Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
external
mbedtls
Commits
48d78a5e
Commit
48d78a5e
authored
Dec 05, 2013
by
Paul Bakker
Browse files
Merged support for Curve25519
parents
498fd354
93f41dbd
Changes
12
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
794 additions
and
98 deletions
+794
-98
ChangeLog
ChangeLog
+2
-0
include/polarssl/bignum.h
include/polarssl/bignum.h
+20
-2
include/polarssl/config.h
include/polarssl/config.h
+4
-0
include/polarssl/ecp.h
include/polarssl/ecp.h
+32
-14
library/bignum.c
library/bignum.c
+44
-6
library/ecdsa.c
library/ecdsa.c
+8
-0
library/ecp.c
library/ecp.c
+402
-67
library/ecp_curves.c
library/ecp_curves.c
+98
-1
tests/suites/test_suite_ecp.data
tests/suites/test_suite_ecp.data
+56
-2
tests/suites/test_suite_ecp.function
tests/suites/test_suite_ecp.function
+74
-6
tests/suites/test_suite_mpi.data
tests/suites/test_suite_mpi.data
+24
-0
tests/suites/test_suite_mpi.function
tests/suites/test_suite_mpi.function
+30
-0
No files found.
ChangeLog
View file @
48d78a5e
...
...
@@ -5,6 +5,7 @@ Features
* EC key generation support in gen_key app
* Support for adhering to client ciphersuite order preference
(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
* Support for Curve25519
Changes
* gen_prime() speedup
...
...
@@ -15,6 +16,7 @@ Changes
* Split off curves from ecp.c into ecp_curves.c
Bugfix
* Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int
* Fixed X.509 hostname comparison (with non-regular characters)
* SSL now gracefully handles missing RNG
* Missing defines / cases for RSA_PSK key exchange
...
...
include/polarssl/bignum.h
View file @
48d78a5e
...
...
@@ -236,11 +236,10 @@ void mpi_swap( mpi *X, mpi *Y );
*
* \param X MPI to conditionally assign to
* \param Y Value to be assigned
* \param assign 1: perform the assignment, 0:
leave X untouched
* \param assign 1: perform the assignment, 0:
keep X's original value
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if assing is not 0 or 1
*
* \note This function is equivalent to
* if( assign ) mpi_copy( X, Y );
...
...
@@ -251,6 +250,25 @@ void mpi_swap( mpi *X, mpi *Y );
*/
int
mpi_safe_cond_assign
(
mpi
*
X
,
const
mpi
*
Y
,
unsigned
char
assign
);
/**
* \brief Safe conditional swap X <-> Y if swap is 1
*
* \param X First mpi value
* \param Y Second mpi value
* \param assign 1: perform the swap, 0: keep X and Y's original values
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
*
* \note This function is equivalent to
* if( assign ) mpi_swap( X, Y );
* except that it avoids leaking any information about whether
* the assignment was done or not (the above code may leak
* information through branch prediction and/or memory access
* patterns analysis).
*/
int
mpi_safe_cond_swap
(
mpi
*
X
,
mpi
*
Y
,
unsigned
char
assign
);
/**
* \brief Set value from integer
*
...
...
include/polarssl/config.h
View file @
48d78a5e
...
...
@@ -248,6 +248,10 @@
#define POLARSSL_ECP_DP_BP256R1_ENABLED
#define POLARSSL_ECP_DP_BP384R1_ENABLED
#define POLARSSL_ECP_DP_BP512R1_ENABLED
//#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet!
#define POLARSSL_ECP_DP_M255_ENABLED
//#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet!
//#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet!
/**
* \def POLARSSL_ECP_NIST_OPTIM
...
...
include/polarssl/ecp.h
View file @
48d78a5e
...
...
@@ -64,10 +64,16 @@ typedef enum
POLARSSL_ECP_DP_BP256R1
,
/*!< 256-bits Brainpool curve */
POLARSSL_ECP_DP_BP384R1
,
/*!< 384-bits Brainpool curve */
POLARSSL_ECP_DP_BP512R1
,
/*!< 512-bits Brainpool curve */
POLARSSL_ECP_DP_M221
,
/*!< (not implemented yet) */
POLARSSL_ECP_DP_M255
,
/*!< Curve25519 */
POLARSSL_ECP_DP_M383
,
/*!< (not implemented yet) */
POLARSSL_ECP_DP_M511
,
/*!< (not implemented yet) */
}
ecp_group_id
;
/**
* Number of supported curves (plus one for NONE)
* Number of supported curves (plus one for NONE).
