Azure
/
Project-Cerberus
зеркало из https://github.com/Azure/Project-Cerberus.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Enhancements to the general ECC API and test suites.

This commit is contained in:
Christopher Weimer 2023-01-07 02:38:30 +00:00
Родитель 77ff942a99
Коммит cd681a7e4a
14 изменённых файлов: 350 добавлений и 123 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

21
core/common/buffer_util.c
Просмотреть файл

@ -171,3 +171,24 @@ int buffer_compare_dwords (const uint32_t *buf1, const uint32_t *buf2, size_t dw
return (match == 0xffffffff) ? 0 : BUFFER_UTIL_DATA_MISMATCH;
}
/* Set up a pointer to abstract memset calls from the compiler. This is not foolproof, but is the
* default approach used by mbedTLS. A better alternative is to use memset_s, but compiler support
* for that seems to be poor.
*
* Reference: http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html */
static void* (*const volatile memset_ptr) (void*, int, size_t) = memset;
/**
* Clear a buffer by filling it with zeros. This is not necessarily achieved in the most efficient
* way, but is implemented in a way that should keep it from getting optimized out by compilers.
*
* @param buffer The buffer to clear.
* @param length Length of the buffer.
*/
void buffer_zeroize (void *buffer, size_t length)
{
if (buffer) {
memset_ptr (buffer, 0, length);
}
}

2
core/common/buffer_util.h
Просмотреть файл

@ -32,6 +32,8 @@ void buffer_reverse_copy (uint8_t *dest, const uint8_t *src, size_t length);
int buffer_compare (const uint8_t *buf1, const uint8_t *buf2, size_t length);
int buffer_compare_dwords (const uint32_t *buf1, const uint32_t *buf2, size_t dwords);
void buffer_zeroize (void *buffer, size_t length);
#define BUFFER_UTIL_ERROR(code) ROT_ERROR (ROT_MODULE_BUFFER_UTIL, code)

3
core/crypto/crypto_logging.h
Просмотреть файл

@ -4,6 +4,9 @@
#ifndef CRYPTO_LOGGING_H_
#define CRYPTO_LOGGING_H_
#include "logging/debug_log.h"
/**
* Cerberus crypto log messages.
*/

9
core/crypto/ecc.h
Просмотреть файл

@ -40,6 +40,15 @@ struct ecc_public_key {
};
#pragma pack(push,1)
/**
* Defines a structure to hold the raw value (i.e. not ASN.1/DER encoded) for an ECC private key.
* No curve information is stored. The curve is implied based on the key length.
*/
struct ecc_raw_private_key {
uint8_t d[ECC_MAX_KEY_LENGTH]; /**< The integer used as the private key. */
size_t key_length; /**< Length of the private key. */
};
/**
* Defines a structure to hold the X and Y values for a point on a curve that represents an ECC
* public key. No curve information is stored. The curve is implied based on the key length.

8
core/crypto/ecc_der_util.c
Просмотреть файл

@ -57,7 +57,7 @@ static int ecc_der_get_next_tag (uint8_t type, const uint8_t **der, size_t *leng
const uint8_t *pos = *der;
uint8_t header_len;
if ((*length < 3) || (pos[0] != type)) {
if (*length < 3) {
/* While 2 bytes is enough for the short length representation, we will always have more
* data overall after a tag, so even in the case of a 2 byte header, not enough space for
* more data is an error. Just check the length once here to avoid needing repeated length
@ -65,6 +65,10 @@ static int ecc_der_get_next_tag (uint8_t type, const uint8_t **der, size_t *leng
return ECC_DER_UTIL_MALFORMED;
}
if (pos[0] != type) {
return ECC_DER_UTIL_UNEXPECTED_TAG;
}
if (pos[1] < 0x80) {
*type_len = pos[1];
header_len = 2;
@ -74,7 +78,7 @@ static int ecc_der_get_next_tag (uint8_t type, const uint8_t **der, size_t *leng
header_len = 3;
}
else {
/* We will never get an ASN.1 sequence that needs for that a single length byte. If we do,
/* We will never get an ASN.1 sequence that needs more than a single length byte. If we do,
* there is no point parsing it any further since it does not represent an ECC private
* key.
*

1
core/crypto/ecc_der_util.h
Просмотреть файл

@ -131,6 +131,7 @@ enum {
ECC_DER_UTIL_SMALL_DER_BUFFER = ECC_DER_UTIL_ERROR (0x07), /**< A DER output buffer is not large enough for the encoded data. */
ECC_DER_UTIL_UNSUPPORTED_ALGORITHM = ECC_DER_UTIL_ERROR (0x08), /**< A public key uses an unsupported algorithm. */
ECC_DER_UTIL_SIG_TOO_LONG = ECC_DER_UTIL_ERROR (0x09), /**< The encoded signature is too long for the key length. */
ECC_DER_UTIL_UNEXPECTED_TAG = ECC_DER_UTIL_ERROR (0x0a), /**< The encoded data contained a tag not correct for ASN.1 sequence. */
};

2
core/crypto/ecc_mbedtls.c
Просмотреть файл

@ -12,12 +12,12 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/bignum.h"
#include "logging/debug_log.h"
#include "crypto/crypto_logging.h"
#include "crypto/ecc_der_util.h"
#include "crypto/hash.h"
#include "common/unused.h"
/**
* Get the mbedTLS ECC key pair instance for a public or private key instance.
*

