22855031980

Committed 09 Mar 2026 01:10PM UTC coverage: 90.173% (-0.01%) from 90.184%

Build # 22855031980

Build Type

Pull #5425

github

Committed by

web-flow

Commit Message

Merge 058be2a86 into cdaa9c0ff

Pull Request Pull Request #5425: BigInt encoding cleanups

Run Details

103789 of 115100 relevant lines covered (90.17%)

11503649.25 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.13

/src/tests/test_ecdsa.cpp

/*
* (C) 2014,2015 Jack Lloyd
* (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_ECDSA)
   #include "test_pubkey.h"
   #include "test_rng.h"
   #include <botan/ec_group.h>
   #include <botan/ecdsa.h>
   #include <botan/hash.h>
   #include <botan/pk_algs.h>
   #include <botan/pkcs8.h>
   #include <botan/pubkey.h>
   #include <botan/rng.h>
   #include <botan/internal/buffer_stuffer.h>
#endif

namespace Botan_Tests {

namespace {

#if defined(BOTAN_HAS_ECDSA)

class ECDSA_Verification_Tests final : public PK_Signature_Verification_Test {
   public:
      ECDSA_Verification_Tests() :
            PK_Signature_Verification_Test("ECDSA", "pubkey/ecdsa_verify.vec", "Group,Px,Py,Msg,Signature", "Valid") {}

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::string group_id = vars.get_req_str("Group");
         const BigInt px = vars.get_req_bn("Px");
         const BigInt py = vars.get_req_bn("Py");
         const auto group = Botan::EC_Group::from_name(group_id);

         const auto public_key = Botan::EC_AffinePoint::from_bigint_xy(group, px, py).value();

         return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);
      }

      std::string default_padding(const VarMap& /*unused*/) const override { return "Raw"; }
};

class ECDSA_Wycheproof_Verification_Tests final : public PK_Signature_Verification_Test {
   public:
      ECDSA_Wycheproof_Verification_Tests() :
            PK_Signature_Verification_Test(
               "ECDSA", "pubkey/ecdsa_wycheproof.vec", "Group,Px,Py,Hash,Msg,Signature,Valid") {}

      bool clear_between_callbacks() const override { return false; }

      Botan::Signature_Format sig_format() const override { return Botan::Signature_Format::DerSequence; }

      bool test_random_invalid_sigs() const override { return false; }

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::string group_id = vars.get_req_str("Group");
         const BigInt px = vars.get_req_bn("Px");
         const BigInt py = vars.get_req_bn("Py");
         const auto group = Botan::EC_Group::from_name(group_id);

         const auto public_key = Botan::EC_AffinePoint::from_bigint_xy(group, px, py).value();

         return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);
      }

      std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }
};

class ECDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test {
   public:
      ECDSA_Signature_KAT_Tests() :
            PK_Signature_Generation_Test("ECDSA",
   #if defined(BOTAN_HAS_RFC6979_GENERATOR)
                                         "pubkey/ecdsa_rfc6979.vec",
                                         "Group,X,Hash,Msg,Signature") {
      }
   #else
                                         "pubkey/ecdsa_prob.vec",
                                         "Group,X,Hash,Msg,Nonce,Signature") {
      }
   #endif

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override {
         const std::string group_id = vars.get_req_str("Group");
         const BigInt x = vars.get_req_bn("X");
         const auto group = Botan::EC_Group::from_name(group_id);

         return std::make_unique<Botan::ECDSA_PrivateKey>(this->rng(), group, x);
      }

      std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }

   #if !defined(BOTAN_HAS_RFC6979_GENERATOR)
      std::unique_ptr<Botan::RandomNumberGenerator> test_rng(const std::vector<uint8_t>& nonce) const override {
         // probabilistic ecdsa signature generation extracts more random than just the nonce,
         // but the nonce is extracted first
         return std::make_unique<Fixed_Output_Position_RNG>(nonce, 1, this->rng());
      }
   #endif
};

class ECDSA_KAT_Verification_Tests final : public PK_Signature_Verification_Test {
   public:
      ECDSA_KAT_Verification_Tests() :
            PK_Signature_Verification_Test("ECDSA",
   #if !defined(BOTAN_HAS_RFC6979_GENERATOR)
                                           "pubkey/ecdsa_rfc6979.vec",
                                           "Group,X,Hash,Msg,Signature") {
      }
   #else
                                           "pubkey/ecdsa_prob.vec",
                                           "Group,X,Hash,Msg,Nonce,Signature") {
      }
   #endif

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::string group_id = vars.get_req_str("Group");
         const BigInt x = vars.get_req_bn("X");
         const auto group = Botan::EC_Group::from_name(group_id);

         const Botan::ECDSA_PrivateKey priv_key(this->rng(), group, x);

         return priv_key.public_key();
      }

      std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }
};

class ECDSA_Sign_Verify_DER_Test final : public PK_Sign_Verify_DER_Test {
   public:
      ECDSA_Sign_Verify_DER_Test() : PK_Sign_Verify_DER_Test("ECDSA", "SHA-512") {}

      std::unique_ptr<Botan::Private_Key> key() override {
         return Botan::create_private_key("ECDSA", this->rng(), "secp256r1");
      }
};

class ECDSA_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         const auto& grp = Botan::EC_Group::known_named_groups();
         return std::vector<std::string>(grp.begin(), grp.end());
      }

      std::string algo_name() const override { return "ECDSA"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         const auto group = Botan::EC_Group(keygen_params);
         const auto public_key = Botan::EC_AffinePoint(group, raw_pk);
         return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);
      }
};

class ECDSA_Keygen_Stability_Tests final : public PK_Key_Generation_Stability_Test {
   public:
      ECDSA_Keygen_Stability_Tests() : PK_Key_Generation_Stability_Test("ECDSA", "pubkey/ecdsa_keygen.vec") {}
};

   #if defined(BOTAN_HAS_EMSA_RAW)

class ECDSA_Key_Recovery_Tests final : public Text_Based_Test {
   public:
      ECDSA_Key_Recovery_Tests() : Text_Based_Test("pubkey/ecdsa_key_recovery.vec", "Group,Msg,R,S,V,Pubkey") {}

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         Test::Result result("ECDSA key recovery");

         const std::string group_id = vars.get_req_str("Group");
         const auto group = Botan::EC_Group::from_name(group_id);

         const BigInt R = vars.get_req_bn("R");
         const BigInt S = vars.get_req_bn("S");
         const uint8_t V = vars.get_req_u8("V");
         const std::vector<uint8_t> msg = vars.get_req_bin("Msg");
         const auto expected_pubkey = vars.get_req_bin("Pubkey");

         try {
            const Botan::ECDSA_PublicKey pubkey(group, msg, R, S, V);
            result.test_bin_eq("Pubkey X coordinate", pubkey.public_key_bits(), expected_pubkey);

            const uint8_t computed_V = pubkey.recovery_param(msg, R, S);
            result.test_u8_eq("Recovery param is correct", computed_V, V);

            Botan::PK_Verifier verifier(pubkey, "Raw");

            const size_t n_bytes = group.get_order_bytes();
            std::vector<uint8_t> sig(2 * n_bytes);
            Botan::BufferStuffer stuffer(sig);
            R.serialize_to(stuffer.next(n_bytes));
            S.serialize_to(stuffer.next(n_bytes));

            result.test_is_true("Signature verifies", verifier.verify_message(msg, sig));
         } catch(Botan::Exception& e) {
            result.test_failure("Failed to recover ECDSA public key", e.what());
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecdsa_key_recovery", ECDSA_Key_Recovery_Tests);

   #endif

class ECDSA_Invalid_Key_Tests final : public Text_Based_Test {
   public:
      ECDSA_Invalid_Key_Tests() : Text_Based_Test("pubkey/ecdsa_invalid.vec", "Group,InvalidKeyX,InvalidKeyY") {}

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string& /*header*/, const VarMap& vars) override {
         return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));
      }

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         Test::Result result("ECDSA invalid keys");

         const std::string group_id = vars.get_req_str("Group");
         const auto group = Botan::EC_Group::from_name(group_id);
         const Botan::BigInt x = vars.get_req_bn("InvalidKeyX");
         const Botan::BigInt y = vars.get_req_bn("InvalidKeyY");

         if(auto pt = Botan::EC_AffinePoint::from_bigint_xy(group, x, y)) {
            result.test_failure("Invalid public key was deserialized");
         } else {
            result.test_success("Invalid public key was rejected");
         }

         return result;
      }
};

class ECDSA_AllGroups_Test : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         const std::vector<std::string> hash_fn = {
            "SHA-256", "SHA-384", "SHA-512", "SHAKE-128(208)", "SHAKE-128(520)", "SHAKE-128(1032)"};

         for(const std::string& group_name : Botan::EC_Group::known_named_groups()) {
            Test::Result result("ECDSA " + group_name);

            result.start_timer();

            const auto group = Botan::EC_Group::from_name(group_name);

            const Botan::ECDSA_PrivateKey priv(rng(), group);
            const auto pub = priv.public_key();

            for(const auto& hash : hash_fn) {
               if(!Botan::HashFunction::create(hash)) {
                  continue;
               }

               try {
                  Botan::PK_Signer signer(priv, rng(), hash);
                  Botan::PK_Verifier verifier(*pub, hash);

                  for(size_t i = 0; i != 16; ++i) {
                     auto message = Botan::unlock(rng().random_vec(rng().next_byte()));
                     auto sig = signer.sign_message(message, rng());
                     result.test_sz_eq("Expected signature size", sig.size(), 2 * group.get_order_bytes());

                     result.test_is_true("Signature accepted", verifier.verify_message(message, sig));

                     const auto corrupted_message = mutate_vec(message, rng(), true);
                     result.test_is_true("Modified message rejected", !verifier.verify_message(corrupted_message, sig));

                     const auto corrupted_sig = mutate_vec(sig, rng(), true);
                     result.test_is_true("Modified signature rejected",
                                         !verifier.verify_message(message, corrupted_sig));
                  }
               } catch(std::exception& e) {
                  result.test_failure("Exception", e.what());
               }
            }

            result.end_timer();
            results.push_back(result);
         }

         return results;
      }
};

class ECDSA_ExplicitCurveKey_Test : public Text_Based_Test {
   public:
      ECDSA_ExplicitCurveKey_Test() : Text_Based_Test("pubkey/ecdsa_explicit.vec", "Key") {}

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string& group, const VarMap& /*vars*/) override {
         return !Botan::EC_Group::supports_named_group(group);
      }

      Test::Result run_one_test(const std::string& group_name, const VarMap& vars) override {
         Test::Result result("ECDSA explicit key " + group_name);

         const auto key_bytes = vars.get_req_bin("Key");

         try {
            const auto expected_oid = Botan::OID::from_name(group_name).value();

            auto key = Botan::PKCS8::load_key(key_bytes);
            const auto* ecdsa = dynamic_cast<const Botan::ECDSA_PrivateKey*>(key.get());
            if(ecdsa != nullptr) {
               result.test_success("Returned key was ECDSA");

               const auto& group = ecdsa->domain();
               result.test_is_true("Key is marked as explicit encoding", group.used_explicit_encoding());
               result.test_is_true("Group has expected OID", group.get_curve_oid() == expected_oid);
            } else {
               result.test_failure("Returned key was some other type");
            }
         } catch(Botan::Exception& e) {
            result.test_failure("Failed to parse key", e.what());
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify", ECDSA_Verification_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify_wycheproof", ECDSA_Wycheproof_Verification_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_sign", ECDSA_Signature_KAT_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify_kat", ECDSA_KAT_Verification_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_sign_verify_der", ECDSA_Sign_Verify_DER_Test);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_keygen", ECDSA_Keygen_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_keygen_stability", ECDSA_Keygen_Stability_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_invalid", ECDSA_Invalid_Key_Tests);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_all_groups", ECDSA_AllGroups_Test);
BOTAN_REGISTER_TEST("pubkey", "ecdsa_explicit_curve_key", ECDSA_ExplicitCurveKey_Test);

#endif

}  // namespace

}  // namespace Botan_Tests

1	/*
2	* (C) 2014,2015 Jack Lloyd
3	* (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "tests.h"
9
10	#if defined(BOTAN_HAS_ECDSA)
11	#include "test_pubkey.h"
12	#include "test_rng.h"
13	#include <botan/ec_group.h>
14	#include <botan/ecdsa.h>
15	#include <botan/hash.h>
16	#include <botan/pk_algs.h>
17	#include <botan/pkcs8.h>
18	#include <botan/pubkey.h>
19	#include <botan/rng.h>
20	#include <botan/internal/buffer_stuffer.h>
21	#endif
22
23	namespace Botan_Tests {
24
25	namespace {
26
27	#if defined(BOTAN_HAS_ECDSA)
28
29	class ECDSA_Verification_Tests final : public PK_Signature_Verification_Test {
30	public:
31	ECDSA_Verification_Tests() :	1✔
32	PK_Signature_Verification_Test("ECDSA", "pubkey/ecdsa_verify.vec", "Group,Px,Py,Msg,Signature", "Valid") {}	2✔
33
34	bool clear_between_callbacks() const override { return false; }	31✔
35
36	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	31✔
37	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	31✔
38	}
39
40	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	31✔
41	const std::string group_id = vars.get_req_str("Group");	31✔
42	const BigInt px = vars.get_req_bn("Px");	31✔
43	const BigInt py = vars.get_req_bn("Py");	31✔
44	const auto group = Botan::EC_Group::from_name(group_id);	31✔
45
46	const auto public_key = Botan::EC_AffinePoint::from_bigint_xy(group, px, py).value();	62✔
47
48	return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);	62✔
49	}	31✔
50
51	std::string default_padding(const VarMap& /unused/) const override { return "Raw"; }	31✔
52	};
53
54	class ECDSA_Wycheproof_Verification_Tests final : public PK_Signature_Verification_Test {
55	public:
56	ECDSA_Wycheproof_Verification_Tests() :	1✔
57	PK_Signature_Verification_Test(
58	"ECDSA", "pubkey/ecdsa_wycheproof.vec", "Group,Px,Py,Hash,Msg,Signature,Valid") {}	2✔
59
60	bool clear_between_callbacks() const override { return false; }	11,864✔
61
62	Botan::Signature_Format sig_format() const override { return Botan::Signature_Format::DerSequence; }	47,456✔
63
64	bool test_random_invalid_sigs() const override { return false; }	3,475✔
65
66	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	11,864✔
67	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	11,864✔
68	}
69
70	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	11,864✔
71	const std::string group_id = vars.get_req_str("Group");	11,864✔
72	const BigInt px = vars.get_req_bn("Px");	11,864✔
73	const BigInt py = vars.get_req_bn("Py");	11,864✔
74	const auto group = Botan::EC_Group::from_name(group_id);	11,864✔
75
76	const auto public_key = Botan::EC_AffinePoint::from_bigint_xy(group, px, py).value();	23,728✔
77
78	return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);	23,728✔
79	}	11,864✔
80
81	std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }	11,864✔
82	};
83
84	class ECDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test {
85	public:
86	ECDSA_Signature_KAT_Tests() :	1✔
87	PK_Signature_Generation_Test("ECDSA",
88	#if defined(BOTAN_HAS_RFC6979_GENERATOR)
89	"pubkey/ecdsa_rfc6979.vec",
90	"Group,X,Hash,Msg,Signature") {	2✔
91	}	1✔
92	#else
93	"pubkey/ecdsa_prob.vec",
94	"Group,X,Hash,Msg,Nonce,Signature") {
95	}
96	#endif
97
98	bool clear_between_callbacks() const override { return false; }	104✔
99
100	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	104✔
101	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	104✔
102	}
103
104	std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override {	104✔
105	const std::string group_id = vars.get_req_str("Group");	104✔
106	const BigInt x = vars.get_req_bn("X");	104✔
107	const auto group = Botan::EC_Group::from_name(group_id);	104✔
108
109	return std::make_unique<Botan::ECDSA_PrivateKey>(this->rng(), group, x);	208✔
110	}	104✔
111
112	std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }	104✔
113
114	#if !defined(BOTAN_HAS_RFC6979_GENERATOR)
115	std::unique_ptr<Botan::RandomNumberGenerator> test_rng(const std::vector<uint8_t>& nonce) const override {
116	// probabilistic ecdsa signature generation extracts more random than just the nonce,
117	// but the nonce is extracted first
118	return std::make_unique<Fixed_Output_Position_RNG>(nonce, 1, this->rng());
119	}
120	#endif
121	};
122
123	class ECDSA_KAT_Verification_Tests final : public PK_Signature_Verification_Test {
124	public:
125	ECDSA_KAT_Verification_Tests() :	1✔
126	PK_Signature_Verification_Test("ECDSA",
127	#if !defined(BOTAN_HAS_RFC6979_GENERATOR)
128	"pubkey/ecdsa_rfc6979.vec",
129	"Group,X,Hash,Msg,Signature") {
130	}
131	#else
132	"pubkey/ecdsa_prob.vec",
133	"Group,X,Hash,Msg,Nonce,Signature") {	2✔
134	}	1✔
135	#endif
136
137	bool clear_between_callbacks() const override { return false; }	251✔
138
139	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	251✔
140	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	502✔
141	}
142
143	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	251✔
144	const std::string group_id = vars.get_req_str("Group");	251✔
145	const BigInt x = vars.get_req_bn("X");	251✔
146	const auto group = Botan::EC_Group::from_name(group_id);	251✔
147
148	const Botan::ECDSA_PrivateKey priv_key(this->rng(), group, x);	251✔
149
150	return priv_key.public_key();	251✔
151	}	251✔
152
153	std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Hash"); }	251✔
154	};
155
156	class ECDSA_Sign_Verify_DER_Test final : public PK_Sign_Verify_DER_Test {	×
157	public:
158	ECDSA_Sign_Verify_DER_Test() : PK_Sign_Verify_DER_Test("ECDSA", "SHA-512") {}	2✔
159
160	std::unique_ptr<Botan::Private_Key> key() override {	1✔
161	return Botan::create_private_key("ECDSA", this->rng(), "secp256r1");	1✔
162	}
163	};
164
165	class ECDSA_Keygen_Tests final : public PK_Key_Generation_Test {	1✔
166	public:
167	std::vector<std::string> keygen_params() const override {	1✔
168	const auto& grp = Botan::EC_Group::known_named_groups();	1✔
169	return std::vector<std::string>(grp.begin(), grp.end());	1✔
170	}
171
172	std::string algo_name() const override { return "ECDSA"; }	28✔
173
174	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	28✔
175	std::string_view /* provider */,
176	std::span<const uint8_t> raw_pk) const override {
177	const auto group = Botan::EC_Group(keygen_params);	28✔
178	const auto public_key = Botan::EC_AffinePoint(group, raw_pk);	28✔
179	return std::make_unique<Botan::ECDSA_PublicKey>(group, public_key);	84✔
180	}	28✔
181	};
182
183	class ECDSA_Keygen_Stability_Tests final : public PK_Key_Generation_Stability_Test {
184	public:
185	ECDSA_Keygen_Stability_Tests() : PK_Key_Generation_Stability_Test("ECDSA", "pubkey/ecdsa_keygen.vec") {}	2✔
186	};
187
188	#if defined(BOTAN_HAS_EMSA_RAW)
189
190	class ECDSA_Key_Recovery_Tests final : public Text_Based_Test {	×
191	public:
192	ECDSA_Key_Recovery_Tests() : Text_Based_Test("pubkey/ecdsa_key_recovery.vec", "Group,Msg,R,S,V,Pubkey") {}	2✔
193
194	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	2✔
195	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	2✔
196	}
197
198	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	2✔
199	Test::Result result("ECDSA key recovery");	2✔
200
201	const std::string group_id = vars.get_req_str("Group");	2✔
202	const auto group = Botan::EC_Group::from_name(group_id);	2✔
203
204	const BigInt R = vars.get_req_bn("R");	2✔
205	const BigInt S = vars.get_req_bn("S");	2✔
206	const uint8_t V = vars.get_req_u8("V");	2✔
207	const std::vector<uint8_t> msg = vars.get_req_bin("Msg");	2✔
208	const auto expected_pubkey = vars.get_req_bin("Pubkey");	2✔
209
210	try {	2✔
211	const Botan::ECDSA_PublicKey pubkey(group, msg, R, S, V);	2✔
212	result.test_bin_eq("Pubkey X coordinate", pubkey.public_key_bits(), expected_pubkey);	2✔
213
214	const uint8_t computed_V = pubkey.recovery_param(msg, R, S);	2✔
215	result.test_u8_eq("Recovery param is correct", computed_V, V);	2✔
216
217	Botan::PK_Verifier verifier(pubkey, "Raw");	2✔
218
219	const size_t n_bytes = group.get_order_bytes();	2✔
220	std::vector<uint8_t> sig(2 * n_bytes);	2✔
221	Botan::BufferStuffer stuffer(sig);	2✔
222	R.serialize_to(stuffer.next(n_bytes));	2✔
223	S.serialize_to(stuffer.next(n_bytes));	2✔
224
225	result.test_is_true("Signature verifies", verifier.verify_message(msg, sig));	2✔
226	} catch(Botan::Exception& e) {	2✔
227	result.test_failure("Failed to recover ECDSA public key", e.what());	×
228	}	×
229
230	return result;	4✔
231	}	2✔
232	};
233
234	BOTAN_REGISTER_TEST("pubkey", "ecdsa_key_recovery", ECDSA_Key_Recovery_Tests);
235
236	#endif
237
238	class ECDSA_Invalid_Key_Tests final : public Text_Based_Test {	×
239	public:
240	ECDSA_Invalid_Key_Tests() : Text_Based_Test("pubkey/ecdsa_invalid.vec", "Group,InvalidKeyX,InvalidKeyY") {}	2✔
241
242	bool clear_between_callbacks() const override { return false; }	78✔
243
244	bool skip_this_test(const std::string& /header/, const VarMap& vars) override {	78✔
245	return !Botan::EC_Group::supports_named_group(vars.get_req_str("Group"));	78✔
246	}
247
248	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	78✔
249	Test::Result result("ECDSA invalid keys");	78✔
250
251	const std::string group_id = vars.get_req_str("Group");	78✔
252	const auto group = Botan::EC_Group::from_name(group_id);	78✔
253	const Botan::BigInt x = vars.get_req_bn("InvalidKeyX");	78✔
254	const Botan::BigInt y = vars.get_req_bn("InvalidKeyY");	78✔
255
256	if(auto pt = Botan::EC_AffinePoint::from_bigint_xy(group, x, y)) {	78✔
257	result.test_failure("Invalid public key was deserialized");	×
258	} else {
259	result.test_success("Invalid public key was rejected");	78✔
260	}	×
261
262	return result;	156✔
263	}	78✔
264	};
265
266	class ECDSA_AllGroups_Test : public Test {	1✔
267	public:
268	std::vector<Test::Result> run() override {	1✔
269	std::vector<Test::Result> results;	1✔
270
271	const std::vector<std::string> hash_fn = {	1✔
272	"SHA-256", "SHA-384", "SHA-512", "SHAKE-128(208)", "SHAKE-128(520)", "SHAKE-128(1032)"};	1✔
273
274	for(const std::string& group_name : Botan::EC_Group::known_named_groups()) {	29✔
275	Test::Result result("ECDSA " + group_name);	28✔
276
277	result.start_timer();	28✔
278
279	const auto group = Botan::EC_Group::from_name(group_name);	28✔
280
281	const Botan::ECDSA_PrivateKey priv(rng(), group);	28✔
282	const auto pub = priv.public_key();	28✔
283
284	for(const auto& hash : hash_fn) {	196✔
285	if(!Botan::HashFunction::create(hash)) {	336✔
286	continue;	×
287	}
288
289	try {	168✔
290	Botan::PK_Signer signer(priv, rng(), hash);	168✔
291	Botan::PK_Verifier verifier(*pub, hash);	168✔
292
293	for(size_t i = 0; i != 16; ++i) {	2,856✔
294	auto message = Botan::unlock(rng().random_vec(rng().next_byte()));	5,376✔
295	auto sig = signer.sign_message(message, rng());	2,688✔
296	result.test_sz_eq("Expected signature size", sig.size(), 2 * group.get_order_bytes());	2,688✔
297
298	result.test_is_true("Signature accepted", verifier.verify_message(message, sig));	2,688✔
299
300	const auto corrupted_message = mutate_vec(message, rng(), true);	2,688✔
301	result.test_is_true("Modified message rejected", !verifier.verify_message(corrupted_message, sig));	2,688✔
302
303	const auto corrupted_sig = mutate_vec(sig, rng(), true);	2,688✔
304	result.test_is_true("Modified signature rejected",	2,688✔
305	!verifier.verify_message(message, corrupted_sig));	2,688✔
306	}	2,688✔
307	} catch(std::exception& e) {	168✔
308	result.test_failure("Exception", e.what());	×
309	}	×
310	}
311
312	result.end_timer();	28✔
313	results.push_back(result);	28✔
314	}	28✔
315
316	return results;	1✔
317	}	1✔
318	};
319
320	class ECDSA_ExplicitCurveKey_Test : public Text_Based_Test {	×
321	public:
322	ECDSA_ExplicitCurveKey_Test() : Text_Based_Test("pubkey/ecdsa_explicit.vec", "Key") {}	2✔
323
324	bool clear_between_callbacks() const override { return false; }	13✔
325
326	bool skip_this_test(const std::string& group, const VarMap& /vars/) override {	13✔
327	return !Botan::EC_Group::supports_named_group(group);	13✔
328	}
329
330	Test::Result run_one_test(const std::string& group_name, const VarMap& vars) override {	13✔
331	Test::Result result("ECDSA explicit key " + group_name);	13✔
332
333	const auto key_bytes = vars.get_req_bin("Key");	13✔
334
335	try {	13✔
336	const auto expected_oid = Botan::OID::from_name(group_name).value();	26✔
337
338	auto key = Botan::PKCS8::load_key(key_bytes);	13✔
339	const auto* ecdsa = dynamic_cast<const Botan::ECDSA_PrivateKey*>(key.get());	13✔
340	if(ecdsa != nullptr) {	13✔
341	result.test_success("Returned key was ECDSA");	13✔
342
343	const auto& group = ecdsa->domain();	13✔
344	result.test_is_true("Key is marked as explicit encoding", group.used_explicit_encoding());	13✔
345	result.test_is_true("Group has expected OID", group.get_curve_oid() == expected_oid);	13✔
346	} else {
347	result.test_failure("Returned key was some other type");	×
348	}
349	} catch(Botan::Exception& e) {	13✔
350	result.test_failure("Failed to parse key", e.what());	×
351	}	×
352
353	return result;	13✔
354	}	13✔
355	};
356
357	BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify", ECDSA_Verification_Tests);
358	BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify_wycheproof", ECDSA_Wycheproof_Verification_Tests);
359	BOTAN_REGISTER_TEST("pubkey", "ecdsa_sign", ECDSA_Signature_KAT_Tests);
360	BOTAN_REGISTER_TEST("pubkey", "ecdsa_verify_kat", ECDSA_KAT_Verification_Tests);
361	BOTAN_REGISTER_TEST("pubkey", "ecdsa_sign_verify_der", ECDSA_Sign_Verify_DER_Test);
362	BOTAN_REGISTER_TEST("pubkey", "ecdsa_keygen", ECDSA_Keygen_Tests);
363	BOTAN_REGISTER_TEST("pubkey", "ecdsa_keygen_stability", ECDSA_Keygen_Stability_Tests);
364	BOTAN_REGISTER_TEST("pubkey", "ecdsa_invalid", ECDSA_Invalid_Key_Tests);
365	BOTAN_REGISTER_TEST("pubkey", "ecdsa_all_groups", ECDSA_AllGroups_Test);
366	BOTAN_REGISTER_TEST("pubkey", "ecdsa_explicit_curve_key", ECDSA_ExplicitCurveKey_Test);
367
368	#endif
369
370	} // namespace
371
372	} // namespace Botan_Tests

randombit / botan / 22855031980

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous