Don't depend on crypto/bytestring for ECDSA self-tests.
This will let us keep CBS/CBB out of the module. It also makes the PWCT actually use a hard-coded public key since kEC was using the private-key-only serialization. Change-Id: I3769fa26fc789c4797a56534df73f810cf5441c4 Reviewed-on: https://boringssl-review.googlesource.com/15830 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
09ffa773dd
commit
fa839dcac0
@ -26,6 +26,7 @@
|
|||||||
#include <openssl/ecdsa.h>
|
#include <openssl/ecdsa.h>
|
||||||
#include <openssl/ec_key.h>
|
#include <openssl/ec_key.h>
|
||||||
#include <openssl/hmac.h>
|
#include <openssl/hmac.h>
|
||||||
|
#include <openssl/nid.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
|
|
||||||
#include "../internal.h"
|
#include "../internal.h"
|
||||||
@ -242,6 +243,41 @@ static RSA *self_test_rsa_key(void) {
|
|||||||
return rsa;
|
return rsa;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static EC_KEY *self_test_ecdsa_key(void) {
|
||||||
|
static const uint8_t kQx[] = {
|
||||||
|
0xc8, 0x15, 0x61, 0xec, 0xf2, 0xe5, 0x4e, 0xde, 0xfe, 0x66, 0x17,
|
||||||
|
0xdb, 0x1c, 0x7a, 0x34, 0xa7, 0x07, 0x44, 0xdd, 0xb2, 0x61, 0xf2,
|
||||||
|
0x69, 0xb8, 0x3d, 0xac, 0xfc, 0xd2, 0xad, 0xe5, 0xa6, 0x81,
|
||||||
|
};
|
||||||
|
static const uint8_t kQy[] = {
|
||||||
|
0xe0, 0xe2, 0xaf, 0xa3, 0xf9, 0xb6, 0xab, 0xe4, 0xc6, 0x98, 0xef,
|
||||||
|
0x64, 0x95, 0xf1, 0xbe, 0x49, 0xa3, 0x19, 0x6c, 0x50, 0x56, 0xac,
|
||||||
|
0xb3, 0x76, 0x3f, 0xe4, 0x50, 0x7e, 0xec, 0x59, 0x6e, 0x88,
|
||||||
|
};
|
||||||
|
static const uint8_t kD[] = {
|
||||||
|
0xc6, 0xc1, 0xaa, 0xda, 0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c,
|
||||||
|
0x6c, 0xaf, 0x0f, 0xdb, 0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0,
|
||||||
|
0x93, 0x8b, 0x74, 0xf2, 0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77,
|
||||||
|
};
|
||||||
|
|
||||||
|
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||||
|
BIGNUM *qx = BN_bin2bn(kQx, sizeof(kQx), NULL);
|
||||||
|
BIGNUM *qy = BN_bin2bn(kQy, sizeof(kQy), NULL);
|
||||||
|
BIGNUM *d = BN_bin2bn(kD, sizeof(kD), NULL);
|
||||||
|
if (ec_key == NULL || qx == NULL || qy == NULL || d == NULL ||
|
||||||
|
!EC_KEY_set_public_key_affine_coordinates(ec_key, qx, qy) ||
|
||||||
|
!EC_KEY_set_private_key(ec_key, d) ||
|
||||||
|
!EC_KEY_check_fips(ec_key)) {
|
||||||
|
EC_KEY_free(ec_key);
|
||||||
|
ec_key = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
BN_free(qx);
|
||||||
|
BN_free(qy);
|
||||||
|
BN_free(d);
|
||||||
|
return ec_key;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_ASAN
|
#ifndef OPENSSL_ASAN
|
||||||
/* These symbols are filled in by delocate.go. They point to the start and end
|
/* These symbols are filled in by delocate.go. They point to the start and end
|
||||||
* of the module, and the location of the integrity hash, respectively. */
|
* of the module, and the location of the integrity hash, respectively. */
|
||||||
@ -350,13 +386,6 @@ static void BORINGSSL_bcm_power_on_self_test(void) {
|
|||||||
0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
|
0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
|
||||||
0xd2, 0x0c, 0xb1, 0x64,
|
0xd2, 0x0c, 0xb1, 0x64,
|
||||||
};
|
};
|
||||||
static const uint8_t kEC[] = {
|
|
||||||
0x30, 0x31, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc6, 0xc1, 0xaa, 0xda,
|
|
||||||
0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c, 0x6c, 0xaf, 0x0f, 0xdb,
|
|
||||||
0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0, 0x93, 0x8b, 0x74, 0xf2,
|
|
||||||
0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77, 0xa0, 0x0a, 0x06, 0x08, 0x2a,
|
|
||||||
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
|
|
||||||
};
|
|
||||||
const uint8_t kDRBGEntropy[48] =
|
const uint8_t kDRBGEntropy[48] =
|
||||||
"BCM Known Answer Test DBRG Initial Entropy ";
|
"BCM Known Answer Test DBRG Initial Entropy ";
|
||||||
const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
|
const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
|
||||||
@ -506,20 +535,22 @@ static void BORINGSSL_bcm_power_on_self_test(void) {
|
|||||||
|
|
||||||
RSA_free(rsa_key);
|
RSA_free(rsa_key);
|
||||||
|
|
||||||
CBS ec_cbs;
|
EC_KEY *ec_key = self_test_ecdsa_key();
|
||||||
CBS_init(&ec_cbs, kEC, sizeof(kEC));
|
|
||||||
EC_KEY *ec_key = EC_KEY_parse_private_key(&ec_cbs, NULL);
|
|
||||||
if (ec_key == NULL) {
|
if (ec_key == NULL) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EC Sign/Verify PWCT */
|
/* ECDSA Sign/Verify PWCT */
|
||||||
if (!ECDSA_sign(0, kPlaintext, sizeof(kPlaintext), output, &sig_len, ec_key) ||
|
ECDSA_SIG *sig =
|
||||||
!ECDSA_verify(0, kPlaintext, sizeof(kPlaintext), output, sig_len, ec_key)) {
|
ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
|
||||||
|
if (sig == NULL ||
|
||||||
|
!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
|
||||||
|
ec_key)) {
|
||||||
printf("ECDSA Sign/Verify PWCT failed.\n");
|
printf("ECDSA Sign/Verify PWCT failed.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ECDSA_SIG_free(sig);
|
||||||
EC_KEY_free(ec_key);
|
EC_KEY_free(ec_key);
|
||||||
|
|
||||||
/* DBRG KAT */
|
/* DBRG KAT */
|
||||||
|
Loading…
Reference in New Issue
Block a user