TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 95f869c9fb97ff641de68b0ce4ff9b51a709f78f / . / tests / suites / test_suite_ecdh.function
blob: 7ccd871d5f5b991c0f1c23d7b6daf88a96643e32 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdh.h"
Gilles Peskine6d9b7622018-11-07 22:07:58 +0100[diff] [blame]3
4static int load_public_key( int grp_id, data_t *point,
5 mbedtls_ecp_keypair *ecp )
6{
7 int ok = 0;
8 TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
9 TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
10 &ecp->Q,
11 point->x,
12 point->len ) == 0 );
13 TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
14 &ecp->Q ) == 0 );
15 ok = 1;
16exit:
17 return( ok );
18}
19
20static int load_private_key( int grp_id, data_t *private_key,
21 mbedtls_ecp_keypair *ecp,
22 rnd_pseudo_info *rnd_info )
23{
24 int ok = 0;
25 TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
26 TEST_ASSERT( mbedtls_mpi_read_binary( &ecp->d,
27 private_key->x,
28 private_key->len ) == 0 );
29 TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
30 /* Calculate the public key from the private key. */
31 TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
32 &ecp->grp.G,
33 &rnd_pseudo_rand, rnd_info ) == 0 );
34 ok = 1;
35exit:
36 return( ok );
37}
38
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]39/* END_HEADER */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]40
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]41/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42 * depends_on:MBEDTLS_ECDH_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]43 * END_DEPENDENCIES
44 */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]45
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]46/* BEGIN_CASE */
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]47void ecdh_valid_param( )
48{
49 TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
50}
51/* END_CASE */
52
53/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
54void ecdh_invalid_param( )
55{
56 mbedtls_ecp_group grp;
57 mbedtls_ecdh_context ctx;
58 mbedtls_mpi m;
59 mbedtls_ecp_point P;
60 mbedtls_ecp_keypair kp;
61 size_t olen;
62 unsigned char buf[42] = { 0 };
63 const unsigned char *buf_null = NULL;
64 size_t const buflen = sizeof( buf );
65 int invalid_side = 42;
66 mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
67
68 TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
69
70#if defined(MBEDTLS_ECP_RESTARTABLE)
71 TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
72#endif /* MBEDTLS_ECP_RESTARTABLE */
73
74 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
75 mbedtls_ecdh_gen_public( NULL, &m, &P,
76 rnd_std_rand, NULL ) );
77 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
78 mbedtls_ecdh_gen_public( &grp, NULL, &P,
79 rnd_std_rand, NULL ) );
80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
81 mbedtls_ecdh_gen_public( &grp, &m, NULL,
82 rnd_std_rand, NULL ) );
83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
84 mbedtls_ecdh_gen_public( &grp, &m, &P,
85 NULL, NULL ) );
86
87 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
88 mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
89 rnd_std_rand, NULL ) );
90 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
91 mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
92 rnd_std_rand, NULL ) );
93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
94 mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
95 rnd_std_rand, NULL ) );
96 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
97 mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
98 rnd_std_rand, NULL ) );
99
100 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
101 mbedtls_ecdh_setup( NULL, valid_grp ) );
102
103 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
104 mbedtls_ecdh_make_params( NULL, &olen,
105 buf, buflen,
106 rnd_std_rand, NULL ) );
107 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
108 mbedtls_ecdh_make_params( &ctx, NULL,
109 buf, buflen,
110 rnd_std_rand, NULL ) );
111 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
112 mbedtls_ecdh_make_params( &ctx, &olen,
113 NULL, buflen,
114 rnd_std_rand, NULL ) );
115 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
116 mbedtls_ecdh_make_params( &ctx, &olen,
117 buf, buflen,
118 NULL, NULL ) );
119
120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
121 mbedtls_ecdh_read_params( NULL,
122 (const unsigned char**) &buf,
123 buf ) );
124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
125 mbedtls_ecdh_read_params( &ctx, &buf_null,
126 buf ) );
127 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
128 mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
129 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
130 mbedtls_ecdh_read_params( &ctx,
131 (const unsigned char**) &buf,
132 NULL ) );
133
134 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
135 mbedtls_ecdh_get_params( NULL, &kp,
136 MBEDTLS_ECDH_OURS ) );
137 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
138 mbedtls_ecdh_get_params( &ctx, NULL,
139 MBEDTLS_ECDH_OURS ) );
140 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
141 mbedtls_ecdh_get_params( &ctx, &kp,
142 invalid_side ) );
143
144 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
145 mbedtls_ecdh_make_public( NULL, &olen,
146 buf, buflen,
147 rnd_std_rand,
148 NULL ) );
149 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
150 mbedtls_ecdh_make_public( &ctx, NULL,
151 buf, buflen,
152 rnd_std_rand,
153 NULL ) );
154 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
155 mbedtls_ecdh_make_public( &ctx, &olen,
156 NULL, buflen,
157 rnd_std_rand,
158 NULL ) );
159 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
160 mbedtls_ecdh_make_public( &ctx, &olen,
161 buf, buflen,
162 NULL,
163 NULL ) );
164
165 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
166 mbedtls_ecdh_read_public( NULL, buf, buflen ) );
167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
168 mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
169
170 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
171 mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
172 rnd_std_rand,
173 NULL ) );
