SCLError sTestECC_DH(int keySize)
{
SCLError err = kSCLError_NoErr;
uint8_t pubKey1[256];
size_t pubKeyLen1 = 0;
uint8_t privKey1[256];
size_t privKeyLen1 = 0;
uint8_t pubKey2[256];
size_t pubKeyLen2 = 0;
uint8_t privKey2[256];
size_t privKeyLen2 = 0;
ECC_ContextRef eccPriv = kInvalidECC_ContextRef;
ECC_ContextRef eccPub = kInvalidECC_ContextRef;
uint8_t Z1 [256];
size_t Zlen1;
uint8_t Z2 [256];
size_t Zlen2;
OPTESTLogInfo("\tTesting ECC-DH (%d)\n", keySize);
/* create keys */
OPTESTLogDebug("\t\tGenerate Key 1\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey1, sizeof(pubKey1), &pubKeyLen1);CKERR;
err = ECC_Export(eccPriv, true, privKey1, sizeof(privKey1), &privKeyLen1);CKERR;
OPTESTLogDebug("\t\tKey 1 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen1, privKeyLen1);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey1, (int)pubKeyLen1, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey1, (int)privKeyLen1, 0);
OPTESTLogDebug("\n");
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tGenerate Key 2\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey2, sizeof(pubKey2), &pubKeyLen2);CKERR;
err = ECC_Export(eccPriv, true, privKey2, sizeof(privKey2), &privKeyLen2);CKERR;
OPTESTLogDebug("\t\tKey 2 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen2, privKeyLen2);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey2, (int)pubKeyLen2, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey2, (int)privKeyLen2, 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key1 -> Key2\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey1, privKeyLen1);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey2, pubKeyLen2);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen1 = sizeof(Z1);
err = ECC_SharedSecret(eccPriv, eccPub, Z1, sizeof(Z1), &Zlen1);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z1): (%ld bytes)\n",Zlen1);
dumpHex(IF_LOG_DEBUG, Z1, (int)Zlen1 , 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
// delete keys
if(ECC_ContextRefIsValid(eccPub) ) ECC_Free(eccPub );
eccPub = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key2 -> Key1\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey2, privKeyLen2);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey1, pubKeyLen1);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen2 = sizeof(Z2);
err = ECC_SharedSecret(eccPriv, eccPub, Z2, sizeof(Z2), &Zlen2);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z2): (%ld bytes)\n",Zlen2);
dumpHex(IF_LOG_DEBUG, Z2, (int)Zlen2 , 0);
OPTESTLogDebug("\n");
OPTESTLogVerbose("\t\tCompare Secrets\n");
err = compare2Results(Z1, Zlen1, Z2, Zlen2, kResultFormat_Byte, "ECC Shared Secret");CKERR;
done:
if(eccPriv)
{
ECC_Free(eccPriv);
eccPriv = kInvalidECC_ContextRef;
}
if(eccPub)
{
ECC_Free(eccPub);
eccPub = kInvalidECC_ContextRef;
}
return err;
}
int TestECC_DH()
{
int err = CRYPT_OK;
ECC_ContextRef key1 = NULL;
ECC_ContextRef key2 = NULL;
uint8_t keyBuf[512];
unsigned long keyLen = 0;
uint8_t Z [256];
unsigned long x;
int i;
#define ECC_KEY_SIZE 384
printf("\nTesting ECC-DH (%d)\n\n", ECC_KEY_SIZE);
for(i = 0; i <1; i++)
{
printf("----------Key Set %d ----------\n\n", i);
/* create keys */
err = ECC_Init(&key1); CKERR;
err = ECC_Generate(key1, ECC_KEY_SIZE ); CKERR;
err = ECC_Init(&key2); CKERR;
err = ECC_Generate(key2, ECC_KEY_SIZE ); CKERR;
printf("Key1 \n");
err = ECC_Export(key1, false, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\tPub Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
err = ECC_Export(key1, true, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\n\tPriv Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
printf("\nKey2 \n");
err = ECC_Export(key2, false, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\tPub Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
x = sizeof(Z);
err = ECC_SharedSecret(key1, key2, Z, sizeof(Z), &x);
/* at this point we dont need the ECC keys anymore. Clear them */
printf("\nECC Shared Secret (Z): (%ld bytes)\n",x);
dumpHex(Z, x , 0);
printf("\n");
if(key1)
{
ECC_Free(key1);
key1 = kInvalidECC_ContextRef;
}
if(key2)
{
ECC_Free(key2);
key2 = kInvalidECC_ContextRef;
}
}
done:
if(key1)
{
ECC_Free(key1);
key1 = kInvalidECC_ContextRef;
}
if(key2)
{
ECC_Free(key2);
key2 = kInvalidECC_ContextRef;
}
return err;
}