From 9edff740e145d2cdaf7e870fcdd6b40c1aaec11e Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 4 Mar 2021 17:59:39 +0100 Subject: [PATCH 1/7] Fix EC J-PAKE failing when the payload is all-bits-zero Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met. Fix #1792 Signed-off-by: TRodziewicz --- ChangeLog.d/issue1792.txt | 4 ++++ library/ecjpake.c | 7 +++++++ library/ecp.c | 8 ++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/issue1792.txt diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt new file mode 100644 index 000000000000..e82c80e0b0fb --- /dev/null +++ b/ChangeLog.d/issue1792.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix a bug in EC J-PAKE that would cause it fail when the payload is all- + bits-zero. + Found by Gilles Peskine, reported in #1792. diff --git a/library/ecjpake.c b/library/ecjpake.c index bd4716903a42..b835ac1c21ce 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -286,6 +286,13 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, * Verification */ MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); + + if( mbedtls_mpi_cmp_int( &r,0 ) == 0 ) + { + ret = MBEDTLS_ERR_ECP_INVALID_KEY; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp, &VV, &h, X, &r, G ) ); diff --git a/library/ecp.c b/library/ecp.c index 3b68e8e2dd0e..6e866fa21d22 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2795,7 +2795,7 @@ static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* - * R = m * P with shortcuts for m == 1 and m == -1 + * R = m * P with shortcuts for m == 0, m == 1 and m == -1 * NOT constant-time - ONLY for short Weierstrass! */ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, @@ -2806,7 +2806,11 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) + if ( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) + { + MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) ); + } + else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) { MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); } From 782a7eab14ca6f4c32da0ae779ada232cea0ba63 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 17 Mar 2021 11:35:16 +0100 Subject: [PATCH 2/7] ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that Signed-off-by: TRodziewicz --- ChangeLog.d/issue1792.txt | 6 +++--- library/ecjpake.c | 9 +-------- library/ecp.c | 2 +- tests/suites/test_suite_ecjpake.data | 8 ++++---- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt index e82c80e0b0fb..39dbe5b1ad3b 100644 --- a/ChangeLog.d/issue1792.txt +++ b/ChangeLog.d/issue1792.txt @@ -1,4 +1,4 @@ Bugfix - * Fix a bug in EC J-PAKE that would cause it fail when the payload is all- - bits-zero. - Found by Gilles Peskine, reported in #1792. + * Fix a bug in ECDSA that would cause it to fail when the payload is all-bits + zero. + Fixes #1792 diff --git a/library/ecjpake.c b/library/ecjpake.c index b835ac1c21ce..464ff51cca78 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -273,7 +273,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, r_len = *(*p)++; - if( end < *p || (size_t)( end - *p ) < r_len ) + if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 ) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; @@ -286,13 +286,6 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, * Verification */ MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); - - if( mbedtls_mpi_cmp_int( &r,0 ) == 0 ) - { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp, &VV, &h, X, &r, G ) ); diff --git a/library/ecp.c b/library/ecp.c index 6e866fa21d22..d229a0a43eb1 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2806,7 +2806,7 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) + if( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) { MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) ); } diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data index ffa59e5464b2..fe14f88281fa 100644 --- a/tests/suites/test_suite_ecjpake.data +++ b/tests/suites/test_suite_ecjpake.data @@ -56,7 +56,7 @@ ECJPAKE round one: KKP1: nothing after second point read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round one: KKP1: zero-length r -read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_INVALID_KEY +read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round one: KKP1: no data for r read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51601":MBEDTLS_ERR_ECP_BAD_INPUT_DATA @@ -104,7 +104,7 @@ ECJPAKE round one: KKP2: nothing after second point read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round one: KKP2: zero-length r -read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_INVALID_KEY +read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round one: KKP2: no data for r read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51601":MBEDTLS_ERR_ECP_BAD_INPUT_DATA @@ -170,7 +170,7 @@ ECJPAKE round two client: nothing after second point read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c8":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round two client: zero-length r -read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c800":MBEDTLS_ERR_ECP_INVALID_KEY +read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c800":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round two client: no data for r read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c801":MBEDTLS_ERR_ECP_BAD_INPUT_DATA @@ -224,7 +224,7 @@ ECJPAKE round two server: nothing after second point