Add tests for EC keys with specified curves.

In c0d948490288b91dbaa16f691f4f29a3536ae6e3, we had to add support for recognizing specified versions of named curves. I believe the motivation was an ECPrivateKey encoded by OpenSSL without the EC_KEY's asn1_flag set to OPENSSL_EC_NAMED_CURVE. Annoyingly, it appears OpenSSL's API defaulted to the specified form while the tool defaulted to the named form. Add tests for this at the ECPrivateKey and the PKCS#8 level. The latter was taken from Chromium's ec_private_key_unittest.cc which was the original impetus for this. Change-Id: I53a80c842c3fc9598f2e0ee7bf2d86b2add9e6c4 Reviewed-on: https://boringssl-review.googlesource.com/7072 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2016-02-07 07:56:05 +0300
committer: Adam Langley <agl@google.com> 2016-02-17 00:51:32 +0300
commit: 666973b8e9b6befe63249e51ff6b63e7605c605d (patch)
tree: 18c9e18ba6e5c4445522072d9e378a2eea4d55c3 /crypto/ec
parent: 815b12ece6e3bbebb60a099d8fdbd7fd6db8c8cc (diff)
1 files changed, 64 insertions, 1 deletions
diff --git a/crypto/ec/ec_test.cc b/crypto/ec/ec_test.cc
index c5bd3218..a2879720 100644
--- a/crypto/ec/ec_test.cc
+++ b/crypto/ec/ec_test.cc
@@ -34,6 +34,36 @@ static const uint8_t kECKeyWithoutPublic[] = {
   0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
 };
 
+// kECKeySpecifiedCurve is the above key with P-256's parameters explicitly
+// spelled out rather than using a named curve.
+static const uint8_t kECKeySpecifiedCurve[] = {
+    0x30, 0x82, 0x01, 0x22, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc6, 0xc1, 0xaa,
+    0xda, 0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c, 0x6c, 0xaf, 0x0f, 0xdb,
+    0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0, 0x93, 0x8b, 0x74, 0xf2, 0xbc,
+    0xc5, 0x30, 0x52, 0xb0, 0x77, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02,
+    0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01,
+    0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+    0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
+    0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53,
+    0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15,
+    0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78,
+    0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04,
+    0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5,
+    0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+    0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2,
+    0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+    0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68,
+    0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
+    0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc,
+    0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc,
+    0x63, 0x25, 0x51, 0x02, 0x01, 0x01,
+};
+
 // kECKeyMissingZeros is an ECPrivateKey containing a degenerate P-256 key where
 // the private key is one. The private key is incorrectly encoded without zero
 // padding.
@@ -172,7 +202,39 @@ static bool TestZeroPadding() {
   return true;
 }
 
-bool TestSetAffine(const int nid) {
+static bool TestSpecifiedCurve() {
+  // Test keys with specified curves may be decoded.
+  ScopedEC_KEY key =
+      DecodeECPrivateKey(kECKeySpecifiedCurve, sizeof(kECKeySpecifiedCurve));
+  if (!key) {
+    ERR_print_errors_fp(stderr);
+    return false;
+  }
+
+  // The group should have been interpreted as P-256.
+  if (EC_GROUP_get_curve_name(EC_KEY_get0_group(key.get())) !=
+      NID_X9_62_prime256v1) {
+    fprintf(stderr, "Curve name incorrect.\n");
+    return false;
+  }
+
+  // Encoding the key should still use named form.
+  std::vector<uint8_t> out;
+  if (!EncodeECPrivateKey(&out, key.get())) {
+    ERR_print_errors_fp(stderr);
+    return false;
+  }
+  if (std::vector<uint8_t>(kECKeyWithoutPublic,
+                           kECKeyWithoutPublic + sizeof(kECKeyWithoutPublic)) !=
+      out) {
+    fprintf(stderr, "Serialisation of key was incorrect.\n");
+    return false;
+  }
+
+  return true;
+}
+
+static bool TestSetAffine(const int nid) {
   ScopedEC_KEY key(EC_KEY_new_by_curve_name(nid));
   if (!key) {
     return false;
@@ -331,6 +393,7 @@ int main(void) {
 
   if (!Testd2i_ECPrivateKey() ||
       !TestZeroPadding() ||
+      !TestSpecifiedCurve() ||
       !TestSetAffine(NID_secp224r1) ||
       !TestSetAffine(NID_X9_62_prime256v1) ||
       !TestSetAffine(NID_secp384r1) ||
author	David Benjamin <davidben@chromium.org>	2016-02-07 07:56:05 +0300
committer	Adam Langley <agl@google.com>	2016-02-17 00:51:32 +0300
commit	666973b8e9b6befe63249e51ff6b63e7605c605d (patch)
tree	18c9e18ba6e5c4445522072d9e378a2eea4d55c3 /crypto/ec
parent	815b12ece6e3bbebb60a099d8fdbd7fd6db8c8cc (diff)