failing wycheproof test - extreme value for k

karel-m · karel-m · commit 5eba6fbce308 · 2018-10-14T15:50:12.000+02:00
diff --git a/tests/ecc_test.c b/tests/ecc_test.c
@@ -295,13 +295,14 @@ static int _ecc_issue443_447(void)
 static int _ecc_issue446(void)
 {
    const ltc_ecc_curve* cu;
-   ecc_key key1, key2;
+   ecc_key key1, key2, key3;
    int err, stat = 0;
    unsigned char hash[64];
    unsigned long hashlen;
    const unsigned char msg1[] = { 0x31,0x32,0x33,0x34,0x30,0x30 };
    const unsigned char msg2[] = { 0x36,0x39,0x38,0x31,0x39 };
    const unsigned char msg3[] = { 0x4d,0x73,0x67 };
+   const unsigned char msg4[] = { 0x54,0x65,0x73,0x74 };
    const unsigned char pub1[] = {
       0x04, /* secp256r1 */
       0x29,0x27,0xb1,0x05,0x12,0xba,0xe3,0xed,0xdc,0xfe,0x46,0x78,0x28,0x12,0x8b,0xad,
@@ -316,6 +317,13 @@ static int _ecc_issue446(void)
       0x00,0xb3,0x2f,0x3a,0x2d,0x15,0x3a,0x52,0xbb,0x57,0x76,0x50,0xcd,0xf1,
       0xb7,0x3a,0x34,0x05,0x35,0xc7,0xe7,0x3d,0xeb,0x59,0x9a,0xa9,0x50,0x88
    };
+   const unsigned char pub3[] = {
+      0x04, /* brainpoolP256r1 */
+      0x30,0x29,0x1b,0xca,0x4e,0xb9,0x3c,0x41,0x99,0x1d,0xae,0xc0,0xfd,0x2e,0x87,0xc2,
+      0x77,0x8d,0x95,0x8d,0x9a,0x8e,0x2f,0xa4,0xe6,0xd3,0x83,0x5d,0x48,0x5b,0xc2,0x3e,
+      0x42,0x17,0xf6,0x84,0xcf,0xdd,0x83,0x6d,0x7c,0xf6,0x09,0x9a,0x34,0xc6,0x82,0x61,
+      0xe5,0xa0,0x94,0xad,0xb5,0xb3,0xe4,0xa9,0x26,0x2f,0xf5,0x95,0x7c,0x1b,0x1b,0xa8
+   };
    /* msg1+pub1+sig1 test vector is from wycheproof/ecdsa_test VALID */
    const unsigned char sig1[] = {
       0x30,0x45,0x02,0x20,0x2b,0xa3,0xa8,0xbe,0x6b,0x94,0xd5,0xec,0x80,0xa6,0xd9,0xd1,0x19,0x0a,
@@ -357,6 +365,13 @@ static int _ecc_issue446(void)
       0x6d,0xc1,0x80,0x32,0xd2,0x68,0xfd,0x1a,0x70,0x4f,0xa6,0x02,0x1c,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
       0x55,0x55,0x55,0x55,0x55,0x55,0x07,0x8b,0xa0,0x3d,0xa5,0x6a,0x06,0x9f,0x0d,0xc1,0xc9,0x74,0x0e,0x14
    };
+   /* msg4+pub3+sig7 test vector is from wycheproof/ecdsa_test VALID (extreme value for k) */
+   const unsigned char sig7[] = {
+      0x30,0x44,0x02,0x20,0x74,0x3c,0xf1,0xb8,0xb5,0xcd,0x4f,0x2e,0xb5,0x5f,0x8a,0xa3,0x69,0x59,
+      0x3a,0xc4,0x36,0xef,0x04,0x41,0x66,0x69,0x9e,0x37,0xd5,0x1a,0x14,0xc2,0xce,0x13,0xea,0x0e,
+      0x02,0x20,0x77,0x47,0x2d,0x9a,0x28,0xb4,0xec,0xe7,0x1c,0xf4,0x13,0xa6,0x8e,0xac,0x0e,0xb4,
+      0x23,0xa1,0x6f,0xb4,0x62,0xb1,0xf4,0x87,0x06,0xfe,0xd4,0x8c,0xa4,0x37,0xbd,0x2d
+   };
 
    DO(ecc_find_curve("secp256r1", &cu));
    DO(ecc_set_curve(cu, &key1));
@@ -366,6 +381,10 @@ static int _ecc_issue446(void)
    DO(ecc_set_curve(cu, &key2));
    DO(ecc_set_key(pub2, sizeof(pub2), PK_PUBLIC, &key2));
 
+   DO(ecc_find_curve("brainpoolP256r1", &cu));
+   DO(ecc_set_curve(cu, &key3));
+   DO(ecc_set_key(pub3, sizeof(pub3), PK_PUBLIC, &key3));
+
    hashlen = sizeof(hash);
    DO(hash_memory(find_hash("sha256"), msg1, sizeof(msg1), hash, &hashlen));
    DO(ecc_verify_hash(sig1, sizeof(sig1), hash, hashlen, &stat, &key1));
@@ -405,6 +424,14 @@ static int _ecc_issue446(void)
       /* return CRYPT_FAIL_TESTVECTOR; / * expected result: VALID */
    }
 
+   hashlen = sizeof(hash);
+   DO(hash_memory(find_hash("sha256"), msg4, sizeof(msg4), hash, &hashlen));
+   DO(ecc_verify_hash(sig7, sizeof(sig7), hash, hashlen, &stat, &key3));
+   if (stat != 1) {
+      fprintf(stderr, "XXX-TODO should be valid - wycheproof / extreme value for k\n");
+      /* return CRYPT_FAIL_TESTVECTOR; / * expected result: VALID */
+   }
+
    ecc_free(&key1);
    ecc_free(&key2);
    return CRYPT_OK;
