TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ae59c5232274df36b1b58dd52eb74cb153829a1a / . / tests / suites / test_suite_ecdh.function
blob: 0de7c08dcba54acad70a0cec6971dfee67be5807 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ecdh.h"
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]3
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]4static int load_public_key(int grp_id, data_t *point,
5 mbedtls_ecp_keypair *ecp)
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]6{
7 int ok = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]8 TEST_ASSERT(mbedtls_ecp_group_load(&ecp->grp, grp_id) == 0);
9 TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp->grp,
10 &ecp->Q,
11 point->x,
12 point->len) == 0);
13 TEST_ASSERT(mbedtls_ecp_check_pubkey(&ecp->grp,
14 &ecp->Q) == 0);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]15 ok = 1;
16exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]17 return ok;
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]18}
19
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]20static int load_private_key(int grp_id, data_t *private_key,
21 mbedtls_ecp_keypair *ecp,
22 mbedtls_test_rnd_pseudo_info *rnd_info)
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]23{
24 int ok = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]25 TEST_ASSERT(mbedtls_ecp_read_key(grp_id, ecp,
26 private_key->x,
27 private_key->len) == 0);
28 TEST_ASSERT(mbedtls_ecp_check_privkey(&ecp->grp, &ecp->d) == 0);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]29 /* Calculate the public key from the private key. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]30 TEST_ASSERT(mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d,
31 &ecp->grp.G,
32 &mbedtls_test_rnd_pseudo_rand,
33 rnd_info) == 0);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]34 ok = 1;
35exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]36 return ok;
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]37}
38
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]39/* END_HEADER */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]40
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]41/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42 * depends_on:MBEDTLS_ECDH_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]43 * END_DEPENDENCIES
44 */
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]45
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]46/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]47void ecdh_valid_param()
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]48{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]49 TEST_VALID_PARAM(mbedtls_ecdh_free(NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]50}
51/* END_CASE */
52
53/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]54void ecdh_invalid_param()
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]55{
56 mbedtls_ecp_group grp;
57 mbedtls_ecdh_context ctx;
58 mbedtls_mpi m;
59 mbedtls_ecp_point P;
60 mbedtls_ecp_keypair kp;
61 size_t olen;
62 unsigned char buf[42] = { 0 };
63 const unsigned char *buf_null = NULL;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]64 size_t const buflen = sizeof(buf);
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]65 int invalid_side = 42;
66 mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
67
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]68 mbedtls_ecp_keypair_init(&kp);
69 mbedtls_ecdh_init(&ctx);
70 TEST_INVALID_PARAM(mbedtls_ecdh_init(NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]71
72#if defined(MBEDTLS_ECP_RESTARTABLE)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]73 TEST_INVALID_PARAM(mbedtls_ecdh_enable_restart(NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]74#endif /* MBEDTLS_ECP_RESTARTABLE */
75
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]76 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
77 mbedtls_ecdh_gen_public(NULL, &m, &P,
78 mbedtls_test_rnd_std_rand,
79 NULL));
80 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
81 mbedtls_ecdh_gen_public(&grp, NULL, &P,
82 mbedtls_test_rnd_std_rand,
83 NULL));
84 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
85 mbedtls_ecdh_gen_public(&grp, &m, NULL,
86 mbedtls_test_rnd_std_rand,
87 NULL));
88 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
89 mbedtls_ecdh_gen_public(&grp, &m, &P,
90 NULL, NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]91
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]92 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
93 mbedtls_ecdh_compute_shared(NULL, &m, &P, &m,
94 mbedtls_test_rnd_std_rand,
95 NULL));
96 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
97 mbedtls_ecdh_compute_shared(&grp, NULL, &P, &m,
98 mbedtls_test_rnd_std_rand,
99 NULL));
100 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
101 mbedtls_ecdh_compute_shared(&grp, &m, NULL, &m,
102 mbedtls_test_rnd_std_rand,
103 NULL));
104 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
105 mbedtls_ecdh_compute_shared(&grp, &m, &P, NULL,
106 mbedtls_test_rnd_std_rand,
107 NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]108
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]109 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
110 mbedtls_ecdh_setup(NULL, valid_grp));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]111
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]112 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
113 mbedtls_ecdh_make_params(NULL, &olen, buf, buflen,
114 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]115
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]116 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
117 mbedtls_ecdh_make_params(&ctx, NULL, buf, buflen,
118 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]119
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]120 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
121 mbedtls_ecdh_make_params(&ctx, &olen, NULL, buflen,
122 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]123
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]124 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
125 mbedtls_ecdh_make_params(&ctx, &olen, buf, buflen, NULL, NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]126
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]127 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
128 mbedtls_ecdh_read_params(NULL,
129 (const unsigned char **) &buf,
130 buf));
131 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
