yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make ECDSA signing known-answer tests internal unit tests.

Browse Source 
In the near future these tests will use an internal interface that
won't be available from outside the crate.
This commit is contained in:
Brian Smith 2018-06-11 13:28:30 -10:00
parent d85262ddca
commit d249aa57a0
4 changed files with 105 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
tests/ecdsa_sign_asn1_tests.txt → src/ec/suite_b/ecdsa/ecdsa_sign_asn1_tests.txt
View File

0
tests/ecdsa_sign_fixed_tests.txt → src/ec/suite_b/ecdsa/ecdsa_sign_fixed_tests.txt
View File

115
src/ec/suite_b/ecdsa/signing.rs
View File

@ -135,6 +135,15 @@ impl<'a> Key {
/// Deprecated.
pub fn sign(&self, msg: untrusted::Input, rng: &rand::SecureRandom)
-> Result<signature::Signature, error::Unspecified> {
// Step 4 (out of order).
let h = digest::digest(self.alg.digest_alg, msg.as_slice_less_safe());
self.sign_(&h, rng)
}
/// Returns the signature of message digest `h` using a "random" nonce
/// generated by `rng`.
fn sign_(&self, h: &digest::Digest, rng: &rand::SecureRandom)
-> Result<signature::Signature, error::Unspecified> {
// NSA Suite B Implementer's Guide to ECDSA Section 3.4.1: ECDSA
// Signature Generation.
@ -159,18 +168,6 @@ impl<'a> Key {
// `ECDSAKeyPair` ensure that #3 and #4 are met subject to the caveats
// in SP800-89 Section 6.
// Step 4 (out of order).
let h = digest::digest(self.alg.digest_alg, msg.as_slice_less_safe());
self.sign_(&h, rng)
}
/// Returns the signature of message digest `h` using a "random" nonce
/// generated by `rng`.
///
/// This is the interface that the CAVP ECDSA tests require, since they
/// only provide the message digest, not the message itself.
fn sign_(&self, h: &digest::Digest, rng: &rand::SecureRandom)
-> Result<signature::Signature, error::Unspecified> {
let ops = self.alg.private_scalar_ops;
let scalar_ops = ops.scalar_ops;
let cops = scalar_ops.common;
@ -362,3 +359,97 @@ static EC_PUBLIC_KEY_P384_PKCS8_V1_TEMPLATE: pkcs8::Template = pkcs8::Template {
curve_id_index: 9,
private_key_index: 0x23,
};
#[cfg(test)]
mod tests {
use {signature, test};
use untrusted;
#[test]
fn signature_ecdsa_sign_fixed_test() {
test::from_file("src/ec/suite_b/ecdsa/ecdsa_sign_fixed_tests.txt",
|section, test_case| {
assert_eq!(section, "");
let curve_name = test_case.consume_string("Curve");
let digest_name = test_case.consume_string("Digest");
let msg = test_case.consume_bytes("Msg");
let msg = untrusted::Input::from(&msg);
let d = test_case.consume_bytes("d");
let d = untrusted::Input::from(&d);
let q = test_case.consume_bytes("Q");
let q = untrusted::Input::from(&q);
let k = test_case.consume_bytes("k");
let expected_result = test_case.consume_bytes("Sig");
let alg = match (curve_name.as_str(), digest_name.as_str()) {
("P-256", "SHA256") => &signature::ECDSA_P256_SHA256_FIXED_SIGNING,
("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_FIXED_SIGNING,
_ => {
panic!("Unsupported curve+digest: {}+{}", curve_name,
digest_name);
}
};
let private_key =
signature::ECDSAKeyPair::
from_private_key_and_public_key(alg, d, q).unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };
let actual_result = private_key.sign(msg, &rng).unwrap();
assert_eq!(actual_result.as_ref(), &expected_result[..]);
Ok(())
});
}
#[test]
fn signature_ecdsa_sign_asn1_test() {
test::from_file("src/ec/suite_b/ecdsa/ecdsa_sign_asn1_tests.txt",
|section, test_case| {
assert_eq!(section, "");
let curve_name = test_case.consume_string("Curve");
let digest_name = test_case.consume_string("Digest");
let msg = test_case.consume_bytes("Msg");
let msg = untrusted::Input::from(&msg);
let d = test_case.consume_bytes("d");
let d = untrusted::Input::from(&d);
let q = test_case.consume_bytes("Q");
let q = untrusted::Input::from(&q);
let k = test_case.consume_bytes("k");
let expected_result = test_case.consume_bytes("Sig");
let alg = match (curve_name.as_str(), digest_name.as_str()) {
("P-256", "SHA256") => &signature::ECDSA_P256_SHA256_ASN1_SIGNING,
("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_ASN1_SIGNING,
_ => {
panic!("Unsupported curve+digest: {}+{}", curve_name,
digest_name);
}
};
let private_key =
signature::ECDSAKeyPair::
from_private_key_and_public_key(alg, d, q).unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };
let actual_result = private_key.sign(msg, &rng).unwrap();
assert_eq!(actual_result.as_ref(), &expected_result[..]);
Ok(())
});
}
}

88
tests/ecdsa_tests.rs
View File

@ -36,6 +36,8 @@ extern crate untrusted;
use ring::{rand, signature, test};
// ECDSA *signing* tests are in src/ec/ecdsa/signing.rs.
#[test]
fn ecdsa_from_pkcs8_test() {
test::from_file("tests/ecdsa_from_pkcs8_tests.txt", |section, test_case| {
@ -167,89 +169,3 @@ fn signature_ecdsa_verify_fixed_test() {
Ok(())
});
}
#[test]
fn signature_ecdsa_sign_fixed_test() {
test::from_file("tests/ecdsa_sign_fixed_tests.txt", |section, test_case| {
assert_eq!(section, "");
let curve_name = test_case.consume_string("Curve");
let digest_name = test_case.consume_string("Digest");
let msg = test_case.consume_bytes("Msg");
let msg = untrusted::Input::from(&msg);
let d = test_case.consume_bytes("d");
let d = untrusted::Input::from(&d);
let q = test_case.consume_bytes("Q");
let q = untrusted::Input::from(&q);
let k = test_case.consume_bytes("k");
let expected_result = test_case.consume_bytes("Sig");
let alg = match (curve_name.as_str(), digest_name.as_str()) {
("P-256", "SHA256") => &signature::ECDSA_P256_SHA256_FIXED_SIGNING,
("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_FIXED_SIGNING,
_ => {
panic!("Unsupported curve+digest: {}+{}", curve_name,
digest_name);
}
};
let private_key =
signature::ECDSAKeyPair::from_private_key_and_public_key(alg, d, q).unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };
let actual_result = private_key.sign(msg, &rng).unwrap();
assert_eq!(actual_result.as_ref(), &expected_result[..]);
Ok(())
});
}
#[test]
fn signature_ecdsa_sign_asn1_test() {
test::from_file("tests/ecdsa_sign_asn1_tests.txt", |section, test_case| {
assert_eq!(section, "");
let curve_name = test_case.consume_string("Curve");
let digest_name = test_case.consume_string("Digest");
let msg = test_case.consume_bytes("Msg");
let msg = untrusted::Input::from(&msg);
let d = test_case.consume_bytes("d");
let d = untrusted::Input::from(&d);
let q = test_case.consume_bytes("Q");
let q = untrusted::Input::from(&q);
let k = test_case.consume_bytes("k");
let expected_result = test_case.consume_bytes("Sig");
let alg = match (curve_name.as_str(), digest_name.as_str()) {
("P-256", "SHA256") => &signature::ECDSA_P256_SHA256_ASN1_SIGNING,
("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_ASN1_SIGNING,
_ => {
panic!("Unsupported curve+digest: {}+{}", curve_name,
digest_name);
}
};
let private_key =
signature::ECDSAKeyPair::from_private_key_and_public_key(alg, d, q).unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };
println!("Asfd");
let actual_result = private_key.sign(msg, &rng).unwrap();
println!("Asfdasdfasdfasdfasdfsadf");
assert_eq!(actual_result.as_ref(), &expected_result[..]);
Ok(())
});
}