aboutsummaryrefslogtreecommitdiffstats
path: root/checks
diff options
context:
space:
mode:
Diffstat (limited to 'checks')
-rw-r--r--checks/ec_tests.cpp80
-rw-r--r--checks/ecdsa.cpp164
-rw-r--r--checks/pk.cpp54
-rw-r--r--checks/pk_valid.dat18
4 files changed, 113 insertions, 203 deletions
diff --git a/checks/ec_tests.cpp b/checks/ec_tests.cpp
index f378de8a4..0532e35fe 100644
--- a/checks/ec_tests.cpp
+++ b/checks/ec_tests.cpp
@@ -847,84 +847,6 @@ void test_curve_cp_ctor()
CurveGFp curve(dom_pars.get_curve());
}
-/**
-* The following test checks assignment operator and copy ctor for ec keys
-*/
-void test_ec_key_cp_and_assignment(RandomNumberGenerator& rng)
- {
- std::cout << "." << std::flush;
-
-
- std::string g_secp("024a96b5688ef573284664698968c38bb913cbfc82");
- SecureVector<byte> sv_g_secp = decode_hex ( g_secp);
- BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff");
- BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc");
- BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45");
- BigInt order = BigInt("0x0100000000000000000001f4c8f927aed3ca752257");
- CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp);
-
- BigInt cofactor = BigInt(1);
- PointGFp p_G = OS2ECP ( sv_g_secp, curve );
-
- EC_Domain_Params dom_pars = EC_Domain_Params(curve, p_G, order, cofactor);
- ECDSA_PrivateKey my_priv_key(rng, dom_pars);
-
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
-
- // sign with the original key
- SecureVector<byte> signature = my_priv_key.sign(sv_message.begin(), sv_message.size(), rng);
- bool ver_success = my_priv_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
-
- // make a copy and sign
- ECDSA_PrivateKey cp_key(my_priv_key);
- SecureVector<byte> cp_sig = cp_key.sign(sv_message.begin(), sv_message.size(), rng);
-
- // now cross verify...
- CHECK(my_priv_key.verify(sv_message.begin(), sv_message.size(), cp_sig.begin(), cp_sig.size()));
- CHECK(cp_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size()));
-
- // make an copy assignment and verify
- ECDSA_PrivateKey ass_key = my_priv_key;
- SecureVector<byte> ass_sig = ass_key.sign(sv_message.begin(), sv_message.size(), rng);
-
- // now cross verify...
- CHECK(my_priv_key.verify(sv_message.begin(), sv_message.size(), ass_sig.begin(), ass_sig.size()));
- CHECK(ass_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size()));
- }
-
-void test_ec_key_cast(RandomNumberGenerator& rng)
- {
- std::cout << "." << std::flush;
-
- std::string g_secp("024a96b5688ef573284664698968c38bb913cbfc82");
- SecureVector<byte> sv_g_secp = decode_hex ( g_secp);
- BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff");
- BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc");
- BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45");
- BigInt order = BigInt("0x0100000000000000000001f4c8f927aed3ca752257");
- CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp);
- BigInt cofactor = BigInt(1);
- PointGFp p_G = OS2ECP ( sv_g_secp, curve );
-
- EC_Domain_Params dom_pars = EC_Domain_Params(curve, p_G, order, cofactor);
- ECDSA_PrivateKey my_priv_key(rng, dom_pars);
- ECDSA_PublicKey my_ecdsa_pub_key = my_priv_key;
-
- Public_Key* my_pubkey = static_cast<Public_Key*>(&my_ecdsa_pub_key);
- ECDSA_PublicKey* ec_cast_back = dynamic_cast<ECDSA_PublicKey*>(my_pubkey);
-
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
-
- // sign with the original key
- SecureVector<byte> signature = my_priv_key.sign(sv_message.begin(), sv_message.size(), rng);
-
- bool ver_success = ec_cast_back->verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
- }
-
}
void do_ec_tests(RandomNumberGenerator& rng)
@@ -955,8 +877,6 @@ void do_ec_tests(RandomNumberGenerator& rng)
test_point_swap(rng);
test_mult_sec_mass(rng);
test_curve_cp_ctor();
- test_ec_key_cp_and_assignment(rng);
- test_ec_key_cast(rng);
std::cout << std::endl;
}
diff --git a/checks/ecdsa.cpp b/checks/ecdsa.cpp
index 64ac4be6b..036cc4dd1 100644
--- a/checks/ecdsa.cpp
+++ b/checks/ecdsa.cpp
@@ -116,35 +116,6 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng)
std::cout << "Corrupt ECDSA signature verified, should not have\n";
}
-/**
-* Tests whether the the signing routine will work correctly in case the integer e
-* that is constructed from the message is larger than n, the order of the base point
-*/
-void test_message_larger_than_n(RandomNumberGenerator& rng)
- {
- std::cout << "." << std::flush;
-
- EC_Domain_Params dom_pars(OID("1.3.132.0.8"));
- ECDSA_PrivateKey priv_key(rng, dom_pars);
- std::string str_message = ("12345678901234567890abcdef1212345678901234567890abcdef1212345678901234567890abcdef12");
-
- SecureVector<byte> sv_message = decode_hex(str_message);
- bool thrn = false;
- SecureVector<byte> signature;
- try
- {
- signature = priv_key.sign(sv_message.begin(), sv_message.size(), rng);
- }
- catch (Invalid_Argument e)
- {
- thrn = true;
- }
- //cout << "signature = " << hex_encode(signature.begin(), signature.size()) << "\n";
- bool ver_success = priv_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
- //CHECK_MESSAGE(thrn, "no exception was thrown although message to sign was too long");
- }
-
void test_decode_ecdsa_X509()
{
std::cout << "." << std::flush;
@@ -187,30 +158,28 @@ void test_decode_ver_link_SHA1()
void test_sign_then_ver(RandomNumberGenerator& rng)
{
- std::cout << "." << std::flush;
+ std::cout << '.' << std::flush;
- std::string g_secp("024a96b5688ef573284664698968c38bb913cbfc82");
- SecureVector<byte> sv_g_secp = decode_hex(g_secp);
- BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff");
- BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc");
- BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45");
- BigInt order = BigInt("0x0100000000000000000001f4c8f927aed3ca752257");
- CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp);
- BigInt cofactor = BigInt(1);
- PointGFp p_G = OS2ECP ( sv_g_secp, curve );
-
- EC_Domain_Params dom_pars = EC_Domain_Params(curve, p_G, order, cofactor);
- ECDSA_PrivateKey my_priv_key(rng, dom_pars);
-
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
- SecureVector<byte> signature = my_priv_key.sign(sv_message.begin(), sv_message.size(), rng);
- //cout << "signature = " << hex_encode(signature.begin(), signature.size()) << "\n";
- bool ver_success = my_priv_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
- signature[signature.size()-1] += 0x01;
- bool ver_must_fail = my_priv_key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(!ver_must_fail, "corrupted signature could be verified positively");
+ EC_Domain_Params dom_pars(OID("1.3.132.0.8"));
+ ECDSA_PrivateKey ecdsa(rng, dom_pars);
+
+ std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-1)"));
+
+ SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12");
+ SecureVector<byte> sig = signer->sign_message(msg, rng);
+
+ std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(ecdsa, "EMSA1(SHA-1)"));
+
+ bool ok = verifier->verify_message(msg, sig);
+
+ if(!ok)
+ std::cout << "ERROR: Could not verify ECDSA signature\n";
+
+ sig[0]++;
+ ok = verifier->verify_message(msg, sig);
+
+ if(ok)
+ std::cout << "ERROR: Bogus ECDSA signature verified anyway\n";
}
bool test_ec_sign(RandomNumberGenerator& rng)
@@ -392,13 +361,16 @@ void test_curve_registry(RandomNumberGenerator& rng)
OID oid(oids[i]);
EC_Domain_Params dom_pars(oid);
dom_pars.get_base_point().check_invariants();
- ECDSA_PrivateKey key(rng, dom_pars);
+ ECDSA_PrivateKey ecdsa(rng, dom_pars);
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
- SecureVector<byte> signature = key.sign(sv_message.begin(), sv_message.size(), rng);
- bool ver_success = key.verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
+ std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-1)"));
+ std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(ecdsa, "EMSA1(SHA-1)"));
+
+ SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12");
+ SecureVector<byte> sig = signer->sign_message(msg, rng);
+
+ if(!verifier->verify_message(msg, sig))
+ std::cout << "Failed testing ECDSA sig for curve " << oids[i] << "\n";
}
catch(Invalid_Argument& e)
{
@@ -414,28 +386,37 @@ void test_read_pkcs8(RandomNumberGenerator& rng)
try
{
std::auto_ptr<PKCS8_PrivateKey> loaded_key(PKCS8::load_key(TEST_DATA_DIR "/wo_dompar_private.pkcs8.pem", rng));
- ECDSA_PrivateKey* loaded_ec_key = dynamic_cast<ECDSA_PrivateKey*>(loaded_key.get());
- CHECK_MESSAGE(loaded_ec_key, "the loaded key could not be converted into an ECDSA_PrivateKey");
+ ECDSA_PrivateKey* ecdsa = dynamic_cast<ECDSA_PrivateKey*>(loaded_key.get());
+ CHECK_MESSAGE(ecdsa, "the loaded key could not be converted into an ECDSA_PrivateKey");
+
+ std::auto_ptr<PK_Signer> signer(get_pk_signer(*ecdsa, "EMSA1(SHA-1)"));
+
+ SecureVector<byte> msg = decode_hex("12345678901234567890abcdef12");
+ SecureVector<byte> sig = signer->sign_message(msg, rng);
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
- SecureVector<byte> signature = loaded_ec_key->sign(sv_message.begin(), sv_message.size(), rng);
- //cout << "signature = " << hex_encode(signature.begin(), signature.size()) << "\n";
- bool ver_success = loaded_ec_key->verify(sv_message.begin(), sv_message.size(), signature.begin(), signature.size());
- CHECK_MESSAGE(ver_success, "generated signature could not be verified positively");
+ std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(*ecdsa, "EMSA1(SHA-1)"));
+
+ bool ok = verifier->verify_message(msg, sig);
+
+ CHECK_MESSAGE(ok, "generated sig could not be verified positively");
std::auto_ptr<PKCS8_PrivateKey> loaded_key_nodp(PKCS8::load_key(TEST_DATA_DIR "/nodompar_private.pkcs8.pem", rng));
// anew in each test with unregistered domain-parameters
- ECDSA_PrivateKey* loaded_ec_key_nodp = dynamic_cast<ECDSA_PrivateKey*>(loaded_key_nodp.get());
- CHECK_MESSAGE(loaded_ec_key_nodp, "the loaded key could not be converted into an ECDSA_PrivateKey");
+ ECDSA_PrivateKey* ecdsa_nodp = dynamic_cast<ECDSA_PrivateKey*>(loaded_key_nodp.get());
+ CHECK_MESSAGE(ecdsa_nodp, "the loaded key could not be converted into an ECDSA_PrivateKey");
+
+ signer.reset(get_pk_signer(*ecdsa_nodp, "EMSA1(SHA-1)"));
+ verifier.reset(get_pk_verifier(*ecdsa_nodp, "EMSA1(SHA-1)"));
+
+ SecureVector<byte> signature_nodp = signer->sign_message(msg, rng);
+
+ ok = verifier->verify_message(msg, signature_nodp);
+ CHECK_MESSAGE(ok, "generated signature could not be verified positively (no_dom)");
- SecureVector<byte> signature_nodp = loaded_ec_key_nodp->sign(sv_message.begin(), sv_message.size(), rng);
- //cout << "signature = " << hex_encode(signature.begin(), signature.size()) << "\n";
- bool ver_success_nodp = loaded_ec_key_nodp->verify(sv_message.begin(), sv_message.size(), signature_nodp.begin(), signature_nodp.size());
- CHECK_MESSAGE(ver_success_nodp, "generated signature could not be verified positively (no_dom)");
try
{
- std::auto_ptr<PKCS8_PrivateKey> loaded_key_withdp(PKCS8::load_key(TEST_DATA_DIR "/withdompar_private.pkcs8.pem", rng));
+ std::auto_ptr<PKCS8_PrivateKey> loaded_key_withdp(
+ PKCS8::load_key(TEST_DATA_DIR "/withdompar_private.pkcs8.pem", rng));
std::cout << "Unexpected success: loaded key with unknown OID\n";
}
@@ -447,48 +428,12 @@ void test_read_pkcs8(RandomNumberGenerator& rng)
}
}
-/**
-* The following test tests the copy ctors and and copy-assignment operators
-*/
-void test_cp_and_as_ctors(RandomNumberGenerator& rng)
- {
- std::cout << "." << std::flush;
-
- std::auto_ptr<PKCS8_PrivateKey> loaded_key(PKCS8::load_key(TEST_DATA_DIR "/wo_dompar_private.pkcs8.pem", rng));
- ECDSA_PrivateKey* loaded_ec_key = dynamic_cast<ECDSA_PrivateKey*>(loaded_key.get());
- CHECK_MESSAGE(loaded_ec_key, "the loaded key could not be converted into an ECDSA_PrivateKey");
- std::string str_message = ("12345678901234567890abcdef12");
- SecureVector<byte> sv_message = decode_hex(str_message);
- SecureVector<byte> signature_1 = loaded_ec_key->sign(sv_message.begin(), sv_message.size(), rng);
- //cout << "signature = " << hex_encode(signature.begin(), signature.size()) << "\n";
-
- ECDSA_PrivateKey cp_priv_key(*loaded_ec_key); // priv-key, cp-ctor
- SecureVector<byte> signature_2 = cp_priv_key.sign(sv_message.begin(), sv_message.size(), rng);
-
- ECDSA_PrivateKey as_priv_key = *loaded_ec_key; //priv-key, as-op
- SecureVector<byte> signature_3 = as_priv_key.sign(sv_message.begin(), sv_message.size(), rng);
-
- ECDSA_PublicKey pk_1 = cp_priv_key; // pub-key, as-op
- ECDSA_PublicKey pk_2(pk_1); // pub-key, cp-ctor
- ECDSA_PublicKey pk_3 = pk_2;
-
- bool ver_success_1 = pk_1.verify(sv_message.begin(), sv_message.size(), signature_1.begin(), signature_1.size());
-
- bool ver_success_2 = pk_2.verify(sv_message.begin(), sv_message.size(), signature_2.begin(), signature_2.size());
-
- bool ver_success_3 = pk_3.verify(sv_message.begin(), sv_message.size(), signature_3.begin(), signature_3.size());
-
- CHECK_MESSAGE((ver_success_1 && ver_success_2 && ver_success_3), "different results for copied keys");
- }
-
}
u32bit do_ecdsa_tests(Botan::RandomNumberGenerator& rng)
{
std::cout << "Testing ECDSA (InSiTo unit tests): ";
- test_hash_larger_than_n(rng);
- //test_message_larger_than_n();
test_decode_ecdsa_X509();
test_decode_ver_link_SHA256();
test_decode_ver_link_SHA1();
@@ -498,7 +443,6 @@ u32bit do_ecdsa_tests(Botan::RandomNumberGenerator& rng)
test_create_and_verify(rng);
test_curve_registry(rng);
test_read_pkcs8(rng);
- test_cp_and_as_ctors(rng);
std::cout << std::endl;
diff --git a/checks/pk.cpp b/checks/pk.cpp
index 1a202bd7d..33d4da0fc 100644
--- a/checks/pk.cpp
+++ b/checks/pk.cpp
@@ -489,6 +489,31 @@ u32bit validate_dsa_sig(const std::string& algo,
return 2;
}
+u32bit validate_ecdsa_sig(const std::string& algo,
+ const std::vector<std::string>& str,
+ RandomNumberGenerator& rng)
+ {
+ if(str.size() != 5)
+ throw std::runtime_error("Invalid input from pk_valid.dat");
+
+#if defined(BOTAN_HAS_ECDSA)
+
+ EC_Domain_Params group(OIDS::lookup(str[0]));
+ ECDSA_PrivateKey ecdsa(group, to_bigint(str[1]));
+
+ std::string emsa = algo.substr(6, std::string::npos);
+
+ PK_Verifier* v = get_pk_verifier(ecdsa, emsa);
+ PK_Signer* s = get_pk_signer(ecdsa, emsa);
+
+ bool failure = false;
+ validate_signature(v, s, algo, str[2], str[3], str[4], failure);
+ return (failure ? 1 : 0);
+#endif
+
+ return 2;
+ }
+
u32bit validate_dsa_ver(const std::string& algo,
const std::vector<std::string>& str)
{
@@ -791,33 +816,36 @@ u32bit do_pk_validation_tests(const std::string& filename,
try
{
- if(algorithm.find("DSA/") != std::string::npos)
+ if(algorithm.find("DSA/") == 0)
new_errors = validate_dsa_sig(algorithm, substr, rng);
- else if(algorithm.find("DSA_VA/") != std::string::npos)
+ else if(algorithm.find("DSA_VA/") == 0)
new_errors = validate_dsa_ver(algorithm, substr);
- else if(algorithm.find("RSAES_PKCS8/") != std::string::npos)
+ else if(algorithm.find("ECDSA/") == 0)
+ new_errors = validate_ecdsa_sig(algorithm, substr, rng);
+
+ else if(algorithm.find("RSAES_PKCS8/") == 0)
new_errors = validate_rsa_enc_pkcs8(algorithm, substr, rng);
- else if(algorithm.find("RSAVA_X509/") != std::string::npos)
+ else if(algorithm.find("RSAVA_X509/") == 0)
new_errors = validate_rsa_ver_x509(algorithm, substr);
- else if(algorithm.find("RSAES/") != std::string::npos)
+ else if(algorithm.find("RSAES/") == 0)
new_errors = validate_rsa_enc(algorithm, substr, rng);
- else if(algorithm.find("RSASSA/") != std::string::npos)
+ else if(algorithm.find("RSASSA/") == 0)
new_errors = validate_rsa_sig(algorithm, substr, rng);
- else if(algorithm.find("RSAVA/") != std::string::npos)
+ else if(algorithm.find("RSAVA/") == 0)
new_errors = validate_rsa_ver(algorithm, substr);
- else if(algorithm.find("RWVA/") != std::string::npos)
+ else if(algorithm.find("RWVA/") == 0)
new_errors = validate_rw_ver(algorithm, substr);
- else if(algorithm.find("RW/") != std::string::npos)
+ else if(algorithm.find("RW/") == 0)
new_errors = validate_rw_sig(algorithm, substr, rng);
- else if(algorithm.find("NR/") != std::string::npos)
+ else if(algorithm.find("NR/") == 0)
new_errors = validate_nr_sig(algorithm, substr, rng);
- else if(algorithm.find("ElGamal/") != std::string::npos)
+ else if(algorithm.find("ElGamal/") == 0)
new_errors = validate_elg_enc(algorithm, substr, rng);
- else if(algorithm.find("DH/") != std::string::npos)
+ else if(algorithm.find("DH/") == 0)
new_errors = validate_dh(algorithm, substr, rng);
- else if(algorithm.find("DLIES/") != std::string::npos)
+ else if(algorithm.find("DLIES/") == 0)
new_errors = validate_dlies(algorithm, substr, rng);
else
std::cout << "WARNING: Unknown PK algorithm "
diff --git a/checks/pk_valid.dat b/checks/pk_valid.dat
index 1e2a84c19..fbf3c3b45 100644
--- a/checks/pk_valid.dat
+++ b/checks/pk_valid.dat
@@ -4182,6 +4182,24 @@ MIG6AgEAMIGhBgcqhkjOOAQBMIGVAkAA8HR2W1fHj8t8G9/BzpO5z1Ea5YnMTwMS\
25ECC0ED4CE7118A72D133704D002A:\
14593FBF63EAC64976987524044D8B11AB9A95B4B75A760FE22C45A3EFD6:
+# ECDSA format is group name:private key:message:nonce:signature
+[ECDSA/EMSA1(SHA-1)]
+
+# From ANSI X9.62
+secp192r1:\
+1A8D598FC15BF0FD89030B5CB1111AEB92AE8BAF5EA475FB:\
+616263:\
+FA6DE29746BBEB7F8BB1E761F85F7DFB2983169D82FA2F4E:\
+885052380FF147B734C330C43D39B2C4A89F29B0F749FEAD\
+E9ECC78106DEF82BF1070CF1D4D804C3CB390046951DF686
+
+x962_p239v1:\
+7EF7C6FABEFFFDEA864206E80B0B08A9331ED93E698561B64CA0F7777F3D:\
+616263:\
+656C7196BF87DCC5D1F1020906DF2782360D36B2DE7A17ECE37D503784AF:\
+2CB7F36803EBB9C427C58D8265F11FC5084747133078FC279DE874FBECB0\
+2EEAE988104E9C2234A3C2BEB1F53BFA5DC11FF36A875D1E3CCB1F7E45CF
+
# NR Format: p:q:g:y:x:message:k:output
[NR/EMSA1(SHA-1)]
# Trickiness: in some of these, we put a leading 0 digit on the nonce (k). This