yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 17:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ecc-devel-mpg' into development

Browse source
This commit is contained in:
Paul Bakker 2013-03-13 16:31:01 +01:00
parent 68884e3c09 d589a0ddb6
commit 00c1f43743
27 changed files with 3852 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
include/polarssl/config.h
View file

@ -536,6 +536,43 @@
*/ */
#define POLARSSL_DHM_C #define POLARSSL_DHM_C
/**
* \def POLARSSL_ECDH_C
*
* Enable the elliptic curve Diffie-Hellman library.
*
* Module: library/ecdh.c
* Caller:
*
* Requires: POLARSSL_ECP_C
*/
#define POLARSSL_ECDH_C
/**
* \def POLARSSL_ECDSA_C
*
* Enable the elliptic curve DSA library.
*
* Module: library/ecdsa.c
* Caller:
*
* Requires: POLARSSL_ECP_C
*/
#define POLARSSL_ECDSA_C
/**
* \def POLARSSL_ECP_C
*
* Enable the elliptic curve over GF(p) library.
*
* Module: library/ecp.c
* Caller: library/ecdh.c
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C
*/
#define POLARSSL_ECP_C
/** /**
* \def POLARSSL_ENTROPY_C * \def POLARSSL_ENTROPY_C
* *
@ -887,6 +924,7 @@
* Caller: * Caller:
*/ */
#define POLARSSL_XTEA_C #define POLARSSL_XTEA_C
/* \} name */ /* \} name */
#endif /* config.h */ #endif /* config.h */

176
include/polarssl/ecdh.h Normal file
View file

@ -0,0 +1,176 @@
/**
* \file ecdh.h
*
* \brief Elliptic curve Diffie-Hellman
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_ECDH_H
#define POLARSSL_ECDH_H
#include "polarssl/ecp.h"
/**
* \brief ECDH context structure
*/
typedef struct
{
ecp_group grp; /*!< ellipitic curve used */
mpi d; /*!< our secret value */
ecp_point Q; /*!< our public value */
ecp_point Qp; /*!< peer's public value */
mpi z; /*!< shared secret */
int point_format; /*!< format for point export */
}
ecdh_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Generate a public key
*
* \param grp ECP group
* \param d Destination MPI (secret exponent)
* \param Q Destination point (public key)
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*/
int ecdh_gen_public( const ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Compute shared secret
*
* \param grp ECP group
* \param z Destination MPI (shared secret)
* \param Q Public key from other party
* \param d Our secret exponent
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*/
int ecdh_compute_shared( const ecp_group *grp, mpi *z,
const ecp_point *Q, const mpi *d );
/**
* \brief Initialize context
*
* \param ctx Context to initialize
*/
void ecdh_init( ecdh_context *ctx );
/**
* \brief Free context
*
* \param ctx Context to free
*/
void ecdh_free( ecdh_context *ctx );
/**
* \brief Setup and write the ServerKeyExhange parameters
*
* \param ctx ECDH context
* \param buf destination buffer
* \param olen number of chars written
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \note This function assumes that ctx->grp has already been
* properly set (for example using ecp_use_known_dp).
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
int ecdh_make_params( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Parse the ServerKeyExhange parameters
*
* \param ctx ECDH context
* \param buf $(start of input buffer)
* \param end one past end of buffer
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
int ecdh_read_params( ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end );
/**
* \brief Setup and export the client's public value
*
* \param ctx ECDH context
* \param olen number of bytes actually written
* \param buf destination buffer
* \param blen size of destination buffer
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
int ecdh_make_public( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Parse and import the client's public value
*
* \param ctx ECDH context
* \param buf start of input buffer
* \param blen length of input buffer
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
int ecdh_read_public( ecdh_context *ctx,
const unsigned char *buf, size_t blen );
/**
* \brief Derive and export the shared secret
*
* \param ctx ECDH context
* \param olen number of bytes written
* \param buf destination buffer
* \param blen buffer length
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int ecdh_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif

84
include/polarssl/ecdsa.h Normal file
View file

@ -0,0 +1,84 @@
/**
* \file ecdsa.h
*
* \brief Elliptic curve DSA
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_ECDSA_H
#define POLARSSL_ECDSA_H
#include "polarssl/ecp.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Compute ECDSA signature of a previously hashed message
*
* \param grp ECP group
* \param r First output integer
* \param s Second output integer
* \param d Private signing key
* \param buf Message hash
* \param blen Length of buf
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*/
int ecdsa_sign( const ecp_group *grp, mpi *r, mpi *s,
const mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Verify ECDSA signature of a previously hashed message
*
* \param grp ECP group
* \param buf Message hash
* \param blen Length of buf
* \param Q Public key to use for verification
* \param r First integer of the signature
* \param s Second integer of the signature
*
* \return 0 if successful,
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*/
int ecdsa_verify( const ecp_group *grp,
const unsigned char *buf, size_t blen,
const ecp_point *Q, const mpi *r, const mpi *s);
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int ecdsa_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif

428
include/polarssl/ecp.h Normal file
View file

@ -0,0 +1,428 @@
/**
* \file ecp.h
*
* \brief Elliptic curves over GF(p)
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_ECP_H
#define POLARSSL_ECP_H
#include "polarssl/bignum.h"
/*
* ECP error codes
*/
#define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */
#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F80 /**< The buffer is too small to write to. */
#define POLARSSL_ERR_ECP_GENERIC -0x4F00 /**< Generic ECP error */
/**
* \brief ECP point structure (jacobian coordinates)
*
* \note All functions expect and return points satisfying
* the following condition: Z == 0 or Z == 1. (Other
* values of Z are used by internal functions only.)
* The point is zero, or "at infinity", if Z == 0.
* Otherwise, X and Y are its standard (affine) coordinates.
*/
typedef struct
{
mpi X; /*!< the point's X coordinate */
mpi Y; /*!< the point's Y coordinate */
mpi Z; /*!< the point's Z coordinate */
}
ecp_point;
/*
* RFC 4492 defines an enum NamedCurve with two-bytes values
*/
typedef uint16_t ecp_group_id;
/**
* \brief ECP group structure
*
* The curves we consider are defined by y^2 = x^3 - 3x + B mod P,
* and a generator for a large subgroup of order N is fixed.
*
* pbits and nbits must be the size of P and N in bits.
*
* If modp is NULL, reduction modulo P is done using a generic
* algorithm. Otherwise, it must point to a function that takes an mpi
* in the range 0..2^(2*pbits) and transforms it in-place in an integer
* of little more than pbits, so that the integer may be efficiently
* brought in the 0..P range by a few additions or substractions. It
* must return 0 on success and a POLARSSL_ERR_ECP_XXX error on failure.
*/
typedef struct
{
ecp_group_id id; /*!< RFC 4492 group ID */
mpi P; /*!< prime modulus of the base field */
mpi B; /*!< constant term in the equation */
ecp_point G; /*!< generator of the subgroup used */
mpi N; /*!< the order of G */
size_t pbits; /*!< number of bits in P */
size_t nbits; /*!< number of bits in N */
int (*modp)(mpi *); /*!< function for fast reduction mod P */
}
ecp_group;
/**
* RFC 5114 defines a number of standardized ECP groups for use with TLS.
*
* These also are the NIST-recommended ECP groups, are the random ECP groups
* recommended by SECG, and include the two groups used by NSA Suite B.
* There are known as secpLLLr1 with LLL = 192, 224, 256, 384, 521.
*
* \warning This library does not support validation of arbitrary domain
* parameters. Therefore, only well-known domain parameters from trusted
* sources should be used. See ecp_use_known_dp().
*
* \note The values are taken from RFC 4492's enum NamedCurve.
*/
#define POLARSSL_ECP_DP_SECP192R1 19
#define POLARSSL_ECP_DP_SECP224R1 21
#define POLARSSL_ECP_DP_SECP256R1 23
#define POLARSSL_ECP_DP_SECP384R1 24
#define POLARSSL_ECP_DP_SECP521R1 25
/**
* Maximum bit size of the groups (that is, of N)
*/
#define POLARSSL_ECP_MAX_N_BITS 521
/*
* Maximum window size (actually, NAF width) used for point multipliation.
* Default: 7.
* Minimum value: 2. Maximum value: 8.
*
* Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
* points used for point multiplication, so at most 64 by default.
* In practice, most curves will use less precomputed points.
*
* Reduction in size may reduce speed for big curves.
*/
#define POLARSSL_ECP_WINDOW_SIZE 7 /**< Maximum NAF width used. */
/*
* Point formats, from RFC 4492's enum ECPointFormat
*/
#define POLARSSL_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */
#define POLARSSL_ECP_PF_COMPRESSED 1 /**< Compressed point format */
/*
* Some other constants from RFC 4492
*/
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Initialize a point (as zero)
*/
void ecp_point_init( ecp_point *pt );
/**
* \brief Initialize a group (to something meaningless)
*/
void ecp_group_init( ecp_group *grp );
/**
* \brief Free the components of a point
*/
void ecp_point_free( ecp_point *pt );
/**
* \brief Free the components of an ECP group
*/
void ecp_group_free( ecp_group *grp );
/**
* \brief Set a point to zero
*
* \param pt Destination point
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int ecp_set_zero( ecp_point *pt );
/**
* \brief Tell if a point is zero
*
* \param pt Point to test
*
* \return 1 if point is zero, 0 otherwise
*/
int ecp_is_zero( ecp_point *pt );
/**
* \brief Copy the contents of point Q into P
*
* \param P Destination point
* \param Q Source point
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int ecp_copy( ecp_point *P, const ecp_point *Q );
/**
* \brief Check that a point is a valid public key on this curve
*
* \param grp Curve/group the point should belong to
* \param pt Point to check
*
* \return 0 if point is a valid public key,
* POLARSSL_ERR_ECP_GENERIC otherwise.
*
* \note This function only checks the point is non-zero, has valid
* coordinates and lies on the curve, but not that it is
* indeed a multiple of G. This is additional check is more
* expensive, isn't required by standards, and shouldn't be
* necessary if the group used has a small cofactor. In
* particular, it is useless for the NIST groups which all
* have a cofactor of 1.
*/
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
/**
* \brief Import a non-zero point from two ASCII strings
*
* \param P Destination point
* \param radix Input numeric base
* \param x First affine coordinate as a null-terminated string
* \param y Second affine coordinate as a null-terminated string
*
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
*/
int ecp_point_read_string( ecp_point *P, int radix,
const char *x, const char *y );
/**
* \brief Import an ECP group from null-terminated ASCII strings
*
* \param grp Destination group
* \param radix Input numeric base
* \param p Prime modulus of the base field
* \param b Constant term in the equation
* \param gx The generator's X coordinate
* \param gy The generator's Y coordinate
* \param n The generator's order
*
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
*
* \note Sets all fields except modp.
*/
int ecp_group_read_string( ecp_group *grp, int radix,
const char *p, const char *b,
const char *gx, const char *gy, const char *n);
/**
* \brief Export a point into unsigned binary data
*
* \param grp Group to which the point should belong
* \param P Point to export
* \param format Point format, should be a POLARSSL_ECP_PF_XXX macro
* \param olen Length of the actual output
* \param buf Output buffer
* \param buflen Length of the output buffer
*
* \return 0 if successful,
* or POLARSSL_ERR_ECP_BAD_INPUT_DATA
* or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
*/
int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen );
/**
* \brief Import a point from unsigned binary data
*
* \param grp Group to which the point should belong
* \param P Point to import
* \param buf Input buffer
* \param ilen Actual length of input
*
* \return 0 if successful,
* POLARSSL_ERR_ECP_GENERIC if input is invalid
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*
* \note This function does NOT check that the point actually
* belongs to the given group, see ecp_check_pubkey() for
* that.
*/
int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
const unsigned char *buf, size_t ilen );
/**
* \brief Set a group using well-known domain parameters
*
* \param grp Destination group
* \param index Index in the list of well-known domain parameters
*
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_GENERIC if index is out of range
*
* \note Index should be a value of RFC 4492's enum NamdeCurve,
* possibly in the form of a POLARSSL_ECP_DP_XXX macro.
*/
int ecp_use_known_dp( ecp_group *grp, ecp_group_id id );
/**
* \brief Set a group from a TLS ECParameters record
*
* \param grp Destination group
* \param buf &(Start of input buffer)
* \param len Buffer length
*
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
*/
int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len );
/**
* \brief Write the TLS ECParameters record for a group
*
* \param grp ECP group used
* \param olen Number of bytes actually written
* \param buf Buffer to write to
* \param blen Buffer length
*
* \return 0 if successful,
* or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
*/
int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
unsigned char *buf, size_t blen );
/**
* \brief Import a point from a TLS ECPoint record
*
* \param grp ECP group used
* \param pt Destination point
* \param buf $(Start of input buffer)
* \param len Buffer length
*
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
*/
int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
const unsigned char **buf, size_t len );
/**
* \brief Export a point as a TLS ECPoint record
*
* \param grp ECP group used
* \param pt Point to export
* \param format Export format
* \param buf Buffer to write to
* \param len Buffer length
*
* \return 0 if successful,
* or POLARSSL_ERR_ECP_BAD_INPUT_DATA
* or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
*/
int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
int format, size_t *olen,
unsigned char *buf, size_t blen );
/**
* \brief Addition: R = P + Q
*
* \param grp ECP group
* \param R Destination point
* \param P Left-hand point
* \param Q Right-hand point
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int ecp_add( const ecp_group *grp, ecp_point *R,
const ecp_point *P, const ecp_point *Q );
/**
* \brief Subtraction: R = P - Q
*
* \param grp ECP group
* \param R Destination point
* \param P Left-hand point
* \param Q Right-hand point
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int ecp_sub( const ecp_group *grp, ecp_point *R,
const ecp_point *P, const ecp_point *Q );
/**
* \brief Multiplication by an integer: R = m * P
*
* \param grp ECP group
* \param R Destination point
* \param m Integer by which to multiply
* \param P Point to multiply
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
* POLARSSL_ERR_ECP_GENERIC if m < 0 of m has greater bit
* length than N, the number of points in the group.
*
* \note This function executes a constant number of operations
* for random m in the allowed range.
*/
int ecp_mul( const ecp_group *grp, ecp_point *R,
const mpi *m, const ecp_point *P );
/**
* \brief Generate a keypair
*
* \param grp ECP group
* \param d Destination MPI (secret part)
* \param Q Destination point (public part)
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*/
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int ecp_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif

4
include/polarssl/error.h
View file

@ -3,7 +3,7 @@
* *
* \brief Error to string translation * \brief Error to string translation
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -68,6 +68,7 @@
* SHA2 1 0x0078-0x0078 * SHA2 1 0x0078-0x0078
* SHA4 1 0x007A-0x007A * SHA4 1 0x007A-0x007A
* PBKDF2 1 0x007C-0x007C * PBKDF2 1 0x007C-0x007C
* ECP 1 0x007E-0x007E
* *
* High-level module nr (3 bits - 0x1...-0x8...) * High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors * Name ID Nr of Errors
@ -75,6 +76,7 @@
* X509 2 21 * X509 2 21
* DHM 3 6 * DHM 3 6
* RSA 4 9 * RSA 4 9
* ECP 4 1 (Started from top)
* MD 5 4 * MD 5 4
* CIPHER 6 5 * CIPHER 6 5
* SSL 6 2 (Started from top) * SSL 6 2 (Started from top)

3
library/CMakeLists.txt
View file

@ -16,6 +16,9 @@ set(src
debug.c debug.c
des.c des.c
dhm.c dhm.c
ecp.c
ecdh.c
ecdsa.c
entropy.c entropy.c
entropy_poll.c entropy_poll.c
error.c error.c

4
library/Makefile
View file

@ -39,7 +39,9 @@ OBJS= aes.o arc4.o asn1parse.o \
blowfish.o camellia.o \ blowfish.o camellia.o \
certs.o cipher.o cipher_wrap.o \ certs.o cipher.o cipher_wrap.o \
ctr_drbg.o debug.o des.o \ ctr_drbg.o debug.o des.o \
dhm.o entropy.o entropy_poll.o \ dhm.o ecdh.o ecdsa.o \
ecp.o \
entropy.o entropy_poll.o \
error.o gcm.o havege.o \ error.o gcm.o havege.o \
md.o md_wrap.o md2.o \ md.o md_wrap.o md2.o \
md4.o md5.o net.o \ md4.o md5.o net.o \

232
library/ecdh.c Normal file
View file

@ -0,0 +1,232 @@
/*
* Elliptic curve Diffie-Hellman
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* References:
*
* SEC1 http://www.secg.org/index.php?action=secg,docs_secg
* RFC 4492
*/
#include "polarssl/config.h"
#if defined(POLARSSL_ECDH_C)
#include "polarssl/ecdh.h"
/*
* Generate public key: simple wrapper around ecp_gen_keypair
*/
int ecdh_gen_public( const ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
return ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
}
/*
* Compute shared secret (SEC1 3.3.1)
*/
int ecdh_compute_shared( const ecp_group *grp, mpi *z,
const ecp_point *Q, const mpi *d )
{
int ret;
ecp_point P;
ecp_point_init( &P );
/*
* Make sure Q is a valid pubkey before using it
*/
MPI_CHK( ecp_check_pubkey( grp, Q ) );
MPI_CHK( ecp_mul( grp, &P, d, Q ) );
if( ecp_is_zero( &P ) )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
MPI_CHK( mpi_copy( z, &P.X ) );
cleanup:
ecp_point_free( &P );
return( ret );
}
/*
* Initialize context
*/
void ecdh_init( ecdh_context *ctx )
{
ecp_group_init( &ctx->grp );
mpi_init ( &ctx->d );
ecp_point_init( &ctx->Q );
ecp_point_init( &ctx->Qp );
mpi_init ( &ctx->z );
ctx->point_format = POLARSSL_ECP_PF_UNCOMPRESSED;
}
/*
* Free context
*/
void ecdh_free( ecdh_context *ctx )
{
if( ctx == NULL )
return;
ecp_group_free( &ctx->grp );
mpi_free ( &ctx->d );
ecp_point_free( &ctx->Q );
ecp_point_free( &ctx->Qp );
mpi_free ( &ctx->z );
}
/*
* Setup and write the ServerKeyExhange parameters (RFC 4492)
* struct {
* ECParameters curve_params;
* ECPoint public;
* } ServerECDHParams;
*/
int ecdh_make_params( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
size_t grp_len, pt_len;
if( ctx == NULL || ctx->grp.pbits == 0 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
!= 0 )
return( ret );
if( ( ret = ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
!= 0 )
return( ret );
buf += grp_len;
blen -= grp_len;
if( ( ret = ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
&pt_len, buf, blen ) ) != 0 )
return( ret );
*olen = grp_len + pt_len;
return 0;
}
/*
* Read the ServerKeyExhange parameters (RFC 4492)
* struct {
* ECParameters curve_params;
* ECPoint public;
* } ServerECDHParams;
*/
int ecdh_read_params( ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end )
{
int ret;
ecdh_init( ctx );
if( ( ret = ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
return( ret );
if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
!= 0 )
return( ret );
return 0;
}
/*
* Setup and export the client public value
*/
int ecdh_make_public( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
if( ctx == NULL || ctx->grp.pbits == 0 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
!= 0 )
return( ret );
return ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
olen, buf, blen );
}
/*
* Parse and import the client's public value
*/
int ecdh_read_public( ecdh_context *ctx,
const unsigned char *buf, size_t blen )
{
if( ctx == NULL )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
}
/*
* Derive and export the shared secret
*/
int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen )
{
int ret;
if( ctx == NULL )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d ) )
!= 0 )
return( ret );
*olen = mpi_size( &ctx->z );
return mpi_write_binary( &ctx->z, buf, blen );
}
#if defined(POLARSSL_SELF_TEST)
/*
* Checkup routine
*/
int ecdh_self_test( int verbose )
{
return( verbose++ );
}
#endif
#endif /* defined(POLARSSL_ECDH_C) */

190
library/ecdsa.c Normal file
View file

@ -0,0 +1,190 @@
/*
* Elliptic curve DSA
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* References:
*
* SEC1 http://www.secg.org/index.php?action=secg,docs_secg
*/
#include "polarssl/config.h"
#if defined(POLARSSL_ECDSA_C)
#include "polarssl/ecdsa.h"
/*
* Derive a suitable integer for group grp from a buffer of length len
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
*/
static int derive_mpi( const ecp_group *grp, mpi *x,
const unsigned char *buf, size_t blen )
{
size_t n_size = (grp->nbits + 7) / 8;
return( mpi_read_binary( x, buf, blen > n_size ? n_size : blen ) );
}
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
*/
int ecdsa_sign( const ecp_group *grp, mpi *r, mpi *s,
const mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, key_tries, sign_tries;
ecp_point R;
mpi k, e;
ecp_point_init( &R );
mpi_init( &k );
mpi_init( &e );
sign_tries = 0;
do
{
/*
* Steps 1-3: generate a suitable ephemeral keypair
*/
key_tries = 0;
do
{
MPI_CHK( ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
MPI_CHK( mpi_copy( r, &R.X ) );
if( key_tries++ > 10 )
return( POLARSSL_ERR_ECP_GENERIC );
}
while( mpi_cmp_int( r, 0 ) == 0 );
/*
* Step 5: derive MPI from hashed message
*/
MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
/*
* Step 6: compute s = (e + r * d) / k mod n
*/
MPI_CHK( mpi_mul_mpi( s, r, d ) );
MPI_CHK( mpi_add_mpi( &e, &e, s ) );
MPI_CHK( mpi_inv_mod( s, &k, &grp->N ) );
MPI_CHK( mpi_mul_mpi( s, s, &e ) );
MPI_CHK( mpi_mod_mpi( s, s, &grp->N ) );
if( sign_tries++ > 10 )
return( POLARSSL_ERR_ECP_GENERIC );
}
while( mpi_cmp_int( s, 0 ) == 0 );
cleanup:
ecp_point_free( &R );
mpi_free( &k );
mpi_free( &e );
return( ret );
}
/*
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
*/
int ecdsa_verify( const ecp_group *grp,
const unsigned char *buf, size_t blen,
const ecp_point *Q, const mpi *r, const mpi *s)
{
int ret;
mpi e, s_inv, u1, u2;
ecp_point R, P;
ecp_point_init( &R ); ecp_point_init( &P );
mpi_init( &e ); mpi_init( &s_inv ); mpi_init( &u1 ); mpi_init( &u2 );
/*
* Step 1: make sure r and s are in range 1..n-1
*/
if( mpi_cmp_int( r, 1 ) < 0 || mpi_cmp_mpi( r, &grp->N ) >= 0 ||
mpi_cmp_int( s, 1 ) < 0 || mpi_cmp_mpi( s, &grp->N ) >= 0 )
{
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
}
/*
* Additional precaution: make sure Q is valid
*/
MPI_CHK( ecp_check_pubkey( grp, Q ) );
/*
* Step 3: derive MPI from hashed message
*/
MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
/*
* Step 4: u1 = e / s mod n, u2 = r / s mod n
*/
MPI_CHK( mpi_inv_mod( &s_inv, s, &grp->N ) );
MPI_CHK( mpi_mul_mpi( &u1, &e, &s_inv ) );
MPI_CHK( mpi_mod_mpi( &u1, &u1, &grp->N ) );
MPI_CHK( mpi_mul_mpi( &u2, r, &s_inv ) );
MPI_CHK( mpi_mod_mpi( &u2, &u2, &grp->N ) );
/*
* Step 5: R = u1 G + u2 Q
*/
MPI_CHK( ecp_mul( grp, &R, &u1, &grp->G ) );
MPI_CHK( ecp_mul( grp, &P, &u2, Q ) );
MPI_CHK( ecp_add( grp, &R, &R, &P ) );
if( ecp_is_zero( &R ) )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
/*
* Step 6: check that xR == r
*/
if( mpi_cmp_mpi( &R.X, r ) != 0 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
cleanup:
ecp_point_free( &R ); ecp_point_free( &P );
mpi_free( &e ); mpi_free( &s_inv ); mpi_free( &u1 ); mpi_free( &u2 );
return( ret );
}
#if defined(POLARSSL_SELF_TEST)
/*
* Checkup routine
*/
int ecdsa_self_test( int verbose )
{
return( verbose++ );
}
#endif
#endif /* defined(POLARSSL_ECDSA_C) */

1364
library/ecp.c Normal file
View file

File diff suppressed because it is too large Load diff

11
library/error.c
View file

@ -63,6 +63,10 @@
#include "polarssl/dhm.h" #include "polarssl/dhm.h"
#endif #endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
#if defined(POLARSSL_ENTROPY_C) #if defined(POLARSSL_ENTROPY_C)
#include "polarssl/entropy.h" #include "polarssl/entropy.h"
#endif #endif
@ -182,6 +186,13 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" ); snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
#endif /* POLARSSL_DHM_C */ #endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_ECP_C)
if( use_ret == -(POLARSSL_ERR_ECP_BAD_INPUT_DATA) )
snprintf( buf, buflen, "ECP - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_ECP_GENERIC) )
snprintf( buf, buflen, "ECP - Generic ECP error" );
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_MD_C) #if defined(POLARSSL_MD_C)
if( use_ret == -(POLARSSL_ERR_MD_FEATURE_UNAVAILABLE) ) if( use_ret == -(POLARSSL_ERR_MD_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "MD - The selected feature is not available" ); snprintf( buf, buflen, "MD - The selected feature is not available" );

1
programs/.gitignore vendored
View file

@ -29,6 +29,7 @@ ssl/ssl_mail_client
ssl/ssl_server ssl/ssl_server
ssl/ssl_server2 ssl/ssl_server2
test/benchmark test/benchmark
test/ecp-bench
test/o_p_test test/o_p_test
test/selftest test/selftest
test/ssl_cert_test test/ssl_cert_test

5
programs/Makefile
View file

@ -38,6 +38,7 @@ APPS = aes/aescrypt2 aes/crypt_and_hash \
random/gen_random_ctr_drbg \ random/gen_random_ctr_drbg \
test/ssl_cert_test test/benchmark \ test/ssl_cert_test test/benchmark \
test/selftest test/ssl_test \ test/selftest test/ssl_test \
test/ecp-bench \
util/strerror \ util/strerror \
x509/cert_app x509/crl_app \ x509/cert_app x509/crl_app \
x509/cert_req x509/cert_req
@ -174,6 +175,10 @@ test/benchmark: test/benchmark.c ../library/libpolarssl.a
echo " CC test/benchmark.c" echo " CC test/benchmark.c"
$(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c $(LDFLAGS) -o $@ $(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c $(LDFLAGS) -o $@
test/ecp-bench: test/ecp-bench.c ../library/libpolarssl.a
echo " CC test/ecp-bench.c"
$(CC) $(CFLAGS) $(OFLAGS) test/ecp-bench.c $(LDFLAGS) -o $@
test/selftest: test/selftest.c ../library/libpolarssl.a test/selftest: test/selftest.c ../library/libpolarssl.a
echo " CC test/selftest.c" echo " CC test/selftest.c"
$(CC) $(CFLAGS) $(OFLAGS) test/selftest.c $(LDFLAGS) -o $@ $(CC) $(CFLAGS) $(OFLAGS) test/selftest.c $(LDFLAGS) -o $@

3
programs/test/CMakeLists.txt
View file

@ -18,6 +18,9 @@ target_link_libraries(selftest ${libs})
add_executable(benchmark benchmark.c) add_executable(benchmark benchmark.c)
target_link_libraries(benchmark ${libs}) target_link_libraries(benchmark ${libs})
add_executable(ecp-bench ecp-bench.c)
target_link_libraries(ecp-bench ${libs})
add_executable(ssl_test ssl_test.c) add_executable(ssl_test ssl_test.c)
target_link_libraries(ssl_test ${libs}) target_link_libraries(ssl_test ${libs})

73
programs/test/benchmark.c
View file

@ -45,6 +45,7 @@
#include "polarssl/camellia.h" #include "polarssl/camellia.h"
#include "polarssl/gcm.h" #include "polarssl/gcm.h"
#include "polarssl/rsa.h" #include "polarssl/rsa.h"
#include "polarssl/dhm.h"
#include "polarssl/timing.h" #include "polarssl/timing.h"
#include "polarssl/havege.h" #include "polarssl/havege.h"
#include "polarssl/ctr_drbg.h" #include "polarssl/ctr_drbg.h"
@ -120,6 +121,10 @@ int main( int argc, char *argv[] )
#endif #endif
#if defined(POLARSSL_CTR_DRBG_C) #if defined(POLARSSL_CTR_DRBG_C)
ctr_drbg_context ctr_drbg; ctr_drbg_context ctr_drbg;
#endif
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_BIGNUM_C)
dhm_context dhm;
size_t olen = BUFSIZE;
#endif #endif
((void) argc); ((void) argc);
((void) argv); ((void) argv);
@ -505,6 +510,74 @@ int main( int argc, char *argv[] )
rsa_free( &rsa ); rsa_free( &rsa );
#endif #endif
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_BIGNUM_C)
memset( &dhm, 0, sizeof( dhm_context ) );
mpi_read_string( &dhm.P, 16, POLARSSL_DHM_RFC5114_MODP_1024_P );
mpi_read_string( &dhm.G, 16, POLARSSL_DHM_RFC5114_MODP_1024_G );
dhm.len = mpi_size( &dhm.P );
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
mpi_copy( &dhm.GY, &dhm.GX );
printf( HEADER_FORMAT, "DHM-1024" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
dhm_calc_secret( &dhm, buf, &olen );
}
printf( "%9lu handshake/s\n", i / 3 );
dhm_free( &dhm );
memset( &dhm, 0, sizeof( dhm_context ) );
mpi_read_string( &dhm.P, 16, POLARSSL_DHM_RFC3526_MODP_2048_P );
mpi_read_string( &dhm.G, 16, POLARSSL_DHM_RFC3526_MODP_2048_G );
dhm.len = mpi_size( &dhm.P );
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
mpi_copy( &dhm.GY, &dhm.GX );
printf( HEADER_FORMAT, "DHM-2048" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
dhm_calc_secret( &dhm, buf, &olen );
}
printf( "%9lu handshake/s\n", i / 3 );
dhm_free( &dhm );
memset( &dhm, 0, sizeof( dhm_context ) );
mpi_read_string( &dhm.P, 16, POLARSSL_DHM_RFC3526_MODP_3072_P );
mpi_read_string( &dhm.G, 16, POLARSSL_DHM_RFC3526_MODP_3072_G );
dhm.len = mpi_size( &dhm.P );
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
mpi_copy( &dhm.GY, &dhm.GX );
printf( HEADER_FORMAT, "DHM-3072" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
dhm_calc_secret( &dhm, buf, &olen );
}
printf( "%9lu handshake/s\n", i / 3 );
dhm_free( &dhm );
#endif
printf( "\n" ); printf( "\n" );
#if defined(_WIN32) #if defined(_WIN32)

205
programs/test/ecp-bench.c Normal file
View file

@ -0,0 +1,205 @@
/*
* Temporary mini-benchmark for ECP multiplication
* (and comparision with GF(p) exponentation if any argument is given)
*/
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "polarssl/config.h"
#include "polarssl/dhm.h"
#include "polarssl/ecp.h"
#include "polarssl/timing.h"
#include "polarssl/error.h"
#if !defined(POLARSSL_TIMING_C) || !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_DHM_C) || !defined(POLARSSL_ECP_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_{TIMING,BIGNUM,DHM,ECP}_C not defined.\n");
return( 0 );
}
#else
void dhm_bench_case( const char *s, const char *p,
const char *g, const char *x )
{
unsigned long i;
mpi P, G, X, R, C;
mpi_init( &P ); mpi_init( &G ); mpi_init( &X ); mpi_init( &R );
mpi_init( &C );
mpi_read_string( &P, 16, p );
mpi_read_string( &G, 16, g );
mpi_read_string( &X, 16, x );
printf( " MODP-%s : ", s );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
mpi_exp_mod( &R, &G, &X, &P, &C );
printf( "%9lu exp/s\n", i / 3 );
mpi_free( &P ); mpi_free( &G ); mpi_free( &X ); mpi_free( &R );
mpi_free( &C );
}
#define MODP_1024_G \
"205BE4D89282CE6A9488626CA9BCC1264E7C9525903F049D" \
"D6A77315AA12B01467EB1EA21B25569BECEC276623859A8C" \
"518D445DF43DCBA1B75D23B6BB6B96084FA3C10CA8DC1A96" \
"77E26332152233E13F4E6BF3C5D48514BC264A35AF385463" \
"8B8AE5E363BD6AE0B5D44875BB60A73A5E4075FB2037B833" \
"DC382EA6DD458EAE"
#define MODP_1024_X \
"262F6727B2E44AF61981AAAB2AA749F64FD79AD18A1FC999" \
"2E71795130CB69F89BCFB70DB2A0F2A49A825A0AAA50715D" \
"5D9AE98198F0522AECBF8A0A2D331AB0296110617FC685FF" \
"7338F4201329ABDFDEAEC779E4D56CC46A0A38B18DC18DFE" \
"640865426A7360BCCD4E4F82B3686B4804071D4B9F5582ED" \
"E4758F170C3A1415"
#define MODP_2048_G \
"717892E6698EB3CD62113AAE793EA6690791F89290FD83C3" \
"A059F328C5FBD10AB25C1E8F96245836600FC7772AFB42ED" \
"F7A809FC3D38F7794574CAC8A318D41C917EE34C81EA8838" \
"BA6068E81ED3C7F039A83914D044AB2379B3C5C24F0FFD4E" \
"B6642F26F1EDF015AB7829E9EDC8DCD8A4013C76682338E8" \
"3D44B0F4E870CF3134874EAA3AC0803DA2CE30922E251B02" \
"BDDD94137F9DFD41627AE20B7E4137BA94496A4B2AEB0354" \
"8E1C4126A87240B43E23BB574D354EF1AD01FED5627F240C" \
"2F4F5521D2F51DFE0702D18EED6DDF022D93554E7AB67D81" \
"AD4C5256A6AC00DE1AD0751FDCC17F8C7136C194F48A39F5" \
"957B831081C9058CA0C3A03C7C41F1C9"
#define MODP_2048_X \
"AFA7186FC7A0370DE6E3DD95473C9D10C916BD186E41FB48" \
"195D123E5CFE8D237A2A640DCE19B3DD7028C6168084A61D" \
"4E4E218A1D98E0C2C93E2E1516F97E596B50C811CE93417B" \
"905DA6833D1CE41838AEAA9CA6CE36E2430A244A6696E99B" \
"54B6AAC75D4F6FF6F0568145BDBBC83F5F603D698198A8EE" \
"2098F5DCABDD458C465E795520EDD46C3B992EAFACF24A56" \
"263850C9A07165A0CE52B7DC71489CA67AC4A6E6176B547B" \
"A1C233E3C7898C283E82B3E74B9056F84F7B4A10B5CE10FF" \
"7D43107B68F2381E64C77C61474DE8CA70EA8DF935D43CD2" \
"CE208D9F7E468F07A93A74676ED1A3C77CB1CD59E96DCA77" \
"125DE5B672798FC943048FDBB24167B1"
#define MODP_3072_G \
"38B2B12253661411B63E62F3FAC5BE7CF6A416F249E4A039" \
"0884765C18F2EDF93FCC2646B888ED64B783765D576887B1" \
"74ABB76123ECA6537DDC1F95757645F3C870CBFF2D40E40D" \
"C2556A14115C37BE299BDCB0F07AB7AAE0D8FA6CF44A0C22" \
"ED5368922EF028EC2B5B0AB42F858D5D780828A508C252A7" \
"96F8CE7AA9C83D1E820F6991771AAA2286A7754FCCB3AA16" \
"51D840EC788C5DDEAFAAC0C82EAC84EBFF5EB52699BE4020" \
"F62607937EB168766BCC1F786F4FCDDBB66C0BCEA983AE87" \
"5C2DD6C201FBF5C178308E64831D14F12399F21761D13BC1" \
"20B2377FBAD73613FA7B7E443BEE3879E7EEFB0A625A0EBA" \
"2D379E8F5EA62C91BC58A6FCDD5D7435B0E747B7B65A47BE" \
"0CA769DE340E611A98A6DDED72E89486875F02DAE24715E8" \
"3787A5DB53AA28D3F838E7F11EE80F0310C8597B585D6B1A" \
"3991FBD7459ED277C34C9A4AE0AE6DC7EE5C99B14F366129" \
"C3747617B724A2BED48F5BF3106B40E60CC3677780F1A39D" \
"430154C2B460CC676AACC7B34F792621D743D1AC59EDBAC6"
#define MODP_3072_X \
"4391157AD824806F07421C1545AA795E26B120A5CEE427F0" \
"6725BB247E6B2F4C4BE052E4B240B2DD6194B37F3423FA3F" \
"00C3DF9F4C2165662FCCC9B8DE52C19001E8D54E9053A605" \
"24BCA6AB0698632EB5D62451987E89AF0FA63479D344E2A7" \
"58ED8DB5D287600C85A8DD08D9E2E5587177AB6A25A76C71" \
"5BCAA737FB7DC45E371F4DEC13B40CA9D461A99A98847E1B" \
"D9CD1BA02DCC331B5B2256887B7F0139A9E7BEA8A6CDA318" \
"B95E12A1CEE6A26EC070C34C270067C79DBC906295C3C9DF" \
"2FA6D6B637B7CE81B535DB2D6E196F46ED2F92F3EE8EACE1" \
"002349D035550A44B75E76B7A77A6A670EC13E334201B543" \
"B1708295F33B777BD4555A032313C3388DBD5ABC5FB0FEFD" \
"A9A98C0CC4C7E919927BDC8D46B5347A1266A4C8331C2EB0" \
"C93DB67244BD6CE2757BA61A063DDD0DF0561A97786D1299" \
"EBE3EAC838F420D1A0DC9D633B2F16CCE91E436C0413CE6A" \
"F98E0273FC5C08A4EA70D6DC09A1855AFB402E02BD9F261E" \
"863717A552F4A83D4DD5060CB70E2D4D7FFAEE912C2C4408"
void dhm_bench( void )
{
dhm_bench_case( "1024", POLARSSL_DHM_RFC5114_MODP_1024_P,
MODP_1024_G, MODP_1024_X );
dhm_bench_case( "2048", POLARSSL_DHM_RFC3526_MODP_2048_P,
MODP_2048_G, MODP_2048_X );
dhm_bench_case( "3072", POLARSSL_DHM_RFC3526_MODP_3072_P,
MODP_3072_G, MODP_3072_X );
}
void ecp_bench_case( size_t dp, char *s, char *m )
{
unsigned long i;
ecp_group grp;
ecp_point R;
mpi M;
ecp_group_init( &grp ); ecp_point_init( &R ); mpi_init( &M );
ecp_use_known_dp( &grp, dp );
mpi_read_string( &M, 16, m );
printf( " ECP-%s : ", s );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
ecp_mul( &grp, &R, &M, &grp.G );
printf( "%9lu mul/s\n", i / 3 );
ecp_group_free( &grp ); ecp_point_free( &R ); mpi_free( &M );
}
#define ECP_192_M \
"FE61330B02915F25970C2AF8575CBB227E6B6394774E6EC8"
#define ECP_224_M \
"EAC63628087E32F61A383DCAED57E4348081FF3637D95B904C2FD487"
#define ECP_256_M \
"83C4106612BDDB781DD446CF2A873D78AA0620B9003789244A18F83B39B3EA63"
#define ECP_384_M \
"3E45569675A7E2E0E2E663A11E4226FBEF0F99A96CD6E547" \
"9ABDDF36DD9AB7278BCD8B96A0775847A6431D2AF7476CD9"
#define ECP_521_M \
"017F540D09F24EC6B102E8E4A9F14B850442D98C68FB29A6B09B9B9D40E2A750" \
"7F3D2D6C5B6536B607EF2BCEA4797BB3A68F0D745410EB5CFFC7FF7FB17381544E"
void ecp_bench( void )
{
ecp_bench_case( 0, "192", ECP_192_M );
ecp_bench_case( 1, "224", ECP_224_M );
ecp_bench_case( 2, "256", ECP_256_M );
ecp_bench_case( 3, "384", ECP_384_M );
ecp_bench_case( 4, "521", ECP_521_M );
}
int main( int argc, char *argv[] )
{
((void) argv);
if( argc > 1 )
{
dhm_bench();
}
ecp_bench();
return( 0 );
}
#endif

6
programs/test/selftest.c
View file

@ -50,6 +50,7 @@
#include "polarssl/x509.h" #include "polarssl/x509.h"
#include "polarssl/xtea.h" #include "polarssl/xtea.h"
#include "polarssl/pbkdf2.h" #include "polarssl/pbkdf2.h"
#include "polarssl/ecp.h"
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -155,6 +156,11 @@ int main( int argc, char *argv[] )
return( ret ); return( ret );
#endif #endif
#if defined(POLARSSL_ECP_C)
if( ( ret = ecp_self_test( v ) ) != 0 )
return( ret );
#endif
#else #else
printf( " POLARSSL_SELF_TEST not defined.\n" ); printf( " POLARSSL_SELF_TEST not defined.\n" );
#endif #endif

2
scripts/generate_errors.pl
View file

@ -12,7 +12,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM",
"BASE64", "XTEA", "PBKDF2", "BASE64", "XTEA", "PBKDF2",
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
"MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4", "GCM" ); "MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4", "GCM" );
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL" );
my $line_separator = $/; my $line_separator = $/;
undef $/; undef $/;

3
tests/CMakeLists.txt
View file

@ -45,6 +45,9 @@ add_test_suite(ctr_drbg)
add_test_suite(debug) add_test_suite(debug)
add_test_suite(des) add_test_suite(des)
add_test_suite(dhm) add_test_suite(dhm)
add_test_suite(ecp)
add_test_suite(ecdh)
add_test_suite(ecdsa)
add_test_suite(error) add_test_suite(error)
add_test_suite(gcm gcm.encrypt) add_test_suite(gcm gcm.encrypt)
add_test_suite(gcm gcm.decrypt) add_test_suite(gcm gcm.decrypt)

14
tests/Makefile
View file

@ -30,6 +30,8 @@ APPS = test_suite_aes test_suite_arc4 \
test_suite_cipher.des test_suite_cipher.null \ test_suite_cipher.des test_suite_cipher.null \
test_suite_ctr_drbg test_suite_debug \ test_suite_ctr_drbg test_suite_debug \
test_suite_des test_suite_dhm \ test_suite_des test_suite_dhm \
test_suite_ecdh test_suite_ecdsa \
test_suite_ecp \
test_suite_error test_suite_gcm.decrypt \ test_suite_error test_suite_gcm.decrypt \
test_suite_gcm.decrypt test_suite_hmac_shax \ test_suite_gcm.decrypt test_suite_hmac_shax \
test_suite_md test_suite_mdx \ test_suite_md test_suite_mdx \
@ -127,6 +129,18 @@ test_suite_dhm: test_suite_dhm.c ../library/libpolarssl.a
echo " CC $@.c" echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_ecdh: test_suite_ecdh.c ../library/libpolarssl.a
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_ecdsa: test_suite_ecdsa.c ../library/libpolarssl.a
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_ecp: test_suite_ecp.c ../library/libpolarssl.a
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_error: test_suite_error.c ../library/libpolarssl.a test_suite_error: test_suite_error.c ../library/libpolarssl.a
echo " CC $@.c" echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@

46
tests/suites/helpers.function
View file

@ -218,3 +218,49 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
return( 0 ); return( 0 );
} }
/**
* This function returns a buffer given as a hex string.
*
* The buffer is reversed so that the following are equivalent:
* mpi_fill_random( x, len, not_rnd, str );
* mpi_read_string( x, 16, str );
* (So, not random at all. Usefull to match test vectors.)
* Based on unhexify(), just reversed (changes marked by "sic")
*/
static int not_rnd( void *in, unsigned char *out, size_t len )
{
unsigned char *obuf;
const char *ibuf = in;
unsigned char c, c2;
assert( len == strlen(ibuf) / 2 );
assert(!(strlen(ibuf) %1)); // must be even number of bytes
obuf = out + (len - 1); // sic
while (*ibuf != 0)
{
c = *ibuf++;
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
assert( 0 );
c2 = *ibuf++;
if( c2 >= '0' && c2 <= '9' )
c2 -= '0';
else if( c2 >= 'a' && c2 <= 'f' )
c2 -= 'a' - 10;
else if( c2 >= 'A' && c2 <= 'F' )
c2 -= 'A' - 10;
else
assert( 0 );
*obuf-- = ( c << 4 ) | c2; // sic
}
return( 0 );
}

29
tests/suites/test_suite_ecdh.data Normal file
View file

@ -0,0 +1,29 @@
ECDH primitive random #1
ecdh_primitive_random:SECP192R1
ECDH primitive random #2
ecdh_primitive_random:SECP224R1
ECDH primitive random #3
ecdh_primitive_random:SECP256R1
ECDH primitive random #4
ecdh_primitive_random:SECP384R1
ECDH primitive random #5
ecdh_primitive_random:SECP521R1
ECDH primitive rfc 5903 p256
ecdh_primitive_testvec:SECP256R1:C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433:DAD0B65394221CF9B051E1FECA5787D098DFE637FC90B9EF945D0C3772581180:5271A0461CDB8252D61F1C456FA3E59AB1F45B33ACCF5F58389E0577B8990BB3:C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53:D12DFB5289C8D4F81208B70270398C342296970A0BCCB74C736FC7554494BF63:56FBF3CA366CC23E8157854C13C58D6AAC23F046ADA30F8353E74F33039872AB:D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
ECDH primitive rfc 5903 p384
ecdh_primitive_testvec:SECP384R1:099F3C7034D4A2C699884D73A375A67F7624EF7C6B3C0F160647B67414DCE655E35B538041E649EE3FAEF896783AB194:667842D7D180AC2CDE6F74F37551F55755C7645C20EF73E31634FE72B4C55EE6DE3AC808ACB4BDB4C88732AEE95F41AA:9482ED1FC0EEB9CAFC4984625CCFC23F65032149E0E144ADA024181535A0F38EEB9FCFF3C2C947DAE69B4C634573A81C:41CB0779B4BDB85D47846725FBEC3C9430FAB46CC8DC5060855CC9BDA0AA2942E0308312916B8ED2960E4BD55A7448FC:E558DBEF53EECDE3D3FCCFC1AEA08A89A987475D12FD950D83CFA41732BC509D0D1AC43A0336DEF96FDA41D0774A3571:DCFBEC7AACF3196472169E838430367F66EEBE3C6E70C416DD5F0C68759DD1FFF83FA40142209DFF5EAAD96DB9E6386C:11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
ECDH primitive rfc 5903 p521
ecdh_primitive_testvec:SECP521R1:0037ADE9319A89F4DABDB3EF411AACCCA5123C61ACAB57B5393DCE47608172A095AA85A30FE1C2952C6771D937BA9777F5957B2639BAB072462F68C27A57382D4A52:0015417E84DBF28C0AD3C278713349DC7DF153C897A1891BD98BAB4357C9ECBEE1E3BF42E00B8E380AEAE57C2D107564941885942AF5A7F4601723C4195D176CED3E:017CAE20B6641D2EEB695786D8C946146239D099E18E1D5A514C739D7CB4A10AD8A788015AC405D7799DC75E7B7D5B6CF2261A6A7F1507438BF01BEB6CA3926F9582:0145BA99A847AF43793FDD0E872E7CDFA16BE30FDC780F97BCCC3F078380201E9C677D600B343757A3BDBF2A3163E4C2F869CCA7458AA4A4EFFC311F5CB151685EB9:00D0B3975AC4B799F5BEA16D5E13E9AF971D5E9B984C9F39728B5E5739735A219B97C356436ADC6E95BB0352F6BE64A6C2912D4EF2D0433CED2B6171640012D9460F:015C68226383956E3BD066E797B623C27CE0EAC2F551A10C2C724D9852077B87220B6536C5C408A1D2AEBB8E86D678AE49CB57091F4732296579AB44FCD17F0FC56A:01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
ECDH exchange #1
ecdh_exchange:SECP192R1
ECDH exchange #2
ecdh_exchange:SECP521R1

114
tests/suites/test_suite_ecdh.function Normal file
View file

@ -0,0 +1,114 @@
BEGIN_HEADER
#include <polarssl/ecdh.h>
END_HEADER
BEGIN_DEPENDENCIES
depends_on:POLARSSL_ECDH_C:POLARSSL_ECP_C:POLARSSL_BIGNUM_C
END_DEPENDENCIES
BEGIN_CASE
ecdh_primitive_random:id
{
ecp_group grp;
ecp_point qA, qB;
mpi dA, dB, zA, zB;
rnd_pseudo_info rnd_info;
ecp_group_init( &grp );
ecp_point_init( &qA ); ecp_point_init( &qB );
mpi_init( &dA ); mpi_init( &dB );
mpi_init( &zA ); mpi_init( &zB );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( ecdh_compute_shared( &grp, &zA, &qB, &dA ) == 0 );
TEST_ASSERT( ecdh_compute_shared( &grp, &zB, &qA, &dB ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &zA, &zB ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &qA ); ecp_point_free( &qB );
mpi_free( &dA ); mpi_free( &dB );
mpi_free( &zA ); mpi_free( &zB );
}
END_CASE
BEGIN_CASE
ecdh_primitive_testvec:id:dA:xA:yA:dB:xB:yB:z
{
ecp_group grp;
ecp_point qA, qB;
mpi dA, dB, zA, zB, check;
ecp_group_init( &grp );
ecp_point_init( &qA ); ecp_point_init( &qB );
mpi_init( &dA ); mpi_init( &dB );
mpi_init( &zA ); mpi_init( &zB ); mpi_init( &check );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, &not_rnd, "{dA}" ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qA ) );
TEST_ASSERT( mpi_read_string( &check, 16, "{xA}" ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.X, &check ) == 0 );
TEST_ASSERT( mpi_read_string( &check, 16, "{yA}" ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.Y, &check ) == 0 );
TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, &not_rnd, "{dB}" ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qB ) );
TEST_ASSERT( mpi_read_string( &check, 16, "{xB}" ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qB.X, &check ) == 0 );
TEST_ASSERT( mpi_read_string( &check, 16, "{yB}" ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qB.Y, &check ) == 0 );
TEST_ASSERT( mpi_read_string( &check, 16, "{z}" ) == 0 );
TEST_ASSERT( ecdh_compute_shared( &grp, &zA, &qB, &dA ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &zA, &check ) == 0 );
TEST_ASSERT( ecdh_compute_shared( &grp, &zB, &qA, &dB ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &zB, &check ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &qA ); ecp_point_free( &qB );
mpi_free( &dA ); mpi_free( &dB );
mpi_free( &zA ); mpi_free( &zB ); mpi_free( &check );
}
END_CASE
BEGIN_CASE
ecdh_exchange:id
{
ecdh_context srv, cli;
unsigned char buf[1000];
const unsigned char *vbuf;
size_t len;
rnd_pseudo_info rnd_info;
ecdh_init( &srv );
ecdh_init( &cli );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( ecp_use_known_dp( &srv.grp, POLARSSL_ECP_DP_{id} ) == 0 );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( ecdh_make_params( &srv, &len, buf, 1000,
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
memset( buf, 0x00, sizeof( buf ) );
TEST_ASSERT( ecdh_make_public( &cli, &len, buf, 1000,
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdh_read_public( &srv, buf, len ) == 0 );
TEST_ASSERT( ecdh_calc_secret( &srv, &len, buf, 1000 ) == 0 );
TEST_ASSERT( ecdh_calc_secret( &cli, &len, buf, 1000 ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
ecdh_free( &srv );
ecdh_free( &cli );
}
END_CASE

24
tests/suites/test_suite_ecdsa.data Normal file
View file

@ -0,0 +1,24 @@
ECDSA primitive random #1
ecdsa_prim_random:SECP192R1
ECDSA primitive random #2
ecdsa_prim_random:SECP224R1
ECDSA primitive random #3
ecdsa_prim_random:SECP256R1
ECDSA primitive random #4
ecdsa_prim_random:SECP384R1
ECDSA primitive random #5
ecdsa_prim_random:SECP521R1
ECDSA primitive rfc 4754 p256
ecdsa_prim_test_vectors:SECP256R1:DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F:2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970:6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D:9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE:BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD:CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C:86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315
ECDSA primitive rfc 4754 p384
ecdsa_prim_test_vectors:SECP384R1:0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F:96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922:447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA:B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA:CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7:FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3:B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F
ECDSA primitive rfc 4754 p521
ecdsa_prim_test_vectors:SECP521R1:0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1:0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8:006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643:00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F:DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F:0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251:017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660

75
tests/suites/test_suite_ecdsa.function Normal file
View file

@ -0,0 +1,75 @@
BEGIN_HEADER
#include <polarssl/ecdsa.h>
END_HEADER
BEGIN_DEPENDENCIES
depends_on:POLARSSL_ECDSA_C:POLARSSL_ECP_C:POLARSSL_BIGNUM_C
END_DEPENDENCIES
BEGIN_CASE
ecdsa_prim_random:id
{
ecp_group grp;
ecp_point Q;
mpi d, r, s;
rnd_pseudo_info rnd_info;
unsigned char buf[66];
ecp_group_init( &grp );
ecp_point_init( &Q );
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
memset( buf, 0, sizeof( buf ) );
/* prepare material for signature */
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
}
END_CASE
BEGIN_CASE
ecdsa_prim_test_vectors:id:d:xQ:yQ:k:hash:r:s
{
ecp_group grp;
ecp_point Q;
mpi d, r, s, r_check, s_check;
unsigned char buf[66];
size_t len;
ecp_group_init( &grp );
ecp_point_init( &Q );
mpi_init( &d ); mpi_init( &r ); mpi_init( &s );
mpi_init( &r_check ); mpi_init( &s_check );
memset( buf, 0, sizeof( buf ) );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecp_point_read_string( &Q, 16, "{xQ}", "{yQ}" ) == 0 );
TEST_ASSERT( mpi_read_string( &d, 16, "{d}" ) == 0 );
TEST_ASSERT( mpi_read_string( &r_check, 16, "{r}" ) == 0 );
TEST_ASSERT( mpi_read_string( &s_check, 16, "{s}" ) == 0 );
len = unhexify(buf, "{hash}");
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, len,
&not_rnd, "{k}" ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
TEST_ASSERT( ecdsa_verify( &grp, buf, len, &Q, &r_check, &s_check ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );
mpi_free( &d ); mpi_free( &r ); mpi_free( &s );
mpi_free( &r_check ); mpi_free( &s_check );
}
END_CASE

249
tests/suites/test_suite_ecp.data Normal file
View file

@ -0,0 +1,249 @@
ECP small addition #1
ecp_small_add:1:"":"":1:"":"":1:0:0
ECP small addition #2
ecp_small_add:1:"":"":0:"14":"11":0:14:11
ECP small addition #3
ecp_small_add:0:"13":"00":0:"13":"00":1:0:0
ECP small addition #4
ecp_small_add:0:"14":"11":0:"14":"36":1:0:0
ECP small addition #5
ecp_small_add:0:"13":"00":0:"37":"31":0:34:14
ECP small addition #6
ecp_small_add:0:"14":"11":0:"37":"31":0:45:07
ECP small addition #7
ecp_small_add:0:"37":"31":0:"37":"31":0:21:32
ECP small addition #8
ecp_small_add:0:"14":"11":0:"14":"11":0:27:30
ECP small subtraction #1
ecp_small_sub:1:"":"":1:"":"":1:0:0
ECP small subtraction #2
ecp_small_sub:1:"":"":0:"14":"11":0:14:36
ECP small subtraction #3
ecp_small_sub:1:"":"":0:"13":"00":0:13:00
ECP small subtraction #4
ecp_small_sub:0:"13":"00":0:"13":"00":1:0:0
ECP small subtraction #5
ecp_small_sub:0:"14":"11":0:"14":"11":1:0:0
ECP small subtraction #6
ecp_small_sub:0:"13":"00":0:"37":"16":0:34:14
ECP small subtraction #7
ecp_small_sub:0:"14":"11":0:"37":"16":0:45:07
ECP small subtraction #8
ecp_small_sub:0:"37":"31":0:"37":"16":0:21:32
ECP small subtraction #9
ecp_small_sub:0:"14":"11":0:"14":"36":0:27:30
ECP small multiplication negative
ecp_small_mul:-1:0:0:0:POLARSSL_ERR_ECP_GENERIC
ECP small multiplication #0
ecp_small_mul:0:1:0:0:0
ECP small multiplication #1
ecp_small_mul:1:0:17:42:0
ECP small multiplication #2
ecp_small_mul:2:0:20:01:0
ECP small multiplication #3
ecp_small_mul:3:0:14:11:0
ECP small multiplication #4
ecp_small_mul:4:0:34:33:0
ECP small multiplication #5
ecp_small_mul:5:0:21:32:0
ECP small multiplication #6
ecp_small_mul:6:0:27:30:0
ECP small multiplication #7
ecp_small_mul:7:0:27:17:0
ECP small multiplication #8
ecp_small_mul:8:0:21:15:0
ECP small multiplication #9
ecp_small_mul:9:0:34:14:0
ECP small multiplication #10
ecp_small_mul:10:0:14:36:0
ECP small multiplication #11
ecp_small_mul:11:0:20:46:0
ECP small multiplication #12
ecp_small_mul:12:0:17:05:0
ECP small multiplication #13
ecp_small_mul:13:1:0:0:0
ECP small multiplication #14
ecp_small_mul:1:0:17:42:0
ECP small multiplication #15
ecp_small_mul:2:0:20:01:0
ECP small multiplication too big
ecp_small_mul:-1:0:0:0:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #1
ecp_small_check_pub:1:1:0:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #2
ecp_small_check_pub:9:-1:1:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #3
ecp_small_check_pub:9:46:1:0
ECP small check pubkey #4
ecp_small_check_pub:13:47:1:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #5
ecp_small_check_pub:13:0:1:0
ECP small check pubkey #6
ecp_small_check_pub:-1:10:1:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #7
ecp_small_check_pub:46:10:1:0
ECP small check pubkey #8
ecp_small_check_pub:47:2:1:POLARSSL_ERR_ECP_GENERIC
ECP small check pubkey #9
ecp_small_check_pub:0:2:1:0
ECP small check pubkey #10
ecp_small_check_pub:10:25:1:POLARSSL_ERR_ECP_GENERIC
ECP write binary #0 (zero, bad format)
ecp_write_binary:SECP192R1:"01":"01":"00":UNKNOWN:"00":1:POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP write binary #1 (zero, uncompressed, buffer just fits)
ecp_write_binary:SECP192R1:"01":"01":"00":UNCOMPRESSED:"00":1:0
ECP write binary #2 (zero, buffer too small)
ecp_write_binary:SECP192R1:"01":"01":"00":UNCOMPRESSED:"00":0:POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
ECP write binary #3 (non-zero, uncompressed, buffer just fits)
ecp_write_binary:SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":UNCOMPRESSED:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":49:0
