1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/ecdh.h" 3*62c56f98SSadaf Ebrahimi 4*62c56f98SSadaf Ebrahimistatic int load_public_key(int grp_id, data_t *point, 5*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair *ecp) 6*62c56f98SSadaf Ebrahimi{ 7*62c56f98SSadaf Ebrahimi int ok = 0; 8*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_group_load(&ecp->grp, grp_id) == 0); 9*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp->grp, 10*62c56f98SSadaf Ebrahimi &ecp->Q, 11*62c56f98SSadaf Ebrahimi point->x, 12*62c56f98SSadaf Ebrahimi point->len) == 0); 13*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_check_pubkey(&ecp->grp, 14*62c56f98SSadaf Ebrahimi &ecp->Q) == 0); 15*62c56f98SSadaf Ebrahimi ok = 1; 16*62c56f98SSadaf Ebrahimiexit: 17*62c56f98SSadaf Ebrahimi return ok; 18*62c56f98SSadaf Ebrahimi} 19*62c56f98SSadaf Ebrahimi 20*62c56f98SSadaf Ebrahimistatic int load_private_key(int grp_id, data_t *private_key, 21*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair *ecp, 22*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info *rnd_info) 23*62c56f98SSadaf Ebrahimi{ 24*62c56f98SSadaf Ebrahimi int ok = 0; 25*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_read_key(grp_id, ecp, 26*62c56f98SSadaf Ebrahimi private_key->x, 27*62c56f98SSadaf Ebrahimi private_key->len) == 0); 28*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_check_privkey(&ecp->grp, &ecp->d) == 0); 29*62c56f98SSadaf Ebrahimi /* Calculate the public key from the private key. */ 30*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, 31*62c56f98SSadaf Ebrahimi &ecp->grp.G, 32*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 33*62c56f98SSadaf Ebrahimi rnd_info) == 0); 34*62c56f98SSadaf Ebrahimi ok = 1; 35*62c56f98SSadaf Ebrahimiexit: 36*62c56f98SSadaf Ebrahimi return ok; 37*62c56f98SSadaf Ebrahimi} 38*62c56f98SSadaf Ebrahimi 39*62c56f98SSadaf Ebrahimi/* END_HEADER */ 40*62c56f98SSadaf Ebrahimi 41*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 42*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_ECDH_C 43*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 44*62c56f98SSadaf Ebrahimi */ 45*62c56f98SSadaf Ebrahimi 46*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 47*62c56f98SSadaf Ebrahimivoid ecdh_invalid_param() 48*62c56f98SSadaf Ebrahimi{ 49*62c56f98SSadaf Ebrahimi mbedtls_ecdh_context ctx; 50*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair kp; 51*62c56f98SSadaf Ebrahimi int invalid_side = 42; 52*62c56f98SSadaf Ebrahimi 53*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&ctx); 54*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_init(&kp); 55*62c56f98SSadaf Ebrahimi 56*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 57*62c56f98SSadaf Ebrahimi mbedtls_ecdh_get_params(&ctx, &kp, 58*62c56f98SSadaf Ebrahimi invalid_side)); 59*62c56f98SSadaf Ebrahimi 60*62c56f98SSadaf Ebrahimiexit: 61*62c56f98SSadaf Ebrahimi return; 62*62c56f98SSadaf Ebrahimi} 63*62c56f98SSadaf Ebrahimi/* END_CASE */ 64*62c56f98SSadaf Ebrahimi 65*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 66*62c56f98SSadaf Ebrahimivoid ecdh_primitive_random(int id) 67*62c56f98SSadaf Ebrahimi{ 68*62c56f98SSadaf Ebrahimi mbedtls_ecp_group grp; 69*62c56f98SSadaf Ebrahimi mbedtls_ecp_point qA, qB; 70*62c56f98SSadaf Ebrahimi mbedtls_mpi dA, dB, zA, zB; 71*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 72*62c56f98SSadaf Ebrahimi 73*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_init(&grp); 74*62c56f98SSadaf Ebrahimi mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 75*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 76*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); 77*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 80*62c56f98SSadaf Ebrahimi 81*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 82*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 83*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 84*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 85*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 86*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 87*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, 88*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 89*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 90*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, 91*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 92*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 93*62c56f98SSadaf Ebrahimi 94*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &zB) == 0); 95*62c56f98SSadaf Ebrahimi 96*62c56f98SSadaf Ebrahimiexit: 97*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_free(&grp); 98*62c56f98SSadaf Ebrahimi mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 99*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 100*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); 101*62c56f98SSadaf Ebrahimi} 102*62c56f98SSadaf Ebrahimi/* END_CASE */ 103*62c56f98SSadaf Ebrahimi 104*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 105*62c56f98SSadaf Ebrahimivoid ecdh_primitive_testvec(int id, data_t *rnd_buf_A, char *xA_str, 106*62c56f98SSadaf Ebrahimi char *yA_str, data_t *rnd_buf_B, 107*62c56f98SSadaf Ebrahimi char *xB_str, char *yB_str, char *z_str) 108*62c56f98SSadaf Ebrahimi{ 109*62c56f98SSadaf Ebrahimi mbedtls_ecp_group grp; 110*62c56f98SSadaf Ebrahimi mbedtls_ecp_point qA, qB; 111*62c56f98SSadaf Ebrahimi mbedtls_mpi dA, dB, zA, zB, check; 112*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 113*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 114*62c56f98SSadaf Ebrahimi 115*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_init(&grp); 116*62c56f98SSadaf Ebrahimi mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 117*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 118*62c56f98SSadaf Ebrahimi mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); mbedtls_mpi_init(&check); 119*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 120*62c56f98SSadaf Ebrahimi 121*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 122*62c56f98SSadaf Ebrahimi 123*62c56f98SSadaf Ebrahimi rnd_info_A.buf = rnd_buf_A->x; 124*62c56f98SSadaf Ebrahimi rnd_info_A.length = rnd_buf_A->len; 125*62c56f98SSadaf Ebrahimi rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 126*62c56f98SSadaf Ebrahimi rnd_info_A.fallback_p_rng = NULL; 127*62c56f98SSadaf Ebrahimi 128*62c56f98SSadaf Ebrahimi /* Fix rnd_buf_A->x by shifting it left if necessary */ 129*62c56f98SSadaf Ebrahimi if (grp.nbits % 8 != 0) { 130*62c56f98SSadaf Ebrahimi unsigned char shift = 8 - (grp.nbits % 8); 131*62c56f98SSadaf Ebrahimi size_t i; 132*62c56f98SSadaf Ebrahimi 133*62c56f98SSadaf Ebrahimi for (i = 0; i < rnd_info_A.length - 1; i++) { 134*62c56f98SSadaf Ebrahimi rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift 135*62c56f98SSadaf Ebrahimi | rnd_buf_A->x[i+1] >> (8 - shift); 136*62c56f98SSadaf Ebrahimi } 137*62c56f98SSadaf Ebrahimi 138*62c56f98SSadaf Ebrahimi rnd_buf_A->x[rnd_info_A.length-1] <<= shift; 139*62c56f98SSadaf Ebrahimi } 140*62c56f98SSadaf Ebrahimi 141*62c56f98SSadaf Ebrahimi rnd_info_B.buf = rnd_buf_B->x; 142*62c56f98SSadaf Ebrahimi rnd_info_B.length = rnd_buf_B->len; 143*62c56f98SSadaf Ebrahimi rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 144*62c56f98SSadaf Ebrahimi rnd_info_B.fallback_p_rng = NULL; 145*62c56f98SSadaf Ebrahimi 146*62c56f98SSadaf Ebrahimi /* Fix rnd_buf_B->x by shifting it left if necessary */ 147*62c56f98SSadaf Ebrahimi if (grp.nbits % 8 != 0) { 148*62c56f98SSadaf Ebrahimi unsigned char shift = 8 - (grp.nbits % 8); 149*62c56f98SSadaf Ebrahimi size_t i; 150*62c56f98SSadaf Ebrahimi 151*62c56f98SSadaf Ebrahimi for (i = 0; i < rnd_info_B.length - 1; i++) { 152*62c56f98SSadaf Ebrahimi rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift 153*62c56f98SSadaf Ebrahimi | rnd_buf_B->x[i+1] >> (8 - shift); 154*62c56f98SSadaf Ebrahimi } 155*62c56f98SSadaf Ebrahimi 156*62c56f98SSadaf Ebrahimi rnd_buf_B->x[rnd_info_B.length-1] <<= shift; 157*62c56f98SSadaf Ebrahimi } 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 160*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buffer_rand, 161*62c56f98SSadaf Ebrahimi &rnd_info_A) == 0); 162*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_ecp_is_zero(&qA)); 163*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&check, xA_str) == 