEDTLS_ERR_ECP_VERIFY_FAILED);
- }
- exit:
- mbedtls_ecp_group_free(&grp);
- mbedtls_ecp_point_free(&Q);
- mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
- mbedtls_mpi_free(&r_check); mbedtls_mpi_free(&s_check);
- mbedtls_mpi_free(&zero);
- }
- /* END_CASE */
- /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
- void ecdsa_det_test_vectors(int id, char *d_str, int md_alg, data_t *hash,
- char *r_str, char *s_str)
- {
- mbedtls_ecp_group grp;
- mbedtls_mpi d, r, s, r_check, s_check;
- mbedtls_ecp_group_init(&grp);
- mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
- mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
- TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&s_check, s_str) == 0);
- TEST_ASSERT(
- mbedtls_ecdsa_sign_det_ext(&grp, &r, &s, &d,
- hash->x, hash->len, md_alg,
- mbedtls_test_rnd_std_rand,
- NULL)
- == 0);
- TEST_ASSERT(mbedtls_mpi_cmp_mpi(&r, &r_check) == 0);
- TEST_ASSERT(mbedtls_mpi_cmp_mpi(&s, &s_check) == 0);
- exit:
- mbedtls_ecp_group_free(&grp);
- mbedtls_mpi_free(&d); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s);
- mbedtls_mpi_free(&r_check); mbedtls_mpi_free(&s_check);
- }
- /* END_CASE */
- /* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC */
- void ecdsa_write_read_zero(int id)
- {
- mbedtls_ecdsa_context ctx;
- mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char hash[32];
- unsigned char sig[200];
- size_t sig_len, i;
- mbedtls_ecdsa_init(&ctx);
- memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- memset(hash, 0, sizeof(hash));
- memset(sig, 0x2a, sizeof(sig));
- /* generate signing key */
- TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- /* generate and write signature, then read and verify it */
- TEST_ASSERT(mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256,
- hash, sizeof(hash),
- sig, sizeof(sig), &sig_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == 0);
- /* check we didn't write past the announced length */
- for (i = sig_len; i < sizeof(sig); i++) {
- TEST_ASSERT(sig[i] == 0x2a);
- }
- /* try verification with invalid length */
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len - 1) != 0);
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len + 1) != 0);
- /* try invalid sequence tag */
- sig[0]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) != 0);
- sig[0]--;
- /* try modifying r */
- sig[10]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig[10]--;
- /* try modifying s */
- sig[sig_len - 1]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig[sig_len - 1]--;
- exit:
- mbedtls_ecdsa_free(&ctx);
- }
- /* END_CASE */
- /* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC */
- void ecdsa_write_read_random(int id)
- {
- mbedtls_ecdsa_context ctx;
- mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char hash[32];
- unsigned char sig[200];
- size_t sig_len, i;
- mbedtls_ecdsa_init(&ctx);
- memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
- memset(hash, 0, sizeof(hash));
- memset(sig, 0x2a, sizeof(sig));
- /* prepare material for signature */
- TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
- hash, sizeof(hash)) == 0);
- /* generate signing key */
- TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- /* generate and write signature, then read and verify it */
- TEST_ASSERT(mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256,
- hash, sizeof(hash),
- sig, sizeof(sig), &sig_len,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info) == 0);
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == 0);
- /* check we didn't write past the announced length */
- for (i = sig_len; i < sizeof(sig); i++) {
- TEST_ASSERT(sig[i] == 0x2a);
- }
- /* try verification with invalid length */
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len - 1) != 0);
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len + 1) != 0);
- /* try invalid sequence tag */
- sig[0]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) != 0);
- sig[0]--;
- /* try modifying r */
- sig[10]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig[10]--;
- /* try modifying s */
- sig[sig_len - 1]++;
- TEST_ASSERT(mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash),
- sig, sig_len) == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig[sig_len - 1]--;
- exit:
- mbedtls_ecdsa_free(&ctx);
- }
- /* END_CASE */
- /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
- void ecdsa_read_restart(int id, data_t *pk, data_t *hash, data_t *sig,
- int max_ops, int min_restart, int max_restart)
- {
- mbedtls_ecdsa_context ctx;
- mbedtls_ecdsa_restart_ctx rs_ctx;
- int ret, cnt_restart;
- mbedtls_ecdsa_init(&ctx);
- mbedtls_ecdsa_restart_init(&rs_ctx);
- TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
- TEST_ASSERT(mbedtls_ecp_point_read_binary(&ctx.grp, &ctx.Q,
- pk->x, pk->len) == 0);
- mbedtls_ecp_set_max_ops(max_ops);
- cnt_restart = 0;
- do {
- ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
- hash->x, hash->len, sig->x, sig->len,
- &rs_ctx);
- } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT(ret == 0);
- TEST_ASSERT(cnt_restart >= min_restart);
- TEST_ASSERT(cnt_restart <= max_restart);
- /* try modifying r */
- TEST_ASSERT(sig->len > 10);
- sig->x[10]++;
- do {
- ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
- hash->x, hash->len, sig->x, sig->len,
- &rs_ctx);
- } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
- TEST_ASSERT(ret == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig->x[10]--;
- /* try modifying s */
- sig->x[sig->len - 1]++;
- do {
- ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
- hash->x, hash->len, sig->x, sig->len,
- &rs_ctx);
- } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
- TEST_ASSERT(ret == MBEDTLS_ERR_ECP_VERIFY_FAILED);
- sig->x[sig->len - 1]--;
- /* Do we leak memory when aborting an operation?
- * This test only makes sense when we actually restart */
- if (min_restart > 0) {
- ret = mbedtls_ecdsa_read_signature_restartable(&ctx,
- hash->x, hash->len, sig->x, sig->len,
- &rs_ctx);
- TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
- }
- exit:
- mbedtls_ecdsa_free(&ctx);
- mbedtls_ecdsa_restart_free(&rs_ctx);
- }
- /* END_CASE */
- /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
- void ecdsa_write_restart(int id, char *d_str, int md_alg,
- data_t *hash, data_t *sig_check,
- int max_ops, int min_restart, int max_restart)
- {
- int ret, cnt_restart;
- mbedtls_ecdsa_restart_ctx rs_ctx;
- mbedtls_ecdsa_context ctx;
- unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
- size_t slen;
- mbedtls_ecdsa_restart_init(&rs_ctx);
- mbedtls_ecdsa_init(&ctx);
- memset(sig, 0, sizeof(sig));
- TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&ctx.d, d_str) == 0);
- mbedtls_ecp_set_max_ops(max_ops);
- slen = sizeof(sig);
- cnt_restart = 0;
- do {
- ret = mbedtls_ecdsa_write_signature_restartable(&ctx,
- md_alg,
- hash->x,
- hash->len,
- sig,
- sizeof(sig),
- &slen,
- mbedtls_test_rnd_std_rand,
- NULL,
- &rs_ctx);
- } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT(ret == 0);
- TEST_ASSERT(slen == sig_check->len);
- TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0);
- TEST_ASSERT(cnt_restart >= min_restart);
- TEST_ASSERT(cnt_restart <= max_restart);
- /* Do we leak memory when aborting an operation?
- * This test only makes sense when we actually restart */
- if (min_restart > 0) {
- ret = mbedtls_ecdsa_write_signature_restartable(&ctx,
- md_alg,
- hash->x,
- hash->len,
- sig,
- sizeof(sig),
- &slen,
- mbedtls_test_rnd_std_rand,
- NULL,
- &rs_ctx);
- TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
- }
- exit:
- mbedtls_ecdsa_restart_free(&rs_ctx);
- mbedtls_ecdsa_free(&ctx);
- }
- /* END_CASE */
- /* BEGIN_CASE */
- void ecdsa_verify(int grp_id, char *x, char *y, char *r, char *s, data_t *content, int expected)
- {
- mbedtls_ecdsa_context ctx;
- mbedtls_mpi sig_r, sig_s;
- mbedtls_ecdsa_init(&ctx);
- mbedtls_mpi_init(&sig_r);
- mbedtls_mpi_init(&sig_s);
- /* Prepare ECP group context */
- TEST_EQUAL(mbedtls_ecp_group_load(&ctx.grp, grp_id), 0);
- /* Prepare public key */
- TEST_EQUAL(mbedtls_test_read_mpi(&ctx.Q.X, x), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&ctx.Q.Y, y), 0);
- TEST_EQUAL(mbedtls_mpi_lset(&ctx.Q.Z, 1), 0);
- /* Prepare signature R & S */
- TEST_EQUAL(mbedtls_test_read_mpi(&sig_r, r), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&sig_s, s), 0);
- /* Test whether public key has expected validity */
- TEST_EQUAL(mbedtls_ecp_check_pubkey(&ctx.grp, &ctx.Q),
- expected == MBEDTLS_ERR_ECP_INVALID_KEY ? MBEDTLS_ERR_ECP_INVALID_KEY : 0);
- /* Verification */
- int result = mbedtls_ecdsa_verify(&ctx.grp, content->x, content->len, &ctx.Q, &sig_r, &sig_s);
- TEST_EQUAL(result, expected);
- exit:
- mbedtls_ecdsa_free(&ctx);
- mbedtls_mpi_free(&sig_r);
- mbedtls_mpi_free(&sig_s);
- }
- /* END_CASE */
|
