Blame - library/ecjpake.c - third_party/github/ARMmbed/mbedtls

2015-08-05 15:44:42 +0200

[diff] [blame]

1

/*

2

* Elliptic curve J-PAKE

3

*

4

5

* SPDX-License-Identifier: Apache-2.0

6

*

7

* Licensed under the Apache License, Version 2.0 (the "License"); you may

8

* not use this file except in compliance with the License.

9

* You may obtain a copy of the License at

10

*

11

* http://www.apache.org/licenses/LICENSE-2.0

12

*

13

* Unless required by applicable law or agreed to in writing, software

14

* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

15

* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

16

* See the License for the specific language governing permissions and

17

* limitations under the License.

18

*

19

* This file is part of mbed TLS (https://tls.mbed.org)

20

*/

21

22

/*

Manuel Pégourié-Gonnard

6b798b9

2015-08-14 11:18:30 +0200

[diff] [blame]

23

* References in the code are to the Thread v1.0 Specification,

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

24

* available to members of the Thread Group http://threadgroup.org/

Manuel Pégourié-Gonnard

2015-08-05 15:44:42 +0200

[diff] [blame]

25

*/

26

27

#if !defined(MBEDTLS_CONFIG_FILE)

28

#include "mbedtls/config.h"

29

#else

30

#include MBEDTLS_CONFIG_FILE

31

#endif

32

33

#if defined(MBEDTLS_ECJPAKE_C)

34

35

#include "mbedtls/ecjpake.h"

36

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

37

#include <string.h>

38

39

/*

Manuel Pégourié-Gonnard

e0ad57b

2015-08-14 11:10:39 +0200

[diff] [blame]

40

* Convert a mbedtls_ecjpake_role to identifier string

41

*/

42

static const char * const ecjpake_id[] = {

"client",

"server"

};

#define ID_MINE ( ecjpake_id[ ctx->role ] )

48

#define ID_PEER ( ecjpake_id[ 1 - ctx->role ] )

49

50

/*

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

51

* Initialize context

52

*/

53

void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )

{

if( ctx == NULL )

return;

ctx->md_info = NULL;

mbedtls_ecp_group_init( &ctx->grp );

60

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

61

mbedtls_ecp_point_init( &ctx->Xm1 );

62

mbedtls_ecp_point_init( &ctx->Xm2 );

63

mbedtls_ecp_point_init( &ctx->Xp1 );

64

mbedtls_ecp_point_init( &ctx->Xp2 );

65

mbedtls_ecp_point_init( &ctx->Xp );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

66

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

67

mbedtls_mpi_init( &ctx->xm1 );

68

mbedtls_mpi_init( &ctx->xm2 );

69

mbedtls_mpi_init( &ctx->s );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

}

/*

* Free context

*/

void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )

{

if( ctx == NULL )

return;

ctx->md_info = NULL;

mbedtls_ecp_group_free( &ctx->grp );

82

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

83

mbedtls_ecp_point_free( &ctx->Xm1 );

84

mbedtls_ecp_point_free( &ctx->Xm2 );

85

mbedtls_ecp_point_free( &ctx->Xp1 );

86

mbedtls_ecp_point_free( &ctx->Xp2 );

87

mbedtls_ecp_point_free( &ctx->Xp );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

88

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

89

mbedtls_mpi_free( &ctx->xm1 );

90

mbedtls_mpi_free( &ctx->xm2 );

91

mbedtls_mpi_free( &ctx->s );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

}

/*

* Setup context

*/

int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,

Manuel Pégourié-Gonnard

2015-08-13 20:19:51 +0200

[diff] [blame]

98

mbedtls_ecjpake_role role,

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

99

mbedtls_md_type_t hash,

Manuel Pégourié-Gonnard

2015-08-13 09:37:00 +0200

[diff] [blame]

100

mbedtls_ecp_group_id curve,

101

const unsigned char *secret,

102

size_t len )

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

103

{

104

int ret;

105

Manuel Pégourié-Gonnard

2015-08-13 20:19:51 +0200

[diff] [blame]

106

ctx->role = role;

107

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

108

if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )

109

return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );

110

Manuel Pégourié-Gonnard

2015-08-13 09:37:00 +0200

[diff] [blame]

111

MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

112

Manuel Pégourié-Gonnard

2015-08-13 09:37:00 +0200

[diff] [blame]

113

MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );

Manuel Pégourié-Gonnard

2015-08-13 09:37:00 +0200

[diff] [blame]

cleanup:

if( ret != 0 )

mbedtls_ecjpake_free( ctx );

118

119

return( ret );

Manuel Pégourié-Gonnard

2015-08-12 16:58:50 +0200

[diff] [blame]

120

}

121

122

/*

Manuel Pégourié-Gonnard

b813acc

2015-09-15 15:34:09 +0200

[diff] [blame]

123

* Check if context is ready for use

124

*/

125

int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )

126

{

127

if( ctx->md_info == NULL ||

128

ctx->grp.id == MBEDTLS_ECP_DP_NONE ||

129

ctx->s.p == NULL )

130

{

131

return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );

}

return( 0 );

}

/*

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

138

* Write a point plus its length to a buffer

139

*/

140

static int ecjpake_write_len_point( unsigned char **p,

141

const unsigned char *end,

142

const mbedtls_ecp_group *grp,

143

const mbedtls_ecp_point *P )

{

int ret;

size_t len;

/* Need at least 4 for length plus 1 for point */

149

if( end < *p || end - *p < 5 )

