From: Martin Willi <martin@revosec.ch>
Date: Tue, 9 Apr 2013 14:00:19 +0000 (+0200)
Subject: unit-tests: test some zeroed ECDSA signatures that never should succeed
X-Git-Tag: 5.1.0dr1~97^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a88cab095d89247876c1f1a58742bc3930354e34;p=thirdparty%2Fstrongswan.git

unit-tests: test some zeroed ECDSA signatures that never should succeed
---

diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/test_ecdsa.c
index 7e673a7dac..7ab8b63fd6 100644
--- a/src/libstrongswan/tests/test_ecdsa.c
+++ b/src/libstrongswan/tests/test_ecdsa.c
@@ -56,6 +56,65 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
 	}
 }
 
+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+	chunk_from_chars(),
+	chunk_from_chars(0x00),
+	chunk_from_chars(0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+	chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+	int s, i;
+
+	for (s = 0; s < countof(schemes); s++)
+	{
+		if (schemes[s].key_size != 0 &&
+			schemes[s].scheme != pubkey->get_keysize(pubkey))
+		{
+			continue;
+		}
+		for (i = 0; i < countof(invalid_sigs); i++)
+		{
+			fail_if(
+				pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+				"bad %N sig accepted %B",
+				signature_scheme_names, schemes[s].scheme,
+				&invalid_sigs[i]);
+		}
+	}
+}
+
 /**
  * ECDSA key sizes to test
  */
@@ -76,6 +135,8 @@ START_TEST(test_gen)
 
 	test_good_sig(privkey, pubkey);
 
+	test_bad_sigs(pubkey);
+
 	pubkey->destroy(pubkey);
 	privkey->destroy(privkey);
 }
@@ -136,6 +197,8 @@ START_TEST(test_load)
 
 	test_good_sig(privkey, pubkey);
 
+	test_bad_sigs(pubkey);
+
 	pubkey->destroy(pubkey);
 	privkey->destroy(privkey);
 }