From be57179f42f8a7cb64f72f73ccea753400573b4f Mon Sep 17 00:00:00 2001 From: Lucas Mulling via Gcrypt-devel Date: Wed, 26 Feb 2025 12:29:53 -0300 Subject: [PATCH 02/14] cipher: Add KAT for non-rfc6979 ECDSA with fixed k MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cipher/ecc.c (run_selftests): Implement KAT for non-deterministic ECDSA. * cipher/ecc. (rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad, rfc6979_ecdsa_data_tmpl): New. Signed-off-by: Lucas Mulling Signed-off-by: Lucas Mülling --- cipher/ecc.c | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/cipher/ecc.c b/cipher/ecc.c index 525523ed..d331a014 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -93,23 +93,47 @@ static const char ecdsa_sample_secret_key_secp256[] = /**/ "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))"; /* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */ -static const char ecdsa_sample_data[] = +static const char rfc6979_ecdsa_sample_data[] = "(data (flags rfc6979 prehash)" " (hash-algo sha256)" " (value 6:sample))"; -static const char ecdsa_sample_data_bad[] = +static const char rfc6979_ecdsa_sample_data_bad[] = "(data (flags rfc6979)" " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915" /**/ "62113d8a62add1bf#))"; +static const char *rfc6979_ecdsa_data_tmpl = + "(data (flags rfc6979)" + " (hash %s %b))"; + +/* + * Sample data from RFC 6979 section A.2.5, with fixed k, + * hash is of message "sample". + */ +static const char ecdsa_sample_data[] = + "(data (flags raw prehash)" + " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)" + " (hash-algo sha256)" + " (value 6:sample))"; + +static const char ecdsa_sample_data_bad[] = + "(data (flags raw)" + " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)" + " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915" + /**/ "62113d8a62add1bf#))"; + +static const char *ecdsa_data_tmpl = + "(data (flags raw)" + " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)" + " (hash %s %b))"; + static const char ecdsa_signature_r[] = "efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716"; static const char ecdsa_signature_s[] = "f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8"; -static const char *ecdsa_data_tmpl = "(data (flags rfc6979) (hash %s %b))"; /* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */ static const char ecdsa_sample_data_string[] = "sample"; static const char ecdsa_sample_data_bad_string[] = "sbmple"; @@ -2409,6 +2433,16 @@ run_selftests (int algo, int extended, selftest_report_func_t report) if (r) return r; + r = selftests_ecc (report, extended, 0, + ecdsa_sample_secret_key_secp256, + ecdsa_sample_public_key_secp256, + rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad, + rfc6979_ecdsa_data_tmpl, + ecdsa_sample_data_string, ecdsa_sample_data_bad_string, + ecdsa_signature_r, ecdsa_signature_s); + if (r) + return r; + r = selftests_ecc (report, extended, 1, ed25519_sample_secret_key, ed25519_sample_public_key, -- 2.49.0