132 mbedtls_ecdh_read_params(&ctx, &buf_null,
133 buf));
134 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
135 mbedtls_ecdh_read_params(&ctx, NULL, buf));
136 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
137 mbedtls_ecdh_read_params(&ctx,
138 (const unsigned char **) &buf,
139 NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]140
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]141 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
142 mbedtls_ecdh_get_params(NULL, &kp,
143 MBEDTLS_ECDH_OURS));
144 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
145 mbedtls_ecdh_get_params(&ctx, NULL,
146 MBEDTLS_ECDH_OURS));
147 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
148 mbedtls_ecdh_get_params(&ctx, &kp,
149 invalid_side));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]150
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]151 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
152 mbedtls_ecdh_make_public(NULL, &olen, buf, buflen,
153 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]154
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]155 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
156 mbedtls_ecdh_make_public(&ctx, NULL, buf, buflen,
157 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]158
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]159 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
160 mbedtls_ecdh_make_public(&ctx, &olen, NULL, buflen,
161 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]162
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]163 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
164 mbedtls_ecdh_make_public(&ctx, &olen, buf, buflen, NULL, NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]165
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]166 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
167 mbedtls_ecdh_read_public(NULL, buf, buflen));
168 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
169 mbedtls_ecdh_read_public(&ctx, NULL, buflen));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]170
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]171 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
172 mbedtls_ecdh_calc_secret(NULL, &olen, buf, buflen,
173 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]174
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]175 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
176 mbedtls_ecdh_calc_secret(&ctx, NULL, buf, buflen,
177 mbedtls_test_rnd_std_rand, NULL));
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]178
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]179 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
180 mbedtls_ecdh_calc_secret(&ctx, &olen, NULL, buflen,
181 mbedtls_test_rnd_std_rand, NULL));
Hanno Becker4c818482018-12-17 18:32:22 +0000[diff] [blame]182
183exit:
184 return;
185}
186/* END_CASE */
187
188/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]189void ecdh_primitive_random(int id)
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]190{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]191 mbedtls_ecp_group grp;
192 mbedtls_ecp_point qA, qB;
193 mbedtls_mpi dA, dB, zA, zB;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]194 mbedtls_test_rnd_pseudo_info rnd_info;
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]195
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]196 mbedtls_ecp_group_init(&grp);
197 mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB);
198 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB);
199 mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB);
200 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]201
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]202 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]203
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]204 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA,
205 &mbedtls_test_rnd_pseudo_rand,
206 &rnd_info) == 0);
207 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB,
208 &mbedtls_test_rnd_pseudo_rand,
209 &rnd_info) == 0);
210 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA,
211 &mbedtls_test_rnd_pseudo_rand,
212 &rnd_info) == 0);
213 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB,
214 NULL, NULL) == 0);
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]215
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]216 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &zB) == 0);
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]217
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]218exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]219 mbedtls_ecp_group_free(&grp);
220 mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB);
221 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB);
222 mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB);
Manuel Pégourié-Gonnard61ce13b2013-01-26 16:20:32 +0100[diff] [blame]223}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]224/* END_CASE */
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]225
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]226/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]227void ecdh_primitive_testvec(int id, data_t *rnd_buf_A, char *xA_str,
228 char *yA_str, data_t *rnd_buf_B,
229 char *xB_str, char *yB_str, char *z_str)
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]230{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]231 mbedtls_ecp_group grp;
232 mbedtls_ecp_point qA, qB;
233 mbedtls_mpi dA, dB, zA, zB, check;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]234 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]235
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]236 mbedtls_ecp_group_init(&grp);
237 mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB);
238 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB);
239 mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); mbedtls_mpi_init(&check);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]240
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]241 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]242
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]243 rnd_info_A.buf = rnd_buf_A->x;
244 rnd_info_A.length = rnd_buf_A->len;
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]245 rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
246 rnd_info_A.fallback_p_rng = NULL;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]247
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]248 /* Fix rnd_buf_A->x by shifting it left if necessary */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]249 if (grp.nbits % 8 != 0) {
250 unsigned char shift = 8 - (grp.nbits % 8);
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]251 size_t i;
252
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]253 for (i = 0; i < rnd_info_A.length - 1; i++) {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]254 rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]255 | rnd_buf_A->x[i+1] >> (8 - shift);
256 }
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]257
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]258 rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]259 }
260
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]261 rnd_info_B.buf = rnd_buf_B->x;
262 rnd_info_B.length = rnd_buf_B->len;
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]263 rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
264 rnd_info_B.fallback_p_rng = NULL;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]265
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]266 /* Fix rnd_buf_B->x by shifting it left if necessary */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]267 if (grp.nbits % 8 != 0) {
268 unsigned char shift = 8 - (grp.nbits % 8);
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]269 size_t i;
270
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]271 for (i = 0; i < rnd_info_B.length - 1; i++) {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]272 rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]273 | rnd_buf_B->x[i+1] >> (8 - shift);
274 }
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]275
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]276 rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
Manuel Pégourié-Gonnard544416a2014-01-23 16:55:18 +0100[diff] [blame]277 }
278
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]279 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA,
280 mbedtls_test_rnd_buffer_rand,
281 &rnd_info_A) == 0);
282 TEST_ASSERT(!mbedtls_ecp_is_zero(&qA));
283 TEST_ASSERT(mbedtls_test_read_mpi(&check, xA_str) == 0);
284 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.X, &check) == 0);
285 TEST_ASSERT(mbedtls_test_read_mpi(&check, yA_str) == 0);
286 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.Y, &check) == 0);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]287
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]288 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB,
289 mbedtls_test_rnd_buffer_rand,
290 &rnd_info_B) == 0);
291 TEST_ASSERT(!mbedtls_ecp_is_zero(&qB));
292 TEST_ASSERT(mbedtls_test_read_mpi(&check, xB_str) == 0);
293 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.X, &check) == 0);
294 TEST_ASSERT(mbedtls_test_read_mpi(&check, yB_str) == 0);
295 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.Y, &check) == 0);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]296
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]297 TEST_ASSERT(mbedtls_test_read_mpi(&check, z_str) == 0);
298 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, NULL, NULL) == 0);
299 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &check) == 0);
300 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, NULL, NULL) == 0);
301 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zB, &check) == 0);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]302
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]303exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]304 mbedtls_ecp_group_free(&grp);
305 mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB);
306 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB);
307 mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); mbedtls_mpi_free(&check);
Manuel Pégourié-Gonnard007b7172013-01-27 08:56:21 +0100[diff] [blame]308}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]309/* END_CASE */
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]310
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]311/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]312void ecdh_exchange(int id)
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]313{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]314 mbedtls_ecdh_context srv, cli;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]315 unsigned char buf[1000];
316 const unsigned char *vbuf;
317 size_t len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]318 mbedtls_test_rnd_pseudo_info rnd_info;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]319 unsigned char res_buf[1000];
320 size_t res_len;
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]321
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]322 mbedtls_ecdh_init(&srv);
323 mbedtls_ecdh_init(&cli);
324 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]325
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]326 TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0);
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]327
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]328 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
329 TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000,
330 &mbedtls_test_rnd_pseudo_rand,
331 &rnd_info) == 0);
332 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]333
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]334 memset(buf, 0x00, sizeof(buf));
335 TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000,
336 &mbedtls_test_rnd_pseudo_rand,
337 &rnd_info) == 0);
338 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]339
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]340 TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000,
341 &mbedtls_test_rnd_pseudo_rand,
342 &rnd_info) == 0);
343 TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &res_len, res_buf, 1000,
344 NULL, NULL) == 0);
345 TEST_ASSERT(len == res_len);
346 TEST_ASSERT(memcmp(buf, res_buf, len) == 0);
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]347
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]348exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]349 mbedtls_ecdh_free(&srv);
350 mbedtls_ecdh_free(&cli);
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]351}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]352/* END_CASE */
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]353
354/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]355void ecdh_restart(int id, data_t *dA, data_t *dB, data_t *z,
356 int enable, int max_ops, int min_restart, int max_restart)
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]357{
358 int ret;
359 mbedtls_ecdh_context srv, cli;
360 unsigned char buf[1000];
361 const unsigned char *vbuf;
362 size_t len;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]363 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]364 int cnt_restart;
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]365 mbedtls_ecp_group grp;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]366
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]367 mbedtls_ecp_group_init(&grp);
368 mbedtls_ecdh_init(&srv);
369 mbedtls_ecdh_init(&cli);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]370
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]371 rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
372 rnd_info_A.fallback_p_rng = NULL;
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]373 rnd_info_A.buf = dA->x;
374 rnd_info_A.length = dA->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]375
Gilles Peskinebef30192021-03-24 00:48:57 +0100[diff] [blame]376 rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
377 rnd_info_B.fallback_p_rng = NULL;
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]378 rnd_info_B.buf = dB->x;
379 rnd_info_B.length = dB->len;
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]380
Andrzej Kurek293e4522022-04-13 14:28:52 -0400[diff] [blame]381 /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]382 * in every configuration, therefore we load it separately. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]383 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]384
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]385 /* Otherwise we would have to fix the random buffer,
386 * as in ecdh_primitive_testvec. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]387 TEST_ASSERT(grp.nbits % 8 == 0);
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]388
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]389 TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]390
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]391 /* set up restart parameters */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]392 mbedtls_ecp_set_max_ops(max_ops);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]393
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]394 if (enable) {
395 mbedtls_ecdh_enable_restart(&srv);
396 mbedtls_ecdh_enable_restart(&cli);
Manuel Pégourié-Gonnard23e41622017-05-18 12:35:37 +0200[diff] [blame]397 }
398
Antonin Décimo36e89b52019-01-23 15:24:37 +0100[diff] [blame]399 /* server writes its parameters */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]400 memset(buf, 0x00, sizeof(buf));
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]401 len = 0;
402
403 cnt_restart = 0;
404 do {
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]405 ret = mbedtls_ecdh_make_params(&srv, &len, buf, sizeof(buf),
406 mbedtls_test_rnd_buffer_rand,
407 &rnd_info_A);
408 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]409
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]410 TEST_ASSERT(ret == 0);
411 TEST_ASSERT(cnt_restart >= min_restart);
412 TEST_ASSERT(cnt_restart <= max_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]413
414 /* client read server params */
415 vbuf = buf;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]416 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]417
418 /* client writes its key share */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]419 memset(buf, 0x00, sizeof(buf));
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]420 len = 0;
421
422 cnt_restart = 0;
423 do {
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]424 ret = mbedtls_ecdh_make_public(&cli, &len, buf, sizeof(buf),
425 mbedtls_test_rnd_buffer_rand,
426 &rnd_info_B);
427 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]428
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]429 TEST_ASSERT(ret == 0);
430 TEST_ASSERT(cnt_restart >= min_restart);
431 TEST_ASSERT(cnt_restart <= max_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]432
433 /* server reads client key share */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]434 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]435
436 /* server computes shared secret */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]437 memset(buf, 0, sizeof(buf));
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]438 len = 0;
439
440 cnt_restart = 0;
441 do {
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]442 ret = mbedtls_ecdh_calc_secret(&srv, &len, buf, sizeof(buf),
443 NULL, NULL);
444 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]445
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]446 TEST_ASSERT(ret == 0);
447 TEST_ASSERT(cnt_restart >= min_restart);
448 TEST_ASSERT(cnt_restart <= max_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]449
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]450 TEST_ASSERT(len == z->len);
451 TEST_ASSERT(memcmp(buf, z->x, len) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]452
453 /* client computes shared secret */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]454 memset(buf, 0, sizeof(buf));
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]455 len = 0;
456
457 cnt_restart = 0;
458 do {
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]459 ret = mbedtls_ecdh_calc_secret(&cli, &len, buf, sizeof(buf),
460 NULL, NULL);
461 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]462
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]463 TEST_ASSERT(ret == 0);
464 TEST_ASSERT(cnt_restart >= min_restart);
465 TEST_ASSERT(cnt_restart <= max_restart);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]466
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]467 TEST_ASSERT(len == z->len);
468 TEST_ASSERT(memcmp(buf, z->x, len) == 0);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]469
470exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]471 mbedtls_ecp_group_free(&grp);
472 mbedtls_ecdh_free(&srv);
473 mbedtls_ecdh_free(&cli);
Manuel Pégourié-Gonnard71b2c532017-04-27 10:38:52 +0200[diff] [blame]474}
475/* END_CASE */
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]476
Janos Follath36c5f7f2018-10-30 14:08:52 +0000[diff] [blame]477/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]478void ecdh_exchange_legacy(int id)
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]479{
480 mbedtls_ecdh_context srv, cli;
481 unsigned char buf[1000];
482 const unsigned char *vbuf;
483 size_t len;
484
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]485 mbedtls_test_rnd_pseudo_info rnd_info;
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]486
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]487 mbedtls_ecdh_init(&srv);
488 mbedtls_ecdh_init(&cli);
489 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]490
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]491 TEST_ASSERT(mbedtls_ecp_group_load(&srv.grp, id) == 0);
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]492
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]493 memset(buf, 0x00, sizeof(buf)); vbuf = buf;
494 TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000,
495 &mbedtls_test_rnd_pseudo_rand,
496 &rnd_info) == 0);
497 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0);
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]498
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]499 memset(buf, 0x00, sizeof(buf));
500 TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000,
501 &mbedtls_test_rnd_pseudo_rand,
502 &rnd_info) == 0);
503 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0);
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]504
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]505 TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000,
506 &mbedtls_test_rnd_pseudo_rand,
507 &rnd_info) == 0);
508 TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &len, buf, 1000, NULL,
509 NULL) == 0);
510 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&srv.z, &cli.z) == 0);
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]511
512exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]513 mbedtls_ecdh_free(&srv);
514 mbedtls_ecdh_free(&cli);
Janos Follathfc03e8d2018-10-04 17:17:54 +0100[diff] [blame]515}
516/* END_CASE */
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]517
518/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]519void ecdh_exchange_calc_secret(int grp_id,
520 data_t *our_private_key,
521 data_t *their_point,
522 int ours_first,
523 data_t *expected)
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]524{
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]525 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]526 mbedtls_ecp_keypair our_key;
527 mbedtls_ecp_keypair their_key;
528 mbedtls_ecdh_context ecdh;
529 unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
530 size_t shared_secret_length = 0;
531
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]532 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
533 mbedtls_ecdh_init(&ecdh);
534 mbedtls_ecp_keypair_init(&our_key);
535 mbedtls_ecp_keypair_init(&their_key);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]536
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]537 if (!load_private_key(grp_id, our_private_key, &our_key, &rnd_info)) {
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]538 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]539 }
540 if (!load_public_key(grp_id, their_point, &their_key)) {
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]541 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]542 }
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]543
544 /* Import the keys to the ECDH calculation. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]545 if (ours_first) {
546 TEST_ASSERT(mbedtls_ecdh_get_params(
547 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
548 TEST_ASSERT(mbedtls_ecdh_get_params(
549 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
550 } else {
551 TEST_ASSERT(mbedtls_ecdh_get_params(
552 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
553 TEST_ASSERT(mbedtls_ecdh_get_params(
554 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]555 }
556
557 /* Perform the ECDH calculation. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]558 TEST_ASSERT(mbedtls_ecdh_calc_secret(
559 &ecdh,
560 &shared_secret_length,
561 shared_secret, sizeof(shared_secret),
562 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0);
563 TEST_ASSERT(shared_secret_length == expected->len);
564 TEST_ASSERT(memcmp(expected->x, shared_secret,
565 shared_secret_length) == 0);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]566
567exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]568 mbedtls_ecdh_free(&ecdh);
569 mbedtls_ecp_keypair_free(&our_key);
570 mbedtls_ecp_keypair_free(&their_key);
Gilles Peskine552563b2018-11-07 22:07:58 +0100[diff] [blame]571}
572/* END_CASE */
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]573
574/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]575void ecdh_exchange_get_params_fail(int our_grp_id,
576 data_t *our_private_key,
577 int their_grp_id,
578 data_t *their_point,
579 int ours_first,
580 int expected_ret)
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]581{
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]582 mbedtls_test_rnd_pseudo_info rnd_info;
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]583 mbedtls_ecp_keypair our_key;
584 mbedtls_ecp_keypair their_key;
585 mbedtls_ecdh_context ecdh;
586
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]587 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
588 mbedtls_ecdh_init(&ecdh);
589 mbedtls_ecp_keypair_init(&our_key);
590 mbedtls_ecp_keypair_init(&their_key);
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]591
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]592 if (!load_private_key(our_grp_id, our_private_key, &our_key, &rnd_info)) {
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]593 goto exit;
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]594 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]595 if (!load_public_key(their_grp_id, their_point, &their_key)) {
596 goto exit;
597 }
598
599 if (ours_first) {
600 TEST_ASSERT(mbedtls_ecdh_get_params(
601 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0);
602 TEST_ASSERT(mbedtls_ecdh_get_params(
603 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) ==
604 expected_ret);
605 } else {
606 TEST_ASSERT(mbedtls_ecdh_get_params(
607 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0);
608 TEST_ASSERT(mbedtls_ecdh_get_params(
609 &ecdh, &our_key, MBEDTLS_ECDH_OURS) ==
610 expected_ret);
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]611 }
612
613exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]614 mbedtls_ecdh_free(&ecdh);
615 mbedtls_ecp_keypair_free(&our_key);
616 mbedtls_ecp_keypair_free(&their_key);
Gilles Peskinec4dff062018-11-07 22:09:29 +0100[diff] [blame]617}
618/* END_CASE */