diff options
author | René Korthaus <[email protected]> | 2017-02-12 11:52:35 +0100 |
---|---|---|
committer | René Korthaus <[email protected]> | 2017-02-12 11:52:35 +0100 |
commit | 40216bb25e8d20f195f31f137129db7edc06fc3c (patch) | |
tree | 2bdf16c7aacda6611bb4d3eeaf463795a7099a58 | |
parent | 167edf2dc7cc1a304241f09dd7f86d3c68f50e06 (diff) |
Add test vectors for invalid ECDSA public keys from FIPS 186-2
-rw-r--r-- | src/tests/data/pubkey/dh_invalid.vec | 3 | ||||
-rw-r--r-- | src/tests/data/pubkey/ecdsa_invalid.vec | 187 | ||||
-rw-r--r-- | src/tests/test_ecdsa.cpp | 39 |
3 files changed, 228 insertions, 1 deletions
diff --git a/src/tests/data/pubkey/dh_invalid.vec b/src/tests/data/pubkey/dh_invalid.vec index 8911cdff3..2a5de3dd7 100644 --- a/src/tests/data/pubkey/dh_invalid.vec +++ b/src/tests/data/pubkey/dh_invalid.vec @@ -1,4 +1,5 @@ -# public keys failing checks from NIST CAVS file 20.1 (Generated on Mon Jun 20 09:02:25 2016) + +# Public keys failing checks from NIST CAVS file 20.1 (Generated on Mon Jun 20 09:02:25 2016) # http://csrc.nist.gov/groups/STM/cavp/documents/keymgmt/KASTestVectorsFFC2016.zip G = 0x1e2b67448a1869df1ce57517dc5e797b62c5d2c832e23f954bef8bcca74489db6caed2ea496b52a52cb664a168374cb176ddc4bc0068c6eef3a746e561f8dc65195fdaf12b363e90cfffdac18ab3ffefa4b2ad1904b45dd9f6b76b477ef8816802c7bd7cb0c0ab25d378098f5625e7ff737341af63f67cbd00509efbc6470ec38c17b7878a463cebda80053f36558a308923e6b41f465385a4f24fdb303c37fb998fc1e49e3c09ce345ff7cea18e9cd1457eb93daa87dba8a31508fa5695c32ce485962eb1834144413b41ef936db71b79d6fe985c018ac396e3af25054dbbc95e56ab5d4d4b7b61a70670e789c336b46b9f7be43cf6eb0e68b40e33a55d55cc diff --git a/src/tests/data/pubkey/ecdsa_invalid.vec b/src/tests/data/pubkey/ecdsa_invalid.vec new file mode 100644 index 000000000..d85fdd695 --- /dev/null +++ b/src/tests/data/pubkey/ecdsa_invalid.vec @@ -0,0 +1,187 @@ + +# Public keys failing checks from NIST CAVS file 11.0 (Generated on Tue Mar 01 23:36:01 2011) +# http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2ecdsatestvectors.zip + +# [P-192] + +Group = secp192r1 + +# Point not on curve +InvalidKeyX = 0x491c0c4761b0a4a147b5e4ce03a531546644f5d1e3d05e57 +InvalidKeyY = 0x6fa5addd47c5d6be3933fbff88f57a6c8ca0232c471965de + +# Point not on curve +InvalidKeyX = 0x4c6b9ea0dec92ecfff7799470be6a2277b9169daf45d54bb +InvalidKeyY = 0xf0eab42826704f51b26ae98036e83230becb639dd1964627 + +# Point not on curve +InvalidKeyX = 0x82c949295156192df0b52480e38c810751ac570daec460a3 +InvalidKeyY = 0x200057ada615c80b8ff256ce8d47f2562b74a438f1921ac3 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x1b574acd4fb0f60dde3e3b5f3f0e94211f95112e43cba6fd2 +InvalidKeyY = 0xbcc1b8a770f01a22e84d7f14e44932ffe094d8e3b1e6ac26 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x16ba109f1f1bb44e0d05b80181c03412ea764a59601d17e9f +InvalidKeyY = 0x0569a843dbb4e287db420d6b9fe30cd7b5d578b052315f56 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x1333308a7c833ede5189d25ea3525919c9bd16370d904938d +InvalidKeyY = 0xb10fd01d67df75ff9b726c700c1b50596c9f0766ea56f80e + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x158e8b6f0b14216bc52fe8897b4305d870ede70436a96741d +InvalidKeyY = 0xfb3f970b19a313571a1a23be310923f85acc1cab0a157cbd + +# Point not on curve +InvalidKeyX = 0xace95b650c08f73dbb4fa7b4bbdebd6b809a25b28ed135ef +InvalidKeyY = 0xe9b8679404166d1329dd539ad52aad9a1b6681f5f26bb9aa + +# [P-224] + +Group = secp224r1 + +# Point not on curve +InvalidKeyX = 0x3913b7c347f0d56bdda1244a973378ae1a23b6c05f6ea276491e75d8 +InvalidKeyY = 0xc5c9086cb4704540d566a9f2cc461488fb80b7dd7384cefea4616c15 + +# Point not on curve +InvalidKeyX = 0x2b27eeb74e93b92f423e8d1bdb6869811746af14c2887a54338f3982 +InvalidKeyY = 0xca92f56341ce049bf0300a1cc5f57be96cdc1703512c28b1e07ab6c4 + +# Point not on curve +InvalidKeyX = 0xc32bc4bee87df6478f76cc74552c337fbc00026d74f22068e6a98e2a +InvalidKeyY = 0x9c618bec3f89628a61638d69d61824d36070379fa0d2c6d7a63a62e7 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0xc0d570b903d8f1743b3235af72c0772abd5209e96b7d6d43f305d3f8 +InvalidKeyY = 0x11fe6013787c8a8dcc19ca6be51aec3dddc5b92d9540a047af860e76c + +# Point not on curve +InvalidKeyX = 0x7ed8ceb65fc7d06dc6f4976b33f2611ef0da9913900c1073cabd3836 +InvalidKeyY = 0xe2594a63469d0b84fdd3e29cec8a08427e71c585d9653ab1322dfad1 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x56579986c148519adb29e8d2d374e7ceddafc85448612a297f0f0f46 +InvalidKeyY = 0x1d6ac5f9a38354875f1ed2973aa44d7b8ca5e5ad7249ee3bc648b20b3 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x1e2412382d3c1b0683bdd152a64a0e1ee06359146872a6fc26584b666 +InvalidKeyY = 0x125591c446520d0dcae5c9287c2ce4fb69a1f82827d41f9fe4f29744 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x847ac5c23e0f100fcd9451ab948eaf78eb38aab98060d1539cb485d0 +InvalidKeyY = 0x170ca182475dd56eda14e3eaf3f2fbd17926d41175ea272e475e8732d + +# [P-256] + +Group = secp256r1 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0xd2b419e62dc101b395401208b9868a3b3fd007ad92adb18921c068d416aa22e7 +InvalidKeyY = 0x17952007e021b46a2ab12f14115aafb70608a37f0c3366e7e3921414b904d395a + +# Point not on curve +InvalidKeyX = 0x6f969d90fd494b04913eda9e0cf23f66eea5a70dfd5fb3e48f393397421c2b02 +InvalidKeyY = 0xc19ad66d7d6993b792b608879e1d861026805cf6fde1f5d8bb4f790ad1cee456 + +# Point not on curve +InvalidKeyX = 0x8332d9d42b5f48f08b3dd969dbbb28d2be9de30adf560727068e670444f5976f +InvalidKeyY = 0x58880380a26a9b3881d189da6b48a11a531c31cefebe696efbd5eaec5917382d + +# Point not on curve +InvalidKeyX = 0xd45779fb33629e21abe0d4a5f8b99f12c71952e53aa4ca065cc393e6300d0f2e +InvalidKeyY = 0x6d1a3d5666c7ee9c84c03f02ca2834f5eaf924d6c15536a7b4877481be3fcd2c + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x18c60b77ce23fb3210073ba7dad451ca25bf16c3c1d2d67b2e6eca51f1c77e56 +InvalidKeyY = 0x19b47a0fea8c46dc3bd9f65506b281a9dc872d16ed90fd20e94f2fbc94c68d0ba + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x5772caf0d1641479a79aa443fefb222a385b3c481ff51e9fce76ccb513a9bfad +InvalidKeyY = 0x110906da47200cb4a536f2c4f601c4ecf82d8dc18405a1cd4746b25a572b46b2c + +# Point not on curve +InvalidKeyX = 0x9ba790614fa1c43816b77729ce03f2cc9666e25f27488886a270b22a36636f11 +InvalidKeyY = 0x0a0d36ae87c44c2671a2684793fe8ef2bf6c17411f3fb972b695e30b101b1184 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0xdde744307e7b64098581aa52db5de8c22cdbd46959922e15a714192b7597ecf4 +InvalidKeyY = 0x111c5393185604be8cbd53b28d2c3fcb4e853291a5bd82660564e4eeda10924c8 + +# [P-384] + +Group = secp384r1 + +# Point not on curve +InvalidKeyX = 0x58fd70ca9e315b2c99152fd3f1071889fcfbe1387c02e6169850e2cba3bb3d21c9f295def8b7680fbca9c43956cfc190 +InvalidKeyY = 0xbf7a80d161e429445fb613aeffb71840e1cd7fa9139be4c535c33ae32790f48f6ce4de4b275a55d0b433e86af00766a9 + +# Point not on curve +InvalidKeyX = 0x06a05a2f6a05c7e8684b6df74392faea822f89eecad01e791b0559f6ac650abd85084ceeddfbee85391d5809adb73fef +InvalidKeyY = 0x3191a5af6ef4bbad57fe2748ebfe98a4f71dd7b580349d853b9052f326d7a8a42a45ee6e6fd67a49ddbd23b53b92b6d6 + +# Point not on curve +InvalidKeyX = 0x432989eeadbb65d0b11ce46e6049b9c871941a7f4349b30ac0a4e5494bd43cc21608a1e61211f3071c8af12a90475792 +InvalidKeyY = 0xbc68ef58e930b4e5a4668d682582c2a1ea1de54589eebe1b754588ba6f14dbcd49b2265a584b7bcb8f7013c6cf7e7880 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x1a9e6542ec66d46262c75bd60d9767e114eab403bb3e7576261e5b9a243091b9784c863bbba63cfd3a325d51bdf19eb0d +InvalidKeyY = 0x227e025dc40c7025e0961e7841d765d2b59a77fba8dab2150ec9f3153e4fdd2194f775c1b98abb2af9369e4a459cf205 + +# Point not on curve +InvalidKeyX = 0x494c8ecf87e9b7964a1a5736a999828da7904c4345d2c9a521a3d0ae07067bab548a0bca0f90828b678fc182572ea067 +InvalidKeyY = 0x15742dd1305079f2b2a8c7f75d191bbca147a7bf111b8d619fb00ae53cf9988084e7c2a90c516c93b06e4ef525e42fde + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x19c0a1c05c945ecadfd00377c81eb4902f40bc3a411c81ab94a444fde37507ee0b341be268da10b6259ac2b5a0965a08e +InvalidKeyY = 0xdb9e823dfffde66128955fbd322bac382ce2c2ceb8e11f32f98f09dec41631c22df7ea8838b160adb21685847591959b + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0xc4059321bfc49437084eb6b5c746b52c03aceb7959d72f620b9d668ef2b314ea63fec712262d516ae7d839592f8ed118 +InvalidKeyY = 0x165aa703ba328334c9938e61d660b328a6dc672e17b62b550634b862c26f63ee4856bdcc822237c6d598a55175937affd + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x14f96eb9c3623e8ca98edc297f82501d5c6c7c01c11bda6e5e5e166b8525c22c773a5e55fb5a7d04cae08f6a190ad3ac8 +InvalidKeyY = 0x47f665e4fb9e9f9e592ac8441e41aeb1c0ed240a05bbd93d6ec260a0644a4d9202aa5a5f28cefde4362878d5aae68222 + +# [P-521] + +Group = secp521r1 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x07573e6115674bbffb65097f3dcb05597a35193bf0ed1a4b90a86006eabe5ed638d1e11adb769cd6ed7fba181dea42ffc38a611a6f162fe10b925b80ce9c419ac80 +InvalidKeyY = 0x2dbe133e4ff21af1aa50742fc1f7c74cbe8342fe5037c33b961f65b218f947a4acada6d53b1e0bf9ada5be979652275bce77194c8fae2066c5531196aa9997dd2bc + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x014bc514f2b5664a35d1728cc096cc7de2b0391089c014f5f3e4d1048ec5d8497fbe6cfe008b634d708d12bac6aa616c78af1576c0a8676a17a16773ee5a827e3b5 +InvalidKeyY = 0x2c027dade98d1a7b433368075e19e8269d8465bbc91c4c3aebfdb2418115d331ea946663713d67f9226f4920c85b0d78c312e87826672f107bcd6c19ea17fff4331 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x259d237214e071f725c77674b38b8b6cc590bed12b7cfdb3d177162afb2a40ab0540f77386ab98ac049711287a5b80891ece13ea34c545c19593e87a15237e2a108 +InvalidKeyY = 0x1f33c8963f0981350d77615f0e04e24515a76efc690140272efddaa8cb85b140acad7fc42cf6da7ff5f3ce47183f46e7272b06eca4c74200536223fef2d74e095b1 + +# Point not on curve +InvalidKeyX = 0x089eb672b023d7098bb864bd7789b9f6f4ee268aa9dca6ba3268023b2119be34ee035699d7f1f776ff6028a91824fbfefa22671ed2ce7ffb46ddcece33d1087985d +InvalidKeyY = 0x07b7ea0588de385a35a5c0e7dba9cd86fd13d91f71a97a9769e483c2fb823cc3ae9fb9800a05814a25af676f780de1d805a174b70703b51e46455d0eae78b5d7e1d + +# Point not on curve +InvalidKeyX = 0x1859642073e648dd5580346ad5ba9daec8b60d5b574938b2f16ef2a48128ffcadaa46be1fa10ded234d72ec3c38d7cb898281d25264c00d83c2a14bab175ddb9d2b +InvalidKeyY = 0x11ad23cb933fa28e00d7d9b0faf78297e4f2b026e6fff74e456b8f2df938e52ceaf98760070c8d22c7f742728434eb6ae6afe7193ee81bc730f5549eebacf7f9952 + +# Point not on curve +InvalidKeyX = 0x176b36128e5a294876c57fac275f388155eb5715c8ace3d90ee4c31b755c8f867327b7e037e7be8f6b521b2674e1786d67294c1f5b098be16102ddd361d92505fd0 +InvalidKeyY = 0x0d01b3f053aecde9e0c534d6a518fe24c68ef246b4cff071a3ebbc742152c9d4e872b1acd5a76a42847fe98e9360e7c33ba8575cf75218e89564839ac9f13e6ef14 + +# InvalidKeyX or InvalidKeyY out of range +InvalidKeyX = 0x01f26ff28f769521f232fb83e697c9cde606d11383115deef0af16fc05e4631850b57975ae91299b87133fc53bdb424fd8f21b28c7636055eca88f3417d80a3bde1 +InvalidKeyY = 0x2748bee6ea7c3b9790fb927c0e691436b946d35b7d52b98398cbcf433683138f48ebe93a007e611f00a73dcfadfd2b0bedbc48bf2de204969df04cebfc1018072f1 + +# Point not on curve +InvalidKeyX = 0x0fcacf322f6be9da5342dae87cbc8cdcb22bc489ca6e97b186b97d2ac02610518b5ee72be37f22825278fb205895f2f823540b91b313abb54a6b41506152e0deec3 +InvalidKeyY = 0x187333ce6fe5e6dea5d08d8f5950b5207cb8eb34fa0de2cae5acad8bc8436ff617b45bd8f2975f2762982219b3136bffec3f6c58f8f2cd0d6eb2ebd46467219126f + +# TODO check FIPS 186-4 + +# TODO Google Wycheproof has some tests, too
\ No newline at end of file diff --git a/src/tests/test_ecdsa.cpp b/src/tests/test_ecdsa.cpp index 90899e183..2cd6b3aae 100644 --- a/src/tests/test_ecdsa.cpp +++ b/src/tests/test_ecdsa.cpp @@ -68,8 +68,47 @@ class ECDSA_Keygen_Tests : public PK_Key_Generation_Test std::string algo_name() const override { return "ECDSA"; } }; +class ECDSA_Invalid_Key_Tests : public Text_Based_Test + { + public: + ECDSA_Invalid_Key_Tests() : + Text_Based_Test("pubkey/ecdsa_invalid.vec", "Group,InvalidKeyX,InvalidKeyY") {} + + bool clear_between_callbacks() const override { return false; } + + Test::Result run_one_test(const std::string&, const VarMap& vars) override + { + Test::Result result("ECDSA invalid keys"); + + const std::string group_id = get_req_str(vars, "Group"); + Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + const Botan::BigInt x = get_req_bn(vars, "InvalidKeyX"); + const Botan::BigInt y = get_req_bn(vars, "InvalidKeyY"); + + std::unique_ptr<Botan::PointGFp> public_point; + + try + { + public_point.reset(new Botan::PointGFp(group.get_curve(), x, y)); + } + catch(Botan::Invalid_Argument&) + { + // PointGFp() performs a range check on x, y in [0, p−1], + // which is also part of the EC public key checks, e.g., + // in NIST SP800-56A rev2, sec. 5.6.2.3.2 + result.test_success("public key fails check"); + return result; + } + + std::unique_ptr<Botan::Public_Key> key(new Botan::ECDSA_PublicKey(group, *public_point)); + result.test_eq("public key fails check", key->check_key(Test::rng(), false), false); + return result; + } + }; + BOTAN_REGISTER_TEST("ecdsa_sign", ECDSA_Signature_KAT_Tests); BOTAN_REGISTER_TEST("ecdsa_keygen", ECDSA_Keygen_Tests); +BOTAN_REGISTER_TEST("ecdsa_invalid", ECDSA_Invalid_Key_Tests); #endif |