TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 10b6daf755ad8dd4771baefb010a12def0d397df / . / tests / suites / test_suite_ecp.function
blob: f5cb3df77a2b92ded2127b2ec1abed91aa8201d5 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecp.h"
Minos Galanakis9a1d02d2023-02-03 19:14:56 +0000[diff] [blame]3#include "ecp_invasive.h"
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]4#include "mbedtls/ecdsa.h"
5#include "mbedtls/ecdh.h"
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]6
Gabor Mezei23d4b8b2023-02-13 14:13:33 +0100[diff] [blame]7#include "bignum_core.h"
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]8#include "ecp_invasive.h"
Gabor Mezeid8f67b92023-02-06 15:49:42 +0100[diff] [blame]9#include "bignum_mod_raw_invasive.h"
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]10
Manuel Pégourié-Gonnard6c7af4c2015-04-03 16:41:52 +0200[diff] [blame]11#define ECP_PF_UNKNOWN -1
Manuel Pégourié-Gonnard7a28e992018-10-16 11:22:45 +0200[diff] [blame]12
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]13#define ECP_PT_RESET(x) \
14 mbedtls_ecp_point_free(x); \
15 mbedtls_ecp_point_init(x);
Gilles Peskine78880732021-03-29 21:32:16 +0200[diff] [blame]16
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]17/* Auxiliary function to compare two mbedtls_ecp_group objects. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]18inline static int mbedtls_ecp_group_cmp(mbedtls_ecp_group *grp1,
19 mbedtls_ecp_group *grp2)
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]20{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]21 if (mbedtls_mpi_cmp_mpi(&grp1->P, &grp2->P) != 0) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]22 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]23 }
24 if (mbedtls_mpi_cmp_mpi(&grp1->A, &grp2->A) != 0) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]25 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]26 }
27 if (mbedtls_mpi_cmp_mpi(&grp1->B, &grp2->B) != 0) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]28 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]29 }
30 if (mbedtls_mpi_cmp_mpi(&grp1->N, &grp2->N) != 0) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]31 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]32 }
33 if (mbedtls_ecp_point_cmp(&grp1->G, &grp2->G) != 0) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]34 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]35 }
36 if (grp1->id != grp2->id) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]37 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]38 }
39 if (grp1->pbits != grp2->pbits) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]40 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]41 }
42 if (grp1->nbits != grp2->nbits) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]43 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]44 }
45 if (grp1->h != grp2->h) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]46 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]47 }
48 if (grp1->modp != grp2->modp) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]49 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50 }
51 if (grp1->t_pre != grp2->t_pre) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]52 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]53 }
54 if (grp1->t_post != grp2->t_post) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]55 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]56 }
57 if (grp1->t_data != grp2->t_data) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]58 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 }
60 if (grp1->T_size != grp2->T_size) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]61 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]62 }
63 if (grp1->T != grp2->T) {
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]64 return 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65 }
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]66
67 return 0;
68}
69
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]70/* END_HEADER */
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]71
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]72/* BEGIN_DEPENDENCIES
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]73 * depends_on:MBEDTLS_ECP_LIGHT
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]74 * END_DEPENDENCIES
75 */
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]76
Tuvshinzaya Erdenekhuufb389dd2022-07-27 15:23:02 +0100[diff] [blame]77/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]78void ecp_invalid_param()
Hanno Becker12dff032018-12-14 15:08:13 +0000[diff] [blame]79{
80 mbedtls_ecp_group grp;
Hanno Becker12dff032018-12-14 15:08:13 +0000[diff] [blame]81 mbedtls_ecp_point P;
Hanno Becker12dff032018-12-14 15:08:13 +0000[diff] [blame]82 int invalid_fmt = 42;
83 size_t olen;
84 unsigned char buf[42] = { 0 };
Hanno Becker12dff032018-12-14 15:08:13 +0000[diff] [blame]85
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]86 mbedtls_ecp_group_init(&grp);
87 mbedtls_ecp_point_init(&P);
Gabor Mezeif29c2a52022-09-23 15:25:27 +0200[diff] [blame]88
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
90 mbedtls_ecp_point_write_binary(&grp, &P,
91 invalid_fmt,
92 &olen,
93 buf, sizeof(buf)));
94 TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
95 mbedtls_ecp_tls_write_point(&grp, &P,
96 invalid_fmt,
97 &olen,
98 buf,
99 sizeof(buf)));
Hanno Becker12dff032018-12-14 15:08:13 +0000[diff] [blame]100
101exit:
102 return;
103}
104/* END_CASE */
105
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]106/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]107void mbedtls_ecp_curve_info(int id, int tls_id, int size, char *name)
Manuel Pégourié-Gonnard0267e3d2013-11-30 15:10:14 +0100[diff] [blame]108{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]109 const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name;
Manuel Pégourié-Gonnard0267e3d2013-11-30 15:10:14 +0100[diff] [blame]110
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]111 by_id = mbedtls_ecp_curve_info_from_grp_id(id);
112 by_tls = mbedtls_ecp_curve_info_from_tls_id(tls_id);
113 by_name = mbedtls_ecp_curve_info_from_name(name);
114 TEST_ASSERT(by_id != NULL);
115 TEST_ASSERT(by_tls != NULL);
116 TEST_ASSERT(by_name != NULL);
Manuel Pégourié-Gonnard0267e3d2013-11-30 15:10:14 +0100[diff] [blame]117
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]118 TEST_ASSERT(by_id == by_tls);
119 TEST_ASSERT(by_id == by_name);
Manuel Pégourié-Gonnard0267e3d2013-11-30 15:10:14 +0100[diff] [blame]120
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]121 TEST_ASSERT(by_id->bit_size == size);
122 TEST_ASSERT(size <= MBEDTLS_ECP_MAX_BITS);
123 TEST_ASSERT(size <= MBEDTLS_ECP_MAX_BYTES * 8);
Manuel Pégourié-Gonnard0267e3d2013-11-30 15:10:14 +0100[diff] [blame]124}
125/* END_CASE */
126
127/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128void ecp_check_pub(int grp_id, char *x_hex, char *y_hex, char *z_hex,
129 int ret)
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]130{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]131 mbedtls_ecp_group grp;
132 mbedtls_ecp_point P;
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]133
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]134 mbedtls_ecp_group_init(&grp);
135 mbedtls_ecp_point_init(&P);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]136
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137 TEST_ASSERT(mbedtls_ecp_group_load(&grp, grp_id) == 0);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]138
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139 TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x_hex) == 0);
140 TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y_hex) == 0);
141 TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z_hex) == 0);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]142
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]143 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &P) == ret);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]144
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]145exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]146 mbedtls_ecp_group_free(&grp);
147 mbedtls_ecp_point_free(&P);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]148}
149/* END_CASE */
150
Manuel Pégourié-Gonnard4b9c51e2017-04-20 15:50:26 +0200[diff] [blame]151/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]152void ecp_test_vect_restart(int id,
153 char *dA_str, char *xA_str, char *yA_str,
154 char *dB_str, char *xZ_str, char *yZ_str,
155 int max_ops, int min_restarts, int max_restarts)
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]156{
157 /*
158 * Test for early restart. Based on test vectors like ecp_test_vect(),
159 * but for the sake of simplicity only does half of each side. It's
160 * important to test both base point and random point, though, as memory
161 * management is different in each case.
162 *
163 * Don't try using too precise bounds for restarts as the exact number
164 * will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and
165 * MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
166 * change in the future. A factor 2 is a minimum safety margin.
167 *
168 * For reference, with mbed TLS 2.4 and default settings, for P-256:
Manuel Pégourié-Gonnard9c5c78f2017-03-20 14:13:07 +0100[diff] [blame]169 * - Random point mult: ~3250M
170 * - Cold base point mult: ~3300M
171 * - Hot base point mult: ~1100M
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]172 * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum):
Manuel Pégourié-Gonnard9c5c78f2017-03-20 14:13:07 +0100[diff] [blame]173 * - Random point mult: ~3850M
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]174 */
Manuel Pégourié-Gonnardb739a712017-04-19 10:11:56 +0200[diff] [blame]175 mbedtls_ecp_restart_ctx ctx;
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]176 mbedtls_ecp_group grp;
Manuel Pégourié-Gonnard7a28e992018-10-16 11:22:45 +0200[diff] [blame]177 mbedtls_ecp_point R, P;
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]178 mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
179 int cnt_restarts;
180 int ret;
Manuel Pégourié-Gonnardaa3ed6f2021-06-15 11:29:26 +0200[diff] [blame]181 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]182
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 mbedtls_ecp_restart_init(&ctx);
184 mbedtls_ecp_group_init(&grp);
185 mbedtls_ecp_point_init(&R); mbedtls_ecp_point_init(&P);
186 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA); mbedtls_mpi_init(&yA);
187 mbedtls_mpi_init(&dB); mbedtls_mpi_init(&xZ); mbedtls_mpi_init(&yZ);
188 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]189
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]190 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]191
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]192 TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_str) == 0);
193 TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_str) == 0);
194 TEST_ASSERT(mbedtls_test_read_mpi(&yA, yA_str) == 0);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]195
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]196 TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_str) == 0);
197 TEST_ASSERT(mbedtls_test_read_mpi(&xZ, xZ_str) == 0);
198 TEST_ASSERT(mbedtls_test_read_mpi(&yZ, yZ_str) == 0);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]199
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]200 mbedtls_ecp_set_max_ops((unsigned) max_ops);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]201
202 /* Base point case */
203 cnt_restarts = 0;
204 do {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]205 ECP_PT_RESET(&R);
206 ret = mbedtls_ecp_mul_restartable(&grp, &R, &dA, &grp.G,
207 &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx);
208 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]209
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]210 TEST_ASSERT(ret == 0);
211 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
212 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yA) == 0);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]213
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]214 TEST_ASSERT(cnt_restarts >= min_restarts);
215 TEST_ASSERT(cnt_restarts <= max_restarts);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]216
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]217 /* Non-base point case */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]218 mbedtls_ecp_copy(&P, &R);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]219 cnt_restarts = 0;
220 do {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]221 ECP_PT_RESET(&R);
222 ret = mbedtls_ecp_mul_restartable(&grp, &R, &dB, &P,
223 &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx);
224 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]225
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226 TEST_ASSERT(ret == 0);
227 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
228 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]229
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]230 TEST_ASSERT(cnt_restarts >= min_restarts);
231 TEST_ASSERT(cnt_restarts <= max_restarts);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]232
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]233 /* Do we leak memory when aborting an operation?
234 * This test only makes sense when we actually restart */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]235 if (min_restarts > 0) {
236 ret = mbedtls_ecp_mul_restartable(&grp, &R, &dB, &P,
237 &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx);
238 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]239 }
Manuel Pégourié-Gonnard77af79a2017-03-14 10:58:00 +0100[diff] [blame]240
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]241exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]242 mbedtls_ecp_restart_free(&ctx);
243 mbedtls_ecp_group_free(&grp);
244 mbedtls_ecp_point_free(&R); mbedtls_ecp_point_free(&P);
245 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA); mbedtls_mpi_free(&yA);
246 mbedtls_mpi_free(&dB); mbedtls_mpi_free(&xZ); mbedtls_mpi_free(&yZ);
Manuel Pégourié-Gonnard510d5ca2017-03-08 11:41:47 +0100[diff] [blame]247}
248/* END_CASE */
249
Manuel Pégourié-Gonnard57866462022-12-06 12:14:49 +0100[diff] [blame]250/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251void ecp_muladd_restart(int id, char *xR_str, char *yR_str,
252 char *u1_str, char *u2_str,
253 char *xQ_str, char *yQ_str,
254 int max_ops, int min_restarts, int max_restarts)
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]255{
256 /*
257 * Compute R = u1 * G + u2 * Q
258 * (test vectors mostly taken from ECDSA intermediate results)
259 *
260 * See comments at the top of ecp_test_vect_restart()
261 */
262 mbedtls_ecp_restart_ctx ctx;
263 mbedtls_ecp_group grp;
264 mbedtls_ecp_point R, Q;
265 mbedtls_mpi u1, u2, xR, yR;
266 int cnt_restarts;
267 int ret;
268
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]269 mbedtls_ecp_restart_init(&ctx);
270 mbedtls_ecp_group_init(&grp);
271 mbedtls_ecp_point_init(&R);
272 mbedtls_ecp_point_init(&Q);
273 mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
274 mbedtls_mpi_init(&xR); mbedtls_mpi_init(&yR);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]275
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]276 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]277
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]278 TEST_ASSERT(mbedtls_test_read_mpi(&u1, u1_str) == 0);
279 TEST_ASSERT(mbedtls_test_read_mpi(&u2, u2_str) == 0);
280 TEST_ASSERT(mbedtls_test_read_mpi(&xR, xR_str) == 0);
281 TEST_ASSERT(mbedtls_test_read_mpi(&yR, yR_str) == 0);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]282
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]283 TEST_ASSERT(mbedtls_test_read_mpi(&Q.X, xQ_str) == 0);
284 TEST_ASSERT(mbedtls_test_read_mpi(&Q.Y, yQ_str) == 0);
285 TEST_ASSERT(mbedtls_mpi_lset(&Q.Z, 1) == 0);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]286
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]287 mbedtls_ecp_set_max_ops((unsigned) max_ops);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]288
289 cnt_restarts = 0;
290 do {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]291 ECP_PT_RESET(&R);
292 ret = mbedtls_ecp_muladd_restartable(&grp, &R,
293 &u1, &grp.G, &u2, &Q, &ctx);
294 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]295
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]296 TEST_ASSERT(ret == 0);
297 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xR) == 0);
298 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yR) == 0);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]299
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]300 TEST_ASSERT(cnt_restarts >= min_restarts);
301 TEST_ASSERT(cnt_restarts <= max_restarts);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]302
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]303 /* Do we leak memory when aborting an operation?
304 * This test only makes sense when we actually restart */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]305 if (min_restarts > 0) {
306 ret = mbedtls_ecp_muladd_restartable(&grp, &R,
307 &u1, &grp.G, &u2, &Q, &ctx);
308 TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
Manuel Pégourié-Gonnard46ba7f32017-08-28 12:20:39 +0200[diff] [blame]309 }
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]310
311exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]312 mbedtls_ecp_restart_free(&ctx);
313 mbedtls_ecp_group_free(&grp);
314 mbedtls_ecp_point_free(&R);
315 mbedtls_ecp_point_free(&Q);
316 mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2);
317 mbedtls_mpi_free(&xR); mbedtls_mpi_free(&yR);
Manuel Pégourié-Gonnard54dd6522017-04-20 13:36:18 +0200[diff] [blame]318}
319/* END_CASE */
320
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]321/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]322void ecp_test_vect(int id, char *dA_str, char *xA_str, char *yA_str,
323 char *dB_str, char *xB_str, char *yB_str,
324 char *xZ_str, char *yZ_str)
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]325{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]326 mbedtls_ecp_group grp;
327 mbedtls_ecp_point R;
328 mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]329 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]330
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]331 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
332 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA); mbedtls_mpi_init(&yA); mbedtls_mpi_init(&dB);
333 mbedtls_mpi_init(&xB); mbedtls_mpi_init(&yB); mbedtls_mpi_init(&xZ); mbedtls_mpi_init(&yZ);
334 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]335
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]336 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]337
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]338 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
Manuel Pégourié-Gonnard1c330572012-11-24 12:05:44 +0100[diff] [blame]339
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]340 TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_str) == 0);
341 TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_str) == 0);
342 TEST_ASSERT(mbedtls_test_read_mpi(&yA, yA_str) == 0);
343 TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_str) == 0);
344 TEST_ASSERT(mbedtls_test_read_mpi(&xB, xB_str) == 0);
345 TEST_ASSERT(mbedtls_test_read_mpi(&yB, yB_str) == 0);
346 TEST_ASSERT(mbedtls_test_read_mpi(&xZ, xZ_str) == 0);
347 TEST_ASSERT(mbedtls_test_read_mpi(&yZ, yZ_str) == 0);
Manuel Pégourié-Gonnarde739f012012-11-07 12:24:22 +0100[diff] [blame]348
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]349 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &grp.G,
350 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
351 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
352 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yA) == 0);
353 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
354 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &R,
355 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
356 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
357 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
358 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
Manuel Pégourié-Gonnarde739f012012-11-07 12:24:22 +0100[diff] [blame]359
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]360 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &grp.G,
361 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
362 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xB) == 0);
363 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yB) == 0);
364 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
365 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &R,
366 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
367 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xZ) == 0);
368 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.Y, &yZ) == 0);
369 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
Manuel Pégourié-Gonnarde739f012012-11-07 12:24:22 +0100[diff] [blame]370
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]371exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
373 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA); mbedtls_mpi_free(&yA); mbedtls_mpi_free(&dB);
374 mbedtls_mpi_free(&xB); mbedtls_mpi_free(&yB); mbedtls_mpi_free(&xZ); mbedtls_mpi_free(&yZ);
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]375}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]376/* END_CASE */
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]377
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]378/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]379void ecp_test_vec_x(int id, char *dA_hex, char *xA_hex, char *dB_hex,
380 char *xB_hex, char *xS_hex)
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]381{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]382 mbedtls_ecp_group grp;
383 mbedtls_ecp_point R;
384 mbedtls_mpi dA, xA, dB, xB, xS;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]385 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]386
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]387 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
388 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&xA);
389 mbedtls_mpi_init(&dB); mbedtls_mpi_init(&xB);
390 mbedtls_mpi_init(&xS);
391 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]392
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]393 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]394
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]395 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]396
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]397 TEST_ASSERT(mbedtls_test_read_mpi(&dA, dA_hex) == 0);
398 TEST_ASSERT(mbedtls_test_read_mpi(&dB, dB_hex) == 0);
399 TEST_ASSERT(mbedtls_test_read_mpi(&xA, xA_hex) == 0);
400 TEST_ASSERT(mbedtls_test_read_mpi(&xB, xB_hex) == 0);
401 TEST_ASSERT(mbedtls_test_read_mpi(&xS, xS_hex) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]402
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]403 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &grp.G,
404 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
405 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
406 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xA) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]407
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]408 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &R,
409 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
410 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
411 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xS) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]412
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]413 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dB, &grp.G,
414 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
415 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
416 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xB) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]417
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]418 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &dA, &R,
419 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
420 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &R) == 0);
421 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R.X, &xS) == 0);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]422
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]423exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]424 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
425 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&xA);
426 mbedtls_mpi_free(&dB); mbedtls_mpi_free(&xB);
427 mbedtls_mpi_free(&xS);
Manuel Pégourié-Gonnarda0179b82013-12-04 11:49:20 +0100[diff] [blame]428}
429/* END_CASE */
430
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]431/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]432void ecp_test_mul(int id, data_t *n_hex,
433 data_t *Px_hex, data_t *Py_hex, data_t *Pz_hex,
434 data_t *nPx_hex, data_t *nPy_hex, data_t *nPz_hex,
435 int expected_ret)
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]436{
437 mbedtls_ecp_group grp;
438 mbedtls_ecp_point P, nP, R;
439 mbedtls_mpi n;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]440 mbedtls_test_rnd_pseudo_info rnd_info;
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]441
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]442 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&R);
443 mbedtls_ecp_point_init(&P); mbedtls_ecp_point_init(&nP);
444 mbedtls_mpi_init(&n);
445 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]446
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]447 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]448
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]449 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]450
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]451 TEST_ASSERT(mbedtls_mpi_read_binary(&n, n_hex->x, n_hex->len) == 0);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]452
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]453 TEST_ASSERT(mbedtls_mpi_read_binary(&P.X, Px_hex->x, Px_hex->len) == 0);
454 TEST_ASSERT(mbedtls_mpi_read_binary(&P.Y, Py_hex->x, Py_hex->len) == 0);
455 TEST_ASSERT(mbedtls_mpi_read_binary(&P.Z, Pz_hex->x, Pz_hex->len) == 0);
456 TEST_ASSERT(mbedtls_mpi_read_binary(&nP.X, nPx_hex->x, nPx_hex->len)
457 == 0);
458 TEST_ASSERT(mbedtls_mpi_read_binary(&nP.Y, nPy_hex->x, nPy_hex->len)
459 == 0);
460 TEST_ASSERT(mbedtls_mpi_read_binary(&nP.Z, nPz_hex->x, nPz_hex->len)
461 == 0);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]462
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]463 TEST_ASSERT(mbedtls_ecp_mul(&grp, &R, &n, &P,
464 &mbedtls_test_rnd_pseudo_rand, &rnd_info)
465 == expected_ret);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]466
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]467 if (expected_ret == 0) {
468 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.X, &R.X) == 0);
469 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.Y, &R.Y) == 0);
470 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&nP.Z, &R.Z) == 0);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]471 }
472
473exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&R);
475 mbedtls_ecp_point_free(&P); mbedtls_ecp_point_free(&nP);
476 mbedtls_mpi_free(&n);
Janos Follath182b0b92019-04-26 14:28:19 +0100[diff] [blame]477}
478/* END_CASE */
479
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]480/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]481void ecp_test_mul_rng(int id, data_t *d_hex)
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]482{
483 mbedtls_ecp_group grp;
484 mbedtls_mpi d;
485 mbedtls_ecp_point Q;
486
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]487 mbedtls_ecp_group_init(&grp); mbedtls_mpi_init(&d);
488 mbedtls_ecp_point_init(&Q);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]489
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]490 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]491
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]492 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &grp.G) == 0);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]493
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]494 TEST_ASSERT(mbedtls_mpi_read_binary(&d, d_hex->x, d_hex->len) == 0);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]495
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]496 TEST_ASSERT(mbedtls_ecp_mul(&grp, &Q, &d, &grp.G,
497 &mbedtls_test_rnd_zero_rand, NULL)
498 == MBEDTLS_ERR_ECP_RANDOM_FAILED);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]499
500exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]501 mbedtls_ecp_group_free(&grp); mbedtls_mpi_free(&d);
502 mbedtls_ecp_point_free(&Q);
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]503}
504/* END_CASE */
505
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]506/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]507void ecp_muladd(int id,
508 data_t *u1_bin, data_t *P1_bin,
509 data_t *u2_bin, data_t *P2_bin,
510 data_t *expected_result)
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]511{
512 /* Compute R = u1 * P1 + u2 * P2 */
513 mbedtls_ecp_group grp;
514 mbedtls_ecp_point P1, P2, R;
515 mbedtls_mpi u1, u2;
516 uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
517 size_t len;
518
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]519 mbedtls_ecp_group_init(&grp);
520 mbedtls_ecp_point_init(&P1);
521 mbedtls_ecp_point_init(&P2);
522 mbedtls_ecp_point_init(&R);
523 mbedtls_mpi_init(&u1);
524 mbedtls_mpi_init(&u2);
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]525
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]526 TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, id));
527 TEST_EQUAL(0, mbedtls_mpi_read_binary(&u1, u1_bin->x, u1_bin->len));
528 TEST_EQUAL(0, mbedtls_mpi_read_binary(&u2, u2_bin->x, u2_bin->len));
529 TEST_EQUAL(0, mbedtls_ecp_point_read_binary(&grp, &P1,
530 P1_bin->x, P1_bin->len));
531 TEST_EQUAL(0, mbedtls_ecp_point_read_binary(&grp, &P2,
532 P2_bin->x, P2_bin->len));
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]533
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]534 TEST_EQUAL(0, mbedtls_ecp_muladd(&grp, &R, &u1, &P1, &u2, &P2));
535 TEST_EQUAL(0, mbedtls_ecp_point_write_binary(
536 &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
537 &len, actual_result, sizeof(actual_result)));
538 TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN);
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]539
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]540 ASSERT_COMPARE(expected_result->x, expected_result->len,
541 actual_result, len);
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]542
543exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]544 mbedtls_ecp_group_free(&grp);
545 mbedtls_ecp_point_free(&P1);
546 mbedtls_ecp_point_free(&P2);
547 mbedtls_ecp_point_free(&R);
548 mbedtls_mpi_free(&u1);
549 mbedtls_mpi_free(&u2);
Gilles Peskineca91ee42021-04-03 18:31:01 +0200[diff] [blame]550}
551/* END_CASE */
552
Jonas923d5792020-05-13 14:22:45 +0900[diff] [blame]553/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]554void ecp_fast_mod(int id, char *N_str)
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]555{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]556 mbedtls_ecp_group grp;
557 mbedtls_mpi N, R;
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]558
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]559 mbedtls_mpi_init(&N); mbedtls_mpi_init(&R);
560 mbedtls_ecp_group_init(&grp);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]561
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]562 TEST_ASSERT(mbedtls_test_read_mpi(&N, N_str) == 0);
563 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
564 TEST_ASSERT(grp.modp != NULL);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]565
566 /*
567 * Store correct result before we touch N
568 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]569 TEST_ASSERT(mbedtls_mpi_mod_mpi(&R, &N, &grp.P) == 0);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]570
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]571 TEST_ASSERT(grp.modp(&N) == 0);
572 TEST_ASSERT(mbedtls_mpi_bitlen(&N) <= grp.pbits + 3);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]573
574 /*
Paul Bakkerd8b0c5e2014-04-11 15:31:33 +0200[diff] [blame]575 * Use mod rather than addition/subtraction in case previous test fails
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]576 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]577 TEST_ASSERT(mbedtls_mpi_mod_mpi(&N, &N, &grp.P) == 0);
578 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&N, &R) == 0);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]579
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]580exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]581 mbedtls_mpi_free(&N); mbedtls_mpi_free(&R);
582 mbedtls_ecp_group_free(&grp);
Manuel Pégourié-Gonnard84338242012-11-11 20:45:18 +0100[diff] [blame]583}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]584/* END_CASE */
Manuel Pégourié-Gonnardb4a310b2012-11-13 20:57:00 +0100[diff] [blame]585
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]586/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]587void ecp_write_binary(int id, char *x, char *y, char *z, int format,
588 data_t *out, int blen, int ret)
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]589{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]590 mbedtls_ecp_group grp;
591 mbedtls_ecp_point P;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]592 unsigned char buf[256];
Manuel Pégourié-Gonnard420f1eb2013-02-10 12:22:46 +0100[diff] [blame]593 size_t olen;
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]594
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]595 memset(buf, 0, sizeof(buf));
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]596
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]597 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]598
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]599 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]600
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]601 TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0);
602 TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0);
603 TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]604
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]605 TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format,
606 &olen, buf, blen) == ret);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]607
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]608 if (ret == 0) {
609 TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN);
610 TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]611 }
612
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]613exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]614 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]615}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]616/* END_CASE */
Manuel Pégourié-Gonnarde19feb52012-11-24 14:10:14 +0100[diff] [blame]617
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]618/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]619void ecp_read_binary(int id, data_t *buf, char *x, char *y, char *z,
620 int ret)
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]621{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]622 mbedtls_ecp_group grp;
623 mbedtls_ecp_point P;
624 mbedtls_mpi X, Y, Z;
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]625
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]626
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]627 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
628 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]629
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]630 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]631
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]632 TEST_ASSERT(mbedtls_test_read_mpi(&X, x) == 0);
633 TEST_ASSERT(mbedtls_test_read_mpi(&Y, y) == 0);
634 TEST_ASSERT(mbedtls_test_read_mpi(&Z, z) == 0);
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]635
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]636 TEST_ASSERT(mbedtls_ecp_point_read_binary(&grp, &P, buf->x, buf->len) == ret);
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]637
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]638 if (ret == 0) {
639 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.X, &X) == 0);
640 if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
641 TEST_ASSERT(mbedtls_mpi_cmp_int(&Y, 0) == 0);
642 TEST_ASSERT(P.Y.p == NULL);
643 TEST_ASSERT(mbedtls_mpi_cmp_int(&Z, 1) == 0);
644 TEST_ASSERT(mbedtls_mpi_cmp_int(&P.Z, 1) == 0);
645 } else {
646 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Y, &Y) == 0);
647 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Z, &Z) == 0);
Glenn Strauss2ff77112022-09-14 23:27:50 -0400[diff] [blame]648
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]649 if (buf->x[0] == 0x04 &&
Glenn Strauss2ff77112022-09-14 23:27:50 -0400[diff] [blame]650 /* (reading compressed format supported only for
651 * Short Weierstrass curves with prime p where p = 3 mod 4) */
652 id != MBEDTLS_ECP_DP_SECP224R1 &&
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]653 id != MBEDTLS_ECP_DP_SECP224K1) {
Glenn Strauss2ff77112022-09-14 23:27:50 -0400[diff] [blame]654 /* re-encode in compressed format and test read again */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]655 mbedtls_mpi_free(&P.Y);
656 buf->x[0] = 0x02 + mbedtls_mpi_get_bit(&Y, 0);
657 TEST_ASSERT(mbedtls_ecp_point_read_binary(&grp, &P, buf->x, buf->len/2+1) == 0);
658 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Y, &Y) == 0);
Glenn Strauss2ff77112022-09-14 23:27:50 -0400[diff] [blame]659 }
Janos Follath59b813c2019-02-13 10:44:06 +0000[diff] [blame]660 }
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]661 }
662
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]663exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]664 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
665 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]666}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]667/* END_CASE */
Manuel Pégourié-Gonnard5e402d82012-11-24 16:19:42 +0100[diff] [blame]668
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]669/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]670void mbedtls_ecp_tls_read_point(int id, data_t *buf, char *x, char *y,
671 char *z, int ret)
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]672{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]673 mbedtls_ecp_group grp;
674 mbedtls_ecp_point P;
675 mbedtls_mpi X, Y, Z;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]676 const unsigned char *vbuf = buf->x;
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]677
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]678
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]679 mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
680 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]681
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]682 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]683
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]684 TEST_ASSERT(mbedtls_test_read_mpi(&X, x) == 0);
685 TEST_ASSERT(mbedtls_test_read_mpi(&Y, y) == 0);
686 TEST_ASSERT(mbedtls_test_read_mpi(&Z, z) == 0);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]687
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]688 TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &P, &vbuf, buf->len) == ret);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]689
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]690 if (ret == 0) {
691 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.X, &X) == 0);
692 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Y, &Y) == 0);
693 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&P.Z, &Z) == 0);
694 TEST_ASSERT((uint32_t) (vbuf - buf->x) == buf->len);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]695 }
696
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]697exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]698 mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
699 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]700}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]701/* END_CASE */
Manuel Pégourié-Gonnard8c16f962013-02-10 13:00:20 +0100[diff] [blame]702
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]703/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]704void ecp_tls_write_read_point(int id)
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]705{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]706 mbedtls_ecp_group grp;
707 mbedtls_ecp_point pt;
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]708 unsigned char buf[256];
Manuel Pégourié-Gonnard98f51812013-02-10 13:38:29 +0100[diff] [blame]709 const unsigned char *vbuf;
Manuel Pégourié-Gonnard420f1eb2013-02-10 12:22:46 +0100[diff] [blame]710 size_t olen;
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]711
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]712 mbedtls_ecp_group_init(&grp);
713 mbedtls_ecp_point_init(&pt);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]714
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]715 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]716
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]717 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
718 TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &grp.G,
719 MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256) == 0);
720 TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
721 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.X, &pt.X) == 0);
722 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Y, &pt.Y) == 0);
723 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Z, &pt.Z) == 0);
724 TEST_ASSERT(vbuf == buf + olen);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]725
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]726 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
727 TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &grp.G,
728 MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256) == 0);
729 TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
730 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.X, &pt.X) == 0);
731 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Y, &pt.Y) == 0);
732 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.G.Z, &pt.Z) == 0);
733 TEST_ASSERT(vbuf == buf + olen);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]734
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]735 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
736 TEST_ASSERT(mbedtls_ecp_set_zero(&pt) == 0);
737 TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &pt,
738 MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256) == 0);
739 TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
740 TEST_ASSERT(mbedtls_ecp_is_zero(&pt));
741 TEST_ASSERT(vbuf == buf + olen);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]742
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]743 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
744 TEST_ASSERT(mbedtls_ecp_set_zero(&pt) == 0);
745 TEST_ASSERT(mbedtls_ecp_tls_write_point(&grp, &pt,
746 MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256) == 0);
747 TEST_ASSERT(mbedtls_ecp_tls_read_point(&grp, &pt, &vbuf, olen) == 0);
748 TEST_ASSERT(mbedtls_ecp_is_zero(&pt));
749 TEST_ASSERT(vbuf == buf + olen);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]750
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]751exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]752 mbedtls_ecp_group_free(&grp);
753 mbedtls_ecp_point_free(&pt);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]754}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]755/* END_CASE */
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]756
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]757/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]758void mbedtls_ecp_tls_read_group(data_t *buf, int result, int bits,
759 int record_len)
