TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 55427964b1073e566acfa36786bc4ab3ad901b9c / . / tests / suites / test_suite_ecdh.function
blob: 08a1686e5c22a00ae71b393cb10c137498f6dbd0 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdh.h"
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]3/* END_HEADER */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]4
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]6 * depends_on:MBEDTLS_ECDH_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]7 * END_DEPENDENCIES
8 */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]9
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]10/* BEGIN_CASE */
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]11void ecdh_valid_param( )
12{
13 TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
14}
15/* END_CASE */
16
17/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
18void ecdh_invalid_param( )
19{
20 mbedtls_ecp_group grp;
21 mbedtls_ecdh_context ctx;
22 mbedtls_mpi m;
23 mbedtls_ecp_point P;
24 mbedtls_ecp_keypair kp;
25 size_t olen;
26 unsigned char buf[42] = { 0 };
27 const unsigned char *buf_null = NULL;
28 size_t const buflen = sizeof( buf );
29 int invalid_side = 42;
30 mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
31
32 TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
33
34#if defined(MBEDTLS_ECP_RESTARTABLE)
35 TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
36#endif /* MBEDTLS_ECP_RESTARTABLE */
37
38 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
39 mbedtls_ecdh_gen_public( NULL, &m, &P,
40 rnd_std_rand, NULL ) );
41 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
42 mbedtls_ecdh_gen_public( &grp, NULL, &P,
43 rnd_std_rand, NULL ) );
44 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
45 mbedtls_ecdh_gen_public( &grp, &m, NULL,
46 rnd_std_rand, NULL ) );
47 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
48 mbedtls_ecdh_gen_public( &grp, &m, &P,
49 NULL, NULL ) );
50
51 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
52 mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
53 rnd_std_rand, NULL ) );
54 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
55 mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
56 rnd_std_rand, NULL ) );
57 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
58 mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
59 rnd_std_rand, NULL ) );
60 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
61 mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
62 rnd_std_rand, NULL ) );
63
64 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
65 mbedtls_ecdh_setup( NULL, valid_grp ) );
66
67 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
68 mbedtls_ecdh_make_params( NULL, &olen,
69 buf, buflen,
70 rnd_std_rand, NULL ) );
71 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
72 mbedtls_ecdh_make_params( &ctx, NULL,
73 buf, buflen,
74 rnd_std_rand, NULL ) );
75 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
76 mbedtls_ecdh_make_params( &ctx, &olen,
77 NULL, buflen,
78 rnd_std_rand, NULL ) );
79 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
80 mbedtls_ecdh_make_params( &ctx, &olen,
81 buf, buflen,
82 NULL, NULL ) );
83
84 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
85 mbedtls_ecdh_read_params( NULL,
86 (const unsigned char**) &buf,
87 buf ) );
88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
89 mbedtls_ecdh_read_params( &ctx, &buf_null,
90 buf ) );
91 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
92 mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
94 mbedtls_ecdh_read_params( &ctx,
95 (const unsigned char**) &buf,
96 NULL ) );
97
98 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
99 mbedtls_ecdh_get_params( NULL, &kp,
100 MBEDTLS_ECDH_OURS ) );
101 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
102 mbedtls_ecdh_get_params( &ctx, NULL,
103 MBEDTLS_ECDH_OURS ) );
104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
105 mbedtls_ecdh_get_params( &ctx, &kp,
106 invalid_side ) );
107
108 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
109 mbedtls_ecdh_make_public( NULL, &olen,
110 buf, buflen,
111 rnd_std_rand,
112 NULL ) );
113 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
114 mbedtls_ecdh_make_public( &ctx, NULL,
115 buf, buflen,
116 rnd_std_rand,
117 NULL ) );
118 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
119 mbedtls_ecdh_make_public( &ctx, &olen,
120 NULL, buflen,
121 rnd_std_rand,
122 NULL ) );
123 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
124 mbedtls_ecdh_make_public( &ctx, &olen,
125 buf, buflen,
126 NULL,
127 NULL ) );
128
129 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
130 mbedtls_ecdh_read_public( NULL, buf, buflen ) );
131 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
132 mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
133
134 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
135 mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
136 rnd_std_rand,
137 NULL ) );
138 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
139 mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
140 rnd_std_rand,
141 NULL ) );
142 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
143 mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
144 rnd_std_rand,
145 NULL ) );
146
147exit:
148 return;
149}
150/* END_CASE */
151
152/* BEGIN_CASE */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]153void ecdh_primitive_random( int id )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]154{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]155 mbedtls_ecp_group grp;
156 mbedtls_ecp_point qA, qB;
157 mbedtls_mpi dA, dB, zA, zB;
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]158 rnd_pseudo_info rnd_info;
159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]160 mbedtls_ecp_group_init( &grp );
161 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
162 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
163 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]164 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
165
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]166 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]167
