TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 487bbf68053143cdcb27cc60a91caf7738d86b68 / . / tests / suites / test_suite_dhm.function
blob: 7e01eb71feed48251d61bdaf6d7130476e762099 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/dhm.h"
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]3
Gilles Peskine19e36202021-04-13 22:16:45 +0200[diff] [blame]4/* Sanity checks on a Diffie-Hellman parameter: check the length-value
5 * syntax and check that the value is the expected one (taken from the
6 * DHM context by the caller). */
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]7static int check_dhm_param_output( const mbedtls_mpi *expected,
8 const unsigned char *buffer,
9 size_t size,
10 size_t *offset )
11{
12 size_t n;
13 mbedtls_mpi actual;
14 int ok = 0;
15 mbedtls_mpi_init( &actual );
16
17 ++mbedtls_test_info.step;
18
19 TEST_ASSERT( size >= *offset + 2 );
20 n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
21 *offset += 2;
Gilles Peskine03299dc2021-04-13 22:10:24 +0200[diff] [blame]22 /* The DHM param output from Mbed TLS has leading zeros stripped, as
23 * permitted but not required by RFC 5246 \S4.4. */
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]24 TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
25 TEST_ASSERT( size >= *offset + n );
26 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
27 TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) );
28 *offset += n;
29
30 ok = 1;
31exit:
32 mbedtls_mpi_free( &actual );
33 return( ok );
34}
35
Gilles Peskine19e36202021-04-13 22:16:45 +0200[diff] [blame]36/* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison
37 * against the context. */
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]38static int check_dhm_params( const mbedtls_dhm_context *ctx,
39 size_t x_size,
40 const unsigned char *ske, size_t ske_len )
41{
42 size_t offset = 0;
43
44 /* Check that ctx->X and ctx->GX are within range. */
45 TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 );
46 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 );
47 TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size );
48 TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 );
49 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 );
50
51 /* Check ske: it must contain P, G and G^X, each prefixed with a
52 * 2-byte size. */
53 if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) )
54 goto exit;
55 if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) )
56 goto exit;
57 if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) )
58 goto exit;
59 TEST_EQUAL( offset, ske_len );
60
61 return( 1 );
62exit:
63 return( 0 );
64}
65
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]66/* END_HEADER */
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]67
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]68/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69 * depends_on:MBEDTLS_DHM_C:MBEDTLS_BIGNUM_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]70 * END_DEPENDENCIES
71 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]72
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]73/* BEGIN_CASE */
Gilles Peskine2baf2b02021-03-30 23:44:22 +0200[diff] [blame]74void dhm_do_dhm( int radix_P, char *input_P, int x_size,
Janos Follath4b151fa2017-09-20 13:46:37 +0100[diff] [blame]75 int radix_G, char *input_G, int result )
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]76{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]77 mbedtls_dhm_context ctx_srv;
78 mbedtls_dhm_context ctx_cli;
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]79 unsigned char ske[1000];
80 unsigned char *p = ske;
81 unsigned char pub_cli[1000];
82 unsigned char sec_srv[1000];
83 unsigned char sec_cli[1000];
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]84 size_t ske_len = 0;
85 size_t pub_cli_len = 0;
Manuel Pégourié-Gonnard33352052015-06-02 16:17:08 +0100[diff] [blame]86 size_t sec_srv_len;
87 size_t sec_cli_len;
Gilles Peskine2baf2b02021-03-30 23:44:22 +0200[diff] [blame]88 int i;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]89 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]90
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]91 mbedtls_dhm_init( &ctx_srv );
92 mbedtls_dhm_init( &ctx_cli );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]93 memset( ske, 0x00, 1000 );
94 memset( pub_cli, 0x00, 1000 );
95 memset( sec_srv, 0x00, 1000 );
96 memset( sec_cli, 0x00, 1000 );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]97 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]98
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]99 /*
100 * Set params
101 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102 TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 );
103 TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 );
Gilles Peskine2baf2b02021-03-30 23:44:22 +0200[diff] [blame]104 pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]105
106 /*
107 * First key exchange
108 */
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]109 mbedtls_test_set_step( 10 );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]110 TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
111 &mbedtls_test_rnd_pseudo_rand,
112 &rnd_info ) == result );
Janos Follath4b151fa2017-09-20 13:46:37 +0100[diff] [blame]113 if ( result != 0 )
114 goto exit;
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]115 if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
116 goto exit;
Janos Follath4b151fa2017-09-20 13:46:37 +0100[diff] [blame]117
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]118 ske[ske_len++] = 0;
119 ske[ske_len++] = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120 TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]121
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]122 TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
123 &mbedtls_test_rnd_pseudo_rand,
124 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]125 TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]126
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]127 TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
