/* BEGIN_HEADER */ #include "mbedtls/dhm.h" int check_get_value( const mbedtls_dhm_context *ctx, mbedtls_dhm_parameter param, const mbedtls_mpi *expected ) { mbedtls_mpi actual; int ok = 0; mbedtls_mpi_init( &actual ); TEST_ASSERT( mbedtls_dhm_get_value( ctx, param, &actual ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 ); ok = 1; exit: mbedtls_mpi_free( &actual ); return( ok ); } /* Sanity checks on a Diffie-Hellman parameter: check the length-value * syntax and check that the value is the expected one (taken from the * DHM context by the caller). */ static int check_dhm_param_output( const mbedtls_mpi *expected, const unsigned char *buffer, size_t size, size_t *offset ) { size_t n; mbedtls_mpi actual; int ok = 0; mbedtls_mpi_init( &actual ); ++mbedtls_test_info.step; TEST_ASSERT( size >= *offset + 2 ); n = ( buffer[*offset] << 8 ) | buffer[*offset + 1]; *offset += 2; /* The DHM param output from Mbed TLS has leading zeros stripped, as * permitted but not required by RFC 5246 \S4.4. */ TEST_EQUAL( n, mbedtls_mpi_size( expected ) ); TEST_ASSERT( size >= *offset + n ); TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) ); TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) ); *offset += n; ok = 1; exit: mbedtls_mpi_free( &actual ); return( ok ); } /* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison * against the context. */ static int check_dhm_params( const mbedtls_dhm_context *ctx, size_t x_size, const unsigned char *ske, size_t ske_len ) { size_t offset = 0; /* Check that ctx->X and ctx->GX are within range. */ TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 ); TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size ); TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 ); /* Check ske: it must contain P, G and G^X, each prefixed with a * 2-byte size. */ if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) ) goto exit; if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) ) goto exit; if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) ) goto exit; TEST_EQUAL( offset, ske_len ); return( 1 ); exit: return( 0 ); } /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_DHM_C:MBEDTLS_BIGNUM_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void dhm_do_dhm( int radix_P, char *input_P, int x_size, int radix_G, char *input_G, int result ) { mbedtls_dhm_context ctx_srv; mbedtls_dhm_context ctx_cli; unsigned char ske[1000]; unsigned char *p = ske; unsigned char pub_cli[1000]; unsigned char sec_srv[1000]; unsigned char sec_cli[1000]; size_t ske_len = 0; size_t pub_cli_len = 0; size_t sec_srv_len; size_t sec_cli_len; int i; mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_dhm_init( &ctx_srv ); mbedtls_dhm_init( &ctx_cli ); memset( ske, 0x00, 1000 ); memset( pub_cli, 0x00, 1000 ); memset( sec_srv, 0x00, 1000 ); memset( sec_cli, 0x00, 1000 ); memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); /* * Set params */ TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, radix_G, input_G ) == 0 ); pub_cli_len = mbedtls_mpi_size( &ctx_srv.P ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); /* * First key exchange */ mbedtls_test_set_step( 10 ); TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == result ); if ( result != 0 ) goto exit; if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) ) goto exit; ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); /* The domain parameters must be the same on both side. */ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 ); /* Internal value checks */ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_X, &ctx_cli.X ) ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_X, &ctx_srv.X ) ); /* Cross-checks */ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GX, &ctx_srv.GY ) ); TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GY, &ctx_srv.GX ) ); TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_K, &ctx_srv.K ) ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GX, &ctx_cli.GY ) ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GY, &ctx_cli.GX ) ); TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_K, &ctx_cli.K ) ); /* Re-do calc_secret on server a few times to test update of blinding values */ for( i = 0; i < 3; i++ ) { mbedtls_test_set_step( 20 + i ); sec_srv_len = 1000; TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 ); } /* * Second key exchange to test change of blinding values on server */ p = ske; mbedtls_test_set_step( 30 ); TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) ) goto exit; ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 ); exit: mbedtls_dhm_free( &ctx_srv ); mbedtls_dhm_free( &ctx_cli ); } /* END_CASE */ /* BEGIN_CASE */ void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result ) { mbedtls_mpi P, G; mbedtls_dhm_context ctx; unsigned char output[MBEDTLS_MPI_MAX_SIZE]; mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G ); mbedtls_dhm_init( &ctx ); TEST_ASSERT( mbedtls_mpi_lset( &P, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &G, radix_G, input_G ) == 0 ); TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ), output, sizeof(output), &mbedtls_test_rnd_pseudo_rand, NULL ) == result ); exit: mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G ); mbedtls_dhm_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void dhm_file( char * filename, char * p, char * g, int len ) { mbedtls_dhm_context ctx; mbedtls_mpi P, G; mbedtls_dhm_init( &ctx ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G ); TEST_ASSERT( mbedtls_test_read_mpi( &P, 16, p ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &G, 16, g ) == 0 ); TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 ); TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len ); TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) ); TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_P, &P ) ); TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_G, &G ) ); exit: mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G ); mbedtls_dhm_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void dhm_selftest( ) { TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 ); } /* END_CASE */