2013-02-18 Niels Möller <nisse@lysator.liu.se>
- * testsuite/testutils.h (SHEX): Deleted const cast.
+ * testsuite/ecdsa-verify-test.c: New testcase.
+ * testsuite/ecdsa-sign-test.c: New testcase.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+ ecdsa-sign-test.c and ecdsa-verify-test.c.
+ * testsuite/testutils.h: Include ecdsa.h.
+ (SHEX): Deleted const cast.
* ecc-point.c: New file, struct ecc_point abstraction.
* ecc-scalar.c: New file, struct ecc_scalar abstraction.
/ecc-mul-a-test
/ecc-mul-g-test
/ecc-redc-test
+/ecdsa-sign-test
+/ecdsa-verify-test
/gcm-test
/gosthash94-test
/hmac-test
ecc-mul-a-test$(EXEEXT): ecc-mul-a-test.$(OBJEXT)
$(LINK) ecc-mul-a-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mul-a-test$(EXEEXT)
+ecdsa-sign-test$(EXEEXT): ecdsa-sign-test.$(OBJEXT)
+ $(LINK) ecdsa-sign-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-sign-test$(EXEEXT)
+
+ecdsa-verify-test$(EXEEXT): ecdsa-verify-test.$(OBJEXT)
+ $(LINK) ecdsa-verify-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-verify-test$(EXEEXT)
+
sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT)
$(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT)
rsa-test.c rsa-encrypt-test.c rsa-keygen-test.c \
dsa-test.c dsa-keygen-test.c \
ecc-mod-test.c ecc-modinv-test.c ecc-redc-test.c \
- ecc-mul-g-test.c ecc-mul-a-test.c
+ ecc-mul-g-test.c ecc-mul-a-test.c \
+ ecdsa-sign-test.c ecdsa-verify-test.c
TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
CXX_SOURCES = cxx-test.cxx
--- /dev/null
+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+ /* Private key */
+ const char *sz,
+ /* Random nonce */
+ const char *sk,
+ /* Hash */
+ const struct tstring *h,
+ /* Expected signature */
+ const char *r, const char *s)
+{
+ struct dsa_signature ref;
+ mpz_t z;
+ mpz_t k;
+ mp_limb_t *rp = xalloc_limbs (ecc->size);
+ mp_limb_t *sp = xalloc_limbs (ecc->size);
+ mp_limb_t *scratch = xalloc_limbs (ecc_ecdsa_sign_itch (ecc));
+
+ dsa_signature_init (&ref);
+
+ mpz_init_set_str (z, sz, 16);
+ mpz_init_set_str (k, sk, 16);
+
+ ecc_ecdsa_sign (ecc, _mpz_read_limbs_n (z, ecc->size),
+ _mpz_read_limbs_n (k, ecc->size),
+ h->length, h->data, rp, sp, scratch);
+
+ mpz_set_str (ref.r, r, 16);
+ mpz_set_str (ref.s, s, 16);
+
+ if (_mpz_cmp_limbs (ref.r, rp, ecc->size) != 0
+ || _mpz_cmp_limbs (ref.s, sp, ecc->size) != 0)
+ {
+ fprintf (stderr, "_ecdsa_sign failed, bit_size = %u\n", ecc->bit_size);
+ gmp_fprintf (stderr, "r = %Nx\n", rp, ecc->size);
+ gmp_fprintf (stderr, "s = %Nx\n", sp, ecc->size);
+ gmp_fprintf (stderr, "ref.r = %Zx\n", ref.r);
+ gmp_fprintf (stderr, "ref.s = %Zx\n", ref.s);
+ abort();
+ }
+
+ free (rp);
+ free (sp);
+ free (scratch);
+
+ dsa_signature_clear (&ref);
+ mpz_clear (k);
+ mpz_clear (z);
+}
+
+void
+test_main (void)
+{
+ /* Test cases for the smaller groups, verified with a
+ proof-of-concept implementation done for Yubico AB. */
+ test_ecdsa (&nettle_secp_192r1,
+ "DC51D3866A15BACDE33D96F992FCA99D"
+ "A7E6EF0934E70975", /* z */
+
+ "9E56F509196784D963D1C0A401510EE7"
+ "ADA3DCC5DEE04B15", /* k */
+
+ SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
+ "B00361A396177A9C"), /* h */
+
+ "8c478db6a5c131540cebc739f9c0a9a8"
+ "c720c2abdd14a891", /* r */
+
+ "a91fb738f9f175d72f9c98527e881c36"
+ "8de68cb55ffe589"); /* s */
+
+ test_ecdsa (&nettle_secp_224r1,
+ "446df0a771ed58403ca9cb316e617f6b"
+ "158420465d00a69601e22858", /* z */
