mirror of
https://github.com/espressif/openthread.git
synced 2026-06-05 21:14:49 +00:00
Steven Cooreman
0b41ae0a30
There is no hard dependency in the Thread specification which requires the use of deterministic signatures. On the contrary, looking at the tinycrypt implementation, that one issues randomized ECDSA signatures and seems to be quite happy with that. This change does not change the default behaviour, which is to use deterministic ECDSA when using the default MbedTLS backend. It does however make it possible for platforms which have qualified hardware entropy to select 'plain' ECDSA instead, which gives both a performance and code size improvement on those platforms.
198 lines
8.4 KiB
C++
198 lines
8.4 KiB
C++
/*
|
|
* Copyright (c) 2020, The OpenThread Authors.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the copyright holder nor the
|
|
* names of its contributors may be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <openthread/config.h>
|
|
|
|
#include "test_platform.h"
|
|
#include "test_util.hpp"
|
|
|
|
#include "common/debug.hpp"
|
|
#include "common/random.hpp"
|
|
#include "crypto/ecdsa.hpp"
|
|
|
|
#include <mbedtls/ctr_drbg.h>
|
|
#include <mbedtls/ecdsa.h>
|
|
#include <mbedtls/pk.h>
|
|
|
|
#if OPENTHREAD_CONFIG_ECDSA_ENABLE
|
|
|
|
namespace ot {
|
|
namespace Crypto {
|
|
|
|
void TestEcdsaVector(void)
|
|
{
|
|
// This case is derived from the test vector from RFC 6979 - section A.2.5 (for NIST P-256 and SHA-256 hash).
|
|
|
|
const uint8_t kKeyPairInfo[] = {
|
|
0x30, 0x78, 0x02, 0x01, 0x01, 0x04, 0x21, 0x00, 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16, 0x6B, 0x5C,
|
|
0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93, 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12, 0x7B, 0x8A, 0x62, 0x2B,
|
|
0x12, 0x0F, 0x67, 0x21, 0xA0, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44,
|
|
0x03, 0x42, 0x00, 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D, 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35,
|
|
0x6D, 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA, 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F, 0xB6,
|
|
0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC, 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC, 0x64, 0xF2, 0xF1,
|
|
0xB2, 0x0C, 0x2D, 0x7E, 0x9F, 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22, 0x99};
|
|
|
|
const uint8_t kPublicKey[] = {
|
|
0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D, 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D, 0x68,
|
|
0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA, 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F, 0xB6,
|
|
0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC, 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC, 0x64,
|
|
0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F, 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22, 0x99,
|
|
};
|
|
|
|
const uint8_t kMessage[] = {'s', 'a', 'm', 'p', 'l', 'e'};
|
|
|
|
#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE
|
|
const uint8_t kExpectedSignature[] = {
|
|
0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81, 0xD6,
|
|
0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37, 0x16,
|
|
0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
|
|
0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8,
|
|
};
|
|
#endif
|
|
|
|
Instance *instance = testInitInstance();
|
|
|
|
Ecdsa::P256::KeyPair keyPair;
|
|
Ecdsa::P256::PublicKey publicKey;
|
|
Ecdsa::P256::Signature signature;
|
|
Sha256 sha256;
|
|
Sha256::Hash hash;
|
|
|
|
VerifyOrQuit(instance != nullptr, "Null OpenThread instance");
|
|
|
|
printf("\n===========================================================================\n");
|
|
printf("Test ECDA with test vector from RFC 6979 (A.2.5)\n");
|
|
|
|
printf("\nLoading key-pair ----------------------------------------------------------\n");
|
|
memcpy(keyPair.GetDerBytes(), kKeyPairInfo, sizeof(kKeyPairInfo));
|
|
keyPair.SetDerLength(sizeof(kKeyPairInfo));
|
|
|
|
DumpBuffer("KeyPair", keyPair.GetDerBytes(), keyPair.GetDerLength());
|
|
|
|
SuccessOrQuit(keyPair.GetPublicKey(publicKey));
|
|
DumpBuffer("PublicKey", publicKey.GetBytes(), Ecdsa::P256::PublicKey::kSize);
|
|
|
|
VerifyOrQuit(sizeof(kPublicKey) == Ecdsa::P256::PublicKey::kSize, "Example public key is invalid");
|
|
VerifyOrQuit(memcmp(publicKey.GetBytes(), kPublicKey, sizeof(kPublicKey)) == 0,
|
|
"KeyPair::GetPublicKey() did not return the expected key");
|
|
|
|
printf("\nHash the message ----------------------------------------------------------\n");
|
|
sha256.Start();
|
|
sha256.Update(kMessage);
|
|
sha256.Finish(hash);
|
|
|
|
DumpBuffer("Hash", hash.GetBytes(), sizeof(hash));
|
|
|
|
printf("\nSign the message ----------------------------------------------------------\n");
|
|
SuccessOrQuit(keyPair.Sign(hash, signature));
|
|
DumpBuffer("Signature", signature.GetBytes(), sizeof(signature));
|
|
|
|
#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE
|
|
printf("\nCheck signature against expected sequence----------------------------------\n");
|
|
DumpBuffer("Expected signature", kExpectedSignature, sizeof(kExpectedSignature));
|
|
|
|
VerifyOrQuit(sizeof(kExpectedSignature) == sizeof(signature));
|
|
VerifyOrQuit(memcmp(signature.GetBytes(), kExpectedSignature, sizeof(kExpectedSignature)) == 0);
|
|
|
|
printf("Signature matches expected sequence.\n");
|
|
#endif
|
|
|
|
printf("\nVerify the signature ------------------------------------------------------\n");
|
|
SuccessOrQuit(publicKey.Verify(hash, signature));
|
|
printf("\nSignature was verified successfully.\n\n");
|
|
|
|
testFreeInstance(instance);
|
|
}
|
|
|
|
void TestEcdsaKeyGenerationSignAndVerify(void)
|
|
{
|
|
Instance *instance = testInitInstance();
|
|
|
|
const char kMessage[] = "You are not a drop in the ocean. You are the entire ocean in a drop.";
|
|
|
|
Ecdsa::P256::KeyPair keyPair;
|
|
Ecdsa::P256::PublicKey publicKey;
|
|
Ecdsa::P256::Signature signature;
|
|
Sha256 sha256;
|
|
Sha256::Hash hash;
|
|
|
|
VerifyOrQuit(instance != nullptr, "Null OpenThread instance");
|
|
|
|
printf("\n===========================================================================\n");
|
|
printf("Test ECDA key generation, signing and verification\n");
|
|
|
|
printf("\nGenerating key-pair -------------------------------------------------------\n");
|
|
SuccessOrQuit(keyPair.Generate());
|
|
|
|
DumpBuffer("KeyPair", keyPair.GetDerBytes(), keyPair.GetDerLength());
|
|
|
|
SuccessOrQuit(keyPair.GetPublicKey(publicKey));
|
|
DumpBuffer("PublicKey", publicKey.GetBytes(), Ecdsa::P256::PublicKey::kSize);
|
|
|
|
printf("\nHash the message ----------------------------------------------------------\n");
|
|
sha256.Start();
|
|
sha256.Update(kMessage, sizeof(kMessage) - 1);
|
|
sha256.Finish(hash);
|
|
|
|
DumpBuffer("Hash", hash.GetBytes(), sizeof(hash));
|
|
|
|
printf("\nSign the message ----------------------------------------------------------\n");
|
|
SuccessOrQuit(keyPair.Sign(hash, signature));
|
|
DumpBuffer("Signature", signature.GetBytes(), sizeof(signature));
|
|
|
|
printf("\nVerify the signature ------------------------------------------------------\n");
|
|
SuccessOrQuit(publicKey.Verify(hash, signature));
|
|
printf("\nSignature was verified successfully.");
|
|
|
|
sha256.Start();
|
|
sha256.Update(kMessage, sizeof(kMessage)); // include null char
|
|
sha256.Finish(hash);
|
|
VerifyOrQuit(publicKey.Verify(hash, signature) != kErrorNone, "PublicKey::Verify() passed for invalid signature");
|
|
printf("\nSignature verification correctly failed with incorrect hash/signature.\n\n");
|
|
|
|
testFreeInstance(instance);
|
|
}
|
|
|
|
} // namespace Crypto
|
|
} // namespace ot
|
|
|
|
#endif // OPENTHREAD_CONFIG_ECDSA_ENABLE
|
|
|
|
int main(void)
|
|
{
|
|
#if OPENTHREAD_CONFIG_ECDSA_ENABLE
|
|
ot::Crypto::TestEcdsaVector();
|
|
ot::Crypto::TestEcdsaKeyGenerationSignAndVerify();
|
|
printf("All tests passed\n");
|
|
#else
|
|
printf("ECDSA feature is not enabled\n");
|
|
#endif
|
|
|
|
return 0;
|
|
}
|