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]760{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]761 mbedtls_ecp_group grp;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]762 const unsigned char *vbuf = buf->x;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]763 int ret;
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]764
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]765 mbedtls_ecp_group_init(&grp);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]766
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]767 ret = mbedtls_ecp_tls_read_group(&grp, &vbuf, buf->len);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]768
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]769 TEST_ASSERT(ret == result);
770 if (ret == 0) {
771 TEST_ASSERT(mbedtls_mpi_bitlen(&grp.P) == (size_t) bits);
772 TEST_ASSERT(vbuf - buf->x == record_len);
Manuel Pégourié-Gonnard7c145c62013-02-10 13:20:52 +0100[diff] [blame]773 }
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]774
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]775exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]776 mbedtls_ecp_group_free(&grp);
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]777}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]778/* END_CASE */
Manuel Pégourié-Gonnard6282aca2013-02-10 11:15:11 +0100[diff] [blame]779
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]780/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]781void ecp_tls_write_read_group(int id)
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]782{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]783 mbedtls_ecp_group grp1, grp2;
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]784 unsigned char buf[10];
Manuel Pégourié-Gonnard7c145c62013-02-10 13:20:52 +0100[diff] [blame]785 const unsigned char *vbuf = buf;
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]786 size_t len;
787 int ret;
788
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]789 mbedtls_ecp_group_init(&grp1);
790 mbedtls_ecp_group_init(&grp2);
791 memset(buf, 0x00, sizeof(buf));
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]792
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]793 TEST_ASSERT(mbedtls_ecp_group_load(&grp1, id) == 0);
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]794
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]795 TEST_ASSERT(mbedtls_ecp_tls_write_group(&grp1, &len, buf, 10) == 0);
796 ret = mbedtls_ecp_tls_read_group(&grp2, &vbuf, len);
797 TEST_ASSERT(ret == 0);
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]798
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]799 if (ret == 0) {
800 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp1.N, &grp2.N) == 0);
801 TEST_ASSERT(grp1.id == grp2.id);
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]802 }
803
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]804exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]805 mbedtls_ecp_group_free(&grp1);
806 mbedtls_ecp_group_free(&grp2);
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]807}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]808/* END_CASE */
Manuel Pégourié-Gonnard46106a92013-02-10 12:51:17 +0100[diff] [blame]809
Valerio Setti46829482023-01-18 13:59:30 +0100[diff] [blame]810/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]811void mbedtls_ecp_group_metadata(int id, int bit_size, int crv_type,
812 char *P, char *A, char *B,
813 char *G_x, char *G_y, char *N,
814 int tls_id)
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]815{
816 mbedtls_ecp_group grp, grp_read, grp_cpy;
817 const mbedtls_ecp_group_id *g_id;
Werner Lewisccae25b2022-09-20 10:00:07 +0100[diff] [blame]818 mbedtls_ecp_group_id read_g_id;
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]819 const mbedtls_ecp_curve_info *crv, *crv_tls_id, *crv_name;
820
821 mbedtls_mpi exp_P, exp_A, exp_B, exp_G_x, exp_G_y, exp_N;
822
823 unsigned char buf[3], ecparameters[3] = { 3, 0, tls_id };
824 const unsigned char *vbuf = buf;
825 size_t olen;
826
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]827 mbedtls_ecp_group_init(&grp);
828 mbedtls_ecp_group_init(&grp_read);
829 mbedtls_ecp_group_init(&grp_cpy);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]830
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]831 mbedtls_mpi_init(&exp_P);
832 mbedtls_mpi_init(&exp_A);
833 mbedtls_mpi_init(&exp_B);
834 mbedtls_mpi_init(&exp_G_x);
835 mbedtls_mpi_init(&exp_G_y);
836 mbedtls_mpi_init(&exp_N);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]837
838 // Read expected parameters
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]839 TEST_EQUAL(mbedtls_test_read_mpi(&exp_P, P), 0);
840 TEST_EQUAL(mbedtls_test_read_mpi(&exp_A, A), 0);
841 TEST_EQUAL(mbedtls_test_read_mpi(&exp_G_x, G_x), 0);
842 TEST_EQUAL(mbedtls_test_read_mpi(&exp_N, N), 0);
843 TEST_EQUAL(mbedtls_test_read_mpi(&exp_B, B), 0);
844 TEST_EQUAL(mbedtls_test_read_mpi(&exp_G_y, G_y), 0);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]845
Werner Lewisc4afef72022-08-25 10:29:19 +0100[diff] [blame]846 // Convert exp_A to internal representation (A+2)/4
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]847 if (crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY) {
848 TEST_EQUAL(mbedtls_mpi_add_int(&exp_A, &exp_A, 2), 0);
849 TEST_EQUAL(mbedtls_mpi_div_int(&exp_A, NULL, &exp_A, 4), 0);
Werner Lewisc4afef72022-08-25 10:29:19 +0100[diff] [blame]850 }
851
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]852 // Load group
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]853 TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]854
855 // Compare group with expected parameters
856 // A is NULL for SECPxxxR1 curves
857 // B and G_y are NULL for curve25519 and curve448
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]858 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_P, &grp.P), 0);
859 if (*A != 0) {
860 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_A, &grp.A), 0);
861 }
862 if (*B != 0) {
863 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_B, &grp.B), 0);
864 }
865 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_G_x, &grp.G.X), 0);
866 if (*G_y != 0) {
867 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_G_y, &grp.G.Y), 0);
868 }
869 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&exp_N, &grp.N), 0);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]870
871 // Load curve info and compare with known values
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]872 crv = mbedtls_ecp_curve_info_from_grp_id(id);
873 TEST_EQUAL(crv->grp_id, id);
874 TEST_EQUAL(crv->bit_size, bit_size);
875 TEST_EQUAL(crv->tls_id, tls_id);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]876
877 // Load curve from TLS ID and name, and compare IDs
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]878 crv_tls_id = mbedtls_ecp_curve_info_from_tls_id(crv->tls_id);
879 crv_name = mbedtls_ecp_curve_info_from_name(crv->name);
880 TEST_EQUAL(crv_tls_id->grp_id, id);
881 TEST_EQUAL(crv_name->grp_id, id);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]882
Werner Lewisccae25b2022-09-20 10:00:07 +0100[diff] [blame]883 // Validate write_group against test data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]884 TEST_EQUAL(mbedtls_ecp_tls_write_group(&grp, &olen,
885 buf, sizeof(buf)),
886 0);
887 TEST_EQUAL(mbedtls_test_hexcmp(buf, ecparameters, olen,
888 sizeof(ecparameters)),
889 0);
Werner Lewisccae25b2022-09-20 10:00:07 +0100[diff] [blame]890
891 // Read group from buffer and compare with expected ID
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]892 TEST_EQUAL(mbedtls_ecp_tls_read_group_id(&read_g_id, &vbuf, olen),
893 0);
894 TEST_EQUAL(read_g_id, id);
Werner Lewis05feee12022-09-20 12:05:00 +0100[diff] [blame]895 vbuf = buf;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]896 TEST_EQUAL(mbedtls_ecp_tls_read_group(&grp_read, &vbuf, olen),
897 0);
898 TEST_EQUAL(grp_read.id, id);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]899
900 // Check curve type, and if it can be used for ECDH/ECDSA
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]901 TEST_EQUAL(mbedtls_ecp_get_type(&grp), crv_type);
Valerio Setti46829482023-01-18 13:59:30 +0100[diff] [blame]902#if defined(MBEDTLS_ECDH_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]903 TEST_EQUAL(mbedtls_ecdh_can_do(id), 1);
Valerio Setti46829482023-01-18 13:59:30 +0100[diff] [blame]904#endif
905#if defined(MBEDTLS_ECDSA_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]906 TEST_EQUAL(mbedtls_ecdsa_can_do(id),
907 crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS);
Valerio Setti46829482023-01-18 13:59:30 +0100[diff] [blame]908#endif
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]909
910 // Copy group and compare with original
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]911 TEST_EQUAL(mbedtls_ecp_group_copy(&grp_cpy, &grp), 0);
912 TEST_EQUAL(mbedtls_ecp_group_cmp(&grp, &grp_cpy), 0);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]913
914 // Check curve is in curve list and group ID list
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]915 for (crv = mbedtls_ecp_curve_list();
916 crv->grp_id != MBEDTLS_ECP_DP_NONE &&
917 crv->grp_id != (unsigned) id;
918 crv++) {
919 ;
920 }
921 TEST_EQUAL(crv->grp_id, id);
922 for (g_id = mbedtls_ecp_grp_id_list();
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]923 *g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]924 g_id++) {
925 ;
926 }
927 TEST_EQUAL(*g_id, (unsigned) id);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]928
929exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]930 mbedtls_ecp_group_free(&grp); mbedtls_ecp_group_free(&grp_cpy);
931 mbedtls_ecp_group_free(&grp_read);
932 mbedtls_mpi_free(&exp_P); mbedtls_mpi_free(&exp_A);
933 mbedtls_mpi_free(&exp_B); mbedtls_mpi_free(&exp_G_x);
934 mbedtls_mpi_free(&exp_G_y); mbedtls_mpi_free(&exp_N);
Werner Lewise54046c2022-08-15 11:43:56 +0100[diff] [blame]935}
936/* END_CASE */
937
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]938/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]939void mbedtls_ecp_check_privkey(int id, char *key_hex, int ret)
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]940{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]941 mbedtls_ecp_group grp;
942 mbedtls_mpi d;
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]943
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]944 mbedtls_ecp_group_init(&grp);
945 mbedtls_mpi_init(&d);
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]946
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]947 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
948 TEST_ASSERT(mbedtls_test_read_mpi(&d, key_hex) == 0);
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]949
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]950 TEST_ASSERT(mbedtls_ecp_check_privkey(&grp, &d) == ret);
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]951
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]952exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]953 mbedtls_ecp_group_free(&grp);
954 mbedtls_mpi_free(&d);
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]955}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]956/* END_CASE */
Manuel Pégourié-Gonnardc8dc2952013-07-01 14:06:13 +0200[diff] [blame]957
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]958/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]959void mbedtls_ecp_check_pub_priv(int id_pub, char *Qx_pub, char *Qy_pub,
960 int id, char *d, char *Qx, char *Qy,
961 int ret)
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]962{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]963 mbedtls_ecp_keypair pub, prv;
Manuel Pégourié-Gonnardf8c24bf2021-06-15 11:29:26 +0200[diff] [blame]964 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]965
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]966 mbedtls_ecp_keypair_init(&pub);
967 mbedtls_ecp_keypair_init(&prv);
968 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]969
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]970 if (id_pub != MBEDTLS_ECP_DP_NONE) {
971 TEST_ASSERT(mbedtls_ecp_group_load(&pub.grp, id_pub) == 0);
972 }
973 TEST_ASSERT(mbedtls_ecp_point_read_string(&pub.Q, 16, Qx_pub, Qy_pub) == 0);
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]974
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]975 if (id != MBEDTLS_ECP_DP_NONE) {
976 TEST_ASSERT(mbedtls_ecp_group_load(&prv.grp, id) == 0);
977 }
978 TEST_ASSERT(mbedtls_ecp_point_read_string(&prv.Q, 16, Qx, Qy) == 0);
979 TEST_ASSERT(mbedtls_test_read_mpi(&prv.d, d) == 0);
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]980
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]981 TEST_ASSERT(mbedtls_ecp_check_pub_priv(&pub, &prv,
982 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret);
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]983
984exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]985 mbedtls_ecp_keypair_free(&pub);
986 mbedtls_ecp_keypair_free(&prv);
Manuel Pégourié-Gonnard30668d62014-11-06 15:25:32 +0100[diff] [blame]987}
988/* END_CASE */
989
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]990/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]991void mbedtls_ecp_gen_keypair(int id)
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]992{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]993 mbedtls_ecp_group grp;
994 mbedtls_ecp_point Q;
995 mbedtls_mpi d;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]996 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]997
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]998 mbedtls_ecp_group_init(&grp);
999 mbedtls_ecp_point_init(&Q);
1000 mbedtls_mpi_init(&d);
1001 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1002
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1003 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1004
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1005 TEST_ASSERT(mbedtls_ecp_gen_keypair(&grp, &d, &Q,
1006 &mbedtls_test_rnd_pseudo_rand,
1007 &rnd_info) == 0);
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1008
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1009 TEST_ASSERT(mbedtls_ecp_check_pubkey(&grp, &Q) == 0);
1010 TEST_ASSERT(mbedtls_ecp_check_privkey(&grp, &d) == 0);
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1011
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1012exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1013 mbedtls_ecp_group_free(&grp);
1014 mbedtls_ecp_point_free(&Q);
1015 mbedtls_mpi_free(&d);
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1016}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1017/* END_CASE */
Manuel Pégourié-Gonnard45a035a2013-01-26 14:42:45 +0100[diff] [blame]1018
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]1019/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1020void mbedtls_ecp_gen_key(int id)
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1021{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1022 mbedtls_ecp_keypair key;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]1023 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1024
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1025 mbedtls_ecp_keypair_init(&key);
1026 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1027
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1028 TEST_ASSERT(mbedtls_ecp_gen_key(id, &key,
1029 &mbedtls_test_rnd_pseudo_rand,
1030 &rnd_info) == 0);
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1031
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1032 TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0);
1033 TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0);
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1034
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1035exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1036 mbedtls_ecp_keypair_free(&key);
Manuel Pégourié-Gonnard104ee1d2013-11-30 14:13:16 +0100[diff] [blame]1037}
1038/* END_CASE */
1039
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1040/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1041void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical)
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1042{
1043 int ret = 0;
1044 mbedtls_ecp_keypair key;
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1045 mbedtls_ecp_keypair key2;
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1046
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1047 mbedtls_ecp_keypair_init(&key);
1048 mbedtls_ecp_keypair_init(&key2);
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1049
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1050 ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
1051 TEST_ASSERT(ret == expected);
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1052
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1053 if (expected == 0) {
1054 ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
1055 TEST_ASSERT(ret == 0);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1056
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1057 if (canonical) {
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1058 unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1059
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1060 ret = mbedtls_ecp_write_key(&key, buf, in_key->len);
1061 TEST_ASSERT(ret == 0);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1062
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1063 ASSERT_COMPARE(in_key->x, in_key->len,
1064 buf, in_key->len);
1065 } else {
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1066 unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1067 unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1068
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1069 ret = mbedtls_ecp_write_key(&key, export1, in_key->len);
1070 TEST_ASSERT(ret == 0);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1071
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1072 ret = mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len);
1073 TEST_ASSERT(ret == expected);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1074
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1075 ret = mbedtls_ecp_write_key(&key2, export2, in_key->len);
1076 TEST_ASSERT(ret == 0);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1077
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1078 ASSERT_COMPARE(export1, in_key->len,
1079 export2, in_key->len);
Steven Cooremande8593f2020-06-09 19:55:26 +0200[diff] [blame]1080 }
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1081 }
1082
1083exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1084 mbedtls_ecp_keypair_free(&key);
1085 mbedtls_ecp_keypair_free(&key2);
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]1086}
1087/* END_CASE */
1088
Valerio Setti0c477d32023-04-07 15:54:20 +0200[diff] [blame]1089/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBBEDTLS_ECP_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1090void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1091{
1092 mbedtls_test_rnd_buf_info rnd_info;
1093 mbedtls_mpi d;
1094 int ret;
1095 uint8_t *actual = NULL;
1096
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1097 mbedtls_mpi_init(&d);
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1098 rnd_info.buf = seed->x;
1099 rnd_info.length = seed->len;
1100 rnd_info.fallback_f_rng = NULL;
1101 rnd_info.fallback_p_rng = NULL;
1102
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1103 ASSERT_ALLOC(actual, expected->len);
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1104
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1105 ret = mbedtls_ecp_gen_privkey_mx(bits, &d,
1106 mbedtls_test_rnd_buffer_rand, &rnd_info);
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1107
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1108 if (expected->len == 0) {
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1109 /* Expecting an error (happens if there isn't enough randomness) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1110 TEST_ASSERT(ret != 0);
1111 } else {
1112 TEST_EQUAL(ret, 0);
1113 TEST_EQUAL((size_t) bits + 1, mbedtls_mpi_bitlen(&d));
1114 TEST_EQUAL(0, mbedtls_mpi_write_binary(&d, actual, expected->len));
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1115 /* Test the exact result. This assumes that the output of the
1116 * RNG is used in a specific way, which is overly constraining.
1117 * The advantage is that it's easier to test the expected properties
1118 * of the generated key:
1119 * - The most significant bit must be at a specific positions
1120 * (can be enforced by checking the bit-length).
1121 * - The least significant bits must have specific values
1122 * (can be enforced by checking these bits).
1123 * - Other bits must be random (by testing with different RNG outputs,
1124 * we validate that those bits are indeed influenced by the RNG). */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1125 ASSERT_COMPARE(expected->x, expected->len,
1126 actual, expected->len);
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1127 }
1128
1129exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1130 mbedtls_free(actual);
1131 mbedtls_mpi_free(&d);
Gilles Peskine6ff8a012021-03-24 12:01:02 +0100[diff] [blame]1132}
1133/* END_CASE */
1134
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1135/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1136void ecp_set_zero(int id, data_t *P_bin)
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1137{
1138 mbedtls_ecp_group grp;
1139 mbedtls_ecp_point pt, zero_pt, nonzero_pt;
1140
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1141 mbedtls_ecp_group_init(&grp);
1142 mbedtls_ecp_point_init(&pt);
1143 mbedtls_ecp_point_init(&zero_pt);
1144 mbedtls_ecp_point_init(&nonzero_pt);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1145
1146 // Set zero and non-zero points for comparison
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1147 TEST_EQUAL(mbedtls_ecp_set_zero(&zero_pt), 0);
1148 TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
1149 TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &nonzero_pt,
1150 P_bin->x, P_bin->len), 0);
1151 TEST_EQUAL(mbedtls_ecp_is_zero(&zero_pt), 1);
1152 TEST_EQUAL(mbedtls_ecp_is_zero(&nonzero_pt), 0);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1153
1154 // Test initialized point
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1155 TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
1156 TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
1157 TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
1158 TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &zero_pt),
1159 MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1160
1161 // Test zeroed point
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1162 TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
1163 TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
1164 TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
1165 TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
1166 MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1167
1168 // Set point to non-zero value
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1169 TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &pt,
1170 P_bin->x, P_bin->len), 0);
1171 TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 0);
1172 TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt),
1173 MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
1174 TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt), 0);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1175
