1 /*
2 * Copyright The Mbed TLS Contributors
3 * SPDX-License-Identifier: Apache-2.0
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you may
6 * not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 * Copyright (c) 2023 Telink Semiconductor (Shanghai) Co., Ltd. ("TELINK")
17 */
18
19 #include "common.h"
20
21 #if defined(MBEDTLS_ECP_C)
22
23 #include "mbedtls/ctr_drbg.h"
24 #include "mbedtls/ecp.h"
25 #include "mbedtls/entropy.h"
26 #include "mbedtls/error.h"
27 #include "mbedtls/platform.h"
28 #include "test_utils.h"
29
30 #if defined(MBEDTLS_ECP_ALT)
31
32 #if defined(MBEDTLS_SELF_TEST)
33
34 /****************************************************************
35 * Test vectors
36 ****************************************************************/
37
38 static const struct {
39 mbedtls_ecp_group_id ecp_group_id;
40 const unsigned char *sk;
41 const size_t sk_len;
42 const unsigned char *pk;
43 const size_t pk_len;
44 const unsigned char *sum;
45 } ecp_test_cases[] = {
46 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
47 {.ecp_group_id = MBEDTLS_ECP_DP_SECP521R1,
48 .sk = (const unsigned char[66]) {0x01, 0xeb, 0x60, 0x88, 0x03, 0x15, 0x7b, 0x13, 0xb1, 0xc3, 0x5b, 0xa8, 0x7b,
49 0x09, 0xa4, 0x2e, 0xa6, 0x0f, 0xc7, 0x06, 0x66, 0x55, 0x22, 0x57, 0x0c, 0x08, 0x5a, 0x50, 0xa4, 0x44,
50 0x5f, 0xea, 0x85, 0xed, 0x7f, 0xf3, 0xcf, 0x0c, 0x01, 0xd9, 0x4a, 0x87, 0x9e, 0xcc, 0xa4, 0x60, 0x1b,
51 0x3d, 0x08, 0xfb, 0x37, 0x8d, 0x51, 0x07, 0x76, 0xcc, 0xf1, 0x32, 0x0d, 0x8d, 0x12, 0x41, 0x2b, 0xa4,
52 0x5d, 0x8d},
53 .sk_len = 66,
54 .pk = (const unsigned char[133]) {0x04, 0x00, 0xef, 0xa5, 0x11, 0x33, 0x8b, 0x71, 0xba, 0x23, 0x9a, 0x37,
55 0xed, 0xad, 0xfa, 0xf6, 0x94, 0x3f, 0xac, 0x7e, 0x23, 0x63, 0x4f, 0xcd, 0xad, 0x45, 0x70, 0xa9, 0x0b,
56 0x26, 0xee, 0x96, 0x4f, 0x7e, 0x46, 0xce, 0xa7, 0xe5, 0x1f, 0xa3, 0xcc, 0xa5, 0xe1, 0x64, 0x57, 0x92,
57 0x1a, 0x29, 0xa4, 0x1a, 0x0c, 0x82, 0xd4, 0x40, 0x59, 0x20, 0x20, 0x99, 0x87, 0xf3, 0x46, 0x04, 0x9e,
58 0x25, 0x1a, 0x6d, 0x21, 0x01, 0x2a, 0xd3, 0x86, 0x7a, 0x8c, 0xcc, 0xfa, 0x68, 0x99, 0x1f, 0xc5, 0x60,
59 0x35, 0x7b, 0x34, 0x8f, 0xf1, 0xfd, 0xa3, 0x5a, 0xac, 0x9b, 0x09, 0xdf, 0xa5, 0x44, 0x45, 0xd8, 0xc9,
60 0x49, 0xa9, 0x05, 0xa5, 0x45, 0xba, 0xfc, 0x3b, 0xb4, 0xe0, 0xda, 0x9d, 0x67, 0x3d, 0xb4, 0x05, 0xa7,
61 0x39, 0x57, 0xa2, 0x7d, 0x12, 0x6f, 0x5c, 0x34, 0xab, 0xc1, 0x8d, 0xef, 0xe0, 0xec, 0x9a, 0xed, 0xad,
62 0x1b, 0x71},
63 .pk_len = 133,
64 .sum = (const unsigned char[133]) {0x04, 0x01, 0x68, 0x45, 0x34, 0x25, 0x5b, 0xad, 0x67, 0x54, 0x6b, 0x7c,
65 0x45, 0xe7, 0x60, 0x7b, 0xe7, 0x2f, 0xe4, 0x94, 0xf6, 0x28, 0x06, 0x74, 0x0d, 0x85, 0xe4, 0xba, 0xcb,
66 0xec, 0x51, 0xed, 0x37, 0xda, 0xbb, 0xf0, 0xb5, 0xa9, 0x07, 0xe4, 0xca, 0xed, 0x79, 0xb1, 0x2d, 0xce,
67 0xf8, 0x4d, 0x7a, 0xee, 0x85, 0x41, 0x48, 0xac, 0x16, 0x51, 0x20, 0x88, 0x1e, 0x49, 0x03, 0xc5, 0x1f,
68 0x99, 0x3f, 0x8a, 0x7d, 0x00, 0x10, 0xe1, 0xb7, 0xf9, 0x28, 0x76, 0xe4, 0xf5, 0x36, 0xc0, 0x57, 0xd5,
69 0xf9, 0xba, 0xab, 0x49, 0x32, 0xf9, 0x84, 0xa9, 0x53, 0x14, 0x73, 0xfe, 0xfe, 0xf3, 0xe9, 0xa2, 0xf4,
70 0x0d, 0xa6, 0x3c, 0xd7, 0x3a, 0x3b, 0xfc, 0x30, 0xaa, 0xff, 0x2c, 0x86, 0x7a, 0xa7, 0xf0, 0x0b, 0x83,
71 0xb7, 0x3a, 0x98, 0x52, 0xac, 0x66, 0x0c, 0x4c, 0x4b, 0x49, 0x9f, 0xea, 0xfa, 0x2b, 0xa6, 0x32, 0xe4,
72 0x87, 0xbf}},
73 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
74 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
75 {.ecp_group_id = MBEDTLS_ECP_DP_BP512R1,
76 .sk = (const unsigned char[64]) {0x64, 0x35, 0x05, 0x6c, 0x1d, 0x98, 0xc8, 0xe1, 0x30, 0x5e, 0xf4, 0x11, 0x2c,
77 0x05, 0x68, 0x98, 0x31, 0xf4, 0xba, 0x16, 0xf4, 0x67, 0x9a, 0x78, 0x6a, 0x8f, 0x7c, 0x18, 0x36, 0xca,
78 0x3f, 0xd4, 0xc1, 0x4a, 0x9b, 0xfd, 0x32, 0x70, 0x68, 0x76, 0xb1, 0xc8, 0x1d, 0x9a, 0xae, 0x8a, 0x24,
79 0x01, 0xad, 0xf7, 0x45, 0x36, 0x18, 0x23, 0x9e, 0x3e, 0x1e, 0xf2, 0xfa, 0x03, 0x35, 0xd1, 0xad, 0x92},
80 .sk_len = 64,
81 .pk = (const unsigned char[129]) {0x04, 0x47, 0x6a, 0x9d, 0x4e, 0xb4, 0xb9, 0x1c, 0x82, 0x11, 0xa4, 0xff,
82 0x40, 0x60, 0xf1, 0x34, 0xd8, 0x29, 0x26, 0xa8, 0xd8, 0xcc, 0x08, 0x38, 0x5d, 0xe4, 0x93, 0xc0, 0xfc,
83 0xb2, 0xe5, 0x60, 0x39, 0x1f, 0x7c, 0x37, 0x60, 0x77, 0xc6, 0x1d, 0x4b, 0x4d, 0x3c, 0x61, 0xcf, 0x6e,
84 0x38, 0x44, 0x37, 0x7c, 0x7f, 0x42, 0x7b, 0xbf, 0x8e, 0x45, 0x79, 0x53, 0x8a, 0x94, 0x4d, 0xef, 0x08,
85 0xb0, 0x99, 0x92, 0xce, 0xa2, 0xa7, 0x87, 0xda, 0x2c, 0x92, 0x2a, 0x59, 0x58, 0xc4, 0xa2, 0x05, 0x77,
86 0x8a, 0x31, 0x68, 0x36, 0xf4, 0x4d, 0x61, 0xb3, 0x27, 0x97, 0xc5, 0x98, 0x24, 0xed, 0x6c, 0x28, 0x8c,
87 0xee, 0xd8, 0x2c, 0xc3, 0x90, 0xf1, 0x36, 0xc6, 0x62, 0xca, 0x3c, 0xb9, 0xa4, 0x4f, 0x27, 0x92, 0x7f,
88 0x8b, 0x43, 0x36, 0x43, 0x04, 0x82, 0xb7, 0x4b, 0x52, 0x9a, 0x02, 0xc9, 0x2a, 0x08, 0x36},
89 .pk_len = 129,
90 .sum = (const unsigned char[129]) {0x04, 0x1d, 0x10, 0xaa, 0xb7, 0x2b, 0x6b, 0x1c, 0x8e, 0xde, 0x85, 0x9b,
91 0xf3, 0x8c, 0xaf, 0xbb, 0x86, 0xdd, 0xc9, 0x0b, 0xc0, 0xdc, 0x28, 0x1c, 0xf4, 0x1e, 0x81, 0x9d, 0x8a,
92 0x93, 0x43, 0xcf, 0xf9, 0xfe, 0x30, 0xb2, 0x04, 0x50, 0x08, 0x96, 0x1c, 0x61, 0xc7, 0x5c, 0xea, 0x28,
93 0xef, 0x9e, 0x9a, 0x34, 0xaf, 0x77, 0x2b, 0x89, 0x63, 0x6d, 0x81, 0x72, 0x6a, 0x72, 0x3d, 0xca, 0x10,
94 0x1f, 0xfc, 0x9d, 0xe5, 0x89, 0xd7, 0x82, 0x46, 0xe2, 0x59, 0x88, 0xa8, 0x4d, 0x2c, 0x91, 0x28, 0x5d,
95 0x40, 0x8d, 0xc0, 0xe9, 0x4f, 0xb1, 0x70, 0xcf, 0xf3, 0x05, 0xb6, 0xb8, 0xf9, 0xd7, 0x24, 0x7e, 0xf5,
96 0x9d, 0x65, 0x4f, 0xb6, 0xb8, 0x7f, 0x44, 0xae, 0x38, 0x21, 0xbc, 0x32, 0xef, 0x6f, 0xf7, 0x8a, 0xd5,
97 0xa5, 0xe7, 0xee, 0xa3, 0x76, 0xc5, 0xee, 0x1f, 0x4f, 0x7c, 0xfc, 0x8e, 0x39, 0x7b, 0xe7}},
98 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
99 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
100 {.ecp_group_id = MBEDTLS_ECP_DP_SECP384R1,
101 .sk = (const unsigned char[48]) {0x35, 0x05, 0x64, 0x07, 0xb0, 0xfd, 0x3e, 0x09, 0xe3, 0x07, 0x41, 0xdc, 0x8a,
102 0xd3, 0xef, 0xc7, 0xad, 0x29, 0xc5, 0x97, 0x8a, 0xbb, 0x15, 0x10, 0xac, 0xd2, 0x47, 0xac, 0xdc, 0xa7,
103 0x45, 0xf0, 0x27, 0x17, 0x8f, 0x4a, 0x7a, 0xd1, 0xcc, 0xd2, 0x17, 0xc2, 0x22, 0x6a, 0x99, 0xf1, 0x8b,
104 0xc0},
105 .sk_len = 48,
106 .pk = (const unsigned char[97]) {0x04, 0xc8, 0x2d, 0xaa, 0x27, 0xd0, 0x91, 0x1f, 0x3d, 0x41, 0xf5, 0xe7, 0xa6,
107 0x46, 0xae, 0xf8, 0xca, 0x74, 0x31, 0x63, 0xe2, 0x1f, 0x38, 0x25, 0x05, 0x5f, 0xa0, 0xfa, 0x49, 0x51,
108 0x71, 0xea, 0x4f, 0xb6, 0x1a, 0xc3, 0xfd, 0xf3, 0x8e, 0x95, 0xe6, 0xfe, 0x7b, 0xff, 0x65, 0x26, 0xd4,
109 0xf0, 0x8e, 0x06, 0x70, 0x03, 0x10, 0xba, 0xd8, 0x7c, 0x54, 0x55, 0x23, 0x18, 0x57, 0x27, 0x6d, 0xe2,
110 0xc4, 0x4e, 0x30, 0xb7, 0x36, 0xdc, 0x15, 0xb6, 0xdf, 0xaf, 0xb0, 0xe4, 0x78, 0xbb, 0xad, 0x1d, 0xf0,
111 0x50, 0x00, 0xbd, 0x90, 0xfa, 0x4c, 0xb3, 0x3d, 0xbc, 0xf9, 0x54, 0xf6, 0x61, 0xaf, 0xcb, 0xfc},
112 .pk_len = 97,
113 .sum = (const unsigned char[97]) {0x04, 0xf5, 0xf1, 0x09, 0xb7, 0x3d, 0x7e, 0x05, 0x13, 0xc7, 0x6a, 0x99,
114 0x17, 0xcf, 0x3b, 0x5a, 0x5a, 0x04, 0x1a, 0x6e, 0xa4, 0x23, 0x9d, 0x47, 0xab, 0x04, 0x5e, 0xe4, 0x83,
115 0xa3, 0x0b, 0xac, 0x16, 0x2d, 0x6e, 0x5d, 0x87, 0x23, 0xcd, 0xbc, 0x3b, 0xdb, 0xb7, 0x21, 0xc1, 0x18,
116 0x19, 0x8d, 0x3b, 0x80, 0x6f, 0x93, 0xa6, 0xbd, 0xa0, 0x72, 0x7d, 0x58, 0x90, 0xa4, 0x87, 0x8a, 0xe4,
117 0x6d, 0x1c, 0xf5, 0xeb, 0x3b, 0x8b, 0x38, 0x97, 0x42, 0x33, 0x3c, 0x9e, 0x43, 0x4d, 0x63, 0x7a, 0x21,
118 0x9e, 0x02, 0x7a, 0x0d, 0x19, 0x26, 0x45, 0xa8, 0x74, 0x29, 0x7c, 0x24, 0x8e, 0x71, 0x95, 0xcf, 0x9d}},
119 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
120 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
121 {.ecp_group_id = MBEDTLS_ECP_DP_BP384R1,
122 .sk = (const unsigned char[48]) {0x50, 0xff, 0xbb, 0xab, 0x9c, 0x62, 0x8c, 0x3e, 0xc4, 0x1d, 0xb9, 0x00, 0x5e,
123 0x1a, 0xf0, 0x8d, 0x64, 0x58, 0x44, 0x97, 0x2c, 0xf5, 0x2f, 0xcf, 0x7d, 0xb8, 0x36, 0xcc, 0x3a, 0x33,
124 0x46, 0x85, 0x4c, 0xf5, 0x6f, 0x89, 0xfc, 0xd9, 0xc4, 0x98, 0xc5, 0x12, 0x8a, 0x59, 0xcb, 0xff, 0x91,
125 0xc7},
126 .sk_len = 48,
127 .pk = (const unsigned char[97]) {0x04, 0x3a, 0xef, 0x56, 0x8a, 0x8b, 0x51, 0x2b, 0xb7, 0x49, 0x3c, 0x92, 0xc4,
128 0x6a, 0x12, 0xd5, 0x84, 0x2f, 0x53, 0x89, 0x8c, 0x38, 0x29, 0x3f, 0xe0, 0xbc, 0x94, 0x47, 0x5e, 0xd1,
129 0x74, 0x04, 0x50, 0x31, 0x6a, 0x80, 0xc3, 0xe3, 0x69, 0x02, 0xac, 0xe7, 0xcd, 0x21, 0x65, 0x6c, 0x1d,
130 0x8a, 0x1a, 0x74, 0xf8, 0x79, 0x88, 0x75, 0x42, 0xe1, 0x7c, 0xb1, 0x7d, 0xa7, 0xf8, 0xda, 0x57, 0xdc,
131 0x00, 0x1f, 0xd6, 0x07, 0xa6, 0xc6, 0x85, 0xc5, 0x8d, 0xc3, 0xaa, 0x4c, 0xd1, 0x4f, 0xf9, 0x65, 0xf0,
132 0x56, 0xce, 0x0f, 0x48, 0x54, 0x9a, 0xf4, 0xe2, 0x15, 0x08, 0x05, 0x9e, 0xbc, 0xb8, 0x17, 0x03},
133 .pk_len = 97,
134 .sum = (const unsigned char[97]) {0x04, 0x7c, 0x9b, 0xab, 0x7c, 0x51, 0xc0, 0x36, 0x5c, 0xdd, 0x22, 0xf7,
135 0x10, 0xb7, 0x39, 0x14, 0x50, 0xf9, 0xe1, 0x05, 0x09, 0x74, 0x5b, 0x1a, 0x5c, 0x21, 0xcc, 0x10, 0xca,
136 0x9a, 0xf4, 0x3a, 0x72, 0x57, 0x43, 0xfb, 0x52, 0x9e, 0x6d, 0x20, 0x77, 0x4a, 0xcd, 0x6a, 0xd8, 0xa1,
137 0x39, 0x94, 0x7e, 0x7e, 0x08, 0x49, 0x91, 0x98, 0x86, 0x76, 0xb7, 0xca, 0xb8, 0xbe, 0x15, 0xd6, 0x50,
138 0x64, 0xb2, 0x0c, 0x07, 0x6c, 0x07, 0x0f, 0x48, 0xd4, 0xd9, 0x95, 0x2f, 0xf0, 0xb0, 0x21, 0xd0, 0x39,
139 0xe0, 0x43, 0xbd, 0x40, 0x0a, 0xa7, 0x8d, 0xaf, 0x4b, 0xc3, 0xff, 0xf6, 0x76, 0xd4, 0x19, 0x2f, 0x7f}},
140 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
141 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
142 {.ecp_group_id = MBEDTLS_ECP_DP_SECP256R1,
143 .sk = (const unsigned char[32]) {0x3d, 0x1d, 0x83, 0xfa, 0xf6, 0xbb, 0x86, 0xe9, 0xf8, 0x9e, 0x45, 0x6a, 0xa8,
144 0x29, 0x6f, 0x52, 0x04, 0x79, 0xff, 0xc4, 0x94, 0xd8, 0xe0, 0xe7, 0xcd, 0xe8, 0xe0, 0x83, 0xab, 0xcf,
145 0x63, 0x0b},
146 .sk_len = 32,
147 .pk = (const unsigned char[65]) {0x04, 0xd3, 0x48, 0xb6, 0x80, 0x35, 0x49, 0x67, 0x97, 0xc9, 0x28, 0xc4, 0xfe,
148 0xa6, 0x13, 0xe1, 0xb3, 0xee, 0x51, 0x95, 0xfd, 0x20, 0x7f, 0xe7, 0xdc, 0x7d, 0xc0, 0x6b, 0x4e, 0xa6,
149 0x5d, 0x6f, 0x42, 0x61, 0xc4, 0xeb, 0x3b, 0x95, 0x5e, 0xea, 0x57, 0xe1, 0x21, 0xcc, 0x11, 0xd6, 0x79,
150 0x7c, 0x5f, 0xf7, 0x52, 0xea, 0x17, 0x07, 0x81, 0xb5, 0x53, 0x7e, 0xbb, 0x4f, 0xba, 0xdd, 0xbf, 0xd4,
151 0x08},
152 .pk_len = 65,
153 .sum = (const unsigned char[65]) {0x04, 0xd4, 0x87, 0x27, 0x27, 0xbf, 0xaf, 0x6a, 0xea, 0xb7, 0x84, 0xa8,
154 0x1a, 0xd8, 0x29, 0x9e, 0x2b, 0xa7, 0x87, 0x4f, 0xa9, 0xb5, 0x7a, 0x66, 0x5f, 0xbe, 0x5c, 0xef, 0x83,
155 0x49, 0x89, 0xd1, 0x34, 0x46, 0x2a, 0x54, 0xe6, 0x92, 0x56, 0xde, 0xcd, 0x44, 0xe9, 0x99, 0x2a, 0x80,
156 0xad, 0x78, 0xe6, 0x29, 0xcc, 0x77, 0xdd, 0x1c, 0x93, 0x03, 0xe2, 0xe9, 0x99, 0x58, 0x86, 0x8f, 0xea,
157 0xac, 0x3d}},
158 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
159 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
160 {.ecp_group_id = MBEDTLS_ECP_DP_SECP256K1,
161 .sk = (const unsigned char[32]) {0x38, 0x4c, 0x12, 0x83, 0xf8, 0x4d, 0xba, 0x47, 0xcf, 0x6b, 0x71, 0xff, 0xc3,
162 0x7c, 0x8d, 0x08, 0x65, 0xee, 0xed, 0x5b, 0x2b, 0x48, 0xf3, 0x79, 0xdf, 0x52, 0x53, 0xff, 0x10, 0xf9,
163 0x22, 0x7c},
164 .sk_len = 32,
165 .pk = (const unsigned char[65]) {0x04, 0x73, 0x06, 0x4b, 0x4b, 0x3e, 0x38, 0x2f, 0xa0, 0x89, 0x1f, 0x61, 0xfc,
166 0x85, 0xf9, 0x51, 0xbe, 0xe4, 0x3d, 0x2c, 0xe9, 0x3e, 0xb0, 0x79, 0x77, 0xaf, 0x9f, 0xd7, 0xd9, 0x71,
167 0x68, 0x31, 0x22, 0xc4, 0x9a, 0x25, 0x0c, 0x81, 0x64, 0x0a, 0xc7, 0xd5, 0x40, 0xb3, 0xe8, 0x9f, 0xb5,
168 0xb3, 0xc4, 0xc9, 0x6a, 0x13, 0x3e, 0xf8, 0x3e, 0x8d, 0xa2, 0xfe, 0x1d, 0xd0, 0x47, 0x64, 0x88, 0x8e,
169 0x7a},
170 .pk_len = 65,
171 .sum = (const unsigned char[65]) {0x04, 0x50, 0x81, 0x70, 0xde, 0x4b, 0x36, 0x41, 0xe8, 0x1a, 0x41, 0xf0,
172 0x5b, 0x88, 0x1e, 0x4e, 0xed, 0xed, 0x46, 0x0c, 0xf3, 0xd5, 0xfb, 0xe6, 0x8a, 0x13, 0xa1, 0xf5, 0x57,
173 0x69, 0x0a, 0x3d, 0x33, 0x0f, 0x6f, 0xb5, 0x99, 0x80, 0x58, 0x12, 0xc2, 0x12, 0x62, 0xfc, 0xd2, 0x5b,
174 0x2e, 0xa2, 0x27, 0xe7, 0x99, 0xab, 0x91, 0x51, 0x41, 0x0f, 0x06, 0x1e, 0x3d, 0xfd, 0x06, 0xa1, 0x8a,
175 0xc7, 0xf2}},
176 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
177 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
178 {.ecp_group_id = MBEDTLS_ECP_DP_BP256R1,
179 .sk = (const unsigned char[32]) {0xa6, 0xb5, 0x48, 0x3f, 0x74, 0xd9, 0x94, 0x9f, 0x09, 0xcd, 0x56, 0x29, 0x19,
180 0xde, 0xfc, 0x41, 0x3a, 0x83, 0xf1, 0x2a, 0xda, 0x4f, 0x5f, 0xf4, 0x8e, 0xb5, 0x20, 0x59, 0x11, 0x8e,
181 0xe6, 0x03},
182 .sk_len = 32,
183 .pk = (const unsigned char[65]) {0x04, 0x95, 0x44, 0xdb, 0xb4, 0xdc, 0x6f, 0x39, 0x23, 0xb1, 0x3b, 0x13, 0xb6,
184 0xcc, 0xcc, 0xde, 0xfb, 0xc0, 0x10, 0xfa, 0x8a, 0x06, 0x30, 0xb9, 0x10, 0x22, 0xc8, 0x84, 0x7c, 0xf3,
185 0xba, 0xbd, 0x3a, 0x67, 0xb4, 0x48, 0x68, 0x59, 0x54, 0x68, 0xab, 0x2d, 0x2d, 0x6f, 0xa7, 0xbf, 0x61,
186 0x92, 0x2b, 0x07, 0xc0, 0x8c, 0xb9, 0x3f, 0x88, 0x02, 0x09, 0xfe, 0xfa, 0x72, 0x87, 0x19, 0xaa, 0x19,
187 0xcc},
188 .pk_len = 65,
189 .sum = (const unsigned char[65]) {0x04, 0x7d, 0x88, 0xb4, 0x73, 0xa0, 0x7d, 0x66, 0x5c, 0xc2, 0x9b, 0x7a,
190 0xbc, 0x0c, 0xab, 0x04, 0xc9, 0x79, 0x3e, 0x9a, 0x4e, 0xd3, 0x27, 0x75, 0x1e, 0x4d, 0x07, 0x7b, 0x5c,
191 0xbc, 0xce, 0x15, 0xdb, 0x01, 0xb3, 0xd0, 0xcd, 0x27, 0x1b, 0xe1, 0x57, 0x58, 0x07, 0x88, 0xfd, 0xfd,
192 0x89, 0xd7, 0x71, 0xcf, 0xbb, 0xa2, 0xcb, 0x03, 0xd4, 0x34, 0xb1, 0x9e, 0x34, 0x21, 0x31, 0x07, 0x51,
193 0x6a, 0x0e}},
194 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
195 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
196 {.ecp_group_id = MBEDTLS_ECP_DP_SECP224R1,
197 .sk = (const unsigned char[28]) {0x34, 0xac, 0xe1, 0x1f, 0xfa, 0x5e, 0x25, 0xac, 0xee, 0x68, 0xa8, 0xc1, 0x47,
198 0x64, 0xa2, 0xa4, 0x69, 0xd5, 0x2c, 0x99, 0x3c, 0x77, 0xf9, 0xc2, 0x38, 0x42, 0x79, 0x93},
199 .sk_len = 28,
200 .pk = (const unsigned char[57]) {0x04, 0x37, 0x84, 0x05, 0x01, 0xf4, 0x98, 0x12, 0x37, 0x5e, 0xf7, 0x13, 0xcb,
201 0x29, 0x6a, 0x43, 0xf4, 0x47, 0xd2, 0xe4, 0x14, 0x3c, 0x10, 0xef, 0x9c, 0x00, 0x59, 0xb6, 0x01, 0x69,
202 0x71, 0x76, 0x46, 0x9e, 0x85, 0xa7, 0xc6, 0x39, 0x23, 0x59, 0xf7, 0xfd, 0x41, 0xfe, 0xa8, 0x3e, 0x6b,
203 0x97, 0x68, 0xe4, 0x5b, 0x1d, 0xea, 0xcd, 0x85, 0x15, 0xa3},
204 .pk_len = 57,
205 .sum = (const unsigned char[57]) {0x04, 0x7d, 0x26, 0x1b, 0xf6, 0xb4, 0xa9, 0x45, 0xf8, 0x0f, 0x93, 0xef,
206 0x05, 0x43, 0x98, 0x1b, 0x48, 0xf5, 0xea, 0x5c, 0x07, 0x7d, 0xe9, 0x42, 0xc6, 0x9a, 0x11, 0x27, 0x62,
207 0x00, 0xef, 0x24, 0x13, 0x53, 0xe0, 0x6b, 0x9b, 0xf5, 0xdd, 0x76, 0xfe, 0xa9, 0xd0, 0x0e, 0xdc, 0x1f,
208 0x3d, 0xec, 0x15, 0x36, 0x5e, 0x53, 0xe1, 0x30, 0xb7, 0x25, 0x26}},
209 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
210 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
211 {.ecp_group_id = MBEDTLS_ECP_DP_SECP224K1,
212 .sk = (const unsigned char[28]) {0xba, 0xc8, 0xa0, 0x42, 0xe1, 0x0c, 0xa2, 0xf3, 0xf0, 0x76, 0x04, 0x74, 0xb7,
213 0x1a, 0x8f, 0x42, 0xc3, 0x25, 0xeb, 0x57, 0xcd, 0x8d, 0xb0, 0xf9, 0x73, 0x1a, 0x18, 0x26},
214 .sk_len = 28,
215 .pk = (const unsigned char[57]) {0x04, 0x7f, 0x07, 0xbe, 0xb0, 0x26, 0xd8, 0x6c, 0xe4, 0x09, 0xe8, 0xa6, 0x21,
216 0x70, 0x37, 0x52, 0xd6, 0x14, 0x58, 0x4c, 0x99, 0xc8, 0x62, 0x28, 0x6c, 0xeb, 0x3f, 0xf8, 0x30, 0xbb,
217 0x82, 0x4c, 0x8a, 0x88, 0xb4, 0x7f, 0x14, 0x17, 0xd0, 0xf5, 0xba, 0xd0, 0x0f, 0xf6, 0xb8, 0x8c, 0xbb,
218 0x11, 0x3e, 0x7d, 0x73, 0xc5, 0xf4, 0x4d, 0x22, 0x78, 0x0f},
219 .pk_len = 57,
220 .sum = (const unsigned char[57]) {0x04, 0xb2, 0xbe, 0x4b, 0xc0, 0x62, 0xf2, 0xf6, 0x0e, 0x7f, 0x48, 0x25,
221 0x50, 0x81, 0xed, 0xac, 0x14, 0xaa, 0x42, 0x5f, 0x0d, 0x12, 0x52, 0x6d, 0xe0, 0xbc, 0x08, 0x0b, 0x9f,
222 0xc9, 0x82, 0x19, 0x07, 0xbf, 0x19, 0x1a, 0x1c, 0xdc, 0x75, 0xbc, 0xe4, 0x5d, 0xcb, 0x4b, 0x9f, 0x2a,
223 0xbf, 0x1c, 0xd2, 0xa3, 0x63, 0x33, 0x3f, 0x32, 0xd0, 0xcf, 0x33}},
224 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
225 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
226 {.ecp_group_id = MBEDTLS_ECP_DP_SECP192R1,
227 .sk = (const unsigned char[24]) {0x52, 0x9f, 0x95, 0xf5, 0x4e, 0x73, 0xb6, 0x75, 0x14, 0xcc, 0x92, 0x0c, 0xcc,
228 0x07, 0x84, 0x06, 0x01, 0xf3, 0xde, 0x42, 0xad, 0x79, 0x6c, 0x82},
229 .sk_len = 24,
230 .pk = (const unsigned char[49]) {0x04, 0x61, 0xe9, 0x8d, 0x7e, 0x8e, 0x40, 0x31, 0x20, 0x27, 0xfb, 0x3f, 0x45,
231 0x4b, 0x65, 0x0e, 0xfc, 0x41, 0x56, 0x49, 0x20, 0xe6, 0x5c, 0xd4, 0xaa, 0x40, 0xfe, 0xbc, 0x03, 0xc1,
232 0xfc, 0x0d, 0x5e, 0x4f, 0xe9, 0x55, 0x08, 0x8c, 0x90, 0x04, 0xeb, 0xdc, 0x63, 0x89, 0xb2, 0x58, 0x28,
233 0xfa, 0x28},
234 .pk_len = 49,
235 .sum = (const unsigned char[49]) {0x04, 0x0a, 0xe7, 0xc5, 0x9e, 0x3b, 0x36, 0xb9, 0x38, 0xdd, 0x75, 0x41,
236 0x7c, 0x2d, 0x90, 0xaf, 0x2d, 0x62, 0xf5, 0x5a, 0x86, 0xfe, 0xa0, 0x5f, 0x22, 0xdb, 0xf3, 0xba, 0x49,
237 0x47, 0x7d, 0x74, 0x59, 0x02, 0xb3, 0x6c, 0xf2, 0x1e, 0x18, 0x5b, 0xea, 0x1a, 0xcb, 0xb0, 0x1d, 0x4b,
238 0x68, 0xec, 0xab
239
240 }},
241 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
242 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
243 {.ecp_group_id = MBEDTLS_ECP_DP_SECP192K1,
244 .sk = (const unsigned char[24]){ 0xf2, 0x58, 0xcf, 0xba, 0xb6, 0xb0, 0xb4, 0x03, 0x9e, 0xb2, 0x74, 0xfc, 0x70,
245 0xfc, 0x99, 0x0c, 0xcc, 0xed, 0xf4, 0x5f, 0x32, 0x72, 0x22, 0x94},
246 .sk_len = 24,
247 .pk = (const unsigned char[49]) {0x04, 0xac, 0xe4, 0x74, 0xd8, 0x67, 0x26, 0x60, 0xff, 0x35, 0x10, 0x74, 0xa1,
248 0x4e, 0x46, 0xed, 0x2b, 0x94, 0x10, 0x13, 0x01, 0x51, 0x8f, 0xe7, 0xf1, 0xe8, 0x3d, 0x4a, 0x32, 0x87,
249 0xe7, 0x4f, 0x39, 0x87, 0xa5, 0x86, 0xef, 0xd1, 0xc8, 0x12, 0xc8, 0x9b, 0xcd, 0xc6, 0x3d, 0x8d, 0x7a,
250 0x1b, 0x70},
251 .pk_len = 49,
252 .sum = (const unsigned char[49]) {0x04, 0x7c, 0xe5, 0xe9, 0x57, 0x0c, 0x36, 0x88, 0x8f, 0xaf, 0xe5, 0x4a,
253 0xac, 0xf2, 0x2d, 0xf9, 0xba, 0xf9, 0xb5, 0xa2, 0x64, 0xa2, 0x0b, 0x9f, 0x69, 0xfb, 0xc7, 0xe1, 0x88,
254 0xd1, 0xf5, 0x56, 0x6c, 0x6b, 0xc7, 0x64, 0x94, 0xd4, 0x86, 0xf3, 0x6a, 0xe3, 0x5d, 0x33, 0xda, 0x48,
255 0x62, 0x18, 0x33}},
256 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
257 #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
258 {.ecp_group_id = MBEDTLS_ECP_DP_CURVE25519,
259 .sk = (const unsigned char[32]) {0x60, 0xc6, 0x2b, 0x85, 0x21, 0x87, 0xf7, 0xd5, 0xdb, 0x8a, 0xa0, 0x3c, 0xe1,
260 0x73, 0x66, 0xe6, 0xcf, 0x57, 0xcd, 0xa2, 0x5a, 0xd0, 0xb1, 0xb8, 0xdd, 0xf1, 0x2f, 0x6e, 0x5f, 0xcd,
261 0x50, 0x30},
262 .sk_len = 32,
263 .pk = (const unsigned char[32]) {0x36, 0xce, 0xe3, 0x98, 0x09, 0xe1, 0x72, 0xca, 0xcd, 0x26, 0x79, 0xa9, 0xbf,
264 0xc4, 0xda, 0xd9, 0x65, 0x4a, 0x53, 0x23, 0xf4, 0x02, 0x75, 0x7c, 0xe2, 0xc6, 0x4a, 0x7c, 0x1c, 0xd2,
265 0xf6, 0x4d},
266 .pk_len = 32,
267 .sum = NULL},
268 #endif
269 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
270 {.ecp_group_id = MBEDTLS_ECP_DP_CURVE448,
271 .sk = (const unsigned char[56]) {0xf5, 0x73, 0x0e, 0x50, 0xb2, 0xd3, 0x3b, 0x01, 0x28, 0x29, 0xa0, 0xa1, 0x43,
272 0x92, 0x2f, 0x05, 0x40, 0xc3, 0x5f, 0xcf, 0xc1, 0x53, 0x49, 0xc2, 0x0c, 0xf4, 0x49, 0x99, 0xdb, 0xb9,
273 0x64, 0x10, 0x25, 0x18, 0x82, 0x24, 0x2c, 0xdf, 0x25, 0xb6, 0xac, 0xb1, 0xe6, 0x11, 0x26, 0xa9, 0x96,
274 0x16, 0x16, 0x6c, 0x7b, 0xdd, 0x7c, 0x55, 0x5f, 0xf0},
275 .sk_len = 56,
276 .pk = (const unsigned char[56]) {0x4f, 0xf4, 0xd0, 0x42, 0x1a, 0xa6, 0xfc, 0x2d, 0xba, 0x7b, 0x45, 0x9e, 0xed,
277 0xd0, 0xf1, 0x8c, 0xec, 0xeb, 0xae, 0x29, 0x27, 0x9f, 0xc7, 0xe8, 0x8a, 0xc7, 0xeb, 0x3c, 0x18, 0xb8,
278 0x7f, 0x66, 0x2f, 0x8b, 0x0d, 0x68, 0xe8, 0x2e, 0x60, 0x91, 0x27, 0xa2, 0x8c, 0x91, 0x2c, 0xf4, 0xa1,
279 0x58, 0x74, 0xc9, 0x40, 0xfe, 0x50, 0x06, 0x1b, 0xe7},
280 .pk_len = 56,
281 .sum = NULL},
282 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
283 };
284
285 /****************************************************************
286 * Dummy variable to skip mbedtls_ecp_self_test sw functionality
287 ****************************************************************/
288 const int __ecp_alt_b91_skip_internal_self_tests = 1;
289
290 /****************************************************************
291 * Public functions declaration
292 ****************************************************************/
293
ecp_alt_b91_backend_test(int verbose)294 int ecp_alt_b91_backend_test(int verbose)
295 {
296 int result = 0;
297 if (verbose)
298 mbedtls_printf("test started\n");
299
300 mbedtls_ctr_drbg_context ctr_drbg;
301 mbedtls_entropy_context entropy;
302
303 mbedtls_ctr_drbg_init(&ctr_drbg);
304 mbedtls_entropy_init(&entropy);
305
306 if ((result = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)) == 0) {
307 for (size_t i = 0; result == 0 && i < sizeof(ecp_test_cases) / sizeof(ecp_test_cases[0]); i++) {
308 const mbedtls_ecp_curve_info *ecp_curve_info =
309 mbedtls_ecp_curve_info_from_grp_id(ecp_test_cases[i].ecp_group_id);
310 if (verbose)
311 mbedtls_printf("\tcurve: %s\n", ecp_curve_info->name);
312
313 mbedtls_ecp_group ecp_group;
314 mbedtls_mpi sk;
315 mbedtls_ecp_point pk;
316 mbedtls_ecp_point pk_ref;
317 mbedtls_ecp_point sum;
318 mbedtls_ecp_point sum_ref;
319
320 mbedtls_ecp_group_init(&ecp_group);
321 mbedtls_mpi_init(&sk);
322 mbedtls_ecp_point_init(&pk);
323 mbedtls_ecp_point_init(&pk_ref);
324 mbedtls_ecp_point_init(&sum);
325 mbedtls_ecp_point_init(&sum_ref);
326
327 do {
328 if ((result = mbedtls_ecp_group_load(&ecp_group, ecp_test_cases[i].ecp_group_id)) != 0) {
329 if (verbose)
330 mbedtls_printf("mbedtls_ecp_group_load failed\n");
331 break;
332 }
333
334 if ((result = mbedtls_mpi_read_binary(&sk, ecp_test_cases[i].sk, ecp_test_cases[i].sk_len)) != 0) {
335 if (verbose)
336 mbedtls_printf("mbedtls_mpi_read_binary (secret key) failed\n");
337 break;
338 }
339
340 if ((result = mbedtls_ecp_check_privkey(&ecp_group, &sk)) != 0) {
341 if (verbose)
342 mbedtls_printf("mbedtls_ecp_check_privkey failed\n");
343 break;
344 }
345
346 if ((result = mbedtls_ecp_mul(
347 &ecp_group, &pk, &sk, &ecp_group.G, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
348 if (verbose)
349 mbedtls_printf("mbedtls_ecp_mul failed\n");
350 break;
351 }
352
353 if ((result = mbedtls_ecp_point_read_binary(
354 &ecp_group, &pk_ref, ecp_test_cases[i].pk, ecp_test_cases[i].pk_len)) != 0) {
355 if (verbose)
356 mbedtls_printf("mbedtls_ecp_point_read_binary (reference public key) failed\n");
357 break;
358 }
359
360 if ((result = mbedtls_ecp_point_cmp(&pk, &pk_ref)) != 0) {
361 if (verbose) {
362 mbedtls_printf("mbedtls_ecp_point_cmp (public key) failed\n");
363 mbedtls_printbuf("sk :", ecp_test_cases[i].sk, ecp_test_cases[i].sk_len);
364 mbedtls_printbuf("pk ref:", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len);
365 unsigned char buf[ecp_test_cases[i].pk_len];
366 size_t buf_len;
367 if (mbedtls_ecp_point_write_binary(
368 &ecp_group, &pk, MBEDTLS_ECP_PF_UNCOMPRESSED, &buf_len, buf, sizeof(buf)) == 0)
369 mbedtls_printbuf("pk :", buf, buf_len);
370 }
371 break;
372 }
373
374 if ((result = mbedtls_ecp_check_pubkey(&ecp_group, &pk)) != 0) {
375 if (verbose)
376 mbedtls_printf("mbedtls_ecp_check_pubkey failed\n");
377 break;
378 }
379
380 if (mbedtls_ecp_get_type(&ecp_group) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS)
381 continue;
382
383 if ((result = mbedtls_ecp_muladd(&ecp_group, &sum, &sk, &ecp_group.G, &sk, &pk)) != 0) {
384 if (verbose)
385 mbedtls_printf("mbedtls_ecp_muladd failed\n");
386 break;
387 }
388
389 if ((result = mbedtls_ecp_point_read_binary(
390 &ecp_group, &sum_ref, ecp_test_cases[i].sum, ecp_test_cases[i].pk_len)) != 0) {
391 if (verbose)
392 mbedtls_printf("mbedtls_ecp_point_read_binary (reference sum) failed\n");
393 break;
394 }
395
396 if ((result = mbedtls_ecp_point_cmp(&sum, &sum_ref)) != 0) {
397 if (verbose) {
398 mbedtls_printf("mbedtls_ecp_point_cmp (sum) failed\n");
399 mbedtls_printbuf("sk :", ecp_test_cases[i].sk, ecp_test_cases[i].sk_len);
400 mbedtls_printbuf("pk ref :", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len);
401 mbedtls_printbuf("sum ref:", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len);
402 unsigned char buf[ecp_test_cases[i].pk_len];
403 size_t buf_len;
404 if (mbedtls_ecp_point_write_binary(
405 &ecp_group, &sum, MBEDTLS_ECP_PF_UNCOMPRESSED, &buf_len, buf, sizeof(buf)) == 0)
406 mbedtls_printbuf("sum :", buf, buf_len);
407 }
408 break;
409 }
410 } while (0);
411
412 mbedtls_ecp_point_free(&sum_ref);
413 mbedtls_ecp_point_free(&sum);
414 mbedtls_ecp_point_free(&pk_ref);
415 mbedtls_ecp_point_free(&pk);
416 mbedtls_mpi_free(&sk);
417 mbedtls_ecp_group_free(&ecp_group);
418 }
419 } else { /* mbedtls_ctr_drbg_seed failed */
420 if (verbose)
421 mbedtls_printf("random failed\n");
422 }
423
424 mbedtls_ctr_drbg_free(&ctr_drbg);
425 mbedtls_entropy_free(&entropy);
426
427 if (verbose) {
428 if (result == 0)
429 mbedtls_printf("test successfully finished\n");
430 else {
431 char buf[512];
432 mbedtls_strerror(result, buf, sizeof(buf));
433 mbedtls_printf("test failed: %s\n", buf);
434 }
435 }
436 return result;
437 }
438
439 #endif /* MBEDTLS_SELF_TEST */
440
441 #endif /* MBEDTLS_ECP_ALT */
442
443 #endif /* MBEDTLS_ECP_C */
444