1 #if !defined(POLARSSL_CONFIG_FILE)
4 #include POLARSSL_CONFIG_FILE
7 #ifdef POLARSSL_ECDSA_C
13 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
17 #if defined(POLARSSL_PLATFORM_C)
20 #define polarssl_malloc malloc
21 #define polarssl_free free
26 typedef UINT32 uint32_t;
39 #define GET_UINT32_BE(n,b,i) \
41 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
42 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
43 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
44 | ( (uint32_t) (b)[(i) + 3] ); \
49 #define PUT_UINT32_BE(n,b,i) \
51 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
52 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
53 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
54 (b)[(i) + 3] = (unsigned char) ( (n) ); \
58 static int unhexify(
unsigned char *obuf,
const char *ibuf)
61 int len = strlen(ibuf) / 2;
62 assert(!(strlen(ibuf) %1));
67 if( c >=
'0' && c <=
'9' )
69 else if( c >=
'a' && c <=
'f' )
71 else if( c >=
'A' && c <=
'F' )
77 if( c2 >=
'0' && c2 <=
'9' )
79 else if( c2 >=
'a' && c2 <=
'f' )
81 else if( c2 >=
'A' && c2 <=
'F' )
86 *obuf++ = ( c << 4 ) | c2;
92 static void hexify(
unsigned char *obuf,
const unsigned char *ibuf,
int len)
104 *obuf++ =
'a' + h - 10;
109 *obuf++ =
'a' + l - 10;
126 size_t actual_len = len != 0 ? len : 1;
131 memset( p, 0x00, actual_len );
150 *olen = strlen(ibuf) / 2;
156 assert( obuf != NULL );
172 static int rnd_std_rand(
void *rng_state,
unsigned char *output,
size_t len )
174 #if !defined(__OpenBSD__)
177 if( rng_state != NULL )
180 for( i = 0; i < len; ++i )
183 if( rng_state != NULL )
186 arc4random_buf( output, len );
197 static int rnd_zero_rand(
void *rng_state,
unsigned char *output,
size_t len )
199 if( rng_state != NULL )
202 memset( output, 0, len );
229 if( rng_state == NULL )
238 memcpy( output, info->
buf, use_len );
239 info->
buf += use_len;
243 if( len - use_len > 0 )
244 return(
rnd_std_rand( NULL, output + use_len, len - use_len ) );
273 uint32_t i, *k, sum, delta=0x9E3779B9;
274 unsigned char result[4], *out = output;
276 if( rng_state == NULL )
283 size_t use_len = ( len > 4 ) ? 4 : len;
286 for( i = 0; i < 32; i++ )
288 info->
v0 += (((info->
v1 << 4) ^ (info->
v1 >> 5)) + info->
v1) ^ (sum + k[sum & 3]);
290 info->
v1 += (((info->
v0 << 4) ^ (info->
v0 >> 5)) + info->
v0) ^ (sum + k[(sum>>11) & 3]);
294 memcpy( out, result, use_len );
306 #if defined(POLARSSL_PLATFORM_C)
309 #define polarssl_printf printf
310 #define polarssl_malloc malloc
311 #define polarssl_free free
316 #ifdef POLARSSL_ECDSA_C
318 #define TEST_SUITE_ACTIVE
320 static int test_assert(
int correct,
const char *test )
327 printf(
"FAILED\n" );
328 printf(
" %s\n", test );
333 #define TEST_ASSERT( TEST ) \
334 do { test_assert( (TEST) ? 1 : 0, #TEST ); \
335 if( test_errors) goto exit; \
340 if( (*str)[0] !=
'"' ||
341 (*str)[strlen( *str ) - 1] !=
'"' )
343 printf(
"Expected string (with \"\") for parameter and got: %s\n", *str );
348 (*str)[strlen( *str ) - 1] =
'\0';
360 for( i = 0; i < strlen( str ); i++ )
362 if( i == 0 && str[i] ==
'-' )
368 if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
369 str[i - 1] ==
'0' && str[i] ==
'x' )
375 if( ! ( ( str[i] >=
'0' && str[i] <=
'9' ) ||
376 ( hex && ( ( str[i] >=
'a' && str[i] <=
'f' ) ||
377 ( str[i] >=
'A' && str[i] <=
'F' ) ) ) ) )
387 *value = strtol( str, NULL, 16 );
389 *value = strtol( str, NULL, 10 );
394 if( strcmp( str,
"POLARSSL_ECP_DP_SECP521R1" ) == 0 )
399 #ifdef POLARSSL_ECDSA_DETERMINISTIC
400 if( strcmp( str,
"POLARSSL_MD_SHA256" ) == 0 )
405 #endif // POLARSSL_ECDSA_DETERMINISTIC
406 if( strcmp( str,
"POLARSSL_ECP_DP_SECP384R1" ) == 0 )
411 #ifdef POLARSSL_ECDSA_DETERMINISTIC
412 if( strcmp( str,
"POLARSSL_MD_SHA384" ) == 0 )
417 #endif // POLARSSL_ECDSA_DETERMINISTIC
418 if( strcmp( str,
"POLARSSL_ECP_DP_SECP224R1" ) == 0 )
423 #ifdef POLARSSL_ECDSA_DETERMINISTIC
424 if( strcmp( str,
"POLARSSL_MD_SHA512" ) == 0 )
429 #endif // POLARSSL_ECDSA_DETERMINISTIC
430 #ifdef POLARSSL_ECDSA_DETERMINISTIC
431 if( strcmp( str,
"POLARSSL_MD_SHA224" ) == 0 )
436 #endif // POLARSSL_ECDSA_DETERMINISTIC
437 if( strcmp( str,
"POLARSSL_ECP_DP_SECP256R1" ) == 0 )
442 if( strcmp( str,
"POLARSSL_ECP_DP_SECP192R1" ) == 0 )
447 #ifdef POLARSSL_ECDSA_DETERMINISTIC
448 if( strcmp( str,
"POLARSSL_MD_SHA1" ) == 0 )
453 #endif // POLARSSL_ECDSA_DETERMINISTIC
456 printf(
"Expected integer for parameter and got: %s\n", str );
460 void test_suite_ecdsa_prim_random(
int id )
466 unsigned char buf[66];
472 memset( buf, 0,
sizeof( buf ) );
490 void test_suite_ecdsa_prim_test_vectors(
int id,
char *d_str,
char *xQ_str,
char *yQ_str,
491 char *k_str,
char *hash_str,
char *r_str,
496 mpi d, r, s, r_check, s_check;
497 unsigned char hash[66], rnd_buf[66];
505 memset( hash, 0,
sizeof( hash ) );
506 memset( rnd_buf, 0,
sizeof( rnd_buf ) );
514 rnd_info.
buf = rnd_buf;
518 if( grp.
nbits % 8 != 0 )
520 unsigned char shift = 8 - ( grp.
nbits % 8 );
523 for( i = 0; i < rnd_info.
length - 1; i++ )
524 rnd_buf[i] = rnd_buf[i] << shift | rnd_buf[i+1] >> ( 8 - shift );
526 rnd_buf[rnd_info.
length-1] <<= shift;
544 #ifdef POLARSSL_ECDSA_DETERMINISTIC
545 void test_suite_ecdsa_det_test_vectors(
int id,
char *d_str,
int md_alg,
546 char *msg,
char *r_str,
char *s_str )
549 mpi d, r, s, r_check, s_check;
557 memset( hash, 0,
sizeof( hash ) );
566 hlen = md_info->
size;
567 md( md_info, (
const unsigned char *) msg, strlen( msg ), hash );
581 void test_suite_ecdsa_write_read_random(
int id )
585 unsigned char hash[66];
586 unsigned char sig[200];
591 memset( hash, 0,
sizeof( hash ) );
592 memset( sig, 0x2a,
sizeof( sig ) );
604 sig, sig_len ) == 0 );
607 for( i = sig_len; i <
sizeof( sig ); i++ )
612 sig, sig_len - 1 ) != 0 );
614 sig, sig_len + 1 ) != 0 );
619 sig, sig_len ) != 0 );
625 sig, sig_len ) != 0 );
631 sig, sig_len ) != 0 );
638 #ifdef POLARSSL_ECDSA_DETERMINISTIC
639 void test_suite_ecdsa_write_read_det_random(
int id,
int md_alg )
643 unsigned char msg[100];
645 unsigned char sig[200];
650 memset( hash, 0,
sizeof( hash ) );
651 memset( sig, 0x2a,
sizeof( sig ) );
662 sig, &sig_len, md_alg ) == 0 );
664 sig, sig_len ) == 0 );
680 if( strcmp( str,
"POLARSSL_SHA512_C" ) == 0 )
682 #if defined(POLARSSL_SHA512_C)
688 if( strcmp( str,
"POLARSSL_ECP_DP_SECP224R1_ENABLED" ) == 0 )
690 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
696 if( strcmp( str,
"POLARSSL_ECP_DP_SECP384R1_ENABLED" ) == 0 )
698 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
704 if( strcmp( str,
"POLARSSL_ECP_DP_SECP192R1_ENABLED" ) == 0 )
706 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
712 if( strcmp( str,
"POLARSSL_SHA256_C" ) == 0 )
714 #if defined(POLARSSL_SHA256_C)
720 if( strcmp( str,
"POLARSSL_ECP_DP_SECP521R1_ENABLED" ) == 0 )
722 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
728 if( strcmp( str,
"POLARSSL_ECP_DP_SECP256R1_ENABLED" ) == 0 )
730 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
736 if( strcmp( str,
"POLARSSL_SHA1_C" ) == 0 )
738 #if defined(POLARSSL_SHA1_C)
755 #if defined(TEST_SUITE_ACTIVE)
756 if( strcmp( params[0],
"ecdsa_prim_random" ) == 0 )
763 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 2 );
767 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
769 test_suite_ecdsa_prim_random( param1 );
775 if( strcmp( params[0],
"ecdsa_prim_test_vectors" ) == 0 )
779 char *param2 = params[2];
780 char *param3 = params[3];
781 char *param4 = params[4];
782 char *param5 = params[5];
783 char *param6 = params[6];
784 char *param7 = params[7];
785 char *param8 = params[8];
789 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 9 );
793 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
802 test_suite_ecdsa_prim_test_vectors( param1, param2, param3, param4, param5, param6, param7, param8 );
808 if( strcmp( params[0],
"ecdsa_det_test_vectors" ) == 0 )
810 #ifdef POLARSSL_ECDSA_DETERMINISTIC
813 char *param2 = params[2];
815 char *param4 = params[4];
816 char *param5 = params[5];
817 char *param6 = params[6];
821 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 7 );
825 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
827 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
832 test_suite_ecdsa_det_test_vectors( param1, param2, param3, param4, param5, param6 );
839 if( strcmp( params[0],
"ecdsa_write_read_random" ) == 0 )
846 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 2 );
850 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
852 test_suite_ecdsa_write_read_random( param1 );
858 if( strcmp( params[0],
"ecdsa_write_read_det_random" ) == 0 )
860 #ifdef POLARSSL_ECDSA_DETERMINISTIC
867 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 3 );
871 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
872 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
874 test_suite_ecdsa_write_read_det_random( param1, param2 );
883 fprintf( stdout,
"FAILED\nSkipping unknown test function '%s'\n", params[0] );
897 ret = fgets( buf, len, f );
901 if( strlen( buf ) && buf[strlen(buf) - 1] ==
'\n' )
902 buf[strlen(buf) - 1] =
'\0';
903 if( strlen( buf ) && buf[strlen(buf) - 1] ==
'\r' )
904 buf[strlen(buf) - 1] =
'\0';
917 while( *p !=
'\0' && p < buf + len )
927 if( p + 1 < buf + len )
939 for( i = 0; i < cnt; i++ )
946 if( *p ==
'\\' && *(p + 1) ==
'n' )
951 else if( *p ==
'\\' && *(p + 1) ==
':' )
956 else if( *p ==
'\\' && *(p + 1) ==
'?' )
972 int ret, i, cnt, total_errors = 0, total_tests = 0, total_skipped = 0;
973 const char *filename =
"/tmp/B.z5jajb5_/BUILD/polarssl-1.3.9/tests/suites/test_suite_ecdsa.data";
978 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
979 unsigned char alloc_buf[1000000];
983 file = fopen( filename,
"r" );
986 fprintf( stderr,
"Failed to open\n" );
990 while( !feof( file ) )
994 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
996 fprintf( stdout,
"%s%.66s",
test_errors ?