0); 164*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.X, &check) == 0); 165*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&check, yA_str) == 0); 166*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.Y, &check) == 0); 167*62c56f98SSadaf Ebrahimi 168*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 169*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buffer_rand, 170*62c56f98SSadaf Ebrahimi &rnd_info_B) == 0); 171*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_ecp_is_zero(&qB)); 172*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&check, xB_str) == 0); 173*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.X, &check) == 0); 174*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&check, yB_str) == 0); 175*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.Y, &check) == 0); 176*62c56f98SSadaf Ebrahimi 177*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_test_read_mpi(&check, z_str) == 0); 178*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, 179*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 180*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 181*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &check) == 0); 182*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, 183*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 184*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 185*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zB, &check) == 0); 186*62c56f98SSadaf Ebrahimi 187*62c56f98SSadaf Ebrahimiexit: 188*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_free(&grp); 189*62c56f98SSadaf Ebrahimi mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 190*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 191*62c56f98SSadaf Ebrahimi mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); mbedtls_mpi_free(&check); 192*62c56f98SSadaf Ebrahimi} 193*62c56f98SSadaf Ebrahimi/* END_CASE */ 194*62c56f98SSadaf Ebrahimi 195*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 196*62c56f98SSadaf Ebrahimivoid ecdh_exchange(int id) 197*62c56f98SSadaf Ebrahimi{ 198*62c56f98SSadaf Ebrahimi mbedtls_ecdh_context srv, cli; 199*62c56f98SSadaf Ebrahimi unsigned char buf[1000]; 200*62c56f98SSadaf Ebrahimi const unsigned char *vbuf; 201*62c56f98SSadaf Ebrahimi size_t len; 202*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 203*62c56f98SSadaf Ebrahimi unsigned char res_buf[1000]; 204*62c56f98SSadaf Ebrahimi size_t res_len; 205*62c56f98SSadaf Ebrahimi 206*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&srv); 207*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&cli); 208*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 209*62c56f98SSadaf Ebrahimi 210*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 211*62c56f98SSadaf Ebrahimi 212*62c56f98SSadaf Ebrahimi memset(buf, 0x00, sizeof(buf)); vbuf = buf; 213*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000, 214*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 215*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 216*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 217*62c56f98SSadaf Ebrahimi 218*62c56f98SSadaf Ebrahimi memset(buf, 0x00, sizeof(buf)); 219*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000, 220*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 221*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 222*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 223*62c56f98SSadaf Ebrahimi 224*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000, 225*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 226*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 227*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &res_len, res_buf, 1000, 228*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 229*62c56f98SSadaf Ebrahimi &rnd_info) == 0); 230*62c56f98SSadaf Ebrahimi TEST_ASSERT(len == res_len); 231*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(buf, res_buf, len) == 0); 232*62c56f98SSadaf Ebrahimi 233*62c56f98SSadaf Ebrahimiexit: 234*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&srv); 235*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&cli); 236*62c56f98SSadaf Ebrahimi} 237*62c56f98SSadaf Ebrahimi/* END_CASE */ 238*62c56f98SSadaf Ebrahimi 239*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 240*62c56f98SSadaf Ebrahimivoid ecdh_restart(int id, data_t *dA, data_t *dB, data_t *z, 241*62c56f98SSadaf Ebrahimi int enable, int max_ops, int min_restart, int max_restart) 242*62c56f98SSadaf Ebrahimi{ 243*62c56f98SSadaf Ebrahimi int ret; 244*62c56f98SSadaf Ebrahimi mbedtls_ecdh_context srv, cli; 245*62c56f98SSadaf Ebrahimi unsigned char buf[1000]; 246*62c56f98SSadaf Ebrahimi const unsigned char *vbuf; 247*62c56f98SSadaf Ebrahimi size_t len; 248*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 249*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 250*62c56f98SSadaf Ebrahimi int cnt_restart; 251*62c56f98SSadaf Ebrahimi mbedtls_ecp_group grp; 252*62c56f98SSadaf Ebrahimi 253*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_init(&grp); 254*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&srv); 255*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&cli); 256*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 257*62c56f98SSadaf Ebrahimi 258*62c56f98SSadaf Ebrahimi rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 259*62c56f98SSadaf Ebrahimi rnd_info_A.fallback_p_rng = NULL; 260*62c56f98SSadaf Ebrahimi rnd_info_A.buf = dA->x; 261*62c56f98SSadaf Ebrahimi rnd_info_A.length = dA->len; 262*62c56f98SSadaf Ebrahimi 263*62c56f98SSadaf Ebrahimi rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 264*62c56f98SSadaf Ebrahimi rnd_info_B.fallback_p_rng = NULL; 265*62c56f98SSadaf Ebrahimi rnd_info_B.buf = dB->x; 266*62c56f98SSadaf Ebrahimi rnd_info_B.length = dB->len; 267*62c56f98SSadaf Ebrahimi 268*62c56f98SSadaf Ebrahimi /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure 269*62c56f98SSadaf Ebrahimi * in every configuration, therefore we load it separately. */ 270*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 271*62c56f98SSadaf Ebrahimi 272*62c56f98SSadaf Ebrahimi /* Otherwise we would have to fix the random buffer, 273*62c56f98SSadaf Ebrahimi * as in ecdh_primitive_testvec. */ 274*62c56f98SSadaf Ebrahimi TEST_ASSERT(grp.nbits % 8 == 0); 275*62c56f98SSadaf Ebrahimi 276*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 277*62c56f98SSadaf Ebrahimi 278*62c56f98SSadaf Ebrahimi /* set up restart parameters */ 279*62c56f98SSadaf Ebrahimi mbedtls_ecp_set_max_ops(max_ops); 280*62c56f98SSadaf Ebrahimi 281*62c56f98SSadaf Ebrahimi if (enable) { 282*62c56f98SSadaf Ebrahimi mbedtls_ecdh_enable_restart(&srv); 283*62c56f98SSadaf Ebrahimi mbedtls_ecdh_enable_restart(&cli); 284*62c56f98SSadaf Ebrahimi } 285*62c56f98SSadaf Ebrahimi 286*62c56f98SSadaf Ebrahimi /* server writes its parameters */ 287*62c56f98SSadaf Ebrahimi memset(buf, 0x00, sizeof(buf)); 288*62c56f98SSadaf Ebrahimi len = 0; 289*62c56f98SSadaf Ebrahimi 290*62c56f98SSadaf Ebrahimi cnt_restart = 0; 291*62c56f98SSadaf Ebrahimi do { 292*62c56f98SSadaf Ebrahimi ret = mbedtls_ecdh_make_params(&srv, &len, buf, sizeof(buf), 293*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buffer_rand, 294*62c56f98SSadaf Ebrahimi &rnd_info_A); 295*62c56f98SSadaf Ebrahimi } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 296*62c56f98SSadaf Ebrahimi 297*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 298*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart >= min_restart); 299*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart <= max_restart); 300*62c56f98SSadaf Ebrahimi 301*62c56f98SSadaf Ebrahimi /* client read server params */ 302*62c56f98SSadaf Ebrahimi vbuf = buf; 303*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 304*62c56f98SSadaf Ebrahimi 305*62c56f98SSadaf Ebrahimi /* client writes its key share */ 306*62c56f98SSadaf Ebrahimi memset(buf, 0x00, sizeof(buf)); 307*62c56f98SSadaf Ebrahimi len = 0; 308*62c56f98SSadaf Ebrahimi 309*62c56f98SSadaf Ebrahimi cnt_restart = 0; 310*62c56f98SSadaf Ebrahimi do { 311*62c56f98SSadaf Ebrahimi ret = mbedtls_ecdh_make_public(&cli, &len, buf, sizeof(buf), 312*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_buffer_rand, 313*62c56f98SSadaf Ebrahimi &rnd_info_B); 314*62c56f98SSadaf Ebrahimi } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 315*62c56f98SSadaf Ebrahimi 316*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 317*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart >= min_restart); 318*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart <= max_restart); 319*62c56f98SSadaf Ebrahimi 320*62c56f98SSadaf Ebrahimi /* server reads client key share */ 321*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 322*62c56f98SSadaf Ebrahimi 323*62c56f98SSadaf Ebrahimi /* server computes shared secret */ 324*62c56f98SSadaf Ebrahimi memset(buf, 0, sizeof(buf)); 325*62c56f98SSadaf Ebrahimi len = 0; 326*62c56f98SSadaf Ebrahimi 327*62c56f98SSadaf Ebrahimi cnt_restart = 0; 328*62c56f98SSadaf Ebrahimi do { 329*62c56f98SSadaf Ebrahimi ret = mbedtls_ecdh_calc_secret(&srv, &len, buf, sizeof(buf), 330*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 331*62c56f98SSadaf Ebrahimi &rnd_info); 332*62c56f98SSadaf Ebrahimi } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 333*62c56f98SSadaf Ebrahimi 334*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 335*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart >= min_restart); 336*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart <= max_restart); 337*62c56f98SSadaf Ebrahimi 338*62c56f98SSadaf Ebrahimi TEST_ASSERT(len == z->len); 339*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(buf, z->x, len) == 0); 340*62c56f98SSadaf Ebrahimi 341*62c56f98SSadaf Ebrahimi /* client computes shared secret */ 342*62c56f98SSadaf Ebrahimi memset(buf, 0, sizeof(buf)); 343*62c56f98SSadaf Ebrahimi len = 0; 344*62c56f98SSadaf Ebrahimi 345*62c56f98SSadaf Ebrahimi cnt_restart = 0; 346*62c56f98SSadaf Ebrahimi do { 347*62c56f98SSadaf Ebrahimi ret = mbedtls_ecdh_calc_secret(&cli, &len, buf, sizeof(buf), 348*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, 349*62c56f98SSadaf Ebrahimi &rnd_info); 350*62c56f98SSadaf Ebrahimi } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 351*62c56f98SSadaf Ebrahimi 352*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 353*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart >= min_restart); 354*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart <= max_restart); 355*62c56f98SSadaf Ebrahimi 356*62c56f98SSadaf Ebrahimi TEST_ASSERT(len == z->len); 357*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(buf, z->x, len) == 0); 358*62c56f98SSadaf Ebrahimi 359*62c56f98SSadaf Ebrahimiexit: 360*62c56f98SSadaf Ebrahimi mbedtls_ecp_group_free(&grp); 361*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&srv); 362*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&cli); 363*62c56f98SSadaf Ebrahimi} 364*62c56f98SSadaf Ebrahimi/* END_CASE */ 365*62c56f98SSadaf Ebrahimi 366*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 367*62c56f98SSadaf Ebrahimivoid ecdh_exchange_calc_secret(int grp_id, 368*62c56f98SSadaf Ebrahimi data_t *our_private_key, 369*62c56f98SSadaf Ebrahimi data_t *their_point, 370*62c56f98SSadaf Ebrahimi int ours_first, 371*62c56f98SSadaf Ebrahimi data_t *expected) 372*62c56f98SSadaf Ebrahimi{ 373*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 374*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair our_key; 375*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair their_key; 376*62c56f98SSadaf Ebrahimi mbedtls_ecdh_context ecdh; 377*62c56f98SSadaf Ebrahimi unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; 378*62c56f98SSadaf Ebrahimi size_t shared_secret_length = 0; 379*62c56f98SSadaf Ebrahimi 380*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 381*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&ecdh); 382*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_init(&our_key); 383*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_init(&their_key); 384*62c56f98SSadaf Ebrahimi 385*62c56f98SSadaf Ebrahimi if (!load_private_key(grp_id, our_private_key, &our_key, &rnd_info)) { 386*62c56f98SSadaf Ebrahimi goto exit; 387*62c56f98SSadaf Ebrahimi } 388*62c56f98SSadaf Ebrahimi if (!load_public_key(grp_id, their_point, &their_key)) { 389*62c56f98SSadaf Ebrahimi goto exit; 390*62c56f98SSadaf Ebrahimi } 391*62c56f98SSadaf Ebrahimi 392*62c56f98SSadaf Ebrahimi /* Import the keys to the ECDH calculation. */ 393*62c56f98SSadaf Ebrahimi if (ours_first) { 394*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 395*62c56f98SSadaf Ebrahimi &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 396*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 397*62c56f98SSadaf Ebrahimi &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 398*62c56f98SSadaf Ebrahimi } else { 399*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 400*62c56f98SSadaf Ebrahimi &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 401*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 402*62c56f98SSadaf Ebrahimi &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 403*62c56f98SSadaf Ebrahimi } 404*62c56f98SSadaf Ebrahimi 405*62c56f98SSadaf Ebrahimi /* Perform the ECDH calculation. */ 406*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_calc_secret( 407*62c56f98SSadaf Ebrahimi &ecdh, 408*62c56f98SSadaf Ebrahimi &shared_secret_length, 409*62c56f98SSadaf Ebrahimi shared_secret, sizeof(shared_secret), 410*62c56f98SSadaf Ebrahimi &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); 411*62c56f98SSadaf Ebrahimi TEST_ASSERT(shared_secret_length == expected->len); 412*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(expected->x, shared_secret, 413*62c56f98SSadaf Ebrahimi shared_secret_length) == 0); 414*62c56f98SSadaf Ebrahimi 415*62c56f98SSadaf Ebrahimiexit: 416*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&ecdh); 417*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_free(&our_key); 418*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_free(&their_key); 419*62c56f98SSadaf Ebrahimi} 420*62c56f98SSadaf Ebrahimi/* END_CASE */ 421*62c56f98SSadaf Ebrahimi 422*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 423*62c56f98SSadaf Ebrahimivoid ecdh_exchange_get_params_fail(int our_grp_id, 424*62c56f98SSadaf Ebrahimi data_t *our_private_key, 425*62c56f98SSadaf Ebrahimi int their_grp_id, 426*62c56f98SSadaf Ebrahimi data_t *their_point, 427*62c56f98SSadaf Ebrahimi int ours_first, 428*62c56f98SSadaf Ebrahimi int expected_ret) 429*62c56f98SSadaf Ebrahimi{ 430*62c56f98SSadaf Ebrahimi mbedtls_test_rnd_pseudo_info rnd_info; 431*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair our_key; 432*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair their_key; 433*62c56f98SSadaf Ebrahimi mbedtls_ecdh_context ecdh; 434*62c56f98SSadaf Ebrahimi 435*62c56f98SSadaf Ebrahimi memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 436*62c56f98SSadaf Ebrahimi mbedtls_ecdh_init(&ecdh); 437*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_init(&our_key); 438*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_init(&their_key); 439*62c56f98SSadaf Ebrahimi 440*62c56f98SSadaf Ebrahimi if (!load_private_key(our_grp_id, our_private_key, &our_key, &rnd_info)) { 441*62c56f98SSadaf Ebrahimi goto exit; 442*62c56f98SSadaf Ebrahimi } 443*62c56f98SSadaf Ebrahimi if (!load_public_key(their_grp_id, their_point, &their_key)) { 444*62c56f98SSadaf Ebrahimi goto exit; 445*62c56f98SSadaf Ebrahimi } 446*62c56f98SSadaf Ebrahimi 447*62c56f98SSadaf Ebrahimi if (ours_first) { 448*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 449*62c56f98SSadaf Ebrahimi &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 450*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 451*62c56f98SSadaf Ebrahimi &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 452*62c56f98SSadaf Ebrahimi expected_ret); 453*62c56f98SSadaf Ebrahimi } else { 454*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 455*62c56f98SSadaf Ebrahimi &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 456*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ecdh_get_params( 457*62c56f98SSadaf Ebrahimi &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 458*62c56f98SSadaf Ebrahimi expected_ret); 459*62c56f98SSadaf Ebrahimi } 460*62c56f98SSadaf Ebrahimi 461*62c56f98SSadaf Ebrahimiexit: 462*62c56f98SSadaf Ebrahimi mbedtls_ecdh_free(&ecdh); 463*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_free(&our_key); 464*62c56f98SSadaf Ebrahimi mbedtls_ecp_keypair_free(&their_key); 465*62c56f98SSadaf Ebrahimi} 466*62c56f98SSadaf Ebrahimi/* END_CASE */ 467