commit 0271ee0085476761fe94878962017c24cb124cae
author Alice Wang <aliceywang@google.com> Wed Nov 15 15:03:42 2023 +0000
committer Alice Wang <aliceywang@google.com> Mon Nov 20 16:41:52 2023 +0000
tree da2a02bd936c009cbca91c3ac42563638ac84295
parent 8ba3c99c1891e8195a8dd3b61bd0163f2782382e

[bssl] Implement nostd bssl wrapper for ECDSA sign/verify

Bug: 310634099
Test: atest rialto_test libbssl_avf_nostd.test
Change-Id: I817bce28a73fd49c218fa14d9c7ff69eb2e0674d

libs/bssl/tests/eckey_test.rs

diff --git a/libs/bssl/tests/eckey_test.rs b/libs/bssl/tests/eckey_test.rs
index da176ae..3dd243c 100644
--- a/libs/bssl/tests/eckey_test.rs
+++ b/libs/bssl/tests/eckey_test.rs
@@ -12,9 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use bssl_avf::{EcKey, Result};
+use bssl_avf::{sha256, ApiName, EcKey, EcdsaError, Error, Result};
 use coset::CborSerializable;
 
+const MESSAGE1: &[u8] = b"test message 1";
+const MESSAGE2: &[u8] = b"test message 2";
+
 #[test]
 fn ec_private_key_serialization() -> Result<()> {
     let mut ec_key = EcKey::new_p256()?;
@@ -37,3 +40,42 @@
     assert_eq!(cose_key, deserialized_ec_key.cose_public_key()?);
     Ok(())
 }
+
+#[test]
+fn ecdsa_p256_signing_and_verification_succeed() -> Result<()> {
+    let mut ec_key = EcKey::new_p256()?;
+    ec_key.generate_key()?;
+    let digest = sha256(MESSAGE1)?;
+
+    let signature = ec_key.ecdsa_sign(&digest)?;
+    ec_key.ecdsa_verify(&signature, &digest)
+}
+
+#[test]
+fn verifying_ecdsa_p256_signed_with_a_different_key_fails() -> Result<()> {
+    let mut ec_key1 = EcKey::new_p256()?;
+    ec_key1.generate_key()?;
+    let digest = sha256(MESSAGE1)?;
+    let signature = ec_key1.ecdsa_sign(&digest)?;
+
+    let mut ec_key2 = EcKey::new_p256()?;
+    ec_key2.generate_key()?;
+    let err = ec_key2.ecdsa_verify(&signature, &digest).unwrap_err();
+    let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
+    assert_eq!(expected_err, err);
+    Ok(())
+}
+
+#[test]
+fn verifying_ecdsa_p256_signed_with_a_different_message_fails() -> Result<()> {
+    let mut ec_key = EcKey::new_p256()?;
+    ec_key.generate_key()?;
+    let digest1 = sha256(MESSAGE1)?;
+    let signature = ec_key.ecdsa_sign(&digest1)?;
+    let digest2 = sha256(MESSAGE2)?;
+
+    let err = ec_key.ecdsa_verify(&signature, &digest2).unwrap_err();
+    let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
+    assert_eq!(expected_err, err);
+    Ok(())
+}