diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt new file mode 100644 index 000000000000..6f9714aaa535 --- /dev/null +++ b/ChangeLog.d/ecp-keypair-utilities.txt @@ -0,0 +1,5 @@ +Features + * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling + gaps made by making its fields private: mbedtls_ecp_set_public_key(), + mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), + mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7f5e880809c0..76aef32fbc61 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1259,9 +1259,56 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Set the public key in a key pair object. + * + * \note This function does not check that the point actually + * belongs to the given group. Call mbedtls_ecp_check_pubkey() + * on \p Q before calling this function to check that. + * + * \note This function does not check that the public key matches + * the private key that is already in \p key, if any. + * To check the consistency of the resulting key pair object, + * call mbedtls_ecp_check_pub_priv() after setting both + * the public key and the private key. + * + * \param grp_id The ECP group identifier. + * \param key The key pair object. It must be initialized. + * If its group has already been set, it must match \p grp_id. + * If its group has not been set, it will be set to \p grp_id. + * If the public key has already been set, it is overwritten. + * \param Q The public key to copy. This must be a point on the + * curve indicated by \p grp_id. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not + * match \p grp_id. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for + * the group is not implemented. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q); + /** * \brief This function reads an elliptic curve private key. * + * \note This function does not set the public key in the + * key pair object. Without a public key, the key pair object + * cannot be used with operations that require the public key. + * Call mbedtls_ecp_keypair_calc_public() to set the public + * key from the private key. Alternatively, you can call + * mbedtls_ecp_set_public_key() to set the public key part, + * and then optionally mbedtls_ecp_check_pub_priv() to check + * that the private and public parts are consistent. + * + * \note If a public key has already been set in the key pair + * object, this function does not check that it is consistent + * with the private key. Call mbedtls_ecp_check_pub_priv() + * after setting both the public key and the private key + * to make that check. + * * \param grp_id The ECP group identifier. * \param key The destination key. * \param buf The buffer containing the binary representation of the @@ -1299,6 +1346,32 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, unsigned char *buf, size_t buflen); +/** + * \brief This function exports an elliptic curve public key. + * + * \param key The public key. + * \param format The point format. This must be either + * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. + * (For groups without these formats, this parameter is + * ignored. But it still has to be either of the above + * values.) + * \param olen The address at which to store the length of + * the output in Bytes. This must not be \c NULL. + * \param buf The output buffer. This must be a writable buffer + * of length \p buflen Bytes. + * \param buflen The length of the output buffer \p buf in Bytes. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer + * is too small to hold the point. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format + * or the export for the given group is not implemented. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen); + /** * \brief This function checks that the keypair objects * \p pub and \p prv have the same group and the @@ -1323,16 +1396,48 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Calculate the public key from a private key in a key pair. + * + * \param key A keypair structure. It must have a private key set. + * If the public key is set, it will be overwritten. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. + * + * \return \c 0 on success. The key pair object can be used for + * operations that require the public key. + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on calculation failure. + */ +int mbedtls_ecp_keypair_calc_public( + mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + +/** \brief Query the group that a key pair belongs to. + * + * \param key The key pair to query. + * + * \return The group ID for the group registered in the key pair + * object. + * This is \c MBEDTLS_ECP_DP_NONE if no group has been set + * in the key pair object. + */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key); + /** * \brief This function exports generic key-pair parameters. * + * Each of the output parameters can be a null pointer + * if you do not need that parameter. + * * \param key The key pair to export from. * \param grp Slot for exported ECP group. - * It must point to an initialized ECP group. + * It must either be null or point to an initialized ECP group. * \param d Slot for the exported secret value. - * It must point to an initialized mpi. + * It must either be null or point to an initialized mpi. * \param Q Slot for the exported public value. - * It must point to an initialized ECP point. + * It must either be null or point to an initialized ECP point. * * \return \c 0 on success, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. diff --git a/library/ecp.c b/library/ecp.c index ee86cbc6e7e9..758d54bd7650 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3198,6 +3198,25 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, } #endif /* MBEDTLS_ECP_C */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (key->grp.id == MBEDTLS_ECP_DP_NONE) { + /* Group not set yet */ + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { + return ret; + } + } else if (key->grp.id != grp_id) { + /* Group mismatch */ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return mbedtls_ecp_copy(&key->Q, Q); +} + + #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 /* @@ -3314,6 +3333,18 @@ int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, return ret; } +/* + * Write a public key. + */ +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen) +{ + return mbedtls_ecp_point_write_binary(&key->grp, &key->Q, + format, olen, buf, buflen); +} + + #if defined(MBEDTLS_ECP_C) /* * Check