150

return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

151

152

ret = mbedtls_ecp_point_write_binary( grp, P, MBEDTLS_ECP_PF_UNCOMPRESSED,

153

&len, *p + 4, end - ( *p + 4 ) );

if( ret != 0 )

return( ret );

(*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );

158

(*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );

159

(*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF );

160

(*p)[3] = (unsigned char)( ( len ) & 0xFF );

*p += 4 + len;

return( 0 );

}

/*

* Size of the temporary buffer for ecjpake_hash:

169

* 3 EC points plus their length, plus ID (6 bytes)

170

*/

171

#define ECJPAKE_HASH_BUF_LEN ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 6 )

172

173

/*

174

* Compute hash for ZKP (7.4.2.2.2.1)

175

*/

176

static int ecjpake_hash( const mbedtls_md_info_t *md_info,

177

const mbedtls_ecp_group *grp,

178

const mbedtls_ecp_point *G,

179

const mbedtls_ecp_point *V,

180

const mbedtls_ecp_point *X,

const char *id,

mbedtls_mpi *h )

{

int ret;

unsigned char buf[ECJPAKE_HASH_BUF_LEN];

186

unsigned char *p = buf;

187

const unsigned char *end = buf + sizeof( buf );

Manuel Pégourié-Gonnard

2015-08-07 17:47:39 +0200

[diff] [blame]

188

const size_t id_len = strlen( id );

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

189

unsigned char hash[MBEDTLS_MD_MAX_SIZE];

190

191

/* Write things to temporary buffer */

192

MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, G ) );

193

MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, V ) );

194

MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, X ) );

195

196

if( end < p || (size_t)( end - p ) < id_len )

197

return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

198

199

*p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );

200

*p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );

201

*p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF );

202

*p++ = (unsigned char)( ( id_len ) & 0xFF );

203

204

memcpy( p, id, id_len );

p += id_len;

/* Compute hash */

mbedtls_md( md_info, buf, p - buf, hash );

209

210

/* Turn it into an integer mod n */

211

MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,

212

mbedtls_md_get_size( md_info ) ) );

213

MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );

cleanup:

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-07 17:47:39 +0200

[diff] [blame]

219

/*

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

220

* Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)

221

*/

222

static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,

223

const mbedtls_ecp_group *grp,

224

const mbedtls_ecp_point *G,

225

const mbedtls_ecp_point *X,

226

const char *id,

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

227

const unsigned char **p,

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

228

const unsigned char *end )

229

{

230

int ret;

231

mbedtls_ecp_point V, VV;

mbedtls_mpi r, h;

size_t r_len;

mbedtls_ecp_point_init( &V );

236

mbedtls_ecp_point_init( &VV );

237

mbedtls_mpi_init( &r );

238

mbedtls_mpi_init( &h );

/*

* struct {

* ECPoint V;

* opaque r<1..2^8-1>;

* } ECSchnorrZKP;

*/

if( end < *p )

return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );

248

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

249

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

250

251

if( end < *p || (size_t)( end - *p ) < 1 )

Manuel Pégourié-Gonnard

4f2cd95

2015-08-12 11:17:55 +0200

[diff] [blame]

252

{

253

ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;

254

goto cleanup;

255

}

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

256

257

r_len = *(*p)++;

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

258

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

259

if( end < *p || (size_t)( end - *p ) < r_len )

Manuel Pégourié-Gonnard

4f2cd95

2015-08-12 11:17:55 +0200

[diff] [blame]

260

{

261

ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;

262

goto cleanup;

263

}

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

264

265

MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );

*p += r_len;

/*

* Verification

*/

MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, G, &V, X, id, &h ) );

272

MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,

273

&VV, &h, X, &r, G ) );

274

275

if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )

Manuel Pégourié-Gonnard

4f2cd95

2015-08-12 11:17:55 +0200

[diff] [blame]

276

{

277

ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;

278

goto cleanup;

279

}

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

280

281

cleanup:

282

mbedtls_ecp_point_free( &V );

283

mbedtls_ecp_point_free( &VV );

284

mbedtls_mpi_free( &r );

285

mbedtls_mpi_free( &h );

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

290

/*

Manuel Pégourié-Gonnard

3aed185

2015-08-12 14:53:56 +0200

[diff] [blame]

291

* Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)

292

*/

293

static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,

294

const mbedtls_ecp_group *grp,

295

const mbedtls_ecp_point *G,

296

const mbedtls_mpi *x,

297

const mbedtls_ecp_point *X,

298

const char *id,

299

unsigned char **p,

300

const unsigned char *end,

301

int (*f_rng)(void *, unsigned char *, size_t),

void *p_rng )

{

int ret;

mbedtls_ecp_point V;

mbedtls_mpi v;

mbedtls_mpi h; /* later recycled to hold r */

size_t len;

if( end < *p )

return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

312

313

mbedtls_ecp_point_init( &V );

314

mbedtls_mpi_init( &v );

315

mbedtls_mpi_init( &h );

316

317

/* Compute signature */

318

MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,

319

G, &v, &V, f_rng, p_rng ) );

320

MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, G, &V, X, id, &h ) );

321

MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */

322

MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */

323

MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */

324

325

/* Write it out */

326

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,

327

MBEDTLS_ECP_PF_UNCOMPRESSED, &len, *p, end - *p ) );

328

*p += len;

329

330

len = mbedtls_mpi_size( &h ); /* actually r */

331

if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )

332

{

333

ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;

goto cleanup;

}

*(*p)++ = (unsigned char)( len & 0xFF );

338

MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */

*p += len;

cleanup:

mbedtls_ecp_point_free( &V );

343

mbedtls_mpi_free( &v );

