1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/ecdh.h" 3a8e1175bSopenharmony_ci 4a8e1175bSopenharmony_cistatic int load_public_key(int grp_id, data_t *point, 5a8e1175bSopenharmony_ci mbedtls_ecp_keypair *ecp) 6a8e1175bSopenharmony_ci{ 7a8e1175bSopenharmony_ci int ok = 0; 8a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&ecp->grp, grp_id) == 0); 9a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp->grp, 10a8e1175bSopenharmony_ci &ecp->Q, 11a8e1175bSopenharmony_ci point->x, 12a8e1175bSopenharmony_ci point->len) == 0); 13a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_check_pubkey(&ecp->grp, 14a8e1175bSopenharmony_ci &ecp->Q) == 0); 15a8e1175bSopenharmony_ci ok = 1; 16a8e1175bSopenharmony_ciexit: 17a8e1175bSopenharmony_ci return ok; 18a8e1175bSopenharmony_ci} 19a8e1175bSopenharmony_ci 20a8e1175bSopenharmony_cistatic int load_private_key(int grp_id, data_t *private_key, 21a8e1175bSopenharmony_ci mbedtls_ecp_keypair *ecp, 22a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info *rnd_info) 23a8e1175bSopenharmony_ci{ 24a8e1175bSopenharmony_ci int ok = 0; 25a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_read_key(grp_id, ecp, 26a8e1175bSopenharmony_ci private_key->x, 27a8e1175bSopenharmony_ci private_key->len) == 0); 28a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_check_privkey(&ecp->grp, &ecp->d) == 0); 29a8e1175bSopenharmony_ci /* Calculate the public key from the private key. */ 30a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, 31a8e1175bSopenharmony_ci &ecp->grp.G, 32a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 33a8e1175bSopenharmony_ci rnd_info) == 0); 34a8e1175bSopenharmony_ci ok = 1; 35a8e1175bSopenharmony_ciexit: 36a8e1175bSopenharmony_ci return ok; 37a8e1175bSopenharmony_ci} 38a8e1175bSopenharmony_ci 39a8e1175bSopenharmony_ci/* END_HEADER */ 40a8e1175bSopenharmony_ci 41a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 42a8e1175bSopenharmony_ci * depends_on:MBEDTLS_ECDH_C 43a8e1175bSopenharmony_ci * END_DEPENDENCIES 44a8e1175bSopenharmony_ci */ 45a8e1175bSopenharmony_ci 46a8e1175bSopenharmony_ci/* BEGIN_CASE */ 47a8e1175bSopenharmony_civoid ecdh_invalid_param() 48a8e1175bSopenharmony_ci{ 49a8e1175bSopenharmony_ci mbedtls_ecdh_context ctx; 50a8e1175bSopenharmony_ci mbedtls_ecp_keypair kp; 51a8e1175bSopenharmony_ci int invalid_side = 42; 52a8e1175bSopenharmony_ci 53a8e1175bSopenharmony_ci mbedtls_ecdh_init(&ctx); 54a8e1175bSopenharmony_ci mbedtls_ecp_keypair_init(&kp); 55a8e1175bSopenharmony_ci 56a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, 57a8e1175bSopenharmony_ci mbedtls_ecdh_get_params(&ctx, &kp, 58a8e1175bSopenharmony_ci invalid_side)); 59a8e1175bSopenharmony_ci 60a8e1175bSopenharmony_ciexit: 61a8e1175bSopenharmony_ci return; 62a8e1175bSopenharmony_ci} 63a8e1175bSopenharmony_ci/* END_CASE */ 64a8e1175bSopenharmony_ci 65a8e1175bSopenharmony_ci/* BEGIN_CASE */ 66a8e1175bSopenharmony_civoid ecdh_primitive_random(int id) 67a8e1175bSopenharmony_ci{ 68a8e1175bSopenharmony_ci mbedtls_ecp_group grp; 69a8e1175bSopenharmony_ci mbedtls_ecp_point qA, qB; 70a8e1175bSopenharmony_ci mbedtls_mpi dA, dB, zA, zB; 71a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 72a8e1175bSopenharmony_ci 73a8e1175bSopenharmony_ci mbedtls_ecp_group_init(&grp); 74a8e1175bSopenharmony_ci mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 75a8e1175bSopenharmony_ci mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 76a8e1175bSopenharmony_ci mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); 77a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 78a8e1175bSopenharmony_ci 79a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 80a8e1175bSopenharmony_ci 81a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 82a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 83a8e1175bSopenharmony_ci &rnd_info) == 0); 84a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 85a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 86a8e1175bSopenharmony_ci &rnd_info) == 0); 87a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, 88a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 89a8e1175bSopenharmony_ci &rnd_info) == 0); 90a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, 91a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 92a8e1175bSopenharmony_ci &rnd_info) == 0); 93a8e1175bSopenharmony_ci 94a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &zB) == 0); 95a8e1175bSopenharmony_ci 96a8e1175bSopenharmony_ciexit: 97a8e1175bSopenharmony_ci mbedtls_ecp_group_free(&grp); 98a8e1175bSopenharmony_ci mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 99a8e1175bSopenharmony_ci mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 100a8e1175bSopenharmony_ci mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); 101a8e1175bSopenharmony_ci} 102a8e1175bSopenharmony_ci/* END_CASE */ 103a8e1175bSopenharmony_ci 104a8e1175bSopenharmony_ci/* BEGIN_CASE */ 105a8e1175bSopenharmony_civoid ecdh_primitive_testvec(int id, data_t *rnd_buf_A, char *xA_str, 106a8e1175bSopenharmony_ci char *yA_str, data_t *rnd_buf_B, 107a8e1175bSopenharmony_ci char *xB_str, char *yB_str, char *z_str) 108a8e1175bSopenharmony_ci{ 109a8e1175bSopenharmony_ci mbedtls_ecp_group grp; 110a8e1175bSopenharmony_ci mbedtls_ecp_point qA, qB; 111a8e1175bSopenharmony_ci mbedtls_mpi dA, dB, zA, zB, check; 112a8e1175bSopenharmony_ci mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 113a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 114a8e1175bSopenharmony_ci 115a8e1175bSopenharmony_ci mbedtls_ecp_group_init(&grp); 116a8e1175bSopenharmony_ci mbedtls_ecp_point_init(&qA); mbedtls_ecp_point_init(&qB); 117a8e1175bSopenharmony_ci mbedtls_mpi_init(&dA); mbedtls_mpi_init(&dB); 118a8e1175bSopenharmony_ci mbedtls_mpi_init(&zA); mbedtls_mpi_init(&zB); mbedtls_mpi_init(&check); 119a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 120a8e1175bSopenharmony_ci 121a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 122a8e1175bSopenharmony_ci 123a8e1175bSopenharmony_ci rnd_info_A.buf = rnd_buf_A->x; 124a8e1175bSopenharmony_ci rnd_info_A.length = rnd_buf_A->len; 125a8e1175bSopenharmony_ci rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 126a8e1175bSopenharmony_ci rnd_info_A.fallback_p_rng = NULL; 127a8e1175bSopenharmony_ci 128a8e1175bSopenharmony_ci /* Fix rnd_buf_A->x by shifting it left if necessary */ 129a8e1175bSopenharmony_ci if (grp.nbits % 8 != 0) { 130a8e1175bSopenharmony_ci unsigned char shift = 8 - (grp.nbits % 8); 131a8e1175bSopenharmony_ci size_t i; 132a8e1175bSopenharmony_ci 133a8e1175bSopenharmony_ci for (i = 0; i < rnd_info_A.length - 1; i++) { 134a8e1175bSopenharmony_ci rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift 135a8e1175bSopenharmony_ci | rnd_buf_A->x[i+1] >> (8 - shift); 136a8e1175bSopenharmony_ci } 137a8e1175bSopenharmony_ci 138a8e1175bSopenharmony_ci rnd_buf_A->x[rnd_info_A.length-1] <<= shift; 139a8e1175bSopenharmony_ci } 140a8e1175bSopenharmony_ci 141a8e1175bSopenharmony_ci rnd_info_B.buf = rnd_buf_B->x; 142a8e1175bSopenharmony_ci rnd_info_B.length = rnd_buf_B->len; 143a8e1175bSopenharmony_ci rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 144a8e1175bSopenharmony_ci rnd_info_B.fallback_p_rng = NULL; 145a8e1175bSopenharmony_ci 146a8e1175bSopenharmony_ci /* Fix rnd_buf_B->x by shifting it left if necessary */ 147a8e1175bSopenharmony_ci if (grp.nbits % 8 != 0) { 148a8e1175bSopenharmony_ci unsigned char shift = 8 - (grp.nbits % 8); 149a8e1175bSopenharmony_ci size_t i; 150a8e1175bSopenharmony_ci 151a8e1175bSopenharmony_ci for (i = 0; i < rnd_info_B.length - 1; i++) { 152a8e1175bSopenharmony_ci rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift 153a8e1175bSopenharmony_ci | rnd_buf_B->x[i+1] >> (8 - shift); 154a8e1175bSopenharmony_ci } 155a8e1175bSopenharmony_ci 156a8e1175bSopenharmony_ci rnd_buf_B->x[rnd_info_B.length-1] <<= shift; 157a8e1175bSopenharmony_ci } 158a8e1175bSopenharmony_ci 159a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dA, &qA, 160a8e1175bSopenharmony_ci mbedtls_test_rnd_buffer_rand, 161a8e1175bSopenharmony_ci &rnd_info_A) == 0); 162a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_ecp_is_zero(&qA)); 163a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&check, xA_str) == 0); 164a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.X, &check) == 0); 165a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&check, yA_str) == 0); 166a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qA.Y, &check) == 0); 167a8e1175bSopenharmony_ci 168a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_gen_public(&grp, &dB, &qB, 169a8e1175bSopenharmony_ci mbedtls_test_rnd_buffer_rand, 170a8e1175bSopenharmony_ci &rnd_info_B) == 0); 171a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_ecp_is_zero(&qB)); 172a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&check, xB_str) == 0); 173a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.X, &check) == 0); 174a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&check, yB_str) == 0); 175a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&qB.Y, &check) == 0); 176a8e1175bSopenharmony_ci 177a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&check, z_str) == 0); 178a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zA, &qB, &dA, 179a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 180a8e1175bSopenharmony_ci &rnd_info) == 0); 181a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zA, &check) == 0); 182a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_compute_shared(&grp, &zB, &qA, &dB, 183a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 184a8e1175bSopenharmony_ci &rnd_info) == 0); 185a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_mpi_cmp_mpi(&zB, &check) == 0); 186a8e1175bSopenharmony_ci 187a8e1175bSopenharmony_ciexit: 188a8e1175bSopenharmony_ci mbedtls_ecp_group_free(&grp); 189a8e1175bSopenharmony_ci mbedtls_ecp_point_free(&qA); mbedtls_ecp_point_free(&qB); 190a8e1175bSopenharmony_ci mbedtls_mpi_free(&dA); mbedtls_mpi_free(&dB); 191a8e1175bSopenharmony_ci mbedtls_mpi_free(&zA); mbedtls_mpi_free(&zB); mbedtls_mpi_free(&check); 192a8e1175bSopenharmony_ci} 193a8e1175bSopenharmony_ci/* END_CASE */ 194a8e1175bSopenharmony_ci 195a8e1175bSopenharmony_ci/* BEGIN_CASE */ 196a8e1175bSopenharmony_civoid ecdh_exchange(int id) 197a8e1175bSopenharmony_ci{ 198a8e1175bSopenharmony_ci mbedtls_ecdh_context srv, cli; 199a8e1175bSopenharmony_ci unsigned char buf[1000]; 200a8e1175bSopenharmony_ci const unsigned char *vbuf; 201a8e1175bSopenharmony_ci size_t len; 202a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 203a8e1175bSopenharmony_ci unsigned char res_buf[1000]; 204a8e1175bSopenharmony_ci size_t res_len; 205a8e1175bSopenharmony_ci 206a8e1175bSopenharmony_ci mbedtls_ecdh_init(&srv); 207a8e1175bSopenharmony_ci mbedtls_ecdh_init(&cli); 208a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 209a8e1175bSopenharmony_ci 210a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 211a8e1175bSopenharmony_ci 212a8e1175bSopenharmony_ci memset(buf, 0x00, sizeof(buf)); vbuf = buf; 213a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_make_params(&srv, &len, buf, 1000, 214a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 215a8e1175bSopenharmony_ci &rnd_info) == 0); 216a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 217a8e1175bSopenharmony_ci 218a8e1175bSopenharmony_ci memset(buf, 0x00, sizeof(buf)); 219a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_make_public(&cli, &len, buf, 1000, 220a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 221a8e1175bSopenharmony_ci &rnd_info) == 0); 222a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 223a8e1175bSopenharmony_ci 224a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_calc_secret(&srv, &len, buf, 1000, 225a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 226a8e1175bSopenharmony_ci &rnd_info) == 0); 227a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_calc_secret(&cli, &res_len, res_buf, 1000, 228a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 229a8e1175bSopenharmony_ci &rnd_info) == 0); 230a8e1175bSopenharmony_ci TEST_ASSERT(len == res_len); 231a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(buf, res_buf, len) == 0); 232a8e1175bSopenharmony_ci 233a8e1175bSopenharmony_ciexit: 234a8e1175bSopenharmony_ci mbedtls_ecdh_free(&srv); 235a8e1175bSopenharmony_ci mbedtls_ecdh_free(&cli); 236a8e1175bSopenharmony_ci} 237a8e1175bSopenharmony_ci/* END_CASE */ 238a8e1175bSopenharmony_ci 239a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 240a8e1175bSopenharmony_civoid ecdh_restart(int id, data_t *dA, data_t *dB, data_t *z, 241a8e1175bSopenharmony_ci int enable, int max_ops, int min_restart, int max_restart) 242a8e1175bSopenharmony_ci{ 243a8e1175bSopenharmony_ci int ret; 244a8e1175bSopenharmony_ci mbedtls_ecdh_context srv, cli; 245a8e1175bSopenharmony_ci unsigned char buf[1000]; 246a8e1175bSopenharmony_ci const unsigned char *vbuf; 247a8e1175bSopenharmony_ci size_t len; 248a8e1175bSopenharmony_ci mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; 249a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 250a8e1175bSopenharmony_ci int cnt_restart; 251a8e1175bSopenharmony_ci mbedtls_ecp_group grp; 252a8e1175bSopenharmony_ci 253a8e1175bSopenharmony_ci mbedtls_ecp_group_init(&grp); 254a8e1175bSopenharmony_ci mbedtls_ecdh_init(&srv); 255a8e1175bSopenharmony_ci mbedtls_ecdh_init(&cli); 256a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 257a8e1175bSopenharmony_ci 258a8e1175bSopenharmony_ci rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; 259a8e1175bSopenharmony_ci rnd_info_A.fallback_p_rng = NULL; 260a8e1175bSopenharmony_ci rnd_info_A.buf = dA->x; 261a8e1175bSopenharmony_ci rnd_info_A.length = dA->len; 262a8e1175bSopenharmony_ci 263a8e1175bSopenharmony_ci rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand; 264a8e1175bSopenharmony_ci rnd_info_B.fallback_p_rng = NULL; 265a8e1175bSopenharmony_ci rnd_info_B.buf = dB->x; 266a8e1175bSopenharmony_ci rnd_info_B.length = dB->len; 267a8e1175bSopenharmony_ci 268a8e1175bSopenharmony_ci /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure 269a8e1175bSopenharmony_ci * in every configuration, therefore we load it separately. */ 270a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); 271a8e1175bSopenharmony_ci 272a8e1175bSopenharmony_ci /* Otherwise we would have to fix the random buffer, 273a8e1175bSopenharmony_ci * as in ecdh_primitive_testvec. */ 274a8e1175bSopenharmony_ci TEST_ASSERT(grp.nbits % 8 == 0); 275a8e1175bSopenharmony_ci 276a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 277a8e1175bSopenharmony_ci 278a8e1175bSopenharmony_ci /* set up restart parameters */ 279a8e1175bSopenharmony_ci mbedtls_ecp_set_max_ops(max_ops); 280a8e1175bSopenharmony_ci 281a8e1175bSopenharmony_ci if (enable) { 282a8e1175bSopenharmony_ci mbedtls_ecdh_enable_restart(&srv); 283a8e1175bSopenharmony_ci mbedtls_ecdh_enable_restart(&cli); 284a8e1175bSopenharmony_ci } 285a8e1175bSopenharmony_ci 286a8e1175bSopenharmony_ci /* server writes its parameters */ 287a8e1175bSopenharmony_ci memset(buf, 0x00, sizeof(buf)); 288a8e1175bSopenharmony_ci len = 0; 289a8e1175bSopenharmony_ci 290a8e1175bSopenharmony_ci cnt_restart = 0; 291a8e1175bSopenharmony_ci do { 292a8e1175bSopenharmony_ci ret = mbedtls_ecdh_make_params(&srv, &len, buf, sizeof(buf), 293a8e1175bSopenharmony_ci mbedtls_test_rnd_buffer_rand, 294a8e1175bSopenharmony_ci &rnd_info_A); 295a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 296a8e1175bSopenharmony_ci 297a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 298a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 299a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 300a8e1175bSopenharmony_ci 301a8e1175bSopenharmony_ci /* client read server params */ 302a8e1175bSopenharmony_ci vbuf = buf; 303a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_read_params(&cli, &vbuf, buf + len) == 0); 304a8e1175bSopenharmony_ci 305a8e1175bSopenharmony_ci /* client writes its key share */ 306a8e1175bSopenharmony_ci memset(buf, 0x00, sizeof(buf)); 307a8e1175bSopenharmony_ci len = 0; 308a8e1175bSopenharmony_ci 309a8e1175bSopenharmony_ci cnt_restart = 0; 310a8e1175bSopenharmony_ci do { 311a8e1175bSopenharmony_ci ret = mbedtls_ecdh_make_public(&cli, &len, buf, sizeof(buf), 312a8e1175bSopenharmony_ci mbedtls_test_rnd_buffer_rand, 313a8e1175bSopenharmony_ci &rnd_info_B); 314a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 315a8e1175bSopenharmony_ci 316a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 317a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 318a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 319a8e1175bSopenharmony_ci 320a8e1175bSopenharmony_ci /* server reads client key share */ 321a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_read_public(&srv, buf, len) == 0); 322a8e1175bSopenharmony_ci 323a8e1175bSopenharmony_ci /* server computes shared secret */ 324a8e1175bSopenharmony_ci memset(buf, 0, sizeof(buf)); 325a8e1175bSopenharmony_ci len = 0; 326a8e1175bSopenharmony_ci 327a8e1175bSopenharmony_ci cnt_restart = 0; 328a8e1175bSopenharmony_ci do { 329a8e1175bSopenharmony_ci ret = mbedtls_ecdh_calc_secret(&srv, &len, buf, sizeof(buf), 330a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 331a8e1175bSopenharmony_ci &rnd_info); 332a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 333a8e1175bSopenharmony_ci 334a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 335a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 336a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 337a8e1175bSopenharmony_ci 338a8e1175bSopenharmony_ci TEST_ASSERT(len == z->len); 339a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(buf, z->x, len) == 0); 340a8e1175bSopenharmony_ci 341a8e1175bSopenharmony_ci /* client computes shared secret */ 342a8e1175bSopenharmony_ci memset(buf, 0, sizeof(buf)); 343a8e1175bSopenharmony_ci len = 0; 344a8e1175bSopenharmony_ci 345a8e1175bSopenharmony_ci cnt_restart = 0; 346a8e1175bSopenharmony_ci do { 347a8e1175bSopenharmony_ci ret = mbedtls_ecdh_calc_secret(&cli, &len, buf, sizeof(buf), 348a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, 349a8e1175bSopenharmony_ci &rnd_info); 350a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 351a8e1175bSopenharmony_ci 352a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 353a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 354a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 355a8e1175bSopenharmony_ci 356a8e1175bSopenharmony_ci TEST_ASSERT(len == z->len); 357a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(buf, z->x, len) == 0); 358a8e1175bSopenharmony_ci 359a8e1175bSopenharmony_ciexit: 360a8e1175bSopenharmony_ci mbedtls_ecp_group_free(&grp); 361a8e1175bSopenharmony_ci mbedtls_ecdh_free(&srv); 362a8e1175bSopenharmony_ci mbedtls_ecdh_free(&cli); 363a8e1175bSopenharmony_ci} 364a8e1175bSopenharmony_ci/* END_CASE */ 365a8e1175bSopenharmony_ci 366a8e1175bSopenharmony_ci/* BEGIN_CASE */ 367a8e1175bSopenharmony_civoid ecdh_exchange_calc_secret(int grp_id, 368a8e1175bSopenharmony_ci data_t *our_private_key, 369a8e1175bSopenharmony_ci data_t *their_point, 370a8e1175bSopenharmony_ci int ours_first, 371a8e1175bSopenharmony_ci data_t *expected) 372a8e1175bSopenharmony_ci{ 373a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 374a8e1175bSopenharmony_ci mbedtls_ecp_keypair our_key; 375a8e1175bSopenharmony_ci mbedtls_ecp_keypair their_key; 376a8e1175bSopenharmony_ci mbedtls_ecdh_context ecdh; 377a8e1175bSopenharmony_ci unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; 378a8e1175bSopenharmony_ci size_t shared_secret_length = 0; 379a8e1175bSopenharmony_ci 380a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 381a8e1175bSopenharmony_ci mbedtls_ecdh_init(&ecdh); 382a8e1175bSopenharmony_ci mbedtls_ecp_keypair_init(&our_key); 383a8e1175bSopenharmony_ci mbedtls_ecp_keypair_init(&their_key); 384a8e1175bSopenharmony_ci 385a8e1175bSopenharmony_ci if (!load_private_key(grp_id, our_private_key, &our_key, &rnd_info)) { 386a8e1175bSopenharmony_ci goto exit; 387a8e1175bSopenharmony_ci } 388a8e1175bSopenharmony_ci if (!load_public_key(grp_id, their_point, &their_key)) { 389a8e1175bSopenharmony_ci goto exit; 390a8e1175bSopenharmony_ci } 391a8e1175bSopenharmony_ci 392a8e1175bSopenharmony_ci /* Import the keys to the ECDH calculation. */ 393a8e1175bSopenharmony_ci if (ours_first) { 394a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 395a8e1175bSopenharmony_ci &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 396a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 397a8e1175bSopenharmony_ci &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 398a8e1175bSopenharmony_ci } else { 399a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 400a8e1175bSopenharmony_ci &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 401a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 402a8e1175bSopenharmony_ci &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 403a8e1175bSopenharmony_ci } 404a8e1175bSopenharmony_ci 405a8e1175bSopenharmony_ci /* Perform the ECDH calculation. */ 406a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_calc_secret( 407a8e1175bSopenharmony_ci &ecdh, 408a8e1175bSopenharmony_ci &shared_secret_length, 409a8e1175bSopenharmony_ci shared_secret, sizeof(shared_secret), 410a8e1175bSopenharmony_ci &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); 411a8e1175bSopenharmony_ci TEST_ASSERT(shared_secret_length == expected->len); 412a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(expected->x, shared_secret, 413a8e1175bSopenharmony_ci shared_secret_length) == 0); 414a8e1175bSopenharmony_ci 415a8e1175bSopenharmony_ciexit: 416a8e1175bSopenharmony_ci mbedtls_ecdh_free(&ecdh); 417a8e1175bSopenharmony_ci mbedtls_ecp_keypair_free(&our_key); 418a8e1175bSopenharmony_ci mbedtls_ecp_keypair_free(&their_key); 419a8e1175bSopenharmony_ci} 420a8e1175bSopenharmony_ci/* END_CASE */ 421a8e1175bSopenharmony_ci 422a8e1175bSopenharmony_ci/* BEGIN_CASE */ 423a8e1175bSopenharmony_civoid ecdh_exchange_get_params_fail(int our_grp_id, 424a8e1175bSopenharmony_ci data_t *our_private_key, 425a8e1175bSopenharmony_ci int their_grp_id, 426a8e1175bSopenharmony_ci data_t *their_point, 427a8e1175bSopenharmony_ci int ours_first, 428a8e1175bSopenharmony_ci int expected_ret) 429a8e1175bSopenharmony_ci{ 430a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 431a8e1175bSopenharmony_ci mbedtls_ecp_keypair our_key; 432a8e1175bSopenharmony_ci mbedtls_ecp_keypair their_key; 433a8e1175bSopenharmony_ci mbedtls_ecdh_context ecdh; 434a8e1175bSopenharmony_ci 435a8e1175bSopenharmony_ci memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); 436a8e1175bSopenharmony_ci mbedtls_ecdh_init(&ecdh); 437a8e1175bSopenharmony_ci mbedtls_ecp_keypair_init(&our_key); 438a8e1175bSopenharmony_ci mbedtls_ecp_keypair_init(&their_key); 439a8e1175bSopenharmony_ci 440a8e1175bSopenharmony_ci if (!load_private_key(our_grp_id, our_private_key, &our_key, &rnd_info)) { 441a8e1175bSopenharmony_ci goto exit; 442a8e1175bSopenharmony_ci } 443a8e1175bSopenharmony_ci if (!load_public_key(their_grp_id, their_point, &their_key)) { 444a8e1175bSopenharmony_ci goto exit; 445a8e1175bSopenharmony_ci } 446a8e1175bSopenharmony_ci 447a8e1175bSopenharmony_ci if (ours_first) { 448a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 449a8e1175bSopenharmony_ci &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 0); 450a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 451a8e1175bSopenharmony_ci &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 452a8e1175bSopenharmony_ci expected_ret); 453a8e1175bSopenharmony_ci } else { 454a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 455a8e1175bSopenharmony_ci &ecdh, &their_key, MBEDTLS_ECDH_THEIRS) == 0); 456a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_get_params( 457a8e1175bSopenharmony_ci &ecdh, &our_key, MBEDTLS_ECDH_OURS) == 458a8e1175bSopenharmony_ci expected_ret); 459a8e1175bSopenharmony_ci } 460a8e1175bSopenharmony_ci 461a8e1175bSopenharmony_ciexit: 462a8e1175bSopenharmony_ci mbedtls_ecdh_free(&ecdh); 463a8e1175bSopenharmony_ci mbedtls_ecp_keypair_free(&our_key); 464a8e1175bSopenharmony_ci mbedtls_ecp_keypair_free(&their_key); 465a8e1175bSopenharmony_ci} 466a8e1175bSopenharmony_ci/* END_CASE */ 467a8e1175bSopenharmony_ci 468a8e1175bSopenharmony_ci/* BEGIN_CASE */ 469a8e1175bSopenharmony_civoid ecdh_context_grp(int id) 470a8e1175bSopenharmony_ci{ 471a8e1175bSopenharmony_ci mbedtls_ecdh_context srv; 472a8e1175bSopenharmony_ci 473a8e1175bSopenharmony_ci mbedtls_ecdh_init(&srv); 474a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); 475a8e1175bSopenharmony_ci 476a8e1175bSopenharmony_ci /* Test the retrieved group id matches/*/ 477a8e1175bSopenharmony_ci TEST_ASSERT((int) mbedtls_ecdh_get_grp_id(&srv) == id); 478a8e1175bSopenharmony_ci 479a8e1175bSopenharmony_ciexit: 480a8e1175bSopenharmony_ci mbedtls_ecdh_free(&srv); 481a8e1175bSopenharmony_ci 482a8e1175bSopenharmony_ci} 483a8e1175bSopenharmony_ci/* END_CASE */ 484