128 &sec_srv_len,
129 &mbedtls_test_rnd_pseudo_rand,
130 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard33352052015-06-02 16:17:08 +0100[diff] [blame]131 TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]132
133 TEST_ASSERT( sec_srv_len == sec_cli_len );
134 TEST_ASSERT( sec_srv_len != 0 );
135 TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
136
Manuel Pégourié-Gonnard15d5de12013-09-17 11:34:11 +0200[diff] [blame]137 /* Re-do calc_secret on server a few times to test update of blinding values */
138 for( i = 0; i < 3; i++ )
139 {
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]140 mbedtls_test_set_step( 20 + i );
Manuel Pégourié-Gonnard15d5de12013-09-17 11:34:11 +0200[diff] [blame]141 sec_srv_len = 1000;
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]142 TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv,
143 sizeof( sec_srv ), &sec_srv_len,
144 &mbedtls_test_rnd_pseudo_rand,
145 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]146
Manuel Pégourié-Gonnard15d5de12013-09-17 11:34:11 +0200[diff] [blame]147 TEST_ASSERT( sec_srv_len == sec_cli_len );
148 TEST_ASSERT( sec_srv_len != 0 );
149 TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
150 }
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]151
152 /*
153 * Second key exchange to test change of blinding values on server
154 */
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]155 p = ske;
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]156
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]157 mbedtls_test_set_step( 30 );
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]158 TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
159 &mbedtls_test_rnd_pseudo_rand,
160 &rnd_info ) == 0 );
Gilles Peskine02db8f42021-03-30 23:28:51 +0200[diff] [blame]161 if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
162 goto exit;
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]163 ske[ske_len++] = 0;
164 ske[ske_len++] = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]165 TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]166
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]167 TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
168 &mbedtls_test_rnd_pseudo_rand,
169 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]170 TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]171
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]172 TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
173 &sec_srv_len,
174 &mbedtls_test_rnd_pseudo_rand,
175 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard33352052015-06-02 16:17:08 +0100[diff] [blame]176 TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]177
178 TEST_ASSERT( sec_srv_len == sec_cli_len );
179 TEST_ASSERT( sec_srv_len != 0 );
180 TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
Paul Bakkerc43481a2011-02-20 16:34:26 +0000[diff] [blame]181
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]182exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]183 mbedtls_dhm_free( &ctx_srv );
184 mbedtls_dhm_free( &ctx_cli );
Paul Bakker5c60de22009-07-08 19:47:36 +0000[diff] [blame]185}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]186/* END_CASE */
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]187
Chris Jonesd10b3312020-12-02 10:41:50 +0000[diff] [blame]188/* BEGIN_CASE */
189void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result )
190{
191 mbedtls_mpi P, G;
192 mbedtls_dhm_context ctx;
193 unsigned char output[MBEDTLS_MPI_MAX_SIZE];
194
195 mbedtls_mpi_init( &P );
196 mbedtls_mpi_init( &G );
197 mbedtls_dhm_init( &ctx );
198
199 TEST_ASSERT( mbedtls_mpi_lset( &P, 1 ) == 0 );
200 TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
201 TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
202
203 TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 );
204
205 TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
206 TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
207 output, sizeof(output),
208 &mbedtls_test_rnd_pseudo_rand,
209 NULL ) == result );
210
211exit:
212 mbedtls_mpi_free( &P );
213 mbedtls_mpi_free( &G );
214 mbedtls_dhm_free( &ctx );
215}
216/* END_CASE */
217
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]218/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]219void dhm_file( char * filename, char * p, char * g, int len )
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]220{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]221 mbedtls_dhm_context ctx;
222 mbedtls_mpi P, G;
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]223
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]224 mbedtls_dhm_init( &ctx );
225 mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G );
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]226
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227 TEST_ASSERT( mbedtls_mpi_read_string( &P, 16, p ) == 0 );
228 TEST_ASSERT( mbedtls_mpi_read_string( &G, 16, g ) == 0 );
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]229
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]230 TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]231
Gilles Peskine487bbf62021-05-27 22:17:07 +0200[diff] [blame^]232 TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len );
233 TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]234 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 );
235 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 );
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]236
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]237exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]238 mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G );
239 mbedtls_dhm_free( &ctx );
Manuel Pégourié-Gonnard3fec2202014-03-29 16:42:38 +0100[diff] [blame]240}
241/* END_CASE */
242
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]244void dhm_selftest( )
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]245{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]246 TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 );
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]247}
248/* END_CASE */