diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2022-09-14 16:17:52 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2022-09-14 16:17:52 +0200 |
| commit | 4eb5868ce8963827aa6e00a01ed90df488b288fe (patch) | |
| tree | 88ab45104879a65fe6ade2986b7f3f10d1a6536c /testsuite | |
| parent | daabcc72a87a61f69188c26cf8ddabfc98ef64f0 (diff) | |
| download | nettle-4eb5868ce8963827aa6e00a01ed90df488b288fe.tar.gz | |
Fix ECDSA verify corner case
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_nonsec_add_jjj,
to produce correct result in a corner case where point addition
needs to use point duplication. Also use ecc_j_to_a rather than
ecc->h_to_a, since ecdsa supports only weierstrass curves.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Analogous change.
* testsuite/ecdsa-verify-test.c (test_main): Add corresponding test.
* testsuite/ecdsa-sign-test.c (test_main): And a test producing
the problematic signature.
Diffstat (limited to 'testsuite')
| -rw-r--r-- | testsuite/ecdsa-sign-test.c | 12 | ||||
| -rw-r--r-- | testsuite/ecdsa-verify-test.c | 15 |
2 files changed, 27 insertions, 0 deletions
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c index c79493ae..b8a100b6 100644 --- a/testsuite/ecdsa-sign-test.c +++ b/testsuite/ecdsa-sign-test.c @@ -77,6 +77,18 @@ test_main (void) "3a41e1423b1853e8aa89747b1f987364" "44705d6d6d8371ea1f578f2e"); /* s */ + /* Produce a signature where verify operation results in a point duplication. */ + test_ecdsa (&_nettle_secp_256r1, + "1", /* Private key */ + "01010101010101010101010101010101" + "01010101010101010101010101010101", /* nonce */ + SHEX("6ff03b949241ce1dadd43519e6960e0a" + "85b41a69a05c328103aa2bce1594ca16"), /* hash */ + "6ff03b949241ce1dadd43519e6960e0a" + "85b41a69a05c328103aa2bce1594ca16", /* r */ + "53f097727a0e0dc284a0daa0da0ab77d" + "5792ae67ed075d1f8d5bda0f853fa093"); /* s */ + /* Test cases for the smaller groups, verified with a proof-of-concept implementation done for Yubico AB. */ test_ecdsa (&_nettle_secp_192r1, diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c index 8110c64d..8d527000 100644 --- a/testsuite/ecdsa-verify-test.c +++ b/testsuite/ecdsa-verify-test.c @@ -109,6 +109,21 @@ test_main (void) "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */ "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */ + /* Test case provided by Guido Vranken, from oss-fuzz. Triggers + point duplication in the verify operation by using private key = + 1 (public key = generator) and hash = r. */ + test_ecdsa (&_nettle_secp_256r1, + "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296", /* x */ + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5", /* y */ + SHEX("6ff03b949241ce1dadd43519e6960e0a" + "85b41a69a05c328103aa2bce1594ca16"), /* hash */ + "6ff03b949241ce1dadd43519e6960e0a" + "85b41a69a05c328103aa2bce1594ca16", /* r */ + "53f097727a0e0dc284a0daa0da0ab77d" + "5792ae67ed075d1f8d5bda0f853fa093"); /* s */ + /* From RFC 4754 */ test_ecdsa (&_nettle_secp_256r1, "2442A5CC 0ECD015F A3CA31DC 8E2BBC70" |