1/* BEGIN_HEADER */ 2#include "mbedtls/ecdsa.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_ECDSA_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 11void ecdsa_invalid_param( ) 12{ 13 mbedtls_ecdsa_context ctx; 14 mbedtls_ecp_keypair key; 15 mbedtls_ecp_group grp; 16 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; 17 mbedtls_ecp_point P; 18 mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; 19 mbedtls_mpi m; 20 size_t slen; 21 unsigned char buf[42] = { 0 }; 22 23 TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) ); 24 TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) ); 25 26#if defined(MBEDTLS_ECP_RESTARTABLE) 27 TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) ); 28 TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) ); 29#endif /* MBEDTLS_ECP_RESTARTABLE */ 30 31 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 32 mbedtls_ecdsa_sign( NULL, &m, &m, &m, 33 buf, sizeof( buf ), 34 mbedtls_test_rnd_std_rand, 35 NULL ) ); 36 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 37 mbedtls_ecdsa_sign( &grp, NULL, &m, &m, 38 buf, sizeof( buf ), 39 mbedtls_test_rnd_std_rand, 40 NULL ) ); 41 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 42 mbedtls_ecdsa_sign( &grp, &m, NULL, &m, 43 buf, sizeof( buf ), 44 mbedtls_test_rnd_std_rand, 45 NULL ) ); 46 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 47 mbedtls_ecdsa_sign( &grp, &m, &m, NULL, 48 buf, sizeof( buf ), 49 mbedtls_test_rnd_std_rand, 50 NULL ) ); 51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 52 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 53 NULL, sizeof( buf ), 54 mbedtls_test_rnd_std_rand, 55 NULL ) ); 56 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 57 mbedtls_ecdsa_sign( &grp, &m, &m, &m, 58 buf, sizeof( buf ), 59 NULL, NULL ) ); 60 61#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 62 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 63 mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, 64 buf, sizeof( buf ), 65 valid_md, 66 mbedtls_test_rnd_std_rand, 67 NULL ) ); 68 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 69 mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, 70 buf, sizeof( buf ), 71 valid_md, 72 mbedtls_test_rnd_std_rand, 73 NULL ) ); 74 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 75 mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, 76 buf, sizeof( buf ), 77 valid_md, 78 mbedtls_test_rnd_std_rand, 79 NULL ) ); 80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 81 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, 82 buf, sizeof( buf ), 83 valid_md, 84 mbedtls_test_rnd_std_rand, 85 NULL ) ); 86 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 87 mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, 88 NULL, sizeof( buf ), 89 valid_md, 90 mbedtls_test_rnd_std_rand, 91 NULL ) ); 92#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 93 94 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 95 mbedtls_ecdsa_verify( NULL, 96 buf, sizeof( buf ), 97 &P, &m, &m ) ); 98 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 99 mbedtls_ecdsa_verify( &grp, 100 NULL, sizeof( buf ), 101 &P, &m, &m ) ); 102 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 103 mbedtls_ecdsa_verify( &grp, 104 buf, sizeof( buf ), 105 NULL, &m, &m ) ); 106 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 107 mbedtls_ecdsa_verify( &grp, 108 buf, sizeof( buf ), 109 &P, NULL, &m ) ); 110 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 111 mbedtls_ecdsa_verify( &grp, 112 buf, sizeof( buf ), 113 &P, &m, NULL ) ); 114 115 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 116 mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ), 117 buf, &slen, mbedtls_test_rnd_std_rand, 118 NULL ) ); 119 120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 121 mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), 122 buf, &slen, mbedtls_test_rnd_std_rand, 123 NULL ) ); 124 125 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 126 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), 127 NULL, &slen, mbedtls_test_rnd_std_rand, 128 NULL ) ); 129 130 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 131 mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), 132 buf, NULL, mbedtls_test_rnd_std_rand, 133 NULL ) ); 134 135 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 136 mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf, 137 sizeof( buf ), buf, &slen, 138 mbedtls_test_rnd_std_rand, 139 NULL, NULL ) ); 140 141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 142 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, 143 sizeof( buf ), buf, &slen, 144 mbedtls_test_rnd_std_rand, 145 NULL, NULL ) ); 146 147 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 148 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, 149 sizeof( buf ), NULL, &slen, 150 mbedtls_test_rnd_std_rand, 151 NULL, NULL ) ); 152 153 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 154 mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, 155 sizeof( buf ), buf, NULL, 156 mbedtls_test_rnd_std_rand, 157 NULL, NULL ) ); 158 159 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 160 mbedtls_ecdsa_read_signature( NULL, 161 buf, sizeof( buf ), 162 buf, sizeof( buf ) ) ); 163 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 164 mbedtls_ecdsa_read_signature( &ctx, 165 NULL, sizeof( buf ), 166 buf, sizeof( buf ) ) ); 167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 168 mbedtls_ecdsa_read_signature( &ctx, 169 buf, sizeof( buf ), 170 NULL, sizeof( buf ) ) ); 171 172 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 173 mbedtls_ecdsa_read_signature_restartable( NULL, 174 buf, sizeof( buf ), 175 buf, sizeof( buf ), 176 NULL ) ); 177 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 178 mbedtls_ecdsa_read_signature_restartable( &ctx, 179 NULL, sizeof( buf ), 180 buf, sizeof( buf ), 181 NULL ) ); 182 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 183 mbedtls_ecdsa_read_signature_restartable( &ctx, 184 buf, sizeof( buf ), 185 NULL, sizeof( buf ), 186 NULL ) ); 187 188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 189 mbedtls_ecdsa_genkey( NULL, valid_group, 190 mbedtls_test_rnd_std_rand, 191 NULL ) ); 192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 193 mbedtls_ecdsa_genkey( &ctx, valid_group, 194 NULL, NULL ) ); 195 196 197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 198 mbedtls_ecdsa_from_keypair( NULL, &key ) ); 199 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 200 mbedtls_ecdsa_from_keypair( &ctx, NULL ) ); 201 202exit: 203 return; 204} 205/* END_CASE */ 206 207/* BEGIN_CASE */ 208void ecdsa_prim_random( int id ) 209{ 210 mbedtls_ecp_group grp; 211 mbedtls_ecp_point Q; 212 mbedtls_mpi d, r, s; 213 mbedtls_test_rnd_pseudo_info rnd_info; 214 unsigned char buf[MBEDTLS_MD_MAX_SIZE]; 215 216 mbedtls_ecp_group_init( &grp ); 217 mbedtls_ecp_point_init( &Q ); 218 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 219 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 220 memset( buf, 0, sizeof( buf ) ); 221 222 /* prepare material for signature */ 223 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, 224 buf, sizeof( buf ) ) == 0 ); 225 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 226 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, 227 &mbedtls_test_rnd_pseudo_rand, 228 &rnd_info ) == 0 ); 229 230 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), 231 &mbedtls_test_rnd_pseudo_rand, 232 &rnd_info ) == 0 ); 233 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); 234 235exit: 236 mbedtls_ecp_group_free( &grp ); 237 mbedtls_ecp_point_free( &Q ); 238 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 239} 240/* END_CASE */ 241 242/* BEGIN_CASE */ 243void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, 244 char * yQ_str, data_t * rnd_buf, 245 data_t * hash, char * r_str, char * s_str, 246 int result ) 247{ 248 mbedtls_ecp_group grp; 249 mbedtls_ecp_point Q; 250 mbedtls_mpi d, r, s, r_check, s_check; 251 mbedtls_test_rnd_buf_info rnd_info; 252 253 mbedtls_ecp_group_init( &grp ); 254 mbedtls_ecp_point_init( &Q ); 255 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 256 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 257 258 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 259 TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); 260 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); 261 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); 262 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); 263 rnd_info.buf = rnd_buf->x; 264 rnd_info.length = rnd_buf->len; 265 266 /* Fix rnd_buf->x by shifting it left if necessary */ 267 if( grp.nbits % 8 != 0 ) 268 { 269 unsigned char shift = 8 - ( grp.nbits % 8 ); 270 size_t i; 271 272 for( i = 0; i < rnd_info.length - 1; i++ ) 273 rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift ); 274 275 rnd_buf->x[rnd_info.length-1] <<= shift; 276 } 277 278 TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len, 279 mbedtls_test_rnd_buffer_rand, &rnd_info ) == result ); 280 281 if ( result == 0) 282 { 283 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 284 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 285 286 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 ); 287 288 TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); 289 TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); 290 291 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 292 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 293 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 294 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 295 TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, 296 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 297 } 298 299exit: 300 mbedtls_ecp_group_free( &grp ); 301 mbedtls_ecp_point_free( &Q ); 302 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 303 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 304} 305/* END_CASE */ 306 307/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */ 308void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, 309 char * r_str, char * s_str ) 310{ 311 mbedtls_ecp_group grp; 312 mbedtls_mpi d, r, s, r_check, s_check; 313 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 314 size_t hlen; 315 const mbedtls_md_info_t *md_info; 316 317 mbedtls_ecp_group_init( &grp ); 318 mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); 319 mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check ); 320 memset( hash, 0, sizeof( hash ) ); 321 322 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 323 TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); 324 TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); 325 TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); 326 327 md_info = mbedtls_md_info_from_type( md_alg ); 328 TEST_ASSERT( md_info != NULL ); 329 hlen = mbedtls_md_get_size( md_info ); 330 TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, 331 strlen( msg ), hash ) == 0 ); 332 333 TEST_ASSERT( 334 mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, 335 md_alg, mbedtls_test_rnd_std_rand, 336 NULL ) 337 == 0 ); 338 339 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); 340 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); 341 342exit: 343 mbedtls_ecp_group_free( &grp ); 344 mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); 345 mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check ); 346} 347/* END_CASE */ 348 349/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ 350void ecdsa_write_read_random( int id ) 351{ 352 mbedtls_ecdsa_context ctx; 353 mbedtls_test_rnd_pseudo_info rnd_info; 354 unsigned char hash[32]; 355 unsigned char sig[200]; 356 size_t sig_len, i; 357 358 mbedtls_ecdsa_init( &ctx ); 359 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); 360 memset( hash, 0, sizeof( hash ) ); 361 memset( sig, 0x2a, sizeof( sig ) ); 362 363 /* prepare material for signature */ 364 TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, 365 hash, sizeof( hash ) ) == 0 ); 366 367 /* generate signing key */ 368 TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, 369 &mbedtls_test_rnd_pseudo_rand, 370 &rnd_info ) == 0 ); 371 372 /* generate and write signature, then read and verify it */ 373 TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, 374 hash, sizeof( hash ), 375 sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, 376 &rnd_info ) == 0 ); 377 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 378 sig, sig_len ) == 0 ); 379 380 /* check we didn't write past the announced length */ 381 for( i = sig_len; i < sizeof( sig ); i++ ) 382 TEST_ASSERT( sig[i] == 0x2a ); 383 384 /* try verification with invalid length */ 385 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 386 sig, sig_len - 1 ) != 0 ); 387 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 388 sig, sig_len + 1 ) != 0 ); 389 390 /* try invalid sequence tag */ 391 sig[0]++; 392 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 393 sig, sig_len ) != 0 ); 394 sig[0]--; 395 396 /* try modifying r */ 397 sig[10]++; 