"\n" :
"", buf );
997 fprintf( stdout,
" " );
998 for( i = strlen( buf ) + 1; i < 67; i++ )
999 fprintf( stdout,
"." );
1000 fprintf( stdout,
" " );
1005 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1009 if( strcmp( params[0],
"depends_on" ) == 0 )
1011 for( i = 1; i < cnt; i++ )
1015 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1026 if( skip == 1 || ret == 3 )
1029 fprintf( stdout,
"----\n" );
1034 fprintf( stdout,
"PASS\n" );
1039 fprintf( stderr,
"FAILED: FATAL PARSE ERROR\n" );
1046 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1048 if( strlen(buf) != 0 )
1050 fprintf( stderr,
"Should be empty %d\n", (
int) strlen(buf) );
1056 fprintf( stdout,
"\n----------------------------------------------------------------------------\n\n");
1057 if( total_errors == 0 )
1058 fprintf( stdout,
"PASSED" );
1060 fprintf( stdout,
"FAILED" );
1062 fprintf( stdout,
" (%d / %d tests (%d skipped))\n",
1063 total_tests - total_errors, total_tests, total_skipped );
1065 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
1066 #if defined(POLARSSL_MEMORY_DEBUG)
1067 memory_buffer_alloc_status();
1072 return( total_errors != 0 );
int md(const md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
Output = message_digest( input buffer )
static void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
int ecdsa_verify(ecp_group *grp, const unsigned char *buf, size_t blen, const ecp_point *Q, const mpi *r, const mpi *s)
Verify ECDSA signature of a previously hashed message.
static unsigned char * zero_alloc(size_t len)
Allocate and zeroize a buffer.
Memory allocation layer (Deprecated to platform layer)
Info structure for the pseudo random function.
static int unhexify(unsigned char *obuf, const char *ibuf)
void memory_buffer_alloc_free(void)
Free the mutex for thread-safety and clear remaining memory.
int ecdsa_write_signature(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20...
int ecdsa_sign(ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Compute ECDSA signature of a previously hashed message.
Configuration options (set of defines)
static int rnd_std_rand(void *rng_state, unsigned char *output, size_t len)
This function just returns data from rand().
static int rnd_pseudo_rand(void *rng_state, unsigned char *output, size_t len)
This function returns random based on a pseudo random function.
static int test_assert(int correct, const char *test)
void mpi_init(mpi *X)
Initialize one MPI.
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
static unsigned char * unhexify_alloc(const char *ibuf, size_t *olen)
Allocate and fill a buffer from hex data.
int memory_buffer_alloc_init(unsigned char *buf, size_t len)
Initialize use of stack-based memory allocator.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
ECP point structure (jacobian coordinates)
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
int ecp_point_read_string(ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
void mpi_free(mpi *X)
Unallocate one MPI.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
int ecdsa_read_signature(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen)
Read and verify an ECDSA signature.
static int rnd_buffer_rand(void *rng_state, unsigned char *output, size_t len)
This function returns random based on a buffer it receives.
#define TEST_ASSERT(TEST)
void ecdsa_init(ecdsa_context *ctx)
Initialize context.
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
int verify_string(char **str)
int ecdsa_genkey(ecdsa_context *ctx, ecp_group_id gid, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate an ECDSA keypair on the given curve.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
#define POLARSSL_MD_MAX_SIZE
int dispatch_test(int cnt, char *params[50])
int ecdsa_sign_det(ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, md_type_t md_alg)
Compute ECDSA signature of a previously hashed message (deterministic version)
void ecdsa_free(ecdsa_context *ctx)
Free context.
int size
Output length of the digest function.
int get_line(FILE *f, char *buf, size_t len)
int verify_int(char *str, int *value)
int parse_arguments(char *buf, size_t len, char *params[50])
#define PUT_UINT32_BE(n, b, i)
Message digest information.
static int rnd_zero_rand(void *rng_state, unsigned char *output, size_t len)
This function only returns zeros.
int ecdsa_write_signature_det(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, md_type_t md_alg)
Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20...
void ecp_point_free(ecp_point *pt)
Free the components of a point.