344

mbedtls_mpi_free( &h );

return( ret );

}

/*

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

350

* Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof

351

* Output: verified public key X

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

352

*/

353

static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,

354

const mbedtls_ecp_group *grp,

355

const mbedtls_ecp_point *G,

356

mbedtls_ecp_point *X,

357

const char *id,

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

358

const unsigned char **p,

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

359

const unsigned char *end )

{

int ret;

if( end < *p )

return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );

/*

* struct {

* ECPoint X;

* ECSchnorrZKP zkp;

* } ECJPAKEKeyKP;

*/

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

372

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );

Manuel Pégourié-Gonnard

3059095

2015-08-17 10:37:40 +0200

[diff] [blame]

373

if( mbedtls_ecp_is_zero( X ) )

374

{

375

ret = MBEDTLS_ERR_ECP_INVALID_KEY;

376

goto cleanup;

377

}

378

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

379

MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, G, X, id, p, end ) );

cleanup:

return( ret );

}

/*

* Generate an ECJPAKEKeyKP

387

* Output: the serialized structure, plus private/public key pair

388

*/

389

static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,

390

const mbedtls_ecp_group *grp,

391

const mbedtls_ecp_point *G,

392

mbedtls_mpi *x,

393

mbedtls_ecp_point *X,

394

const char *id,

395

unsigned char **p,

396

const unsigned char *end,

397

int (*f_rng)(void *, unsigned char *, size_t),

void *p_rng )

{

int ret;

size_t len;

if( end < *p )

return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

405

406

/* Generate key (7.4.2.3.1) and write it out */

407

MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,

408

f_rng, p_rng ) );

409

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,

410

MBEDTLS_ECP_PF_UNCOMPRESSED, &len, *p, end - *p ) );

411

*p += len;

412

413

/* Generate and write proof */

414

MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, G, x, X, id,

415

p, end, f_rng, p_rng ) );

cleanup:

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

420

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

421

/*

422

* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs

423

* Ouputs: verified peer public keys Xa, Xb

424

*/

425

static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,

426

const mbedtls_ecp_group *grp,

427

const mbedtls_ecp_point *G,

428

mbedtls_ecp_point *Xa,

429

mbedtls_ecp_point *Xb,

430

const char *id,

431

const unsigned char *buf,

432

size_t len )

433

{

434

int ret;

Manuel Pégourié-Gonnard

2015-08-12 14:51:36 +0200

[diff] [blame]

435

const unsigned char *p = buf;

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

436

const unsigned char *end = buf + len;

/*

* struct {

* ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];

441

* } ECJPAKEKeyKPPairList;

442

*/

443

MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, G, Xa, id, &p, end ) );

444

MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, G, Xb, id, &p, end ) );

445

446

if( p != end )

447

ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;

cleanup:

return( ret );

}

/*

* Generate a ECJPAKEKeyKPPairList

455

* Outputs: the serialized structure, plus two private/public key pairs

456

*/

457

static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,

458

const mbedtls_ecp_group *grp,

459

const mbedtls_ecp_point *G,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

460

mbedtls_mpi *xm1,

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

461

mbedtls_ecp_point *Xa,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

462

mbedtls_mpi *xm2,

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

463

mbedtls_ecp_point *Xb,

const char *id,

unsigned char *buf,

size_t len,

size_t *olen,

int (*f_rng)(void *, unsigned char *, size_t),

void *p_rng )

{

int ret;

unsigned char *p = buf;

473

const unsigned char *end = buf + len;

474

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

475

MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, G, xm1, Xa, id,

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

476

&p, end, f_rng, p_rng ) );

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

477

MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, G, xm2, Xb, id,

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

478

&p, end, f_rng, p_rng ) );

*olen = p - buf;

cleanup:

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

486

/*

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

487

* Read and process the first round message

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

488

*/

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

489

int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,

490

const unsigned char *buf,

491

size_t len )

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

492

{

493

return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, &ctx->grp.G,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

494

&ctx->Xp1, &ctx->Xp2, ID_PEER,

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

buf, len ) );

}

/*

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

499

* Generate and write the first round message

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

500

*/

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

501

int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

502

unsigned char *buf, size_t len, size_t *olen,

503

int (*f_rng)(void *, unsigned char *, size_t),

504

void *p_rng )

505

{

506

return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, &ctx->grp.G,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

507

&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,

Manuel Pégourié-Gonnard

e0ad57b

2015-08-14 11:10:39 +0200

[diff] [blame]

508

ID_MINE, buf, len, olen, f_rng, p_rng ) );

Manuel Pégourié-Gonnard

2015-08-12 20:50:31 +0200

[diff] [blame]

509

}

510

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

511

/*

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

512

* Compute the sum of three points R = A + B + C

513

*/

514

static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,

515

const mbedtls_ecp_point *A,

516

const mbedtls_ecp_point *B,

517

const mbedtls_ecp_point *C )

{

int ret;

mbedtls_mpi one;

mbedtls_mpi_init( &one );

523

524

MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );

525

MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );

526

MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );

527

528

cleanup:

529

mbedtls_mpi_free( &one );

return( ret );

}

/*

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

535

* Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

536

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

537

int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

538

const unsigned char *buf,

size_t len )

{

int ret;

const unsigned char *p = buf;

543

const unsigned char *end = buf + len;

544

mbedtls_ecp_group grp;

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

545

mbedtls_ecp_point G; /* C: GB, S: GA */

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

546

547

mbedtls_ecp_group_init( &grp );

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

548

mbedtls_ecp_point_init( &G );

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

549

550

/*

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

551

* Server: GA = X3 + X4 + X1 (7.4.2.6.1)

