}
/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+ chunk_from_chars(),
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+ chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+ int s, i;
+
+ for (s = 0; s < countof(schemes); s++)
+ {
+ if (schemes[s].key_size != 0 &&
+ schemes[s].scheme != pubkey->get_keysize(pubkey))
+ {
+ continue;
+ }
+ for (i = 0; i < countof(invalid_sigs); i++)
+ {
+ fail_if(
+ pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+ "bad %N sig accepted %B",
+ signature_scheme_names, schemes[s].scheme,
+ &invalid_sigs[i]);
+ }
+ }
+}
+
+/**
* ECDSA key sizes to test
*/
static int key_sizes[] = {
test_good_sig(privkey, pubkey);
+ test_bad_sigs(pubkey);
+
pubkey->destroy(pubkey);
privkey->destroy(privkey);
}
test_good_sig(privkey, pubkey);
+ test_bad_sigs(pubkey);
+
pubkey->destroy(pubkey);
privkey->destroy(privkey);
}