read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round two server: zero-length r -read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d00":MBEDTLS_ERR_ECP_INVALID_KEY +read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round two server: no data for r read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d20":MBEDTLS_ERR_ECP_BAD_INPUT_DATA From 5feb6702dd9238d0cd01c04ea9767e21af9181bf Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 6 Apr 2021 19:55:17 +0200 Subject: [PATCH 3/7] Fix the Changelog and extend tests to cover the hash of all-bits zero Signed-off-by: TRodziewicz --- ChangeLog.d/issue1792.txt | 2 +- tests/suites/test_suite_ecdsa.function | 142 +++++++++++++++---------- 2 files changed, 86 insertions(+), 58 deletions(-) diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt index 39dbe5b1ad3b..bd3d248751e2 100644 --- a/ChangeLog.d/issue1792.txt +++ b/ChangeLog.d/issue1792.txt @@ -1,4 +1,4 @@ Bugfix - * Fix a bug in ECDSA that would cause it to fail when the payload is all-bits + * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits zero. Fixes #1792 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index e6da884aaf26..08bbe632b000 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -212,6 +212,7 @@ void ecdsa_prim_random( int id ) mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; unsigned char buf[MBEDTLS_MD_MAX_SIZE]; + int test_runs = 2; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); @@ -219,18 +220,31 @@ void ecdsa_prim_random( int id ) memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( buf, 0, sizeof( buf ) ); - /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - buf, sizeof( buf ) ) == 0 ); - TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - - TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); + while ( test_runs-- ) + { + /* prepare material for signature */ + if ( test_runs == 1 ) + { + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + buf, sizeof( buf ) ) + == 0 ); + } else { + TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, + buf, sizeof( buf ) ) + == 0 ); + } + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) + == 0 ); + } exit: mbedtls_ecp_group_free( &grp ); @@ -354,56 +368,70 @@ void ecdsa_write_read_random( int id ) unsigned char hash[32]; unsigned char sig[200]; size_t sig_len, i; + int test_runs = 2; mbedtls_ecdsa_init( &ctx ); memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); - memset( sig, 0x2a, sizeof( sig ) ); - - /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - hash, sizeof( hash ) ) == 0 ); - - /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - - /* generate and write signature, then read and verify it */ - TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, - hash, sizeof( hash ), - sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == 0 ); - - /* check we didn't write past the announced length */ - for( i = sig_len; i < sizeof( sig ); i++ ) - TEST_ASSERT( sig[i] == 0x2a ); - - /* try verification with invalid length */ - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len - 1 ) != 0 ); - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len + 1 ) != 0 ); - - /* try invalid sequence tag */ - sig[0]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) != 0 ); - sig[0]--; - /* try modifying r */ - sig[10]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[10]--; - - /* try modifying s */ - sig[sig_len - 1]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[sig_len - 1]--; + while ( test_runs-- ) + { + memset( sig, 0x2a, sizeof( sig ) ); + + /* prepare material for signature */ + if ( test_runs == 1 ) + { + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + hash, sizeof( hash ) ) + == 0 ); + } else { + TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, + hash, sizeof( hash ) ) + == 0 ); + } + + /* generate signing key */ + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + /* generate and write signature, then read and verify it */ + TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, + hash, sizeof( hash ), + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == 0 ); + + /* check we didn't write past the announced length */ + for( i = sig_len; i < sizeof( sig ); i++ ) + TEST_ASSERT( sig[i] == 0x2a ); + + /* try verification with invalid length */ + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len - 1 ) != 0 ); + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len + 1 ) != 0 ); + + /* try invalid sequence tag */ + sig[0]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) != 0 ); + sig[0]--; + + /* try modifying r */ + sig[10]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[10]--; + + /* try modifying s */ + sig[sig_len - 1]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[sig_len - 1]--; + } exit: mbedtls_ecdsa_free( &ctx ); From 20ad475cc2d3cf4fb43271f4b344ae3783ccf72d Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 7 Apr 2021 09:44:01 +0200 Subject: [PATCH 4/7] Remove trailing spaces Signed-off-by: TRodziewicz --- tests/suites/test_suite_ecdsa.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 08bbe632b000..5c72d9771321 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -226,11 +226,11 @@ void ecdsa_prim_random( int id ) if ( test_runs == 1 ) { TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - buf, sizeof( buf ) ) + buf, sizeof( buf ) ) == 0 ); } else { TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, - buf, sizeof( buf ) ) + buf, sizeof( buf ) ) == 0 ); } @@ -242,7 +242,7 @@ void ecdsa_prim_random( int id ) TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); } @@ -382,11 +382,11 @@ void ecdsa_write_read_random( int id ) if ( test_runs == 1 ) { TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - hash, sizeof( hash ) ) + hash, sizeof( hash ) ) == 0 ); } else { TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, - hash, sizeof( hash ) ) + hash, sizeof( hash ) ) == 0 ); } From 40de3c99c08554fb64b77d2c4ee31930f0432f36 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 7 Apr 2021 19:16:18 +0200 Subject: [PATCH 5/7] Fix Changelog, add separate test functions for hash of all-zero bits Signed-off-by: TRodziewicz --- ChangeLog.d/issue1792.txt | 3 +- tests/suites/test_suite_ecdsa.data | 40 +++++ tests/suites/test_suite_ecdsa.function | 236 ++++++++++++++++--------- 3 files changed, 192 insertions(+), 87 deletions(-) diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt index bd3d248751e2..9949bf41d93b 100644 --- a/ChangeLog.d/issue1792.txt +++ b/ChangeLog.d/issue1792.txt @@ -1,4 +1,3 @@ Bugfix * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits - zero. - Fixes #1792 + zero. Fixes #1792 diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 889f68488de1..8039d9b93e91 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -1,6 +1,26 @@ ECDSA Parameter validation ecdsa_invalid_param: +ECDSA primitive random #1 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1 + +ECDSA primitive random #2 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP224R1 + +ECDSA primitive random #3 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP256R1 + +ECDSA primitive random #4 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP384R1 + +ECDSA primitive random #5 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP521R1 + ECDSA primitive random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1 @@ -33,6 +53,26 @@ ECDSA primitive rfc 4754 p521 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":0 +ECDSA write-read random #1 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP192R1 + +ECDSA write-read random #2 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP224R1 + +ECDSA write-read random #3 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP256R1 + +ECDSA write-read random #4 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP384R1 + +ECDSA write-read random #5 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP521R1 + ECDSA write-read random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_write_read_random:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 5c72d9771321..f3e172797eaf 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -204,6 +204,38 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecdsa_prim_zero( int id ) +{ + mbedtls_ecp_group grp; + mbedtls_ecp_point Q; + mbedtls_mpi d, r, s; + mbedtls_test_rnd_pseudo_info rnd_info; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; + + mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init( &Q ); + mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); + memset( buf, 0, sizeof( buf ) ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); + +exit: + mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free( &Q ); + mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecdsa_prim_random( int id ) { @@ -212,7 +244,6 @@ void ecdsa_prim_random( int id ) mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; unsigned char buf[MBEDTLS_MD_MAX_SIZE]; - int test_runs = 2; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); @@ -220,31 +251,18 @@ void ecdsa_prim_random( int id ) memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( buf, 0, sizeof( buf ) ); - while ( test_runs-- ) - { - /* prepare material for signature */ - if ( test_runs == 1 ) - { - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - buf, sizeof( buf ) ) - == 0 ); - } else { - TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, - buf, sizeof( buf ) ) - == 0 ); - } - - TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - - TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) - == 0 ); - } + /* prepare material for signature */ + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); exit: mbedtls_ecp_group_free( &grp ); @@ -360,6 +378,68 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void ecdsa_write_read_zero( int id ) +{ + mbedtls_ecdsa_context ctx; + mbedtls_test_rnd_pseudo_info rnd_info; + unsigned char hash[32]; + unsigned char sig[200]; + size_t sig_len, i; + + mbedtls_ecdsa_init( &ctx ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); + memset( hash, 0, sizeof( hash ) ); + memset( sig, 0x2a, sizeof( sig ) ); + + TEST_ASSERT(0); + + /* generate signing key */ + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + /* generate and write signature, then read and verify it */ + TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, + hash, sizeof( hash ), + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == 0 ); + + /* check we didn't write past the announced length */ + for( i = sig_len; i < sizeof( sig ); i++ ) + TEST_ASSERT( sig[i] == 0x2a ); + + /* try verification with invalid length */ + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len - 1 ) != 0 ); + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len + 1 ) != 0 ); + + /* try invalid sequence tag */ + sig[0]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) != 0 ); + sig[0]--; + + /* try modifying r */ + sig[10]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[10]--; + + /* try modifying s */ + sig[sig_len - 1]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[sig_len - 1]--; + +exit: + mbedtls_ecdsa_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ void ecdsa_write_read_random( int id ) { @@ -368,70 +448,56 @@ void ecdsa_write_read_random( int id ) unsigned char hash[32]; unsigned char sig[200]; size_t sig_len, i; - int test_runs = 2; mbedtls_ecdsa_init( &ctx ); memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); + memset( sig, 0x2a, sizeof( sig ) ); + + /* prepare material for signature */ + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + hash, sizeof( hash ) ) == 0 ); + + /* generate signing key */ + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + + /* generate and write signature, then read and verify it */ + TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, + hash, sizeof( hash ), + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == 0 ); + + /* check we didn't write past the announced length */ + for( i = sig_len; i < sizeof( sig ); i++ ) + TEST_ASSERT( sig[i] == 0x2a ); + + /* try verification with invalid length */ + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len - 1 ) != 0 ); + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len + 1 ) != 0 ); + + /* try invalid sequence tag */ + sig[0]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) != 0 ); + sig[0]--; - while ( test_runs-- ) - { - memset( sig, 0x2a, sizeof( sig ) ); - - /* prepare material for signature */ - if ( test_runs == 1 ) - { - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, - hash, sizeof( hash ) ) - == 0 ); - } else { - TEST_ASSERT( mbedtls_test_rnd_zero_rand( NULL, - hash, sizeof( hash ) ) - == 0 ); - } - - /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - - /* generate and write signature, then read and verify it */ - TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, - hash, sizeof( hash ), - sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); - - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == 0 ); - - /* check we didn't write past the announced length */ - for( i = sig_len; i < sizeof( sig ); i++ ) - TEST_ASSERT( sig[i] == 0x2a ); - - /* try verification with invalid length */ - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len - 1 ) != 0 ); - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len + 1 ) != 0 ); - - /* try invalid sequence tag */ - sig[0]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) != 0 ); - sig[0]--; - - /* try modifying r */ - sig[10]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[10]--; - - /* try modifying s */ - sig[sig_len - 1]++; - TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[sig_len - 1]--; - } + /* try modifying r */ + sig[10]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[10]--; + + /* try modifying s */ + sig[sig_len - 1]++; + TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[sig_len - 1]--; exit: mbedtls_ecdsa_free( &ctx ); From 611f043736a97167e412be63784a63096fbea4a9 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 7 Apr 2021 19:19:47 +0200 Subject: [PATCH 6/7] Correct the new tests names Signed-off-by: TRodziewicz --- tests/suites/test_suite_ecdsa.data | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 8039d9b93e91..755a43cdd0c0 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -1,23 +1,23 @@ ECDSA Parameter validation ecdsa_invalid_param: -ECDSA primitive random #1 +ECDSA primitive hash zero #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1 -ECDSA primitive random #2 +ECDSA primitive hash zero #2 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP224R1 -ECDSA primitive random #3 +ECDSA primitive hash zero #3 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP256R1 -ECDSA primitive random #4 +ECDSA primitive hash zero #4 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP384R1 -ECDSA primitive random #5 +ECDSA primitive hash zero #5 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP521R1 @@ -53,23 +53,23 @@ ECDSA primitive rfc 4754 p521 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":0 -ECDSA write-read random #1 +ECDSA write-read hash zero #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP192R1 -ECDSA write-read random #2 +ECDSA write-read hash zero #2 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP224R1 -ECDSA write-read random #3 +ECDSA write-read hash zero #3 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP256R1 -ECDSA write-read random #4 +ECDSA write-read hash zero #4 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP384R1 -ECDSA write-read random #5 +ECDSA write-read hash zero #5 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP521R1 From 05942058e7d46b4c514288d34c85fe28a03c0cc2 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 7 Apr 2021 19:24:04 +0200 Subject: [PATCH 7/7] Remove debug statement Signed-off-by: TRodziewicz --- tests/suites/test_suite_ecdsa.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index f3e172797eaf..8157234f8f3f 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -391,8 +391,6 @@ void ecdsa_write_read_zero( int id ) memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0x2a, sizeof( sig ) ); - - TEST_ASSERT(0); /* generate signing key */ TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,