552

* Client: GB = X1 + X2 + X3 (7.4.2.5.1)

553

* Unified: G = Xm1 + Xm2 + Xp1

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

554

* We need that before parsing in order to check Xp as we read it

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

555

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

556

MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

557

&ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

558

559

/*

560

* struct {

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

561

* ECParameters curve_params; // only client reading server msg

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

562

* ECJPAKEKeyKP ecjpake_key_kp;

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

563

* } Client/ServerECJPAKEParams;

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

564

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

565

if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )

Manuel Pégourié-Gonnard

d9802af

2015-08-17 12:47:38 +0200

[diff] [blame]

566

{

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

567

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );

Manuel Pégourié-Gonnard

d9802af

2015-08-17 12:47:38 +0200

[diff] [blame]

568

if( grp.id != ctx->grp.id )

569

{

570

ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;

goto cleanup;

}

}

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

575

MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

576

&G, &ctx->Xp, ID_PEER, &p, end ) );

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

if( p != end )

{

ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;

581

goto cleanup;

582

}

583

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

584

cleanup:

585

mbedtls_ecp_group_free( &grp );

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

586

mbedtls_ecp_point_free( &G );

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

return( ret );

}

/*

Manuel Pégourié-Gonnard

2015-08-14 15:14:50 +0200

[diff] [blame]

592

* Compute R = +/- X * S mod N, taking care not to leak S

593

*/

594

static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,

595

const mbedtls_mpi *X,

596

const mbedtls_mpi *S,

597

const mbedtls_mpi *N,

598

int (*f_rng)(void *, unsigned char *, size_t),

void *p_rng )

{

int ret;

mbedtls_mpi b; /* Blinding value, then s + N * blinding */

603

604

mbedtls_mpi_init( &b );

605

606

/* b = s + rnd-128-bit * N */

607

MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );

608

MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );

609

MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );

610

611

/* R = sign * X * b mod N */

612

MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );

613

R->s *= sign;

614

MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );

615

616

cleanup:

617

mbedtls_mpi_free( &b );

return( ret );

}

/*

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

623

* Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

624

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

625

int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

626

unsigned char *buf, size_t len, size_t *olen,

627

int (*f_rng)(void *, unsigned char *, size_t),

628

void *p_rng )

629

{

630

int ret;

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

631

mbedtls_ecp_point G; /* C: GA, S: GB */

632

mbedtls_ecp_point Xm; /* C: Xc, S: Xs */

633

mbedtls_mpi xm; /* C: xc, S: xs */

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

634

unsigned char *p = buf;

635

const unsigned char *end = buf + len;

636

size_t ec_len;

637

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

638

mbedtls_ecp_point_init( &G );

639

mbedtls_ecp_point_init( &Xm );

640

mbedtls_mpi_init( &xm );

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

641

642

/*

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

643

* First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

644

*

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

645

* Client: GA = X1 + X3 + X4 | xs = x2 * s | Xc = xc * GA

646

* Server: GB = X3 + X1 + X2 | xs = x4 * s | Xs = xs * GB

647

* Unified: G = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

648

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

649

MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

650

&ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );

Manuel Pégourié-Gonnard

2015-08-14 15:14:50 +0200

[diff] [blame]

651

MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,

652

&ctx->grp.N, f_rng, p_rng ) );

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

653

MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

654

655

/*

656

* Now write things out

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

657

*

658

* struct {

659

* ECParameters curve_params; // only server writing its message

660

* ECJPAKEKeyKP ecjpake_key_kp;

661

* } Client/ServerECJPAKEParams;

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

662

*/

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

663

if( ctx->role == MBEDTLS_ECJPAKE_SERVER )

{

if( end < p )

{

ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;

668

goto cleanup;

669

}

670

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,

671

p, end - p ) );

672

p += ec_len;

673

}

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

if( end < p )

{

ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;

678

goto cleanup;

679

}

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

680

MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

681

MBEDTLS_ECP_PF_UNCOMPRESSED, &ec_len, p, end - p ) );

682

p += ec_len;

683

684

MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

685

&G, &xm, &Xm, ID_MINE,

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

686

&p, end, f_rng, p_rng ) );

*olen = p - buf;

cleanup:

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

691

mbedtls_ecp_point_free( &G );

692

mbedtls_ecp_point_free( &Xm );

693

mbedtls_mpi_free( &xm );

Manuel Pégourié-Gonnard

614bd5e

2015-08-13 20:19:16 +0200

[diff] [blame]

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

698

/*

699

* Derive PMS (7.4.2.7 / 7.4.2.8)

700

*/

Manuel Pégourié-Gonnard

2015-08-14 14:33:05 +0200

[diff] [blame]

701

int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

702

unsigned char *buf, size_t len, size_t *olen,

703

int (*f_rng)(void *, unsigned char *, size_t),

704

void *p_rng )

705

{

706

int ret;

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

707

mbedtls_ecp_point K;

708

mbedtls_mpi m_xm2_s, one;

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

709

unsigned char kx[MBEDTLS_ECP_MAX_BYTES];

710

size_t x_bytes;

711

712

*olen = mbedtls_md_get_size( ctx->md_info );

713

if( len < *olen )

714

return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

715

716

mbedtls_ecp_point_init( &K );

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

717

mbedtls_mpi_init( &m_xm2_s );

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

718

mbedtls_mpi_init( &one );

719

720

MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

721

722

/*

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

723

* Client: K = ( Xs - X4 * x2 * s ) * x2

724

* Server: K = ( Xc - X2 * x4 * s ) * x4

Manuel Pégourié-Gonnard

2015-08-14 15:14:50 +0200

[diff] [blame]

725

* Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

726

*/

Manuel Pégourié-Gonnard

2015-08-14 15:14:50 +0200

[diff] [blame]

727

MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,

728

&ctx->grp.N, f_rng, p_rng ) );

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

729

MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,

730

&one, &ctx->Xp,

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

731

&m_xm2_s, &ctx->Xp2 ) );

Manuel Pégourié-Gonnard

2015-08-14 11:54:35 +0200

[diff] [blame]

732

MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

733

f_rng, p_rng ) );

734

735

/* PMS = SHA-256( K.X ) */

736

x_bytes = ( ctx->grp.pbits + 7 ) / 8;

737

MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );

738

MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );

739

740

cleanup:

741

mbedtls_ecp_point_free( &K );

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

742

mbedtls_mpi_free( &m_xm2_s );

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

743

mbedtls_mpi_free( &one );

return( ret );

}

Manuel Pégourié-Gonnard

e0ad57b

2015-08-14 11:10:39 +0200

[diff] [blame]

#undef ID_MINE

#undef ID_PEER

Manuel Pégourié-Gonnard

2015-08-05 15:44:42 +0200

[diff] [blame]

752

#if defined(MBEDTLS_SELF_TEST)

753

754

#if defined(MBEDTLS_PLATFORM_C)

755

#include "mbedtls/platform.h"

756

#else

757

#include <stdio.h>

758

#define mbedtls_printf printf

759

#endif

760

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

761

#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \

762

!defined(MBEDTLS_SHA256_C)

763

int mbedtls_ecjpake_self_test( int verbose )

{

(void) verbose;

return( 0 );

}

#else

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

770

static const unsigned char ecjpake_test_password[] = {

771

0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x6a, 0x70, 0x61, 0x6b, 0x65, 0x74,

0x65, 0x73, 0x74

};

static const unsigned char ecjpake_test_x1[] = {

776

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,

777

0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,

778

0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x21

779

};

780

781

static const unsigned char ecjpake_test_x2[] = {

782

0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,

783

0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,

784

0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81

785

};

786

787

static const unsigned char ecjpake_test_x3[] = {

788

0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,

789

0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,

790

0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81

791

};

792

793

static const unsigned char ecjpake_test_x4[] = {

794

0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc,

795

0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8,

796

0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe1

797

};

798

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

799

static const unsigned char ecjpake_test_cli_one[] = {

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

800

0x41, 0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19,

801

0x33, 0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44,

802

0xe5, 0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad,

803

0xa7, 0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62,

804

0x1f, 0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9,

805

0x06, 0x07, 0x31, 0xf6, 0x94, 0xa4, 0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d,

806

0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce, 0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e,

807

0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66, 0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e,

808

0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0, 0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73,

809

0x61, 0x0d, 0x34, 0xde, 0x44, 0x24, 0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22,

810

0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d, 0x74, 0x49, 0x30, 0x8b, 0xab, 0xce,

811

0x20, 0x72, 0xfe, 0x16, 0x66, 0x29, 0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00,

812

0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8, 0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b,

Manuel Pégourié-Gonnard

2015-08-12 14:43:57 +0200

[diff] [blame]

813

0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e, 0x98, 0x34, 0x58, 0x41, 0x04, 0x7e,

814

0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb, 0xd7, 0x92, 0x62,

815

0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18, 0x40, 0x9a, 0xc5,

816

0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47, 0x79, 0x0a, 0xeb,

817

0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f, 0xd1, 0xc3, 0x35,

818

0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7, 0xe3, 0x2b, 0xb0,

819

0x13, 0xbb, 0x2b, 0x41, 0x04, 0xa4, 0x95, 0x58, 0xd3, 0x2e, 0xd1, 0xeb,

820

0xfc, 0x18, 0x16, 0xaf, 0x4f, 0xf0, 0x9b, 0x55, 0xfc, 0xb4, 0xca, 0x47,

821

0xb2, 0xa0, 0x2d, 0x1e, 0x7c, 0xaf, 0x11, 0x79, 0xea, 0x3f, 0xe1, 0x39,

822

0x5b, 0x22, 0xb8, 0x61, 0x96, 0x40, 0x16, 0xfa, 0xba, 0xf7, 0x2c, 0x97,

823

0x56, 0x95, 0xd9, 0x3d, 0x4d, 0xf0, 0xe5, 0x19, 0x7f, 0xe9, 0xf0, 0x40,

824

0x63, 0x4e, 0xd5, 0x97, 0x64, 0x93, 0x77, 0x87, 0xbe, 0x20, 0xbc, 0x4d,

825

0xee, 0xbb, 0xf9, 0xb8, 0xd6, 0x0a, 0x33, 0x5f, 0x04, 0x6c, 0xa3, 0xaa,

826

0x94, 0x1e, 0x45, 0x86, 0x4c, 0x7c, 0xad, 0xef, 0x9c, 0xf7, 0x5b, 0x3d,

827

0x8b, 0x01, 0x0e, 0x44, 0x3e, 0xf0

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

828

};

829

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

830

static const unsigned char ecjpake_test_srv_one[] = {

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

831

0x41, 0x04, 0x7e, 0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb,

832

0xd7, 0x92, 0x62, 0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18,

833

0x40, 0x9a, 0xc5, 0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47,

834

0x79, 0x0a, 0xeb, 0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f,

835

0xd1, 0xc3, 0x35, 0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7,

836

0xe3, 0x2b, 0xb0, 0x13, 0xbb, 0x2b, 0x41, 0x04, 0x09, 0xf8, 0x5b, 0x3d,

837

0x20, 0xeb, 0xd7, 0x88, 0x5c, 0xe4, 0x64, 0xc0, 0x8d, 0x05, 0x6d, 0x64,

838

0x28, 0xfe, 0x4d, 0xd9, 0x28, 0x7a, 0xa3, 0x65, 0xf1, 0x31, 0xf4, 0x36,

839

0x0f, 0xf3, 0x86, 0xd8, 0x46, 0x89, 0x8b, 0xc4, 0xb4, 0x15, 0x83, 0xc2,

840

0xa5, 0x19, 0x7f, 0x65, 0xd7, 0x87, 0x42, 0x74, 0x6c, 0x12, 0xa5, 0xec,

841

0x0a, 0x4f, 0xfe, 0x2f, 0x27, 0x0a, 0x75, 0x0a, 0x1d, 0x8f, 0xb5, 0x16,

842

0x20, 0x93, 0x4d, 0x74, 0xeb, 0x43, 0xe5, 0x4d, 0xf4, 0x24, 0xfd, 0x96,

843

0x30, 0x6c, 0x01, 0x17, 0xbf, 0x13, 0x1a, 0xfa, 0xbf, 0x90, 0xa9, 0xd3,

844

0x3d, 0x11, 0x98, 0xd9, 0x05, 0x19, 0x37, 0x35, 0x14, 0x41, 0x04, 0x19,

845

0x0a, 0x07, 0x70, 0x0f, 0xfa, 0x4b, 0xe6, 0xae, 0x1d, 0x79, 0xee, 0x0f,

846

0x06, 0xae, 0xb5, 0x44, 0xcd, 0x5a, 0xdd, 0xaa, 0xbe, 0xdf, 0x70, 0xf8,

847

0x62, 0x33, 0x21, 0x33, 0x2c, 0x54, 0xf3, 0x55, 0xf0, 0xfb, 0xfe, 0xc7,

848

0x83, 0xed, 0x35, 0x9e, 0x5d, 0x0b, 0xf7, 0x37, 0x7a, 0x0f, 0xc4, 0xea,

849

0x7a, 0xce, 0x47, 0x3c, 0x9c, 0x11, 0x2b, 0x41, 0xcc, 0xd4, 0x1a, 0xc5,

850

0x6a, 0x56, 0x12, 0x41, 0x04, 0x36, 0x0a, 0x1c, 0xea, 0x33, 0xfc, 0xe6,

851

0x41, 0x15, 0x64, 0x58, 0xe0, 0xa4, 0xea, 0xc2, 0x19, 0xe9, 0x68, 0x31,

852

0xe6, 0xae, 0xbc, 0x88, 0xb3, 0xf3, 0x75, 0x2f, 0x93, 0xa0, 0x28, 0x1d,

853

0x1b, 0xf1, 0xfb, 0x10, 0x60, 0x51, 0xdb, 0x96, 0x94, 0xa8, 0xd6, 0xe8,

854

0x62, 0xa5, 0xef, 0x13, 0x24, 0xa3, 0xd9, 0xe2, 0x78, 0x94, 0xf1, 0xee,

855

0x4f, 0x7c, 0x59, 0x19, 0x99, 0x65, 0xa8, 0xdd, 0x4a, 0x20, 0x91, 0x84,

856

0x7d, 0x2d, 0x22, 0xdf, 0x3e, 0xe5, 0x5f, 0xaa, 0x2a, 0x3f, 0xb3, 0x3f,

857

0xd2, 0xd1, 0xe0, 0x55, 0xa0, 0x7a, 0x7c, 0x61, 0xec, 0xfb, 0x8d, 0x80,

858

0xec, 0x00, 0xc2, 0xc9, 0xeb, 0x12

859

};

860

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

861

static const unsigned char ecjpake_test_srv_two[] = {

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

862

0x03, 0x00, 0x17, 0x41, 0x04, 0x0f, 0xb2, 0x2b, 0x1d, 0x5d, 0x11, 0x23,

863

0xe0, 0xef, 0x9f, 0xeb, 0x9d, 0x8a, 0x2e, 0x59, 0x0a, 0x1f, 0x4d, 0x7c,

864

0xed, 0x2c, 0x2b, 0x06, 0x58, 0x6e, 0x8f, 0x2a, 0x16, 0xd4, 0xeb, 0x2f,

865

0xda, 0x43, 0x28, 0xa2, 0x0b, 0x07, 0xd8, 0xfd, 0x66, 0x76, 0x54, 0xca,

866

0x18, 0xc5, 0x4e, 0x32, 0xa3, 0x33, 0xa0, 0x84, 0x54, 0x51, 0xe9, 0x26,

867

0xee, 0x88, 0x04, 0xfd, 0x7a, 0xf0, 0xaa, 0xa7, 0xa6, 0x41, 0x04, 0x55,

868

0x16, 0xea, 0x3e, 0x54, 0xa0, 0xd5, 0xd8, 0xb2, 0xce, 0x78, 0x6b, 0x38,

869

0xd3, 0x83, 0x37, 0x00, 0x29, 0xa5, 0xdb, 0xe4, 0x45, 0x9c, 0x9d, 0xd6,

870

0x01, 0xb4, 0x08, 0xa2, 0x4a, 0xe6, 0x46, 0x5c, 0x8a, 0xc9, 0x05, 0xb9,

871

0xeb, 0x03, 0xb5, 0xd3, 0x69, 0x1c, 0x13, 0x9e, 0xf8, 0x3f, 0x1c, 0xd4,

872

0x20, 0x0f, 0x6c, 0x9c, 0xd4, 0xec, 0x39, 0x22, 0x18, 0xa5, 0x9e, 0xd2,

873

0x43, 0xd3, 0xc8, 0x20, 0xff, 0x72, 0x4a, 0x9a, 0x70, 0xb8, 0x8c, 0xb8,

874

0x6f, 0x20, 0xb4, 0x34, 0xc6, 0x86, 0x5a, 0xa1, 0xcd, 0x79, 0x06, 0xdd,

875

0x7c, 0x9b, 0xce, 0x35, 0x25, 0xf5, 0x08, 0x27, 0x6f, 0x26, 0x83, 0x6c

876

};

877

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

878

static const unsigned char ecjpake_test_cli_two[] = {

Manuel Pégourié-Gonnard

ec0eece

2015-08-13 19:13:20 +0200

[diff] [blame]

879

0x41, 0x04, 0x69, 0xd5, 0x4e, 0xe8, 0x5e, 0x90, 0xce, 0x3f, 0x12, 0x46,

880

0x74, 0x2d, 0xe5, 0x07, 0xe9, 0x39, 0xe8, 0x1d, 0x1d, 0xc1, 0xc5, 0xcb,

881

0x98, 0x8b, 0x58, 0xc3, 0x10, 0xc9, 0xfd, 0xd9, 0x52, 0x4d, 0x93, 0x72,

882

0x0b, 0x45, 0x54, 0x1c, 0x83, 0xee, 0x88, 0x41, 0x19, 0x1d, 0xa7, 0xce,

883

0xd8, 0x6e, 0x33, 0x12, 0xd4, 0x36, 0x23, 0xc1, 0xd6, 0x3e, 0x74, 0x98,

884

0x9a, 0xba, 0x4a, 0xff, 0xd1, 0xee, 0x41, 0x04, 0x07, 0x7e, 0x8c, 0x31,

885

0xe2, 0x0e, 0x6b, 0xed, 0xb7, 0x60, 0xc1, 0x35, 0x93, 0xe6, 0x9f, 0x15,

886

0xbe, 0x85, 0xc2, 0x7d, 0x68, 0xcd, 0x09, 0xcc, 0xb8, 0xc4, 0x18, 0x36,

887

0x08, 0x91, 0x7c, 0x5c, 0x3d, 0x40, 0x9f, 0xac, 0x39, 0xfe, 0xfe, 0xe8,

888

0x2f, 0x72, 0x92, 0xd3, 0x6f, 0x0d, 0x23, 0xe0, 0x55, 0x91, 0x3f, 0x45,

889

0xa5, 0x2b, 0x85, 0xdd, 0x8a, 0x20, 0x52, 0xe9, 0xe1, 0x29, 0xbb, 0x4d,

890

0x20, 0x0f, 0x01, 0x1f, 0x19, 0x48, 0x35, 0x35, 0xa6, 0xe8, 0x9a, 0x58,

891

0x0c, 0x9b, 0x00, 0x03, 0xba, 0xf2, 0x14, 0x62, 0xec, 0xe9, 0x1a, 0x82,

892

0xcc, 0x38, 0xdb, 0xdc, 0xae, 0x60, 0xd9, 0xc5, 0x4c

893

};

894

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

895

static const unsigned char ecjpake_test_pms[] = {

896

0xf3, 0xd4, 0x7f, 0x59, 0x98, 0x44, 0xdb, 0x92, 0xa5, 0x69, 0xbb, 0xe7,

897

0x98, 0x1e, 0x39, 0xd9, 0x31, 0xfd, 0x74, 0x3b, 0xf2, 0x2e, 0x98, 0xf9,

898

0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51

899

};

900

Manuel Pégourié-Gonnard

e2d3a4e

2015-08-14 12:03:04 +0200

[diff] [blame]

901

/* Load my private keys and generate the correponding public keys */

902

static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,

903

const unsigned char *xm1, size_t len1,

904

const unsigned char *xm2, size_t len2 )

{

int ret;

MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );

909

MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );

910

MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,

911

&ctx->grp.G, NULL, NULL ) );

912

MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,

913

&ctx->grp.G, NULL, NULL ) );

cleanup:

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-07 17:47:39 +0200

[diff] [blame]

919

/* For tests we don't need a secure RNG;

920

* use the LGC from Numerical Recipes for simplicity */

921

static int ecjpake_lgc( void *p, unsigned char *out, size_t len )

922

{

923

static uint32_t x = 42;

(void) p;

while( len > 0 )

{

size_t use_len = len > 4 ? 4 : len;

929

x = 1664525 * x + 1013904223;

930

memcpy( out, &x, use_len );

out += use_len;

len -= use_len;

}

return( 0 );

}

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

938

#define TEST_ASSERT( x ) \

do { \

if( x ) \

ret = 0; \

else \

{ \

ret = 1; \

goto cleanup; \

} \

} while( 0 )

Manuel Pégourié-Gonnard

2015-08-05 15:44:42 +0200

[diff] [blame]

/*

* Checkup routine

*/

int mbedtls_ecjpake_self_test( int verbose )

953

{

954

int ret;

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

955

mbedtls_ecjpake_context cli;

956

mbedtls_ecjpake_context srv;

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

957

unsigned char buf[512], pms[32];

958

size_t len, pmslen;

Manuel Pégourié-Gonnard

2015-08-05 15:44:42 +0200

[diff] [blame]

959

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

960

mbedtls_ecjpake_init( &cli );

961

mbedtls_ecjpake_init( &srv );

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

962

963

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

964

mbedtls_printf( " ECJPAKE test #0 (setup): " );

Manuel Pégourié-Gonnard

2015-08-13 10:09:10 +0200

[diff] [blame]

965

Manuel Pégourié-Gonnard

2015-08-13 20:19:51 +0200

[diff] [blame]

966

TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

967

MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,

968

ecjpake_test_password,

969

sizeof( ecjpake_test_password ) ) == 0 );

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

970

Manuel Pégourié-Gonnard

2015-08-13 20:19:51 +0200

[diff] [blame]

971

TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

972

MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,

973

ecjpake_test_password,

974

sizeof( ecjpake_test_password ) ) == 0 );

975

976

if( verbose != 0 )

977

mbedtls_printf( "passed\n" );

978

979

if( verbose != 0 )

980

mbedtls_printf( " ECJPAKE test #1 (random handshake): " );

981

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

982

TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

983

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

984

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

985

TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

986

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

987

TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

988

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

989

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

990

TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

991

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

992

TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

993

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

994

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

995

TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );

Manuel Pégourié-Gonnard

2015-08-13 18:53:59 +0200

[diff] [blame]

996

Manuel Pégourié-Gonnard

2015-08-14 14:33:05 +0200

[diff] [blame]

997

TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

998

pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );

999

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

1000

TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,

Manuel Pégourié-Gonnard

614bd5e

2015-08-13 20:19:16 +0200

[diff] [blame]

1001

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

1002

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

1003

TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );

Manuel Pégourié-Gonnard

614bd5e

2015-08-13 20:19:16 +0200

[diff] [blame]

1004

Manuel Pégourié-Gonnard

2015-08-14 14:33:05 +0200

[diff] [blame]

1005

TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

1006

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

1007

1008

TEST_ASSERT( len == pmslen );

1009

TEST_ASSERT( memcmp( buf, pms, len ) == 0 );

1010

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1011

if( verbose != 0 )

1012

mbedtls_printf( "passed\n" );

1013

1014

if( verbose != 0 )

1015

mbedtls_printf( " ECJPAKE test #2 (reference handshake): " );

1016

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1017

/* Simulate generation of round one */

Manuel Pégourié-Gonnard

e2d3a4e

2015-08-14 12:03:04 +0200

[diff] [blame]

1018

MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,

1019

ecjpake_test_x1, sizeof( ecjpake_test_x1 ),

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1020

ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1021

Manuel Pégourié-Gonnard

e2d3a4e

2015-08-14 12:03:04 +0200

[diff] [blame]

1022

MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,

1023

ecjpake_test_x3, sizeof( ecjpake_test_x3 ),

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1024

ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1025

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1026

/* Read round one */

1027

TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,

1028

ecjpake_test_cli_one,

1029

sizeof( ecjpake_test_cli_one ) ) == 0 );

1030

Manuel Pégourié-Gonnard

2015-08-14 13:36:55 +0200

[diff] [blame]

1031

TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1032

ecjpake_test_srv_one,

1033

sizeof( ecjpake_test_srv_one ) ) == 0 );

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

1034

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1035

/* Skip generation of round two, read round two */

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

1036

TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1037

ecjpake_test_srv_two,

1038

sizeof( ecjpake_test_srv_two ) ) == 0 );

Manuel Pégourié-Gonnard

2015-08-11 15:44:41 +0200

[diff] [blame]

1039

Manuel Pégourié-Gonnard

2015-08-14 14:20:48 +0200

[diff] [blame]

1040

TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,

Manuel Pégourié-Gonnard

2015-08-14 14:48:50 +0200

[diff] [blame]

1041

ecjpake_test_cli_two,

1042

sizeof( ecjpake_test_cli_two ) ) == 0 );

Manuel Pégourié-Gonnard

ec0eece

2015-08-13 19:13:20 +0200

[diff] [blame]

1043

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

1044

/* Server derives PMS */

Manuel Pégourié-Gonnard

2015-08-14 14:33:05 +0200

[diff] [blame]

1045

TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

1046

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

1047

1048

TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );

1049

TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );

1050

1051

memset( buf, 0, len ); /* Avoid interferences with next step */

1052

1053

/* Client derives PMS */

Manuel Pégourié-Gonnard

2015-08-14 14:33:05 +0200

[diff] [blame]

1054

TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,

Manuel Pégourié-Gonnard

2015-08-14 10:52:39 +0200

[diff] [blame]

1055

buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );

1056

1057

TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );

1058

TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );

1059

Manuel Pégourié-Gonnard

2015-08-07 17:47:39 +0200

[diff] [blame]

1060

if( verbose != 0 )

1061

mbedtls_printf( "passed\n" );

1062

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

1063

cleanup:

Manuel Pégourié-Gonnard

2015-08-13 14:44:57 +0200

[diff] [blame]

1064

mbedtls_ecjpake_free( &cli );

1065

mbedtls_ecjpake_free( &srv );

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

if( ret != 0 )

{

if( verbose != 0 )

mbedtls_printf( "failed\n" );

1071

1072

ret = 1;

1073

}

Manuel Pégourié-Gonnard

2015-08-05 15:44:42 +0200

[diff] [blame]

1074

1075

if( verbose != 0 )

1076

mbedtls_printf( "\n" );

return( ret );

}

Manuel Pégourié-Gonnard

2015-08-12 11:01:58 +0200

[diff] [blame]

1081

#undef TEST_ASSERT

1082

Manuel Pégourié-Gonnard

2015-08-06 17:24:39 +0200

[diff] [blame]

1083

#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_SHA256_C */

1084

Manuel Pégourié-Gonnard