Commit 8cf51d22 authored by Niels Möller's avatar Niels Möller

Added ECDSA tests.

parent 11c6d02d
2013-02-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.h (SHEX): Deleted const cast.
* testsuite/ecdsa-verify-test.c: New testcase.
* testsuite/ecdsa-sign-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecdsa-sign-test.c and ecdsa-verify-test.c.
* testsuite/testutils.h: Include ecdsa.h.
(SHEX): Deleted const cast.
* ecc-point.c: New file, struct ecc_point abstraction.
* ecc-scalar.c: New file, struct ecc_scalar abstraction.
......
......@@ -23,6 +23,8 @@
/ecc-mul-a-test
/ecc-mul-g-test
/ecc-redc-test
/ecdsa-sign-test
/ecdsa-verify-test
/gcm-test
/gosthash94-test
/hmac-test
......
......@@ -175,6 +175,12 @@ ecc-mul-g-test$(EXEEXT): ecc-mul-g-test.$(OBJEXT)
ecc-mul-a-test$(EXEEXT): ecc-mul-a-test.$(OBJEXT)
$(LINK) ecc-mul-a-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mul-a-test$(EXEEXT)
ecdsa-sign-test$(EXEEXT): ecdsa-sign-test.$(OBJEXT)
$(LINK) ecdsa-sign-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-sign-test$(EXEEXT)
ecdsa-verify-test$(EXEEXT): ecdsa-verify-test.$(OBJEXT)
$(LINK) ecdsa-verify-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-verify-test$(EXEEXT)
sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT)
$(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT)
......
......@@ -36,7 +36,8 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
rsa-test.c rsa-encrypt-test.c rsa-keygen-test.c \
dsa-test.c dsa-keygen-test.c \
ecc-mod-test.c ecc-modinv-test.c ecc-redc-test.c \
ecc-mul-g-test.c ecc-mul-a-test.c
ecc-mul-g-test.c ecc-mul-a-test.c \
ecdsa-sign-test.c ecdsa-verify-test.c
TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
CXX_SOURCES = cxx-test.cxx
......
#include "testutils.h"
static void
test_ecdsa (const struct ecc_curve *ecc,
/* Private key */
const char *sz,
/* Random nonce */
const char *sk,
/* Hash */
const struct tstring *h,
/* Expected signature */
const char *r, const char *s)
{
struct dsa_signature ref;
mpz_t z;
mpz_t k;
mp_limb_t *rp = xalloc_limbs (ecc->size);
mp_limb_t *sp = xalloc_limbs (ecc->size);
mp_limb_t *scratch = xalloc_limbs (ecc_ecdsa_sign_itch (ecc));
dsa_signature_init (&ref);
mpz_init_set_str (z, sz, 16);
mpz_init_set_str (k, sk, 16);
ecc_ecdsa_sign (ecc, _mpz_read_limbs_n (z, ecc->size),
_mpz_read_limbs_n (k, ecc->size),
h->length, h->data, rp, sp, scratch);
mpz_set_str (ref.r, r, 16);
mpz_set_str (ref.s, s, 16);
if (_mpz_cmp_limbs (ref.r, rp, ecc->size) != 0
|| _mpz_cmp_limbs (ref.s, sp, ecc->size) != 0)
{
fprintf (stderr, "_ecdsa_sign failed, bit_size = %u\n", ecc->bit_size);
gmp_fprintf (stderr, "r = %Nx\n", rp, ecc->size);
gmp_fprintf (stderr, "s = %Nx\n", sp, ecc->size);
gmp_fprintf (stderr, "ref.r = %Zx\n", ref.r);
gmp_fprintf (stderr, "ref.s = %Zx\n", ref.s);
abort();
}
free (rp);
free (sp);
free (scratch);
dsa_signature_clear (&ref);
mpz_clear (k);
mpz_clear (z);
}
void
test_main (void)
{
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
test_ecdsa (&nettle_secp_192r1,
"DC51D3866A15BACDE33D96F992FCA99D"
"A7E6EF0934E70975", /* z */
"9E56F509196784D963D1C0A401510EE7"
"ADA3DCC5DEE04B15", /* k */
SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
"B00361A396177A9C"), /* h */
"8c478db6a5c131540cebc739f9c0a9a8"
"c720c2abdd14a891", /* r */
"a91fb738f9f175d72f9c98527e881c36"
"8de68cb55ffe589"); /* s */
test_ecdsa (&nettle_secp_224r1,
"446df0a771ed58403ca9cb316e617f6b"
"158420465d00a69601e22858", /* z */
"4c13f1905ad7eb201178bc08e0c9267b"
"4751c15d5e1831ca214c33f4", /* z */
SHEX("1b28a611fe62ab3649350525d06703ba"
"4b979a1e543566fd5caa85c6"), /* h */
"2cc280778f3d067df6d3adbe3a6aad63"
"bc75f08f5c5f915411902a99", /* r */
"d0f069fd0f108eb07b7bbc54c8d6c88d"
"f2715c38a95c31a2b486995f"); /* s */
/* From RFC 4754 */
test_ecdsa (&nettle_secp_256r1,
"DC51D386 6A15BACD E33D96F9 92FCA99D"
"A7E6EF09 34E70975 59C27F16 14C88A7F", /* z */
"9E56F509 196784D9 63D1C0A4 01510EE7"
"ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE", /* k */
SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
"B00361A3 96177A9C B410FF61 F20015AD"), /* h */
"CB28E099 9B9C7715 FD0A80D8 E47A7707"
"9716CBBF 917DD72E 97566EA1 C066957C", /* r */
"86FA3BB4 E26CAD5B F90B7F81 899256CE"
"7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
test_ecdsa (&nettle_secp_384r1,
"0BEB6466 34BA8773 5D77AE48 09A0EBEA"
"865535DE 4C1E1DCB 692E8470 8E81A5AF"
"62E528C3 8B2A81B3 5309668D 73524D9F", /* z */
"B4B74E44 D71A13D5 68003D74 89908D56"
"4C7761E2 29C58CBF A1895009 6EB7463B"
"854D7FA9 92F934D9 27376285 E63414FA", /* k */
SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
"272C32AB 0EDED163 1A8B605A 43FF5BED"
"8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
"FB017B91 4E291494 32D8BAC2 9A514640"
"B46F53DD AB2C6994 8084E293 0F1C8F7E"
"08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
"B263A130 5E057F98 4D38726A 1B468741"
"09F417BC A112674C 528262A4 0A629AF1"
"CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
test_ecdsa (&nettle_secp_521r1,
"0065FDA3 409451DC AB0A0EAD 45495112"
"A3D813C1 7BFD34BD F8C1209D 7DF58491"
"20597779 060A7FF9 D704ADF7 8B570FFA"
"D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
"5FA1", /* z */
"00C1C2B3 05419F5A 41344D7E 4359933D"
"734096F5 56197A9B 244342B8 B62F46F9"
"373778F9 DE6B6497 B1EF825F F24F42F9"
"B4A4BD73 82CFC337 8A540B1B 7F0C1B95"
"6C2F", /* k */
SHEX("DDAF35A1 93617ABA CC417349 AE204131"
"12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
"2192992A 274FC1A8 36BA3C23 A3FEEBBD"
"454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
"0154FD38 36AF92D0 DCA57DD5 341D3053"
"988534FD E8318FC6 AAAAB68E 2E6F4339"
"B19F2F28 1A7E0B22 C269D93C F8794A92"
"78880ED7 DBB8D936 2CAEACEE 54432055"
"2251", /* r */
"017705A7 030290D1 CEB605A9 A1BB03FF"
"9CDD521E 87A696EC 926C8C10 C8362DF4"
"97536710 1F67D1CF 9BCCBF2F 3D239534"
"FA509E70 AAC851AE 01AAC68D 62F86647"
"2660"); /* s */
}
#include "testutils.h"
static void
test_ecdsa (const struct ecc_curve *ecc,
/* Public key */
const char *xs, const char *ys,
/* Hash */
struct tstring *h,
/* Valid signature */
const char *r, const char *s)
{
struct ecc_point pub;
struct dsa_signature signature;
mpz_t x, y;
ecc_point_init (&pub, ecc);
dsa_signature_init (&signature);
mpz_init_set_str (x, xs, 16);
mpz_init_set_str (y, ys, 16);
if (!ecc_point_set (&pub, x, y))
die ("ecc_point_set failed.\n");
mpz_set_str (signature.r, r, 16);
mpz_set_str (signature.s, s, 16);
if (!ecdsa_verify (&pub, h->length, h->data, &signature))
{
fprintf (stderr, "ecdsa_verify failed with valid signature.\n");
fail:
fprintf (stderr, "bit_size = %u\n", ecc->bit_size);
gmp_fprintf (stderr, "x = %Zx\n", x);
gmp_fprintf (stderr, "y = %Zx\ndigest ", y);
print_hex (h->length, h->data);
gmp_fprintf (stderr, "r = %Zx\n", signature.r);
gmp_fprintf (stderr, "s = %Zx\n", signature.s);
abort();
}
mpz_combit (signature.r, ecc->bit_size / 3);
if (ecdsa_verify (&pub, h->length, h->data, &signature))
{
fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
goto fail;
}
mpz_combit (signature.r, ecc->bit_size / 3);
mpz_combit (signature.s, 4*ecc->bit_size / 5);
if (ecdsa_verify (&pub, h->length, h->data, &signature))
{
fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
goto fail;
}
mpz_combit (signature.s, 4*ecc->bit_size / 5);
h->data[2*h->length / 3] ^= 0x40;
if (ecdsa_verify (&pub, h->length, h->data, &signature))
{
fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
goto fail;
}
h->data[2*h->length / 3] ^= 0x40;
if (!ecdsa_verify (&pub, h->length, h->data, &signature))
{
fprintf (stderr, "ecdsa_verify failed, internal testsuite error.\n");
goto fail;
}
ecc_point_clear (&pub);
dsa_signature_clear (&signature);
mpz_clear (x);
mpz_clear (y);
}
void
test_main (void)
{
/* From RFC 4754 */
test_ecdsa (&nettle_secp_256r1,
"2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
"BF42D60C BCA20085 E0822CB0 4235E970", /* x */
"6FC98BD7 E50211A4 A27102FA 3549DF79"
"EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D", /* y */
SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
"B00361A3 96177A9C B410FF61 F20015AD"), /* h */
"CB28E099 9B9C7715 FD0A80D8 E47A7707"
"9716CBBF 917DD72E 97566EA1 C066957C", /* r */
"86FA3BB4 E26CAD5B F90B7F81 899256CE"
"7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
test_ecdsa (&nettle_secp_384r1,
"96281BF8 DD5E0525 CA049C04 8D345D30"
"82968D10 FEDF5C5A CA0C64E6 465A97EA"
"5CE10C9D FEC21797 41571072 1F437922", /* x */
"447688BA 94708EB6 E2E4D59F 6AB6D7ED"
"FF9301D2 49FE49C3 3096655F 5D502FAD"
"3D383B91 C5E7EDAA 2B714CC9 9D5743CA", /* y */
SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
"272C32AB 0EDED163 1A8B605A 43FF5BED"
"8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
"FB017B91 4E291494 32D8BAC2 9A514640"
"B46F53DD AB2C6994 8084E293 0F1C8F7E"
"08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
"B263A130 5E057F98 4D38726A 1B468741"
"09F417BC A112674C 528262A4 0A629AF1"
"CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
test_ecdsa (&nettle_secp_521r1,
"0151518F 1AF0F563 517EDD54 85190DF9"
"5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
"7AFE0A6D DEB8BEDB CD6A197E 592D4018"
"8901CECD 650699C9 B5E456AE A5ADD190"
"52A8", /* x */
"006F3B14 2EA1BFFF 7E2837AD 44C9E4FF"
"6D2D34C7 3184BBAD 90026DD5 E6E85317"
"D9DF45CA D7803C6C 20035B2F 3FF63AFF"
"4E1BA64D 1C077577 DA3F4286 C58F0AEA"
"E643", /* y */
SHEX("DDAF35A1 93617ABA CC417349 AE204131"
"12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
"2192992A 274FC1A8 36BA3C23 A3FEEBBD"
"454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
"0154FD38 36AF92D0 DCA57DD5 341D3053"
"988534FD E8318FC6 AAAAB68E 2E6F4339"
"B19F2F28 1A7E0B22 C269D93C F8794A92"
"78880ED7 DBB8D936 2CAEACEE 54432055"
"2251", /* r */
"017705A7 030290D1 CEB605A9 A1BB03FF"
"9CDD521E 87A696EC 926C8C10 C8362DF4"
"97536710 1F67D1CF 9BCCBF2F 3D239534"
"FA509E70 AAC851AE 01AAC68D 62F86647"
"2660"); /* s */
}
......@@ -22,6 +22,7 @@
# include "ecc-curve.h"
# include "ecc.h"
# include "ecc-internal.h"
# include "ecdsa.h"
# include "gmp-glue.h"
#endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment