Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
TLS 1.3: Enable and add tests
diff --git a/ChangeLog.d/bug_order_x448.txt b/ChangeLog.d/bug_order_x448.txt
new file mode 100644
index 0000000..cebefc4
--- /dev/null
+++ b/ChangeLog.d/bug_order_x448.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix order value of curve x448.
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 6b8ff5c..51956cd 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -4737,6 +4737,8 @@
ECP_VALIDATE_RET( grp != NULL );
mbedtls_ecp_group_free( grp );
+ mbedtls_ecp_group_init( grp );
+
grp->id = id;
switch( id )
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b1f0c90..119826f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2280,4 +2280,16 @@
mbedtls_pk_context *own_key,
uint16_t *algorithm );
+#if defined(MBEDTLS_SSL_ALPN)
+int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end );
+
+
+int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len );
+#endif /* MBEDTLS_SSL_ALPN */
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ba6d47d..5fa02d2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8285,4 +8285,125 @@
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_SSL_ALPN)
+int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t protocol_name_list_len;
+ const unsigned char *protocol_name_list;
+ const unsigned char *protocol_name_list_end;
+ size_t protocol_name_len;
+
+ /* If ALPN not configured, just ignore the extension */
+ if( ssl->conf->alpn_list == NULL )
+ return( 0 );
+
+ /*
+ * RFC7301, section 3.1
+ * opaque ProtocolName<1..2^8-1>;
+ *
+ * struct {
+ * ProtocolName protocol_name_list<2..2^16-1>
+ * } ProtocolNameList;
+ */
+
+ /*
+ * protocol_name_list_len 2 bytes
+ * protocol_name_len 1 bytes
+ * protocol_name >=1 byte
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+
+ protocol_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, protocol_name_list_len );
+ protocol_name_list = p;
+ protocol_name_list_end = p + protocol_name_list_len;
+
+ /* Validate peer's list (lengths) */
+ while( p < protocol_name_list_end )
+ {
+ protocol_name_len = *p++;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end,
+ protocol_name_len );
+ if( protocol_name_len == 0 )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ p += protocol_name_len;
+ }
+
+ /* Use our order of preference */
+ for( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ )
+ {
+ size_t const alpn_len = strlen( *alpn );
+ p = protocol_name_list;
+ while( p < protocol_name_list_end )
+ {
+ protocol_name_len = *p++;
+ if( protocol_name_len == alpn_len &&
+ memcmp( p, *alpn, alpn_len ) == 0 )
+ {
+ ssl->alpn_chosen = *alpn;
+ return( 0 );
+ }
+
+ p += protocol_name_len;
+ }
+ }
+
+ /* If we get here, no match was found */
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL,
+ MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL );
+ return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL );
+}
+
+int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+ size_t protocol_name_len;
+ *out_len = 0;
+
+ if( ssl->alpn_chosen == NULL )
+ {
+ return( 0 );
+ }
+
+ protocol_name_len = strlen( ssl->alpn_chosen );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 + protocol_name_len );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server side, adding alpn extension" ) );
+ /*
+ * 0 . 1 ext identifier
+ * 2 . 3 ext length
+ * 4 . 5 protocol list length
+ * 6 . 6 protocol name length
+ * 7 . 7+n protocol name
+ */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+
+ *out_len = 7 + protocol_name_len;
+
+ MBEDTLS_PUT_UINT16_BE( protocol_name_len + 3, p, 2 );
+ MBEDTLS_PUT_UINT16_BE( protocol_name_len + 1, p, 4 );
+ /* Note: the length of the chosen protocol has been checked to be less
+ * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`.
+ */
+ p[6] = MBEDTLS_BYTE_0( protocol_name_len );
+
+ memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
+ return ( 0 );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index e92014c..21e5cda 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -528,94 +528,6 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_ALPN)
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
- size_t list_len, cur_len, ours_len;
- const unsigned char *theirs, *start, *end;
- const char **ours;
-
- /* If ALPN not configured, just ignore the extension */
- if( ssl->conf->alpn_list == NULL )
- return( 0 );
-
- /*
- * opaque ProtocolName<1..2^8-1>;
- *
- * struct {
- * ProtocolName protocol_name_list<2..2^16-1>
- * } ProtocolNameList;
- */
-
- /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
- if( len < 4 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- list_len = ( buf[0] << 8 ) | buf[1];
- if( list_len != len - 2 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- /*
- * Validate peer's list (lengths)
- */
- start = buf + 2;
- end = buf + len;
- for( theirs = start; theirs != end; theirs += cur_len )
- {
- cur_len = *theirs++;
-
- /* Current identifier must fit in list */
- if( cur_len > (size_t)( end - theirs ) )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- /* Empty strings MUST NOT be included */
- if( cur_len == 0 )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
- }
-
- /*
- * Use our order of preference
- */
- for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
- {
- ours_len = strlen( *ours );
- for( theirs = start; theirs != end; theirs += cur_len )
- {
- cur_len = *theirs++;
-
- if( cur_len == ours_len &&
- memcmp( theirs, *ours, cur_len ) == 0 )
- {
- ssl->alpn_chosen = *ours;
- return( 0 );
- }
- }
- }
-
- /* If we get there, no match was found */
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL );
- return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1524,7 +1436,8 @@
case MBEDTLS_TLS_EXT_ALPN:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
- ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
+ ret = mbedtls_ssl_parse_alpn_ext( ssl, ext + 4,
+ ext + 4 + ext_size );
if( ret != 0 )
return( ret );
break;
@@ -2040,39 +1953,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_SSL_ALPN )
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
-{
- if( ssl->alpn_chosen == NULL )
- {
- *olen = 0;
- return;
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) );
-
- /*
- * 0 . 1 ext identifier
- * 2 . 3 ext length
- * 4 . 5 protocol list length
- * 6 . 6 protocol name length
- * 7 . 7+n protocol name
- */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0);
-
- *olen = 7 + strlen( ssl->alpn_chosen );
-
- MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
-
- MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
-
- buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
-
- memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS)
static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -2446,7 +2326,8 @@
#endif
#if defined(MBEDTLS_SSL_ALPN)
- ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+ unsigned char *end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+ mbedtls_ssl_write_alpn_ext( ssl, p + 2 + ext_len, end, &olen );
ext_len += olen;
#endif
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index c85ecb5..719bf05 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -303,6 +303,13 @@
& MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
"TRUE" : "FALSE" ) );
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined ( MBEDTLS_SSL_ALPN )
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- ALPN_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+#endif /* MBEDTLS_SSL_ALPN */
}
#endif /* MBEDTLS_DEBUG_C */
@@ -731,6 +738,21 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
break;
+#if defined(MBEDTLS_SSL_ALPN)
+ case MBEDTLS_TLS_EXT_ALPN:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+
+ ret = mbedtls_ssl_parse_alpn_ext( ssl, p, extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, ( "mbedtls_ssl_parse_alpn_ext" ), ret );
+ return( ret );
+ }
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN;
+ break;
+#endif /* MBEDTLS_SSL_ALPN */
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
@@ -1361,9 +1383,11 @@
unsigned char *end,
size_t *out_len )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
size_t extensions_len = 0;
unsigned char *p_extensions_len;
+ size_t output_len;
*out_len = 0;
@@ -1372,6 +1396,15 @@
p += 2;
((void) ssl);
+ ((void) ret);
+ ((void) output_len);
+
+#if defined(MBEDTLS_SSL_ALPN)
+ ret = mbedtls_ssl_write_alpn_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+#endif /* MBEDTLS_SSL_ALPN */
extensions_len = ( p - p_extensions_len ) - 2;
MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 79ea4c9..0b6711c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5879,7 +5879,6 @@
# Tests for ALPN extension
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: none" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -5887,12 +5886,11 @@
-C "client hello, adding alpn extension" \
-S "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
+ -S "server side, adding alpn extension" \
-C "found alpn extension " \
-C "Application Layer Protocol is" \
-S "Application Layer Protocol is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: client only" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5900,12 +5898,11 @@
-c "client hello, adding alpn extension" \
-s "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
+ -S "server side, adding alpn extension" \
-C "found alpn extension " \
-c "Application Layer Protocol is (none)" \
-S "Application Layer Protocol is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: server only" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3" \
@@ -5913,12 +5910,11 @@
-C "client hello, adding alpn extension" \
-S "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
+ -S "server side, adding alpn extension" \
-C "found alpn extension " \
-C "Application Layer Protocol is" \
-s "Application Layer Protocol is (none)"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5926,12 +5922,11 @@
-c "client hello, adding alpn extension" \
-s "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
+ -s "server side, adding alpn extension" \
-c "found alpn extension" \
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli2-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abc" \
@@ -5939,12 +5934,11 @@
-c "client hello, adding alpn extension" \
-s "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
+ -s "server side, adding alpn extension" \
-c "found alpn extension" \
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv2" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5952,12 +5946,11 @@
-c "client hello, adding alpn extension" \
-s "found alpn extension" \
-C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
+ -s "server side, adding alpn extension" \
-c "found alpn extension" \
-c "Application Layer Protocol is 1234" \
-s "Application Layer Protocol is 1234"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, no common" \
"$P_SRV debug_level=3 alpn=abc,123" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5965,7 +5958,7 @@
-c "client hello, adding alpn extension" \
-s "found alpn extension" \
-c "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
+ -S "server side, adding alpn extension" \
-C "found alpn extension" \
-C "Application Layer Protocol is 1234" \
-S "Application Layer Protocol is 1234"
@@ -10549,6 +10542,36 @@
-c "HTTP/1.0 200 OK" \
-c "Application Layer Protocol is h2"
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_ALPN
+run_test "TLS 1.3: server alpn - openssl" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \
+ "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \
+ 0 \
+ -s "found alpn extension" \
+ -s "server side, adding alpn extension" \
+ -s "Protocol is TLSv1.3" \
+ -s "HTTP/1.0 200 OK" \
+ -s "Application Layer Protocol is h2"
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_ALPN
+run_test "TLS 1.3: server alpn - gnutls" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \
+ 0 \
+ -s "found alpn extension" \
+ -s "server side, adding alpn extension" \
+ -s "Protocol is TLSv1.3" \
+ -s "HTTP/1.0 200 OK" \
+ -s "Application Layer Protocol is h2"
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 2eb8c2d..4ea4d3b 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -890,3 +890,56 @@
ECP export key parameters #2 (invalid group)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:1
+
+ECP check order for SECP192R1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"
+
+ECP check order for SECP224R1
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP224R1:"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"
+
+ECP check order for SECP256R1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP256R1:"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"
+
+ECP check order for SECP384R1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP384R1:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"
+
+ECP check order for SECP521R1
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP521R1:"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"
+
+ECP check order for BP256R1
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_BP256R1:"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"
+
+ECP check order for BP384R1
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_BP384R1:"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"
+
+ECP check order for BP512R1
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_BP512R1:"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"
+
+ECP check order for CURVE25519
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_CURVE25519:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"
+
+ECP check order for SECP192K1
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP192K1:"fffffffffffffffffffffffe26f2fc170f69466a74defd8d"
+
+ECP check order for SECP224K1
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP224K1:"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f7"
+
+ECP check order for SECP256K1
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_SECP256K1:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"
+
+ECP check order for CURVE448
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_order:MBEDTLS_ECP_DP_CURVE448:"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3"
+
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index c3e6b05..1b77f1d 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1063,3 +1063,27 @@
mbedtls_ecp_point_free( &export_Q );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_check_order( int id, char * expected_order_hex )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_mpi expected_n;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_mpi_init( &expected_n );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &expected_n, 16, expected_order_hex ) == 0);
+
+ // check sign bits are well-formed (i.e. 1 or -1) - see #5810
+ TEST_ASSERT( grp.N.s == -1 || grp.N.s == 1);
+ TEST_ASSERT( expected_n.s == -1 || expected_n.s == 1);
+
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.N, &expected_n ) == 0 );
+
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_mpi_free( &expected_n );
+}
+/* END_CASE */