174 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
175 mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
176 rnd_std_rand,
177 NULL ) );
178 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
179 mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
180 rnd_std_rand,
181 NULL ) );
182
183exit:
184 return;
185}
186/* END_CASE */
187
188/* BEGIN_CASE */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]189void ecdh_primitive_random( int id )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]190{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]191 mbedtls_ecp_group grp;
192 mbedtls_ecp_point qA, qB;
193 mbedtls_mpi dA, dB, zA, zB;
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]194 rnd_pseudo_info rnd_info;
195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196 mbedtls_ecp_group_init( &grp );
197 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
198 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
199 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]200 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
201
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]202 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]203
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]204 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]205 == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]206 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info )
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]207 == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]208 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]209 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]211 NULL, NULL ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]212
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]213 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]214
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]215exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 mbedtls_ecp_group_free( &grp );
217 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
218 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
219 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB );
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]220}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]221/* END_CASE */
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]222
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]223/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]224void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
225 char * yA_str, data_t * rnd_buf_B,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]226 char * xB_str, char * yB_str, char * z_str )
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]227{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 mbedtls_ecp_group grp;
229 mbedtls_ecp_point qA, qB;
230 mbedtls_mpi dA, dB, zA, zB, check;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]231 rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]232
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233 mbedtls_ecp_group_init( &grp );
234 mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
235 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
236 mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]237
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]238 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]239
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]240 rnd_info_A.buf = rnd_buf_A->x;
241 rnd_info_A.length = rnd_buf_A->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]242
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]243 /* Fix rnd_buf_A->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]244 if( grp.nbits % 8 != 0 )
245 {
246 unsigned char shift = 8 - ( grp.nbits % 8 );
247 size_t i;
248
249 for( i = 0; i < rnd_info_A.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]250 rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
251 | rnd_buf_A->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]252
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]253 rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]254 }
255
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]256 rnd_info_B.buf = rnd_buf_B->x;
257 rnd_info_B.length = rnd_buf_B->len;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]258
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]259 /* Fix rnd_buf_B->x by shifting it left if necessary */
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]260 if( grp.nbits % 8 != 0 )
261 {
262 unsigned char shift = 8 - ( grp.nbits % 8 );
263 size_t i;
264
265 for( i = 0; i < rnd_info_B.length - 1; i++ )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]266 rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
267 | rnd_buf_B->x[i+1] >> ( 8 - shift );
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]268
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]269 rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]270 }
271
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]272 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]273 rnd_buffer_rand, &rnd_info_A ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]274 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
Gilles Peskineb8e15342021-06-10 23:18:39 +0200[diff] [blame]275 TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xA_str ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]276 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
Gilles Peskineb8e15342021-06-10 23:18:39 +0200[diff] [blame]277 TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yA_str ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]278 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]279
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]280 TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]281 rnd_buffer_rand, &rnd_info_B ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282 TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
Gilles Peskineb8e15342021-06-10 23:18:39 +0200[diff] [blame]283 TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xB_str ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]284 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
