mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make.

Browse Source
This commit is contained in:
David Garske 2020-07-17 12:26:27 -07:00
parent 547144bc9c
commit 90ee12f51a
2 changed files with 438 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -4450,6 +4450,9 @@ if test "$ENABLED_SP_ASM" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
fi
if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AC_MSG_ERROR([SP non-blocking not supported with sp-asm])
fi
if test "$ENABLED_ASM" = "no"; then
AC_MSG_ERROR([Assembly code turned off])
fi

435
wolfcrypt/test/test.c
View File

@ -20051,6 +20051,433 @@ exit:
}
#endif
/* ECC Non-blocking tests for Sign and Verify */
/* Requires SP math and supports P384 or P256 */
/* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
/* Test Data - Random */
static const uint8_t kMsg[] = {
0x69, 0xbc, 0x9f, 0xce, 0x68, 0x17, 0xc2, 0x10, 0xea, 0xfc, 0x10, 0x65, 0x67, 0x52, 0xed, 0x78,
0x6e, 0xb8, 0x83, 0x9c, 0x9a, 0xb4, 0x56, 0x0d, 0xc1, 0x0d, 0x1f, 0x78, 0x6e, 0x75, 0xd7, 0xbe,
0x92, 0x6b, 0x12, 0xf6, 0x76, 0x60, 0x8e, 0xb1, 0xf4, 0x19, 0x0c, 0x81, 0xe7, 0x54, 0x5e, 0xbc,
0xe0, 0xae, 0xc2, 0x7d, 0x1b, 0xc4, 0x6e, 0xec, 0xb1, 0x99, 0x6c, 0xbf, 0x0e, 0x38, 0xa8, 0x01,
0xa6, 0x9a, 0x48, 0x12, 0xe4, 0xc9, 0x3b, 0xf0, 0x63, 0x46, 0x15, 0xb4, 0x61, 0xa8, 0x1a, 0x60,
0x71, 0x87, 0x98, 0xd7, 0x6f, 0x98, 0x7b, 0x2d, 0xb9, 0x19, 0x1b, 0x21, 0x9c, 0x70, 0x58, 0xe8,
0x0d, 0x0f, 0xe9, 0x2d, 0x9a, 0x9a, 0xf1, 0x55, 0xa0, 0x4c, 0xd3, 0x07, 0xbd, 0x97, 0x48, 0xec,
0x88, 0x0a, 0xaf, 0xb3, 0x80, 0x78, 0xa4, 0x59, 0x43, 0x57, 0xd3, 0xa7, 0x01, 0x66, 0x0e, 0xfc
};
/* ECC Private Key "d" */
static const uint8_t kPrivKey[] = {
#ifdef HAVE_ECC384
/* SECP384R1 */
/* d */
0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
#else
/* SECP256R1 */
/* d */
0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
#endif
};
/* ECC public key Qx/Qy */
static const uint8_t kPubKey[] = {
#ifdef HAVE_ECC384
/* SECP384R1 */
/* Qx */
0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
/* Qy */
0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
#else
/* SECP256R1 */
/* Qx */
0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
/* Qy */
0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
#endif
};
/* ECC Curve */
#ifdef HAVE_ECC384
/* SECP384R1 */
#define ECC_CURVE_SZ 48
#define ECC_CURVE_ID ECC_SECP384R1
#else
/* SECP256R1 */
#define ECC_CURVE_SZ 32
#define ECC_CURVE_ID ECC_SECP256R1
#endif
/* Hash Algorithm */
#if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
#define HASH_DIGEST_SZ WC_SHA3_384_DIGEST_SIZE
#define HASH_SHA_VER 3
#define CRYPTO_HASH_FN crypto_sha3_384
#elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
#define HASH_DIGEST_SZ WC_SHA384_DIGEST_SIZE
#define HASH_SHA_VER 2
#define CRYPTO_HASH_FN crypto_sha2_384
#elif !defined(NO_SHA256)
#define HASH_DIGEST_SZ WC_SHA256_DIGEST_SIZE
#define HASH_SHA_VER 2
#define CRYPTO_HASH_FN crypto_sha2_256
#else
#error test configuration not supported
#endif
#if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
/* helper to perform hashing block by block */
static int crypto_sha3_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
uint32_t hashSz, uint32_t blkSz)
{
int ret;
uint32_t i = 0, chunk;
wc_Sha3 sha3;
/* validate arguments */
if ((buf == NULL && len > 0) || hash == NULL ||
hashSz < WC_SHA3_384_DIGEST_SIZE || blkSz == 0)
{
return BAD_FUNC_ARG;
}
/* Init Sha3_384 structure */
ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID);
if (ret != 0) {
return ret;
}
while (i < len) {
chunk = blkSz;
if ((chunk + i) > len)
chunk = len - i;
/* Perform chunked update */
ret = wc_Sha3_384_Update(&sha3, (buf + i), chunk);
if (ret != 0) {
break;
}
i += chunk;
}
if (ret == 0) {
/* Get final digest result */
ret = wc_Sha3_384_Final(&sha3, hash);
}
return ret;
}
#elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
/* helper to perform hashing block by block */
static int crypto_sha2_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
uint32_t hashSz, uint32_t blkSz)
{
int ret;
uint32_t i = 0, chunk;
wc_Sha384 sha384;
/* validate arguments */
if ((buf == NULL && len > 0) || hash == NULL ||
hashSz < WC_SHA384_DIGEST_SIZE || blkSz == 0)
{
return BAD_FUNC_ARG;
}
/* Init Sha384 structure */
ret = wc_InitSha384(&sha384);
if (ret != 0) {
return ret;
}
while (i < len) {
chunk = blkSz;
if ((chunk + i) > len)
chunk = len - i;
/* Perform chunked update */
ret = wc_Sha384Update(&sha384, (buf + i), chunk);
if (ret != 0) {
break;
}
i += chunk;
}
if (ret == 0) {
/* Get final digest result */
ret = wc_Sha384Final(&sha384, hash);
}
return ret;
}
#elif !defined(NO_SHA256)
/* helper to perform hashing block by block */
static int crypto_sha2_256(const uint8_t *buf, uint32_t len, uint8_t *hash,
uint32_t hashSz, uint32_t blkSz)
{
int ret;
uint32_t i = 0, chunk;
wc_Sha256 sha256;
/* validate arguments */
if ((buf == NULL && len > 0) || hash == NULL ||
hashSz < WC_SHA256_DIGEST_SIZE || blkSz == 0)
{
return BAD_FUNC_ARG;
}
/* Init Sha256 structure */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
return ret;
}
while (i < len) {
chunk = blkSz;
if ((chunk + i) > len)
chunk = len - i;
/* Perform chunked update */
ret = wc_Sha256Update(&sha256, (buf + i), chunk);
if (ret != 0) {
break;
}
i += chunk;
}
if (ret == 0) {
/* Get final digest result */
ret = wc_Sha256Final(&sha256, hash);
}
return ret;
}
#endif
/* perform verify of signature and hash using public key */
/* key is public Qx + public Qy */
/* sig is r + s */
static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz,
uint32_t curveSz, int curveId)
{
int ret, verify_res = 0;
mp_int r, s;
ecc_key ecc;
ecc_nb_ctx_t nb_ctx;
/* validate arguments */
if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
{
return BAD_FUNC_ARG;
}
/* Setup the ECC key */
ret = wc_ecc_init(&ecc);
if (ret < 0) {
return ret;
}
ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return ret;
}
/* Setup the signature r/s variables */
ret = mp_init(&r);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return ret;
}
ret = mp_init(&s);
if (ret != MP_OKAY) {
mp_clear(&r);
wc_ecc_free(&ecc);
return ret;
}
/* Import public key x/y */
ret = wc_ecc_import_unsigned(
&ecc,
(byte*)key, /* Public "x" Coordinate */
(byte*)(key + curveSz), /* Public "y" Coordinate */
NULL, /* Private "d" (optional) */
curveId /* ECC Curve Id */
);
/* Make sure it was a public key imported */
if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
ret = ECC_BAD_ARG_E;
}
/* Import signature r/s */
if (ret == 0) {
ret = mp_read_unsigned_bin(&r, sig, curveSz);
}
if (ret == 0) {
ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
}
/* Verify ECC Signature */
if (ret == 0) {
do {
ret = wc_ecc_verify_hash_ex(
&r, &s, /* r/s as mp_int */
hash, hashSz, /* computed hash digest */
&verify_res, /* verification result 1=success */
&ecc
);
/* TODO: Real-time work can be called here */
} while (ret == FP_WOULDBLOCK);
}
/* check verify result */
if (ret == 0 && verify_res == 0) {
ret = SIG_VERIFY_E;
}
mp_clear(&r);
mp_clear(&s);
wc_ecc_free(&ecc);
return ret;
}
/* perform signature operation against hash using private key */
static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz,
uint32_t curveSz, int curveId, WC_RNG* rng)
{
int ret;
mp_int r, s;
ecc_key ecc;
ecc_nb_ctx_t nb_ctx;
/* validate arguments */
if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
{
return BAD_FUNC_ARG;
}
/* Initialize signature result */
memset(sig, 0, curveSz*2);
/* Setup the ECC key */
ret = wc_ecc_init(&ecc);
if (ret < 0) {
return ret;
}
ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return ret;
}
/* Setup the signature r/s variables */
ret = mp_init(&r);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return ret;
}
ret = mp_init(&s);
if (ret != MP_OKAY) {
mp_clear(&r);
wc_ecc_free(&ecc);
return ret;
}
/* Import private key "k" */
ret = wc_ecc_import_private_key_ex(
key, keySz, /* private key "d" */
NULL, 0, /* public (optional) */
&ecc,
curveId /* ECC Curve Id */
);
if (ret == 0) {
do {
/* Verify ECC Signature */
ret = wc_ecc_sign_hash_ex(
hash, hashSz, /* computed hash digest */
rng, &ecc, /* random and key context */
&r, &s /* r/s as mp_int */
);
/* TODO: Real-time work can be called here */
} while (ret == FP_WOULDBLOCK);
}
if (ret == 0) {
/* export r/s */
mp_to_unsigned_bin(&r, sig);
mp_to_unsigned_bin(&s, sig + curveSz);
}
mp_clear(&r);
mp_clear(&s);
wc_ecc_free(&ecc);
return ret;
}
static int ecc_test_nonblock(WC_RNG* rng)
{
int ret;
uint8_t hash[HASH_DIGEST_SZ];
uint8_t sig[ECC_CURVE_SZ*2];
uint32_t sigSz = sizeof(sig);
ret = CRYPTO_HASH_FN(
kMsg, sizeof(kMsg), /* input message */
hash, sizeof(hash), /* hash digest result */
32 /* configurable block / chunk size */
);
if (ret == 0) {
/* Sign hash using private key */
/* Note: result of an ECC sign varies for each call even with same
private key and hash. This is because a new random public key is
used for each operation. */
ret = crypto_ecc_sign(
kPrivKey, sizeof(kPrivKey), /* private key */
hash, sizeof(hash), /* computed hash digest */
sig, &sigSz, /* signature r/s */
ECC_CURVE_SZ, /* curve size in bytes */
ECC_CURVE_ID, /* curve id */
rng
);
}
if (ret == 0) {
/* Verify generated signature is valid */
ret = crypto_ecc_verify(
kPubKey, sizeof(kPubKey), /* public key point x/y */
hash, sizeof(hash), /* computed hash digest */
sig, sigSz, /* signature r/s */
ECC_CURVE_SZ, /* curve size in bytes */
ECC_CURVE_ID /* curve id */
);
}
return ret;
}
#endif /* WC_ECC_NONBLOCK && WOLFSSL_PUBLIC_MP && HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
int ecc_test(void)
{
int ret;
@ -20193,6 +20620,14 @@ int ecc_test(void)
}
#endif
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
ret = ecc_test_nonblock(&rng);
if (ret != 0) {
printf("ecc_test_nonblock failed!: %d\n", ret);
}
#endif
done:
wc_FreeRng(&rng);