فهرست منبع

Update ECDSA selftest to use hard coded private keys. Include tests for
prime and binary fields.

Dr. Stephen Henson 13 سال پیش
والد
کامیت
6223352683
1فایلهای تغییر یافته به همراه140 افزوده شده و 45 حذف شده
  1. 140 45
      fips/ecdsa/fips_ecdsa_selftest.c

+ 140 - 45
fips/ecdsa/fips_ecdsa_selftest.c

@@ -22,50 +22,145 @@ void FIPS_corrupt_ecdsa()
     corrupt_ecdsa = 1;
     }
 
+static const unsigned char P_384_d[] = {
+	0x1d,0x84,0x42,0xde,0xa2,0x35,0x29,0xbd,0x9f,0xe2,0x6e,0x6d,
+	0x01,0x26,0x30,0x79,0x33,0x57,0x01,0xf3,0x97,0x88,0x41,0xb3,
+	0x82,0x07,0x08,0x5e,0x63,0x8e,0x1a,0xa6,0x9b,0x08,0xb6,0xe2,
+	0xa2,0x98,0xac,0x1c,0x9b,0x25,0xb3,0xf1,0x5c,0x20,0xe9,0x85
+};
+static const unsigned char P_384_qx[] = {
+	0x6b,0x7e,0x9c,0xbb,0x3d,0xc5,0x4d,0x53,0xf7,0x6c,0x8d,0xcc,
+	0xf8,0xc3,0xa8,0x26,0xba,0xeb,0xa6,0x56,0x6a,0x41,0x98,0xb1,
+	0x90,0x90,0xcc,0xe7,0x48,0x74,0x3d,0xe6,0xd7,0x65,0x90,0x3b,
+	0x13,0x69,0xdc,0x8f,0x48,0xc1,0xb4,0xf4,0xb1,0x91,0x36,0x3f
+};
+static const unsigned char P_384_qy[] = {
+	0x40,0xc2,0x62,0x2a,0xea,0xfb,0x47,0x75,0xb5,0xdc,0x2e,0x1e,
+	0xa0,0xa9,0x1f,0x6a,0xb7,0x54,0xac,0xce,0x91,0xe8,0x5b,0x8c,
+	0xe3,0xf5,0xb8,0x0e,0xcb,0x82,0xb0,0xd9,0x57,0x1d,0xeb,0x25,
+	0xfc,0x03,0xe5,0x12,0x50,0x17,0x98,0x7f,0x14,0x7e,0x95,0x17
+};
+
+#ifndef OPENSSL_NO_EC2M
+
+static const unsigned char K_409_d[] = {
+	0x68,0xe1,0x64,0x0a,0xe6,0x80,0x57,0x53,0x8d,0x35,0xd1,0xec,
+	0x69,0xea,0x82,0x05,0x47,0x48,0x4d,0xda,0x9f,0x8c,0xa0,0xf3,
+	0x06,0xc7,0x77,0xcb,0x14,0x05,0x9f,0x5d,0xdd,0xe0,0x5d,0x68,
+	0x4e,0x1a,0xe4,0x9c,0xe0,0x4d,0x4a,0x74,0x47,0x54,0x4e,0x55,
+	0xae,0x70,0x8c
+};
+static const unsigned char K_409_qx[] = {
+	0x01,0x07,0xd6,0x6f,0xa8,0xf8,0x0e,0xbb,0xb8,0xa7,0x83,0x04,
+	0xc3,0x19,0x67,0x9e,0x73,0x7b,0xeb,0xf4,0x6c,0xf3,0xeb,0xda,
+	0x0d,0xe7,0x60,0xaf,0x29,0x37,0x13,0x32,0x51,0xac,0xb6,0x35,
+	0x00,0x60,0xfa,0xd5,0x8b,0x6d,0xae,0xb0,0xe9,0x46,0x7f,0xe2,
+	0x2d,0x50,0x04,0x40
+};
+static const unsigned char K_409_qy[] = {
+	0x0a,0x53,0xf1,0x4f,0x2a,0xa5,0x5a,0xfb,0x37,0xb4,0x76,0x47,
+	0x1b,0x14,0xd1,0x8d,0x86,0x94,0x75,0x26,0xc3,0x0b,0x09,0x57,
+	0x1d,0x26,0x38,0x33,0x84,0x97,0x9d,0x56,0xe1,0x0d,0x51,0x9b,
+	0x2c,0xbb,0x3d,0x92,0x48,0xaa,0x2a,0x39,0x4f,0x07,0x92,0xbd,
+	0xb0,0x4d,0x2e
+};
+
+#endif
+
+typedef struct 
+	{
+	int curve;
+	const unsigned char *x;
+	size_t xlen;
+	const unsigned char *y;
+	size_t ylen;
+	const unsigned char *d;
+	size_t dlen;
+	} EC_SELFTEST_PRIVKEY;
+
+#define make_ec_key(nid, pr) { nid, \
+				pr##_qx, sizeof(pr##_qx), \
+				pr##_qy, sizeof(pr##_qy), \
+				pr##_d, sizeof(pr##_d) }
+
+static EC_SELFTEST_PRIVKEY test_ec_keys[] = 
+	{
+	make_ec_key(NID_secp384r1, P_384),
+#ifndef OPENSSL_NO_EC2M
+	make_ec_key(NID_sect409k1, K_409)
+#endif
+	};
+
 int FIPS_selftest_ecdsa()
-    {
-    EC_KEY *ec=NULL;
-    int ret = 0;
-    EVP_MD_CTX mctx;
-    ECDSA_SIG *esig = NULL;
-
-    FIPS_md_ctx_init(&mctx);
-
-    ec = EC_KEY_new_by_curve_name(NID_secp384r1);
-
-    if(ec == NULL)
-	goto err;
-
-    EC_KEY_generate_key(ec);
-
-    if (!FIPS_digestinit(&mctx, EVP_sha512()))
-	goto err;
-    if (!FIPS_digestupdate(&mctx, str1, 20))
-	goto err;
-    esig = FIPS_ecdsa_sign_ctx(ec, &mctx);
-    if (!esig)
-	goto err;
-
-    if (corrupt_ecdsa)
-	BN_add_word(esig->r, 1);
-
-    if (!FIPS_digestinit(&mctx, EVP_sha512()))
-	goto err;
-    if (!FIPS_digestupdate(&mctx, str1, 20))
-	goto err;
-    if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1)
-	goto err;
-
-    ret = 1;
-
-    err:
-    FIPS_md_ctx_cleanup(&mctx);
-    if (ec)
-	EC_KEY_free(ec);
-    if (esig)
-	FIPS_ecdsa_sig_free(esig);
-    if (ret == 0)
-	    FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA,FIPS_R_SELFTEST_FAILED);
-    return ret;
-    }
+	{
+	EC_KEY *ec = NULL;
+	BIGNUM *x = NULL, *y = NULL, *d = NULL;
+	EVP_MD_CTX mctx;
+	ECDSA_SIG *esig = NULL;
+	int i, rv = 0;
+
+	FIPS_md_ctx_init(&mctx);
+
+	for (i = 0; i < sizeof(test_ec_keys)/sizeof(EC_SELFTEST_PRIVKEY); i++)
+		{
+		EC_SELFTEST_PRIVKEY *key = test_ec_keys + i;
+
+		x = BN_bin2bn(key->x, key->xlen, NULL);
+		y = BN_bin2bn(key->y, key->ylen, NULL);
+		d = BN_bin2bn(key->d, key->dlen, NULL);
+
+		if (!x || !y || !d)
+			goto err;
+
+		ec = EC_KEY_new_by_curve_name(key->curve);
+		if (!ec)
+			goto err;
+
+		if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
+			goto err;
+
+		if (!EC_KEY_set_private_key(ec, d))
+			goto err;
+
+		if (!FIPS_digestinit(&mctx, EVP_sha512()))
+			goto err;
+		if (!FIPS_digestupdate(&mctx, str1, 20))
+			goto err;
+		esig = FIPS_ecdsa_sign_ctx(ec, &mctx);
+		if (!esig)
+			goto err;
+
+		if (corrupt_ecdsa)
+			BN_add_word(esig->r, 1);
+
+		if (!FIPS_digestinit(&mctx, EVP_sha512()))
+			goto err;
+		if (!FIPS_digestupdate(&mctx, str1, 20))
+			goto err;
+		if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1)
+			goto err;
+
+		FIPS_ecdsa_sig_free(esig);
+		esig = NULL;
+		}
+
+	rv = 1;
+
+	err:
+	
+	if (x)
+		BN_clear_free(x);
+	if (y)
+		BN_clear_free(y);
+	if (d)
+		BN_clear_free(d);
+	if (ec)
+		EC_KEY_free(ec);
+	if (esig)
+		FIPS_ecdsa_sig_free(esig);
+
+	return rv;
+
+	}
+
 #endif