1/* BEGIN_HEADER */ 2#include "mbedtls/ecdh.h" 3 4static int load_public_key(int grp_id, data_t *point, 5 mbedtls_ecp_keypair *ecp) 6{ 7 int ok = 0; 8 TEST_ASSERT(mbedtls_ecp_group_load(&ecp->grp, grp_id) == 0); 9 TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp->grp, 10 &ecp->Q, 11 point->x, 12 point->len) == 0); 13 TEST_ASSERT(mbedtls_ecp_check_pubkey(&ecp->grp, 14 &ecp->Q) == 0); 15 ok = 1; 16exit: 17 return ok; 18} 19 20static int load_private_key(int grp_id, data_t *private_key, 21 mbedtls_ecp_keypair *ecp, 22 mbedtls_test_rnd_pseudo_info *rnd_info) 23{ 24 int ok = 0; 25 TEST_ASSERT(mbedtls_ecp_read_key(grp_id, ecp, 26 private_key->x, 27 private_key->len) == 0); 28 TEST_ASSERT(mbedtls_ecp_check_privkey(&ecp->grp, &ecp->d) == 0); 29 /* Calculate the public key from the private key. */ 30 TEST_ASSERT(mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, 31 &ecp->grp.G, 32 &mbedtls_test_rnd_pseudo_rand, 33 rnd_info) == 0); 34 ok = 1; 35exit: 36 return ok; 37} 38 39/* END_HEADER */ 40 41/* BEGIN_DEPENDENCIES 42 * depends_on:MBEDTLS_ECDH_C 43 * END_DEPENDENCIES 44 */ 45 46/* BEGIN_CASE */ 47void ecdh_valid_param() 48{ 49 TEST_VALID_PARAM(mbedtls_ecdh_free(NULL)); 50} 51/* END_CASE */ 52 53/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 54void ecdh_invalid_param() 55{ 56 mbedtls_ecp_group grp; 57 mbedtls_ecdh_context ctx; 58 mbedtls_mpi m; 59 mbedtls_ecp_point P; 60 mbedtls_ecp_keypair kp; 61 size_t olen; 62 unsigned char buf[42] = { 0 }; 63 const unsigned char *buf_null = NULL; 64 size_t const buflen = sizeof(buf); 65 int invalid_side = 42; 66 mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1; 67 68 mbedtls_ecp_keypair_init(&kp); 69 mbedtls_ecdh_init(&ctx); 70 TEST_INVALID_PARAM(mbedtls_ecdh_init(NULL)); 71 72#if defined(MBEDTLS_ECP_RESTARTABLE) 73 TEST_INVALID_PARAM(mbedtls_ecdh_enable_restart(NULL)); 74#endif /* MBEDTLS_ECP_RESTARTABLE */ 75 76 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 77 mbedtls_ecdh_gen_public(NULL, &m, &P, 78 mbedtls_test_rnd_std_rand, 79 NULL)); 80 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 81 mbedtls_ecdh_gen_public(&grp, NULL, &P, 82 mbedtls_test_rnd_std_rand, 83 NULL)); 84 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 85 mbedtls_ecdh_gen_public(&grp, &m, NULL, 86 mbedtls_test_rnd_std_rand, 87 NULL)); 88 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 89 mbedtls_ecdh_gen_public(&grp, &m, &P, 90 NULL, NULL)); 91 92 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 93 mbedtls_ecdh_compute_shared(NULL, &m, &P, &m, 94 mbedtls_test_rnd_std_rand, 95 NULL)); 96 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 97 mbedtls_ecdh_compute_shared(&grp, NULL, &P, &m, 98 mbedtls_test_rnd_std_rand, 99 NULL)); 100 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 101 mbedtls_ecdh_compute_shared(&grp, &m, NULL, &m, 102 mbedtls_test_rnd_std_rand, 103 NULL)); 104 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 105 mbedtls_ecdh_compute_shared(&grp, &m, &P, NULL, 106 mbedtls_test_rnd_std_rand, 107 NULL)); 108 109 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 110 mbedtls_ecdh_setup(NULL, valid_grp)); 111 112 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 113 mbedtls_ecdh_make_params(NULL, &olen, buf, buflen, 114 mbedtls_test_rnd_std_rand, NULL)); 115 116 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 117 mbedtls_ecdh_make_params(&ctx, NULL, buf, buflen, 118 mbedtls_test_rnd_std_rand, NULL)); 119 120 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 121 mbedtls_ecdh_make_params(&ctx, &olen, NULL, buflen, 122 mbedtls_test_rnd_std_rand, NULL)); 123 124 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 125 mbedtls_ecdh_make_params(&ctx, &olen, buf, buflen, NULL, NULL)); 126 127 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 128 mbedtls_ecdh_read_params(NULL, 129 (const unsigned char **) &buf, 130 buf)); 131 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 132 mbedtls_ecdh_read_params(&ctx, &buf_null, 133 buf)); 134 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 135 mbedtls_ecdh_read_params(&ctx, NULL, buf)); 136 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 137 mbedtls_ecdh_read_params(&ctx, 138 (const unsigned char **) &buf, 139 NULL)); 140 141 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 142 mbedtls_ecdh_get_params(NULL, &kp, 143 MBEDTLS_ECDH_OURS)); 144 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 145 mbedtls_ecdh_get_params(&ctx, NULL, 146 MBEDTLS_ECDH_OURS)); 147 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 148 mbedtls_ecdh_get_params(&ctx, &kp, 149 invalid_side)); 150 151 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 152 mbedtls_ecdh_make_public(NULL, &olen, buf, buflen, 153 mbedtls_test_rnd_std_rand, NULL)); 154 155 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 156 mbedtls_ecdh_make_public(&ctx, NULL, buf, buflen, 157 mbedtls_test_rnd_std_rand, NULL)); 158 159 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 160 mbedtls_ecdh_make_public(&ctx, &olen, NULL, buflen, 161 mbedtls_test_rnd_std_rand, NULL)); 162 163 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 164 mbedtls_ecdh_make_public(&ctx, &olen, buf, buflen, NULL, NULL)); 165 166 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 167 mbedtls_ecdh_read_public(NULL, buf, buflen)); 168 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 169 mbedtls_ecdh_read_public(&ctx, NULL, buflen)); 170 171 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 172 mbedtls_ecdh_calc_secret(NULL, &olen, buf, buflen, 173 mbedtls_test_rnd_std_rand, NULL)); 174 175 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 176 mbedtls_ecdh_calc_secret(&ctx, NULL, buf, buflen, 177 mbedtls_test_rnd_std_rand, NULL)); 178 179 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 180 mbedtls_ecdh_calc_secret(&ctx, &olen, NULL, buflen, 181 mbedtls_test_rnd_std_rand, NULL)); 182 183exit: 184 return; 185} 186/* END_CASE */ 187 188/* BEGIN_CASE */ 189void ecdh_primitive_random(int id) 190{ 191 mbedtls_ecp_group grp; 192 mbedtls_ecp_point qA, qB; 193 mbedtls_mpi dA, dB, zA, zB; 194 mbedtls_test_rnd_pseudo_info rnd_info; 195 196 mbedtls_ecp_group_init(&grp); 197 mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 198 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 199 mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); 200 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 201 202 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 203 204 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 205 &mbedtls_test_rnd_pseudo_rand, 206 &rnd_info) == 0); 207 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 208 &mbedtls_test_rnd_pseudo_rand, 209 &rnd_info) == 0); 210 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, 211 &mbedtls_test_rnd_pseudo_rand, 212 &rnd_info) == 0); 213 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, 214 NULL, NULL) == 0); 215 216 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &zB) == 0); 217 218exit: 219 mbedtls_ecp_group_free(&grp); 220 mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 221 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 222 mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); 223} 224/* END_CASE */ 225 226/* BEGIN_CASE */ 227void ecdh_primitive_testvec(int id, data_t *rnd_buf_A, char *xA_str, 228 char *yA_str, data_t *rnd_buf_B, 229 char *xB_str, char *yB_str, char *z_str) 230{ 231 mbedtls_ecp_group grp; 232 mbedtls_ecp_point qA, qB; 233 mbedtls_mpi dA, dB, zA, zB, check; 234 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 235 236 mbedtls_ecp_group_init(&grp); 237 mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 238 mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 239 mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); mbedtls_mpi_init(&check); 240 241 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 242 243 rnd_info_A.buf = rnd_buf_A->x; 244 rnd_info_A.length = rnd_buf_A->len; 245 rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 246 rnd_info_A.fallback_p_rng = NULL; 247 248 /* Fix rnd_buf_A->x by shifting it left if necessary */ 249 if (grp.nbits % 8 != 0) { 250 unsigned char shift = 8 - (grp.nbits % 8); 251 size_t i; 252 253 for (i = 0; i < rnd_info_A.length - 1; i++) { 254 rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift 255 | rnd_buf_A->x[i+1] >> (8 - shift); 256 } 257 258 rnd_buf_A->x[rnd_info_A.length-1] <<= shift; 259 } 260 261 rnd_info_B.buf = rnd_buf_B->x; 262 rnd_info_B.length = rnd_buf_B->len; 263 rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 264 rnd_info_B.fallback_p_rng = NULL; 265 266 /* Fix rnd_buf_B->x by shifting it left if necessary */ 267 if (grp.nbits % 8 != 0) { 268 unsigned char shift = 8 - (grp.nbits % 8); 269 size_t i; 270 271 for (i = 0; i < rnd_info_B.length - 1; i++) { 272 rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift 273 | rnd_buf_B->x[i+1] >> (8 - shift); 274 } 275 276 rnd_buf_B->x[rnd_info_B.length-1] <<= shift; 277 } 278 279 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 280 mbedtls_test_rnd_buffer_rand, 281 &rnd_info_A) == 0); 282 TEST_ASSERT(!mbedtls_ecp_is_zero(&qA)); 283 TEST_ASSERT(mbedtls_test_read_mpi(&check, xA_str) == 0); 284 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.X, &check) == 0); 285 TEST_ASSERT(mbedtls_test_read_mpi(&check, yA_str) == 0); 286 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.Y, &check) == 0); 287 288 TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 289 mbedtls_test_rnd_buffer_rand, 290 &rnd_info_B) == 0); 291 TEST_ASSERT(!mbedtls_ecp_is_zero(&qB)); 292 TEST_ASSERT(mbedtls_test_read_mpi(&check, xB_str) == 0); 293 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.X, &check) == 0); 294 TEST_ASSERT(mbedtls_test_read_mpi(&check, yB_str) == 0); 295 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.Y, &check) == 0); 296 297 TEST_ASSERT(mbedtls_test_read_mpi(&check, z_str) == 0); 298 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, NULL, NULL) == 0); 299 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &check) == 0); 300 TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, NULL, NULL) == 0); 301 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zB, &check) == 0); 302 303exit: 304 mbedtls_ecp_group_free(&grp); 305 mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 306 mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 307 mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); mbedtls_mpi_free(&check); 308} 309/* END_CASE */ 310 311/* BEGIN_CASE */ 312void ecdh_exchange(int id) 313{ 314 mbedtls_ecdh_context srv, cli; 315 unsigned char buf[1000]; 316 const unsigned char *vbuf; 317 size_t len; 318 mbedtls_test_rnd_pseudo_info rnd_info; 319 unsigned char res_buf[1000]; 320 size_t res_len; 321 322 mbedtls_ecdh_init(&srv); 323 mbedtls_ecdh_init(&cli); 324 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 325 326 TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 327 328 memset(buf, 0x00, sizeof(buf)); vbuf = buf; 329 TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000, 330 &mbedtls_test_rnd_pseudo_rand, 331 &rnd_info) == 0); 332 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 333 334 memset(buf, 0x00, sizeof(buf)); 335 TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000, 336 &mbedtls_test_rnd_pseudo_rand, 337 &rnd_info) == 0); 338 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 339 340 TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000, 341 &mbedtls_test_rnd_pseudo_rand, 342 &rnd_info) == 0); 343 TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &res_len, res_buf, 1000, 344 NULL, NULL) == 0); 345 TEST_ASSERT(len == res_len); 346 TEST_ASSERT(memcmp(buf, res_buf, len) == 0); 347 348exit: 349 mbedtls_ecdh_free(&srv); 350 mbedtls_ecdh_free(&cli); 351} 352/* END_CASE */ 353 354/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 355void ecdh_restart(int id, data_t *dA, data_t *dB, data_t *z, 356 int enable, int max_ops, int min_restart, int max_restart) 357{ 358 int ret; 359 mbedtls_ecdh_context srv, cli; 360 unsigned char buf[1000]; 361 const unsigned char *vbuf; 362 size_t len; 363 mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 364 int cnt_restart; 365 mbedtls_ecp_group grp; 366 367 mbedtls_ecp_group_init(&grp); 368 mbedtls_ecdh_init(&srv); 369 mbedtls_ecdh_init(&cli); 370 371 rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 372 rnd_info_A.fallback_p_rng = NULL; 373 rnd_info_A.buf = dA->x; 374 rnd_info_A.length = dA->len; 375 376 rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 377 rnd_info_B.fallback_p_rng = NULL; 378 rnd_info_B.buf = dB->x; 379 rnd_info_B.length = dB->len; 380 381 /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure 382 * in every configuration, therefore we load it separately. */ 383 TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 384 385 /* Otherwise we would have to fix the random buffer, 386 * as in ecdh_primitive_testvec. */ 387 TEST_ASSERT(grp.nbits % 8 == 0); 388 389 TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 390 391 /* set up restart parameters */ 392 mbedtls_ecp_set_max_ops(max_ops); 393 394 if (enable) { 395 mbedtls_ecdh_enable_restart(&srv); 396 mbedtls_ecdh_enable_restart(&cli); 397 } 398 399 /* server writes its parameters */ 400 memset(buf, 0x00, sizeof(buf)); 401 len = 0; 402 403 cnt_restart = 0; 404 do { 405 ret = mbedtls_ecdh_make_params(&srv, &len, buf, sizeof(buf), 406 mbedtls_test_rnd_buffer_rand, 407 &rnd_info_A); 408 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 409 410 TEST_ASSERT(ret == 0); 411 TEST_ASSERT(cnt_restart >= min_restart); 412 TEST_ASSERT(cnt_restart <= max_restart); 413 414 /* client read server params */ 415 vbuf = buf; 416 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 417 418 /* client writes its key share */ 419 memset(buf, 0x00, sizeof(buf)); 420 len = 0; 421 422 cnt_restart = 0; 423 do { 424 ret = mbedtls_ecdh_make_public(&cli, &len, buf, sizeof(buf), 425 mbedtls_test_rnd_buffer_rand, 426 &rnd_info_B); 427 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 428 429 TEST_ASSERT(ret == 0); 430 TEST_ASSERT(cnt_restart >= min_restart); 431 TEST_ASSERT(cnt_restart <= max_restart); 432 433 /* server reads client key share */ 434 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 435 436 /* server computes shared secret */ 437 memset(buf, 0, sizeof(buf)); 438 len = 0; 439 440 cnt_restart = 0; 441 do { 442 ret = mbedtls_ecdh_calc_secret(&srv, &len, buf, sizeof(buf), 443 NULL, NULL); 444 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 445 446 TEST_ASSERT(ret == 0); 447 TEST_ASSERT(cnt_restart >= min_restart); 448 TEST_ASSERT(cnt_restart <= max_restart); 449 450 TEST_ASSERT(len == z->len); 451 TEST_ASSERT(memcmp(buf, z->x, len) == 0); 452 453 /* client computes shared secret */ 454 memset(buf, 0, sizeof(buf)); 455 len = 0; 456 457 cnt_restart = 0; 458 do { 459 ret = mbedtls_ecdh_calc_secret(&cli, &len, buf, sizeof(buf), 460 NULL, NULL); 461 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 462 463 TEST_ASSERT(ret == 0); 464 TEST_ASSERT(cnt_restart >= min_restart); 465 TEST_ASSERT(cnt_restart <= max_restart); 466 467 TEST_ASSERT(len == z->len); 468 TEST_ASSERT(memcmp(buf, z->x, len) == 0); 469 470exit: 471 mbedtls_ecp_group_free(&grp); 472 mbedtls_ecdh_free(&srv); 473 mbedtls_ecdh_free(&cli); 474} 475/* END_CASE */ 476 477/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */ 478void ecdh_exchange_legacy(int id) 479{ 480 mbedtls_ecdh_context srv, cli; 481 unsigned char buf[1000]; 482 const unsigned char *vbuf; 483 size_t len; 484 485 mbedtls_test_rnd_pseudo_info rnd_info; 486 487 mbedtls_ecdh_init(&srv); 488 mbedtls_ecdh_init(&cli); 489 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 490 491 TEST_ASSERT(mbedtls_ecp_group_load(&srv.grp, id) == 0); 492 493 memset(buf, 0x00, sizeof(buf)); vbuf = buf; 494 TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000, 495 &mbedtls_test_rnd_pseudo_rand, 496 &rnd_info) == 0); 497 TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 498 499 memset(buf, 0x00, sizeof(buf)); 500 TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000, 501 &mbedtls_test_rnd_pseudo_rand, 502 &rnd_info) == 0); 503 TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 504 505 TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000, 506 &mbedtls_test_rnd_pseudo_rand, 507 &rnd_info) == 0); 508 TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &len, buf, 1000, NULL, 509 NULL) == 0); 510 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&srv.z, &cli.z) == 0); 511 512exit: 513 mbedtls_ecdh_free(&srv); 514 mbedtls_ecdh_free(&cli); 515} 516/* END_CASE */ 517 518/* BEGIN_CASE */ 519void ecdh_exchange_calc_secret(int grp_id, 520 data_t *our_private_key, 521 data_t *their_point, 522 int ours_first, 523 data_t *expected) 524{ 525 mbedtls_test_rnd_pseudo_info rnd_info; 526 mbedtls_ecp_keypair our_key; 527 mbedtls_ecp_keypair their_key; 528 mbedtls_ecdh_context ecdh; 529 unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; 530 size_t shared_secret_length = 0; 531 532 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 533 mbedtls_ecdh_init(&ecdh); 534 mbedtls_ecp_keypair_init(&our_key); 535 mbedtls_ecp_keypair_init(&their_key); 536 537 if (!load_private_key(grp_id, our_private_key, &our_key, &rnd_info)) { 538 goto exit; 539 } 540 if (!load_public_key(grp_id, their_point, &their_key)) { 541 goto exit; 542 } 543 544 /* Import the keys to the ECDH calculation. */ 545 if (ours_first) { 546 TEST_ASSERT(mbedtls_ecdh_get_params( 547 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 548 TEST_ASSERT(mbedtls_ecdh_get_params( 549 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 550 } else { 551 TEST_ASSERT(mbedtls_ecdh_get_params( 552 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 553 TEST_ASSERT(mbedtls_ecdh_get_params( 554 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 555 } 556 557 /* Perform the ECDH calculation. */ 558 TEST_ASSERT(mbedtls_ecdh_calc_secret( 559 &ecdh, 560 &shared_secret_length, 561 shared_secret, sizeof(shared_secret), 562 &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); 563 TEST_ASSERT(shared_secret_length == expected->len); 564 TEST_ASSERT(memcmp(expected->x, shared_secret, 565 shared_secret_length) == 0); 566 567exit: 568 mbedtls_ecdh_free(&ecdh); 569 mbedtls_ecp_keypair_free(&our_key); 570 mbedtls_ecp_keypair_free(&their_key); 571} 572/* END_CASE */ 573 574/* BEGIN_CASE */ 575void ecdh_exchange_get_params_fail(int our_grp_id, 576 data_t *our_private_key, 577 int their_grp_id, 578 data_t *their_point, 579 int ours_first, 580 int expected_ret) 581{ 582 mbedtls_test_rnd_pseudo_info rnd_info; 583 mbedtls_ecp_keypair our_key; 584 mbedtls_ecp_keypair their_key; 585 mbedtls_ecdh_context ecdh; 586 587 memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 588 mbedtls_ecdh_init(&ecdh); 589 mbedtls_ecp_keypair_init(&our_key); 590 mbedtls_ecp_keypair_init(&their_key); 591 592 if (!load_private_key(our_grp_id, our_private_key, &our_key, &rnd_info)) { 593 goto exit; 594 } 595 if (!load_public_key(their_grp_id, their_point, &their_key)) { 596 goto exit; 597 } 598 599 if (ours_first) { 600 TEST_ASSERT(mbedtls_ecdh_get_params( 601 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 602 TEST_ASSERT(mbedtls_ecdh_get_params( 603 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 604 expected_ret); 605 } else { 606 TEST_ASSERT(mbedtls_ecdh_get_params( 607 &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 608 TEST_ASSERT(mbedtls_ecdh_get_params( 609 &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 610 expected_ret); 611 } 612 613exit: 614 mbedtls_ecdh_free(&ecdh); 615 mbedtls_ecp_keypair_free(&our_key); 616 mbedtls_ecp_keypair_free(&their_key); 617} 618/* END_CASE */ 619