398 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 399 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 400 sig[10]--; 401 402 /* try modifying s */ 403 sig[sig_len - 1]++; 404 TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), 405 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 406 sig[sig_len - 1]--; 407 408exit: 409 mbedtls_ecdsa_free( &ctx ); 410} 411/* END_CASE */ 412 413/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 414void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig, 415 int max_ops, int min_restart, int max_restart ) 416{ 417 mbedtls_ecdsa_context ctx; 418 mbedtls_ecdsa_restart_ctx rs_ctx; 419 int ret, cnt_restart; 420 421 mbedtls_ecdsa_init( &ctx ); 422 mbedtls_ecdsa_restart_init( &rs_ctx ); 423 424 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 425 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, 426 pk->x, pk->len ) == 0 ); 427 428 mbedtls_ecp_set_max_ops( max_ops ); 429 430 cnt_restart = 0; 431 do { 432 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 433 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 434 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 435 436 TEST_ASSERT( ret == 0 ); 437 TEST_ASSERT( cnt_restart >= min_restart ); 438 TEST_ASSERT( cnt_restart <= max_restart ); 439 440 /* try modifying r */ 441 442 TEST_ASSERT( sig->len > 10 ); 443 sig->x[10]++; 444 do { 445 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 446 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 447 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 448 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 449 sig->x[10]--; 450 451 /* try modifying s */ 452 sig->x[sig->len - 1]++; 453 do { 454 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 455 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 456 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 457 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); 458 sig->x[sig->len - 1]--; 459 460 /* Do we leak memory when aborting an operation? 461 * This test only makes sense when we actually restart */ 462 if( min_restart > 0 ) 463 { 464 ret = mbedtls_ecdsa_read_signature_restartable( &ctx, 465 hash->x, hash->len, sig->x, sig->len, &rs_ctx ); 466 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 467 } 468 469exit: 470 mbedtls_ecdsa_free( &ctx ); 471 mbedtls_ecdsa_restart_free( &rs_ctx ); 472} 473/* END_CASE */ 474 475/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ 476void ecdsa_write_restart( int id, char *d_str, int md_alg, 477 char *msg, data_t *sig_check, 478 int max_ops, int min_restart, int max_restart ) 479{ 480 int ret, cnt_restart; 481 mbedtls_ecdsa_restart_ctx rs_ctx; 482 mbedtls_ecdsa_context ctx; 483 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 484 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 485 size_t hlen, slen; 486 const mbedtls_md_info_t *md_info; 487 488 mbedtls_ecdsa_restart_init( &rs_ctx ); 489 mbedtls_ecdsa_init( &ctx ); 490 memset( hash, 0, sizeof( hash ) ); 491 memset( sig, 0, sizeof( sig ) ); 492 493 TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); 494 TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); 495 496 md_info = mbedtls_md_info_from_type( md_alg ); 497 TEST_ASSERT( md_info != NULL ); 498 499 hlen = mbedtls_md_get_size( md_info ); 500 TEST_ASSERT( mbedtls_md( md_info, 501 (const unsigned char *) msg, strlen( msg ), 502 hash ) == 0 ); 503 504 mbedtls_ecp_set_max_ops( max_ops ); 505 506 slen = sizeof( sig ); 507 cnt_restart = 0; 508 do { 509 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 510 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 511 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 512 513 TEST_ASSERT( ret == 0 ); 514 TEST_ASSERT( slen == sig_check->len ); 515 TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); 516 517 TEST_ASSERT( cnt_restart >= min_restart ); 518 TEST_ASSERT( cnt_restart <= max_restart ); 519 520 /* Do we leak memory when aborting an operation? 521 * This test only makes sense when we actually restart */ 522 if( min_restart > 0 ) 523 { 524 ret = mbedtls_ecdsa_write_signature_restartable( &ctx, 525 md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); 526 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 527 } 528 529exit: 530 mbedtls_ecdsa_restart_free( &rs_ctx ); 531 mbedtls_ecdsa_free( &ctx ); 532} 533/* END_CASE */ 534