TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 875b5fb7faaecfc9a9d516fae1b0f8e61a80a909 / . / tests / suites / test_suite_ecdh.function
blob: 5fced62d42ecbadbae5795931422a18c8c2bbe7e [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdh.h"
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]3
4static int load_public_key( int grp_id, data_t *point,
5 mbedtls_ecp_keypair *ecp )
6{
7 int ok = 0;
8 TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
9 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
10 &ecp->Q,
11 point->x,
12 point->len ) == 0 );
13 TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
14 &ecp->Q ) == 0 );
15 ok = 1;
16exit:
17 return( ok );
18}
19
20static int load_private_key( int grp_id, data_t *private_key,
21 mbedtls_ecp_keypair *ecp,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]22 mbedtls_test_rnd_pseudo_info *rnd_info )
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]23{
24 int ok = 0;
Janos Follath171a7ef2019-02-15 16:17:45 +0000[diff] [blame]25 TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
26 private_key->x,
27 private_key->len ) == 0 );
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]28 TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
29 /* Calculate the public key from the private key. */
30 TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
31 &ecp->grp.G,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]32 &mbedtls_test_rnd_pseudo_rand,
33 rnd_info ) == 0 );
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]34 ok = 1;
35exit:
36 return( ok );
37}
38
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]39/* END_HEADER */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]40
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]41/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42 * depends_on:MBEDTLS_ECDH_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]43 * END_DEPENDENCIES
44 */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]45
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]46/* BEGIN_CASE */
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]47void ecdh_valid_param( )
48{
49 TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
50}
51/* END_CASE */
52
53/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
54void ecdh_invalid_param( )
55{
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]56 mbedtls_ecdh_context ctx;
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]57 mbedtls_ecp_keypair kp;
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]58 int invalid_side = 42;
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]59
Ronald Cron875b5fb2021-05-21 08:50:00 +0200[diff] [blame^]60 TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]61 mbedtls_ecdh_get_params( &ctx, &kp,
62 invalid_side ) );
63
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]64exit:
65 return;
66}
67/* END_CASE */
68
69/* BEGIN_CASE */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]70void ecdh_primitive_random( int id )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]71{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 mbedtls_ecp_group grp;
73 mbedtls_ecp_point qA, qB;
74 mbedtls_mpi dA, dB, zA, zB;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]75 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]76
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]77 mbedtls_ecp_group_init( &grp );
78 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
79 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
80 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]81 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]82
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]83 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]84
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]85 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
86 &mbedtls_test_rnd_pseudo_rand,
87 &rnd_info ) == 0 );
88 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
89 &mbedtls_test_rnd_pseudo_rand,
90 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]91 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]92 &mbedtls_test_rnd_pseudo_rand,
93 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]95 NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]96
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]98
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]99exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 mbedtls_ecp_group_free( &grp );
101 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
102 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
103 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]104}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]105/* END_CASE */
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]106
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]107/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]108void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
109 char * yA_str, data_t * rnd_buf_B,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]110 char * xB_str, char * yB_str, char * z_str )
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]111{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]112 mbedtls_ecp_group grp;
113 mbedtls_ecp_point qA, qB;
114 mbedtls_mpi dA, dB, zA, zB, check;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]115 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]116
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]117 mbedtls_ecp_group_init( &grp );
118 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
119 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
120 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]121
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]122 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]123
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]124 rnd_info_A.buf = rnd_buf_A->x;
125 rnd_info_A.length = rnd_buf_A->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]126
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]127 /* Fix rnd_buf_A->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]128 if( grp.nbits % 8 != 0 )
129 {
130 unsigned char shift = 8 - ( grp.nbits % 8 );
131 size_t i;
132
133 for( i = 0; i < rnd_info_A.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]134 rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
135 | rnd_buf_A->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]136
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]137 rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]138 }
139
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]140 rnd_info_B.buf = rnd_buf_B->x;
141 rnd_info_B.length = rnd_buf_B->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]142
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]143 /* Fix rnd_buf_B->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]144 if( grp.nbits % 8 != 0 )
145 {
146 unsigned char shift = 8 - ( grp.nbits % 8 );
147 size_t i;
148
149 for( i = 0; i < rnd_info_B.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]150 rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
151 | rnd_buf_B->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]152
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]153 rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]154 }
155
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]156 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]157 mbedtls_test_rnd_buffer_rand,
158 &rnd_info_A ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]159 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
160 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
161 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
162 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
163 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]164
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]165 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]166 mbedtls_test_rnd_buffer_rand,
167 &rnd_info_B ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
169 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
170 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
171 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );
172 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]173
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]174 TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
175 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
176 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
177 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
178 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]179
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]180exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]181 mbedtls_ecp_group_free( &grp );
182 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
183 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
184 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB ); mbedtls_mpi_free( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]185}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]186/* END_CASE */
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]187
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]188/* BEGIN_CASE */
189void ecdh_exchange( int id )
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]190{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]191 mbedtls_ecdh_context srv, cli;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]192 unsigned char buf[1000];
193 const unsigned char *vbuf;
194 size_t len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]195 mbedtls_test_rnd_pseudo_info rnd_info;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]196 unsigned char res_buf[1000];
197 size_t res_len;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]198
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]199 mbedtls_ecdh_init( &srv );
200 mbedtls_ecdh_init( &cli );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]201 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]202
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]203 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]204
205 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]206 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]207 &mbedtls_test_rnd_pseudo_rand,
208 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]209 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]210
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]211 memset( buf, 0x00, sizeof( buf ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]212 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]213 &mbedtls_test_rnd_pseudo_rand,
214 &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]215 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]216
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]217 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]218 &mbedtls_test_rnd_pseudo_rand,
219 &rnd_info ) == 0 );
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]220 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
221 NULL, NULL ) == 0 );
222 TEST_ASSERT( len == res_len );
223 TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]224
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]225exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]226 mbedtls_ecdh_free( &srv );
227 mbedtls_ecdh_free( &cli );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]228}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]229/* END_CASE */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]230
231/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]232void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]233 int enable, int max_ops, int min_restart, int max_restart )
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]234{
235 int ret;
236 mbedtls_ecdh_context srv, cli;
237 unsigned char buf[1000];
238 const unsigned char *vbuf;
239 size_t len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]240 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]241 int cnt_restart;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]242 mbedtls_ecp_group grp;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]243
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]244 mbedtls_ecp_group_init( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]245 mbedtls_ecdh_init( &srv );
246 mbedtls_ecdh_init( &cli );
247
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]248 rnd_info_A.buf = dA->x;
249 rnd_info_A.length = dA->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]250
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]251 rnd_info_B.buf = dB->x;
252 rnd_info_B.length = dB->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]253
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]254 /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
255 * in every configuration, therefore we load it separately. */
256 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]257
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]258 /* Otherwise we would have to fix the random buffer,
259 * as in ecdh_primitive_testvec. */
260 TEST_ASSERT( grp.nbits % 8 == 0 );
261
262 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]263
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]264 /* set up restart parameters */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]265 mbedtls_ecp_set_max_ops( max_ops );
266
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]267 if( enable )
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]268 {
269 mbedtls_ecdh_enable_restart( &srv );
270 mbedtls_ecdh_enable_restart( &cli );
271 }
272
Antonin Décimo36e89b52019-01-23 15:24:37 +0100[diff] [blame]273 /* server writes its parameters */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]274 memset( buf, 0x00, sizeof( buf ) );
275 len = 0;
276
277 cnt_restart = 0;
278 do {
279 ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]280 mbedtls_test_rnd_buffer_rand,
281 &rnd_info_A );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]282 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
283
284 TEST_ASSERT( ret == 0 );
285 TEST_ASSERT( cnt_restart >= min_restart );
286 TEST_ASSERT( cnt_restart <= max_restart );
287
288 /* client read server params */
289 vbuf = buf;
290 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
291
292 /* client writes its key share */
293 memset( buf, 0x00, sizeof( buf ) );
294 len = 0;
295
296 cnt_restart = 0;
297 do {
298 ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]299 mbedtls_test_rnd_buffer_rand,
300 &rnd_info_B );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]301 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
302
303 TEST_ASSERT( ret == 0 );
304 TEST_ASSERT( cnt_restart >= min_restart );
305 TEST_ASSERT( cnt_restart <= max_restart );
306
307 /* server reads client key share */
308 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
309
310 /* server computes shared secret */
311 memset( buf, 0, sizeof( buf ) );
312 len = 0;
313
314 cnt_restart = 0;
315 do {
316 ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
317 NULL, NULL );
318 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
319
320 TEST_ASSERT( ret == 0 );
321 TEST_ASSERT( cnt_restart >= min_restart );
322 TEST_ASSERT( cnt_restart <= max_restart );
323
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]324 TEST_ASSERT( len == z->len );
325 TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]326
327 /* client computes shared secret */
328 memset( buf, 0, sizeof( buf ) );
329 len = 0;
330
331 cnt_restart = 0;
332 do {
333 ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
334 NULL, NULL );
335 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
336
337 TEST_ASSERT( ret == 0 );
338 TEST_ASSERT( cnt_restart >= min_restart );
339 TEST_ASSERT( cnt_restart <= max_restart );
340
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]341 TEST_ASSERT( len == z->len );
342 TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]343
344exit:
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]345 mbedtls_ecp_group_free( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]346 mbedtls_ecdh_free( &srv );
347 mbedtls_ecdh_free( &cli );
348}
349/* END_CASE */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]350
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]351/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]352void ecdh_exchange_legacy( int id )
353{
354 mbedtls_ecdh_context srv, cli;
355 unsigned char buf[1000];
356 const unsigned char *vbuf;
357 size_t len;
358
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]359 mbedtls_test_rnd_pseudo_info rnd_info;
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]360
361 mbedtls_ecdh_init( &srv );
362 mbedtls_ecdh_init( &cli );
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]363 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]364
365 TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
366
367 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
368 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]369 &mbedtls_test_rnd_pseudo_rand,
370 &rnd_info ) == 0 );
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]371 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
372
373 memset( buf, 0x00, sizeof( buf ) );
374 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]375 &mbedtls_test_rnd_pseudo_rand,
376 &rnd_info ) == 0 );
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]377 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
378
379 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]380 &mbedtls_test_rnd_pseudo_rand,
381 &rnd_info ) == 0 );
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]382 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
383 NULL ) == 0 );
384 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
385
386exit:
387 mbedtls_ecdh_free( &srv );
388 mbedtls_ecdh_free( &cli );
389}
390/* END_CASE */
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]391
392/* BEGIN_CASE */
393void ecdh_exchange_calc_secret( int grp_id,
394 data_t *our_private_key,
395 data_t *their_point,
396 int ours_first,
397 data_t *expected )
398{
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]399 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]400 mbedtls_ecp_keypair our_key;
401 mbedtls_ecp_keypair their_key;
402 mbedtls_ecdh_context ecdh;
403 unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
404 size_t shared_secret_length = 0;
405
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]406 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]407 mbedtls_ecdh_init( &ecdh );
408 mbedtls_ecp_keypair_init( &our_key );
409 mbedtls_ecp_keypair_init( &their_key );
410
411 if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
412 goto exit;
413 if( ! load_public_key( grp_id, their_point, &their_key ) )
414 goto exit;
415
416 /* Import the keys to the ECDH calculation. */
417 if( ours_first )
418 {
419 TEST_ASSERT( mbedtls_ecdh_get_params(
420 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
421 TEST_ASSERT( mbedtls_ecdh_get_params(
422 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
423 }
424 else
425 {
426 TEST_ASSERT( mbedtls_ecdh_get_params(
427 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
428 TEST_ASSERT( mbedtls_ecdh_get_params(
429 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
430 }
431
432 /* Perform the ECDH calculation. */
433 TEST_ASSERT( mbedtls_ecdh_calc_secret(
434 &ecdh,
435 &shared_secret_length,
436 shared_secret, sizeof( shared_secret ),
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]437 &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]438 TEST_ASSERT( shared_secret_length == expected->len );
439 TEST_ASSERT( memcmp( expected->x, shared_secret,
440 shared_secret_length ) == 0 );
441
442exit:
443 mbedtls_ecdh_free( &ecdh );
444 mbedtls_ecp_keypair_free( &our_key );
445 mbedtls_ecp_keypair_free( &their_key );
446}
447/* END_CASE */
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]448
449/* BEGIN_CASE */
450void ecdh_exchange_get_params_fail( int our_grp_id,
451 data_t *our_private_key,
452 int their_grp_id,
453 data_t *their_point,
454 int ours_first,
455 int expected_ret )
456{
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]457 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]458 mbedtls_ecp_keypair our_key;
459 mbedtls_ecp_keypair their_key;
460 mbedtls_ecdh_context ecdh;
461
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]462 memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]463 mbedtls_ecdh_init( &ecdh );
464 mbedtls_ecp_keypair_init( &our_key );
465 mbedtls_ecp_keypair_init( &their_key );
466
467 if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
468 goto exit;
469 if( ! load_public_key( their_grp_id, their_point, &their_key ) )
470 goto exit;
471
472 if( ours_first )
473 {
474 TEST_ASSERT( mbedtls_ecdh_get_params(
475 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
476 TEST_ASSERT( mbedtls_ecdh_get_params(
477 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
478 expected_ret );
479 }
480 else
481 {
482 TEST_ASSERT( mbedtls_ecdh_get_params(
483 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
484 TEST_ASSERT( mbedtls_ecdh_get_params(
485 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
486 expected_ret );
487 }
488
489exit:
490 mbedtls_ecdh_free( &ecdh );
491 mbedtls_ecp_keypair_free( &our_key );
492 mbedtls_ecp_keypair_free( &their_key );
493}
494/* END_CASE */