6
core/riot/riot_core.c
Просмотреть файл

@ -2,6 +2,7 @@
// Licensed under the MIT license.
#include "riot_core.h"
#include "common/buffer_util.h"
/**
@ -12,8 +13,5 @@
*/
void riot_core_clear (void *data, size_t length)
{
volatile uint8_t *clear = data;
while (length--) {
*clear++ = 0;
}
buffer_zeroize (data, length);
}

54
core/testing/common/buffer_util_test.c
Просмотреть файл

@ -1005,6 +1005,57 @@ static void buffer_compare_dwords_test_one_null_non_zero_length (CuTest *test)
CuAssertIntEquals (test, BUFFER_UTIL_DATA_MISMATCH, status);
}
static void buffer_zerioze_test (CuTest *test)
{
uint8_t buffer[32];
uint8_t zero[32] = {0};
size_t i;
int status;
TEST_START;
for (i = 0; i < sizeof (buffer); i++) {
buffer[i] = i;
}
buffer_zeroize (buffer, sizeof (buffer));
status = testing_validate_array (buffer, zero, sizeof (buffer));
CuAssertIntEquals (test, 0, status);
}
static void buffer_zerioze_test_zero_length (CuTest *test)
{
uint8_t buffer[32];
size_t i;
TEST_START;
for (i = 0; i < sizeof (buffer); i++) {
buffer[i] = i;
}
buffer_zeroize (buffer, 0);
for (i = 0; i < sizeof (buffer); i++) {
CuAssertIntEquals (test, i, buffer[i]);
}
}
static void buffer_zerioze_test_null (CuTest *test)
{
uint8_t buffer[32];
size_t i;
TEST_START;
for (i = 0; i < sizeof (buffer); i++) {
buffer[i] = i;
}
buffer_zeroize (NULL, sizeof (buffer));
}
TEST_SUITE_START (buffer_util);
@ -1057,5 +1108,8 @@ TEST (buffer_compare_dwords_test_match_both_null_zero_length);
TEST (buffer_compare_dwords_test_match_both_null_non_zero_length);
TEST (buffer_compare_dwords_test_one_null_zero_length);
TEST (buffer_compare_dwords_test_one_null_non_zero_length);
TEST (buffer_zerioze_test);
TEST (buffer_zerioze_test_zero_length);
TEST (buffer_zerioze_test_null);
TEST_SUITE_END;

26
core/testing/crypto/ecc_der_util_test.c
Просмотреть файл

@ -276,7 +276,7 @@ static void ecc_der_decode_private_key_test_malformed_not_sequence (CuTest *test
der[0] = 0x03;
status = ecc_der_decode_private_key (der, sizeof (der), priv_key, sizeof (priv_key));
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_private_key_test_malformed_sequence_too_long (CuTest *test)
@ -308,7 +308,7 @@ static void ecc_der_decode_private_key_test_malformed_not_integer (CuTest *test)
der[2] = 0x03;
status = ecc_der_decode_private_key (der, sizeof (der), priv_key, sizeof (priv_key));
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_private_key_test_malformed_integer_too_long (CuTest *test)
@ -372,7 +372,7 @@ static void ecc_der_decode_private_key_test_malformed_not_octet_string (CuTest *
der[5] = 0x03;
status = ecc_der_decode_private_key (der, sizeof (der), priv_key, sizeof (priv_key));
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_private_key_test_malformed_octet_string_too_long (CuTest *test)
@ -420,7 +420,7 @@ static void ecc_der_decode_private_key_test_malformed_not_explicit_parameters (C
der[39] = 0x03;
status = ecc_der_decode_private_key (der, sizeof (der), priv_key, sizeof (priv_key));
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_private_key_test_malformed_explicit_parameters_too_long (CuTest *test)
@ -452,7 +452,7 @@ static void ecc_der_decode_private_key_test_malformed_not_oid (CuTest *test)
der[41] = 0x03;
status = ecc_der_decode_private_key (der, sizeof (der), priv_key, sizeof (priv_key));
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_private_key_test_malformed_oid_too_long (CuTest *test)
@ -1112,7 +1112,7 @@ static void ecc_der_decode_public_key_test_malformed_not_sequence (CuTest *test)
status = ecc_der_decode_public_key (der, sizeof (der), pub_key_x, pub_key_y,
ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_public_key_test_malformed_sequence_too_long (CuTest *test)
@ -1148,7 +1148,7 @@ static void ecc_der_decode_public_key_test_malformed_algo_not_sequence (CuTest *
status = ecc_der_decode_public_key (der, sizeof (der), pub_key_x, pub_key_y,
ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_public_key_test_malformed_algo_sequence_too_long (CuTest *test)
@ -1184,7 +1184,7 @@ static void ecc_der_decode_public_key_test_malformed_algo_not_oid (CuTest *test)
status = ecc_der_decode_public_key (der, sizeof (der), pub_key_x, pub_key_y,
ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_public_key_test_malformed_algo_oid_too_long (CuTest *test)
@ -1256,7 +1256,7 @@ static void ecc_der_decode_public_key_test_malformed_curve_not_oid (CuTest *test
status = ecc_der_decode_public_key (der, sizeof (der), pub_key_x, pub_key_y,
ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_public_key_test_malformed_curve_oid_too_long (CuTest *test)
@ -1410,7 +1410,7 @@ static void ecc_der_decode_public_key_test_malformed_not_bit_string (CuTest *tes
status = ecc_der_decode_public_key (der, sizeof (der), pub_key_x, pub_key_y,
ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_public_key_test_malformed_bit_string_too_long (CuTest *test)
@ -1911,7 +1911,7 @@ static void ecc_der_decode_ecdsa_signature_test_malformed_not_sequence (CuTest *
der[0] = 0x03;
status = ecc_der_decode_ecdsa_signature (der, sizeof (der), sig_r, sig_s, ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_ecdsa_signature_test_malformed_sequence_too_long (CuTest *test)
@ -1945,7 +1945,7 @@ static void ecc_der_decode_ecdsa_signature_test_malformed_r_not_integer (CuTest
der[2] = 0x03;
status = ecc_der_decode_ecdsa_signature (der, sizeof (der), sig_r, sig_s, ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_ecdsa_signature_test_malformed_r_integer_too_long (CuTest *test)
@ -2014,7 +2014,7 @@ static void ecc_der_decode_ecdsa_signature_test_malformed_s_not_integer (CuTest
der[37] = 0x03;
status = ecc_der_decode_ecdsa_signature (der, sizeof (der), sig_r, sig_s, ECC_KEY_LENGTH_256);
CuAssertIntEquals (test, ECC_DER_UTIL_MALFORMED, status);
CuAssertIntEquals (test, ECC_DER_UTIL_UNEXPECTED_TAG, status);
}
static void ecc_der_decode_ecdsa_signature_test_malformed_s_integer_too_long (CuTest *test)