Gilles Peskineb8e15342021-06-10 23:18:39 +0200[diff] [blame]285 TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yB_str ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]286 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]287
Gilles Peskineb8e15342021-06-10 23:18:39 +0200[diff] [blame]288 TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, z_str ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
290 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
291 TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
292 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]293
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]294exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295 mbedtls_ecp_group_free( &grp );
296 mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
297 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
298 mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB ); mbedtls_mpi_free( &check );
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]299}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]300/* END_CASE */
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]301
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]302/* BEGIN_CASE */
303void ecdh_exchange( int id )
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]304{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]305 mbedtls_ecdh_context srv, cli;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]306 unsigned char buf[1000];
307 const unsigned char *vbuf;
308 size_t len;
309 rnd_pseudo_info rnd_info;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]310 unsigned char res_buf[1000];
311 size_t res_len;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]312
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313 mbedtls_ecdh_init( &srv );
314 mbedtls_ecdh_init( &cli );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]315 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
316
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]317 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]318
319 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]320 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]321 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]322 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]323
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]324 memset( buf, 0x00, sizeof( buf ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]325 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]326 &rnd_pseudo_rand, &rnd_info ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]327 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]328
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]329 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]330 &rnd_pseudo_rand, &rnd_info ) == 0 );
331 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
332 NULL, NULL ) == 0 );
333 TEST_ASSERT( len == res_len );
334 TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]335
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]336exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 mbedtls_ecdh_free( &srv );
338 mbedtls_ecdh_free( &cli );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]339}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]340/* END_CASE */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]341
342/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame]343void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]344 int enable, int max_ops, int min_restart, int max_restart )
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]345{
346 int ret;
347 mbedtls_ecdh_context srv, cli;
348 unsigned char buf[1000];
349 const unsigned char *vbuf;
350 size_t len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]351 rnd_buf_info rnd_info_A, rnd_info_B;
352 int cnt_restart;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]353 mbedtls_ecp_group grp;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]354
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]355 mbedtls_ecp_group_init( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]356 mbedtls_ecdh_init( &srv );
357 mbedtls_ecdh_init( &cli );
358
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame]359 rnd_info_A.buf = dA->x;
360 rnd_info_A.length = dA->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]361
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame]362 rnd_info_B.buf = dB->x;
363 rnd_info_B.length = dB->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]364
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]365 /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
366 * in every configuration, therefore we load it separately. */
367 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]368
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]369 /* Otherwise we would have to fix the random buffer,
370 * as in ecdh_primitive_testvec. */
371 TEST_ASSERT( grp.nbits % 8 == 0 );
372
373 TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]374
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]375 /* set up restart parameters */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]376 mbedtls_ecp_set_max_ops( max_ops );
377
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]378 if( enable )
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]379 {
380 mbedtls_ecdh_enable_restart( &srv );
381 mbedtls_ecdh_enable_restart( &cli );
382 }
383
Antonin Décimod5f47592019-01-23 15:24:37 +0100[diff] [blame]384 /* server writes its parameters */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]385 memset( buf, 0x00, sizeof( buf ) );
386 len = 0;
387
388 cnt_restart = 0;
389 do {
390 ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
391 rnd_buffer_rand, &rnd_info_A );
392 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
393
394 TEST_ASSERT( ret == 0 );
395 TEST_ASSERT( cnt_restart >= min_restart );
396 TEST_ASSERT( cnt_restart <= max_restart );
397
398 /* client read server params */
399 vbuf = buf;
400 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
401
402 /* client writes its key share */
403 memset( buf, 0x00, sizeof( buf ) );
404 len = 0;
405
406 cnt_restart = 0;
407 do {
408 ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
409 rnd_buffer_rand, &rnd_info_B );
410 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
411
412 TEST_ASSERT( ret == 0 );
413 TEST_ASSERT( cnt_restart >= min_restart );
414 TEST_ASSERT( cnt_restart <= max_restart );
415
416 /* server reads client key share */
417 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
418
419 /* server computes shared secret */
420 memset( buf, 0, sizeof( buf ) );
421 len = 0;
422
423 cnt_restart = 0;
424 do {
425 ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
426 NULL, NULL );
427 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
428
429 TEST_ASSERT( ret == 0 );
430 TEST_ASSERT( cnt_restart >= min_restart );
431 TEST_ASSERT( cnt_restart <= max_restart );
432
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame]433 TEST_ASSERT( len == z->len );
434 TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]435
436 /* client computes shared secret */
437 memset( buf, 0, sizeof( buf ) );
438 len = 0;
439
440 cnt_restart = 0;
441 do {
442 ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
443 NULL, NULL );
444 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
445
446 TEST_ASSERT( ret == 0 );
447 TEST_ASSERT( cnt_restart >= min_restart );
448 TEST_ASSERT( cnt_restart <= max_restart );
449
Ronald Cron14a56452020-06-25 09:03:34 +0200[diff] [blame]450 TEST_ASSERT( len == z->len );
451 TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]452
453exit:
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]454 mbedtls_ecp_group_free( &grp );
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]455 mbedtls_ecdh_free( &srv );
456 mbedtls_ecdh_free( &cli );
457}
458/* END_CASE */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]459
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]460/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]461void ecdh_exchange_legacy( int id )
462{
463 mbedtls_ecdh_context srv, cli;
464 unsigned char buf[1000];
465 const unsigned char *vbuf;
466 size_t len;
467
468 rnd_pseudo_info rnd_info;
469
470 mbedtls_ecdh_init( &srv );
471 mbedtls_ecdh_init( &cli );
472 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
473
474 TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
475
476 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
477 TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
478 &rnd_pseudo_rand, &rnd_info ) == 0 );
479 TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
480
481 memset( buf, 0x00, sizeof( buf ) );
482 TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
483 &rnd_pseudo_rand, &rnd_info ) == 0 );
484 TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
485
486 TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
487 &rnd_pseudo_rand, &rnd_info ) == 0 );
488 TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
489 NULL ) == 0 );
490 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
491
492exit:
493 mbedtls_ecdh_free( &srv );
494 mbedtls_ecdh_free( &cli );
495}
496/* END_CASE */
Gilles Peskine6d9b7622018-11-07 22:07:58 +0100[diff] [blame]497
498/* BEGIN_CASE */
499void ecdh_exchange_calc_secret( int grp_id,
500 data_t *our_private_key,
501 data_t *their_point,
502 int ours_first,
503 data_t *expected )
504{
505 rnd_pseudo_info rnd_info;
506 mbedtls_ecp_keypair our_key;
507 mbedtls_ecp_keypair their_key;
508 mbedtls_ecdh_context ecdh;
509 unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
510 size_t shared_secret_length = 0;
511
512 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
513 mbedtls_ecdh_init( &ecdh );
514 mbedtls_ecp_keypair_init( &our_key );
515 mbedtls_ecp_keypair_init( &their_key );
516
517 if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
518 goto exit;
519 if( ! load_public_key( grp_id, their_point, &their_key ) )
520 goto exit;
521
522 /* Import the keys to the ECDH calculation. */
523 if( ours_first )
524 {
525 TEST_ASSERT( mbedtls_ecdh_get_params(
526 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
527 TEST_ASSERT( mbedtls_ecdh_get_params(
528 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
529 }
530 else
531 {
532 TEST_ASSERT( mbedtls_ecdh_get_params(
533 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
534 TEST_ASSERT( mbedtls_ecdh_get_params(
535 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
536 }
537
538 /* Perform the ECDH calculation. */
539 TEST_ASSERT( mbedtls_ecdh_calc_secret(
540 &ecdh,
541 &shared_secret_length,
542 shared_secret, sizeof( shared_secret ),
543 &rnd_pseudo_rand, &rnd_info ) == 0 );
544 TEST_ASSERT( shared_secret_length == expected->len );
545 TEST_ASSERT( memcmp( expected->x, shared_secret,
546 shared_secret_length ) == 0 );
547
548exit:
549 mbedtls_ecdh_free( &ecdh );
550 mbedtls_ecp_keypair_free( &our_key );
551 mbedtls_ecp_keypair_free( &their_key );
552}
553/* END_CASE */
Gilles Peskine62a73512018-11-07 22:09:29 +0100[diff] [blame]554
555/* BEGIN_CASE */
556void ecdh_exchange_get_params_fail( int our_grp_id,
557 data_t *our_private_key,
558 int their_grp_id,
559 data_t *their_point,
560 int ours_first,
561 int expected_ret )
562{
563 rnd_pseudo_info rnd_info;
564 mbedtls_ecp_keypair our_key;
565 mbedtls_ecp_keypair their_key;
566 mbedtls_ecdh_context ecdh;
567
568 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
569 mbedtls_ecdh_init( &ecdh );
570 mbedtls_ecp_keypair_init( &our_key );
571 mbedtls_ecp_keypair_init( &their_key );
572
573 if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
574 goto exit;
575 if( ! load_public_key( their_grp_id, their_point, &their_key ) )
576 goto exit;
577
578 if( ours_first )
579 {
580 TEST_ASSERT( mbedtls_ecdh_get_params(
581 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
582 TEST_ASSERT( mbedtls_ecdh_get_params(
583 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
584 expected_ret );
585 }
586 else
587 {
588 TEST_ASSERT( mbedtls_ecdh_get_params(
589 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
590 TEST_ASSERT( mbedtls_ecdh_get_params(
591 &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
592 expected_ret );
593 }
594
595exit:
596 mbedtls_ecdh_free( &ecdh );
597 mbedtls_ecp_keypair_free( &our_key );
598 mbedtls_ecp_keypair_free( &their_key );
599}
600/* END_CASE */