*
* (Montgomery curves excluded for now.)
*/
#define POLARSSL_ECP_DP_MAX 9
...
...
@@ -102,10 +108,16 @@ ecp_point;
/**
* \brief ECP group structure
*
* The curves we consider are defined by y^2 = x^3 + A x + B mod P,
* and a generator for a large subgroup of order N is fixed.
* We consider two types of curves equations:
* 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
* 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (M255 + draft)
* In both cases, a generator G for a prime-order subgroup is fixed. In the
* short weierstrass, this subgroup is actually the whole curve, and its
* cardinal is denoted by N.
*
* pbits and nbits must be the size of P and N in bits.
* In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
* the quantity actualy used in the formulas. Also, nbits is not the size of N
* but the required size for private keys.
*
* If modp is NULL, reduction modulo P is done using a generic algorithm.
* Otherwise, it must point to a function that takes an mpi in the range
...
...
@@ -118,18 +130,18 @@ typedef struct
{
ecp_group_id
id
;
/*!< internal group identifier */
mpi
P
;
/*!< prime modulus of the base field */
mpi
A
;
/*!<
linear term
in the equation
*/
mpi
B
;
/*!<
constant term
in the equation
*/
ecp_point
G
;
/*!< generator of the subgroup used
*/
mpi
N
;
/*!< the order of G
*/
mpi
A
;
/*!<
1. A
in the equation
, or 2. (A + 2) / 4
*/
mpi
B
;
/*!<
1. B
in the equation
, or 2. unused
*/
ecp_point
G
;
/*!< generator of the
(
sub
)
group used */
mpi
N
;
/*!<
1.
the order of G
, or 2. unused
*/
size_t
pbits
;
/*!< number of bits in P */
size_t
nbits
;
/*!< number of bits in
N
*/
unsigned
int
h
;
/*!<
cofactor (unused now: assume 1)
*/
size_t
nbits
;
/*!< number of bits in
1. P, or 2. private keys
*/
unsigned
int
h
;
/*!<
unused
*/
int
(
*
modp
)(
mpi
*
);
/*!< function for fast reduction mod P */
int
(
*
t_pre
)(
ecp_point
*
,
void
*
);
/*!<
currently unused
*/
int
(
*
t_post
)(
ecp_point
*
,
void
*
);
/*!<
currently unused
*/
void
*
t_data
;
/*!<
currently unused
*/
ecp_point
*
T
;
/*!< pre-computed points for ecp_mul
()
*/
int
(
*
t_pre
)(
ecp_point
*
,
void
*
);
/*!<
unused
*/
int
(
*
t_post
)(
ecp_point
*
,
void
*
);
/*!<
unused
*/
void
*
t_data
;
/*!<
unused
*/
ecp_point
*
T
;
/*!< pre-computed points for ecp_mul
_comb()
*/
size_t
T_size
;
/*!< number for pre-computed points */
}
ecp_group
;
...
...
@@ -438,6 +450,9 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*
* \note This function does not support Montgomery curves, such as
* Curve25519.
*/
int
ecp_add
(
const
ecp_group
*
grp
,
ecp_point
*
R
,
const
ecp_point
*
P
,
const
ecp_point
*
Q
);
...
...
@@ -452,6 +467,9 @@ int ecp_add( const ecp_group *grp, ecp_point *R,
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*
* \note This function does not support Montgomery curves, such as
* Curve25519.
*/
int
ecp_sub
(
const
ecp_group
*
grp
,
ecp_point
*
R
,
const
ecp_point
*
P
,
const
ecp_point
*
Q
);
...
...
library/bignum.c
View file @
48d78a5e
...
...
@@ -214,16 +214,16 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign )
int
ret
=
0
;
size_t
i
;
if
(
assign
*
(
1
-
assign
)
!=
0
)
return
(
POLARSSL_ERR_MPI_BAD_INPUT_DATA
);
/* make sure assign is 0 or 1 */
assign
=
(
assign
!=
0
);
if
(
Y
->
n
>
X
->
n
)
MPI_CHK
(
mpi_grow
(
X
,
Y
->
n
)
);
MPI_CHK
(
mpi_grow
(
X
,
Y
->
n
)
);
/* Do the conditional assign safely */
X
->
s
=
X
->
s
*
(
1
-
assign
)
+
Y
->
s
*
assign
;
for
(
i
=
0
;
i
<
Y
->
n
;
i
++
)
X
->
p
[
i
]
=
X
->
p
[
i
]
*
(
1
-
assign
)
+
Y
->
p
[
i
]
*
assign
;
for
(
;
i
<
X
->
n
;
i
++
)
X
->
p
[
i
]
*=
(
1
-
assign
);
...
...
@@ -231,6 +231,43 @@ cleanup:
return
(
ret
);
}
/*
* Conditionally swap X and Y, without leaking information
* about whether the swap was made or not.
* Here it is not ok to simply swap the pointers, which whould lead to
* different memory access patterns when X and Y are used afterwards.
*/
int
mpi_safe_cond_swap
(
mpi
*
X
,
mpi
*
Y
,
unsigned
char
swap
)
{
int
ret
,
s
;
size_t
i
;
t_uint
tmp
;
if
(
X
==
Y
)
return
(
0
);
/* make sure swap is 0 or 1 */
swap
=
(
swap
!=
0
);
MPI_CHK
(
mpi_grow
(
X
,
Y
->
n
)
);
MPI_CHK
(
mpi_grow
(
Y
,
X
->
n
)
);
s
=
X
->
s
;
X
->
s
=
X
->
s
*
(
1
-
swap
)
+
Y
->
s
*
swap
;
Y
->
s
=
Y
->
s
*
(
1
-
swap
)
+
s
*
swap
;
for
(
i
=
0
;
i
<
X
->
n
;
i
++
)
{
tmp
=
X
->
p
[
i
];
X
->
p
[
i
]
=
X
->
p
[
i
]
*
(
1
-
swap
)
+
Y
->
p
[
i
]
*
swap
;
Y
->
p
[
i
]
=
Y
->
p
[
i
]
*
(
1
-
swap
)
+
tmp
*
swap
;
}
cleanup:
return
(
ret
);
}
/*
* Set value from integer
*/
...
...
@@ -280,7 +317,8 @@ int mpi_set_bit( mpi *X, size_t pos, unsigned char val )
MPI_CHK
(
mpi_grow
(
X
,
off
+
1
)
);
}
X
->
p
[
off
]
=
(
X
->
p
[
off
]
&
~
(
0x01
<<
idx
)
)
|
(
val
<<
idx
);
X
->
p
[
off
]
&=
~
(
(
t_uint
)
0x01
<<
idx
);
X
->
p
[
off
]
|=
(
t_uint
)
val
<<
idx
;
cleanup:
...
...
library/ecdsa.c
View file @
48d78a5e
...
...
@@ -59,6 +59,10 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
ecp_point
R
;
mpi
k
,
e
;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if
(
grp
->
N
.
p
==
NULL
)
return
(
POLARSSL_ERR_ECP_BAD_INPUT_DATA
);
ecp_point_init
(
&
R
);
mpi_init
(
&
k
);
mpi_init
(
&
e
);
...
...
@@ -129,6 +133,10 @@ int ecdsa_verify( ecp_group *grp,
ecp_point_init
(
&
R
);
ecp_point_init
(
&
P
);
mpi_init
(
&
e
);
mpi_init
(
&
s_inv
);
mpi_init
(
&
u1
);
mpi_init
(
&
u2
);
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if
(
grp
->
N
.
p
==
NULL
)
return
(
POLARSSL_ERR_ECP_BAD_INPUT_DATA
);
/*
* Step 1: make sure r and s are in range 1..n-1
*/
...
...
library/ecp.c
View file @
48d78a5e
This diff is collapsed.
Click to expand it.
library/ecp_curves.c
View file @
48d78a5e
...
...
@@ -322,16 +322,29 @@ cleanup:
#if defined(POLARSSL_ECP_NIST_OPTIM)
/* Forward declarations */
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
static
int
ecp_mod_p192
(
mpi
*
);
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
static
int
ecp_mod_p224
(
mpi
*
);
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
static
int
ecp_mod_p256
(
mpi
*
);
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
static
int
ecp_mod_p384
(
mpi
*
);
#endif
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
static
int
ecp_mod_p521
(
mpi
*
);
#endif
#if defined(POLARSSL_ECP_DP_M255_ENABLED)
static
int
ecp_mod_p255
(
mpi
*
);
#endif
#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
#else
#define NIST_MODP( P )
#endif
#endif
/* POLARSSL_ECP_NIST_OPTIM */
#define LOAD_GROUP( G ) ecp_group_read_binary( grp, \
G ## _p, sizeof( G ## _p ), \
...
...
@@ -341,11 +354,45 @@ static int ecp_mod_p521( mpi * );
G ## _gy, sizeof( G ## _gy ), \
G ## _n, sizeof( G ## _n ) )
/*
* Specialized function for creating the Curve25519 group
*/
static
int
ecp_use_curve25519
(
ecp_group
*
grp
)
{
int
ret
;
/* Actually ( A + 2 ) / 4 */
MPI_CHK
(
mpi_read_string
(
&
grp
->
A
,
16
,
"01DB42"
)
);
/* P = 2^255 - 19 */
MPI_CHK
(
mpi_lset
(
&
grp
->
P
,
1
)
);
MPI_CHK
(
mpi_shift_l
(
&
grp
->
P
,
255
)
);
MPI_CHK
(
mpi_sub_int
(
&
grp
->
P
,
&
grp
->
P
,
19
)
);
grp
->
pbits
=
mpi_msb
(
&
grp
->
P
);
/* Y intentionaly not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
MPI_CHK
(
mpi_lset
(
&
grp
->
G
.
X
,
9
)
);
MPI_CHK
(
mpi_lset
(
&
grp
->
G
.
Z
,
1
)
);
mpi_free
(
&
grp
->
G
.
Y
);
/* Actually, the required msb for private keys */
grp
->
nbits
=
254
;
cleanup:
if
(
ret
!=
0
)
ecp_group_free
(
grp
);
return
(
ret
);
}
/*
* Set a group using well-known domain parameters
*/
int
ecp_use_known_dp
(
ecp_group
*
grp
,
ecp_group_id
id
)
{
ecp_group_free
(
grp
);
grp
->
id
=
id
;
switch
(
id
)
...
...
@@ -395,6 +442,12 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
return
(
LOAD_GROUP
(
brainpoolP512r1
)
);
#endif
/* POLARSSL_ECP_DP_BP512R1_ENABLED */
#if defined(POLARSSL_ECP_DP_M255_ENABLED)
case
POLARSSL_ECP_DP_M255
:
grp
->
modp
=
ecp_mod_p255
;
return
(
ecp_use_curve25519
(
grp
)
);
#endif
/* POLARSSL_ECP_DP_M255_ENABLED */
default:
ecp_group_free
(
grp
);
return
(
POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
);
...
...
@@ -804,4 +857,48 @@ cleanup:
#endif
/* POLARSSL_ECP_NIST_OPTIM */
#if defined(POLARSSL_ECP_DP_M255_ENABLED)
/* Size of p255 in terms of t_uint */
#define P255_WIDTH ( 255 / 8 / sizeof( t_uint ) + 1 )
/*
* Fast quasi-reduction modulo p255 = 2^255 - 19
* Write N as A1 + 2^255 A1, return A0 + 19 * A1
*/
static
int
ecp_mod_p255
(
mpi
*
N
)
{
int
ret
;
size_t
i
;
mpi
M
;
t_uint
Mp
[
P255_WIDTH
+
2
];
if
(
N
->
n
<
P255_WIDTH
)
return
(
0
);
/* M = A1 */
M
.
s
=
1
;
M
.
n
=
N
->
n
-
(
P255_WIDTH
-
1
);
if
(
M
.
n
>
P255_WIDTH
+
1
)
M
.
n
=
P255_WIDTH
+
1
;
M
.
p
=
Mp
;
memset
(
Mp
,
0
,
sizeof
Mp
);
memcpy
(
Mp
,
N
->
p
+
P255_WIDTH
-
1
,
M
.
n
*
sizeof
(
t_uint
)
);
MPI_CHK
(
mpi_shift_r
(
&
M
,
255
%
(
8
*
sizeof
(
t_uint
)
)
)
);
M
.
n
++
;
/* Make room for multiplication by 19 */
/* N = A0 */
mpi_set_bit
(
N
,
255
,
0
);
for
(
i
=
P255_WIDTH
;
i
<
N
->
n
;
i
++
)
N
->
p
[
i
]
=
0
;
/* N = A0 + 19 * A1 */
MPI_CHK
(
mpi_mul_int
(
&
M
,
&
M
,
19
)
);
MPI_CHK
(
mpi_add_abs
(
N
,
N
,
&
M
)
);
cleanup:
return
(
ret
);
}
#endif
/* POLARSSL_ECP_DP_M255_ENABLED */
#endif
tests/suites/test_suite_ecp.data
View file @
48d78a5e
...
...
@@ -159,6 +159,12 @@ ecp_small_check_pub:0:2:1:0
ECP small check pubkey #10
ecp_small_check_pub:10:25:1:POLARSSL_ERR_ECP_INVALID_KEY
ECP check pubkey Montgomery #1 (too big)
ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":POLARSSL_ERR_ECP_INVALID_KEY
ECP check pubkey Montgomery #2 (biggest)
ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0
ECP write binary #0 (zero, bad format)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_write_binary:POLARSSL_ECP_DP_SECP192R1:"01":"01":"00":POLARSSL_ECP_PF_UNKNOWN:"00":1:POLARSSL_ERR_ECP_BAD_INPUT_DATA
...
...
@@ -271,14 +277,58 @@ ECP tls write-read group #2
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_group:POLARSSL_ECP_DP_SECP521R1
ECP check privkey
ECP check privkey
#1 (short weierstrass, too small)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1:"00":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #2 (short weierstrass, smallest)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1:"01":0
ECP check privkey #3 (short weierstrass, biggest)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830":0
ECP check privkey #4 (short weierstrass, too big)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #5 (montgomery, too big)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"C000000000000000000000000000000000000000000000000000000000000000":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #6 (montgomery, not big enough)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #7 (montgomery, msb OK)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"4000000000000000000000000000000000000000000000000000000000000000":0
ECP check privkey #8 (montgomery, bit 0 set)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"4000000000000000000000000000000000000000000000000000000000000001":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #9 (montgomery, bit 1 set)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"4000000000000000000000000000000000000000000000000000000000000002":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #10 (montgomery, bit 2 set)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"4000000000000000000000000000000000000000000000000000000000000004":POLARSSL_ERR_ECP_INVALID_KEY
ECP check privkey #11 (montgomery, OK)
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":0
ECP gen keypair
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
ECP gen keypair
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_M255
ECP gen keypair wrapper
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_key:POLARSSL_ECP_DP_SECP192R1
...
...
@@ -367,5 +417,9 @@ ECP test vectors brainpoolP512r1 rfc 7027
depends_on:POLARSSL_ECP_DP_BP512R1_ENABLED
ecp_test_vect:POLARSSL_ECP_DP_BP512R1:"16302FF0DBBB5A8D733DAB7141C1B45ACBC8715939677F6A56850A38BD87BD59B09E80279609FF333EB9D4C061231FB26F92EEB04982A5F1D1764CAD57665422":"0A420517E406AAC0ACDCE90FCD71487718D3B953EFD7FBEC5F7F27E28C6149999397E91E029E06457DB2D3E640668B392C2A7E737A7F0BF04436D11640FD09FD":"72E6882E8DB28AAD36237CD25D580DB23783961C8DC52DFA2EC138AD472A0FCEF3887CF62B623B2A87DE5C588301EA3E5FC269B373B60724F5E82A6AD147FDE7":"230E18E1BCC88A362FA54E4EA3902009292F7F8033624FD471B5D8ACE49D12CFABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429":"9D45F66DE5D67E2E6DB6E93A59CE0BB48106097FF78A081DE781CDB31FCE8CCBAAEA8DD4320C4119F1E9CD437A2EAB3731FA9668AB268D871DEDA55A5473199F":"2FDC313095BCDD5FB3A91636F07A959C8E86B5636A1E930E8396049CB481961D365CC11453A06C719835475B12CB52FC3C383BCE35E27EF194512B71876285FA":"A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F":"7DB71C3DEF63212841C463E881BDCF055523BD368240E6C3143BD8DEF8B3B3223B95E0F53082FF5E412F4222537A43DF1C6D25729DDB51620A832BE6A26680A2"
ECP test vectors M255 aka Curve25519
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_test_vec_x:POLARSSL_ECP_DP_M255:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"057E23EA9F1CBE8A27168F6E696A791DE61DD3AF7ACD4EEACC6E7BA514FDA863":"47DC3D214174820E1154B49BC6CDB2ABD45EE95817055D255AA35831B70D3260":"6EB89DA91989AE37C7EAC7618D9E5C4951DBA1D73C285AE1CD26A855020EEF04":"61450CD98E36016B58776A897A9F0AEF738B99F09468B8D6B8511184D53494AB"
ECP selftest
ecp_selftest:
tests/suites/test_suite_ecp.function
View file @
48d78a5e
...
...
@@ -188,6 +188,27 @@ void ecp_small_check_pub( int x, int y, int z, int ret )
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_check_pub_mx( int grp_id, char *key_hex, int ret )
{
ecp_group grp;
ecp_point P;
ecp_group_init( &grp );
ecp_point_init( &P );
TEST_ASSERT( ecp_use_known_dp( &grp, grp_id ) == 0 );
TEST_ASSERT( mpi_read_string( &P.X, 16, key_hex ) == 0 );
TEST_ASSERT( mpi_lset( &P.Z, 1 ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &P ) == ret );
ecp_group_free( &grp );
ecp_point_free( &P );
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xB_str, char *yB_str, char *xZ_str,
...
...
@@ -242,6 +263,56 @@ void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_test_vec_x( int id, char *dA_hex, char *xA_hex,
char *dB_hex, char *xB_hex, char *xS_hex )
{
ecp_group grp;
ecp_point R;
mpi dA, xA, dB, xB, xS;
rnd_pseudo_info rnd_info;
ecp_group_init( &grp ); ecp_point_init( &R );
mpi_init( &dA ); mpi_init( &xA );
mpi_init( &dB ); mpi_init( &xB );
mpi_init( &xS );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &grp.G ) == 0 );
TEST_ASSERT( mpi_read_string( &dA, 16, dA_hex ) == 0 );
TEST_ASSERT( mpi_read_string( &dB, 16, dB_hex ) == 0 );
TEST_ASSERT( mpi_read_string( &xA, 16, xA_hex ) == 0 );
TEST_ASSERT( mpi_read_string( &xB, 16, xB_hex ) == 0 );
TEST_ASSERT( mpi_read_string( &xS, 16, xS_hex ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dA, &grp.G,
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dB, &R,
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xS ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xB ) == 0 );
TEST_ASSERT( ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &R.X, &xS ) == 0 );
ecp_group_free( &grp ); ecp_point_free( &R );
mpi_free( &dA ); mpi_free( &xA );
mpi_free( &dB ); mpi_free( &xB );
mpi_free( &xS );
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_fast_mod( int id, char *N_str )
{
...
...
@@ -490,7 +561,7 @@ void ecp_tls_write_read_group( int id )
/* END_CASE */
/* BEGIN_CASE */
void ecp_check_privkey( int id )
void ecp_check_privkey( int id
, char *key_hex, int ret
)
{
ecp_group grp;
mpi d;
...
...
@@ -499,12 +570,9 @@ void ecp_check_privkey( int id )
mpi_init( &d );
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
TEST_ASSERT( mpi_read_string( &d, 16, key_hex ) == 0 );
TEST_ASSERT( mpi_lset( &d, 0 ) == 0 );
TEST_ASSERT( ecp_check_privkey( &grp, &d ) == POLARSSL_ERR_ECP_INVALID_KEY );
TEST_ASSERT( mpi_copy( &d, &grp.N ) == 0 );
TEST_ASSERT( ecp_check_privkey( &grp, &d ) == POLARSSL_ERR_ECP_INVALID_KEY );
TEST_ASSERT( ecp_check_privkey( &grp, &d ) == ret );
ecp_group_free( &grp );
mpi_free( &d );
...
...
tests/suites/test_suite_mpi.data
View file @
48d78a5e
...
...
@@ -223,6 +223,24 @@ mpi_safe_cond_assign:-1:"01":+1:"02"
Test mpi_safe_cond_assign #6
mpi_safe_cond_assign:-1:"01":-1:"02"
Test mpi_safe_cond_swap #1
mpi_safe_cond_swap:+1:"01":+1:"02"
Test mpi_safe_cond_swap #2
mpi_safe_cond_swap:+1:"FF000000000000000001":+1:"02"
Test mpi_safe_cond_swap #3
mpi_safe_cond_swap:+1:"01":+1:"FF000000000000000002"
Test mpi_safe_cond_swap #4
mpi_safe_cond_swap:+1:"01":-1:"02"
Test mpi_safe_cond_swap #5
mpi_safe_cond_swap:-1:"01":+1:"02"
Test mpi_safe_cond_swap #6
mpi_safe_cond_swap:-1:"01":-1:"02"
Base test mpi_add_abs #1
mpi_add_abs:10:"12345678":10:"642531":10:"12988209"
...
...
@@ -665,6 +683,12 @@ mpi_set_bit:10:"49979687":80:0:10:"49979687"
Test bit set (Add above existing limbs with a 1)
mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863"
Test bit set (Bit index larger than 31 with a 0)
mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF"
Test bit set (Bit index larger than 31 with a 1)
mpi_set_bit:16:"00":32:1:16:"0100000000"
MPI Selftest
depends_on:POLARSSL_SELF_TEST
mpi_selftest:
tests/suites/test_suite_mpi.function
View file @
48d78a5e