+
+ "4c13f1905ad7eb201178bc08e0c9267b"
+ "4751c15d5e1831ca214c33f4", /* z */
+
+ SHEX("1b28a611fe62ab3649350525d06703ba"
+ "4b979a1e543566fd5caa85c6"), /* h */
+
+ "2cc280778f3d067df6d3adbe3a6aad63"
+ "bc75f08f5c5f915411902a99", /* r */
+
+ "d0f069fd0f108eb07b7bbc54c8d6c88d"
+ "f2715c38a95c31a2b486995f"); /* s */
+
+ /* From RFC 4754 */
+ test_ecdsa (&nettle_secp_256r1,
+ "DC51D386 6A15BACD E33D96F9 92FCA99D"
+ "A7E6EF09 34E70975 59C27F16 14C88A7F", /* z */
+
+ "9E56F509 196784D9 63D1C0A4 01510EE7"
+ "ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE", /* k */
+
+ SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+ "B00361A3 96177A9C B410FF61 F20015AD"), /* h */
+
+ "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+ "9716CBBF 917DD72E 97566EA1 C066957C", /* r */
+ "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+ "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+ test_ecdsa (&nettle_secp_384r1,
+ "0BEB6466 34BA8773 5D77AE48 09A0EBEA"
+ "865535DE 4C1E1DCB 692E8470 8E81A5AF"
+ "62E528C3 8B2A81B3 5309668D 73524D9F", /* z */
+
+ "B4B74E44 D71A13D5 68003D74 89908D56"
+ "4C7761E2 29C58CBF A1895009 6EB7463B"
+ "854D7FA9 92F934D9 27376285 E63414FA", /* k */
+
+ SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+ "272C32AB 0EDED163 1A8B605A 43FF5BED"
+ "8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
+
+ "FB017B91 4E291494 32D8BAC2 9A514640"
+ "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+ "08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
+ "B263A130 5E057F98 4D38726A 1B468741"
+ "09F417BC A112674C 528262A4 0A629AF1"
+ "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+ test_ecdsa (&nettle_secp_521r1,
+ "0065FDA3 409451DC AB0A0EAD 45495112"
+ "A3D813C1 7BFD34BD F8C1209D 7DF58491"
+ "20597779 060A7FF9 D704ADF7 8B570FFA"
+ "D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
+ "5FA1", /* z */
+
+ "00C1C2B3 05419F5A 41344D7E 4359933D"
+ "734096F5 56197A9B 244342B8 B62F46F9"
+ "373778F9 DE6B6497 B1EF825F F24F42F9"
+ "B4A4BD73 82CFC337 8A540B1B 7F0C1B95"
+ "6C2F", /* k */
+
+ SHEX("DDAF35A1 93617ABA CC417349 AE204131"
+ "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+ "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
+ "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+ "0154FD38 36AF92D0 DCA57DD5 341D3053"
+ "988534FD E8318FC6 AAAAB68E 2E6F4339"
+ "B19F2F28 1A7E0B22 C269D93C F8794A92"
+ "78880ED7 DBB8D936 2CAEACEE 54432055"
+ "2251", /* r */
+ "017705A7 030290D1 CEB605A9 A1BB03FF"
+ "9CDD521E 87A696EC 926C8C10 C8362DF4"
+ "97536710 1F67D1CF 9BCCBF2F 3D239534"
+ "FA509E70 AAC851AE 01AAC68D 62F86647"
+ "2660"); /* s */
+}
+
--- /dev/null
+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+ /* Public key */
+ const char *xs, const char *ys,
+ /* Hash */
+ struct tstring *h,
+ /* Valid signature */
+ const char *r, const char *s)
+{
+ struct ecc_point pub;
+ struct dsa_signature signature;
+ mpz_t x, y;
+
+ ecc_point_init (&pub, ecc);
+ dsa_signature_init (&signature);
+
+ mpz_init_set_str (x, xs, 16);
+ mpz_init_set_str (y, ys, 16);
+
+ if (!ecc_point_set (&pub, x, y))
+ die ("ecc_point_set failed.\n");
+
+ mpz_set_str (signature.r, r, 16);
+ mpz_set_str (signature.s, s, 16);
+
+ if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify failed with valid signature.\n");
+ fail:
+ fprintf (stderr, "bit_size = %u\n", ecc->bit_size);
+ gmp_fprintf (stderr, "x = %Zx\n", x);
+ gmp_fprintf (stderr, "y = %Zx\ndigest ", y);
+ print_hex (h->length, h->data);
+ gmp_fprintf (stderr, "r = %Zx\n", signature.r);
+ gmp_fprintf (stderr, "s = %Zx\n", signature.s);
+ abort();
+ }
+
+ mpz_combit (signature.r, ecc->bit_size / 3);
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ mpz_combit (signature.r, ecc->bit_size / 3);
+
+ mpz_combit (signature.s, 4*ecc->bit_size / 5);
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ mpz_combit (signature.s, 4*ecc->bit_size / 5);
+
+ h->data[2*h->length / 3] ^= 0x40;
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ h->data[2*h->length / 3] ^= 0x40;
+ if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify failed, internal testsuite error.\n");
+ goto fail;
+ }
+
+ ecc_point_clear (&pub);
+ dsa_signature_clear (&signature);
+ mpz_clear (x);
+ mpz_clear (y);
+}
+
+void
+test_main (void)
+{
+ /* From RFC 4754 */
+ test_ecdsa (&nettle_secp_256r1,
+ "2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
+ "BF42D60C BCA20085 E0822CB0 4235E970", /* x */
+
+ "6FC98BD7 E50211A4 A27102FA 3549DF79"
+ "EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D", /* y */
+
+ SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+ "B00361A3 96177A9C B410FF61 F20015AD"), /* h */
+
+ "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+ "9716CBBF 917DD72E 97566EA1 C066957C", /* r */
+ "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+ "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+ test_ecdsa (&nettle_secp_384r1,
+ "96281BF8 DD5E0525 CA049C04 8D345D30"
+ "82968D10 FEDF5C5A CA0C64E6 465A97EA"
+ "5CE10C9D FEC21797 41571072 1F437922", /* x */
+
+ "447688BA 94708EB6 E2E4D59F 6AB6D7ED"
+ "FF9301D2 49FE49C3 3096655F 5D502FAD"
+ "3D383B91 C5E7EDAA 2B714CC9 9D5743CA", /* y */
+
+ SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+ "272C32AB 0EDED163 1A8B605A 43FF5BED"
+ "8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
+
+ "FB017B91 4E291494 32D8BAC2 9A514640"
+ "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+ "08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
+ "B263A130 5E057F98 4D38726A 1B468741"
+ "09F417BC A112674C 528262A4 0A629AF1"
+ "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+ test_ecdsa (&nettle_secp_521r1,
+ "0151518F 1AF0F563 517EDD54 85190DF9"
+ "5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
+ "7AFE0A6D DEB8BEDB CD6A197E 592D4018"
+ "8901CECD 650699C9 B5E456AE A5ADD190"
+ "52A8", /* x */
+
+ "006F3B14 2EA1BFFF 7E2837AD 44C9E4FF"
+ "6D2D34C7 3184BBAD 90026DD5 E6E85317"
+ "D9DF45CA D7803C6C 20035B2F 3FF63AFF"
+ "4E1BA64D 1C077577 DA3F4286 C58F0AEA"
+ "E643", /* y */
+
+ SHEX("DDAF35A1 93617ABA CC417349 AE204131"
+ "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+ "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
+ "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+ "0154FD38 36AF92D0 DCA57DD5 341D3053"
+ "988534FD E8318FC6 AAAAB68E 2E6F4339"
+ "B19F2F28 1A7E0B22 C269D93C F8794A92"
+ "78880ED7 DBB8D936 2CAEACEE 54432055"
+ "2251", /* r */
+ "017705A7 030290D1 CEB605A9 A1BB03FF"
+ "9CDD521E 87A696EC 926C8C10 C8362DF4"
+ "97536710 1F67D1CF 9BCCBF2F 3D239534"
+ "FA509E70 AAC851AE 01AAC68D 62F86647"
+ "2660"); /* s */
+}
# include "ecc-curve.h"
# include "ecc.h"
# include "ecc-internal.h"
+# include "ecdsa.h"
# include "gmp-glue.h"
#endif
projects / thirdparty / nettle.git / commitdiff
