aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/GNUmakefile2
-rw-r--r--tests/test-ecdsa.c326
-rw-r--r--tests/test-ecdsa.h329
-rw-r--r--tests/test-ecdsa.py156
-rw-r--r--tests/test-hash.c4
-rw-r--r--tests/test-pbkdf2.c2
-rw-r--r--tests/test-rsa.c4
7 files changed, 817 insertions, 6 deletions
diff --git a/tests/GNUmakefile b/tests/GNUmakefile
index 307f23e..a1cd4b4 100644
--- a/tests/GNUmakefile
+++ b/tests/GNUmakefile
@@ -27,7 +27,7 @@
INC = ../hal.h
LIB = ../libhal.a
-BIN = test-aes-key-wrap test-hash test-pbkdf2 test-rsa
+BIN = test-aes-key-wrap test-hash test-pbkdf2 test-rsa test-ecdsa
CFLAGS = -g3 -Wall -fPIC -std=c99 -I..
diff --git a/tests/test-ecdsa.c b/tests/test-ecdsa.c
new file mode 100644
index 0000000..cb590e5
--- /dev/null
+++ b/tests/test-ecdsa.c
@@ -0,0 +1,326 @@
+/*
+ * test-ecdsa.c
+ * ------------
+ * Test harness for Cryptech ECDSA code.
+ *
+ * At the moment, the ECDSA code is a pure software implementation,
+ * Verilog will be along eventually.
+ *
+ * Testing ECDSA is a bit tricky because ECDSA depends heavily on
+ * using a new random secret for each signature. So we can test some
+ * things against the normal ECDSA implemenation, but some tests
+ * require a side door replacement of the random number generator so
+ * that we can use a known values from our test vector in place of the
+ * random secret that would be used in real operation. Test code for
+ * the latter mode depends on the library having been compiled with
+ * the testing hook enable, which it should not be for production use.
+ *
+ * Authors: Rob Austein
+ * Copyright (c) 2015, SUNET
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+
+#include <sys/time.h>
+
+#include <hal.h>
+
+#include "test-ecdsa.h"
+
+#if HAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM
+
+/*
+ * Code to let us replace ECDSA's random numbers with test data, if
+ * the ECDSA library code has been compiled with support for this.
+ */
+
+typedef hal_error_t (*rng_override_test_function_t)(void *, const size_t);
+
+extern rng_override_test_function_t hal_ecdsa_set_rng_override_test_function(rng_override_test_function_t new_func);
+
+static const uint8_t *next_random_value = NULL;
+static size_t next_random_length = 0;
+
+static hal_error_t next_random_handler(void *data, const size_t length)
+{
+ if (data == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ if (next_random_value == NULL || length < next_random_length)
+ return HAL_ERROR_IMPOSSIBLE;
+
+ memset(data, 0, length);
+ memcpy(data + length - next_random_length, next_random_value, next_random_length);
+
+ next_random_value = NULL;
+ next_random_length = 0;
+
+ (void) hal_ecdsa_set_rng_override_test_function(0);
+
+ return HAL_OK;
+}
+
+static void set_next_random(const uint8_t * const data, const size_t length)
+{
+ (void) hal_ecdsa_set_rng_override_test_function(next_random_handler);
+ next_random_value = data;
+ next_random_length = length;
+}
+
+/*
+ * Run one keygen test from test vectors.
+ */
+
+static int test_against_static_vectors(const ecdsa_tc_t * const tc)
+
+{
+ hal_error_t err;
+
+ printf("Starting static test vector tests for P-%lu\n", (unsigned long) (tc->d_len * 8));
+
+ set_next_random(tc->d, tc->d_len);
+
+ uint8_t keybuf1[hal_ecdsa_key_t_size];
+ hal_ecdsa_key_t *key1 = NULL;
+
+ if ((err = hal_ecdsa_key_gen(&key1, keybuf1, sizeof(keybuf1), tc->curve)) != HAL_OK)
+ return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0;
+
+ uint8_t Qx[tc->Qx_len], Qy[tc->Qy_len];
+ size_t Qx_len, Qy_len;
+
+ if ((err = hal_ecdsa_key_get_public(key1, Qx, &Qx_len, sizeof(Qx), Qy, &Qy_len, sizeof(Qy))) != HAL_OK)
+ return printf("hal_ecdsa_key_get_public() failed: %s\n", hal_error_string(err)), 0;
+
+ if (tc->Qx_len != Qx_len || memcmp(tc->Qx, Qx, Qx_len) != 0)
+ return printf("Qx mismatch\n"), 0;
+
+ if (tc->Qy_len != Qy_len || memcmp(tc->Qy, Qy, Qy_len) != 0)
+ return printf("Qy mismatch\n"), 0;
+
+ if (hal_ecdsa_key_to_der_len(key1) != tc->key_len)
+ return printf("DER Key length mismatch\n"), 0;
+
+ uint8_t keyder[tc->key_len];
+ size_t keyder_len;
+
+ if ((err = hal_ecdsa_key_to_der(key1, keyder, &keyder_len, sizeof(keyder))) != HAL_OK)
+ return printf("hal_ecdsa_key_to_der() failed: %s\n", hal_error_string(err)), 0;
+
+ uint8_t keybuf2[hal_ecdsa_key_t_size];
+ hal_ecdsa_key_t *key2 = NULL;
+
+ if ((err = hal_ecdsa_key_from_der(&key2, keybuf2, sizeof(keybuf2), keyder, keyder_len)) != HAL_OK)
+ return printf("hal_ecdsa_key_from_der() failed: %s\n", hal_error_string(err)), 0;
+
+ if (memcmp(key1, key2, hal_ecdsa_key_t_size) != 0)
+ return printf("Key mismatch after read/write cycle\n"), 0;
+
+ set_next_random(tc->k, tc->k_len);
+
+ uint8_t sig[tc->sig_len + 4];
+ size_t sig_len;
+
+ if ((err = hal_ecdsa_sign(key1, tc->H, tc->H_len, sig, &sig_len, sizeof(sig), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK)
+ return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0;
+
+ if (sig_len != tc->sig_len || memcmp(sig, tc->sig, tc->sig_len) != 0)
+ return printf("Signature mismatch\n"), 0;
+
+ if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK)
+ return printf("hal_ecdsa_verify(private) failed: %s\n", hal_error_string(err)), 0;
+
+ hal_ecdsa_key_clear(key2);
+ key2 = NULL;
+
+ if ((err = hal_ecdsa_key_load_private(&key2, keybuf2, sizeof(keybuf2), tc->curve,
+ tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len, tc->d, tc->d_len)) != HAL_OK)
+ return printf("hal_ecdsa_load_private() failed: %s\n", hal_error_string(err)), 0;
+
+ if (memcmp(key1, key2, hal_ecdsa_key_t_size) != 0)
+ return printf("Key mismatch after hal_ecdsa_load_private_key()\n"), 0;
+
+ hal_ecdsa_key_clear(key2);
+ key2 = NULL;
+
+ if ((err = hal_ecdsa_key_load_public(&key2, keybuf2, sizeof(keybuf2), tc->curve,
+ tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len)) != HAL_OK)
+ return printf("hal_ecdsa_load_public() failed: %s\n", hal_error_string(err)), 0;
+
+ if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK)
+ return printf("hal_ecdsa_verify(public) failed: %s\n", hal_error_string(err)), 0;
+
+ return 1;
+}
+
+#endif /* HAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM */
+
+/*
+ * Run one keygen/sign/verify test with a newly generated key.
