[hipl-dev] [Branch ~hipl-core/hipl/ecc] Rev 5386: Test for invalid sign and verify operations and resulting bugfixes.

• From: noreply@xxxxxxxxxxxxx
• To: HIPL core team <hipl-dev@xxxxxxxxxxxxx>
• Date: Mon, 11 Jul 2011 13:07:16 -0000

------------------------------------------------------------
revno: 5386
committer: Henrik Ziegeldorf <henrik.ziegeldorf@xxxxxxxxxxxxxx>
branch nick: ec
timestamp: Mon 2011-07-11 13:26:30 +0200
message:
  Test for invalid sign and verify operations and resulting bugfixes.
modified:
  lib/tool/pk.c
  test/lib/tool/pk.c


--
lp:~hipl-core/hipl/ecc
https://code.launchpad.net/~hipl-core/hipl/ecc

Your team HIPL core team is subscribed to branch lp:~hipl-core/hipl/ecc.
To unsubscribe from this branch go to 
https://code.launchpad.net/~hipl-core/hipl/ecc/+edit-subscription

=== modified file 'lib/tool/pk.c'
--- lib/tool/pk.c       2011-07-08 11:47:12 +0000
+++ lib/tool/pk.c       2011-07-11 11:26:30 +0000
@@ -95,6 +95,9 @@
     uint8_t signature[siglen];
     int     err = 0, len;
 
+    HIP_IFEL(!msg, -1, "NULL message\n");
+    HIP_IFEL(!priv_key, -1, "NULL signing key\n");
+
     len = hip_get_msg_total_len(msg);
     HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1, msg, len, sha1_digest) < 0,
              -1, "Building of SHA1 digest failed\n");
@@ -165,7 +168,7 @@
  */
 static int verify(void *const peer_pub, struct hip_common *const msg, const 
int type)
 {
-    int                err = 0, len, origlen;
+    int                err = 0, len, origlen = 0;
     struct hip_sig    *sig;
     uint8_t            sha1_digest[HIP_AH_SHA_LEN];
     struct in6_addr    tmpaddr;
@@ -173,6 +176,9 @@
     uint8_t            opaque[HIP_PUZZLE_OPAQUE_LEN];
     uint8_t            rand_i[PUZZLE_LENGTH];
 
+    HIP_IFEL(!peer_pub, -1, "NULL public key\n");
+    HIP_IFEL(!msg, -1, "NULL message\n");
+
     ipv6_addr_copy(&tmpaddr, &msg->hitr);     /* so update is handled, too */
 
     origlen = hip_get_msg_total_len(msg);
@@ -236,7 +242,9 @@
     }
 
 out_err:
-    hip_set_msg_total_len(msg, origlen);
+    if (msg) {
+        hip_set_msg_total_len(msg, origlen);
+    }
     return err;
 }
 

=== modified file 'test/lib/tool/pk.c'
--- test/lib/tool/pk.c  2011-07-08 16:03:52 +0000
+++ test/lib/tool/pk.c  2011-07-11 11:26:30 +0000
@@ -67,6 +67,66 @@
 }
 END_TEST
 
+START_TEST(test_ecdsa_invalid_sign_verify)
+{
+    unsigned int             i;
+    int                      nids[3] = { NID_secp160r1, NID_X9_62_prime256v1, 
NID_secp384r1 };
+    EC_KEY                  *eckeys[3];
+    struct hip_common       *msg;
+    struct hip_echo_request *echo_req = NULL;
+    struct hip_sig          *sig      = NULL;
+
+    HIP_DEBUG("Trying some invalid sign and verify operations.\n");
+
+    for (i = 0; i < sizeof(nids) / sizeof(int); i++) {
+        eckeys[i] = create_ecdsa_key(nids[i]);
+    }
+
+    msg = hip_msg_alloc();
+    hip_build_network_hdr(msg, HIP_UPDATE, 0, &in6addr_any, &in6addr_loopback);
+    hip_build_param_echo(msg, "AAAAA", 5, 1, 1);
+    fail_unless(hip_ecdsa_sign(eckeys[0], msg) == 0, NULL);
+
+    /* verification using wrong keys */
+    fail_unless(hip_ecdsa_verify(eckeys[1], msg) != 0, NULL);
+    fail_unless(hip_ecdsa_verify(eckeys[2], msg) != 0, NULL);
+
+    /* modified message header */
+    msg->type_hdr = HIP_NOTIFY;
+    fail_unless(hip_ecdsa_verify(eckeys[0], msg) != 0, NULL);
+    msg->type_hdr = HIP_UPDATE;
+
+    /* modified parameter */
+    echo_req                   = hip_get_param_readwrite(msg, 
HIP_PARAM_ECHO_REQUEST_SIGN);
+    *((char *) (echo_req + 1)) = 'B';
+    fail_unless(hip_ecdsa_verify(eckeys[0], msg) != 0, NULL);
+    *((char *) (echo_req + 1)) = 'A';
+
+    /* modified signature */
+    sig                = hip_get_param_readwrite(msg, HIP_PARAM_HIP_SIGNATURE);
+    sig->signature[0] += 1;
+    fail_unless(hip_ecdsa_verify(eckeys[0], msg) != 0, NULL);
+    sig->signature[0] -= 1;
+
+    /* invalid inputs for signature generation */
+    fail_unless(hip_ecdsa_sign(NULL, msg) != 0, NULL);
+    fail_unless(hip_ecdsa_sign(eckeys[0], NULL) != 0, NULL);
+    fail_unless(hip_ecdsa_sign(NULL, NULL) != 0, NULL);
+
+    /* invalid inputs for signature verification */
+    fail_unless(hip_ecdsa_verify(NULL, msg) != 0, NULL);
+    fail_unless(hip_ecdsa_verify(eckeys[0], NULL) != 0, NULL);
+    fail_unless(hip_ecdsa_verify(NULL, NULL) != 0, NULL);
+
+    for (i = 0; i < sizeof(nids) / sizeof(int); i++) {
+        EC_KEY_free(eckeys[i]);
+    }
+    free(msg);
+
+    HIP_DEBUG("Successfully passed test for invalid sign and verify 
operations.\n");
+}
+END_TEST
+
 Suite *lib_tool_pk(void)
 {
     Suite *s = suite_create("lib/tool/pk");
@@ -74,6 +134,8 @@
     TCase *tc_core = tcase_create("Core");
 
     tcase_add_test(tc_core, test_ecdsa_sign_verify);
+    tcase_add_test(tc_core, test_ecdsa_invalid_sign_verify);
+
 
     suite_add_tcase(s, tc_core);
 

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription