Added ECDSA tests.

ChangeLog

 2013-02-18  Niels Möller  <nisse@lysator.liu.se>
 
-	* testsuite/testutils.h (SHEX): Deleted const cast.
+	* testsuite/ecdsa-verify-test.c: New testcase.
+	* testsuite/ecdsa-sign-test.c: New testcase.
+	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+	ecdsa-sign-test.c and ecdsa-verify-test.c.
+	* testsuite/testutils.h: Include ecdsa.h.
+	(SHEX): Deleted const cast.
 
 	* ecc-point.c: New file, struct ecc_point abstraction.
 	* ecc-scalar.c: New file, struct ecc_scalar abstraction.

testsuite/.gitignore

@@ -23,6 +23,8 @@
 /ecc-mul-a-test
 /ecc-mul-g-test
 /ecc-redc-test
+/ecdsa-sign-test
+/ecdsa-verify-test
 /gcm-test
 /gosthash94-test
 /hmac-test

testsuite/.test-rules.make

@@ -175,6 +175,12 @@ ecc-mul-g-test$(EXEEXT): ecc-mul-g-test.$(OBJEXT)
 ecc-mul-a-test$(EXEEXT): ecc-mul-a-test.$(OBJEXT)
 	$(LINK) ecc-mul-a-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mul-a-test$(EXEEXT)
 
+ecdsa-sign-test$(EXEEXT): ecdsa-sign-test.$(OBJEXT)
+	$(LINK) ecdsa-sign-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-sign-test$(EXEEXT)
+
+ecdsa-verify-test$(EXEEXT): ecdsa-verify-test.$(OBJEXT)
+	$(LINK) ecdsa-verify-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-verify-test$(EXEEXT)
+
 sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT)
 	$(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT)
 

testsuite/Makefile.in

@@ -36,7 +36,8 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
 		     rsa-test.c rsa-encrypt-test.c rsa-keygen-test.c \
 		     dsa-test.c dsa-keygen-test.c \
 		     ecc-mod-test.c ecc-modinv-test.c ecc-redc-test.c \
-		     ecc-mul-g-test.c ecc-mul-a-test.c
+		     ecc-mul-g-test.c ecc-mul-a-test.c \
+		     ecdsa-sign-test.c ecdsa-verify-test.c
 
 TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
 CXX_SOURCES = cxx-test.cxx