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]169 == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]170 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]171 == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]172 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]173 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]174 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]175 NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]176
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]178
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]179exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]180 mbedtls_ecp_group_free( &grp );
181 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
182 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
183 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]184}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]185/* END_CASE */
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]186
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]187/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]188void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
189 char * yA_str, data_t * rnd_buf_B,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]190 char * xB_str, char * yB_str, char * z_str )
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]191{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]192 mbedtls_ecp_group grp;
193 mbedtls_ecp_point qA, qB;
194 mbedtls_mpi dA, dB, zA, zB, check;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]195 rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]196
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]197 mbedtls_ecp_group_init( &grp );
198 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
199 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
200 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]201
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]202 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]203
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]204 rnd_info_A.buf = rnd_buf_A->x;
205 rnd_info_A.length = rnd_buf_A->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]206
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]207 /* Fix rnd_buf_A->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]208 if( grp.nbits % 8 != 0 )
209 {
210 unsigned char shift = 8 - ( grp.nbits % 8 );
211 size_t i;
212
213 for( i = 0; i < rnd_info_A.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]214 rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
215 | rnd_buf_A->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]216
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]217 rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]218 }
219
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]220 rnd_info_B.buf = rnd_buf_B->x;
221 rnd_info_B.length = rnd_buf_B->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]222
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]223 /* Fix rnd_buf_B->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]224 if( grp.nbits % 8 != 0 )
225 {
226 unsigned char shift = 8 - ( grp.nbits % 8 );
227 size_t i;
228
229 for( i = 0; i < rnd_info_B.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]230 rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
231 | rnd_buf_B->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]232
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]233 rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]234 }
235
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]236 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]237 rnd_buffer_rand, &rnd_info_A ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]238 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
239 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
240 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
241 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
242 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]243
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]244 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]245 rnd_buffer_rand, &rnd_info_B ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
247 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
248 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
249 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );
250 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]251
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]252 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
253 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
254 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
255 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
256 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]257
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]258exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]259 mbedtls_ecp_group_free( &grp );
260 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
261 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
262 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB ); mbedtls_mpi_free( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]263}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]264/* END_CASE */
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]265
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]266/* BEGIN_CASE */
267void ecdh_exchange( int id )
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]268{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]269 mbedtls_ecdh_context srv, cli;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]270 unsigned char buf[1000];
271 const unsigned char *vbuf;
272 size_t len;
273 rnd_pseudo_info rnd_info;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]274 unsigned char res_buf[1000];
275 size_t res_len;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]276
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]277 mbedtls_ecdh_init( &srv );
278 mbedtls_ecdh_init( &cli );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]279 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
280
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]281 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]282
283 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]284 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]285 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]286 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]287
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]288 memset( buf, 0x00, sizeof( buf ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]290 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]292
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]293 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]294 &rnd_pseudo_rand, &rnd_info ) == 0 );
295 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
296 NULL, NULL ) == 0 );
297 TEST_ASSERT( len == res_len );
298 TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]299
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]300exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]301 mbedtls_ecdh_free( &srv );
302 mbedtls_ecdh_free( &cli );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]303}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]304/* END_CASE */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]305
306/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
307void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str,
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]308 int enable, int max_ops, int min_restart, int max_restart )
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]309{
310 int ret;
311 mbedtls_ecdh_context srv, cli;
312 unsigned char buf[1000];
313 const unsigned char *vbuf;
314 size_t len;
315 unsigned char z[MBEDTLS_ECP_MAX_BYTES];
316 size_t z_len;
317 unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
318 unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
319 rnd_buf_info rnd_info_A, rnd_info_B;
320 int cnt_restart;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]321 mbedtls_ecp_group grp;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]322
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]323 mbedtls_ecp_group_init( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]324 mbedtls_ecdh_init( &srv );
325 mbedtls_ecdh_init( &cli );
326
327 z_len = unhexify( z, z_str );
328
329 rnd_info_A.buf = rnd_buf_A;
330 rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
331
332 rnd_info_B.buf = rnd_buf_B;
333 rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
334
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]335 /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
336 * in every configuration, therefore we load it separately. */
337 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]338
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]339 /* Otherwise we would have to fix the random buffer,
340 * as in ecdh_primitive_testvec. */
341 TEST_ASSERT( grp.nbits % 8 == 0 );
342
343 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]344
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]345 /* set up restart parameters */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]346 mbedtls_ecp_set_max_ops( max_ops );
347
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]348 if( enable )
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]349 {
350 mbedtls_ecdh_enable_restart( &srv );
351 mbedtls_ecdh_enable_restart( &cli );
352 }
353
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]354 /* server writes its paramaters */
355 memset( buf, 0x00, sizeof( buf ) );
356 len = 0;
357
358 cnt_restart = 0;
359 do {
360 ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
361 rnd_buffer_rand, &rnd_info_A );
362 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
363
364 TEST_ASSERT( ret == 0 );
365 TEST_ASSERT( cnt_restart >= min_restart );
366 TEST_ASSERT( cnt_restart <= max_restart );
367
368 /* client read server params */
369 vbuf = buf;
370 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
371
372 /* client writes its key share */
373 memset( buf, 0x00, sizeof( buf ) );
374 len = 0;
375
376 cnt_restart = 0;
377 do {
378 ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
379 rnd_buffer_rand, &rnd_info_B );
380 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
381
382 TEST_ASSERT( ret == 0 );
383 TEST_ASSERT( cnt_restart >= min_restart );
384 TEST_ASSERT( cnt_restart <= max_restart );
385
386 /* server reads client key share */
387 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
388
389 /* server computes shared secret */
390 memset( buf, 0, sizeof( buf ) );
391 len = 0;
392
393 cnt_restart = 0;
394 do {
395 ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
396 NULL, NULL );
397 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
398
399 TEST_ASSERT( ret == 0 );
400 TEST_ASSERT( cnt_restart >= min_restart );
401 TEST_ASSERT( cnt_restart <= max_restart );
402
403 TEST_ASSERT( len == z_len );
404 TEST_ASSERT( memcmp( buf, z, len ) == 0 );
405
406 /* client computes shared secret */
407 memset( buf, 0, sizeof( buf ) );
408 len = 0;
409
410 cnt_restart = 0;
411 do {
412 ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
413 NULL, NULL );
414 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
415
416 TEST_ASSERT( ret == 0 );
417 TEST_ASSERT( cnt_restart >= min_restart );
418 TEST_ASSERT( cnt_restart <= max_restart );
419
420 TEST_ASSERT( len == z_len );
421 TEST_ASSERT( memcmp( buf, z, len ) == 0 );
422
423exit:
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]424 mbedtls_ecp_group_free( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]425 mbedtls_ecdh_free( &srv );
426 mbedtls_ecdh_free( &cli );
427}
428/* END_CASE */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]429
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]430/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]431void ecdh_exchange_legacy( int id )
432{
433 mbedtls_ecdh_context srv, cli;
434 unsigned char buf[1000];
435 const unsigned char *vbuf;
436 size_t len;
437
438 rnd_pseudo_info rnd_info;
439
440 mbedtls_ecdh_init( &srv );
441 mbedtls_ecdh_init( &cli );
442 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
443
444 TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
445
446 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
447 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
448 &rnd_pseudo_rand, &rnd_info ) == 0 );
449 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
450
451 memset( buf, 0x00, sizeof( buf ) );
452 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
453 &rnd_pseudo_rand, &rnd_info ) == 0 );
454 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
455
456 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
457 &rnd_pseudo_rand, &rnd_info ) == 0 );
458 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
459 NULL ) == 0 );
460 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
461
462exit:
463 mbedtls_ecdh_free( &srv );
464 mbedtls_ecdh_free( &cli );
465}
466/* END_CASE */