From 2ba6c66d4467f6c75f9a6b40c40a202f8ec5b818 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 22 Aug 2019 14:17:21 -0700 Subject: [PATCH] Fix ECC key load test When using the configure options '--enable-certgen --enable-certext CPPFLAGS=-DWOLFSSL_VALIDATE_ECC_IMPORT', the ecc_decode_test() will fail the "good" test case. It is using the point (1, 1) in the test, and that fails the key validation. Changed the good key to one of the keys we have in the certs directory. The additional validation checks that the point is on the curve, and is validated in FIPS mode. --- wolfcrypt/test/test.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 900346dc2..bdf7f0d76 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -17813,9 +17813,18 @@ static int ecc_decode_test(void) /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ - static const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + /* This is ecc_clikeypub_der_256. */ + static const byte good[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4, + 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5, + 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80, + 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda, + 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56, + 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42, + 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f, + 0xb4 }; static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,