1176 // Test non-zero point
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1177 TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
1178 TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
1179 TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
1180 TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
1181 MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1182
1183 // Test freed non-zero point
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1184 TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &pt,
1185 P_bin->x, P_bin->len), 0);
1186 mbedtls_ecp_point_free(&pt);
1187 TEST_EQUAL(mbedtls_ecp_set_zero(&pt), 0);
1188 TEST_EQUAL(mbedtls_ecp_is_zero(&pt), 1);
1189 TEST_EQUAL(mbedtls_ecp_point_cmp(&zero_pt, &pt), 0);
1190 TEST_EQUAL(mbedtls_ecp_point_cmp(&nonzero_pt, &pt),
1191 MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1192
1193exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1194 mbedtls_ecp_group_free(&grp);
1195 mbedtls_ecp_point_free(&pt);
1196 mbedtls_ecp_point_free(&zero_pt);
1197 mbedtls_ecp_point_free(&nonzero_pt);
Werner Lewis3b097392022-08-08 11:53:45 +0100[diff] [blame]1198}
1199/* END_CASE */
1200
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1201/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1202void ecp_selftest()
Manuel Pégourié-Gonnardb4a310b2012-11-13 20:57:00 +0100[diff] [blame]1203{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1204 TEST_ASSERT(mbedtls_ecp_self_test(1) == 0);
Manuel Pégourié-Gonnardb4a310b2012-11-13 20:57:00 +0100[diff] [blame]1205}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1206/* END_CASE */
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1207
1208/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1209void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int invalid_grp)
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1210{
1211 mbedtls_ecp_keypair key;
1212 mbedtls_ecp_group export_grp;
1213 mbedtls_mpi export_d;
1214 mbedtls_ecp_point export_Q;
1215
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1216 mbedtls_ecp_group_init(&export_grp);
1217 mbedtls_ecp_group_init(&key.grp);
1218 mbedtls_mpi_init(&export_d);
1219 mbedtls_ecp_point_init(&export_Q);
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1220
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1221 mbedtls_ecp_keypair_init(&key);
1222 if (invalid_grp == 0) {
1223 TEST_ASSERT(mbedtls_ecp_group_load(&key.grp, id) == 0);
1224 }
1225 TEST_ASSERT(mbedtls_ecp_point_read_string(&key.Q, 16, Qx, Qy) == 0);
1226 TEST_ASSERT(mbedtls_test_read_mpi(&key.d, d) == 0);
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1227
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1228 TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp,
1229 &export_d, &export_Q), expected_ret);
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1230
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1231 if (expected_ret == 0) {
1232 TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0);
1233 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0);
1234 TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0);
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1235 }
1236
1237exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1238 mbedtls_ecp_keypair_free(&key);
1239 mbedtls_ecp_group_free(&export_grp);
1240 mbedtls_mpi_free(&export_d);
1241 mbedtls_ecp_point_free(&export_Q);
Przemek Stekiel4b30feb2022-03-18 13:58:26 +0100[diff] [blame]1242}
1243/* END_CASE */
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1244
1245/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1246void ecp_check_order(int id, char *expected_order_hex)
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1247{
1248 mbedtls_ecp_group grp;
1249 mbedtls_mpi expected_n;
1250
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1251 mbedtls_ecp_group_init(&grp);
1252 mbedtls_mpi_init(&expected_n);
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1253
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1254 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
1255 TEST_ASSERT(mbedtls_test_read_mpi(&expected_n, expected_order_hex) == 0);
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1256
1257 // check sign bits are well-formed (i.e. 1 or -1) - see #5810
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1258 TEST_ASSERT(grp.N.s == -1 || grp.N.s == 1);
1259 TEST_ASSERT(expected_n.s == -1 || expected_n.s == 1);
Dave Rodgman5cab9da2022-06-17 13:48:29 +0100[diff] [blame]1260
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1261 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&grp.N, &expected_n) == 0);
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1262
1263exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1264 mbedtls_ecp_group_free(&grp);
1265 mbedtls_mpi_free(&expected_n);
Dave Rodgman57080462022-06-17 13:41:18 +0100[diff] [blame]1266}
Dave Rodgmaneb8570f2022-06-17 14:59:36 +0100[diff] [blame]1267/* END_CASE */
Gabor Mezei51ec06a2023-01-25 18:05:44 +0100[diff] [blame]1268
Minos Galanakis6d2ee702023-04-12 09:14:29 +0100[diff] [blame]1269/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1270void ecp_mod_p_generic_raw(int curve_id,
1271 char *input_N,
1272 char *input_X,
1273 char *result)
Gabor Mezei51ec06a2023-01-25 18:05:44 +0100[diff] [blame]1274{
1275 mbedtls_mpi_uint *X = NULL;
1276 mbedtls_mpi_uint *N = NULL;
1277 mbedtls_mpi_uint *res = NULL;
1278 size_t limbs_X;
1279 size_t limbs_N;
1280 size_t limbs_res;
1281
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1282 size_t bytes;
1283 size_t limbs;
1284 size_t curve_bits;
1285 int (*curve_func)(mbedtls_mpi_uint *X, size_t X_limbs);
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1286
1287 mbedtls_mpi_mod_modulus m;
1288 mbedtls_mpi_mod_modulus_init(&m);
1289
1290 TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
1291 TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
1292 TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1293 bytes = limbs_N * sizeof(mbedtls_mpi_uint);
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1294
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1295 switch (curve_id) {
1296#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
1297 case MBEDTLS_ECP_DP_SECP192R1:
1298 limbs = 2 * limbs_N;
1299 curve_bits = 192;
1300 curve_func = &mbedtls_ecp_mod_p192_raw;
1301 break;
1302#endif
1303#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
1304 case MBEDTLS_ECP_DP_SECP224R1:
1305 limbs = 448 / biL;
1306 curve_bits = 224;
1307 curve_func = &mbedtls_ecp_mod_p224_raw;
1308 break;
1309#endif
1310#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
1311 case MBEDTLS_ECP_DP_SECP256R1:
1312 limbs = 2 * limbs_N;
1313 curve_bits = 256;
1314 curve_func = &mbedtls_ecp_mod_p256_raw;
1315 break;
1316#endif
1317#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
1318 case MBEDTLS_ECP_DP_SECP384R1:
1319 limbs = 2 * limbs_N;
1320 curve_bits = 384;
1321 curve_func = &mbedtls_ecp_mod_p384_raw;
1322 break;
1323#endif
1324#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
1325 case MBEDTLS_ECP_DP_SECP521R1:
1326 limbs = 2 * limbs_N;
1327 curve_bits = 522;
1328 curve_func = &mbedtls_ecp_mod_p521_raw;
1329 break;
1330#endif
1331 default:
1332 mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__);
1333 goto exit;
1334 }
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1335
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1336 TEST_EQUAL(limbs_X, limbs);
1337 TEST_EQUAL(limbs_res, limbs_N);
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1338
1339 TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1340 &m, N, limbs_N,
Minos Galanakis6d2ee702023-04-12 09:14:29 +0100[diff] [blame]1341 MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1342
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1343 TEST_EQUAL((*curve_func)(X, limbs_X), 0);
Gabor Mezeif65a0592023-02-14 18:26:36 +0100[diff] [blame]1344
Minos Galanakis13586482023-03-21 12:08:37 +0000[diff] [blame]1345 TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
Gabor Mezeid8f67b92023-02-06 15:49:42 +0100[diff] [blame]1346 mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
1347 ASSERT_COMPARE(X, bytes, res, bytes);
1348
1349exit:
1350 mbedtls_free(X);
1351 mbedtls_free(res);
1352
1353 mbedtls_mpi_mod_modulus_free(&m);
1354 mbedtls_free(N);
1355}
1356/* END_CASE */
Minos Galanakis9a1d02d2023-02-03 19:14:56 +0000[diff] [blame]1357
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1358/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192K1_ENABLED */
1359void ecp_mod_p192k1(char *input_N,
1360 char *input_X,
1361 char *result)
1362{
1363 mbedtls_mpi X;
1364 mbedtls_mpi N;
1365 mbedtls_mpi res;
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1366
1367 mbedtls_mpi_init(&X);
1368 mbedtls_mpi_init(&N);
1369 mbedtls_mpi_init(&res);
1370
1371 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
1372 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
1373 TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
1374
Gabor Mezeib70f5f12023-04-13 13:12:00 +0200[diff] [blame]1375 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
1376 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
1377 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1378
Gabor Mezei00c9c7a2023-04-13 13:13:14 +0200[diff] [blame]1379 size_t limbs = N.n;
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1380 size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
1381
Gabor Mezei00c9c7a2023-04-13 13:13:14 +0200[diff] [blame]1382 TEST_EQUAL(X.n, 2 * limbs);
1383 TEST_EQUAL(res.n, limbs);
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1384
1385 TEST_EQUAL(mbedtls_ecp_mod_p192k1(&X), 0);
1386 TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
Gabor Mezei00c9c7a2023-04-13 13:13:14 +0200[diff] [blame]1387 TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 192);
Gabor Mezeib86ead32023-04-11 15:43:12 +0200[diff] [blame]1388 ASSERT_COMPARE(X.p, bytes, res.p, bytes);
1389
1390exit:
1391 mbedtls_mpi_free(&X);
1392 mbedtls_mpi_free(&N);
1393 mbedtls_mpi_free(&res);
1394}
1395/* END_CASE */
1396
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1397/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */
1398void ecp_mod_p224k1(char *input_N,
1399 char *input_X,
1400 char *result)
1401{
1402 mbedtls_mpi X;
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1403 mbedtls_mpi N;
1404 mbedtls_mpi res;
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1405
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1406 mbedtls_mpi_init(&X);
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1407 mbedtls_mpi_init(&N);
1408 mbedtls_mpi_init(&res);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1409
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1410 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
1411 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
1412 TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1413
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1414 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
1415 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
1416 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
1417
1418 size_t limbs = N.n;
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1419 size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
1420
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1421 TEST_LE_U(X.n, 448 / biL);
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1422 TEST_EQUAL(res.n, limbs);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1423
1424 TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0);
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1425 TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1426 TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224);
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1427 ASSERT_COMPARE(X.p, bytes, res.p, bytes);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1428
1429exit:
1430 mbedtls_mpi_free(&X);
Minos Galanakis357b9e12023-04-18 11:39:11 +0100[diff] [blame]1431 mbedtls_mpi_free(&N);
1432 mbedtls_mpi_free(&res);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]1433}
1434/* END_CASE */
1435
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1436/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */
1437void ecp_mod_p256k1(char *input_N,
1438 char *input_X,
1439 char *result)
1440{
1441 mbedtls_mpi X;
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1442 mbedtls_mpi N;
1443 mbedtls_mpi res;
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1444
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1445 mbedtls_mpi_init(&X);
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1446 mbedtls_mpi_init(&N);
1447 mbedtls_mpi_init(&res);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1448
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1449 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
1450 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
1451 TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1452
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1453 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
1454 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
1455 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
1456
1457 size_t limbs = N.n;
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1458 size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
1459
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1460 TEST_LE_U(X.n, 2 * limbs);
1461 TEST_EQUAL(res.n, limbs);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1462
Minos Galanakis9c2c81f2023-04-12 11:10:03 +0100[diff] [blame]1463 TEST_EQUAL(mbedtls_ecp_mod_p256k1(&X), 0);
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1464 TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1465 TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 256);
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1466 ASSERT_COMPARE(X.p, bytes, res.p, bytes);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1467
1468exit:
1469 mbedtls_mpi_free(&X);
Minos Galanakis4dfed0a2023-04-18 11:58:51 +0100[diff] [blame]1470 mbedtls_mpi_free(&N);
1471 mbedtls_mpi_free(&res);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]1472}
1473/* END_CASE */
1474
Paul Elliott16648be2023-04-23 23:19:21 +0100[diff] [blame]1475/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED */
1476void ecp_mod_p448(char *input_N,
1477 char *input_X,
1478 char *result)
1479{
1480 mbedtls_mpi X;
1481 mbedtls_mpi N;
1482 mbedtls_mpi res;
1483
1484 mbedtls_mpi_init(&X);
1485 mbedtls_mpi_init(&N);
1486 mbedtls_mpi_init(&res);
1487
1488 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
1489 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
1490 TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
1491
1492 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
1493 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
1494 TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
1495
1496 size_t limbs = N.n;
1497 size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
1498
1499 TEST_LE_U(X.n, 2 * limbs);
1500 TEST_EQUAL(res.n, limbs);
1501
1502 TEST_EQUAL(mbedtls_ecp_mod_p448(&X), 0);
1503 TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
1504 TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448);
1505 ASSERT_COMPARE(X.p, bytes, res.p, bytes);
1506
1507exit:
1508 mbedtls_mpi_free(&X);
1509 mbedtls_mpi_free(&N);
1510 mbedtls_mpi_free(&res);
1511}
1512/* END_CASE */
1513
Minos Galanakis9a1d02d2023-02-03 19:14:56 +0000[diff] [blame]1514/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
1515void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
1516{
1517 int ret;
1518 mbedtls_mpi_mod_modulus m;
1519 mbedtls_mpi_mod_modulus_init(&m);
1520 mbedtls_mpi_uint *p = NULL;
1521 size_t p_limbs;
1522 size_t bytes;
1523
1524 TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &p_limbs, input_A), 0);
1525
1526 ret = mbedtls_ecp_modulus_setup(&m, id, ctype);
1527 TEST_EQUAL(ret, iret);
1528
1529 if (ret == 0) {
1530
1531 /* Test for limb sizes */
1532 TEST_EQUAL(m.limbs, p_limbs);
1533 bytes = p_limbs * sizeof(mbedtls_mpi_uint);
1534
1535 /* Test for validity of moduli by the presence of Montgomery consts */
1536
1537 TEST_ASSERT(m.rep.mont.mm != 0);
1538 TEST_ASSERT(m.rep.mont.rr != NULL);
1539
1540
1541 /* Compare output byte-by-byte */
1542 ASSERT_COMPARE(p, bytes, m.p, bytes);
1543
1544 /* Test for user free-ing allocated memory */
1545 mbedtls_mpi_mod_modulus_free(&m);
1546 }
1547
1548exit:
1549 mbedtls_mpi_mod_modulus_free(&m);
1550 mbedtls_free(p);
1551}
1552/* END_CASE */
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1553
1554/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
Xiaokang Qianc1f5e542023-05-18 02:02:48 +0000[diff] [blame]1555void ecp_mod_mul_inv(char *input_A, int id, int ctype)
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1556{
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1557 size_t limbs;
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1558 mbedtls_mpi_mod_modulus m;
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1559 mbedtls_mpi_mod_residue rA; // For input
1560 mbedtls_mpi_mod_residue rA_inverse; // For inverse input
1561 mbedtls_mpi_mod_residue rX; // For result
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1562 mbedtls_mpi_uint *rX_raw = NULL;
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1563 mbedtls_mpi_uint *A_inverse = NULL;
1564 mbedtls_mpi_uint *A = NULL;
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1565 mbedtls_mpi_uint *bufx = NULL;
Xiaokang Qianc8f677d2023-05-18 03:04:26 +0000[diff] [blame]1566 const mbedtls_mpi_uint one[1] = { 1 };
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1567
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1568 mbedtls_mpi_mod_modulus_init(&m);
1569
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1570 TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0);
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1571
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1572 TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0);
1573 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs));
Xiaokang Qian8ca64372023-04-26 10:56:22 +0000[diff] [blame]1574
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1575 /* Test for limb sizes */
1576 TEST_EQUAL(m.limbs, limbs);
Xiaokang Qian8ca64372023-04-26 10:56:22 +0000[diff] [blame]1577
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1578 ASSERT_ALLOC(A_inverse, limbs);
1579 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs));
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1580
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1581 ASSERT_ALLOC(rX_raw, limbs);
1582 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1583
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1584 /* Get inverse of A mode m, and multiply it with itself,
Xiaokang Qianc8f677d2023-05-18 03:04:26 +0000[diff] [blame]1585 * to see whether the result equal to '1' */
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1586 TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m));
1587 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0);
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1588
Xiaokang Qian78b93b12023-05-17 06:41:21 +0000[diff] [blame]1589 ASSERT_ALLOC(bufx, limbs);
1590 TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx,
Xiaokang Qianc8f677d2023-05-18 03:04:26 +0000[diff] [blame]1591 limbs * ciL,
1592 MBEDTLS_MPI_MOD_EXT_REP_LE), 0);
1593
1594 ASSERT_COMPARE(bufx, ciL, one, ciL);
1595 /*Borrow the buffer of A to compare the left lims with 0 */
1596 memset(A, 0, limbs * ciL);
1597 ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL);
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1598
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1599exit:
1600 mbedtls_mpi_mod_modulus_free(&m);
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1601 mbedtls_mpi_mod_residue_release(&rA);
1602 mbedtls_mpi_mod_residue_release(&rA_inverse);
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1603 mbedtls_mpi_mod_residue_release(&rX);
Xiaokang Qian1ae7ca42023-05-17 09:09:40 +0000[diff] [blame]1604 mbedtls_free(A);
1605 mbedtls_free(A_inverse);
Xiaokang Qian5e25f802023-04-21 09:45:16 +0000[diff] [blame]1606 mbedtls_free(rX_raw);
1607 mbedtls_free(bufx);
1608}
1609/* END_CASE */
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1610
1611/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
Xiaokang Qianc304e532023-05-18 07:46:59 +0000[diff] [blame]1612void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype)
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1613{
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1614 size_t p_A_limbs;
1615 size_t p_B_limbs;
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1616 size_t bytes;
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1617 mbedtls_mpi_mod_modulus m;
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1618 mbedtls_mpi_mod_residue rA;
1619 mbedtls_mpi_mod_residue rB;
1620 mbedtls_mpi_mod_residue rS;
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1621 mbedtls_mpi_uint *p_A = NULL;
1622 mbedtls_mpi_uint *p_B = NULL;
1623 mbedtls_mpi_uint *p_S = NULL;
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1624
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1625 mbedtls_mpi_mod_modulus_init(&m);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1626
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1627 TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_A_limbs, input_A), 0);
1628 TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_B_limbs, input_B), 0);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1629
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1630 TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1631
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1632 /* Test for limb sizes for two input value and modulus */
1633 TEST_EQUAL(p_A_limbs, p_B_limbs);
1634 TEST_EQUAL(m.limbs, p_A_limbs);
1635 bytes = p_A_limbs * ciL;
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1636
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1637 ASSERT_ALLOC(p_S, p_A_limbs);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1638
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1639 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0);
1640 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0);
1641 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_A_limbs), 0);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1642
Xiaokang Qian10b6daf2023-05-22 02:28:06 +0000[diff] [blame^]1643 /* Firstly add A and B to get the sum S, then subtract B,
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1644 * the difference should be equal to A*/
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1645 TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m));
1646 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m));
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1647
Xiaokang Qian6d02c2f2023-05-18 09:35:25 +0000[diff] [blame]1648 /* Compare difference with rA byte-by-byte */
Xiaokang Qian61b0c1c2023-05-17 09:57:57 +0000[diff] [blame]1649 ASSERT_COMPARE(rA.p, bytes, rS.p, bytes);
Xiaokang Qian5fc78462023-04-27 13:16:55 +0000[diff] [blame]1650
1651exit:
1652 mbedtls_mpi_mod_modulus_free(&m);
1653 mbedtls_mpi_mod_residue_release(&rA);
1654 mbedtls_mpi_mod_residue_release(&rB);
1655 mbedtls_mpi_mod_residue_release(&rS);
1656 mbedtls_free(p_A);
1657 mbedtls_free(p_B);
1658 mbedtls_free(p_S);
1659}
1660/* END_CASE */