diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/GNUmakefile | 2 | ||||
-rw-r--r-- | tests/test-ecdsa.c | 326 | ||||
-rw-r--r-- | tests/test-ecdsa.h | 329 | ||||
-rw-r--r-- | tests/test-ecdsa.py | 156 | ||||
-rw-r--r-- | tests/test-hash.c | 4 | ||||
-rw-r--r-- | tests/test-pbkdf2.c | 2 | ||||
-rw-r--r-- | tests/test-rsa.c | 4 |
7 files changed, 817 insertions, 6 deletions
diff --git a/tests/GNUmakefile b/tests/GNUmakefile index 307f23e..a1cd4b4 100644 --- a/tests/GNUmakefile +++ b/tests/GNUmakefile @@ -27,7 +27,7 @@ INC = ../hal.h LIB = ../libhal.a -BIN = test-aes-key-wrap test-hash test-pbkdf2 test-rsa +BIN = test-aes-key-wrap test-hash test-pbkdf2 test-rsa test-ecdsa CFLAGS = -g3 -Wall -fPIC -std=c99 -I.. diff --git a/tests/test-ecdsa.c b/tests/test-ecdsa.c new file mode 100644 index 0000000..cb590e5 --- /dev/null +++ b/tests/test-ecdsa.c @@ -0,0 +1,326 @@ +/* + * test-ecdsa.c + * ------------ + * Test harness for Cryptech ECDSA code. + * + * At the moment, the ECDSA code is a pure software implementation, + * Verilog will be along eventually. + * + * Testing ECDSA is a bit tricky because ECDSA depends heavily on + * using a new random secret for each signature. So we can test some + * things against the normal ECDSA implemenation, but some tests + * require a side door replacement of the random number generator so + * that we can use a known values from our test vector in place of the + * random secret that would be used in real operation. Test code for + * the latter mode depends on the library having been compiled with + * the testing hook enable, which it should not be for production use. + * + * Authors: Rob Austein + * Copyright (c) 2015, SUNET + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <errno.h> + +#include <sys/time.h> + +#include <hal.h> + +#include "test-ecdsa.h" + +#if HAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM + +/* + * Code to let us replace ECDSA's random numbers with test data, if + * the ECDSA library code has been compiled with support for this. + */ + +typedef hal_error_t (*rng_override_test_function_t)(void *, const size_t); + +extern rng_override_test_function_t hal_ecdsa_set_rng_override_test_function(rng_override_test_function_t new_func); + +static const uint8_t *next_random_value = NULL; +static size_t next_random_length = 0; + +static hal_error_t next_random_handler(void *data, const size_t length) +{ + if (data == NULL) + return HAL_ERROR_BAD_ARGUMENTS; + + if (next_random_value == NULL || length < next_random_length) + return HAL_ERROR_IMPOSSIBLE; + + memset(data, 0, length); + memcpy(data + length - next_random_length, next_random_value, next_random_length); + + next_random_value = NULL; + next_random_length = 0; + + (void) hal_ecdsa_set_rng_override_test_function(0); + + return HAL_OK; +} + +static void set_next_random(const uint8_t * const data, const size_t length) +{ + (void) hal_ecdsa_set_rng_override_test_function(next_random_handler); + next_random_value = data; + next_random_length = length; +} + +/* + * Run one keygen test from test vectors. + */ + +static int test_against_static_vectors(const ecdsa_tc_t * const tc) + +{ + hal_error_t err; + + printf("Starting static test vector tests for P-%lu\n", (unsigned long) (tc->d_len * 8)); + + set_next_random(tc->d, tc->d_len); + + uint8_t keybuf1[hal_ecdsa_key_t_size]; + hal_ecdsa_key_t *key1 = NULL; + + if ((err = hal_ecdsa_key_gen(&key1, keybuf1, sizeof(keybuf1), tc->curve)) != HAL_OK) + return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0; + + uint8_t Qx[tc->Qx_len], Qy[tc->Qy_len]; + size_t Qx_len, Qy_len; + + if ((err = hal_ecdsa_key_get_public(key1, Qx, &Qx_len, sizeof(Qx), Qy, &Qy_len, sizeof(Qy))) != HAL_OK) + return printf("hal_ecdsa_key_get_public() failed: %s\n", hal_error_string(err)), 0; + + if (tc->Qx_len != Qx_len || memcmp(tc->Qx, Qx, Qx_len) != 0) + return printf("Qx mismatch\n"), 0; + + if (tc->Qy_len != Qy_len || memcmp(tc->Qy, Qy, Qy_len) != 0) + return printf("Qy mismatch\n"), 0; + + if (hal_ecdsa_key_to_der_len(key1) != tc->key_len) + return printf("DER Key length mismatch\n"), 0; + + uint8_t keyder[tc->key_len]; + size_t keyder_len; + + if ((err = hal_ecdsa_key_to_der(key1, keyder, &keyder_len, sizeof(keyder))) != HAL_OK) + return printf("hal_ecdsa_key_to_der() failed: %s\n", hal_error_string(err)), 0; + + uint8_t keybuf2[hal_ecdsa_key_t_size]; + hal_ecdsa_key_t *key2 = NULL; + + if ((err = hal_ecdsa_key_from_der(&key2, keybuf2, sizeof(keybuf2), keyder, keyder_len)) != HAL_OK) + return printf("hal_ecdsa_key_from_der() failed: %s\n", hal_error_string(err)), 0; + + if (memcmp(key1, key2, hal_ecdsa_key_t_size) != 0) + return printf("Key mismatch after read/write cycle\n"), 0; + + set_next_random(tc->k, tc->k_len); + + uint8_t sig[tc->sig_len + 4]; + size_t sig_len; + + if ((err = hal_ecdsa_sign(key1, tc->H, tc->H_len, sig, &sig_len, sizeof(sig), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0; + + if (sig_len != tc->sig_len || memcmp(sig, tc->sig, tc->sig_len) != 0) + return printf("Signature mismatch\n"), 0; + + if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + return printf("hal_ecdsa_verify(private) failed: %s\n", hal_error_string(err)), 0; + + hal_ecdsa_key_clear(key2); + key2 = NULL; + + if ((err = hal_ecdsa_key_load_private(&key2, keybuf2, sizeof(keybuf2), tc->curve, + tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len, tc->d, tc->d_len)) != HAL_OK) + return printf("hal_ecdsa_load_private() failed: %s\n", hal_error_string(err)), 0; + + if (memcmp(key1, key2, hal_ecdsa_key_t_size) != 0) + return printf("Key mismatch after hal_ecdsa_load_private_key()\n"), 0; + + hal_ecdsa_key_clear(key2); + key2 = NULL; + + if ((err = hal_ecdsa_key_load_public(&key2, keybuf2, sizeof(keybuf2), tc->curve, + tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len)) != HAL_OK) + return printf("hal_ecdsa_load_public() failed: %s\n", hal_error_string(err)), 0; + + if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + return printf("hal_ecdsa_verify(public) failed: %s\n", hal_error_string(err)), 0; + + return 1; +} + +#endif /* HAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM */ + +/* + * Run one keygen/sign/verify test with a newly generated key. + */ + +static int test_keygen_sign_verify(const hal_ecdsa_curve_t curve) + +{ + const hal_hash_descriptor_t *hash_descriptor = NULL; + uint8_t keybuf[hal_ecdsa_key_t_size]; + hal_ecdsa_key_t *key = NULL; + hal_error_t err; + + switch (curve) { + + case HAL_ECDSA_CURVE_P256: + printf("ECDSA P-256 key generation / signature / verification test\n"); + hash_descriptor = hal_hash_sha256; + break; + + case HAL_ECDSA_CURVE_P384: + printf("ECDSA P-384 key generation / signature / verification test\n"); + hash_descriptor = hal_hash_sha384; + break; + + case HAL_ECDSA_CURVE_P521: + printf("ECDSA P-521 key generation / signature / verification test\n"); + hash_descriptor = hal_hash_sha512; + break; + + default: + printf("Unsupported ECDSA curve type\n"); + return 0; + } + + if ((err = hal_ecdsa_key_gen(&key, keybuf, sizeof(keybuf), curve)) != HAL_OK) + return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0; + + uint8_t hashbuf[hash_descriptor->digest_length]; + + { + const uint8_t plaintext[] = "So long, and thanks..."; + uint8_t statebuf[hash_descriptor->hash_state_length]; + hal_hash_state_t *state = NULL; + + if ((err = hal_hash_initialize(hash_descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK || + (err = hal_hash_update(state, plaintext, strlen((const char *) plaintext))) != HAL_OK || + (err = hal_hash_finalize(state, hashbuf, sizeof(hashbuf))) != HAL_OK) + return printf("Couldn't hash plaintext: %s\n", hal_error_string(err)), 0; + } + + /* + * Lazy but probably-good-enough guess on signature size -- want + * explicit number in ecdsa_curve_t? + */ + uint8_t sigbuf[hash_descriptor->digest_length * 3]; + size_t siglen; + + if ((err = hal_ecdsa_sign(key, hashbuf, sizeof(hashbuf), + sigbuf, &siglen, sizeof(sigbuf), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0; + + if ((err = hal_ecdsa_verify(key, hashbuf, sizeof(hashbuf), + sigbuf, siglen, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + return printf("hal_ecdsa_verify() failed: %s\n", hal_error_string(err)), 0; + + return 1; +} + +/* + * Time a test. + */ + +static void _time_check(const struct timeval t0, const int ok) +{ + struct timeval t; + gettimeofday(&t, NULL); + t.tv_sec -= t0.tv_sec; + t.tv_usec = t0.tv_usec; + if (t.tv_usec < 0) { + t.tv_usec += 1000000; + t.tv_sec -= 1; + } + printf("Elapsed time %lu.%06lu seconds, %s\n", + (unsigned long) t.tv_sec, + (unsigned long) t.tv_usec, + ok ? "OK" : "FAILED"); +} + +#define time_check(_expr_) \ + do { \ + struct timeval _t; \ + gettimeofday(&_t, NULL); \ + int _ok = (_expr_); \ + _time_check(_t, _ok); \ + ok &= _ok; \ + } while (0) + +/* + * Run tests for one ECDSA curve. + */ + +static int test_ecdsa(const ecdsa_tc_t * const tc) + +{ + int ok = 1; + time_check(test_against_static_vectors(tc)); + time_check(test_keygen_sign_verify(tc->curve)); + return ok; +} + +int main(int argc, char *argv[]) +{ + uint8_t name[8], version[4]; + hal_error_t err; + + /* + * Initialize EIM and report what core we're running. + */ + + if ((err = hal_io_read(CSPRNG_ADDR_NAME0, name, sizeof(name))) != HAL_OK || + (err = hal_io_read(CSPRNG_ADDR_VERSION, version, sizeof(version))) != HAL_OK) { + printf("Initialization failed: %s\n", hal_error_string(err)); + return 1; + } + + printf("\"%8.8s\" \"%4.4s\"\n\n", name, version); + + for (int i = 0; i < sizeof(ecdsa_tc)/sizeof(*ecdsa_tc); i++) + if (!test_ecdsa(&ecdsa_tc[i])) + return 1; + + return 0; +} + +/* + * Local variables: + * indent-tabs-mode: nil + * End: + */ diff --git a/tests/test-ecdsa.h b/tests/test-ecdsa.h new file mode 100644 index 0000000..ca51858 --- /dev/null +++ b/tests/test-ecdsa.h @@ -0,0 +1,329 @@ +/* + * ECDSA test data. + * File automatically generated by test-ecdsa.py + */ + +static const uint8_t p256_H[] = { /* 32 bytes */ + 0x7c, 0x3e, 0x88, 0x3d, 0xdc, 0x8b, 0xd6, 0x88, 0xf9, 0x6e, 0xac, 0x5e, + 0x93, 0x24, 0x22, 0x2c, 0x8f, 0x30, 0xf9, 0xd6, 0xbb, 0x59, 0xe9, 0xc5, + 0xf0, 0x20, 0xbd, 0x39, 0xba, 0x2b, 0x83, 0x77 +}; + +static const uint8_t p256_M[] = { /* 48 bytes */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x6f, 0x6e, 0x6c, 0x79, + 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x34, + 0x38, 0x20, 0x62, 0x79, 0x74, 0x65, 0x73, 0x20, 0x6c, 0x6f, 0x6e, 0x67 +}; + +static const uint8_t p256_Qx[] = { /* 32 bytes */ + 0x81, 0x01, 0xec, 0xe4, 0x74, 0x64, 0xa6, 0xea, 0xd7, 0x0c, 0xf6, 0x9a, + 0x6e, 0x2b, 0xd3, 0xd8, 0x86, 0x91, 0xa3, 0x26, 0x2d, 0x22, 0xcb, 0xa4, + 0xf7, 0x63, 0x5e, 0xaf, 0xf2, 0x66, 0x80, 0xa8 +}; + +static const uint8_t p256_Qy[] = { /* 32 bytes */ + 0xd8, 0xa1, 0x2b, 0xa6, 0x1d, 0x59, 0x92, 0x35, 0xf6, 0x7d, 0x9c, 0xb4, + 0xd5, 0x8f, 0x17, 0x83, 0xd3, 0xca, 0x43, 0xe7, 0x8f, 0x0a, 0x5a, 0xba, + 0xa6, 0x24, 0x07, 0x99, 0x36, 0xc0, 0xc3, 0xa9 +}; + +static const uint8_t p256_Rx[] = { /* 32 bytes */ + 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80, + 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56, + 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c +}; + +static const uint8_t p256_Ry[] = { /* 32 bytes */ + 0x8b, 0x81, 0xe3, 0xe9, 0x77, 0x59, 0x71, 0x10, 0xc7, 0xcf, 0x26, 0x33, + 0x43, 0x5b, 0x22, 0x94, 0xb7, 0x26, 0x42, 0x98, 0x7d, 0xef, 0xd3, 0xd4, + 0x00, 0x7e, 0x1c, 0xfc, 0x5d, 0xf8, 0x45, 0x41 +}; + +static const uint8_t p256_d[] = { /* 32 bytes */ + 0x70, 0xa1, 0x2c, 0x2d, 0xb1, 0x68, 0x45, 0xed, 0x56, 0xff, 0x68, 0xcf, + 0xc2, 0x1a, 0x47, 0x2b, 0x3f, 0x04, 0xd7, 0xd6, 0x85, 0x1b, 0xf6, 0x34, + 0x9f, 0x2d, 0x7d, 0x5b, 0x34, 0x52, 0xb3, 0x8a +}; + +static const uint8_t p256_e[] = { /* 32 bytes */ + 0x7c, 0x3e, 0x88, 0x3d, 0xdc, 0x8b, 0xd6, 0x88, 0xf9, 0x6e, 0xac, 0x5e, + 0x93, 0x24, 0x22, 0x2c, 0x8f, 0x30, 0xf9, 0xd6, 0xbb, 0x59, 0xe9, 0xc5, + 0xf0, 0x20, 0xbd, 0x39, 0xba, 0x2b, 0x83, 0x77 +}; + +static const uint8_t p256_k[] = { /* 32 bytes */ + 0x58, 0x0e, 0xc0, 0x0d, 0x85, 0x64, 0x34, 0x33, 0x4c, 0xef, 0x3f, 0x71, + 0xec, 0xae, 0xd4, 0x96, 0x5b, 0x12, 0xae, 0x37, 0xfa, 0x47, 0x05, 0x5b, + 0x19, 0x65, 0xc7, 0xb1, 0x34, 0xee, 0x45, 0xd0 +}; + +static const uint8_t p256_key[] = { /* 121 bytes */ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x70, 0xa1, 0x2c, 0x2d, 0xb1, + 0x68, 0x45, 0xed, 0x56, 0xff, 0x68, 0xcf, 0xc2, 0x1a, 0x47, 0x2b, 0x3f, + 0x04, 0xd7, 0xd6, 0x85, 0x1b, 0xf6, 0x34, 0x9f, 0x2d, 0x7d, 0x5b, 0x34, + 0x52, 0xb3, 0x8a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x81, 0x01, 0xec, + 0xe4, 0x74, 0x64, 0xa6, 0xea, 0xd7, 0x0c, 0xf6, 0x9a, 0x6e, 0x2b, 0xd3, + 0xd8, 0x86, 0x91, 0xa3, 0x26, 0x2d, 0x22, 0xcb, 0xa4, 0xf7, 0x63, 0x5e, + 0xaf, 0xf2, 0x66, 0x80, 0xa8, 0xd8, 0xa1, 0x2b, 0xa6, 0x1d, 0x59, 0x92, + 0x35, 0xf6, 0x7d, 0x9c, 0xb4, 0xd5, 0x8f, 0x17, 0x83, 0xd3, 0xca, 0x43, + 0xe7, 0x8f, 0x0a, 0x5a, 0xba, 0xa6, 0x24, 0x07, 0x99, 0x36, 0xc0, 0xc3, 0xa9 +}; + +static const uint8_t p256_kinv[] = { /* 32 bytes */ + 0x6a, 0x66, 0x4f, 0xa1, 0x15, 0x35, 0x6d, 0x33, 0xf1, 0x63, 0x31, 0xb5, + 0x4c, 0x4e, 0x7c, 0xe9, 0x67, 0x96, 0x53, 0x86, 0xc7, 0xdc, 0xbf, 0x29, + 0x04, 0x60, 0x4d, 0x0c, 0x13, 0x2b, 0x4a, 0x74 +}; + +static const uint8_t p256_r[] = { /* 32 bytes */ + 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80, + 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56, + 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c +}; + +static const uint8_t p256_s[] = { /* 32 bytes */ + 0x7d, 0x1f, 0xf9, 0x61, 0x98, 0x0f, 0x96, 0x1b, 0xda, 0xa3, 0x23, 0x3b, + 0x62, 0x09, 0xf4, 0x01, 0x33, 0x17, 0xd3, 0xe3, 0xf9, 0xe1, 0x49, 0x35, + 0x92, 0xdb, 0xea, 0xa1, 0xaf, 0x2b, 0xc3, 0x67 +}; + +static const uint8_t p256_sig[] = { /* 70 bytes */ + 0x30, 0x44, 0x02, 0x20, 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, + 0x39, 0xff, 0x2f, 0x80, 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, + 0x86, 0xbb, 0x81, 0x56, 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c, + 0x02, 0x20, 0x7d, 0x1f, 0xf9, 0x61, 0x98, 0x0f, 0x96, 0x1b, 0xda, 0xa3, + 0x23, 0x3b, 0x62, 0x09, 0xf4, 0x01, 0x33, 0x17, 0xd3, 0xe3, 0xf9, 0xe1, + 0x49, 0x35, 0x92, 0xdb, 0xea, 0xa1, 0xaf, 0x2b, 0xc3, 0x67 +}; + +static const uint8_t p256_u1[] = { /* 32 bytes */ + 0xbb, 0x25, 0x24, 0x01, 0xd6, 0xfb, 0x32, 0x2b, 0xb7, 0x47, 0x18, 0x4c, + 0xf2, 0xac, 0x52, 0xbf, 0x8d, 0x54, 0xb9, 0x5a, 0x15, 0x15, 0x06, 0x2a, + 0x2f, 0x61, 0x41, 0xf2, 0xe2, 0x09, 0x2e, 0xd8 +}; + +static const uint8_t p256_u2[] = { /* 32 bytes */ + 0xaa, 0xe7, 0xd1, 0xc7, 0xf2, 0xc2, 0x32, 0xdf, 0xc6, 0x41, 0x94, 0x8a, + 0xf3, 0xdb, 0xa1, 0x41, 0xd4, 0xde, 0x86, 0x34, 0xe5, 0x71, 0xcf, 0x84, + 0xc4, 0x86, 0x30, 0x1b, 0x51, 0x0c, 0xfc, 0x04 +}; + +static const uint8_t p256_v[] = { /* 32 bytes */ + 0x72, 0x14, 0xbc, 0x96, 0x47, 0x16, 0x0b, 0xbd, 0x39, 0xff, 0x2f, 0x80, + 0x53, 0x3f, 0x5d, 0xc6, 0xdd, 0xd7, 0x0d, 0xdf, 0x86, 0xbb, 0x81, 0x56, + 0x61, 0xe8, 0x05, 0xd5, 0xd4, 0xe6, 0xf2, 0x7c +}; + +static const uint8_t p256_w[] = { /* 32 bytes */ + 0xd6, 0x9b, 0xe7, 0x5f, 0x67, 0xee, 0x53, 0x94, 0xca, 0xbb, 0x6c, 0x28, + 0x6f, 0x36, 0x10, 0xcf, 0x62, 0xd7, 0x22, 0xcb, 0xa9, 0xee, 0xa7, 0x0f, + 0xae, 0xe7, 0x70, 0xa6, 0xb2, 0xed, 0x72, 0xdc +}; + +static const uint8_t p384_H[] = { /* 48 bytes */ + 0xb9, 0x21, 0x0c, 0x9d, 0x7e, 0x20, 0x89, 0x7a, 0xb8, 0x65, 0x97, 0x26, + 0x6a, 0x9d, 0x50, 0x77, 0xe8, 0xdb, 0x1b, 0x06, 0xf7, 0x22, 0x0e, 0xd6, + 0xee, 0x75, 0xbd, 0x8b, 0x45, 0xdb, 0x37, 0x89, 0x1f, 0x8b, 0xa5, 0x55, + 0x03, 0x04, 0x00, 0x41, 0x59, 0xf4, 0x45, 0x3d, 0xc5, 0xb3, 0xf5, 0xa1 +}; + +static const uint8_t p384_M[] = { /* 48 bytes */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x6f, 0x6e, 0x6c, 0x79, + 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x34, + 0x38, 0x20, 0x62, 0x79, 0x74, 0x65, 0x73, 0x20, 0x6c, 0x6f, 0x6e, 0x67 +}; + +static const uint8_t p384_Qx[] = { /* 48 bytes */ + 0x1f, 0xba, 0xc8, 0xee, 0xbd, 0x0c, 0xbf, 0x35, 0x64, 0x0b, 0x39, 0xef, + 0xe0, 0x80, 0x8d, 0xd7, 0x74, 0xde, 0xbf, 0xf2, 0x0a, 0x2a, 0x32, 0x9e, + 0x91, 0x71, 0x3b, 0xaf, 0x7d, 0x7f, 0x3c, 0x3e, 0x81, 0x54, 0x6d, 0x88, + 0x37, 0x30, 0xbe, 0xe7, 0xe4, 0x86, 0x78, 0xf8, 0x57, 0xb0, 0x2c, 0xa0 +}; + +static const uint8_t p384_Qy[] = { /* 48 bytes */ + 0xeb, 0x21, 0x31, 0x03, 0xbd, 0x68, 0xce, 0x34, 0x33, 0x65, 0xa8, 0xa4, + 0xc3, 0xd4, 0x55, 0x5f, 0xa3, 0x85, 0xf5, 0x33, 0x02, 0x03, 0xbd, 0xd7, + 0x6f, 0xfa, 0xd1, 0xf3, 0xaf, 0xfb, 0x95, 0x75, 0x1c, 0x13, 0x20, 0x07, + 0xe1, 0xb2, 0x40, 0x35, 0x3c, 0xb0, 0xa4, 0xcf, 0x16, 0x93, 0xbd, 0xf9 +}; + +static const uint8_t p384_Rx[] = { /* 48 bytes */ + 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc, + 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31, + 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f, + 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56 +}; + +static const uint8_t p384_Ry[] = { /* 48 bytes */ + 0x85, 0x56, 0x49, 0x40, 0x98, 0x15, 0xbb, 0x91, 0x42, 0x4e, 0xac, 0xa5, + 0xfd, 0x76, 0xc9, 0x73, 0x75, 0xd5, 0x75, 0xd1, 0x42, 0x2e, 0xc5, 0x3d, + 0x34, 0x3b, 0xd3, 0x3b, 0x84, 0x7f, 0xdf, 0x0c, 0x11, 0x56, 0x96, 0x85, + 0xb5, 0x28, 0xab, 0x25, 0x49, 0x30, 0x15, 0x42, 0x8d, 0x7c, 0xf7, 0x2b +}; + +static const uint8_t p384_d[] = { /* 48 bytes */ + 0xc8, 0x38, 0xb8, 0x52, 0x53, 0xef, 0x8d, 0xc7, 0x39, 0x4f, 0xa5, 0x80, + 0x8a, 0x51, 0x83, 0x98, 0x1c, 0x7d, 0xee, 0xf5, 0xa6, 0x9b, 0xa8, 0xf4, + 0xf2, 0x11, 0x7f, 0xfe, 0xa3, 0x9c, 0xfc, 0xd9, 0x0e, 0x95, 0xf6, 0xcb, + 0xc8, 0x54, 0xab, 0xac, 0xab, 0x70, 0x1d, 0x50, 0xc1, 0xf3, 0xcf, 0x24 +}; + +static const uint8_t p384_e[] = { /* 48 bytes */ + 0xb9, 0x21, 0x0c, 0x9d, 0x7e, 0x20, 0x89, 0x7a, 0xb8, 0x65, 0x97, 0x26, + 0x6a, 0x9d, 0x50, 0x77, 0xe8, 0xdb, 0x1b, 0x06, 0xf7, 0x22, 0x0e, 0xd6, + 0xee, 0x75, 0xbd, 0x8b, 0x45, 0xdb, 0x37, 0x89, 0x1f, 0x8b, 0xa5, 0x55, + 0x03, 0x04, 0x00, 0x41, 0x59, 0xf4, 0x45, 0x3d, 0xc5, 0xb3, 0xf5, 0xa1 +}; + +static const uint8_t p384_k[] = { /* 48 bytes */ + 0xdc, 0x6b, 0x44, 0x03, 0x69, 0x89, 0xa1, 0x96, 0xe3, 0x9d, 0x1c, 0xda, + 0xc0, 0x00, 0x81, 0x2f, 0x4b, 0xdd, 0x8b, 0x2d, 0xb4, 0x1b, 0xb3, 0x3a, + 0xf5, 0x13, 0x72, 0x58, 0x5e, 0xbd, 0x1d, 0xb6, 0x3f, 0x0c, 0xe8, 0x27, + 0x5a, 0xa1, 0xfd, 0x45, 0xe2, 0xd2, 0xa7, 0x35, 0xf8, 0x74, 0x93, 0x59 +}; + +static const uint8_t p384_key[] = { /* 167 bytes */ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0xc8, 0x38, 0xb8, 0x52, + 0x53, 0xef, 0x8d, 0xc7, 0x39, 0x4f, 0xa5, 0x80, 0x8a, 0x51, 0x83, 0x98, + 0x1c, 0x7d, 0xee, 0xf5, 0xa6, 0x9b, 0xa8, 0xf4, 0xf2, 0x11, 0x7f, 0xfe, + 0xa3, 0x9c, 0xfc, 0xd9, 0x0e, 0x95, 0xf6, 0xcb, 0xc8, 0x54, 0xab, 0xac, + 0xab, 0x70, 0x1d, 0x50, 0xc1, 0xf3, 0xcf, 0x24, 0xa0, 0x07, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x1f, + 0xba, 0xc8, 0xee, 0xbd, 0x0c, 0xbf, 0x35, 0x64, 0x0b, 0x39, 0xef, 0xe0, + 0x80, 0x8d, 0xd7, 0x74, 0xde, 0xbf, 0xf2, 0x0a, 0x2a, 0x32, 0x9e, 0x91, + 0x71, 0x3b, 0xaf, 0x7d, 0x7f, 0x3c, 0x3e, 0x81, 0x54, 0x6d, 0x88, 0x37, + 0x30, 0xbe, 0xe7, 0xe4, 0x86, 0x78, 0xf8, 0x57, 0xb0, 0x2c, 0xa0, 0xeb, + 0x21, 0x31, 0x03, 0xbd, 0x68, 0xce, 0x34, 0x33, 0x65, 0xa8, 0xa4, 0xc3, + 0xd4, 0x55, 0x5f, 0xa3, 0x85, 0xf5, 0x33, 0x02, 0x03, 0xbd, 0xd7, 0x6f, + 0xfa, 0xd1, 0xf3, 0xaf, 0xfb, 0x95, 0x75, 0x1c, 0x13, 0x20, 0x07, 0xe1, + 0xb2, 0x40, 0x35, 0x3c, 0xb0, 0xa4, 0xcf, 0x16, 0x93, 0xbd, 0xf9 +}; + +static const uint8_t p384_kinv[] = { /* 48 bytes */ + 0x74, 0x36, 0xf0, 0x30, 0x88, 0xe6, 0x5c, 0x37, 0xba, 0x8e, 0x7b, 0x33, + 0x88, 0x7f, 0xbc, 0x87, 0x75, 0x75, 0x14, 0xd6, 0x11, 0xf7, 0xd1, 0xfb, + 0xdf, 0x6d, 0x21, 0x04, 0xa2, 0x97, 0xad, 0x31, 0x8c, 0xdb, 0xf7, 0x40, + 0x4e, 0x4b, 0xa3, 0x7e, 0x59, 0x96, 0x66, 0xdf, 0x37, 0xb8, 0xd8, 0xbe +}; + +static const uint8_t p384_r[] = { /* 48 bytes */ + 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc, + 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31, + 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f, + 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56 +}; + +static const uint8_t p384_s[] = { /* 48 bytes */ + 0x20, 0xab, 0x3f, 0x45, 0xb7, 0x4f, 0x10, 0xb6, 0xe1, 0x1f, 0x96, 0xa2, + 0xc8, 0xeb, 0x69, 0x4d, 0x20, 0x6b, 0x9d, 0xda, 0x86, 0xd3, 0xc7, 0xe3, + 0x31, 0xc2, 0x6b, 0x22, 0xc9, 0x87, 0xb7, 0x53, 0x77, 0x26, 0x57, 0x76, + 0x67, 0xad, 0xad, 0xf1, 0x68, 0xeb, 0xbe, 0x80, 0x37, 0x94, 0xa4, 0x02 +}; + +static const uint8_t p384_sig[] = { /* 103 bytes */ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, + 0xea, 0x1e, 0x1b, 0xd2, 0xcc, 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, + 0xed, 0x0c, 0x9f, 0x81, 0x31, 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, + 0xdb, 0xed, 0x8d, 0xd5, 0x9f, 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, + 0x4f, 0xe7, 0x2d, 0xe8, 0x56, 0x02, 0x30, 0x20, 0xab, 0x3f, 0x45, 0xb7, + 0x4f, 0x10, 0xb6, 0xe1, 0x1f, 0x96, 0xa2, 0xc8, 0xeb, 0x69, 0x4d, 0x20, + 0x6b, 0x9d, 0xda, 0x86, 0xd3, 0xc7, 0xe3, 0x31, 0xc2, 0x6b, 0x22, 0xc9, + 0x87, 0xb7, 0x53, 0x77, 0x26, 0x57, 0x76, 0x67, 0xad, 0xad, 0xf1, 0x68, + 0xeb, 0xbe, 0x80, 0x37, 0x94, 0xa4, 0x02 +}; + +static const uint8_t p384_u1[] = { /* 48 bytes */ + 0x6c, 0xe2, 0x56, 0x49, 0xd4, 0x2d, 0x22, 0x3e, 0x02, 0x0c, 0x11, 0x14, + 0x0f, 0xe7, 0x72, 0x32, 0x66, 0x12, 0xbb, 0x11, 0xb6, 0x86, 0xd3, 0x5e, + 0xe9, 0x8e, 0xd4, 0x55, 0x0e, 0x06, 0x35, 0xd9, 0xdd, 0x3a, 0x2a, 0xfb, + 0xca, 0x0c, 0xf2, 0xc4, 0xba, 0xed, 0xcd, 0x23, 0x31, 0x3b, 0x18, 0x9e +}; + +static const uint8_t p384_u2[] = { /* 48 bytes */ + 0xf3, 0xb2, 0x40, 0x75, 0x1d, 0x5d, 0x8e, 0xd3, 0x94, 0xa4, 0xb5, 0xbf, + 0x8e, 0x2a, 0x4c, 0x0e, 0x1e, 0x21, 0xaa, 0x51, 0xf2, 0x62, 0x0a, 0x08, + 0xb8, 0xc5, 0x5a, 0x2b, 0xc3, 0x34, 0xc9, 0x68, 0x99, 0x23, 0x16, 0x26, + 0x48, 0xf0, 0x6e, 0x5f, 0x46, 0x59, 0xfc, 0x52, 0x6d, 0x9c, 0x1f, 0xd6 +}; + +static const uint8_t p384_v[] = { /* 48 bytes */ + 0xa0, 0xc2, 0x7e, 0xc8, 0x93, 0x09, 0x2d, 0xea, 0x1e, 0x1b, 0xd2, 0xcc, + 0xfe, 0xd3, 0xcf, 0x94, 0x5c, 0x81, 0x34, 0xed, 0x0c, 0x9f, 0x81, 0x31, + 0x1a, 0x0f, 0x4a, 0x05, 0x94, 0x2d, 0xb8, 0xdb, 0xed, 0x8d, 0xd5, 0x9f, + 0x26, 0x74, 0x71, 0xd5, 0x46, 0x2a, 0xa1, 0x4f, 0xe7, 0x2d, 0xe8, 0x56 +}; + +static const uint8_t p384_w[] = { /* 48 bytes */ + 0x17, 0x98, 0x84, 0x5c, 0xd0, 0xa6, 0xce, 0xa5, 0x32, 0x7c, 0x50, 0x1a, + 0x71, 0xa4, 0xba, 0xf2, 0xf7, 0xbe, 0x88, 0x2c, 0xfb, 0xc3, 0x03, 0x75, + 0x0a, 0x7c, 0x86, 0x1a, 0xf8, 0xfe, 0x82, 0x25, 0x46, 0x7a, 0x25, 0x7f, + 0x5b, 0xf9, 0x1a, 0x4a, 0xaa, 0x5a, 0x79, 0xa8, 0x63, 0x7d, 0x21, 0x8a +}; + +typedef struct { + hal_ecdsa_curve_t curve; + const uint8_t * H; size_t H_len; + const uint8_t * M; size_t M_len; + const uint8_t * Qx; size_t Qx_len; + const uint8_t * Qy; size_t Qy_len; + const uint8_t * Rx; size_t Rx_len; + const uint8_t * Ry; size_t Ry_len; + const uint8_t * d; size_t d_len; + const uint8_t * e; size_t e_len; + const uint8_t * k; size_t k_len; + const uint8_t * key; size_t key_len; + const uint8_t * kinv; size_t kinv_len; + const uint8_t * r; size_t r_len; + const uint8_t * s; size_t s_len; + const uint8_t * sig; size_t sig_len; + const uint8_t * u1; size_t u1_len; + const uint8_t * u2; size_t u2_len; + const uint8_t * v; size_t v_len; + const uint8_t * w; size_t w_len; +} ecdsa_tc_t; + +static const ecdsa_tc_t ecdsa_tc[] = { + { HAL_ECDSA_CURVE_P256, + p256_H, sizeof(p256_H), + p256_M, sizeof(p256_M), + p256_Qx, sizeof(p256_Qx), + p256_Qy, sizeof(p256_Qy), + p256_Rx, sizeof(p256_Rx), + p256_Ry, sizeof(p256_Ry), + p256_d, sizeof(p256_d), + p256_e, sizeof(p256_e), + p256_k, sizeof(p256_k), + p256_key, sizeof(p256_key), + p256_kinv, sizeof(p256_kinv), + p256_r, sizeof(p256_r), + p256_s, sizeof(p256_s), + p256_sig, sizeof(p256_sig), + p256_u1, sizeof(p256_u1), + p256_u2, sizeof(p256_u2), + p256_v, sizeof(p256_v), + p256_w, sizeof(p256_w), + }, + { HAL_ECDSA_CURVE_P384, + p384_H, sizeof(p384_H), + p384_M, sizeof(p384_M), + p384_Qx, sizeof(p384_Qx), + p384_Qy, sizeof(p384_Qy), + p384_Rx, sizeof(p384_Rx), + p384_Ry, sizeof(p384_Ry), + p384_d, sizeof(p384_d), + p384_e, sizeof(p384_e), + p384_k, sizeof(p384_k), + p384_key, sizeof(p384_key), + p384_kinv, sizeof(p384_kinv), + p384_r, sizeof(p384_r), + p384_s, sizeof(p384_s), + p384_sig, sizeof(p384_sig), + p384_u1, sizeof(p384_u1), + p384_u2, sizeof(p384_u2), + p384_v, sizeof(p384_v), + p384_w, sizeof(p384_w), + }, +}; diff --git a/tests/test-ecdsa.py b/tests/test-ecdsa.py new file mode 100644 index 0000000..1ecfef9 --- /dev/null +++ b/tests/test-ecdsa.py @@ -0,0 +1,156 @@ +# Test vectors from "Suite B Implementer's Guide to FIPS 186-3". +# +# e is given in decimal, all other values are hex, because that's how +# these were given in the paper + +p256_d = 0x70a12c2db16845ed56ff68cfc21a472b3f04d7d6851bf6349f2d7d5b3452b38a +p256_Qx = 0x8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8 +p256_Qy = 0xd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9 +p256_k = 0x580ec00d856434334cef3f71ecaed4965b12ae37fa47055b1965c7b134ee45d0 +p256_kinv = 0x6a664fa115356d33f16331b54c4e7ce967965386c7dcbf2904604d0c132b4a74 +p256_Rx = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c +p256_Ry = 0x8b81e3e977597110c7cf2633435b2294b72642987defd3d4007e1cfc5df84541 +p256_r = p256_Rx +p256_M = 0x54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67 +p256_H = 0x7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377 +p256_e = 56197278047627432394583341962843287937266210957576322469816113796290471232375 +p256_s = 0x7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367 +p256_w = 0xd69be75f67ee5394cabb6c286f3610cf62d722cba9eea70faee770a6b2ed72dc +p256_u1 = 0xbb252401d6fb322bb747184cf2ac52bf8d54b95a1515062a2f6141f2e2092ed8 +p256_u2 = 0xaae7d1c7f2c232dfc641948af3dba141d4de8634e571cf84c486301b510cfc04 +p256_v = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c + +p384_d = 0xc838b85253ef8dc7394fa5808a5183981c7deef5a69ba8f4f2117ffea39cfcd90e95f6cbc854abacab701d50c1f3cf24 +p384_Qx = 0x1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0 +p384_Qy = 0xeb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9 +p384_k = 0xdc6b44036989a196e39d1cdac000812f4bdd8b2db41bb33af51372585ebd1db63f0ce8275aa1fd45e2d2a735f8749359 +p384_kinv = 0x7436f03088e65c37ba8e7b33887fbc87757514d611f7d1fbdf6d2104a297ad318cdbf7404e4ba37e599666df37b8d8be +p384_Rx = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856 +p384_Ry = 0x855649409815bb91424eaca5fd76c97375d575d1422ec53d343bd33b847fdf0c11569685b528ab25493015428d7cf72b +p384_r = p384_Rx +p384_M = 0x54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67 +p384_H = 0xb9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1 +p384_e = 28493976155450475404302482243066463769180620629462008675793884393889401828800663731864240088367206094074919580333473 +p384_s = 0x20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402 +p384_w = 0x1798845cd0a6cea5327c501a71a4baf2f7be882cfbc303750a7c861af8fe8225467a257f5bf91a4aaa5a79a8637d218a +p384_u1 = 0x6ce25649d42d223e020c11140fe772326612bb11b686d35ee98ed4550e0635d9dd3a2afbca0cf2c4baedcd23313b189e +p384_u2 = 0xf3b240751d5d8ed394a4b5bf8e2a4c0e1e21aa51f2620a08b8c55a2bc334c9689923162648f06e5f4659fc526d9c1fd6 +p384_v = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856 + +from textwrap import TextWrapper +from os.path import basename +from sys import argv +from pyasn1.type.univ import Sequence, Choice, Integer, OctetString, ObjectIdentifier, BitString +from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType +from pyasn1.type.namedval import NamedValues +from pyasn1.type.tag import Tag, tagClassContext, tagFormatSimple +from pyasn1.type.constraint import SingleValueConstraint +from pyasn1.codec.der.encoder import encode as DER_Encode +from pyasn1.codec.der.decoder import decode as DER_Decode + +wrapper = TextWrapper(width = 78, initial_indent = " " * 2, subsequent_indent = " " * 2) + +def long_to_bytes(l): + # + # This is just plain nasty. + # + s = "%x" % l + return ("0" + s if len(s) & 1 else s).decode("hex") + +def bytes_to_bits(b): + # + # This, on the other hand, is not just plain nasty, this is fancy nasty. + # This is nasty with raisins in it. + # + bits = bin(long(b.encode("hex"), 16))[2:] + if len(bits) % 8: + bits = ("0" * (8 - len(bits) % 8)) + bits + return tuple(int(i) for i in bits) + +### + +class ECDSA_Sig_Value(Sequence): + componentType = NamedTypes( + NamedType("r", Integer()), + NamedType("s", Integer())) + +def encode_sig(r, s): + sig = ECDSA_Sig_Value() + sig["r"] = r + sig["s"] = s + return DER_Encode(sig) + +p256_sig = encode_sig(p256_r, p256_s) +p384_sig = encode_sig(p384_r, p384_s) + +### + +class ECPrivateKey(Sequence): + componentType = NamedTypes( + NamedType("version", Integer(namedValues = NamedValues(("ecPrivkeyVer1", 1)) + ).subtype(subtypeSpec = Integer.subtypeSpec + SingleValueConstraint(1))), + NamedType("privateKey", OctetString()), + OptionalNamedType("parameters", ObjectIdentifier().subtype(explicitTag = Tag(tagClassContext, tagFormatSimple, 0))), + OptionalNamedType("publicKey", BitString().subtype(explicitTag = Tag(tagClassContext, tagFormatSimple, 1)))) + +def encode_key(d, Qx, Qy, oid): + private_key = long_to_bytes(d) + public_key = bytes_to_bits(chr(0x04) + long_to_bytes(Qx) + long_to_bytes(Qy)) + parameters = oid + key = ECPrivateKey() + key["version"] = 1 + key["privateKey"] = private_key + key["parameters"] = parameters + key["publicKey"] = public_key + return DER_Encode(key) + +p256_key = encode_key(p256_d, p256_Qx, p256_Qy, "1.2.840.10045.3.1.7") +p384_key = encode_key(p384_d, p384_Qx, p384_Qy, "1.3.132.0.34") + +### + +print "/*" +print " * ECDSA test data." +print " * File automatically generated by", basename(argv[0]) +print " */" + +curves = ("p256", "p384") +vars = set() + +for name in dir(): + head, sep, tail = name.partition("_") + if head in curves: + vars.add(tail) + +vars = sorted(vars) + +for curve in curves: + for var in vars: + name = curve + "_" + var + value = globals().get(name, None) + if isinstance(value, (int, long)): + value = long_to_bytes(value) + if value is not None: + print + print "static const uint8_t %s[] = { /* %d bytes */" % (name, len(value)) + print wrapper.fill(", ".join("0x%02x" % ord(v) for v in value)) + print "};" + +print +print "typedef struct {" +print " hal_ecdsa_curve_t curve;" +for var in vars: + print " const uint8_t *%8s; size_t %8s_len;" % (var, var) +print "} ecdsa_tc_t;" +print +print "static const ecdsa_tc_t ecdsa_tc[] = {" +for curve in curves: + print " { HAL_ECDSA_CURVE_%s," % curve.upper() + for var in vars: + name = curve + "_" + var + if name in globals(): + print " %-14s sizeof(%s)," % (name + ",", name) + else: + print " %-14s 0," % "NULL," + print " }," +print "};" diff --git a/tests/test-hash.c b/tests/test-hash.c index befdf02..144b1b9 100644 --- a/tests/test-hash.c +++ b/tests/test-hash.c @@ -533,7 +533,7 @@ static int _test_hash(const hal_hash_descriptor_t * const descriptor, const char * const label) { uint8_t statebuf[512], digest[512]; - hal_hash_state_t state; + hal_hash_state_t *state = NULL; hal_error_t err; assert(descriptor != NULL && data != NULL && result != NULL && label != NULL); @@ -597,7 +597,7 @@ static int _test_hmac(const hal_hash_descriptor_t * const descriptor, const char * const label) { uint8_t statebuf[1024], digest[512]; - hal_hmac_state_t state; + hal_hmac_state_t *state = NULL; hal_error_t err; assert(descriptor != NULL && data != NULL && result != NULL && label != NULL); diff --git a/tests/test-pbkdf2.c b/tests/test-pbkdf2.c index 469b599..0688226 100644 --- a/tests/test-pbkdf2.c +++ b/tests/test-pbkdf2.c @@ -163,7 +163,7 @@ static int _test_pbkdf2(const uint8_t * const pwd, const size_t pwd_len, const uint8_t * const dk, const size_t dk_len, const unsigned count, const char * const label) { - printf("Starting test case %s\n", label); + printf("Starting PBKDF2 test case %s\n", label); uint8_t result[dk_len]; diff --git a/tests/test-rsa.c b/tests/test-rsa.c index f6bf55c..46afa03 100644 --- a/tests/test-rsa.c +++ b/tests/test-rsa.c @@ -88,7 +88,7 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); uint8_t keybuf[hal_rsa_key_t_size]; - hal_rsa_key_t key = { NULL }; + hal_rsa_key_t *key = NULL; hal_error_t err = HAL_OK; if ((err = hal_rsa_key_load_private(&key, @@ -130,7 +130,7 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc) char fn[sizeof("test-rsa-key-xxxxxx.der")]; uint8_t keybuf1[hal_rsa_key_t_size], keybuf2[hal_rsa_key_t_size]; - hal_rsa_key_t key1 = { NULL }, key2 = { NULL }; + hal_rsa_key_t *key1 = NULL, *key2 = NULL; hal_error_t err = HAL_OK; FILE *f; |