+ */
+
+static int test_keygen_sign_verify(const hal_ecdsa_curve_t curve)
+
+{
+ const hal_hash_descriptor_t *hash_descriptor = NULL;
+ uint8_t keybuf[hal_ecdsa_key_t_size];
+ hal_ecdsa_key_t *key = NULL;
+ hal_error_t err;
+
+ switch (curve) {
+
+ case HAL_ECDSA_CURVE_P256:
+ printf("ECDSA P-256 key generation / signature / verification test\n");
+ hash_descriptor = hal_hash_sha256;
+ break;
+
+ case HAL_ECDSA_CURVE_P384:
+ printf("ECDSA P-384 key generation / signature / verification test\n");
+ hash_descriptor = hal_hash_sha384;
+ break;
+
+ case HAL_ECDSA_CURVE_P521:
+ printf("ECDSA P-521 key generation / signature / verification test\n");
+ hash_descriptor = hal_hash_sha512;
+ break;
+
+ default:
+ printf("Unsupported ECDSA curve type\n");
+ return 0;
+ }
+
+ if ((err = hal_ecdsa_key_gen(&key, keybuf, sizeof(keybuf), curve)) != HAL_OK)
+ return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0;
+
+ uint8_t hashbuf[hash_descriptor->digest_length];
+
+ {
+ const uint8_t plaintext[] = "So long, and thanks...";
+ uint8_t statebuf[hash_descriptor->hash_state_length];
+ hal_hash_state_t *state = NULL;
+
+ if ((err = hal_hash_initialize(hash_descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK ||
+ (err = hal_hash_update(state, plaintext, strlen((const char *) plaintext))) != HAL_OK ||
+ (err = hal_hash_finalize(state, hashbuf, sizeof(hashbuf))) != HAL_OK)
+ return printf("Couldn't hash plaintext: %s\n", hal_error_string(err)), 0;
+ }
+
+ /*
+ * Lazy but probably-good-enough guess on signature size -- want
+ * explicit number in ecdsa_curve_t?
+ */
+ uint8_t sigbuf[hash_descriptor->digest_length * 3];
+ size_t siglen;
+
+ if ((err = hal_ecdsa_sign(key, hashbuf, sizeof(hashbuf),
+ sigbuf, &siglen, sizeof(sigbuf), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK)
+ return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0;
+
+ if ((err = hal_ecdsa_verify(key, hashbuf, sizeof(hashbuf),
+ sigbuf, siglen, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK)
+ return printf("hal_ecdsa_verify() failed: %s\n", hal_error_string(err)), 0;
+
+ return 1;
+}
+
+/*
+ * Time a test.
+ */
+
+static void _time_check(const struct timeval t0, const int ok)
+{
+ struct timeval t;
+ gettimeofday(&t, NULL);
+ t.tv_sec -= t0.tv_sec;
+ t.tv_usec = t0.tv_usec;
+ if (t.tv_usec < 0) {
+ t.tv_usec += 1000000;
+ t.tv_sec -= 1;
+ }
+ printf("Elapsed time %lu.%06lu seconds, %s\n",
+ (unsigned long) t.tv_sec,
+ (unsigned long) t.tv_usec,
+ ok ? "OK" : "FAILED");
+}
+
+#define time_check(_expr_) \
+ do { \
+ struct timeval _t; \
+ gettimeofday(&_t, NULL); \
+ int _ok = (_expr_); \
+ _time_check(_t, _ok); \
+ ok &= _ok; \
+ } while (0)
+
+/*
+ * Run tests for one ECDSA curve.
+ */
+
+static int test_ecdsa(const ecdsa_tc_t * const tc)
+
+{
+ int ok = 1;
+ time_check(test_against_static_vectors(tc));
+ time_check(test_keygen_sign_verify(tc->curve));
+ return ok;
+}
+
+int main(int argc, char *argv[])
+{
+ uint8_t name[8], version[4];
+ hal_error_t err;
+
+ /*
+ * Initialize EIM and report what core we're running.
+ */
+
+ if ((err = hal_io_read(CSPRNG_ADDR_NAME0, name, sizeof(name))) != HAL_OK ||
+ (err = hal_io_read(CSPRNG_ADDR_VERSION, version, sizeof(version))) != HAL_OK) {
+ printf("Initialization failed: %s\n", hal_error_string(err));
+ return 1;
+ }
+
+ printf("\"%8.8s\" \"%4.4s\"\n\n", name, version);
+
+ for (int i = 0; i < sizeof(ecdsa_tc)/sizeof(*ecdsa_tc); i++)
+ if (!test_ecdsa(&ecdsa_tc[i]))
+ return 1;
+
+ return 0;
+}
+
+/*
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/tests/test-ecdsa.h b/tests/test-ecdsa.h
new file mode 100644
index 0000000..ca51858
--- /dev/null
+++ b/tests/test-ecdsa.h
@@ -0,0 +1,329 @@
+/*
+ * ECDSA test data.
+ * File automatically generated by test-ecdsa.py
+ */
+
+static const uint8_t p256_H[] = { /* 32 bytes */
+ 0x7c, 0x3e, 0x88, 0x3d, 0xdc, 0x8b, 0xd6, 0x88, 0xf9, 0x6e, 0xac, 0x5e,
+ 0x93, 0x24, 0x22, 0x2c, 0x8f, 0x30, 0xf9, 0xd6, 0xbb, 0x59, 0xe9, 0xc5,
+ 0xf0, 0x20, 0xbd, 0x39, 0xba, 0x2b, 0x83, 0x77
+};
+
+static const uint8_t p256_M[] = { /* 48 bytes */
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x6f, 0x6e, 0x6c, 0x79,
+ 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73,
+ 0x61, 0x67, 0x65, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x34,
+ 0x38, 0x20, 0x62, 0x79, 0x74, 0x65, 0x73, 0x20, 0x6c, 0x6f, 0x6e, 0x67
+};
+
+static const uint8_t p256_Qx[] = { /* 32 bytes */
+ 0x81, 0x01, 0xec, 0xe4, 0x74, 0x64, 0xa6, 0xea, 0xd7, 0x0c, 0xf6, 0x9a,
+ 0x6e, 0x2b, 0xd3, 0xd8, 0x86, 0x91, 0xa3, 0x26, 0x2d, 0x22, 0xcb, 0xa4,
+ 0xf7, 0x63, 0x5e, 0xaf, 0xf2, 0x66, 0x80, 0xa8
+};
+
+static const uint8_t p256_Qy[] = { /* 32 bytes */
+ 0xd8, 0xa1, 0x2b, 0xa6, 0x1d, 0x59, 0x92, 0x35, 0xf6, 0x7d, 0x9c, 0xb4,
+ 0xd5, 0x8f, 0x17, 0x83, 0xd3, 0xca, 0x43, 0xe7, 0x8f, 0x0a, 0x5a, 0xba,
+ 0xa6, 0x24, 0x07, 0x99, 0x36, 0xc0, 0xc3, 0xa9
+};
+
+static const uint8_t p256_Rx[] = { /* 32 bytes */
+ 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80,
+ 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56,
+ 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c
+};
+
+static const uint8_t p256_Ry[] = { /* 32 bytes */
+ 0x8b, 0x81, 0xe3, 0xe9, 0x77, 0x59, 0x71, 0x10, 0xc7, 0xcf, 0x26, 0x33,
+ 0x43, 0x5b, 0x22, 0x94, 0xb7, 0x26, 0x42, 0x98, 0x7d, 0xef, 0xd3, 0xd4,
+ 0x00, 0x7e, 0x1c, 0xfc, 0x5d, 0xf8, 0x45, 0x41
+};
+
+static const uint8_t p256_d[] = { /* 32 bytes */
+ 0x70, 0xa1, 0x2c, 0x2d, 0xb1, 0x68, 0x45, 0xed, 0x56, 0xff, 0x68, 0xcf,
+ 0xc2, 0x1a, 0x47, 0x2b, 0x3f, 0x04, 0xd7, 0xd6, 0x85, 0x1b, 0xf6, 0x34,
+ 0x9f, 0x2d, 0x7d, 0x5b, 0x34, 0x52, 0xb3, 0x8a
+};
+
+static const uint8_t p256_e[] = { /* 32 bytes */
+ 0x7c, 0x3e, 0x88, 0x3d, 0xdc, 0x8b, 0xd6, 0x88, 0xf9, 0x6e, 0xac, 0x5e,
+ 0x93, 0x24, 0x22, 0x2c, 0x8f, 0x30, 0xf9, 0xd6, 0xbb, 0x59, 0xe9, 0xc5,
+ 0xf0, 0x20, 0xbd, 0x39, 0xba, 0x2b, 0x83, 0x77
+};
+
+static const uint8_t p256_k[] = { /* 32 bytes */
+ 0x58, 0x0e, 0xc0, 0x0d, 0x85, 0x64, 0x34, 0x33, 0x4c, 0xef, 0x3f, 0x71,
+ 0xec, 0xae, 0xd4, 0x96, 0x5b, 0x12, 0xae, 0x37, 0xfa, 0x47, 0x05, 0x5b,
+ 0x19, 0x65, 0xc7, 0xb1, 0x34, 0xee, 0x45, 0xd0
+};
+
+static const uint8_t p256_key[] = { /* 121 bytes */
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x70, 0xa1, 0x2c, 0x2d, 0xb1,
+ 0x68, 0x45, 0xed, 0x56, 0xff, 0x68, 0xcf, 0xc2, 0x1a, 0x47, 0x2b, 0x3f,
+ 0x04, 0xd7, 0xd6, 0x85, 0x1b, 0xf6, 0x34, 0x9f, 0x2d, 0x7d, 0x5b, 0x34,
+ 0x52, 0xb3, 0x8a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x81, 0x01, 0xec,
+ 0xe4, 0x74, 0x64, 0xa6, 0xea, 0xd7, 0x0c, 0xf6, 0x9a, 0x6e, 0x2b, 0xd3,
+ 0xd8, 0x86, 0x91, 0xa3, 0x26, 0x2d, 0x22, 0xcb, 0xa4, 0xf7, 0x63, 0x5e,
+ 0xaf, 0xf2, 0x66, 0x80, 0xa8, 0xd8, 0xa1, 0x2b, 0xa6, 0x1d, 0x59, 0x92,
+ 0x35, 0xf6, 0x7d, 0x9c, 0xb4, 0xd5, 0x8f, 0x17, 0x83, 0xd3, 0xca, 0x43,
+ 0xe7, 0x8f, 0x0a, 0x5a, 0xba, 0xa6, 0x24, 0x07, 0x99, 0x36, 0xc0, 0xc3, 0xa9
+};
+
+static const uint8_t p256_kinv[] = { /* 32 bytes */
+ 0x6a, 0x66, 0x4f, 0xa1, 0x15, 0x35, 0x6d, 0x33, 0xf1, 0x63, 0x31, 0xb5,
+ 0x4c, 0x4e, 0x7c, 0xe9, 0x67, 0x96, 0x53, 0x86, 0xc7, 0xdc, 0xbf, 0x29,
+ 0x04, 0x60, 0x4d, 0x0c, 0x13, 0x2b, 0x4a, 0x74
+};
+
+static const uint8_t p256_r[] = { /* 32 bytes */
+ 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80,
+ 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56,
+ 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c
+};
+
+static const uint8_t p256_s[] = { /* 32 bytes */
+ 0x7d, 0x1f, 0xf9, 0x61, 0x98, 0x0f, 0x96, 0x1b, 0xda, 0xa3, 0x23, 0x3b,
+ 0x62, 0x09, 0xf4, 0x01, 0x33, 0x17, 0xd3, 0xe3, 0xf9, 0xe1, 0x49, 0x35,
+ 0x92, 0xdb, 0xea, 0xa1, 0xaf, 0x2b, 0xc3, 0x67
+};
+
+static const uint8_t p256_sig[] = { /* 70 bytes */
+ 0x30, 0x44, 0x02, 0x20, 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd,
+ 0x39, 0xff, 0x2f, 0x80, 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf,
+ 0x86, 0xbb, 0x81, 0x56, 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c,
+ 0x02, 0x20, 0x7d, 0x1f, 0xf9, 0x61, 0x98, 0x0f, 0x96, 0x1b, 0xda, 0xa3,
+ 0x23, 0x3b, 0x62, 0x09, 0xf4, 0x01, 0x33, 0x17, 0xd3, 0xe3, 0xf9, 0xe1,
+ 0x49, 0x35, 0x92, 0xdb, 0xea, 0xa1, 0xaf, 0x2b, 0xc3, 0x67
+};
+
+static const uint8_t p256_u1[] = { /* 32 bytes */
+ 0xbb, 0x25, 0x24, 0x01, 0xd6, 0xfb, 0x32, 0x2b, 0xb7, 0x47, 0x18, 0x4c,
+ 0xf2, 0xac, 0x52, 0xbf, 0x8d, 0x54, 0xb9, 0x5a, 0x15, 0x15, 0x06, 0x2a,
+ 0x2f, 0x61, 0x41, 0xf2, 0xe2, 0x09, 0x2e, 0xd8
+};
+
+static const uint8_t p256_u2[] = { /* 32 bytes */
+ 0xaa, 0xe7, 0xd1, 0xc7, 0xf2, 0xc2, 0x32, 0xdf, 0xc6, 0x41, 0x94, 0x8a,
+ 0xf3, 0xdb, 0xa1, 0x41, 0xd4, 0xde, 0x86, 0x34, 0xe5, 0x71, 0xcf, 0x84,
+ 0xc4, 0x86, 0x30, 0x1b, 0x51, 0x0c, 0xfc, 0x04
+};
+
+static const uint8_t p256_v[] = { /* 32 bytes */
+ 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80,
+ 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56,
+ 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c
+};
+
+static const uint8_t p256_w[] = { /* 32 bytes */
+ 0xd6, 0x9b, 0xe7, 0x5f, 0x67, 0xee, 0x53, 0x94, 0xca, 0xbb, 0x6c, 0x28,
+ 0x6f, 0x36, 0x10, 0xcf, 0x62, 0xd7, 0x22, 0xcb, 0xa9, 0xee, 0xa7, 0x0f,
+ 0xae, 0xe7, 0x70, 0xa6, 0xb2, 0xed, 0x72, 0xdc
+};
+
+static const uint8_t p384_H[] = { /* 48 bytes */
+ 0xb9, 0x21, 0x0c, 0x9d, 0x7e, 0x20, 0x89, 0x7a, 0xb8, 0x65, 0x97, 0x26,
+ 0x6a, 0x9d, 0x50, 0x77, 0xe8, 0xdb, 0x1b, 0x06, 0xf7, 0x22, 0x0e, 0xd6,
+ 0xee, 0x75, 0xbd, 0x8b, 0x45, 0xdb, 0x37, 0x89, 0x1f, 0x8b, 0xa5, 0x55,
+ 0x03, 0x04, 0x00, 0x41, 0x59, 0xf4, 0x45, 0x3d, 0xc5, 0xb3, 0xf5, 0xa1
+};
+
+static const uint8_t p384_M[] = { /* 48 bytes */
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x6f, 0x6e, 0x6c, 0x79,
+ 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73,
+ 0x61, 0x67, 0x65, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x34,
+ 0x38, 0x20, 0x62, 0x79, 0x74, 0x65, 0x73, 0x20, 0x6c, 0x6f, 0x6e, 0x67
+};
+
+static const uint8_t p384_Qx[] = { /* 48 bytes */
+ 0x1f, 0xba, 0xc8, 0xee, 0xbd, 0x0c, 0xbf, 0x35, 0x64, 0x0b, 0x39, 0xef,
+ 0xe0, 0x80, 0x8d, 0xd7, 0x74, 0xde, 0xbf, 0xf2, 0x0a, 0x2a, 0x32, 0x9e,
+ 0x91, 0x71, 0x3b, 0xaf, 0x7d, 0x7f, 0x3c, 0x3e, 0x81, 0x54, 0x6d, 0x88,
+ 0x37, 0x30, 0xbe, 0xe7, 0xe4, 0x86, 0x78, 0xf8, 0x57, 0xb0, 0x2c, 0xa0
+};
+
+static const uint8_t p384_Qy[] = { /* 48 bytes */
+ 0xeb, 0x21, 0x31, 0x03, 0xbd, 0x68, 0xce, 0x34, 0x33, 0x65, 0xa8, 0xa4,
+ 0xc3, 0xd4, 0x55, 0x5f, 0xa3, 0x85, 0xf5, 0x33, 0x02, 0x03, 0xbd, 0xd7,
+ 0x6f, 0xfa, 0xd1, 0xf3, 0xaf, 0xfb, 0x95, 0x75, 0x1c, 0x13, 0x20, 0x07,
+ 0xe1, 0xb2, 0x40, 0x35, 0x3c, 0xb0, 0xa4, 0xcf, 0x16, 0x93, 0xbd, 0xf9
+};
+
+static const uint8_t p384_Rx[] = { /* 48 bytes */
+ 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc,
+ 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31,
+ 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f,
+ 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56
+};
+
+static const uint8_t p384_Ry[] = { /* 48 bytes */
+ 0x85, 0x56, 0x49, 0x40, 0x98, 0x15, 0xbb, 0x91, 0x42, 0x4e, 0xac, 0xa5,
+ 0xfd, 0x76, 0xc9, 0x73, 0x75, 0xd5, 0x75, 0xd1, 0x42, 0x2e, 0xc5, 0x3d,
+ 0x34, 0x3b, 0xd3, 0x3b, 0x84, 0x7f, 0xdf, 0x0c, 0x11, 0x56, 0x96, 0x85,
+ 0xb5, 0x28, 0xab, 0x25, 0x49, 0x30, 0x15, 0x42, 0x8d, 0x7c, 0xf7, 0x2b
+};
+
+static const uint8_t p384_d[] = { /* 48 bytes */
+ 0xc8, 0x38, 0xb8, 0x52, 0x53, 0xef, 0x8d, 0xc7, 0x39, 0x4f, 0xa5, 0x80,
+ 0x8a, 0x51, 0x83, 0x98, 0x1c, 0x7d, 0xee, 0xf5, 0xa6, 0x9b, 0xa8, 0xf4,
+ 0xf2, 0x11, 0x7f, 0xfe, 0xa3, 0x9c, 0xfc, 0xd9, 0x0e, 0x95, 0xf6, 0xcb,
+ 0xc8, 0x54, 0xab, 0xac, 0xab, 0x70, 0x1d, 0x50, 0xc1, 0xf3, 0xcf, 0x24
+};
+
+static const uint8_t p384_e[] = { /* 48 bytes */
+ 0xb9, 0x21, 0x0c, 0x9d, 0x7e, 0x20, 0x89, 0x7a, 0xb8, 0x65, 0x97, 0x26,
+ 0x6a, 0x9d, 0x50, 0x77, 0xe8, 0xdb, 0x1b, 0x06, 0xf7, 0x22, 0x0e, 0xd6,
+ 0xee, 0x75, 0xbd, 0x8b, 0x45, 0xdb, 0x37, 0x89, 0x1f, 0x8b, 0xa5, 0x55,
+ 0x03, 0x04, 0x00, 0x41, 0x59, 0xf4, 0x45, 0x3d, 0xc5, 0xb3, 0xf5, 0xa1
+};
+
+static const uint8_t p384_k[] = { /* 48 bytes */
+ 0xdc, 0x6b, 0x44, 0x03, 0x69, 0x89, 0xa1, 0x96, 0xe3, 0x9d, 0x1c, 0xda,
+ 0xc0, 0x00, 0x81, 0x2f, 0x4b, 0xdd, 0x8b, 0x2d, 0xb4, 0x1b, 0xb3, 0x3a,
+ 0xf5, 0x13, 0x72, 0x58, 0x5e, 0xbd, 0x1d, 0xb6, 0x3f, 0x0c, 0xe8, 0x27,
+ 0x5a, 0xa1, 0xfd, 0x45, 0xe2, 0xd2, 0xa7, 0x35, 0xf8, 0x74, 0x93, 0x59
+};
+
+static const uint8_t p384_key[] = { /* 167 bytes */
+ 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0xc8, 0x38, 0xb8, 0x52,
+ 0x53, 0xef, 0x8d, 0xc7, 0x39, 0x4f, 0xa5, 0x80, 0x8a, 0x51, 0x83, 0x98,
+ 0x1c, 0x7d, 0xee, 0xf5, 0xa6, 0x9b, 0xa8, 0xf4, 0xf2, 0x11, 0x7f, 0xfe,
+ 0xa3, 0x9c, 0xfc, 0xd9, 0x0e, 0x95, 0xf6, 0xcb, 0xc8, 0x54, 0xab, 0xac,
+ 0xab, 0x70, 0x1d, 0x50, 0xc1, 0xf3, 0xcf, 0x24, 0xa0, 0x07, 0x06, 0x05,
+ 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x1f,
+ 0xba, 0xc8, 0xee, 0xbd, 0x0c, 0xbf, 0x35, 0x64, 0x0b, 0x39, 0xef, 0xe0,
+ 0x80, 0x8d, 0xd7, 0x74, 0xde, 0xbf, 0xf2, 0x0a, 0x2a, 0x32, 0x9e, 0x91,
+ 0x71, 0x3b, 0xaf, 0x7d, 0x7f, 0x3c, 0x3e, 0x81, 0x54, 0x6d, 0x88, 0x37,
+ 0x30, 0xbe, 0xe7, 0xe4, 0x86, 0x78, 0xf8, 0x57, 0xb0, 0x2c, 0xa0, 0xeb,
+ 0x21, 0x31, 0x03, 0xbd, 0x68, 0xce, 0x34, 0x33, 0x65, 0xa8, 0xa4, 0xc3,
+ 0xd4, 0x55, 0x5f, 0xa3, 0x85, 0xf5, 0x33, 0x02, 0x03, 0xbd, 0xd7, 0x6f,
+ 0xfa, 0xd1, 0xf3, 0xaf, 0xfb, 0x95, 0x75, 0x1c, 0x13, 0x20, 0x07, 0xe1,
+ 0xb2, 0x40, 0x35, 0x3c, 0xb0, 0xa4, 0xcf, 0x16, 0x93, 0xbd, 0xf9
+};
+
+static const uint8_t p384_kinv[] = { /* 48 bytes */
+ 0x74, 0x36, 0xf0, 0x30, 0x88, 0xe6, 0x5c, 0x37, 0xba, 0x8e, 0x7b, 0x33,
+ 0x88, 0x7f, 0xbc, 0x87, 0x75, 0x75, 0x14, 0xd6, 0x11, 0xf7, 0xd1, 0xfb,
+ 0xdf, 0x6d, 0x21, 0x04, 0xa2, 0x97, 0xad, 0x31, 0x8c, 0xdb, 0xf7, 0x40,
+ 0x4e, 0x4b, 0xa3, 0x7e, 0x59, 0x96, 0x66, 0xdf, 0x37, 0xb8, 0xd8, 0xbe
+};
+
+static const uint8_t p384_r[] = { /* 48 bytes */
+ 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc,
+ 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31,
+ 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f,
+ 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56
+};
+
+static const uint8_t p384_s[] = { /* 48 bytes */
+ 0x20, 0xab, 0x3f, 0x45, 0xb7, 0x4f, 0x10, 0xb6, 0xe1, 0x1f, 0x96, 0xa2,
+ 0xc8, 0xeb, 0x69, 0x4d, 0x20, 0x6b, 0x9d, 0xda, 0x86, 0xd3, 0xc7, 0xe3,
+ 0x31, 0xc2, 0x6b, 0x22, 0xc9, 0x87, 0xb7, 0x53, 0x77, 0x26, 0x57, 0x76,
+ 0x67, 0xad, 0xad, 0xf1, 0x68, 0xeb, 0xbe, 0x80, 0x37, 0x94, 0xa4, 0x02
+};
+
+static const uint8_t p384_sig[] = { /* 103 bytes */
+ 0x30, 0x65, 0x02, 0x31, 0x00, 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d,
+ 0xea, 0x1e, 0x1b, 0xd2, 0xcc, 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34,
+ 0xed, 0x0c, 0x9f, 0x81, 0x31, 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8,
+ 0xdb, 0xed, 0x8d, 0xd5, 0x9f, 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1,
+ 0x4f, 0xe7, 0x2d, 0xe8, 0x56, 0x02, 0x30, 0x20, 0xab, 0x3f, 0x45, 0xb7,
+ 0x4f, 0x10, 0xb6, 0xe1, 0x1f, 0x96, 0xa2, 0xc8, 0xeb, 0x69, 0x4d, 0x20,
+ 0x6b, 0x9d, 0xda, 0x86, 0xd3, 0xc7, 0xe3, 0x31, 0xc2, 0x6b, 0x22, 0xc9,
+ 0x87, 0xb7, 0x53, 0x77, 0x26, 0x57, 0x76, 0x67, 0xad, 0xad, 0xf1, 0x68,
+ 0xeb, 0xbe, 0x80, 0x37, 0x94, 0xa4, 0x02
+};
+
+static const uint8_t p384_u1[] = { /* 48 bytes */
+ 0x6c, 0xe2, 0x56, 0x49, 0xd4, 0x2d, 0x22, 0x3e, 0x02, 0x0c, 0x11, 0x14,
+ 0x0f, 0xe7, 0x72, 0x32, 0x66, 0x12, 0xbb, 0x11, 0xb6, 0x86, 0xd3, 0x5e,
+ 0xe9, 0x8e, 0xd4, 0x55, 0x0e, 0x06, 0x35, 0xd9, 0xdd, 0x3a, 0x2a, 0xfb,
+ 0xca, 0x0c, 0xf2, 0xc4, 0xba, 0xed, 0xcd, 0x23, 0x31, 0x3b, 0x18, 0x9e
+};
+
+static const uint8_t p384_u2[] = { /* 48 bytes */
+ 0xf3, 0xb2, 0x40, 0x75, 0x1d, 0x5d, 0x8e, 0xd3, 0x94, 0xa4, 0xb5, 0xbf,
+ 0x8e, 0x2a, 0x4c, 0x0e, 0x1e, 0x21, 0xaa, 0x51, 0xf2, 0x62, 0x0a, 0x08,
+ 0xb8, 0xc5, 0x5a, 0x2b, 0xc3, 0x34, 0xc9, 0x68, 0x99, 0x23, 0x16, 0x26,
+ 0x48, 0xf0, 0x6e, 0x5f, 0x46, 0x59, 0xfc, 0x52, 0x6d, 0x9c, 0x1f, 0xd6
+};
+
+static const uint8_t p384_v[] = { /* 48 bytes */
+ 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc,
+ 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31,
+ 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f,
+ 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56
+};
+
+static const uint8_t p384_w[] = { /* 48 bytes */
+ 0x17, 0x98, 0x84, 0x5c, 0xd0, 0xa6, 0xce, 0xa5, 0x32, 0x7c, 0x50, 0x1a,
+ 0x71, 0xa4, 0xba, 0xf2, 0xf7, 0xbe, 0x88, 0x2c, 0xfb, 0xc3, 0x03, 0x75,
+ 0x0a, 0x7c, 0x86, 0x1a, 0xf8, 0xfe, 0x82, 0x25, 0x46, 0x7a, 0x25, 0x7f,
+ 0x5b, 0xf9, 0x1a, 0x4a, 0xaa, 0x5a, 0x79, 0xa8, 0x63, 0x7d, 0x21, 0x8a
+};
+
+typedef struct {
+ hal_ecdsa_curve_t curve;
+ const uint8_t * H; size_t H_len;
+ const uint8_t * M; size_t M_len;
+ const uint8_t * Qx; size_t Qx_len;
+ const uint8_t * Qy; size_t Qy_len;
+ const uint8_t * Rx; size_t Rx_len;
+ const uint8_t * Ry; size_t Ry_len;
+ const uint8_t * d; size_t d_len;
+ const uint8_t * e; size_t e_len;
+ const uint8_t * k; size_t k_len;
+ const uint8_t * key; size_t key_len;
+ const uint8_t * kinv; size_t kinv_len;
+ const uint8_t * r; size_t r_len;
+ const uint8_t * s; size_t s_len;
+ const uint8_t * sig; size_t sig_len;
+ const uint8_t * u1; size_t u1_len;
+ const uint8_t * u2; size_t u2_len;
+ const uint8_t * v; size_t v_len;
+ const uint8_t * w; size_t w_len;
+} ecdsa_tc_t;
+
+static const ecdsa_tc_t ecdsa_tc[] = {
+ { HAL_ECDSA_CURVE_P256,
+ p256_H, sizeof(p256_H),
+ p256_M, sizeof(p256_M),
+ p256_Qx, sizeof(p256_Qx),
+ p256_Qy, sizeof(p256_Qy),
+ p256_Rx, sizeof(p256_Rx),
+ p256_Ry, sizeof(p256_Ry),
+ p256_d, sizeof(p256_d),
+ p256_e, sizeof(p256_e),
+ p256_k, sizeof(p256_k),
+ p256_key, sizeof(p256_key),
+ p256_kinv, sizeof(p256_kinv),
+ p256_r, sizeof(p256_r),
+ p256_s, sizeof(p256_s),
+ p256_sig, sizeof(p256_sig),
+ p256_u1, sizeof(p256_u1),
+ p256_u2, sizeof(p256_u2),
+ p256_v, sizeof(p256_v),
+ p256_w, sizeof(p256_w),
+ },
+ { HAL_ECDSA_CURVE_P384,
+ p384_H, sizeof(p384_H),
+ p384_M, sizeof(p384_M),
+ p384_Qx, sizeof(p384_Qx),
+ p384_Qy, sizeof(p384_Qy),
+ p384_Rx, sizeof(p384_Rx),
+ p384_Ry, sizeof(p384_Ry),
+ p384_d, sizeof(p384_d),
+ p384_e, sizeof(p384_e),
+ p384_k, sizeof(p384_k),
+ p384_key, sizeof(p384_key),
+ p384_kinv, sizeof(p384_kinv),
+ p384_r, sizeof(p384_r),
+ p384_s, sizeof(p384_s),
+ p384_sig, sizeof(p384_sig),
+ p384_u1, sizeof(p384_u1),
+ p384_u2, sizeof(p384_u2),
+ p384_v, sizeof(p384_v),
+ p384_w, sizeof(p384_w),
+ },
+};
diff --git a/tests/test-ecdsa.py b/tests/test-ecdsa.py
new file mode 100644
index 0000000..1ecfef9
--- /dev/null
+++ b/tests/test-ecdsa.py
@@ -0,0 +1,156 @@
+# Test vectors from "Suite B Implementer's Guide to FIPS 186-3".
+#
+# e is given in decimal, all other values are hex, because that's how
+# these were given in the paper
+
+p256_d = 0x70a12c2db16845ed56ff68cfc21a472b3f04d7d6851bf6349f2d7d5b3452b38a
+p256_Qx = 0x8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8
+p256_Qy = 0xd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9
+p256_k = 0x580ec00d856434334cef3f71ecaed4965b12ae37fa47055b1965c7b134ee45d0
+p256_kinv = 0x6a664fa115356d33f16331b54c4e7ce967965386c7dcbf2904604d0c132b4a74
+p256_Rx = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c
+p256_Ry = 0x8b81e3e977597110c7cf2633435b2294b72642987defd3d4007e1cfc5df84541
+p256_r = p256_Rx
+p256_M = 0x54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67
+p256_H = 0x7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377
+p256_e = 56197278047627432394583341962843287937266210957576322469816113796290471232375
+p256_s = 0x7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367
+p256_w = 0xd69be75f67ee5394cabb6c286f3610cf62d722cba9eea70faee770a6b2ed72dc
+p256_u1 = 0xbb252401d6fb322bb747184cf2ac52bf8d54b95a1515062a2f6141f2e2092ed8
+p256_u2 = 0xaae7d1c7f2c232dfc641948af3dba141d4de8634e571cf84c486301b510cfc04
+p256_v = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c
+
+p384_d = 0xc838b85253ef8dc7394fa5808a5183981c7deef5a69ba8f4f2117ffea39cfcd90e95f6cbc854abacab701d50c1f3cf24
+p384_Qx = 0x1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0
+p384_Qy = 0xeb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9
+p384_k = 0xdc6b44036989a196e39d1cdac000812f4bdd8b2db41bb33af51372585ebd1db63f0ce8275aa1fd45e2d2a735f8749359
+p384_kinv = 0x7436f03088e65c37ba8e7b33887fbc87757514d611f7d1fbdf6d2104a297ad318cdbf7404e4ba37e599666df37b8d8be
+p384_Rx = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856
+p384_Ry = 0x855649409815bb91424eaca5fd76c97375d575d1422ec53d343bd33b847fdf0c11569685b528ab25493015428d7cf72b
+p384_r = p384_Rx
+p384_M = 0x54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67
+p384_H = 0xb9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1
+p384_e = 28493976155450475404302482243066463769180620629462008675793884393889401828800663731864240088367206094074919580333473
+p384_s = 0x20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402
+p384_w = 0x1798845cd0a6cea5327c501a71a4baf2f7be882cfbc303750a7c861af8fe8225467a257f5bf91a4aaa5a79a8637d218a
+p384_u1 = 0x6ce25649d42d223e020c11140fe772326612bb11b686d35ee98ed4550e0635d9dd3a2afbca0cf2c4baedcd23313b189e
+p384_u2 = 0xf3b240751d5d8ed394a4b5bf8e2a4c0e1e21aa51f2620a08b8c55a2bc334c9689923162648f06e5f4659fc526d9c1fd6
+p384_v = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856
+
+from textwrap import TextWrapper
+from os.path import basename
+from sys import argv
+from pyasn1.type.univ import Sequence, Choice, Integer, OctetString, ObjectIdentifier, BitString
+from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType
+from pyasn1.type.namedval import NamedValues
+from pyasn1.type.tag import Tag, tagClassContext, tagFormatSimple
+from pyasn1.type.constraint import SingleValueConstraint
+from pyasn1.codec.der.encoder import encode as DER_Encode
+from pyasn1.codec.der.decoder import decode as DER_Decode
+
+wrapper = TextWrapper(width = 78, initial_indent = " " * 2, subsequent_indent = " " * 2)
+
+def long_to_bytes(l):
+ #
+ # This is just plain nasty.
+ #
+ s = "%x" % l
+ return ("0" + s if len(s) & 1 else s).decode("hex")
+
+def bytes_to_bits(b):
+ #
+ # This, on the other hand, is not just plain nasty, this is fancy nasty.
+ # This is nasty with raisins in it.
+ #
+ bits = bin(long(b.encode("hex"), 16))[2:]
+ if len(bits) % 8:
+ bits = ("0" * (8 - len(bits) % 8)) + bits
+ return tuple(int(i) for i in bits)
+
+###
+
+class ECDSA_Sig_Value(Sequence):
+ componentType = NamedTypes(
+ NamedType("r", Integer()),
+ NamedType("s", Integer()))
+
+def encode_sig(r, s):
+ sig = ECDSA_Sig_Value()
+ sig["r"] = r
+ sig["s"] = s
+ return DER_Encode(sig)
+
+p256_sig = encode_sig(p256_r, p256_s)
+p384_sig = encode_sig(p384_r, p384_s)
+
+###
+
+class ECPrivateKey(Sequence):
+ componentType = NamedTypes(
+ NamedType("version", Integer(namedValues = NamedValues(("ecPrivkeyVer1", 1))
+ ).subtype(subtypeSpec = Integer.subtypeSpec + SingleValueConstraint(1))),
+ NamedType("privateKey", OctetString()),
+ OptionalNamedType("parameters", ObjectIdentifier().subtype(explicitTag = Tag(tagClassContext, tagFormatSimple, 0))),
+ OptionalNamedType("publicKey", BitString().subtype(explicitTag = Tag(tagClassContext, tagFormatSimple, 1))))
+
+def encode_key(d, Qx, Qy, oid):
+ private_key = long_to_bytes(d)
+ public_key = bytes_to_bits(chr(0x04) + long_to_bytes(Qx) + long_to_bytes(Qy))
+ parameters = oid
+ key = ECPrivateKey()
+ key["version"] = 1
+ key["privateKey"] = private_key
+ key["parameters"] = parameters
+ key["publicKey"] = public_key
+ return DER_Encode(key)
+
+p256_key = encode_key(p256_d, p256_Qx, p256_Qy, "1.2.840.10045.3.1.7")
+p384_key = encode_key(p384_d, p384_Qx, p384_Qy, "1.3.132.0.34")
+
+###
+
+print "/*"
+print " * ECDSA test data."
+print " * File automatically generated by", basename(argv[0])
+print " */"
+
+curves = ("p256", "p384")
+vars = set()
+
+for name in dir():
+ head, sep, tail = name.partition("_")
+ if head in curves:
+ vars.add(tail)
+
+vars = sorted(vars)
+
+for curve in curves:
+ for var in vars:
+ name = curve + "_" + var
+ value = globals().get(name, None)
+ if isinstance(value, (int, long)):
+ value = long_to_bytes(value)
+ if value is not None:
+ print
+ print "static const uint8_t %s[] = { /* %d bytes */" % (name, len(value))
+ print wrapper.fill(", ".join("0x%02x" % ord(v) for v in value))
+ print "};"
+
+print
+print "typedef struct {"
+print " hal_ecdsa_curve_t curve;"
+for var in vars:
+ print " const uint8_t *%8s; size_t %8s_len;" % (var, var)
+print "} ecdsa_tc_t;"
+print
+print "static const ecdsa_tc_t ecdsa_tc[] = {"
+for curve in curves:
+ print " { HAL_ECDSA_CURVE_%s," % curve.upper()
+ for var in vars:
+ name = curve + "_" + var
+ if name in globals():
+ print " %-14s sizeof(%s)," % (name + ",", name)
+ else:
+ print " %-14s 0," % "NULL,"
+ print " },"
+print "};"
diff --git a/tests/test-hash.c b/tests/test-hash.c
index befdf02..144b1b9 100644
--- a/tests/test-hash.c
+++ b/tests/test-hash.c
@@ -533,7 +533,7 @@ static int _test_hash(const hal_hash_descriptor_t * const descriptor,
const char * const label)
{
uint8_t statebuf[512], digest[512];
- hal_hash_state_t state;
+ hal_hash_state_t *state = NULL;
hal_error_t err;
assert(descriptor != NULL && data != NULL && result != NULL && label != NULL);
@@ -597,7 +597,7 @@ static int _test_hmac(const hal_hash_descriptor_t * const descriptor,
const char * const label)
{
uint8_t statebuf[1024], digest[512];
- hal_hmac_state_t state;
+ hal_hmac_state_t *state = NULL;
hal_error_t err;
assert(descriptor != NULL && data != NULL && result != NULL && label != NULL);
diff --git a/tests/test-pbkdf2.c b/tests/test-pbkdf2.c
index 469b599..0688226 100644
--- a/tests/test-pbkdf2.c
+++ b/tests/test-pbkdf2.c
@@ -163,7 +163,7 @@ static int _test_pbkdf2(const uint8_t * const pwd, const size_t pwd_len,
const uint8_t * const dk, const size_t dk_len,
const unsigned count, const char * const label)
{
- printf("Starting test case %s\n", label);
+ printf("Starting PBKDF2 test case %s\n", label);
uint8_t result[dk_len];
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index f6bf55c..46afa03 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -88,7 +88,7 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc)
printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size);
uint8_t keybuf[hal_rsa_key_t_size];
- hal_rsa_key_t key = { NULL };
+ hal_rsa_key_t *key = NULL;
hal_error_t err = HAL_OK;
if ((err = hal_rsa_key_load_private(&key,
@@ -130,7 +130,7 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc)
char fn[sizeof("test-rsa-key-xxxxxx.der")];
uint8_t keybuf1[hal_rsa_key_t_size], keybuf2[hal_rsa_key_t_size];
- hal_rsa_key_t key1 = { NULL }, key2 = { NULL };
+ hal_rsa_key_t *key1 = NULL, *key2 = NULL;
hal_error_t err = HAL_OK;
FILE *f;