1/* BEGIN_HEADER */ 2#include "mbedtls/ecp.h" 3 4/* Backported from Mbed TLS 2.x for test dependencies. */ 5#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ 6 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ 7 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ 8 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ 9 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ 10 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ 11 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ 12 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ 13 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ 14 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ 15 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 16#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED 17#endif 18#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ 19 defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 20#define MBEDTLS_ECP_MONTGOMERY_ENABLED 21#endif 22 23#define ECP_PF_UNKNOWN -1 24 25#define ECP_PT_RESET( x ) \ 26 mbedtls_ecp_point_free( x ); \ 27 mbedtls_ecp_point_init( x ); 28/* END_HEADER */ 29 30/* BEGIN_DEPENDENCIES 31 * depends_on:MBEDTLS_ECP_C 32 * END_DEPENDENCIES 33 */ 34 35/* BEGIN_CASE */ 36void ecp_valid_param( ) 37{ 38 TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) ); 39 TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); 40 TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); 41 42#if defined(MBEDTLS_ECP_RESTARTABLE) 43 TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) ); 44#endif /* MBEDTLS_ECP_RESTARTABLE */ 45 46exit: 47 return; 48} 49/* END_CASE */ 50 51/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 52void ecp_invalid_param( ) 53{ 54 mbedtls_ecp_group grp; 55 mbedtls_ecp_keypair kp; 56 mbedtls_ecp_point P; 57 mbedtls_mpi m; 58 const char *x = "deadbeef"; 59 int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED; 60 int invalid_fmt = 42; 61 size_t olen; 62 unsigned char buf[42] = { 0 }; 63 const unsigned char *null_buf = NULL; 64 mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; 65#if defined(MBEDTLS_ECP_RESTARTABLE) 66 mbedtls_ecp_restart_ctx restart_ctx; 67#endif /* MBEDTLS_ECP_RESTARTABLE */ 68 69 TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); 70 TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); 71 TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) ); 72 73#if defined(MBEDTLS_ECP_RESTARTABLE) 74 TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); 75 TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) ); 76#endif /* MBEDTLS_ECP_RESTARTABLE */ 77 78 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 79 mbedtls_ecp_copy( NULL, &P ) ); 80 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 81 mbedtls_ecp_copy( &P, NULL ) ); 82 83 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 84 mbedtls_ecp_group_copy( NULL, &grp ) ); 85 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 86 mbedtls_ecp_group_copy( &grp, NULL ) ); 87 88 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 89 mbedtls_ecp_gen_privkey( NULL, 90 &m, 91 rnd_std_rand, 92 NULL ) ); 93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 94 mbedtls_ecp_gen_privkey( &grp, 95 NULL, 96 rnd_std_rand, 97 NULL ) ); 98 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 99 mbedtls_ecp_gen_privkey( &grp, 100 &m, 101 NULL, 102 NULL ) ); 103 104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 105 mbedtls_ecp_set_zero( NULL ) ); 106 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 107 mbedtls_ecp_is_zero( NULL ) ); 108 109 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 110 mbedtls_ecp_point_cmp( NULL, &P ) ); 111 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 112 mbedtls_ecp_point_cmp( &P, NULL ) ); 113 114 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 115 mbedtls_ecp_point_read_string( NULL, 2, 116 x, x ) ); 117 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 118 mbedtls_ecp_point_read_string( &P, 2, 119 NULL, x ) ); 120 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 121 mbedtls_ecp_point_read_string( &P, 2, 122 x, NULL ) ); 123 124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 125 mbedtls_ecp_point_write_binary( NULL, &P, 126 valid_fmt, 127 &olen, 128 buf, sizeof( buf ) ) ); 129 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 130 mbedtls_ecp_point_write_binary( &grp, NULL, 131 valid_fmt, 132 &olen, 133 buf, sizeof( buf ) ) ); 134 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 135 mbedtls_ecp_point_write_binary( &grp, &P, 136 invalid_fmt, 137 &olen, 138 buf, sizeof( buf ) ) ); 139 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 140 mbedtls_ecp_point_write_binary( &grp, &P, 141 valid_fmt, 142 NULL, 143 buf, sizeof( buf ) ) ); 144 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 145 mbedtls_ecp_point_write_binary( &grp, &P, 146 valid_fmt, 147 &olen, 148 NULL, sizeof( buf ) ) ); 149 150 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 151 mbedtls_ecp_point_read_binary( NULL, &P, buf, 152 sizeof( buf ) ) ); 153 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 154 mbedtls_ecp_point_read_binary( &grp, NULL, buf, 155 sizeof( buf ) ) ); 156 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 157 mbedtls_ecp_point_read_binary( &grp, &P, NULL, 158 sizeof( buf ) ) ); 159 160 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 161 mbedtls_ecp_tls_read_point( NULL, &P, 162 (const unsigned char **) &buf, 163 sizeof( buf ) ) ); 164 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 165 mbedtls_ecp_tls_read_point( &grp, NULL, 166 (const unsigned char **) &buf, 167 sizeof( buf ) ) ); 168 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 169 mbedtls_ecp_tls_read_point( &grp, &P, &null_buf, 170 sizeof( buf ) ) ); 171 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 172 mbedtls_ecp_tls_read_point( &grp, &P, NULL, 173 sizeof( buf ) ) ); 174 175 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 176 mbedtls_ecp_tls_write_point( NULL, &P, 177 valid_fmt, 178 &olen, 179 buf, 180 sizeof( buf ) ) ); 181 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 182 mbedtls_ecp_tls_write_point( &grp, NULL, 183 valid_fmt, 184 &olen, 185 buf, 186 sizeof( buf ) ) ); 187 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 188 mbedtls_ecp_tls_write_point( &grp, &P, 189 invalid_fmt, 190 &olen, 191 buf, 192 sizeof( buf ) ) ); 193 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 194 mbedtls_ecp_tls_write_point( &grp, &P, 195 valid_fmt, 196 NULL, 197 buf, 198 sizeof( buf ) ) ); 199 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 200 mbedtls_ecp_tls_write_point( &grp, &P, 201 valid_fmt, 202 &olen, 203 NULL, 204 sizeof( buf ) ) ); 205 206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 207 mbedtls_ecp_group_load( NULL, valid_group ) ); 208 209 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 210 mbedtls_ecp_tls_read_group( NULL, 211 (const unsigned char **) &buf, 212 sizeof( buf ) ) ); 213 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 214 mbedtls_ecp_tls_read_group( &grp, NULL, 215 sizeof( buf ) ) ); 216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 217 mbedtls_ecp_tls_read_group( &grp, &null_buf, 218 sizeof( buf ) ) ); 219 220 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 221 mbedtls_ecp_tls_read_group_id( NULL, 222 (const unsigned char **) &buf, 223 sizeof( buf ) ) ); 224 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 225 mbedtls_ecp_tls_read_group_id( &valid_group, NULL, 226 sizeof( buf ) ) ); 227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 228 mbedtls_ecp_tls_read_group_id( &valid_group, 229 &null_buf, 230 sizeof( buf ) ) ); 231 232 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 233 mbedtls_ecp_tls_write_group( NULL, &olen, 234 buf, sizeof( buf ) ) ); 235 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 236 mbedtls_ecp_tls_write_group( &grp, NULL, 237 buf, sizeof( buf ) ) ); 238 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 239 mbedtls_ecp_tls_write_group( &grp, &olen, 240 NULL, sizeof( buf ) ) ); 241 242 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 243 mbedtls_ecp_mul( NULL, &P, &m, &P, 244 rnd_std_rand, NULL ) ); 245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 246 mbedtls_ecp_mul( &grp, NULL, &m, &P, 247 rnd_std_rand, NULL ) ); 248 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 249 mbedtls_ecp_mul( &grp, &P, NULL, &P, 250 rnd_std_rand, NULL ) ); 251 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 252 mbedtls_ecp_mul( &grp, &P, &m, NULL, 253 rnd_std_rand, NULL ) ); 254 255 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 256 mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, 257 rnd_std_rand, NULL , NULL ) ); 258 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 259 mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, 260 rnd_std_rand, NULL , NULL ) ); 261 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 262 mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, 263 rnd_std_rand, NULL , NULL ) ); 264 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 265 mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, 266 rnd_std_rand, NULL , NULL ) ); 267 268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 269 mbedtls_ecp_muladd( NULL, &P, &m, &P, 270 &m, &P ) ); 271 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 272 mbedtls_ecp_muladd( &grp, NULL, &m, &P, 273 &m, &P ) ); 274 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 275 mbedtls_ecp_muladd( &grp, &P, NULL, &P, 276 &m, &P ) ); 277 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 278 mbedtls_ecp_muladd( &grp, &P, &m, NULL, 279 &m, &P ) ); 280 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 281 mbedtls_ecp_muladd( &grp, &P, &m, &P, 282 NULL, &P ) ); 283 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 284 mbedtls_ecp_muladd( &grp, &P, &m, &P, 285 &m, NULL ) ); 286 287 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 288 mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P, 289 &m, &P, NULL ) ); 290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 291 mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P, 292 &m, &P, NULL ) ); 293 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 294 mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P, 295 &m, &P, NULL ) ); 296 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 297 mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL, 298 &m, &P, NULL ) ); 299 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 300 mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, 301 NULL, &P, NULL ) ); 302 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 303 mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, 304 &m, NULL, NULL ) ); 305 306 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 307 mbedtls_ecp_check_pubkey( NULL, &P ) ); 308 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 309 mbedtls_ecp_check_pubkey( &grp, NULL ) ); 310 311 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 312 mbedtls_ecp_check_pub_priv( NULL, &kp ) ); 313 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 314 mbedtls_ecp_check_pub_priv( &kp, NULL ) ); 315 316 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 317 mbedtls_ecp_check_privkey( NULL, &m ) ); 318 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 319 mbedtls_ecp_check_privkey( &grp, NULL ) ); 320 321 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 322 mbedtls_ecp_gen_keypair_base( NULL, &P, 323 &m, &P, 324 rnd_std_rand, 325 NULL ) ); 326 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 327 mbedtls_ecp_gen_keypair_base( &grp, NULL, 328 &m, &P, 329 rnd_std_rand, 330 NULL ) ); 331 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 332 mbedtls_ecp_gen_keypair_base( &grp, &P, 333 NULL, &P, 334 rnd_std_rand, 335 NULL ) ); 336 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 337 mbedtls_ecp_gen_keypair_base( &grp, &P, 338 &m, NULL, 339 rnd_std_rand, 340 NULL ) ); 341 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 342 mbedtls_ecp_gen_keypair_base( &grp, &P, 343 &m, &P, 344 NULL, 345 NULL ) ); 346 347 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 348 mbedtls_ecp_gen_keypair( NULL, 349 &m, &P, 350 rnd_std_rand, 351 NULL ) ); 352 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 353 mbedtls_ecp_gen_keypair( &grp, 354 NULL, &P, 355 rnd_std_rand, 356 NULL ) ); 357 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 358 mbedtls_ecp_gen_keypair( &grp, 359 &m, NULL, 360 rnd_std_rand, 361 NULL ) ); 362 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 363 mbedtls_ecp_gen_keypair( &grp, 364 &m, &P, 365 NULL, 366 NULL ) ); 367 368 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 369 mbedtls_ecp_gen_key( valid_group, NULL, 370 rnd_std_rand, NULL ) ); 371 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 372 mbedtls_ecp_gen_key( valid_group, &kp, 373 NULL, NULL ) ); 374 375exit: 376 return; 377} 378/* END_CASE */ 379 380/* BEGIN_CASE */ 381void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name ) 382{ 383 const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name; 384 385 by_id = mbedtls_ecp_curve_info_from_grp_id( id ); 386 by_tls = mbedtls_ecp_curve_info_from_tls_id( tls_id ); 387 by_name = mbedtls_ecp_curve_info_from_name( name ); 388 TEST_ASSERT( by_id != NULL ); 389 TEST_ASSERT( by_tls != NULL ); 390 TEST_ASSERT( by_name != NULL ); 391 392 TEST_ASSERT( by_id == by_tls ); 393 TEST_ASSERT( by_id == by_name ); 394 395 TEST_ASSERT( by_id->bit_size == size ); 396 TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS ); 397 TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 ); 398} 399/* END_CASE */ 400 401/* BEGIN_CASE */ 402void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex, 403 int ret ) 404{ 405 mbedtls_ecp_group grp; 406 mbedtls_ecp_point P; 407 408 mbedtls_ecp_group_init( &grp ); 409 mbedtls_ecp_point_init( &P ); 410 411 TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); 412 413 TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x_hex ) == 0 ); 414 TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y_hex ) == 0 ); 415 TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z_hex ) == 0 ); 416 417 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); 418 419exit: 420 mbedtls_ecp_group_free( &grp ); 421 mbedtls_ecp_point_free( &P ); 422} 423/* END_CASE */ 424 425/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 426void ecp_test_vect_restart( int id, 427 char *dA_str, char *xA_str, char *yA_str, 428 char *dB_str, char *xZ_str, char *yZ_str, 429 int max_ops, int min_restarts, int max_restarts ) 430{ 431 /* 432 * Test for early restart. Based on test vectors like ecp_test_vect(), 433 * but for the sake of simplicity only does half of each side. It's 434 * important to test both base point and random point, though, as memory 435 * management is different in each case. 436 * 437 * Don't try using too precise bounds for restarts as the exact number 438 * will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and 439 * MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may 440 * change in the future. A factor 2 is a minimum safety margin. 441 * 442 * For reference, with mbed TLS 2.4 and default settings, for P-256: 443 * - Random point mult: ~3250M 444 * - Cold base point mult: ~3300M 445 * - Hot base point mult: ~1100M 446 * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum): 447 * - Random point mult: ~3850M 448 */ 449 mbedtls_ecp_restart_ctx ctx; 450 mbedtls_ecp_group grp; 451 mbedtls_ecp_point R, P; 452 mbedtls_mpi dA, xA, yA, dB, xZ, yZ; 453 int cnt_restarts; 454 int ret; 455 456 mbedtls_ecp_restart_init( &ctx ); 457 mbedtls_ecp_group_init( &grp ); 458 mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); 459 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); 460 mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); 461 462 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 463 464 TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 ); 465 TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 ); 466 TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 ); 467 468 TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 ); 469 TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 ); 470 TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 ); 471 472 mbedtls_ecp_set_max_ops( (unsigned) max_ops ); 473 474 /* Base point case */ 475 cnt_restarts = 0; 476 do { 477 ECP_PT_RESET( &R ); 478 ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); 479 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); 480 481 TEST_ASSERT( ret == 0 ); 482 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); 483 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); 484 485 TEST_ASSERT( cnt_restarts >= min_restarts ); 486 TEST_ASSERT( cnt_restarts <= max_restarts ); 487 488 /* Non-base point case */ 489 mbedtls_ecp_copy( &P, &R ); 490 cnt_restarts = 0; 491 do { 492 ECP_PT_RESET( &R ); 493 ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); 494 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); 495 496 TEST_ASSERT( ret == 0 ); 497 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); 498 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); 499 500 TEST_ASSERT( cnt_restarts >= min_restarts ); 501 TEST_ASSERT( cnt_restarts <= max_restarts ); 502 503 /* Do we leak memory when aborting an operation? 504 * This test only makes sense when we actually restart */ 505 if( min_restarts > 0 ) 506 { 507 ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); 508 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 509 } 510 511exit: 512 mbedtls_ecp_restart_free( &ctx ); 513 mbedtls_ecp_group_free( &grp ); 514 mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &P ); 515 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); 516 mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ ); 517} 518/* END_CASE */ 519 520/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 521void ecp_muladd_restart( int id, char *xR_str, char *yR_str, 522 char *u1_str, char *u2_str, 523 char *xQ_str, char *yQ_str, 524 int max_ops, int min_restarts, int max_restarts ) 525{ 526 /* 527 * Compute R = u1 * G + u2 * Q 528 * (test vectors mostly taken from ECDSA intermediate results) 529 * 530 * See comments at the top of ecp_test_vect_restart() 531 */ 532 mbedtls_ecp_restart_ctx ctx; 533 mbedtls_ecp_group grp; 534 mbedtls_ecp_point R, Q; 535 mbedtls_mpi u1, u2, xR, yR; 536 int cnt_restarts; 537 int ret; 538 539 mbedtls_ecp_restart_init( &ctx ); 540 mbedtls_ecp_group_init( &grp ); 541 mbedtls_ecp_point_init( &R ); 542 mbedtls_ecp_point_init( &Q ); 543 mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); 544 mbedtls_mpi_init( &xR ); mbedtls_mpi_init( &yR ); 545 546 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 547 548 TEST_ASSERT( mbedtls_test_read_mpi( &u1, 16, u1_str ) == 0 ); 549 TEST_ASSERT( mbedtls_test_read_mpi( &u2, 16, u2_str ) == 0 ); 550 TEST_ASSERT( mbedtls_test_read_mpi( &xR, 16, xR_str ) == 0 ); 551 TEST_ASSERT( mbedtls_test_read_mpi( &yR, 16, yR_str ) == 0 ); 552 553 TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, 16, xQ_str ) == 0 ); 554 TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, 16, yQ_str ) == 0 ); 555 TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 ); 556 557 mbedtls_ecp_set_max_ops( (unsigned) max_ops ); 558 559 cnt_restarts = 0; 560 do { 561 ECP_PT_RESET( &R ); 562 ret = mbedtls_ecp_muladd_restartable( &grp, &R, 563 &u1, &grp.G, &u2, &Q, &ctx ); 564 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); 565 566 TEST_ASSERT( ret == 0 ); 567 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xR ) == 0 ); 568 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yR ) == 0 ); 569 570 TEST_ASSERT( cnt_restarts >= min_restarts ); 571 TEST_ASSERT( cnt_restarts <= max_restarts ); 572 573 /* Do we leak memory when aborting an operation? 574 * This test only makes sense when we actually restart */ 575 if( min_restarts > 0 ) 576 { 577 ret = mbedtls_ecp_muladd_restartable( &grp, &R, 578 &u1, &grp.G, &u2, &Q, &ctx ); 579 TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 580 } 581 582exit: 583 mbedtls_ecp_restart_free( &ctx ); 584 mbedtls_ecp_group_free( &grp ); 585 mbedtls_ecp_point_free( &R ); 586 mbedtls_ecp_point_free( &Q ); 587 mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); 588 mbedtls_mpi_free( &xR ); mbedtls_mpi_free( &yR ); 589} 590/* END_CASE */ 591 592/* BEGIN_CASE */ 593void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, 594 char * dB_str, char * xB_str, char * yB_str, 595 char * xZ_str, char * yZ_str ) 596{ 597 mbedtls_ecp_group grp; 598 mbedtls_ecp_point R; 599 mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ; 600 rnd_pseudo_info rnd_info; 601 602 mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); 603 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); 604 mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &yB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); 605 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 606 607 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 608 609 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); 610 611 TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 ); 612 TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 ); 613 TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 ); 614 TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 ); 615 TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_str ) == 0 ); 616 TEST_ASSERT( mbedtls_test_read_mpi( &yB, 16, yB_str ) == 0 ); 617 TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 ); 618 TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 ); 619 620 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, 621 &rnd_pseudo_rand, &rnd_info ) == 0 ); 622 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); 623 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); 624 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 625 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ) == 0 ); 626 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); 627 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); 628 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 629 630 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); 631 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); 632 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 ); 633 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 634 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, 635 &rnd_pseudo_rand, &rnd_info ) == 0 ); 636 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); 637 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); 638 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 639 640exit: 641 mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); 642 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); mbedtls_mpi_free( &dB ); 643 mbedtls_mpi_free( &xB ); mbedtls_mpi_free( &yB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ ); 644} 645/* END_CASE */ 646 647/* BEGIN_CASE */ 648void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, 649 char * xB_hex, char * xS_hex ) 650{ 651 mbedtls_ecp_group grp; 652 mbedtls_ecp_point R; 653 mbedtls_mpi dA, xA, dB, xB, xS; 654 rnd_pseudo_info rnd_info; 655 656 mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); 657 mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); 658 mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB ); 659 mbedtls_mpi_init( &xS ); 660 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 661 662 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 663 664 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); 665 666 TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_hex ) == 0 ); 667 TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_hex ) == 0 ); 668 TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_hex ) == 0 ); 669 TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_hex ) == 0 ); 670 TEST_ASSERT( mbedtls_test_read_mpi( &xS, 16, xS_hex ) == 0 ); 671 672 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, 673 &rnd_pseudo_rand, &rnd_info ) == 0 ); 674 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 675 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); 676 677 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, 678 &rnd_pseudo_rand, &rnd_info ) == 0 ); 679 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 680 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); 681 682 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); 683 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 684 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); 685 686 TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 ); 687 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); 688 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); 689 690exit: 691 mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); 692 mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); 693 mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xB ); 694 mbedtls_mpi_free( &xS ); 695} 696/* END_CASE */ 697 698/* BEGIN_CASE */ 699void ecp_test_mul_rng( int id, data_t * d_hex) 700{ 701 mbedtls_ecp_group grp; 702 mbedtls_mpi d; 703 mbedtls_ecp_point Q; 704 705 mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); 706 mbedtls_ecp_point_init( &Q ); 707 708 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 709 710 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); 711 712 TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); 713 714 TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) 715 == MBEDTLS_ERR_ECP_RANDOM_FAILED ); 716 717exit: 718 mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d ); 719 mbedtls_ecp_point_free( &Q ); 720} 721/* END_CASE */ 722 723/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ 724void ecp_muladd( int id, 725 data_t *u1_bin, data_t *P1_bin, 726 data_t *u2_bin, data_t *P2_bin, 727 data_t *expected_result ) 728{ 729 /* Compute R = u1 * P1 + u2 * P2 */ 730 mbedtls_ecp_group grp; 731 mbedtls_ecp_point P1, P2, R; 732 mbedtls_mpi u1, u2; 733 uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN]; 734 size_t len; 735 736 mbedtls_ecp_group_init( &grp ); 737 mbedtls_ecp_point_init( &P1 ); 738 mbedtls_ecp_point_init( &P2 ); 739 mbedtls_ecp_point_init( &R ); 740 mbedtls_mpi_init( &u1 ); 741 mbedtls_mpi_init( &u2 ); 742 743 TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) ); 744 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) ); 745 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) ); 746 TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1, 747 P1_bin->x, P1_bin->len ) ); 748 TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2, 749 P2_bin->x, P2_bin->len ) ); 750 751 TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) ); 752 TEST_EQUAL( 0, mbedtls_ecp_point_write_binary( 753 &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED, 754 &len, actual_result, sizeof( actual_result ) ) ); 755 TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN ); 756 757 ASSERT_COMPARE( expected_result->x, expected_result->len, 758 actual_result, len ); 759 760exit: 761 mbedtls_ecp_group_free( &grp ); 762 mbedtls_ecp_point_free( &P1 ); 763 mbedtls_ecp_point_free( &P2 ); 764 mbedtls_ecp_point_free( &R ); 765 mbedtls_mpi_free( &u1 ); 766 mbedtls_mpi_free( &u2 ); 767} 768/* END_CASE */ 769 770/* BEGIN_CASE */ 771void ecp_fast_mod( int id, char * N_str ) 772{ 773 mbedtls_ecp_group grp; 774 mbedtls_mpi N, R; 775 776 mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R ); 777 mbedtls_ecp_group_init( &grp ); 778 779 TEST_ASSERT( mbedtls_test_read_mpi( &N, 16, N_str ) == 0 ); 780 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 781 TEST_ASSERT( grp.modp != NULL ); 782 783 /* 784 * Store correct result before we touch N 785 */ 786 TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &N, &grp.P ) == 0 ); 787 788 TEST_ASSERT( grp.modp( &N ) == 0 ); 789 TEST_ASSERT( mbedtls_mpi_bitlen( &N ) <= grp.pbits + 3 ); 790 791 /* 792 * Use mod rather than addition/subtraction in case previous test fails 793 */ 794 TEST_ASSERT( mbedtls_mpi_mod_mpi( &N, &N, &grp.P ) == 0 ); 795 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &R ) == 0 ); 796 797exit: 798 mbedtls_mpi_free( &N ); mbedtls_mpi_free( &R ); 799 mbedtls_ecp_group_free( &grp ); 800} 801/* END_CASE */ 802 803/* BEGIN_CASE */ 804void ecp_write_binary( int id, char * x, char * y, char * z, int format, 805 data_t * out, int blen, int ret ) 806{ 807 mbedtls_ecp_group grp; 808 mbedtls_ecp_point P; 809 unsigned char buf[256]; 810 size_t olen; 811 812 memset( buf, 0, sizeof( buf ) ); 813 814 mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P ); 815 816 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 817 818 TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x ) == 0 ); 819 TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y ) == 0 ); 820 TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z ) == 0 ); 821 822 TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format, 823 &olen, buf, blen ) == ret ); 824 825 if( ret == 0 ) 826 { 827 TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN ); 828 TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); 829 } 830 831exit: 832 mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P ); 833} 834/* END_CASE */ 835 836/* BEGIN_CASE */ 837void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z, 838 int ret ) 839{ 840 mbedtls_ecp_group grp; 841 mbedtls_ecp_point P; 842 mbedtls_mpi X, Y, Z; 843 844 845 mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P ); 846 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); 847 848 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 849 850 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 ); 851 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 ); 852 TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 ); 853 854 TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret ); 855 856 if( ret == 0 ) 857 { 858 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 ); 859 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 ); 860 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 ); 861 } 862 863exit: 864 mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P ); 865 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); 866} 867/* END_CASE */ 868 869/* BEGIN_CASE */ 870void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y, 871 char * z, int ret ) 872{ 873 mbedtls_ecp_group grp; 874 mbedtls_ecp_point P; 875 mbedtls_mpi X, Y, Z; 876 const unsigned char *vbuf = buf->x; 877 878 879 mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P ); 880 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); 881 882 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 883 884 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 ); 885 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 ); 886 TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 ); 887 888 TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret ); 889 890 if( ret == 0 ) 891 { 892 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 ); 893 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 ); 894 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 ); 895 TEST_ASSERT( (uint32_t)( vbuf - buf->x ) == buf->len ); 896 } 897 898exit: 899 mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P ); 900 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); 901} 902/* END_CASE */ 903 904/* BEGIN_CASE */ 905void ecp_tls_write_read_point( int id ) 906{ 907 mbedtls_ecp_group grp; 908 mbedtls_ecp_point pt; 909 unsigned char buf[256]; 910 const unsigned char *vbuf; 911 size_t olen; 912 913 mbedtls_ecp_group_init( &grp ); 914 mbedtls_ecp_point_init( &pt ); 915 916 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 917 918 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; 919 TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &grp.G, 920 MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 ); 921 TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) 922 == MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); 923 TEST_ASSERT( vbuf == buf + olen ); 924 925 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; 926 TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &grp.G, 927 MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 ); 928 TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 ); 929 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.X, &pt.X ) == 0 ); 930 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.Y, &pt.Y ) == 0 ); 931 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.G.Z, &pt.Z ) == 0 ); 932 TEST_ASSERT( vbuf == buf + olen ); 933 934 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; 935 TEST_ASSERT( mbedtls_ecp_set_zero( &pt ) == 0 ); 936 TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &pt, 937 MBEDTLS_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 ); 938 TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 ); 939 TEST_ASSERT( mbedtls_ecp_is_zero( &pt ) ); 940 TEST_ASSERT( vbuf == buf + olen ); 941 942 memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; 943 TEST_ASSERT( mbedtls_ecp_set_zero( &pt ) == 0 ); 944 TEST_ASSERT( mbedtls_ecp_tls_write_point( &grp, &pt, 945 MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 ); 946 TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 ); 947 TEST_ASSERT( mbedtls_ecp_is_zero( &pt ) ); 948 TEST_ASSERT( vbuf == buf + olen ); 949 950exit: 951 mbedtls_ecp_group_free( &grp ); 952 mbedtls_ecp_point_free( &pt ); 953} 954/* END_CASE */ 955 956/* BEGIN_CASE */ 957void mbedtls_ecp_tls_read_group( data_t * buf, int result, int bits, 958 int record_len ) 959{ 960 mbedtls_ecp_group grp; 961 const unsigned char *vbuf = buf->x; 962 int ret; 963 964 mbedtls_ecp_group_init( &grp ); 965 966 ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, buf->len ); 967 968 TEST_ASSERT( ret == result ); 969 if( ret == 0) 970 { 971 TEST_ASSERT( mbedtls_mpi_bitlen( &grp.P ) == (size_t) bits ); 972 TEST_ASSERT( vbuf - buf->x == record_len); 973 } 974 975exit: 976 mbedtls_ecp_group_free( &grp ); 977} 978/* END_CASE */ 979 980/* BEGIN_CASE */ 981void ecp_tls_write_read_group( int id ) 982{ 983 mbedtls_ecp_group grp1, grp2; 984 unsigned char buf[10]; 985 const unsigned char *vbuf = buf; 986 size_t len; 987 int ret; 988 989 mbedtls_ecp_group_init( &grp1 ); 990 mbedtls_ecp_group_init( &grp2 ); 991 memset( buf, 0x00, sizeof( buf ) ); 992 993 TEST_ASSERT( mbedtls_ecp_group_load( &grp1, id ) == 0 ); 994 995 TEST_ASSERT( mbedtls_ecp_tls_write_group( &grp1, &len, buf, 10 ) == 0 ); 996 ret = mbedtls_ecp_tls_read_group( &grp2, &vbuf, len ); 997 TEST_ASSERT( ret == 0 ); 998 999 if( ret == 0 ) 1000 { 1001 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp1.N, &grp2.N ) == 0 ); 1002 TEST_ASSERT( grp1.id == grp2.id ); 1003 } 1004 1005exit: 1006 mbedtls_ecp_group_free( &grp1 ); 1007 mbedtls_ecp_group_free( &grp2 ); 1008} 1009/* END_CASE */ 1010 1011/* BEGIN_CASE */ 1012void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret ) 1013{ 1014 mbedtls_ecp_group grp; 1015 mbedtls_mpi d; 1016 1017 mbedtls_ecp_group_init( &grp ); 1018 mbedtls_mpi_init( &d ); 1019 1020 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 1021 TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, key_hex ) == 0 ); 1022 1023 TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret ); 1024 1025exit: 1026 mbedtls_ecp_group_free( &grp ); 1027 mbedtls_mpi_free( &d ); 1028} 1029/* END_CASE */ 1030 1031/* BEGIN_CASE */ 1032void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, 1033 int id, char * d, char * Qx, char * Qy, 1034 int ret ) 1035{ 1036 mbedtls_ecp_keypair pub, prv; 1037 1038 mbedtls_ecp_keypair_init( &pub ); 1039 mbedtls_ecp_keypair_init( &prv ); 1040 1041 if( id_pub != MBEDTLS_ECP_DP_NONE ) 1042 TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 ); 1043 TEST_ASSERT( mbedtls_ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 ); 1044 1045 if( id != MBEDTLS_ECP_DP_NONE ) 1046 TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 ); 1047 TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); 1048 TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, 16, d ) == 0 ); 1049 1050 TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret ); 1051 1052exit: 1053 mbedtls_ecp_keypair_free( &pub ); 1054 mbedtls_ecp_keypair_free( &prv ); 1055} 1056/* END_CASE */ 1057 1058/* BEGIN_CASE */ 1059void mbedtls_ecp_gen_keypair( int id ) 1060{ 1061 mbedtls_ecp_group grp; 1062 mbedtls_ecp_point Q; 1063 mbedtls_mpi d; 1064 rnd_pseudo_info rnd_info; 1065 1066 mbedtls_ecp_group_init( &grp ); 1067 mbedtls_ecp_point_init( &Q ); 1068 mbedtls_mpi_init( &d ); 1069 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 1070 1071 TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); 1072 1073 TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) 1074 == 0 ); 1075 1076 TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 ); 1077 TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == 0 ); 1078 1079exit: 1080 mbedtls_ecp_group_free( &grp ); 1081 mbedtls_ecp_point_free( &Q ); 1082 mbedtls_mpi_free( &d ); 1083} 1084/* END_CASE */ 1085 1086/* BEGIN_CASE */ 1087void mbedtls_ecp_gen_key( int id ) 1088{ 1089 mbedtls_ecp_keypair key; 1090 rnd_pseudo_info rnd_info; 1091 1092 mbedtls_ecp_keypair_init( &key ); 1093 memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); 1094 1095 TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &rnd_pseudo_rand, &rnd_info ) == 0 ); 1096 1097 TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 ); 1098 TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 ); 1099 1100exit: 1101 mbedtls_ecp_keypair_free( &key ); 1102} 1103/* END_CASE */ 1104 1105/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1106void ecp_selftest( ) 1107{ 1108 TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 ); 1109} 1110/* END_CASE */ 1111