unit-tests: test some zeroed ECDSA signatures that never should succeed

2013-04-09 16:00:19 +02:00 · 2013-04-09 16:00:19 +02:00 · a88cab095d
parent 7e23f53242
commit a88cab095d
1 changed files with 63 additions and 0 deletions
--- a/src/libstrongswan/tests/test_ecdsa.c
+++ b/src/libstrongswan/tests/test_ecdsa.c
@ -56,6 +56,65 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
 	}
 }

+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+	chunk_from_chars(),
+	chunk_from_chars(0x00),
+	chunk_from_chars(0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+	chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+	chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+	int s, i;
+
+	for (s = 0; s < countof(schemes); s++)
+	{
+		if (schemes[s].key_size != 0 &&
+			schemes[s].scheme != pubkey->get_keysize(pubkey))
+		{
+			continue;
+		}
+		for (i = 0; i < countof(invalid_sigs); i++)
+		{
+			fail_if(
+				pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+				"bad %N sig accepted %B",
+				signature_scheme_names, schemes[s].scheme,
+				&invalid_sigs[i]);
+		}
+	}
+}
+
 /**
 * ECDSA key sizes to test
 */
@ -76,6 +135,8 @@ START_TEST(test_gen)

 	test_good_sig(privkey, pubkey);

+	test_bad_sigs(pubkey);
+
 	pubkey->destroy(pubkey);
 	privkey->destroy(privkey);
 }
@ -136,6 +197,8 @@ START_TEST(test_load)

 	test_good_sig(privkey, pubkey);

+	test_bad_sigs(pubkey);
+
 	pubkey->destroy(pubkey);
 	privkey->destroy(privkey);
 }