From d9c0bc4c37117b69dc16e559aebd10e44caac51d Mon Sep 17 00:00:00 2001
From: Karel Miko <karel.miko@gmail.com>
Date: Sun, 14 Oct 2018 18:01:53 +0200
Subject: [PATCH] failing wycheproof test - extreme value for k and s^-1

---
 tests/ecc_test.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/tests/ecc_test.c b/tests/ecc_test.c
index 799014369..f4c0c6c59 100644
--- a/tests/ecc_test.c
+++ b/tests/ecc_test.c
@@ -295,7 +295,7 @@ static int _ecc_issue443_447(void)
 static int _ecc_issue446(void)
 {
    const ltc_ecc_curve* cu;
-   ecc_key key1, key2, key3;
+   ecc_key key1, key2, key3, key4;
    int err, stat = 0;
    unsigned char hash[64];
    unsigned long hashlen;
@@ -324,6 +324,13 @@ static int _ecc_issue446(void)
       0x42,0x17,0xf6,0x84,0xcf,0xdd,0x83,0x6d,0x7c,0xf6,0x09,0x9a,0x34,0xc6,0x82,0x61,
       0xe5,0xa0,0x94,0xad,0xb5,0xb3,0xe4,0xa9,0x26,0x2f,0xf5,0x95,0x7c,0x1b,0x1b,0xa8
    };
+   const unsigned char pub4[] = {
+      0x04, /* brainpoolP256t1 */
+      0x44,0x24,0xf0,0x9e,0x4f,0x86,0x92,0x31,0xe4,0x7b,0x1e,0x34,0x26,0xec,0x26,0x9e,
+      0x5b,0xef,0x19,0xec,0x64,0xcc,0x96,0xda,0x5b,0x2e,0xfd,0xd2,0x11,0x6b,0x83,0xf0,
+      0x7a,0x86,0x3d,0x25,0x74,0x3b,0xb2,0x60,0xa6,0x38,0xde,0x64,0x97,0x96,0xc6,0x76,
+      0xe1,0x38,0x05,0x86,0x5c,0x8b,0xb9,0xda,0xc3,0x8e,0x16,0xfa,0xe5,0x4b,0x0c,0xef
+   };
    /* msg1+pub1+sig1 test vector is from wycheproof/ecdsa_test VALID */
    const unsigned char sig1[] = {
       0x30,0x45,0x02,0x20,0x2b,0xa3,0xa8,0xbe,0x6b,0x94,0xd5,0xec,0x80,0xa6,0xd9,0xd1,0x19,0x0a,
@@ -372,6 +379,13 @@ static int _ecc_issue446(void)
       0x02,0x20,0x77,0x47,0x2d,0x9a,0x28,0xb4,0xec,0xe7,0x1c,0xf4,0x13,0xa6,0x8e,0xac,0x0e,0xb4,
       0x23,0xa1,0x6f,0xb4,0x62,0xb1,0xf4,0x87,0x06,0xfe,0xd4,0x8c,0xa4,0x37,0xbd,0x2d
    };
+   /* msg4+pub4+sig8 test vector is from wycheproof/ecdsa_test VALID (extreme value for k and s^-1) */
+   const unsigned char sig8[] = {
+      0x30,0x45,0x02,0x21,0x00,0x83,0x38,0x42,0x7c,0x7c,0xf4,0xd1,0x1c,0xb9,0x81,0xd9,0xb1,0x87,
+      0x93,0xe3,0x77,0x9c,0x49,0x4c,0x50,0x2c,0x75,0xbd,0x73,0x9e,0x57,0x8d,0xe2,0xa7,0x00,0x57,
+      0x8d,0x02,0x20,0x30,0x90,0xf4,0x87,0xe5,0x1f,0x9e,0x35,0xc8,0xaf,0x70,0xbb,0x9a,0xb7,0xdf,
+      0x45,0x03,0x7e,0x23,0x0a,0x33,0xd2,0xc1,0xfd,0x96,0xe4,0x04,0x25,0x4f,0xcb,0x86,0x79
+   };
 
    DO(ecc_find_curve("secp256r1", &cu));
    DO(ecc_set_curve(cu, &key1));
@@ -385,6 +399,10 @@ static int _ecc_issue446(void)
    DO(ecc_set_curve(cu, &key3));
    DO(ecc_set_key(pub3, sizeof(pub3), PK_PUBLIC, &key3));
 
+   DO(ecc_find_curve("brainpoolP256t1", &cu));
+   DO(ecc_set_curve(cu, &key4));
+   DO(ecc_set_key(pub4, sizeof(pub4), PK_PUBLIC, &key4));
+
    hashlen = sizeof(hash);
    DO(hash_memory(find_hash("sha256"), msg1, sizeof(msg1), hash, &hashlen));
    DO(ecc_verify_hash(sig1, sizeof(sig1), hash, hashlen, &stat, &key1));
@@ -431,9 +449,16 @@ static int _ecc_issue446(void)
       fprintf(stderr, "XXX-TODO should be valid - wycheproof / extreme value for k\n");
       /* return CRYPT_FAIL_TESTVECTOR; / * expected result: VALID */
    }
+   DO(ecc_verify_hash(sig8, sizeof(sig8), hash, hashlen, &stat, &key4));
+   if (stat != 1) {
+      fprintf(stderr, "XXX-TODO should be valid - wycheproof / extreme value for k and s^-1\n");
+      /* return CRYPT_FAIL_TESTVECTOR; / * expected result: VALID */
+   }
 
    ecc_free(&key1);
    ecc_free(&key2);
+   ecc_free(&key3);
+   ecc_free(&key4);
    return CRYPT_OK;
 }