Add the RFC 7027 test vectors; from OpenSSL HEAD

author: miod <> 2014-05-24 15:25:38 +0000
committer: miod <> 2014-05-24 15:25:38 +0000
commit: 0f5e6295b9f000530ca134aa55a1318c795accb1 (patch)
tree: e0fb29eca5b3597f5ffcddd50420f405ae570f32
parent: 03c32317f399a254994b5a704297afdf85b96733 (diff)
download: openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.tar.gz
openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.tar.bz2
openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.zip
1 files changed, 171 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/ecdh/ecdhtest.c b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
index 385f6803aa..620424dbdb 100644
--- a/src/regress/lib/libcrypto/ecdh/ecdhtest.c
+++ b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
@@ -229,6 +229,171 @@ err:
        return(ret);
        }
+/* Keys and shared secrets from RFC 7027 */
+static const unsigned char bp256_da[] = {
+        0x81,0xDB,0x1E,0xE1,0x00,0x15,0x0F,0xF2,0xEA,0x33,0x8D,0x70,
+        0x82,0x71,0xBE,0x38,0x30,0x0C,0xB5,0x42,0x41,0xD7,0x99,0x50,
+        0xF7,0x7B,0x06,0x30,0x39,0x80,0x4F,0x1D
+};
+static const unsigned char bp256_db[] = {
+        0x55,0xE4,0x0B,0xC4,0x1E,0x37,0xE3,0xE2,0xAD,0x25,0xC3,0xC6,
+        0x65,0x45,0x11,0xFF,0xA8,0x47,0x4A,0x91,0xA0,0x03,0x20,0x87,
+        0x59,0x38,0x52,0xD3,0xE7,0xD7,0x6B,0xD3
+};
+static const unsigned char bp256_Z[] = {
+        0x89,0xAF,0xC3,0x9D,0x41,0xD3,0xB3,0x27,0x81,0x4B,0x80,0x94,
+        0x0B,0x04,0x25,0x90,0xF9,0x65,0x56,0xEC,0x91,0xE6,0xAE,0x79,
+        0x39,0xBC,0xE3,0x1F,0x3A,0x18,0xBF,0x2B
+};
+static const unsigned char bp384_da[] = {
+        0x1E,0x20,0xF5,0xE0,0x48,0xA5,0x88,0x6F,0x1F,0x15,0x7C,0x74,
+        0xE9,0x1B,0xDE,0x2B,0x98,0xC8,0xB5,0x2D,0x58,0xE5,0x00,0x3D,
+        0x57,0x05,0x3F,0xC4,0xB0,0xBD,0x65,0xD6,0xF1,0x5E,0xB5,0xD1,
+        0xEE,0x16,0x10,0xDF,0x87,0x07,0x95,0x14,0x36,0x27,0xD0,0x42
+};
+static const unsigned char bp384_db[] = {
+        0x03,0x26,0x40,0xBC,0x60,0x03,0xC5,0x92,0x60,0xF7,0x25,0x0C,
+        0x3D,0xB5,0x8C,0xE6,0x47,0xF9,0x8E,0x12,0x60,0xAC,0xCE,0x4A,
+        0xCD,0xA3,0xDD,0x86,0x9F,0x74,0xE0,0x1F,0x8B,0xA5,0xE0,0x32,
+        0x43,0x09,0xDB,0x6A,0x98,0x31,0x49,0x7A,0xBA,0xC9,0x66,0x70
+};
+static const unsigned char bp384_Z[] = {
+        0x0B,0xD9,0xD3,0xA7,0xEA,0x0B,0x3D,0x51,0x9D,0x09,0xD8,0xE4,
+        0x8D,0x07,0x85,0xFB,0x74,0x4A,0x6B,0x35,0x5E,0x63,0x04,0xBC,
+        0x51,0xC2,0x29,0xFB,0xBC,0xE2,0x39,0xBB,0xAD,0xF6,0x40,0x37,
+        0x15,0xC3,0x5D,0x4F,0xB2,0xA5,0x44,0x4F,0x57,0x5D,0x4F,0x42
+};
+static const unsigned char bp512_da[] = {
+        0x16,0x30,0x2F,0xF0,0xDB,0xBB,0x5A,0x8D,0x73,0x3D,0xAB,0x71,
+        0x41,0xC1,0xB4,0x5A,0xCB,0xC8,0x71,0x59,0x39,0x67,0x7F,0x6A,
+        0x56,0x85,0x0A,0x38,0xBD,0x87,0xBD,0x59,0xB0,0x9E,0x80,0x27,
+        0x96,0x09,0xFF,0x33,0x3E,0xB9,0xD4,0xC0,0x61,0x23,0x1F,0xB2,
+        0x6F,0x92,0xEE,0xB0,0x49,0x82,0xA5,0xF1,0xD1,0x76,0x4C,0xAD,
+        0x57,0x66,0x54,0x22
+};
+static const unsigned char bp512_db[] = {
+        0x23,0x0E,0x18,0xE1,0xBC,0xC8,0x8A,0x36,0x2F,0xA5,0x4E,0x4E,
+        0xA3,0x90,0x20,0x09,0x29,0x2F,0x7F,0x80,0x33,0x62,0x4F,0xD4,
+        0x71,0xB5,0xD8,0xAC,0xE4,0x9D,0x12,0xCF,0xAB,0xBC,0x19,0x96,
+        0x3D,0xAB,0x8E,0x2F,0x1E,0xBA,0x00,0xBF,0xFB,0x29,0xE4,0xD7,
+        0x2D,0x13,0xF2,0x22,0x45,0x62,0xF4,0x05,0xCB,0x80,0x50,0x36,
+        0x66,0xB2,0x54,0x29
+};
+static const unsigned char bp512_Z[] = {
+        0xA7,0x92,0x70,0x98,0x65,0x5F,0x1F,0x99,0x76,0xFA,0x50,0xA9,
+        0xD5,0x66,0x86,0x5D,0xC5,0x30,0x33,0x18,0x46,0x38,0x1C,0x87,
+        0x25,0x6B,0xAF,0x32,0x26,0x24,0x4B,0x76,0xD3,0x64,0x03,0xC0,
+        0x24,0xD7,0xBB,0xF0,0xAA,0x08,0x03,0xEA,0xFF,0x40,0x5D,0x3D,
+        0x24,0xF1,0x1A,0x9B,0x5C,0x0B,0xEF,0x67,0x9F,0xE1,0x45,0x4B,
+        0x21,0xC4,0xCD,0x1F
+};
+/* Given private value and NID, create EC_KEY structure */
+static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen)
+        {
+        int ok = 0;
+        EC_KEY *k = NULL;
+        BIGNUM *priv = NULL;
+        EC_POINT *pub = NULL;
+        const EC_GROUP *grp;
+        k = EC_KEY_new_by_curve_name(nid);
+        if (!k)
+                goto err;
+        priv = BN_bin2bn(p, plen, NULL);
+        if (!priv)
+                goto err;
+        if (!EC_KEY_set_private_key(k, priv))
+                goto err;
+        grp = EC_KEY_get0_group(k);
+        pub = EC_POINT_new(grp);
+        if (!pub)
+                goto err;
+        if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
+                goto err;
+        if (!EC_KEY_set_public_key(k, pub))
+                goto err;
+        ok = 1;
+        err:
+        if (priv)
+                BN_clear_free(priv);
+        if (pub)
+                EC_POINT_free(pub);
+        if (ok)
+                return k;
+        else if (k)
+                EC_KEY_free(k);
+        return NULL;
+        }
+/* Known answer test: compute shared secret and check it matches
+ * expected value.
+ */
+static int ecdh_kat(BIO *out, const char *cname, int nid,
+                const unsigned char *k1, size_t k1_len,
+                const unsigned char *k2, size_t k2_len,
+                const unsigned char *Z, size_t Zlen)
+        {
+        int rv = 0;
+        EC_KEY *key1 = NULL, *key2 = NULL;
+        unsigned char *Ztmp = NULL;
+        size_t Ztmplen;
+        BIO_puts(out, "Testing ECDH shared secret with ");
+        BIO_puts(out, cname);
+        key1 = mk_eckey(nid, k1, k1_len);
+        key2 = mk_eckey(nid, k2, k2_len);
+        if (!key1 || !key2)
+                goto err;
+        Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7)/8;
+        if (Ztmplen != Zlen)
+                goto err;
+        Ztmp = OPENSSL_malloc(Ztmplen);
+        if (!ECDH_compute_key(Ztmp, Ztmplen,
+                                EC_KEY_get0_public_key(key2), key1, 0))
+                goto err;
+        if (memcmp(Ztmp, Z, Zlen))
+                goto err;
+        memset(Ztmp, 0, Zlen);
+        if (!ECDH_compute_key(Ztmp, Ztmplen,
+                                EC_KEY_get0_public_key(key1), key2, 0))
+                goto err;
+        if (memcmp(Ztmp, Z, Zlen))
+                goto err;
+        rv = 1;
+        err:
+        if (key1)
+                EC_KEY_free(key1);
+        if (key2)
+                EC_KEY_free(key2);
+        if (Ztmp)
+                OPENSSL_free(Ztmp);
+        if (rv)
+                BIO_puts(out, " ok\n");
+        else
+                {
+                fprintf(stderr, "Error in ECDH routines\n");
+                ERR_print_errors_fp(stderr);
+                }
+        return rv;
+        }
+#define test_ecdh_kat(bio, curve, bits) \
+        ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
+                bp##bits##_da, sizeof(bp##bits##_da), \
+                bp##bits##_db, sizeof(bp##bits##_db), \
+                bp##bits##_Z, sizeof(bp##bits##_Z))
 int main(int argc, char *argv[])
        {
        BN_CTX *ctx=NULL;
@@ -260,6 +425,12 @@ int main(int argc, char *argv[])
        if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
 #endif
+        if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
+                goto err;
+        if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
+                goto err;
+        if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
+                goto err;
        ret = 0;
author	miod <>	2014-05-24 15:25:38 +0000
committer	miod <>	2014-05-24 15:25:38 +0000
commit	0f5e6295b9f000530ca134aa55a1318c795accb1 (patch)
tree	e0fb29eca5b3597f5ffcddd50420f405ae570f32
parent	03c32317f399a254994b5a704297afdf85b96733 (diff)
download	openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.tar.gz openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.tar.bz2 openbsd-0f5e6295b9f000530ca134aa55a1318c795accb1.zip

diff --git a/src/regress/lib/libcrypto/ecdh/ecdhtest.c b/src/regress/lib/libcrypto/ecdh/ecdhtest.c index 385f6803aa..620424dbdb 100644 --- a/src/regress/lib/libcrypto/ecdh/ecdhtest.c +++ b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
@@ -229,6 +229,171 @@ err:
229	return(ret);	229	return(ret);
230	}	230	}
231		231
		232	/* Keys and shared secrets from RFC 7027 */
		233
		234	static const unsigned char bp256_da[] = {
		235	0x81,0xDB,0x1E,0xE1,0x00,0x15,0x0F,0xF2,0xEA,0x33,0x8D,0x70,
		236	0x82,0x71,0xBE,0x38,0x30,0x0C,0xB5,0x42,0x41,0xD7,0x99,0x50,
		237	0xF7,0x7B,0x06,0x30,0x39,0x80,0x4F,0x1D
		238	};
		239
		240	static const unsigned char bp256_db[] = {
		241	0x55,0xE4,0x0B,0xC4,0x1E,0x37,0xE3,0xE2,0xAD,0x25,0xC3,0xC6,
		242	0x65,0x45,0x11,0xFF,0xA8,0x47,0x4A,0x91,0xA0,0x03,0x20,0x87,
		243	0x59,0x38,0x52,0xD3,0xE7,0xD7,0x6B,0xD3
		244	};
		245
		246	static const unsigned char bp256_Z[] = {
		247	0x89,0xAF,0xC3,0x9D,0x41,0xD3,0xB3,0x27,0x81,0x4B,0x80,0x94,
		248	0x0B,0x04,0x25,0x90,0xF9,0x65,0x56,0xEC,0x91,0xE6,0xAE,0x79,
		249	0x39,0xBC,0xE3,0x1F,0x3A,0x18,0xBF,0x2B
		250	};
		251
		252	static const unsigned char bp384_da[] = {
		253	0x1E,0x20,0xF5,0xE0,0x48,0xA5,0x88,0x6F,0x1F,0x15,0x7C,0x74,
		254	0xE9,0x1B,0xDE,0x2B,0x98,0xC8,0xB5,0x2D,0x58,0xE5,0x00,0x3D,
		255	0x57,0x05,0x3F,0xC4,0xB0,0xBD,0x65,0xD6,0xF1,0x5E,0xB5,0xD1,
		256	0xEE,0x16,0x10,0xDF,0x87,0x07,0x95,0x14,0x36,0x27,0xD0,0x42
		257	};
		258
		259	static const unsigned char bp384_db[] = {
		260	0x03,0x26,0x40,0xBC,0x60,0x03,0xC5,0x92,0x60,0xF7,0x25,0x0C,
		261	0x3D,0xB5,0x8C,0xE6,0x47,0xF9,0x8E,0x12,0x60,0xAC,0xCE,0x4A,
		262	0xCD,0xA3,0xDD,0x86,0x9F,0x74,0xE0,0x1F,0x8B,0xA5,0xE0,0x32,
		263	0x43,0x09,0xDB,0x6A,0x98,0x31,0x49,0x7A,0xBA,0xC9,0x66,0x70
		264	};
		265
		266	static const unsigned char bp384_Z[] = {
		267	0x0B,0xD9,0xD3,0xA7,0xEA,0x0B,0x3D,0x51,0x9D,0x09,0xD8,0xE4,
		268	0x8D,0x07,0x85,0xFB,0x74,0x4A,0x6B,0x35,0x5E,0x63,0x04,0xBC,
		269	0x51,0xC2,0x29,0xFB,0xBC,0xE2,0x39,0xBB,0xAD,0xF6,0x40,0x37,
		270	0x15,0xC3,0x5D,0x4F,0xB2,0xA5,0x44,0x4F,0x57,0x5D,0x4F,0x42
		271	};
		272
		273	static const unsigned char bp512_da[] = {
		274	0x16,0x30,0x2F,0xF0,0xDB,0xBB,0x5A,0x8D,0x73,0x3D,0xAB,0x71,
		275	0x41,0xC1,0xB4,0x5A,0xCB,0xC8,0x71,0x59,0x39,0x67,0x7F,0x6A,
		276	0x56,0x85,0x0A,0x38,0xBD,0x87,0xBD,0x59,0xB0,0x9E,0x80,0x27,
		277	0x96,0x09,0xFF,0x33,0x3E,0xB9,0xD4,0xC0,0x61,0x23,0x1F,0xB2,
		278	0x6F,0x92,0xEE,0xB0,0x49,0x82,0xA5,0xF1,0xD1,0x76,0x4C,0xAD,
		279	0x57,0x66,0x54,0x22
		280	};
		281
		282	static const unsigned char bp512_db[] = {
		283	0x23,0x0E,0x18,0xE1,0xBC,0xC8,0x8A,0x36,0x2F,0xA5,0x4E,0x4E,
		284	0xA3,0x90,0x20,0x09,0x29,0x2F,0x7F,0x80,0x33,0x62,0x4F,0xD4,
		285	0x71,0xB5,0xD8,0xAC,0xE4,0x9D,0x12,0xCF,0xAB,0xBC,0x19,0x96,
		286	0x3D,0xAB,0x8E,0x2F,0x1E,0xBA,0x00,0xBF,0xFB,0x29,0xE4,0xD7,
		287	0x2D,0x13,0xF2,0x22,0x45,0x62,0xF4,0x05,0xCB,0x80,0x50,0x36,
		288	0x66,0xB2,0x54,0x29
		289	};
		290
		291
		292	static const unsigned char bp512_Z[] = {
		293	0xA7,0x92,0x70,0x98,0x65,0x5F,0x1F,0x99,0x76,0xFA,0x50,0xA9,
		294	0xD5,0x66,0x86,0x5D,0xC5,0x30,0x33,0x18,0x46,0x38,0x1C,0x87,
		295	0x25,0x6B,0xAF,0x32,0x26,0x24,0x4B,0x76,0xD3,0x64,0x03,0xC0,
		296	0x24,0xD7,0xBB,0xF0,0xAA,0x08,0x03,0xEA,0xFF,0x40,0x5D,0x3D,
		297	0x24,0xF1,0x1A,0x9B,0x5C,0x0B,0xEF,0x67,0x9F,0xE1,0x45,0x4B,
		298	0x21,0xC4,0xCD,0x1F
		299	};
		300
		301	/* Given private value and NID, create EC_KEY structure */
		302
		303	static EC_KEY mk_eckey(int nid, const unsigned char p, size_t plen)
		304	{
		305	int ok = 0;
		306	EC_KEY *k = NULL;
		307	BIGNUM *priv = NULL;
		308	EC_POINT *pub = NULL;
		309	const EC_GROUP *grp;
		310	k = EC_KEY_new_by_curve_name(nid);
		311	if (!k)
		312	goto err;
		313	priv = BN_bin2bn(p, plen, NULL);
		314	if (!priv)
		315	goto err;
		316	if (!EC_KEY_set_private_key(k, priv))
		317	goto err;
		318	grp = EC_KEY_get0_group(k);
		319	pub = EC_POINT_new(grp);
		320	if (!pub)
		321	goto err;
		322	if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
		323	goto err;
		324	if (!EC_KEY_set_public_key(k, pub))
		325	goto err;
		326	ok = 1;
		327	err:
		328	if (priv)
		329	BN_clear_free(priv);
		330	if (pub)
		331	EC_POINT_free(pub);
		332	if (ok)
		333	return k;
		334	else if (k)
		335	EC_KEY_free(k);
		336	return NULL;
		337	}
		338
		339	/* Known answer test: compute shared secret and check it matches
		340	* expected value.
		341	*/
		342
		343	static int ecdh_kat(BIO out, const char cname, int nid,
		344	const unsigned char *k1, size_t k1_len,
		345	const unsigned char *k2, size_t k2_len,
		346	const unsigned char *Z, size_t Zlen)
		347	{
		348	int rv = 0;
		349	EC_KEY key1 = NULL, key2 = NULL;
		350	unsigned char *Ztmp = NULL;
		351	size_t Ztmplen;
		352	BIO_puts(out, "Testing ECDH shared secret with ");
		353	BIO_puts(out, cname);
		354	key1 = mk_eckey(nid, k1, k1_len);
		355	key2 = mk_eckey(nid, k2, k2_len);
		356	if (!key1 \|\| !key2)
		357	goto err;
		358	Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7)/8;
		359	if (Ztmplen != Zlen)
		360	goto err;
		361	Ztmp = OPENSSL_malloc(Ztmplen);
		362	if (!ECDH_compute_key(Ztmp, Ztmplen,
		363	EC_KEY_get0_public_key(key2), key1, 0))
		364	goto err;
		365	if (memcmp(Ztmp, Z, Zlen))
		366	goto err;
		367	memset(Ztmp, 0, Zlen);
		368	if (!ECDH_compute_key(Ztmp, Ztmplen,
		369	EC_KEY_get0_public_key(key1), key2, 0))
		370	goto err;
		371	if (memcmp(Ztmp, Z, Zlen))
		372	goto err;
		373	rv = 1;
		374	err:
		375	if (key1)
		376	EC_KEY_free(key1);
		377	if (key2)
		378	EC_KEY_free(key2);
		379	if (Ztmp)
		380	OPENSSL_free(Ztmp);
		381	if (rv)
		382	BIO_puts(out, " ok\n");
		383	else
		384	{
		385	fprintf(stderr, "Error in ECDH routines\n");
		386	ERR_print_errors_fp(stderr);
		387	}
		388	return rv;
		389	}
		390
		391	#define test_ecdh_kat(bio, curve, bits) \
		392	ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
		393	bp##bits##_da, sizeof(bp##bits##_da), \
		394	bp##bits##_db, sizeof(bp##bits##_db), \
		395	bp##bits##_Z, sizeof(bp##bits##_Z))
		396
232	int main(int argc, char *argv[])	397	int main(int argc, char *argv[])
233	{	398	{
234	BN_CTX *ctx=NULL;	399	BN_CTX *ctx=NULL;
@@ -260,6 +425,12 @@ int main(int argc, char *argv[])
260	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;	425	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
261	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;	426	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
262	#endif	427	#endif
		428	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
		429	goto err;
		430	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
		431	goto err;
		432	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
		433	goto err;
263		434
264	ret = 0;	435	ret = 0;
265		436