ECP write binary #4 (non-zero, uncompressed, buffer too small)
ecp_write_binary:SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":UNCOMPRESSED:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":48:POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
ECP write binary #5 (zero, compressed, buffer just fits)
ecp_write_binary:SECP192R1:"01":"01":"00":COMPRESSED:"00":1:0
ECP write binary #6 (zero, buffer too small)
ecp_write_binary:SECP192R1:"01":"01":"00":COMPRESSED:"00":0:POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
ECP write binary #7 (even, compressed, buffer just fits)
ecp_write_binary:SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":COMPRESSED:"0248d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":25:0
ECP write binary #8 (even, compressed, buffer too small)
ecp_write_binary:SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":COMPRESSED:"0248d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":24:POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
ECP write binary #7 (odd, compressed, buffer just fits)
ecp_write_binary:SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"93112b28345b7d1d7799611e49bea9d8290cb2d7afe1f9f3":"01":COMPRESSED:"0348d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":25:0
ECP read binary #1 (zero, invalid ilen)
ecp_read_binary:SECP192R1:"0000":"01":"01":"00":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP read binary #2 (zero, invalid first byte)
ecp_read_binary:SECP192R1:"01":"01":"01":"00":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP read binary #3 (zero, OK)
ecp_read_binary:SECP192R1:"00":"01":"01":"00":0
ECP read binary #4 (non-zero, invalid ilen)
ecp_read_binary:SECP192R1:"04001122":"01":"01":"00":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP read binary #5 (non-zero, invalid first byte)
ecp_read_binary:SECP192R1:"0548d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP read binary #6 (non-zero, OK)
ecp_read_binary:SECP192R1:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":0
ECP tls read point #1 (zero, invalid length byte)
ecp_tls_read_point:SECP192R1:"0200":"01":"01":"00":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP tls read point #2 (zero, OK)
ecp_tls_read_point:SECP192R1:"0100":"01":"01":"00":0
ECP tls read point #3 (non-zero, invalid length byte)
ecp_tls_read_point:SECP192R1:"300448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":POLARSSL_ERR_ECP_BAD_INPUT_DATA
ECP tls read point #4 (non-zero, OK)
ecp_tls_read_point:SECP192R1:"310448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":0
ECP tls write-read point #1
ecp_tls_write_read_point:SECP192R1
ECP tls write-read point #2
ecp_tls_write_read_point:SECP521R1
ECP tls read group #1 (record too short)
ecp_tls_read_group:"0313":POLARSSL_ERR_ECP_BAD_INPUT_DATA:0
ECP tls read group #2 (bad curve_type)
ecp_tls_read_group:"010013":POLARSSL_ERR_ECP_BAD_INPUT_DATA:0
ECP tls read group #3 (unknown curve)
ecp_tls_read_group:"030010":POLARSSL_ERR_ECP_BAD_INPUT_DATA:0
ECP tls read group #4 (OK, buffer just fits)
ecp_tls_read_group:"030017":0:256
ECP tls read group #5 (OK, buffer continues)
ecp_tls_read_group:"0300180000":0:384
ECP tls write-read group #1
ecp_tls_write_read_group:SECP192R1
ECP tls write-read group #2
ecp_tls_write_read_group:SECP521R1
ECP gen keypair
ecp_gen_keypair:SECP192R1
ECP mod p192 readable
ecp_fast_mod:SECP192R1:"000000000000010500000000000001040000000000000103000000000000010200000000000001010000000000000100"
ECP mod p192 random
ecp_fast_mod:SECP192R1:"36CF96B45D706A0954D89E52CE5F38517A2270E0175849B6F3740151D238CCABEF921437E475881D83BB69E4AA258EBD"
ECP test vectors secp192r1 rfc 5114
ecp_test_vect:SECP192R1:"323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426":"CD46489ECFD6C105E7B3D32566E2B122E249ABAADD870612":"68887B4877DF51DD4DC3D6FD11F0A26F8FD3844317916E9A":"631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62":"519A121680E0045466BA21DF2EEE47F5973B500577EF13D5":"FF613AB4D64CEE3A20875BDB10F953F6B30CA072C60AA57F":"AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE":"4371545ED772A59741D0EDA32C671112B7FDDD51461FCF32"
ECP test vectors secp224r1 rfc 5114
ecp_test_vect:SECP224R1:"B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F":"49DFEF309F81488C304CFF5AB3EE5A2154367DC7833150E0A51F3EEB":"4F2B5EE45762C4F654C1A0C67F54CF88B016B51BCE3D7C228D57ADB4":"AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18":"6B3AC96A8D0CDE6A5599BE8032EDF10C162D0A8AD219506DCD42A207":"D491BE99C213A7D1CA3706DEBFE305F361AFCBB33E2609C8B1618AD5":"52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA":"5F30C6AA36DDC403C0ACB712BB88F1763C3046F6D919BD9C524322BF"
ECP test vectors secp256r1 rfc 5114
ecp_test_vect:SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"B120DE4AA36492795346E8DE6C2C8646AE06AAEA279FA775B3AB0715F6CE51B0":"9F1B7EECE20D7B5ED8EC685FA3F071D83727027092A8411385C34DDE5708B2B6":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50"
ECP test vectors secp384r1 rfc 5114
ecp_test_vect:SECP384R1:"D27335EA71664AF244DD14E9FD1260715DFD8A7965571C48D709EE7A7962A156D706A90CBCB5DF2986F05FEADB9376F1":"793148F1787634D5DA4C6D9074417D05E057AB62F82054D10EE6B0403D6279547E6A8EA9D1FD77427D016FE27A8B8C66":"C6C41294331D23E6F480F4FB4CD40504C947392E94F4C3F06B8F398BB29E42368F7A685923DE3B67BACED214A1A1D128":"52D1791FDB4B70F89C0F00D456C2F7023B6125262C36A7DF1F80231121CCE3D39BE52E00C194A4132C4A6C768BCD94D2":"5CD42AB9C41B5347F74B8D4EFB708B3D5B36DB65915359B44ABC17647B6B9999789D72A84865AE2F223F12B5A1ABC120":"E171458FEAA939AAA3A8BFAC46B404BD8F6D5B348C0FA4D80CECA16356CA933240BDE8723415A8ECE035B0EDF36755DE":"5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E":"0CC59E4B046414A81C8A3BDFDCA92526C48769DD8D3127CAA99B3632D1913942DE362EAFAA962379374D9F3F066841CA"
ECP test vectors secp521r1 rfc 5114
ecp_test_vect:SECP521R1:"0113F82DA825735E3D97276683B2B74277BAD27335EA71664AF2430CC4F33459B9669EE78B3FFB9B8683015D344DCBFEF6FB9AF4C6C470BE254516CD3C1A1FB47362":"01EBB34DD75721ABF8ADC9DBED17889CBB9765D90A7C60F2CEF007BB0F2B26E14881FD4442E689D61CB2DD046EE30E3FFD20F9A45BBDF6413D583A2DBF59924FD35C":"00F6B632D194C0388E22D8437E558C552AE195ADFD153F92D74908351B2F8C4EDA94EDB0916D1B53C020B5EECAED1A5FC38A233E4830587BB2EE3489B3B42A5A86A4":"00CEE3480D8645A17D249F2776D28BAE616952D1791FDB4B70F7C3378732AA1B22928448BCD1DC2496D435B01048066EBE4F72903C361B1A9DC1193DC2C9D0891B96":"010EBFAFC6E85E08D24BFFFCC1A4511DB0E634BEEB1B6DEC8C5939AE44766201AF6200430BA97C8AC6A0E9F08B33CE7E9FEEB5BA4EE5E0D81510C24295B8A08D0235":"00A4A6EC300DF9E257B0372B5E7ABFEF093436719A77887EBB0B18CF8099B9F4212B6E30A1419C18E029D36863CC9D448F4DBA4D2A0E60711BE572915FBD4FEF2695":"00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC":"00F9A71641029B7FC1A808AD07CD4861E868614B865AFBECAB1F2BD4D8B55EBCB5E3A53143CEB2C511B1AE0AF5AC827F60F2FD872565AC5CA0A164038FE980A7E4BD"
ECP selftest
depends_on:POLARSSL_SELF_TEST
ecp_selftest:

472
tests/suites/test_suite_ecp.function Normal file
View file

@ -0,0 +1,472 @@
BEGIN_HEADER
#include <polarssl/ecp.h>
END_HEADER
BEGIN_DEPENDENCIES
depends_on:POLARSSL_ECP_C:POLARSSL_BIGNUM_C
END_DEPENDENCIES
BEGIN_CASE
ecp_small_add:a_zero:x_a:y_a:b_zero:x_b:y_b:c_zero:x_c:y_c
{
ecp_group grp;
ecp_point A, B, C;
ecp_group_init( &grp );
ecp_point_init( &A ); ecp_point_init( &B ); ecp_point_init( &C );
TEST_ASSERT( ecp_group_read_string( &grp, 10,
"47", "4", "17", "42", "13" ) == 0 );
if( {a_zero} )
ecp_set_zero( &A );
else
TEST_ASSERT( ecp_point_read_string( &A, 10, {x_a}, {y_a} ) == 0 );
if( {b_zero} )
ecp_set_zero( &B );
else
TEST_ASSERT( ecp_point_read_string( &B, 10, {x_b}, {y_b} ) == 0 );
TEST_ASSERT( ecp_add( &grp, &C, &A, &B ) == 0 );
if( {c_zero} )
TEST_ASSERT( mpi_cmp_int( &C.Z, 0 ) == 0 );
else
{
TEST_ASSERT( mpi_cmp_int( &C.X, {x_c} ) == 0 );
TEST_ASSERT( mpi_cmp_int( &C.Y, {y_c} ) == 0 );
}
TEST_ASSERT( ecp_add( &grp, &C, &B, &A ) == 0 );
if( {c_zero} )
TEST_ASSERT( mpi_cmp_int( &C.Z, 0 ) == 0 );
else
{
TEST_ASSERT( mpi_cmp_int( &C.X, {x_c} ) == 0 );
TEST_ASSERT( mpi_cmp_int( &C.Y, {y_c} ) == 0 );
}
ecp_group_free( &grp );
ecp_point_free( &A ); ecp_point_free( &B ); ecp_point_free( &C );
}
END_CASE
BEGIN_CASE
ecp_small_sub:a_zero:x_a:y_a:b_zero:x_b:y_b:c_zero:x_c:y_c
{
ecp_group grp;
ecp_point A, B, C;
ecp_group_init( &grp );
ecp_point_init( &A ); ecp_point_init( &B ); ecp_point_init( &C );
TEST_ASSERT( ecp_group_read_string( &grp, 10,
"47", "4", "17", "42", "13" ) == 0 );
if( {a_zero} )
ecp_set_zero( &A );
else
TEST_ASSERT( ecp_point_read_string( &A, 10, {x_a}, {y_a} ) == 0 );
if( {b_zero} )
ecp_set_zero( &B );
else
TEST_ASSERT( ecp_point_read_string( &B, 10, {x_b}, {y_b} ) == 0 );
TEST_ASSERT( ecp_sub( &grp, &C, &A, &B ) == 0 );
if( {c_zero} )
TEST_ASSERT( mpi_cmp_int( &C.Z, 0 ) == 0 );
else
{
TEST_ASSERT( mpi_cmp_int( &C.X, {x_c} ) == 0 );
TEST_ASSERT( mpi_cmp_int( &C.Y, {y_c} ) == 0 );
}
ecp_group_free( &grp );
ecp_point_free( &A ); ecp_point_free( &B ); ecp_point_free( &C );
}
END_CASE
BEGIN_CASE
ecp_small_mul:m:r_zero:x_r:y_r:ret
{
ecp_group grp;
ecp_point R;
mpi m;
ecp_group_init( &grp );
ecp_point_init( &R );
mpi_init( &m );
TEST_ASSERT( ecp_group_read_string( &grp, 10,
"47", "4", "17", "42", "13" ) == 0 );
TEST_ASSERT( mpi_lset( &m, {m} ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &m, &grp.G ) == {ret} );
if( {r_zero} )
TEST_ASSERT( mpi_cmp_int( &R.Z, 0 ) == 0 );
else
{
TEST_ASSERT( mpi_cmp_int( &R.X, {x_r} ) == 0 );
TEST_ASSERT( mpi_cmp_int( &R.Y, {y_r} ) == 0 );
}
ecp_group_free( &grp );
ecp_point_free( &R );
mpi_free( &m );
}
END_CASE
BEGIN_CASE
ecp_small_check_pub:x:y:z:ret
{
ecp_group grp;
ecp_point P;
ecp_group_init( &grp );
ecp_point_init( &P );
TEST_ASSERT( ecp_group_read_string( &grp, 10,
"47", "4", "17", "42", "13" ) == 0 );
TEST_ASSERT( mpi_lset( &P.X, {x} ) == 0 );
TEST_ASSERT( mpi_lset( &P.Y, {y} ) == 0 );
TEST_ASSERT( mpi_lset( &P.Z, {z} ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &P ) == {ret} );
ecp_group_free( &grp );
ecp_point_free( &P );
}
END_CASE
BEGIN_CASE
ecp_test_vect:id:dA:xA:yA:dB:xB:yB:xZ:yZ
{
ecp_group grp;
ecp_point R;
mpi dA, xA, yA, dB, xB, yB, xZ, yZ;
ecp_group_init( &grp ); ecp_point_init( &R );
mpi_init( &dA ); mpi_init( &xA ); mpi_init( &yA ); mpi_init( &dB );
mpi_init( &xB ); mpi_init( &yB ); mpi_init( &xZ ); mpi_init( &yZ );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &grp.G ) == 0 );
TEST_ASSERT( mpi_read_string( &dA, 16, {dA} ) == 0 );
TEST_ASSERT( mpi_read_string( &xA, 16, {xA} ) == 0 );
TEST_ASSERT( mpi_read_string( &yA, 16, {yA} ) == 0 );
TEST_ASSERT( mpi_read_string( &dB, 16, {dB} ) == 0 );
TEST_ASSERT( mpi_read_string( &xB, 16, {xB} ) == 0 );
TEST_ASSERT( mpi_read_string( &yB, 16, {yB} ) == 0 );
TEST_ASSERT( mpi_read_string( &xZ, 16, {xZ} ) == 0 );
TEST_ASSERT( mpi_read_string( &yZ, 16, {yZ} ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dA, &grp.G ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.Y, &yA ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dB, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dB, &grp.G ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xB ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.Y, &yB ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dA, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
ecp_group_free( &grp ); ecp_point_free( &R );
mpi_free( &dA ); mpi_free( &xA ); mpi_free( &yA ); mpi_free( &dB );
mpi_free( &xB ); mpi_free( &yB ); mpi_free( &xZ ); mpi_free( &yZ );
}
END_CASE
BEGIN_CASE
ecp_fast_mod:id:N
{
ecp_group grp;
mpi N, R;
mpi_init( &N ); mpi_init( &R );
ecp_group_init( &grp );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( mpi_read_string( &N, 16, {N} ) == 0 );
/*
* Store correct result before we touch N
*/
TEST_ASSERT( mpi_mod_mpi( &R, &N, &grp.P ) == 0 );
TEST_ASSERT( grp.modp( &N ) == 0 );
TEST_ASSERT( mpi_msb( &N ) <= grp.pbits + 3 );
/*
* Use mod rather than addition/substraction in case previous test fails
*/
TEST_ASSERT( mpi_mod_mpi( &N, &N, &grp.P ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &N, &R ) == 0 );
mpi_free( &N ); mpi_free( &R );
ecp_group_free( &grp );
}
END_CASE
BEGIN_CASE
ecp_write_binary:id:x:y:z:format:out:blen:ret
{
ecp_group grp;
ecp_point P;
unsigned char buf[256], str[512];
size_t olen;
memset( buf, 0, sizeof( buf ) );
memset( str, 0, sizeof( str ) );
ecp_group_init( &grp ); ecp_point_init( &P );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( mpi_read_string( &P.X, 16, {x} ) == 0 );
TEST_ASSERT( mpi_read_string( &P.Y, 16, {y} ) == 0 );
TEST_ASSERT( mpi_read_string( &P.Z, 16, {z} ) == 0 );
#define POLARSSL_ECP_PF_UNKNOWN -1
TEST_ASSERT( ecp_point_write_binary( &grp, &P, POLARSSL_ECP_PF_{format},
&olen, buf, {blen} ) == {ret} );
if( {ret} == 0 )
{
hexify( str, buf, olen );
TEST_ASSERT( strcasecmp( (char *) str, {out} ) == 0 );
}
ecp_group_free( &grp ); ecp_point_free( &P );
}
END_CASE
BEGIN_CASE
ecp_read_binary:id:input:x:y:z:ret
{
ecp_group grp;
ecp_point P;
mpi X, Y, Z;
int ilen;
unsigned char buf[256];
memset( buf, 0, sizeof( buf ) );
ecp_group_init( &grp ); ecp_point_init( &P );
mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( mpi_read_string( &X, 16, {x} ) == 0 );
TEST_ASSERT( mpi_read_string( &Y, 16, {y} ) == 0 );
TEST_ASSERT( mpi_read_string( &Z, 16, {z} ) == 0 );
ilen = unhexify( buf, {input} );
TEST_ASSERT( ecp_point_read_binary( &grp, &P, buf, ilen ) == {ret} );
if( {ret} == 0 )
{
TEST_ASSERT( mpi_cmp_mpi( &P.X, &X ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &P.Y, &Y ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &P.Z, &Z ) == 0 );
}
ecp_group_free( &grp ); ecp_point_free( &P );
mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z );
}
END_CASE
BEGIN_CASE
ecp_tls_read_point:id:input:x:y:z:ret
{
ecp_group grp;
ecp_point P;
mpi X, Y, Z;
size_t ilen;
unsigned char buf[256];
const unsigned char *vbuf = buf;
memset( buf, 0, sizeof( buf ) );
ecp_group_init( &grp ); ecp_point_init( &P );
mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( mpi_read_string( &X, 16, {x} ) == 0 );
TEST_ASSERT( mpi_read_string( &Y, 16, {y} ) == 0 );
TEST_ASSERT( mpi_read_string( &Z, 16, {z} ) == 0 );
ilen = unhexify( buf, {input} );
TEST_ASSERT( ecp_tls_read_point( &grp, &P, &vbuf, ilen ) == {ret} );
if( {ret} == 0 )
{
TEST_ASSERT( mpi_cmp_mpi( &P.X, &X ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &P.Y, &Y ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &P.Z, &Z ) == 0 );
TEST_ASSERT( *vbuf == 0x00 );
}
ecp_group_free( &grp ); ecp_point_free( &P );
mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z );
}
END_CASE
BEGIN_CASE
ecp_tls_write_read_point:id
{
ecp_group grp;
ecp_point pt;
unsigned char buf[256];
const unsigned char *vbuf;
size_t olen;
ecp_group_init( &grp );
ecp_point_init( &pt );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( ecp_tls_write_point( &grp, &grp.G,
POLARSSL_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 );
TEST_ASSERT( ecp_tls_read_point( &grp, &pt, &vbuf, olen )
== POLARSSL_ERR_ECP_BAD_INPUT_DATA );
TEST_ASSERT( vbuf == buf + olen );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( ecp_tls_write_point( &grp, &grp.G,
POLARSSL_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 );
TEST_ASSERT( ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &grp.G.X, &pt.X ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &grp.G.Y, &pt.Y ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &grp.G.Z, &pt.Z ) == 0 );
TEST_ASSERT( vbuf == buf + olen );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( ecp_set_zero( &pt ) == 0 );
TEST_ASSERT( ecp_tls_write_point( &grp, &pt,
POLARSSL_ECP_PF_COMPRESSED, &olen, buf, 256 ) == 0 );
TEST_ASSERT( ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
TEST_ASSERT( ecp_is_zero( &pt ) );
TEST_ASSERT( vbuf == buf + olen );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( ecp_set_zero( &pt ) == 0 );
TEST_ASSERT( ecp_tls_write_point( &grp, &pt,
POLARSSL_ECP_PF_UNCOMPRESSED, &olen, buf, 256 ) == 0 );
TEST_ASSERT( ecp_tls_read_point( &grp, &pt, &vbuf, olen ) == 0 );
TEST_ASSERT( ecp_is_zero( &pt ) );
TEST_ASSERT( vbuf == buf + olen );
ecp_group_free( &grp );
ecp_point_free( &pt );
}
END_CASE
BEGIN_CASE
ecp_tls_read_group:record:ret:bits
{
ecp_group grp;
unsigned char buf[10];
const unsigned char *vbuf = buf;
int len, ret;
ecp_group_init( &grp );
memset( buf, 0x00, sizeof( buf ) );
len = unhexify( buf, {record} );
ret = ecp_tls_read_group( &grp, &vbuf, len );
TEST_ASSERT( ret == {ret} );
if( ret == 0)
{
TEST_ASSERT( mpi_msb( &grp.P ) == {bits} );
TEST_ASSERT( *vbuf == 0x00 );
}
ecp_group_free( &grp );
}
END_CASE
BEGIN_CASE
ecp_tls_write_read_group:id
{
ecp_group grp1, grp2;
unsigned char buf[10];
const unsigned char *vbuf = buf;
size_t len;
int ret;
ecp_group_init( &grp1 );
ecp_group_init( &grp2 );
memset( buf, 0x00, sizeof( buf ) );
TEST_ASSERT( ecp_use_known_dp( &grp1, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecp_tls_write_group( &grp1, &len, buf, 10 ) == 0 );
TEST_ASSERT( ( ret = ecp_tls_read_group( &grp2, &vbuf, len ) ) == 0 );
if( ret == 0 )
{
TEST_ASSERT( mpi_cmp_mpi( &grp1.N, &grp2.N ) == 0 );
TEST_ASSERT( grp1.id == grp2.id );
}
ecp_group_free( &grp1 );
ecp_group_free( &grp2 );
}
END_CASE
BEGIN_CASE
ecp_gen_keypair:id
{
ecp_group grp;
ecp_point Q;
mpi d;
rnd_pseudo_info rnd_info;
ecp_group_init( &grp );
ecp_point_init( &Q );
mpi_init( &d );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( mpi_cmp_mpi( &d, &grp.N ) < 0 );
TEST_ASSERT( mpi_cmp_int( &d, 1 ) >= 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );
mpi_free( &d );
}
END_CASE
BEGIN_CASE
ecp_selftest:
{
TEST_ASSERT( ecp_self_test( 0 ) == 0 );
}
END_CASE