Fix r = p-n+epsilon ECDSA tests.

I forgot to refresh the public key in those tests, so they weren't actually testing what they were supposed to. With this fix, injecting too larger of a P_MINUS_ORDER into p256-x86_64.c now breaks tests. Change-Id: I5d10a85c84b09629448beef67c86de607525fc71 Reviewed-on: https://boringssl-review.googlesource.com/c/33044 Reviewed-by: Adam Langley <agl@google.com>
2018-11-09 15:48:17 -06:00 · 2018-11-09 15:48:17 -06:00 · adeb72b353
commit adeb72b353
parent f09df6930f
1 changed files with 8 additions and 8 deletions
--- a/crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt
+++ b/crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt
@ -2512,8 +2512,8 @@ S = ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3a

 # r = p-n+3, x = 3 is incorrect. r is too large to compare r+n with x.
 Curve = P-224
-X = cdacee2255448c72d1558eb866b14831acef41ed348bd938cce655be
-Y = d0b409693b64f3597468ae5535338052436158a6771c6318b68025de
+X = ef9169ef146a19c9a7220c6f25f597e7345e25fa1267712b9a20e30d
+Y = 454b19373a67ad81ca37ba8de9a96e881896df7160ba740f4c7373b9
 Digest = 09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b
 R = 0000000000000000000000000000e95c1f470fc1ec22d6baa3a3d5c7
 S = ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3a
@ -2580,8 +2580,8 @@ S = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e

 # r = p-n+5, x = 5 is incorrect. r is too large to compare r+n with x.
 Curve = P-256
-X = 768a0d300a595005a520130e50927d403395c8e1e40be997b48fc048410f7cdb
-Y = 16f217d8e1c02bd887e5de388a17783b182e61b5d534152dc2c4be8d75fdd706
+X = 0ec505bc19b14a43e05678cccf07a443d3e871a2e19b68a4da91859a0650f324
+Y = 77300e4f64e9982d94dff5d294428bb37cc9be66117cae9c389d2d495f68b987
 Digest = 09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b
 R = 000000000000000000000000000000004319055358e8617b0c46353d039cdab3
 S = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e
@ -2648,8 +2648,8 @@ S = ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0

 # r = p-n+2, x = 2 is incorrect. r is too large to compare r+n with x.
 Curve = P-384
-X = c4fd8e68006b83f7b7b20b731ae405813aa05f6e57374589b36ae1cecd1d49cae1418c22f398188bcf4ef02e89fe7394
-Y = dd1164b3707f59e05129fa228b8448031db159985f035d93470dc42b3ab4129f0760c46cf201d42e73a7e33ba7402ea6
+X = 4e5e4f1a6e97059a6cf2f4e8129e5c7c64cb84f9994a41ff5bf30b29c1bf5ba6898627c91a23c73e05cd1a43c8f908c0
+Y = 06a0aed7f1e63a728f87dbd5360a67571a076ab0b4cde81b10d499959814ddb3a8c7854b0bbfa87cc272f90bca2a2254
 Digest = 1fcdb6059ce05172a26bbe2a3ccc88ed5a8cd5fc53edfd9053304d429296a6da23b1cd9e5c9ed3bb34f00418a70cdb7e
 R = 000000000000000000000000000000000000000000000000389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68e
 S = ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
@ -2716,8 +2716,8 @@ S = 01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783

 # r = p-n+1, x = 1 is incorrect. r is too large to compare r+n with x.
 Curve = P-521
-X = 00f651d53d45bf6fd55a5f184e580d11259bc65200387dbc1bf7fb867d2d12a207d2962204ccf38e9d37d23ed95bd01ec576c457127766ecb8ad00342a476ea82078
-Y = 0196caedf64fbaa9a12c16836e0564e36f733957375706edb5f32911991a994c2d6a1ea5db2ee764835a9d6aff379e195f722b48e8d2b60fc50de2a5160c77c3f06c
+X = 009eeb7f956230c3744ca5b683f413009363107aad18a027fa7af6ac07a699911e94143d3ef00c0062d4187c2ea74dc9322c05431a6b7fed51ee71b047ce3a0e967c
+Y = 007d2c089a6720f7c7886ce8aa6aeb9b821adde0eb025ef63c62d37c32b2d6823c857ce7743b8181c35c8f34e6aeb4487dd693e01d69dfe883c07c25ebe89bdc4d56
 Digest = 8710339dcb6814d0d9d2290ef422285c9322b7163951f9a0ca8f883d3305286f44139aa374848e4174f5aada663027e4548637b6d19894aec4fb6c46a139fbf9
 R = 00000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7
 S = 01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386406