1 #include "testutils.h"
2 
3 static void
test_ecdsa(const struct ecc_curve * ecc,const char * sz,const char * sk,const struct tstring * h,const char * r,const char * s)4 test_ecdsa (const struct ecc_curve *ecc,
5 	    /* Private key */
6 	    const char *sz,
7 	    /* Random nonce */
8 	    const char *sk,
9 	    /* Hash */
10 	    const struct tstring *h,
11 	    /* Expected signature */
12 	    const char *r, const char *s)
13 {
14   struct dsa_signature ref;
15   mpz_t z;
16   mpz_t k;
17   mp_limb_t *rp = xalloc_limbs (ecc->p.size);
18   mp_limb_t *sp = xalloc_limbs (ecc->p.size);
19   mp_limb_t *scratch = xalloc_limbs (ecc_ecdsa_sign_itch (ecc));
20 
21   dsa_signature_init (&ref);
22 
23   mpz_init_set_str (z, sz, 16);
24   mpz_init_set_str (k, sk, 16);
25 
26   ecc_ecdsa_sign (ecc, mpz_limbs_read_n (z, ecc->p.size),
27 		  mpz_limbs_read_n (k, ecc->p.size),
28 		  h->length, h->data, rp, sp, scratch);
29 
30   mpz_set_str (ref.r, r, 16);
31   mpz_set_str (ref.s, s, 16);
32 
33   if (mpz_limbs_cmp (ref.r, rp, ecc->p.size) != 0
34       || mpz_limbs_cmp (ref.s, sp, ecc->p.size) != 0)
35     {
36       fprintf (stderr, "_ecdsa_sign failed, bit_size = %u\n", ecc->p.bit_size);
37       fprintf (stderr, "r     = ");
38       write_mpn (stderr, 16, rp, ecc->p.size);
39       fprintf (stderr, "\ns     = ");
40       write_mpn (stderr, 16, sp, ecc->p.size);
41       fprintf (stderr, "\nref.r = ");
42       mpz_out_str (stderr, 16, ref.r);
43       fprintf (stderr, "\nref.s = ");
44       mpz_out_str (stderr, 16, ref.s);
45       fprintf (stderr, "\n");
46       abort();
47     }
48 
49   free (rp);
50   free (sp);
51   free (scratch);
52 
53   dsa_signature_clear (&ref);
54   mpz_clear (k);
55   mpz_clear (z);
56 }
57 
58 void
test_main(void)59 test_main (void)
60 {
61   /* Producing the signature for corresponding test in
62      ecdsa-verify-test.c, with special u1 and u2. */
63   test_ecdsa (&_nettle_secp_224r1,
64 	      "99b5b787484def12894ca507058b3bf5"
65 	      "43d72d82fa7721d2e805e5e6",
66 	      "2",
67 	      SHEX("cdb887ac805a3b42e22d224c85482053"
68 		   "16c755d4a736bb2032c92553"),
69 	      "706a46dc76dcb76798e60e6d89474788"
70 	      "d16dc18032d268fd1a704fa6", /* r */
71 	      "3a41e1423b1853e8aa89747b1f987364"
72 	      "44705d6d6d8371ea1f578f2e"); /* s */
73 
74   /* Test cases for the smaller groups, verified with a
75      proof-of-concept implementation done for Yubico AB. */
76   test_ecdsa (&_nettle_secp_192r1,
77 	      "DC51D3866A15BACDE33D96F992FCA99D"
78 	      "A7E6EF0934E70975", /* z */
79 
80 	      "9E56F509196784D963D1C0A401510EE7"
81 	      "ADA3DCC5DEE04B15", /* k */
82 
83 	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
84 		   "B00361A396177A9C"), /* h */
85 
86 	      "8c478db6a5c131540cebc739f9c0a9a8"
87 	      "c720c2abdd14a891", /* r */
88 
89 	      "a91fb738f9f175d72f9c98527e881c36"
90 	      "8de68cb55ffe589"); /* s */
91 
92   test_ecdsa (&_nettle_secp_224r1,
93 	      "446df0a771ed58403ca9cb316e617f6b"
94 	      "158420465d00a69601e22858",  /* z */
95 
96 	      "4c13f1905ad7eb201178bc08e0c9267b"
97 	      "4751c15d5e1831ca214c33f4",  /* z */
98 
99 	      SHEX("1b28a611fe62ab3649350525d06703ba"
100 		   "4b979a1e543566fd5caa85c6"),  /* h */
101 
102 	      "2cc280778f3d067df6d3adbe3a6aad63"
103 	      "bc75f08f5c5f915411902a99",  /* r */
104 
105 	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
106 	      "f2715c38a95c31a2b486995f"); /* s */
107 
108   /* From RFC 4754 */
109   test_ecdsa (&_nettle_secp_256r1,
110 	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
111 	      "A7E6EF09 34E70975 59C27F16 14C88A7F",  /* z */
112 
113 	      "9E56F509 196784D9 63D1C0A4 01510EE7"
114 	      "ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE",  /* k */
115 
116 	      SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
117 		   "B00361A3 96177A9C B410FF61 F20015AD"),  /* h */
118 
119 	      "CB28E099 9B9C7715 FD0A80D8 E47A7707"
120 	      "9716CBBF 917DD72E 97566EA1 C066957C",  /* r */
121 	      "86FA3BB4 E26CAD5B F90B7F81 899256CE"
122 	      "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
123 
124   test_ecdsa (&_nettle_secp_384r1,
125 	      "0BEB6466 34BA8773 5D77AE48 09A0EBEA"
126 	      "865535DE 4C1E1DCB 692E8470 8E81A5AF"
127 	      "62E528C3 8B2A81B3 5309668D 73524D9F",  /* z */
128 
129 	      "B4B74E44 D71A13D5 68003D74 89908D56"
130 	      "4C7761E2 29C58CBF A1895009 6EB7463B"
131 	      "854D7FA9 92F934D9 27376285 E63414FA",  /* k */
132 
133 	      SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
134 		   "272C32AB 0EDED163 1A8B605A 43FF5BED"
135 		   "8086072B A1E7CC23 58BAECA1 34C825A7"),  /* h */
136 
137 	      "FB017B91 4E291494 32D8BAC2 9A514640"
138 	      "B46F53DD AB2C6994 8084E293 0F1C8F7E"
139 	      "08E07C9C 63F2D21A 07DCB56A 6AF56EB3",  /* r */
140 	      "B263A130 5E057F98 4D38726A 1B468741"
141 	      "09F417BC A112674C 528262A4 0A629AF1"
142 	      "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
143 
144   test_ecdsa (&_nettle_secp_521r1,
145 	      "0065FDA3 409451DC AB0A0EAD 45495112"
146 	      "A3D813C1 7BFD34BD F8C1209D 7DF58491"
147 	      "20597779 060A7FF9 D704ADF7 8B570FFA"
148 	      "D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
149 	      "5FA1", /* z */
150 
151 	      "00C1C2B3 05419F5A 41344D7E 4359933D"
152 	      "734096F5 56197A9B 244342B8 B62F46F9"
153 	      "373778F9 DE6B6497 B1EF825F F24F42F9"
154 	      "B4A4BD73 82CFC337 8A540B1B 7F0C1B95"
155 	      "6C2F", /* k */
156 
157 	      SHEX("DDAF35A1 93617ABA CC417349 AE204131"
158 		   "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
159 		   "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
160 		   "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
161 
162 	      "0154FD38 36AF92D0 DCA57DD5 341D3053"
163 	      "988534FD E8318FC6 AAAAB68E 2E6F4339"
164 	      "B19F2F28 1A7E0B22 C269D93C F8794A92"
165 	      "78880ED7 DBB8D936 2CAEACEE 54432055"
166 	      "2251", /* r */
167 	      "017705A7 030290D1 CEB605A9 A1BB03FF"
168 	      "9CDD521E 87A696EC 926C8C10 C8362DF4"
169 	      "97536710 1F67D1CF 9BCCBF2F 3D239534"
170 	      "FA509E70 AAC851AE 01AAC68D 62F86647"
171 	      "2660"); /* s */
172 }
173