diff --git a/configure.ac b/configure.ac index d00b381a2..82152ee9a 100644 --- a/configure.ac +++ b/configure.ac @@ -201,6 +201,9 @@ then # Enable DH const table speedups (eliminates `-lm` math lib dependency) AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192" + # Enable ECC Key Gen / Import checks + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT -DWOLFSSL_VALIDATE_ECC_KEYGEN" + # Enable multiple attribute additions such as DC AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" fi diff --git a/tests/api.c b/tests/api.c index 96972e6e0..8cb8c5f16 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16833,25 +16833,21 @@ static int test_wc_ecc_rs_to_sig (void) } /* END test_wc_ecc_rs_to_sig */ -static int test_wc_ecc_import_raw (void) +static int test_wc_ecc_import_raw(void) { int ret = 0; -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && !defined(NO_ECC256) ecc_key key; -#ifdef HAVE_ALL_CURVES - const char* qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; - const char* qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; - const char* d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; - const char* curveName = "SECP192R1"; -#else const char* qx = - "6c450448386596485678dcf46ccf75e80ff292443cddab1ff216d0c72cd9341"; + "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; const char* qy = - "9cac72ff8a90e4939e37714bfa07ae4612588535c3fdeab63ceb29b1d80f0d1"; + "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; const char* d = - "1e1dd938e15bdd036b0b0e2a6dc62fe7b46dbe042ac42310c6d5db0cda63e807"; + "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; const char* curveName = "SECP256R1"; +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + const char* kNullStr = ""; #endif ret = wc_ecc_init(&key); @@ -16873,10 +16869,13 @@ static int test_wc_ecc_import_raw (void) if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, qx, qy, d, NULL); } + #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (ret == BAD_FUNC_ARG) { + ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName); + } + #endif + if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) { ret = 0; - } else if (ret == 0) { - ret = WOLFSSL_FATAL_ERROR; } } @@ -16890,6 +16889,80 @@ static int test_wc_ecc_import_raw (void) } /* END test_wc_ecc_import_raw */ +static int test_wc_ecc_import_unsigned(void) +{ + int ret = 0; +#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) + ecc_key key; + const byte qx[] = { + 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, + 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, + 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, + 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61 + }; + const byte qy[] = { + 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, + 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, + 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, + 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8 + }; + const byte d[] = { + 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85, + 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, + 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, + 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c + }; +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + const byte nullBytes[32] = {0}; +#endif + int curveId = ECC_SECP256R1; + + ret = wc_ecc_init(&key); + + printf(testingFmt, "wc_ecc_import_unsigned()"); + + if (ret == 0) { + ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, + curveId); + } + /* Test bad args. */ + if (ret == 0) { + ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d, + curveId); + if (ret == BAD_FUNC_ARG) { + ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d, + curveId); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d, + curveId); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, + ECC_CURVE_INVALID); + } + #ifdef WOLFSSL_VALIDATE_ECC_IMPORT + if (ret == BAD_FUNC_ARG) { + ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes, + (byte*)nullBytes, (byte*)nullBytes, curveId); + } + #endif + if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) { + ret = 0; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + + wc_ecc_free(&key); + +#endif + + return ret; + +} /* END test_wc_ecc_import_unsigned */ + /* * Testing wc_ecc_sig_size() @@ -32469,6 +32542,7 @@ void ApiTest(void) AssertIntEQ(test_wc_ecc_export_private_only(), 0); AssertIntEQ(test_wc_ecc_rs_to_sig(), 0); AssertIntEQ(test_wc_ecc_import_raw(), 0); + AssertIntEQ(test_wc_ecc_import_unsigned(), 0); AssertIntEQ(test_wc_ecc_sig_size(), 0); AssertIntEQ(test_wc_ecc_ctx_new(), 0); AssertIntEQ(test_wc_ecc_ctx_reset(), 0); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 00d9c7423..9dc0decc7 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6803,7 +6803,7 @@ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) /* compare to b */ if (err == MP_OKAY) { if (mp_cmp(t1, b) != MP_EQ) { - err = MP_VAL; + err = IS_POINT_E; } else { err = MP_OKAY; } @@ -7889,7 +7889,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, /* import private key */ if (err == MP_OKAY) { - if (d != NULL && d[0] != '\0') { + if (d != NULL) { #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Hardware doesn't support loading private key */ err = NOT_COMPILED_IN;