Add ecp_check_prvkey, with test
Also group key checking and generation functions in ecp.h and ecp.c.
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index db59a93..707d040 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -229,25 +229,6 @@
int ecp_copy( ecp_point *P, const ecp_point *Q );
/**
- * \brief Check that a point is a valid public key on this curve
- *
- * \param grp Curve/group the point should belong to
- * \param pt Point to check
- *
- * \return 0 if point is a valid public key,
- * POLARSSL_ERR_ECP_GENERIC otherwise.
- *
- * \note This function only checks the point is non-zero, has valid
- * coordinates and lies on the curve, but not that it is
- * indeed a multiple of G. This is additional check is more
- * expensive, isn't required by standards, and shouldn't be
- * necessary if the group used has a small cofactor. In
- * particular, it is useless for the NIST groups which all
- * have a cofactor of 1.
- */
-int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
-
-/**
* \brief Import a non-zero point from two ASCII strings
*
* \param P Destination point
@@ -438,6 +419,44 @@
const mpi *m, const ecp_point *P );
/**
+ * \brief Check that a point is a valid public key on this curve
+ *
+ * \param grp Curve/group the point should belong to
+ * \param pt Point to check
+ *
+ * \return 0 if point is a valid public key,
+ * POLARSSL_ERR_ECP_GENERIC otherwise.
+ *
+ * \note This function only checks the point is non-zero, has valid
+ * coordinates and lies on the curve, but not that it is
+ * indeed a multiple of G. This is additional check is more
+ * expensive, isn't required by standards, and shouldn't be
+ * necessary if the group used has a small cofactor. In
+ * particular, it is useless for the NIST groups which all
+ * have a cofactor of 1.
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
+ */
+int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
+
+/**
+ * \brief Check that an mpi is a valid private key for this curve
+ *
+ * \param grp Group used
+ * \param d Integer to check
+ *
+ * \return 0 if point is a valid private key,
+ * POLARSSL_ERR_ECP_GENERIC otherwise.
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
+ */
+int ecp_check_prvkey( const ecp_group *grp, const mpi *d );
+
+/**
* \brief Generate a keypair
*
* \param grp ECP group
@@ -448,6 +467,10 @@
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *
+ * \note Uses bare components rather than an ecp_keypair structure
+ * in order to ease use with other structures such as
+ * ecdh_context of ecdsa_context.
*/
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
diff --git a/library/ecp.c b/library/ecp.c
index 216fc43..29cfce5 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -728,51 +728,6 @@
MPI_CHK( mpi_sub_mpi( &N, &N, &grp->P ) )
/*
- * Check that a point is valid as a public key (SEC1 3.2.3.1)
- */
-int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
-{
- int ret;
- mpi YY, RHS;
-
- if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
- return( POLARSSL_ERR_ECP_GENERIC );
-
- /*
- * pt coordinates must be normalized for our checks
- */
- if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
- return( POLARSSL_ERR_ECP_GENERIC );
-
- if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
- mpi_cmp_int( &pt->Y, 0 ) < 0 ||
- mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
- mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
- return( POLARSSL_ERR_ECP_GENERIC );
-
- mpi_init( &YY ); mpi_init( &RHS );
-
- /*
- * YY = Y^2
- * RHS = X (X^2 - 3) + B = X^3 - 3X + B
- */
- MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
- MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
- MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
- MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
- MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
-
- if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
- ret = POLARSSL_ERR_ECP_GENERIC;
-
-cleanup:
-
- mpi_free( &YY ); mpi_free( &RHS );
-
- return( ret );
-}
-
-/*
* Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
*/
static int ecp_normalize( const ecp_group *grp, ecp_point *pt )
@@ -1306,6 +1261,63 @@
}
/*
+ * Check that a point is valid as a public key (SEC1 3.2.3.1)
+ */
+int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
+{
+ int ret;
+ mpi YY, RHS;
+
+ if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
+ return( POLARSSL_ERR_ECP_GENERIC );
+
+ /*
+ * pt coordinates must be normalized for our checks
+ */
+ if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
+ return( POLARSSL_ERR_ECP_GENERIC );
+
+ if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
+ mpi_cmp_int( &pt->Y, 0 ) < 0 ||
+ mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
+ mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
+ return( POLARSSL_ERR_ECP_GENERIC );
+
+ mpi_init( &YY ); mpi_init( &RHS );
+
+ /*
+ * YY = Y^2
+ * RHS = X (X^2 - 3) + B = X^3 - 3X + B
+ */
+ MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
+ MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
+ MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
+ MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
+ MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
+
+ if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
+ ret = POLARSSL_ERR_ECP_GENERIC;
+
+cleanup:
+
+ mpi_free( &YY ); mpi_free( &RHS );
+
+ return( ret );
+}
+
+/*
+ * Check that an mpi is valid as a private key (SEC1 3.2)
+ */
+int ecp_check_prvkey( const ecp_group *grp, const mpi *d )
+{
+ /* We want 1 <= d <= N-1 */
+ if ( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 )
+ return( POLARSSL_ERR_ECP_GENERIC );
+
+ return( 0 );
+}
+
+/*
* Generate a keypair (SEC1 3.2.1)
*/
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 30fc461..d19e418 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -245,6 +245,9 @@
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_group:SECP521R1
+ECP check prvkey
+ecp_check_prvkey:SECP192R1
+
ECP gen keypair
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:SECP192R1
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index a051bd7..1d3d3df 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -438,6 +438,28 @@
END_CASE
BEGIN_CASE
+ecp_check_prvkey:id
+{
+ ecp_group grp;
+ mpi d;
+
+ ecp_group_init( &grp );
+ mpi_init( &d );
+
+ TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
+
+ TEST_ASSERT( mpi_lset( &d, 0 ) == 0 );
+ TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
+
+ TEST_ASSERT( mpi_copy( &d, &grp.N ) == 0 );
+ TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
+
+ ecp_group_free( &grp );
+ mpi_free( &d );
+}
+END_CASE
+
+BEGIN_CASE
ecp_gen_keypair:id
{
ecp_group grp;
@@ -455,8 +477,8 @@
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
== 0 );
- TEST_ASSERT( mpi_cmp_mpi( &d, &grp.N ) < 0 );
- TEST_ASSERT( mpi_cmp_int( &d, 1 ) >= 0 );
+ TEST_ASSERT( ecp_check_pubkey( &grp, &Q ) == 0 );
+ TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );