static int ecdh_kat(BIO *out, const ecdh_kat_t *kat) { int rv = 0; EC_KEY *key1 = NULL, *key2 = NULL; BIGNUM *bnz = NULL; unsigned char *Ztmp = NULL, *Z = NULL; size_t Ztmplen, Zlen; BIO_puts(out, "Testing ECDH shared secret with "); BIO_puts(out, OBJ_nid2sn(kat->nid)); if(!BN_hex2bn(&bnz, kat->Z)) goto err; key1 = mk_eckey(kat->nid, kat->da); key2 = mk_eckey(kat->nid, kat->db); if (!key1 || !key2) goto err; Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8; Zlen = BN_num_bytes(bnz); if (Zlen > Ztmplen) goto err; if((Ztmp = OPENSSL_zalloc(Ztmplen)) == NULL) goto err; if((Z = OPENSSL_zalloc(Ztmplen)) == NULL) goto err; /* Z offset compensates for bn2bin stripping leading 0x00 bytes */ if(!BN_bn2bin(bnz, Z + Ztmplen - Zlen)) goto err; if (!ECDH_compute_key(Ztmp, Ztmplen, EC_KEY_get0_public_key(key2), key1, 0)) goto err; if (memcmp(Ztmp, Z, Ztmplen)) goto err; memset(Ztmp, 0, Ztmplen); if (!ECDH_compute_key(Ztmp, Ztmplen, EC_KEY_get0_public_key(key1), key2, 0)) goto err; if (memcmp(Ztmp, Z, Ztmplen)) goto err; rv = 1; err: EC_KEY_free(key1); EC_KEY_free(key2); OPENSSL_free(Ztmp); OPENSSL_free(Z); BN_free(bnz); if (rv) BIO_puts(out, " ok\n"); else { fprintf(stderr, "Error in ECDH routines\n"); ERR_print_errors_fp(stderr); } return rv; }
static int ecdh_kat(BIO *out, const char *cname, int nid, const unsigned char *k1, size_t k1_len, const unsigned char *k2, size_t k2_len, const unsigned char *Z, size_t Zlen) { int rv = 0; EC_KEY *key1 = NULL, *key2 = NULL; unsigned char *Ztmp = NULL; size_t Ztmplen; BIO_puts(out, "Testing ECDH shared secret with "); BIO_puts(out, cname); key1 = mk_eckey(nid, k1, k1_len); key2 = mk_eckey(nid, k2, k2_len); if (!key1 || !key2) goto err; Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8; if (Ztmplen != Zlen) goto err; Ztmp = OPENSSL_malloc(Ztmplen); if (!ECDH_compute_key(Ztmp, Ztmplen, EC_KEY_get0_public_key(key2), key1, 0)) goto err; if (memcmp(Ztmp, Z, Zlen)) goto err; memset(Ztmp, 0, Zlen); if (!ECDH_compute_key(Ztmp, Ztmplen, EC_KEY_get0_public_key(key1), key2, 0)) goto err; if (memcmp(Ztmp, Z, Zlen)) goto err; rv = 1; err: if (key1) EC_KEY_free(key1); if (key2) EC_KEY_free(key2); if (Ztmp) OPENSSL_free(Ztmp); if (rv) BIO_puts(out, " ok\n"); else { fprintf(stderr, "Error in ECDH routines\n"); ERR_print_errors_fp(stderr); } return rv; }
/* * NIST SP800-56A co-factor ECDH tests. * KATs taken from NIST documents with parameters: * * - (QCAVSx,QCAVSy) is the public key for CAVS. * - dIUT is the private key for IUT. * - (QIUTx,QIUTy) is the public key for IUT. * - ZIUT is the shared secret KAT. * * CAVS: Cryptographic Algorithm Validation System * IUT: Implementation Under Test * * This function tests two things: * * 1. dIUT * G = (QIUTx,QIUTy) * i.e. public key for IUT computes correctly. * 2. x-coord of cofactor * dIUT * (QCAVSx,QCAVSy) = ZIUT * i.e. co-factor ECDH key computes correctly. * * returns zero on failure or unsupported curve. One otherwise. */ static int ecdh_cavs_kat(BIO *out, const ecdh_cavs_kat_t *kat) { int rv = 0, is_char_two = 0; EC_KEY *key1 = NULL; EC_POINT *pub = NULL; const EC_GROUP *group = NULL; BIGNUM *bnz = NULL, *x = NULL, *y = NULL; unsigned char *Ztmp = NULL, *Z = NULL; size_t Ztmplen, Zlen; BIO_puts(out, "Testing ECC CDH Primitive SP800-56A with "); BIO_puts(out, OBJ_nid2sn(kat->nid)); /* dIUT is IUT's private key */ if ((key1 = mk_eckey(kat->nid, kat->dIUT)) == NULL) goto err; /* these are cofactor ECDH KATs */ EC_KEY_set_flags(key1, EC_FLAG_COFACTOR_ECDH); if ((group = EC_KEY_get0_group(key1)) == NULL) goto err; if ((pub = EC_POINT_new(group)) == NULL) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) is_char_two = 1; /* (QIUTx, QIUTy) is IUT's public key */ if(!BN_hex2bn(&x, kat->QIUTx)) goto err; if(!BN_hex2bn(&y, kat->QIUTy)) goto err; if (is_char_two) { #ifdef OPENSSL_NO_EC2M goto err; #else if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL)) goto err; #endif } else { if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL)) goto err; } /* dIUT * G = (QIUTx, QIUTy) should hold */ if (EC_POINT_cmp(group, EC_KEY_get0_public_key(key1), pub, NULL)) goto err; /* (QCAVSx, QCAVSy) is CAVS's public key */ if(!BN_hex2bn(&x, kat->QCAVSx)) goto err; if(!BN_hex2bn(&y, kat->QCAVSy)) goto err; if (is_char_two) { #ifdef OPENSSL_NO_EC2M goto err; #else if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL)) goto err; #endif } else { if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL)) goto err; } /* ZIUT is the shared secret */ if(!BN_hex2bn(&bnz, kat->ZIUT)) goto err; Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8; Zlen = BN_num_bytes(bnz); if (Zlen > Ztmplen) goto err; if((Ztmp = OPENSSL_zalloc(Ztmplen)) == NULL) goto err; if((Z = OPENSSL_zalloc(Ztmplen)) == NULL) goto err; if(!BN_bn2binpad(bnz, Z, Ztmplen)) goto err; if (!ECDH_compute_key(Ztmp, Ztmplen, pub, key1, 0)) goto err; /* shared secrets should be identical */ if (memcmp(Ztmp, Z, Ztmplen)) goto err; rv = 1; err: EC_KEY_free(key1); EC_POINT_free(pub); BN_free(bnz); BN_free(x); BN_free(y); OPENSSL_free(Ztmp); OPENSSL_free(Z); if (rv) { BIO_puts(out, " ok\n"); } else { fprintf(stderr, "Error in ECC CDH routines\n"); ERR_print_errors_fp(stderr); } return rv; }