testsuite/ecdsa-sign-test.c

+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+	    /* Private key */
+	    const char *sz,
+	    /* Random nonce */
+	    const char *sk,
+	    /* Hash */
+	    const struct tstring *h,
+	    /* Expected signature */
+	    const char *r, const char *s)
+{
+  struct dsa_signature ref;
+  mpz_t z;
+  mpz_t k;
+  mp_limb_t *rp = xalloc_limbs (ecc->size);
+  mp_limb_t *sp = xalloc_limbs (ecc->size);
+  mp_limb_t *scratch = xalloc_limbs (ecc_ecdsa_sign_itch (ecc));
+
+  dsa_signature_init (&ref);
+
+  mpz_init_set_str (z, sz, 16);
+  mpz_init_set_str (k, sk, 16);
+
+  ecc_ecdsa_sign (ecc, _mpz_read_limbs_n (z, ecc->size),
+		  _mpz_read_limbs_n (k, ecc->size),
+		  h->length, h->data, rp, sp, scratch);
+
+  mpz_set_str (ref.r, r, 16);
+  mpz_set_str (ref.s, s, 16);
+
+  if (_mpz_cmp_limbs (ref.r, rp, ecc->size) != 0
+      || _mpz_cmp_limbs (ref.s, sp, ecc->size) != 0)
+    {
+      fprintf (stderr, "_ecdsa_sign failed, bit_size = %u\n", ecc->bit_size);
+      gmp_fprintf (stderr, "r     = %Nx\n", rp, ecc->size);
+      gmp_fprintf (stderr, "s     = %Nx\n", sp, ecc->size);
+      gmp_fprintf (stderr, "ref.r = %Zx\n", ref.r);
+      gmp_fprintf (stderr, "ref.s = %Zx\n", ref.s);
+      abort();
+    }
+
+  free (rp);
+  free (sp);
+  free (scratch);
+
+  dsa_signature_clear (&ref);
+  mpz_clear (k);
+  mpz_clear (z);
+}
+
+void
+test_main (void)
+{
+  /* Test cases for the smaller groups, verified with a
+     proof-of-concept implementation done for Yubico AB. */
+  test_ecdsa (&nettle_secp_192r1,
+	      "DC51D3866A15BACDE33D96F992FCA99D"
+	      "A7E6EF0934E70975", /* z */
+
+	      "9E56F509196784D963D1C0A401510EE7"
+	      "ADA3DCC5DEE04B15", /* k */
+
+	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
+		   "B00361A396177A9C"), /* h */
+
+	      "8c478db6a5c131540cebc739f9c0a9a8"
+	      "c720c2abdd14a891", /* r */
+
+	      "a91fb738f9f175d72f9c98527e881c36"
+	      "8de68cb55ffe589"); /* s */
+
+  test_ecdsa (&nettle_secp_224r1,
+	      "446df0a771ed58403ca9cb316e617f6b"
+	      "158420465d00a69601e22858",  /* z */
+
+	      "4c13f1905ad7eb201178bc08e0c9267b"
+	      "4751c15d5e1831ca214c33f4",  /* z */
+
+	      SHEX("1b28a611fe62ab3649350525d06703ba"
+		   "4b979a1e543566fd5caa85c6"),  /* h */
+
+	      "2cc280778f3d067df6d3adbe3a6aad63"
+	      "bc75f08f5c5f915411902a99",  /* r */ 
+
+	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
+	      "f2715c38a95c31a2b486995f"); /* s */
+
+  /* From RFC 4754 */
+  test_ecdsa (&nettle_secp_256r1,
+	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
+	      "A7E6EF09 34E70975 59C27F16 14C88A7F",  /* z */
+
+	      "9E56F509 196784D9 63D1C0A4 01510EE7"
+	      "ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE",  /* k */
+
+	      SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+		   "B00361A3 96177A9C B410FF61 F20015AD"),  /* h */
+	      
+	      "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+	      "9716CBBF 917DD72E 97566EA1 C066957C",  /* r */
+	      "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+	      "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+  test_ecdsa (&nettle_secp_384r1,
+	      "0BEB6466 34BA8773 5D77AE48 09A0EBEA"
+	      "865535DE 4C1E1DCB 692E8470 8E81A5AF"
+	      "62E528C3 8B2A81B3 5309668D 73524D9F",  /* z */
+
+	      "B4B74E44 D71A13D5 68003D74 89908D56"
+	      "4C7761E2 29C58CBF A1895009 6EB7463B"
+	      "854D7FA9 92F934D9 27376285 E63414FA",  /* k */
+
+	      SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+		   "272C32AB 0EDED163 1A8B605A 43FF5BED"
+		   "8086072B A1E7CC23 58BAECA1 34C825A7"),  /* h */
+
+	      "FB017B91 4E291494 32D8BAC2 9A514640"
+	      "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+	      "08E07C9C 63F2D21A 07DCB56A 6AF56EB3",  /* r */
+	      "B263A130 5E057F98 4D38726A 1B468741"
+	      "09F417BC A112674C 528262A4 0A629AF1"
+	      "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+  test_ecdsa (&nettle_secp_521r1,
+	      "0065FDA3 409451DC AB0A0EAD 45495112"
+	      "A3D813C1 7BFD34BD F8C1209D 7DF58491"
+	      "20597779 060A7FF9 D704ADF7 8B570FFA"
+	      "D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
+	      "5FA1", /* z */
+	      
+	      "00C1C2B3 05419F5A 41344D7E 4359933D"
+	      "734096F5 56197A9B 244342B8 B62F46F9"
+	      "373778F9 DE6B6497 B1EF825F F24F42F9"
+	      "B4A4BD73 82CFC337 8A540B1B 7F0C1B95"
+	      "6C2F", /* k */
+
+	      SHEX("DDAF35A1 93617ABA CC417349 AE204131"
+		   "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+		   "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
+		   "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+	      "0154FD38 36AF92D0 DCA57DD5 341D3053"
+	      "988534FD E8318FC6 AAAAB68E 2E6F4339"
+	      "B19F2F28 1A7E0B22 C269D93C F8794A92"
+	      "78880ED7 DBB8D936 2CAEACEE 54432055"
+	      "2251", /* r */
+	      "017705A7 030290D1 CEB605A9 A1BB03FF"
+	      "9CDD521E 87A696EC 926C8C10 C8362DF4"
+	      "97536710 1F67D1CF 9BCCBF2F 3D239534"
+	      "FA509E70 AAC851AE 01AAC68D 62F86647"
+	      "2660"); /* s */
+}
+

testsuite/ecdsa-verify-test.c

+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+	    /* Public key */
+	    const char *xs, const char *ys,
+	    /* Hash */
+	    struct tstring *h,
+	    /* Valid signature */
+	    const char *r, const char *s)
+{
+  struct ecc_point pub;
+  struct dsa_signature signature;
+  mpz_t x, y;
+
+  ecc_point_init (&pub, ecc);
+  dsa_signature_init (&signature);
+
+  mpz_init_set_str (x, xs, 16);
+  mpz_init_set_str (y, ys, 16);
+
+  if (!ecc_point_set (&pub, x, y))
+    die ("ecc_point_set failed.\n");
+
+  mpz_set_str (signature.r, r, 16);
+  mpz_set_str (signature.s, s, 16);
+
+  if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+    {
+      fprintf (stderr, "ecdsa_verify failed with valid signature.\n");
+    fail:
+      fprintf (stderr, "bit_size = %u\n", ecc->bit_size);
+      gmp_fprintf (stderr, "x = %Zx\n", x);
+      gmp_fprintf (stderr, "y = %Zx\ndigest ", y);
+      print_hex (h->length, h->data);
+      gmp_fprintf (stderr, "r = %Zx\n", signature.r);
+      gmp_fprintf (stderr, "s = %Zx\n", signature.s);
+      abort();
+    }
+
+  mpz_combit (signature.r, ecc->bit_size / 3);
+  if (ecdsa_verify (&pub, h->length, h->data, &signature))
+    {
+      fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+      goto fail;
+    }
+  mpz_combit (signature.r, ecc->bit_size / 3);
+  
+  mpz_combit (signature.s, 4*ecc->bit_size / 5);
+  if (ecdsa_verify (&pub, h->length, h->data, &signature))
+    {
+      fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+      goto fail;
+    }
+  mpz_combit (signature.s, 4*ecc->bit_size / 5);
+
+  h->data[2*h->length / 3] ^= 0x40;
+  if (ecdsa_verify (&pub, h->length, h->data, &signature))
+    {
+      fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+      goto fail;
+    }
+  h->data[2*h->length / 3] ^= 0x40;
+  if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+    {
+      fprintf (stderr, "ecdsa_verify failed, internal testsuite error.\n");
+      goto fail;
+    }
+
+  ecc_point_clear (&pub);
+  dsa_signature_clear (&signature);
+  mpz_clear (x);
+  mpz_clear (y);  
+}
+
+void
+test_main (void)
+{
+  /* From RFC 4754 */
+  test_ecdsa (&nettle_secp_256r1,
+	      "2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
+	      "BF42D60C BCA20085 E0822CB0 4235E970",  /* x */
+
+	      "6FC98BD7 E50211A4 A27102FA 3549DF79"
+	      "EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D",  /* y */
+
+	      SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+		   "B00361A3 96177A9C B410FF61 F20015AD"),  /* h */
+	      
+	      "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+	      "9716CBBF 917DD72E 97566EA1 C066957C",  /* r */
+	      "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+	      "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+  test_ecdsa (&nettle_secp_384r1,
+	      "96281BF8 DD5E0525 CA049C04 8D345D30"
+	      "82968D10 FEDF5C5A CA0C64E6 465A97EA"
+	      "5CE10C9D FEC21797 41571072 1F437922",  /* x */
+
+	      "447688BA 94708EB6 E2E4D59F 6AB6D7ED"
+	      "FF9301D2 49FE49C3 3096655F 5D502FAD"
+	      "3D383B91 C5E7EDAA 2B714CC9 9D5743CA",  /* y */
+
+	      SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+		   "272C32AB 0EDED163 1A8B605A 43FF5BED"
+		   "8086072B A1E7CC23 58BAECA1 34C825A7"),  /* h */
+
+	      "FB017B91 4E291494 32D8BAC2 9A514640"
+	      "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+	      "08E07C9C 63F2D21A 07DCB56A 6AF56EB3",  /* r */
+	      "B263A130 5E057F98 4D38726A 1B468741"
+	      "09F417BC A112674C 528262A4 0A629AF1"
+	      "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+  test_ecdsa (&nettle_secp_521r1,
+	      "0151518F 1AF0F563 517EDD54 85190DF9"
+	      "5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
+	      "7AFE0A6D DEB8BEDB CD6A197E 592D4018"
+	      "8901CECD 650699C9 B5E456AE A5ADD190"
+	      "52A8", /* x */
+
+	      "006F3B14 2EA1BFFF 7E2837AD 44C9E4FF"
+	      "6D2D34C7 3184BBAD 90026DD5 E6E85317"
+	      "D9DF45CA D7803C6C 20035B2F 3FF63AFF"
+	      "4E1BA64D 1C077577 DA3F4286 C58F0AEA"
+	      "E643", /* y */
+
+	      SHEX("DDAF35A1 93617ABA CC417349 AE204131" 
+		   "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+		   "2192992A 274FC1A8 36BA3C23 A3FEEBBD" 
+		   "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+	      "0154FD38 36AF92D0 DCA57DD5 341D3053" 
+	      "988534FD E8318FC6 AAAAB68E 2E6F4339"
+	      "B19F2F28 1A7E0B22 C269D93C F8794A92" 
+	      "78880ED7 DBB8D936 2CAEACEE 54432055"
+	      "2251", /* r */
+	      "017705A7 030290D1 CEB605A9 A1BB03FF"
+	      "9CDD521E 87A696EC 926C8C10 C8362DF4"
+	      "97536710 1F67D1CF 9BCCBF2F 3D239534" 
+	      "FA509E70 AAC851AE 01AAC68D 62F86647"
+	      "2660"); /* s */
+}

testsuite/testutils.h

@@ -22,6 +22,7 @@
 # include "ecc-curve.h"
 # include "ecc.h"
 # include "ecc-internal.h"
+# include "ecdsa.h"
 # include "gmp-glue.h"
 #endif