108
core/testing/crypto/ecc_mbedtls_test.c
Просмотреть файл

@ -15,15 +15,6 @@
TEST_SUITE_LABEL ("ecc_mbedtls");
/* Maximum lengths of DER-encoded ECDSA signatures.
* Sequence -> 2 bytes overhead (3 for ECC521)
* BIT STRING (r) -> 2 bytes overhead (3 if MSB is 1)
* BIT STRING (s) -> 2 bytes overhead (3 if MSB is 1) */
#define ECC256_DSA_MAX_LENGTH 72
#define ECC384_DSA_MAX_LENGTH 104
#define ECC521_DSA_MAX_LENGTH 141
/*******************
* Test cases
*******************/
@ -347,7 +338,7 @@ static void ecc_mbedtls_test_private_key_init_key_pair_and_sign (CuTest *test)
struct ecc_engine_mbedtls engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -362,6 +353,7 @@ static void ecc_mbedtls_test_private_key_init_key_pair_and_sign (CuTest *test)
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
CuAssertPtrEquals (test, NULL, priv_key.context);
@ -374,7 +366,7 @@ static void ecc_mbedtls_test_public_key_init_key_pair_and_sign (CuTest *test)
struct ecc_engine_mbedtls engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -403,7 +395,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify (CuTest *test)
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -419,6 +411,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify (CuTest *test)
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -437,7 +430,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_no_pubkey (CuTest
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -453,6 +446,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_no_pubkey (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -471,7 +465,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_extra_buffer (CuT
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -490,6 +484,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_extra_buffer (CuT
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -509,7 +504,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384 (CuTest *tes
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
TEST_START;
@ -525,6 +520,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384 (CuTest *tes
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -544,7 +540,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384_no_pubkey (C
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
TEST_START;
@ -560,6 +556,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384_no_pubkey (C
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -579,7 +576,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384_extra_buffer
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC384_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -598,6 +595,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p384_extra_buffer
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -619,7 +617,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521 (CuTest *tes
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -635,6 +633,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521 (CuTest *tes
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -654,7 +653,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_no_pubkey (C
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -670,6 +669,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_no_pubkey (C
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -689,7 +689,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_no_leading_z
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -705,6 +705,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_no_leading_z
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -724,7 +725,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_extra_buffer
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC521_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -743,6 +744,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_and_verify_p521_extra_buffer
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -762,7 +764,7 @@ static void ecc_mbedtls_test_init_key_pair_and_sign_with_public_key (CuTest *tes
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -844,7 +846,6 @@ static void ecc_mbedtls_test_init_key_pair_with_public_key (CuTest *test)
status = engine.base.init_key_pair (&engine.base, ECC_PUBKEY_DER, ECC_PUBKEY_DER_LEN, NULL,
&pub_key);
CuAssertTrue (test, (status < 0));
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_mbedtls_release (&engine);
}
@ -863,7 +864,6 @@ static void ecc_mbedtls_test_init_key_pair_with_rsa_key (CuTest *test)
status = engine.base.init_key_pair (&engine.base, RSA_PRIVKEY_DER, RSA_PRIVKEY_DER_LEN, NULL,
&pub_key);
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status);
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_mbedtls_release (&engine);
}
@ -1102,7 +1102,6 @@ static void ecc_mbedtls_test_init_public_key_with_private_key (CuTest *test)
status = engine.base.init_public_key (&engine.base, ECC_PRIVKEY_DER, ECC_PRIVKEY_DER_LEN,
&pub_key);
CuAssertTrue (test, (status < 0));
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_mbedtls_release (&engine);
}
@ -1121,7 +1120,6 @@ static void ecc_mbedtls_test_init_public_key_with_rsa_key (CuTest *test)
status = engine.base.init_public_key (&engine.base, RSA_PUBKEY_DER, RSA_PUBKEY_DER_LEN,
&pub_key);
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status);
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_mbedtls_release (&engine);
}
@ -1239,7 +1237,7 @@ static void ecc_mbedtls_test_private_key_generate_derived_key_pair_and_sign (CuT
struct ecc_engine_mbedtls engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1254,6 +1252,7 @@ static void ecc_mbedtls_test_private_key_generate_derived_key_pair_and_sign (CuT
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1265,7 +1264,7 @@ static void ecc_mbedtls_test_public_key_generate_derived_key_pair_and_sign (CuTe
struct ecc_engine_mbedtls engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1293,7 +1292,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify (CuTe
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1309,6 +1308,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify (CuTe
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -1326,7 +1326,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify_p384
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_384
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1344,6 +1344,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify_p384
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -1365,7 +1366,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify_p521
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_521
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1383,6 +1384,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_and_verify_p521
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -1402,7 +1404,7 @@ static void ecc_mbedtls_test_generate_derived_key_pair_and_sign_with_public_key
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1512,7 +1514,7 @@ static void ecc_mbedtls_test_private_key_generate_key_pair_and_sign (CuTest *tes
struct ecc_engine_mbedtls engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1526,6 +1528,7 @@ static void ecc_mbedtls_test_private_key_generate_key_pair_and_sign (CuTest *tes
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1537,7 +1540,7 @@ static void ecc_mbedtls_test_public_key_generate_key_pair_and_sign (CuTest *test
struct ecc_engine_mbedtls engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1564,7 +1567,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify (CuTest *test
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1579,6 +1582,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify (CuTest *test
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -1596,7 +1600,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify_p384 (CuTest
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_384
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1613,6 +1617,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify_p384 (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -1634,7 +1639,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_521
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1642,7 +1647,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
status = ecc_mbedtls_init (&engine);
CuAssertIntEquals (test, 0, status);
status = engine.base.generate_key_pair (&engine.base, ECC_KEY_LENGTH_256, &priv_key, &pub_key);
status = engine.base.generate_key_pair (&engine.base, ECC_KEY_LENGTH_521, &priv_key, &pub_key);
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_521
CuAssertIntEquals (test, 0, status);
CuAssertPtrNotNull (test, priv_key.context);
@ -1651,6 +1656,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -1670,7 +1676,7 @@ static void ecc_mbedtls_test_generate_key_pair_and_sign_with_public_key (CuTest
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1749,7 +1755,7 @@ static void ecc_mbedtls_test_sign_null (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1791,7 +1797,7 @@ static void ecc_mbedtls_test_sign_small_buffer (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1803,7 +1809,7 @@ static void ecc_mbedtls_test_sign_small_buffer (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
ECC256_DSA_MAX_LENGTH - 1);
ECC_TESTING_ECC256_DSA_MAX_LENGTH - 1);
CuAssertIntEquals (test, ECC_ENGINE_SIG_BUFFER_TOO_SMALL, status);
engine.base.release_key_pair (&engine.base, &priv_key, &pub_key);
@ -1817,7 +1823,7 @@ static void ecc_mbedtls_test_sign_unknown_hash (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1829,7 +1835,7 @@ static void ecc_mbedtls_test_sign_unknown_hash (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.sign (&engine.base, &priv_key, SHA1_TEST_HASH, SHA1_HASH_LENGTH, out,
ECC256_DSA_MAX_LENGTH);
ECC_TESTING_ECC256_DSA_MAX_LENGTH);
CuAssertIntEquals (test, ECC_ENGINE_UNSUPPORTED_HASH_TYPE, status);
engine.base.release_key_pair (&engine.base, &priv_key, &pub_key);
@ -1928,7 +1934,7 @@ static void ecc_mbedtls_test_get_signature_max_length (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1952,7 +1958,7 @@ static void ecc_mbedtls_test_get_signature_max_length_p384 (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC384_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC384_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1977,7 +1983,7 @@ static void ecc_mbedtls_test_get_signature_max_length_p521 (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC521_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC521_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2001,7 +2007,7 @@ static void ecc_mbedtls_test_get_signature_max_length_derived_key (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2023,7 +2029,7 @@ static void ecc_mbedtls_test_get_signature_max_length_random_key (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2370,7 +2376,7 @@ static void ecc_mbedtls_test_compute_shared_secret_different_keys (CuTest *test)
int out_len2;
uint8_t out1[ECC_KEY_LENGTH_256 * 2];
uint8_t out2[ECC_KEY_LENGTH_256 * 2];
uint8_t sign[ECC256_DSA_MAX_LENGTH * 2];
uint8_t sign[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -2937,7 +2943,7 @@ static void ecc_mbedtls_test_get_public_key_der_private_key (CuTest *test)
struct ecc_engine_mbedtls engine;
struct ecc_private_key priv_key;
int status;
uint8_t *der = (uint8_t*) &status;;
uint8_t *der = (uint8_t*) &status;
size_t length;
TEST_START;

90
core/testing/crypto/ecc_test.c
Просмотреть файл

@ -183,6 +183,28 @@ const uint8_t ECC_SIGNATURE_NOPE[] = {
const size_t ECC_SIG_NOPE_LEN = sizeof (ECC_SIGNATURE_NOPE);
const struct ecc_ecdsa_signature ECC_SIGNATURE_NOPE_STRUCT = {
.r = {
0x94,0x08,0x88,0xc0,0x03,0xd0,0x9c,0x20,0x65,0x4b,0xbe,0x47,0xf3,0x72,0xdf,0x2b,
0x05,0x4a,0x84,0x4a,0xef,0x0f,0x2f,0xdb,0xb3,0xb2,0x15,0x98,0xfe,0x35,0x70,0x9a,
},
.s = {
0x50,0x46,0x0d,0x82,0xf2,0x2a,0x91,0x24,0x13,0xa4,0x60,0x9c,0x3e,0x45,0x6d,0xe0,
0xff,0xd6,0x55,0xc0,0xe9,0x0b,0x90,0xf0,0xd8,0xc0,0xe0,0x71,0x2c,0xb2,0xe2,0x52
},
.length = ECC_KEY_LENGTH_256
};
/* The raw r,s values for the signature of "Nope". */
const uint8_t ECC_SIGNATURE_NOPE_RAW[] = {
0x94,0x08,0x88,0xc0,0x03,0xd0,0x9c,0x20,0x65,0x4b,0xbe,0x47,0xf3,0x72,0xdf,0x2b,
0x05,0x4a,0x84,0x4a,0xef,0x0f,0x2f,0xdb,0xb3,0xb2,0x15,0x98,0xfe,0x35,0x70,0x9a,
0x50,0x46,0x0d,0x82,0xf2,0x2a,0x91,0x24,0x13,0xa4,0x60,0x9c,0x3e,0x45,0x6d,0xe0,
0xff,0xd6,0x55,0xc0,0xe9,0x0b,0x90,0xf0,0xd8,0xc0,0xe0,0x71,0x2c,0xb2,0xe2,0x52
};
const size_t ECC_SIG_NOPE_RAW_LEN = sizeof (ECC_SIGNATURE_NOPE_RAW);
/* The SHA256 signature for the string "Bad". */
const uint8_t ECC_SIGNATURE_BAD[] = {
0x30,0x45,0x02,0x21,0x00,0xb3,0x82,0xfc,0x21,0x57,0x66,0xf1,0xeb,0xb4,0x87,0x2f,
@ -194,6 +216,28 @@ const uint8_t ECC_SIGNATURE_BAD[] = {
const size_t ECC_SIG_BAD_LEN = sizeof (ECC_SIGNATURE_BAD);
const struct ecc_ecdsa_signature ECC_SIGNATURE_BAD_STRUCT = {
.r = {
0xb3,0x82,0xfc,0x21,0x57,0x66,0xf1,0xeb,0xb4,0x87,0x2f,0x94,0x53,0x62,0x06,0xa5,
0x74,0xa5,0x89,0xa3,0x05,0x7c,0xb2,0x6c,0x4e,0x6d,0x5c,0x3b,0x38,0x9b,0xf0,0x03,
},
.s = {
0x64,0x91,0x2a,0x2d,0x6e,0x72,0xba,0x8a,0x30,0xfd,0x27,0xdf,0x43,0x41,0xd3,0xa5,
0xf8,0xd3,0x90,0x87,0xf7,0x63,0xd3,0x3c,0x6d,0x56,0x6c,0xfc,0x89,0xa9,0x2a,0xaf
},
.length = ECC_KEY_LENGTH_256
};
/* The raw r,s values for the signature of "BAD". */
const uint8_t ECC_SIGNATURE_BAD_RAW[] = {
0xb3,0x82,0xfc,0x21,0x57,0x66,0xf1,0xeb,0xb4,0x87,0x2f,0x94,0x53,0x62,0x06,0xa5,
0x74,0xa5,0x89,0xa3,0x05,0x7c,0xb2,0x6c,0x4e,0x6d,0x5c,0x3b,0x38,0x9b,0xf0,0x03,
0x64,0x91,0x2a,0x2d,0x6e,0x72,0xba,0x8a,0x30,0xfd,0x27,0xdf,0x43,0x41,0xd3,0xa5,
0xf8,0xd3,0x90,0x87,0xf7,0x63,0xd3,0x3c,0x6d,0x56,0x6c,0xfc,0x89,0xa9,0x2a,0xaf
};
const size_t ECC_SIG_BAD_RAW_LEN = sizeof (ECC_SIGNATURE_BAD_RAW);
/* The ECDH secret generated using the test private and public key (ECC_PRIVKEY and ECC_PUBKEY).
*
* openssl pkeyutl -derive -inkey eccpriv.pem -peerkey eccpub.pem */
