Don't depend on crypto/bytestring for ECDSA self-tests.

This will let us keep CBS/CBB out of the module. It also makes the PWCT
actually use a hard-coded public key since kEC was using the
private-key-only serialization.

Change-Id: I3769fa26fc789c4797a56534df73f810cf5441c4
Reviewed-on: https://boringssl-review.googlesource.com/15830
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2017-05-02 16:37:51 -04:00 committed by Adam Langley
parent 09ffa773dd
commit fa839dcac0

View File

@ -26,6 +26,7 @@
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#include <openssl/ec_key.h> #include <openssl/ec_key.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/nid.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include "../internal.h" #include "../internal.h"
@ -242,6 +243,41 @@ static RSA *self_test_rsa_key(void) {
return rsa; return rsa;
} }
static EC_KEY *self_test_ecdsa_key(void) {
static const uint8_t kQx[] = {
0xc8, 0x15, 0x61, 0xec, 0xf2, 0xe5, 0x4e, 0xde, 0xfe, 0x66, 0x17,
0xdb, 0x1c, 0x7a, 0x34, 0xa7, 0x07, 0x44, 0xdd, 0xb2, 0x61, 0xf2,
0x69, 0xb8, 0x3d, 0xac, 0xfc, 0xd2, 0xad, 0xe5, 0xa6, 0x81,
};
static const uint8_t kQy[] = {
0xe0, 0xe2, 0xaf, 0xa3, 0xf9, 0xb6, 0xab, 0xe4, 0xc6, 0x98, 0xef,
0x64, 0x95, 0xf1, 0xbe, 0x49, 0xa3, 0x19, 0x6c, 0x50, 0x56, 0xac,
0xb3, 0x76, 0x3f, 0xe4, 0x50, 0x7e, 0xec, 0x59, 0x6e, 0x88,
};
static const uint8_t kD[] = {
0xc6, 0xc1, 0xaa, 0xda, 0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c,
0x6c, 0xaf, 0x0f, 0xdb, 0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0,
0x93, 0x8b, 0x74, 0xf2, 0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77,
};
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
BIGNUM *qx = BN_bin2bn(kQx, sizeof(kQx), NULL);
BIGNUM *qy = BN_bin2bn(kQy, sizeof(kQy), NULL);
BIGNUM *d = BN_bin2bn(kD, sizeof(kD), NULL);
if (ec_key == NULL || qx == NULL || qy == NULL || d == NULL ||
!EC_KEY_set_public_key_affine_coordinates(ec_key, qx, qy) ||
!EC_KEY_set_private_key(ec_key, d) ||
!EC_KEY_check_fips(ec_key)) {
EC_KEY_free(ec_key);
ec_key = NULL;
}
BN_free(qx);
BN_free(qy);
BN_free(d);
return ec_key;
}
#ifndef OPENSSL_ASAN #ifndef OPENSSL_ASAN
/* These symbols are filled in by delocate.go. They point to the start and end /* These symbols are filled in by delocate.go. They point to the start and end
* of the module, and the location of the integrity hash, respectively. */ * of the module, and the location of the integrity hash, respectively. */
@ -350,13 +386,6 @@ static void BORINGSSL_bcm_power_on_self_test(void) {
0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d, 0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
0xd2, 0x0c, 0xb1, 0x64, 0xd2, 0x0c, 0xb1, 0x64,
}; };
static const uint8_t kEC[] = {
0x30, 0x31, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc6, 0xc1, 0xaa, 0xda,
0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c, 0x6c, 0xaf, 0x0f, 0xdb,
0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0, 0x93, 0x8b, 0x74, 0xf2,
0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77, 0xa0, 0x0a, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
const uint8_t kDRBGEntropy[48] = const uint8_t kDRBGEntropy[48] =
"BCM Known Answer Test DBRG Initial Entropy "; "BCM Known Answer Test DBRG Initial Entropy ";
const uint8_t kDRBGPersonalization[18] = "BCMPersonalization"; const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
@ -506,20 +535,22 @@ static void BORINGSSL_bcm_power_on_self_test(void) {
RSA_free(rsa_key); RSA_free(rsa_key);
CBS ec_cbs; EC_KEY *ec_key = self_test_ecdsa_key();
CBS_init(&ec_cbs, kEC, sizeof(kEC));
EC_KEY *ec_key = EC_KEY_parse_private_key(&ec_cbs, NULL);
if (ec_key == NULL) { if (ec_key == NULL) {
goto err; goto err;
} }
/* EC Sign/Verify PWCT */ /* ECDSA Sign/Verify PWCT */
if (!ECDSA_sign(0, kPlaintext, sizeof(kPlaintext), output, &sig_len, ec_key) || ECDSA_SIG *sig =
!ECDSA_verify(0, kPlaintext, sizeof(kPlaintext), output, sig_len, ec_key)) { ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
if (sig == NULL ||
!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
ec_key)) {
printf("ECDSA Sign/Verify PWCT failed.\n"); printf("ECDSA Sign/Verify PWCT failed.\n");
goto err; goto err;
} }
ECDSA_SIG_free(sig);
EC_KEY_free(ec_key); EC_KEY_free(ec_key);
/* DBRG KAT */ /* DBRG KAT */