a public-private key pair @@ -3355,8 +3386,22 @@ int mbedtls_ecp_check_pub_priv( return ret; } + +int mbedtls_ecp_keypair_calc_public(mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, + f_rng, p_rng); +} #endif /* MBEDTLS_ECP_C */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key) +{ + return key->grp.id; +} + /* * Export generic key-pair parameters. */ @@ -3365,15 +3410,15 @@ int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { + if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { return ret; } - if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) { + if (d != NULL && (ret = mbedtls_mpi_copy(d, &key->d)) != 0) { return ret; } - if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { + if (Q != NULL && (ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { return ret; } diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index afd6fb31a4d4..5664b8c4e5db 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -60,8 +60,8 @@ static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) unsigned char buf[300]; size_t len; - if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q), - MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) { + if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf)) != 0) { mbedtls_printf("internal error\n"); return; } @@ -79,6 +79,8 @@ int main(int argc, char *argv[]) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_ecdsa_context ctx_sign, ctx_verify; + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char message[100]; @@ -128,7 +130,10 @@ int main(int argc, char *argv[]) goto exit; } - mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits); + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id(grp_id); + mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); dump_pubkey(" + Public key: ", &ctx_sign); @@ -174,16 +179,13 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Preparing verification context..."); fflush(stdout); - if ((ret = - mbedtls_ecp_group_copy(&ctx_verify.MBEDTLS_PRIVATE(grp), - &ctx_sign.MBEDTLS_PRIVATE(grp))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); goto exit; } - if ((ret = - mbedtls_ecp_copy(&ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); goto exit; } @@ -208,6 +210,7 @@ int main(int argc, char *argv[]) mbedtls_ecdsa_free(&ctx_verify); mbedtls_ecdsa_free(&ctx_sign); + mbedtls_ecp_point_free(&Q); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f6bb2378779d..6914c9390def 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -9,8 +9,19 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " + "not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/ecdsa.h" @@ -61,7 +72,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, return 0; } #endif /* !_WIN32 */ -#endif #if defined(MBEDTLS_ECP_C) #define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id @@ -96,19 +106,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, USAGE_DEV_RANDOM \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C" - "not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -160,6 +157,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -365,12 +427,10 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_printf("curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name); - mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf(" ! key type not supported\n"); @@ -415,5 +475,4 @@ int main(int argc, char *argv[]) mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && - * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 194c4102dd7c..e3a6966050b3 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -53,6 +53,71 @@ int main(void) #else +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + /* * global options */ @@ -219,17 +284,10 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { @@ -269,16 +327,10 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index c07c56464ebe..60f992e43113 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -9,9 +9,21 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ - defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/error.h" @@ -21,7 +33,6 @@ #include #include -#endif #if defined(MBEDTLS_PEM_WRITE_C) #define USAGE_OUT \ @@ -66,20 +77,6 @@ USAGE_OUT \ "\n" -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -176,6 +173,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -338,11 +400,10 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); - mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); @@ -384,10 +445,10 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); @@ -431,5 +492,4 @@ int main(int argc, char *argv[]) mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d3ea8c0e1a06..96d4e46bb5ef 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -325,6 +325,7 @@ def do_analyze_driver_vs_reference(results: Results, outcomes: Outcomes, args) - # is required. 'test_suite_ecp': [ re.compile(r'ECP check public-private .*'), + re.compile(r'ECP calculate public: .*'), re.compile(r'ECP gen keypair .*'), re.compile(r'ECP point muladd .*'), re.compile(r'ECP point multiplication .*'), diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 100299195fc1..01fdc477f7fa 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -529,6 +529,24 @@ ECP check public-private #7 (wrong Qy) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_ecp_check_pub_priv:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ERR_ECP_BAD_INPUT_DATA +ECP calculate public: secp256r1, good +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff" + +ECP calculate public: secp256r1, private value out of range +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_ECP_INVALID_KEY:"" + +# Alice's private key from rfc 7748, masked and adjusted for endianness +# because the test function wants the little-endian representation. +ECP calculate public: Curve25519, good +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"6a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":0:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP calculate public: Curve25519, private value not masked +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"2a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":MBEDTLS_ERR_ECP_INVALID_KEY:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + ECP gen keypair [#1] depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_gen_keypair:MBEDTLS_ECP_DP_SECP192R1 @@ -581,6 +599,48 @@ genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffff ECP generate Montgomery key: Curve448, not enough entropy genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":"" +ECP set public key: invalid group (0) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_NONE:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: valid group (secp256r1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:0 + +ECP set public key: group not supported (secp256r1) +depends_on:!MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: bad group (not in enum) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_MAX:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: secp256r1 then secp256k1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256K1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: secp256r1 then secp384r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP384R1:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + +ECP set public key after private: secp384r1 then secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP384R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + ECP read key #1 (short weierstrass, too small) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 57516248045f..295fe7f151b4 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -590,29 +590,41 @@ void ecp_write_binary(int id, char *x, char *y, char *z, int format, { mbedtls_ecp_group grp; mbedtls_ecp_point P; + mbedtls_ecp_keypair key; unsigned char buf[256]; size_t olen; memset(buf, 0, sizeof(buf)); mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P); + mbedtls_ecp_keypair_init(&key); - TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); + TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.X, x), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Y, y), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Z, z), 0); - TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format, - &olen, buf, blen) == ret); + TEST_EQUAL(mbedtls_ecp_point_write_binary(&grp, &P, format, + &olen, buf, blen), ret); + if (ret == 0) { + TEST_LE_U(olen, MBEDTLS_ECP_MAX_PT_LEN); + ASSERT_COMPARE(buf, olen, + out->x, out->len); + } + memset(buf, 0, blen); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp.id, &key, &P), 0); + TEST_EQUAL(mbedtls_ecp_write_public_key(&key, format, + &olen, buf, blen), ret); if (ret == 0) { - TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN); - TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0); + ASSERT_COMPARE(buf, olen, + out->x, out->len); } exit: mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P); + mbedtls_ecp_keypair_free(&key); } /* END_CASE */ @@ -988,6 +1000,41 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ +void ecp_calc_public(int grp_id, data_t *private_data, + int expected_ret, data_t *expected_public) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_test_rnd_pseudo_info rnd_info; + memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); + + TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); + TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, + private_data->x, private_data->len), 0); + + TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(mbedtls_ecp_check_pub_priv(&key, &key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + 0); + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; + size_t length; + TEST_EQUAL(mbedtls_ecp_point_write_binary(&key.grp, &key.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &length, buf, sizeof(buf)), + 0); + ASSERT_COMPARE(expected_public->x, expected_public->len, buf, length); + } + +exit: + mbedtls_ecp_keypair_free(&key); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ void mbedtls_ecp_gen_keypair(int id) { @@ -1030,6 +1077,7 @@ void mbedtls_ecp_gen_key(int id) &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), id); TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0); TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0); @@ -1038,23 +1086,124 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_set_public_key_group_check(int grp_id, int expected_ret) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), + expected_ret); + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_good(int grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + + /* Freshly initialized key */ + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); + + /* Key with a public key already set to a different value */ + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Z, &key.Q.Z, 1), 0); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, + int public_grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + mbedtls_mpi d; + mbedtls_mpi_init(&d); + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key, + private_data->x, private_data->len), + 0); + TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0); + + int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q); + + if (private_grp_id == public_grp_id) { + TEST_EQUAL(ret, 0); + TEST_EQUAL(key.grp.id, public_grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0); + } else { + TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + } + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); + mbedtls_mpi_free(&d); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical) { int ret = 0; mbedtls_ecp_keypair key; - mbedtls_ecp_keypair key2; - mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_keypair key2; mbedtls_ecp_keypair_init(&key2); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0); + ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len); TEST_ASSERT(ret == expected); if (expected == 0) { + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), grp_id); ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); + if (canonical) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; @@ -1233,6 +1382,28 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Check consistency with the group id */ + TEST_EQUAL(export_grp.id, + mbedtls_ecp_keypair_get_group_id(&key)); + + /* Test null arguments: grp only */ + mbedtls_ecp_group_free(&export_grp); + mbedtls_ecp_group_init(&export_grp); + TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0); + TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Test null arguments: d only */ + mbedtls_mpi_free(&export_d); + mbedtls_mpi_init(&export_d); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); + + /* Test null arguments: Q only */ + mbedtls_ecp_point_free(&export_Q); + mbedtls_ecp_point_init(&export_Q); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); } exit: