failing wycheproof test - changing tag value of sequence

karel-m · karel-m · commit d452d5995bc5 · 2018-10-13T18:54:42.000+02:00
diff --git a/tests/ecc_test.c b/tests/ecc_test.c
@@ -291,6 +291,53 @@ static int _ecc_issue443_447(void)
    return CRYPT_OK;
 }
 
+/* https://github.com/libtom/libtomcrypt/issues/446 */
+static int _ecc_issue446(void)
+{
+   const ltc_ecc_curve* cu;
+   ecc_key key;
+   int err, stat = 0;
+   unsigned char hash[64];
+   unsigned long hashlen;
+   const unsigned char msg[] = { 0x31,0x32,0x33,0x34,0x30,0x30 };
+   const unsigned char pub[] = {
+      0x04,
+      0x29,0x27,0xb1,0x05,0x12,0xba,0xe3,0xed,0xdc,0xfe,0x46,0x78,0x28,0x12,0x8b,0xad,
+      0x29,0x03,0x26,0x99,0x19,0xf7,0x08,0x60,0x69,0xc8,0xc4,0xdf,0x6c,0x73,0x28,0x38,
+      0xc7,0x78,0x79,0x64,0xea,0xac,0x00,0xe5,0x92,0x1f,0xb1,0x49,0x8a,0x60,0xf4,0x60,
+      0x67,0x66,0xb3,0xd9,0x68,0x50,0x01,0x55,0x8d,0x1a,0x97,0x4e,0x73,0x41,0x51,0x3e
+   };
+   /* msg+pub+sig1 test vector is from wycheproof/ecdsa_test VALID */
+   const unsigned char sig1[] = {
+      0x30,0x45,0x02,0x20,0x2b,0xa3,0xa8,0xbe,0x6b,0x94,0xd5,0xec,0x80,0xa6,0xd9,0xd1,0x19,0x0a,
+      0x43,0x6e,0xff,0xe5,0x0d,0x85,0xa1,0xee,0xe8,0x59,0xb8,0xcc,0x6a,0xf9,0xbd,0x5c,0x2e,0x18,
+      0x02,0x21,0x00,0xb3,0x29,0xf4,0x79,0xa2,0xbb,0xd0,0xa5,0xc3,0x84,0xee,0x14,0x93,0xb1,0xf5,
+      0x18,0x6a,0x87,0x13,0x9c,0xac,0x5d,0xf4,0x08,0x7c,0x13,0x4b,0x49,0x15,0x68,0x47,0xdb,
+   };
+   /* msg+pub+sig2 test vector is from wycheproof/ecdsa_test INVALID (changing tag value of sequence) */
+   const unsigned char sig2[] = {
+      0x31,0x45,0x02,0x20,0x2b,0xa3,0xa8,0xbe,0x6b,0x94,0xd5,0xec,0x80,0xa6,0xd9,0xd1,0x19,0x0a,
+      0x43,0x6e,0xff,0xe5,0x0d,0x85,0xa1,0xee,0xe8,0x59,0xb8,0xcc,0x6a,0xf9,0xbd,0x5c,0x2e,0x18,
+      0x02,0x21,0x00,0xb3,0x29,0xf4,0x79,0xa2,0xbb,0xd0,0xa5,0xc3,0x84,0xee,0x14,0x93,0xb1,0xf5,
+      0x18,0x6a,0x87,0x13,0x9c,0xac,0x5d,0xf4,0x08,0x7c,0x13,0x4b,0x49,0x15,0x68,0x47,0xdb,
+   };
+
+   hashlen = sizeof(hash);
+   DO(hash_memory(find_hash("sha256"), msg, sizeof(msg), hash, &hashlen));
+   DO(ecc_find_curve("secp256r1", &cu));
+   DO(ecc_set_curve(cu, &key));
+   DO(ecc_set_key(pub, sizeof(pub), PK_PUBLIC, &key));
+
+   DO(ecc_verify_hash(sig1, sizeof(sig1), hash, hashlen, &stat, &key));
+   if (stat != 1) return CRYPT_FAIL_TESTVECTOR; /* expected result: VALID */
+
+   err = ecc_verify_hash(sig2, sizeof(sig2), hash, hashlen, &stat, &key);
+   if (err == CRYPT_OK && stat == 1) return CRYPT_FAIL_TESTVECTOR; /* expected result: INVALID */
+
+   ecc_free(&key);
+   return CRYPT_OK;
+}
+
 static int _ecc_test_mp(void)
 {
    void       *a, *modulus, *order;
@@ -1600,6 +1647,7 @@ int ecc_tests(void)
    DO(_ecc_test_mp());
    DO(_ecc_issue108());
    DO(_ecc_issue443_447());
+   DO(_ecc_issue446());
 #ifdef LTC_ECC_SHAMIR
    DO(_ecc_test_shamir());
    DO(_ecc_test_recovery());
