unit-tests: test some zeroed ECDSA signatures that never should succeed

diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/test_ecdsa.c
index 7e673a7..7ab8b63 100644 (file)
--- a/src/libstrongswan/tests/test_ecdsa.c
+++ b/src/libstrongswan/tests/test_ecdsa.c
@@ -57,6 +57,65 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
 }
 
 /**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+       chunk_from_chars(),
+       chunk_from_chars(0x00),
+       chunk_from_chars(0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+       chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+       int s, i;
+
+       for (s = 0; s < countof(schemes); s++)
+       {
+               if (schemes[s].key_size != 0 &&
+                       schemes[s].scheme != pubkey->get_keysize(pubkey))
+               {
+                       continue;
+               }
+               for (i = 0; i < countof(invalid_sigs); i++)
+               {
+                       fail_if(
+                               pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+                               "bad %N sig accepted %B",
+                               signature_scheme_names, schemes[s].scheme,
+                               &invalid_sigs[i]);
+               }
+       }
+}
+
+/**
  * ECDSA key sizes to test
  */
 static int key_sizes[] = {
@@ -76,6 +135,8 @@ START_TEST(test_gen)
 
        test_good_sig(privkey, pubkey);
 
+       test_bad_sigs(pubkey);
+
        pubkey->destroy(pubkey);
        privkey->destroy(privkey);
 }
@@ -136,6 +197,8 @@ START_TEST(test_load)
 
        test_good_sig(privkey, pubkey);
 
+       test_bad_sigs(pubkey);
+
        pubkey->destroy(pubkey);
        privkey->destroy(privkey);
 }