@ -211,6 +255,52 @@ const uint8_t ECC_PRIVKEY_LEADING_ZERO[] = {
const size_t ECC_PRIVKEY_LEADING_ZERO_LEN = sizeof (ECC_PRIVKEY_LEADING_ZERO);
/* Raw public key. X followed by Y. */
const uint8_t ECC_PUBKEY_LEADING_ZERO[] = {
0x08,0xf1,0x75,0x65,0x8e,0xcd,0xe5,0x7e,0x12,0xd2,0x65,0xd6,0xdc,0xbf,0xbb,0x42,
0x93,0x6b,0x2d,0x9d,0x4e,0xd4,0xd5,0xbf,0x1a,0xc1,0x08,0x91,0xe7,0x4c,0x60,0xed,
0xc8,0x80,0xd0,0xf9,0x42,0x97,0x93,0x4d,0xc9,0x2e,0x0a,0xd9,0x4c,0x2c,0x7c,0xb3,
0x78,0xdf,0xf4,0x97,0x2b,0x8e,0x95,0x5c,0xdc,0x82,0xee,0xc0,0xa2,0x01,0x71,0x61
};
const size_t ECC_PUBKEY_LEADING_ZERO_LEN = sizeof (ECC_PUBKEY_LEADING_ZERO);
/* Digests for ECC_PUBKEY */
const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA1[] = {
0xd5,0x50,0x55,0xff,0x0c,0x7b,0x27,0x1a,0x08,0x17,0xca,0x4f,0x91,0xd5,0x61,0x7a,
0xf4,0xcd,0x29,0x1e
};
const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA256[] = {
0x7a,0xa6,0x8c,0x77,0x1b,0x4f,0x83,0xe6,0x71,0x0f,0x7f,0xd3,0x00,0x8a,0xa6,0x7f,
0x0a,0xf9,0x02,0xd7,0xa3,0x2a,0x8c,0x3e,0xe7,0x6a,0xd1,0xf2,0xeb,0xe4,0xaa,0x29
};
const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA384[] = {
0xcd,0xc8,0x74,0xe2,0x77,0xd9,0x49,0x45,0x27,0x9b,0x89,0x65,0xd1,0xbd,0xc0,0x52,
0xc9,0x38,0x78,0x34,0x5e,0xc9,0x1d,0x86,0xa2,0xdc,0xac,0x4b,0xec,0xe4,0x8b,0xcd,
0xf9,0xc6,0xf0,0x1c,0xf4,0x77,0x3f,0xbd,0x64,0x46,0xb7,0x29,0x4a,0xba,0x06,0x87
};
const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA512[] = {
0x13,0x3a,0x72,0xed,0xb8,0x7f,0xaa,0x71,0x28,0x00,0xb0,0x69,0x79,0x73,0x46,0x78,
0xbf,0x12,0x2b,0x54,0x89,0xf6,0xaa,0xa0,0xa4,0xc8,0x33,0x0f,0x77,0xbd,0xb1,0x0b,
0x6c,0x46,0xe0,0x12,0xb9,0x58,0xa6,0xc9,0x29,0x5b,0xfb,0x87,0x31,0x98,0x24,0x5d,
0xa3,0xf2,0x1a,0x06,0x7e,0x26,0x1c,0xf5,0xf5,0xb6,0x80,0x3f,0xf4,0x53,0x86,0x4a
};
const struct ecc_point_public_key ECC_PUBKEY_LEADING_ZERO_POINT = {
.x = {
0x08,0xf1,0x75,0x65,0x8e,0xcd,0xe5,0x7e,0x12,0xd2,0x65,0xd6,0xdc,0xbf,0xbb,0x42,
0x93,0x6b,0x2d,0x9d,0x4e,0xd4,0xd5,0xbf,0x1a,0xc1,0x08,0x91,0xe7,0x4c,0x60,0xed,
},
.y = {
0xc8,0x80,0xd0,0xf9,0x42,0x97,0x93,0x4d,0xc9,0x2e,0x0a,0xd9,0x4c,0x2c,0x7c,0xb3,
0x78,0xdf,0xf4,0x97,0x2b,0x8e,0x95,0x5c,0xdc,0x82,0xee,0xc0,0xa2,0x01,0x71,0x61
},
.key_length = ECC_KEY_LENGTH_256
};
const char ECC_PUBKEY_LEADING_ZERO_PEM[] = "-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECPF1ZY7N5X4S0mXW3L+7QpNrLZ1O"
"1NW/GsEIkedMYO3IgND5QpeTTckuCtlMLHyzeN/0lyuOlVzcgu7AogFxYQ==\n"

29
core/testing/crypto/ecc_testing.h
Просмотреть файл

@ -9,6 +9,15 @@
#include "crypto/ecc.h"
/* Maximum lengths of DER-encoded ECDSA signatures.
* Sequence -> 2 bytes overhead (3 for ECC521)
* BIT STRING (r) -> 2 bytes overhead (3 if MSB is 1)
* BIT STRING (s) -> 2 bytes overhead (3 if MSB is 1) */
#define ECC_TESTING_ECC256_DSA_MAX_LENGTH 72
#define ECC_TESTING_ECC384_DSA_MAX_LENGTH 104
#define ECC_TESTING_ECC521_DSA_MAX_LENGTH 141
extern const uint8_t ECC_PRIVKEY[];
extern const size_t ECC_PRIVKEY_LEN;
@ -56,15 +65,35 @@ extern const size_t ECC_SIG_TEST2_RAW_LEN;
extern const uint8_t ECC_SIGNATURE_NOPE[];
extern const size_t ECC_SIG_NOPE_LEN;
extern const struct ecc_ecdsa_signature ECC_SIGNATURE_NOPE_STRUCT;
extern const uint8_t ECC_SIGNATURE_NOPE_RAW[];
extern const size_t ECC_SIG_NOPE_RAW_LEN;
extern const uint8_t ECC_SIGNATURE_BAD[];
extern const size_t ECC_SIG_BAD_LEN;
extern const struct ecc_ecdsa_signature ECC_SIGNATURE_BAD_STRUCT;
extern const uint8_t ECC_SIGNATURE_BAD_RAW[];
extern const size_t ECC_SIG_BAD_RAW_LEN;
extern const uint8_t ECC_DH_SECRET[];
extern const size_t ECC_DH_SECRET_LEN;
extern const uint8_t ECC_PRIVKEY_LEADING_ZERO[];
extern const size_t ECC_PRIVKEY_LEADING_ZERO_LEN;
extern const uint8_t ECC_PUBKEY_LEADING_ZERO[];
extern const size_t ECC_PUBKEY_LEADING_ZERO_LEN;
extern const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA1[];
extern const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA256[];
extern const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA384[];
extern const uint8_t ECC_PUBKEY_LEADING_ZERO_SHA512[];
extern const struct ecc_point_public_key ECC_PUBKEY_LEADING_ZERO_POINT;
extern const char ECC_PUBKEY_LEADING_ZERO_PEM[];
extern const size_t ECC_PUBKEY_LEADING_ZERO_PEM_LEN;

114
projects/linux/testing/crypto/ecc_openssl_test.c
Просмотреть файл

@ -15,15 +15,6 @@
TEST_SUITE_LABEL ("ecc_openssl");
/* Maximum lengths of DER-encoded ECDSA signatures.
* Sequence -> 2 bytes overhead (3 for ECC521)
* BIT STRING (r) -> 2 bytes overhead (3 if MSB is 1)
* BIT STRING (s) -> 2 bytes overhead (3 if MSB is 1) */
#define ECC256_DSA_MAX_LENGTH 72
#define ECC384_DSA_MAX_LENGTH 104
#define ECC521_DSA_MAX_LENGTH 141
/*******************
* Test cases
*******************/
@ -347,7 +338,7 @@ static void ecc_openssl_test_private_key_init_key_pair_and_sign (CuTest *test)
struct ecc_engine_openssl engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -362,6 +353,7 @@ static void ecc_openssl_test_private_key_init_key_pair_and_sign (CuTest *test)
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
CuAssertPtrEquals (test, NULL, priv_key.context);
@ -374,7 +366,7 @@ static void ecc_openssl_test_public_key_init_key_pair_and_sign (CuTest *test)
struct ecc_engine_openssl engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -403,7 +395,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify (CuTest *test)
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -419,6 +411,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify (CuTest *test)
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -437,7 +430,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_no_pubkey (CuTest
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -453,6 +446,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_no_pubkey (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -471,7 +465,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_extra_buffer (CuT
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -490,6 +484,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_extra_buffer (CuT
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -509,7 +504,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384 (CuTest *tes
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
TEST_START;
@ -525,6 +520,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384 (CuTest *tes
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -544,7 +540,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384_no_pubkey (C
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
TEST_START;
@ -560,6 +556,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384_no_pubkey (C
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -579,7 +576,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384_extra_buffer
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC384_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC384_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC384_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -598,6 +595,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p384_extra_buffer
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -619,7 +617,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521 (CuTest *tes
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -635,6 +633,10 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521 (CuTest *tes
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
if ((out_len > ECC_TESTING_ECC521_DSA_MAX_LENGTH) || (out_len < (ECC_TESTING_ECC521_DSA_MAX_LENGTH - 3))) {
CuAssertIntEquals (test, 0, out_len);
}
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -654,7 +656,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_no_pubkey (C
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -670,6 +672,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_no_pubkey (C
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -689,7 +692,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_no_leading_z
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
TEST_START;
@ -705,6 +708,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_no_leading_z
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -724,7 +728,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_extra_buffer
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC521_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC521_DSA_MAX_LENGTH * 2];
uint8_t privkey[ECC521_PRIVKEY_DER_LEN * 2];
TEST_START;
@ -743,6 +747,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_and_verify_p521_extra_buffer
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -762,7 +767,7 @@ static void ecc_openssl_test_init_key_pair_and_sign_with_public_key (CuTest *tes
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -843,8 +848,8 @@ static void ecc_openssl_test_init_key_pair_with_public_key (CuTest *test)
status = engine.base.init_key_pair (&engine.base, ECC_PUBKEY_DER, ECC_PUBKEY_DER_LEN, NULL,
&pub_key);
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status); // We can't distinguish this case from the RSA case.
CuAssertPtrEquals (test, NULL, pub_key.context);
// We can't distinguish this case from the RSA case.
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status);
ecc_openssl_release (&engine);
}
@ -863,7 +868,6 @@ static void ecc_openssl_test_init_key_pair_with_rsa_key (CuTest *test)
status = engine.base.init_key_pair (&engine.base, RSA_PRIVKEY_DER, RSA_PRIVKEY_DER_LEN, NULL,
&pub_key);
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status);
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_openssl_release (&engine);
}
@ -1102,7 +1106,6 @@ static void ecc_openssl_test_init_public_key_with_private_key (CuTest *test)
status = engine.base.init_public_key (&engine.base, ECC_PRIVKEY_DER, ECC_PRIVKEY_DER_LEN,
&pub_key);
CuAssertTrue (test, (status < 0));
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_openssl_release (&engine);
}
@ -1121,7 +1124,6 @@ static void ecc_openssl_test_init_public_key_with_rsa_key (CuTest *test)
status = engine.base.init_public_key (&engine.base, RSA_PUBKEY_DER, RSA_PUBKEY_DER_LEN,
&pub_key);
CuAssertIntEquals (test, ECC_ENGINE_NOT_EC_KEY, status);
CuAssertPtrEquals (test, NULL, pub_key.context);
ecc_openssl_release (&engine);
}
@ -1238,7 +1240,7 @@ static void ecc_openssl_test_private_key_generate_derived_key_pair_and_sign (CuT
struct ecc_engine_openssl engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1253,6 +1255,7 @@ static void ecc_openssl_test_private_key_generate_derived_key_pair_and_sign (CuT
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1264,7 +1267,7 @@ static void ecc_openssl_test_public_key_generate_derived_key_pair_and_sign (CuTe
struct ecc_engine_openssl engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1292,7 +1295,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify (CuTe
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1308,6 +1311,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify (CuTe
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -1325,7 +1329,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify_p384
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_384
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1343,6 +1347,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify_p384
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -1364,7 +1369,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify_p521
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_521
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1382,6 +1387,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_and_verify_p521
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -1401,7 +1407,7 @@ static void ecc_openssl_test_generate_derived_key_pair_and_sign_with_public_key
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1511,7 +1517,7 @@ static void ecc_openssl_test_private_key_generate_key_pair_and_sign (CuTest *tes
struct ecc_engine_openssl engine;
struct ecc_private_key priv_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1525,6 +1531,7 @@ static void ecc_openssl_test_private_key_generate_key_pair_and_sign (CuTest *tes
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (status));
CuAssertTrue (test, status <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1536,7 +1543,7 @@ static void ecc_openssl_test_public_key_generate_key_pair_and_sign (CuTest *test
struct ecc_engine_openssl engine;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1563,7 +1570,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify (CuTest *test
struct ecc_public_key pub_key;
int status;
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1578,6 +1585,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify (CuTest *test
out_len = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC256_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SIG_HASH_TEST, SIG_HASH_LEN, out, out_len);
CuAssertIntEquals (test, 0, status);
@ -1595,7 +1603,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify_p384 (CuTest
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_384
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1612,6 +1620,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify_p384 (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC384_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA384_TEST_HASH, SHA384_HASH_LENGTH, out,
out_len);
@ -1633,7 +1642,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
int status;
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_384
int out_len;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
#endif
TEST_START;
@ -1641,7 +1650,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
status = ecc_openssl_init (&engine);
CuAssertIntEquals (test, 0, status);
status = engine.base.generate_key_pair (&engine.base, ECC_KEY_LENGTH_256, &priv_key, &pub_key);
status = engine.base.generate_key_pair (&engine.base, ECC_KEY_LENGTH_521, &priv_key, &pub_key);
#if ECC_MAX_KEY_LENGTH >= ECC_KEY_LENGTH_521
CuAssertIntEquals (test, 0, status);
CuAssertPtrNotNull (test, priv_key.context);
@ -1650,6 +1659,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_and_verify_p521 (CuTest
out_len = engine.base.sign (&engine.base, &priv_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
sizeof (out));
CuAssertTrue (test, !ROT_IS_ERROR (out_len));
CuAssertTrue (test, out_len <= ECC_TESTING_ECC521_DSA_MAX_LENGTH);
status = engine.base.verify (&engine.base, &pub_key, SHA512_TEST_HASH, SHA512_HASH_LENGTH, out,
out_len);
@ -1669,7 +1679,7 @@ static void ecc_openssl_test_generate_key_pair_and_sign_with_public_key (CuTest
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1748,7 +1758,7 @@ static void ecc_openssl_test_sign_null (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1790,7 +1800,7 @@ static void ecc_openssl_test_sign_small_buffer (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1802,7 +1812,7 @@ static void ecc_openssl_test_sign_small_buffer (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.sign (&engine.base, &priv_key, SIG_HASH_TEST, SIG_HASH_LEN, out,
ECC256_DSA_MAX_LENGTH - 1);
ECC_TESTING_ECC256_DSA_MAX_LENGTH - 1);
CuAssertIntEquals (test, ECC_ENGINE_SIG_BUFFER_TOO_SMALL, status);
engine.base.release_key_pair (&engine.base, &priv_key, &pub_key);
@ -1816,7 +1826,7 @@ static void ecc_openssl_test_sign_unknown_hash (CuTest *test)
struct ecc_private_key priv_key;
struct ecc_public_key pub_key;
int status;
uint8_t out[ECC256_DSA_MAX_LENGTH * 2];
uint8_t out[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -1828,7 +1838,7 @@ static void ecc_openssl_test_sign_unknown_hash (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.sign (&engine.base, &priv_key, SHA1_TEST_HASH, SHA1_HASH_LENGTH, out,
ECC256_DSA_MAX_LENGTH);
ECC_TESTING_ECC256_DSA_MAX_LENGTH);
CuAssertIntEquals (test, ECC_ENGINE_UNSUPPORTED_HASH_TYPE, status);
engine.base.release_key_pair (&engine.base, &priv_key, &pub_key);
@ -1927,7 +1937,7 @@ static void ecc_openssl_test_get_signature_max_length (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1951,7 +1961,7 @@ static void ecc_openssl_test_get_signature_max_length_p384 (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC384_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC384_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -1976,7 +1986,7 @@ static void ecc_openssl_test_get_signature_max_length_p521 (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC521_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC521_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2000,7 +2010,7 @@ static void ecc_openssl_test_get_signature_max_length_derived_key (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2022,7 +2032,7 @@ static void ecc_openssl_test_get_signature_max_length_random_key (CuTest *test)
CuAssertIntEquals (test, 0, status);
status = engine.base.get_signature_max_length (&engine.base, &priv_key);
CuAssertIntEquals (test, ECC256_DSA_MAX_LENGTH, status);
CuAssertIntEquals (test, ECC_TESTING_ECC256_DSA_MAX_LENGTH, status);
engine.base.release_key_pair (&engine.base, &priv_key, NULL);
@ -2369,7 +2379,7 @@ static void ecc_openssl_test_compute_shared_secret_different_keys (CuTest *test)
int out_len2;
uint8_t out1[ECC_KEY_LENGTH_256 * 2];
uint8_t out2[ECC_KEY_LENGTH_256 * 2];
uint8_t sign[ECC256_DSA_MAX_LENGTH * 2];
uint8_t sign[ECC_TESTING_ECC256_DSA_MAX_LENGTH * 2];
TEST_START;
@ -2935,7 +2945,7 @@ static void ecc_openssl_test_get_public_key_der_private_key (CuTest *test)
struct ecc_engine_openssl engine;
struct ecc_private_key priv_key;
int status;
uint8_t *der = (uint8_t*) &status;;
uint8_t *der = (uint8_t*) &status;
size_t length;
TEST_START;