From e6886102ef23ad38dd8e3ac8df1e26f34c22c75e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 18:22:06 +0200 Subject: [PATCH 01/15] New function mbedtls_ecp_keypair_get_group_id Add a simple function to get the group id from a key object. This information is available via mbedtls_ecp_export, but that function consumes a lot of memory, which is a waste if all you need is to identify the curve. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 12 ++++++++++++ library/ecp.c | 6 ++++++ tests/suites/test_suite_ecp.function | 6 ++++++ 3 files changed, 24 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7f5e88080..a29a6f7a6 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1323,6 +1323,18 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Query the group that a key pair belongs to. + * + * \param key The key pair to query. + * + * \return The group ID for the group registered in the key pair + * object. + * This is \c MBEDTLS_ECP_DP_NONE if no group has been set + * in the key pair object. + */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key); + /** * \brief This function exports generic key-pair parameters. * diff --git a/library/ecp.c b/library/ecp.c index ee86cbc6e..351e9e8fe 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3357,6 +3357,12 @@ cleanup: } #endif /* MBEDTLS_ECP_C */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key) +{ + return key->grp.id; +} + /* * Export generic key-pair parameters. */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 575162480..58d54ed08 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1030,6 +1030,7 @@ void mbedtls_ecp_gen_key(int id) &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), id); TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0); TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0); @@ -1052,6 +1053,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_ASSERT(ret == expected); if (expected == 0) { + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), grp_id); ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); @@ -1233,6 +1235,10 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Check consistency with the group id */ + TEST_EQUAL(export_grp.id, + mbedtls_ecp_keypair_get_group_id(&key)); } exit: From ba5b5d67aa10e3c7dc5d2136efc226368df1b262 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 18:24:04 +0200 Subject: [PATCH 02/15] Support partial export from mbedtls_ecp_keypair Sometimes you don't need to have all the parts of a key pair object. Relax the behavior of mbedtls_ecp_keypair so that you can extract just the parts that you need. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 9 ++++++--- library/ecp.c | 6 +++--- tests/suites/test_suite_ecp.function | 14 ++++++++++++++ 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index a29a6f7a6..9effb725d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1338,13 +1338,16 @@ mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( /** * \brief This function exports generic key-pair parameters. * + * Each of the output parameters can be a null pointer + * if you do not need that parameter. + * * \param key The key pair to export from. * \param grp Slot for exported ECP group. - * It must point to an initialized ECP group. + * It must either be null or point to an initialized ECP group. * \param d Slot for the exported secret value. - * It must point to an initialized mpi. + * It must either be null or point to an initialized mpi. * \param Q Slot for the exported public value. - * It must point to an initialized ECP point. + * It must either be null or point to an initialized ECP point. * * \return \c 0 on success, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. diff --git a/library/ecp.c b/library/ecp.c index 351e9e8fe..b4da3c50f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3371,15 +3371,15 @@ int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { + if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { return ret; } - if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) { + if (d != NULL && (ret = mbedtls_mpi_copy(d, &key->d)) != 0) { return ret; } - if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { + if (Q != NULL && (ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { return ret; } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 58d54ed08..a4c86e283 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1239,6 +1239,20 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval /* Check consistency with the group id */ TEST_EQUAL(export_grp.id, mbedtls_ecp_keypair_get_group_id(&key)); + + /* Test null arguments */ + mbedtls_ecp_group_free(&export_grp); + mbedtls_mpi_free(&export_d); + mbedtls_ecp_point_free(&export_Q); + mbedtls_ecp_group_init(&export_grp); + mbedtls_mpi_init(&export_d); + mbedtls_ecp_point_init(&export_Q); + TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0); + TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); } exit: From 091a85a7624aa452f46d3090718631907c04f215 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 19:51:28 +0200 Subject: [PATCH 03/15] Promise mbedtls_ecp_read_key doesn't overwrite the public key Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 10 ++++++++++ tests/suites/test_suite_ecp.function | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 9effb725d..f1690085a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1262,6 +1262,16 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, /** * \brief This function reads an elliptic curve private key. * + * \note This function does not set the public key in the + * key pair object. Without a public key, the key pair object + * cannot be used with operations that require the public key. + * + * \note If a public key has already been set in the key pair + * object, this function does not check that it is consistent + * with the private key. Call mbedtls_ecp_check_pub_priv() + * after setting both the public key and the private key + * to make that check. + * * \param grp_id The ECP group identifier. * \param key The destination key. * \param buf The buffer containing the binary representation of the diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a4c86e283..aefb57a58 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1044,11 +1044,16 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica { int ret = 0; mbedtls_ecp_keypair key; - mbedtls_ecp_keypair key2; - mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_keypair key2; mbedtls_ecp_keypair_init(&key2); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0); +#endif + ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len); TEST_ASSERT(ret == expected); @@ -1057,6 +1062,12 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); +#endif + if (canonical) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; From 28240323d3246908aff6379022bebf5678673c98 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 19:52:11 +0200 Subject: [PATCH 04/15] New function mbedtls_ecp_set_public_key Set the public key in a key pair. This complements mbedtls_ecp_read_key and the functions can be used in either order. Document the need to call check functions separately. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 32 +++++++++ library/ecp.c | 19 +++++ tests/suites/test_suite_ecp.data | 42 +++++++++++ tests/suites/test_suite_ecp.function | 103 +++++++++++++++++++++++++++ 4 files changed, 196 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f1690085a..96f030d1f 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1259,6 +1259,38 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Set the public key in a key pair object. + * + * \note This function does not check that the point actually + * belongs to the given group. Call mbedtls_ecp_check_pubkey() + * on \p Q before calling this function to check that. + * + * \note This function does not check that the public key matches + * the private key that is already in \p key, if any. + * To check the consistency of the resulting key pair object, + * call mbedtls_ecp_check_pub_priv() after setting both + * the public key and the private key. + * + * \param grp_id The ECP group identifier. + * \param key The key pair object. It must be initialized. + * If its group has already been set, it must match \p grp_id. + * If its group has not been set, it will be set to \p grp_id. + * If the public key has already been set, it is overwritten. + * \param Q The public key to copy. This must be a point on the + * curve indicated by \p grp_id. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not + * match \p grp_id. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for + * the group is not implemented. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q); + /** * \brief This function reads an elliptic curve private key. * diff --git a/library/ecp.c b/library/ecp.c index b4da3c50f..bb0cf6905 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3198,6 +3198,25 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, } #endif /* MBEDTLS_ECP_C */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (key->grp.id == MBEDTLS_ECP_DP_NONE) { + /* Group not set yet */ + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { + return ret; + } + } else if (key->grp.id != grp_id) { + /* Group mismatch */ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return mbedtls_ecp_copy(&key->Q, Q); +} + + #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 /* diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 100299195..8bf288b79 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -581,6 +581,48 @@ genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffff ECP generate Montgomery key: Curve448, not enough entropy genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":"" +ECP set public key: invalid group (0) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_NONE:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: valid group (secp256r1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:0 + +ECP set public key: group not supported (secp256r1) +depends_on:!MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: bad group (not in enum) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_MAX:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: secp256r1 then secp256k1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256K1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: secp256r1 then secp384r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP384R1:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + +ECP set public key after private: secp384r1 then secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP384R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + ECP read key #1 (short weierstrass, too small) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index aefb57a58..53b78d900 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1039,6 +1039,109 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_set_public_key_group_check(int grp_id, int expected_ret) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), + expected_ret); + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_good(int grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + + /* Freshly initialized key */ + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); + +#if defined(MBEDTLS_BIGNUM_C) + /* Key with a public key already set to a different value */ + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Z, &key.Q.Z, 1), 0); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); +#endif + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, + int public_grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_mpi d; + mbedtls_mpi_init(&d); +#endif + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key, + private_data->x, private_data->len), + 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0); +#endif + + int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q); + + if (private_grp_id == public_grp_id) { + TEST_EQUAL(ret, 0); + TEST_EQUAL(key.grp.id, public_grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0); +#endif + } else { + TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + } + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_mpi_free(&d); +#endif +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical) { From 7ea72026cde2d9c9e0cc6141f0d8f34493163189 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 20:39:08 +0200 Subject: [PATCH 05/15] New function mbedtls_ecp_keypair_calc_public For when you calculate or import a private key, and then need to calculate the public key. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 17 ++++++++++++++ library/ecp.c | 8 +++++++ tests/suites/test_suite_ecp.data | 18 +++++++++++++++ tests/suites/test_suite_ecp.function | 34 ++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 96f030d1f..1847f2cb2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1365,6 +1365,23 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Calculate the public key from a private key in a key pair. + * + * \param key A keypair structure. It must have a private key set. + * If the public key is set, it will be overwritten. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. + * + * \return \c 0 on success. The key pair object can be used for + * operations that require the public key. + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on calculation failure. + */ +int mbedtls_ecp_keypair_calc_public( + mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + /** \brief Query the group that a key pair belongs to. * * \param key The key pair to query. diff --git a/library/ecp.c b/library/ecp.c index bb0cf6905..43f7d6930 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3374,6 +3374,14 @@ cleanup: return ret; } + +int mbedtls_ecp_keypair_calc_public(mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, + f_rng, p_rng); +} #endif /* MBEDTLS_ECP_C */ mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 8bf288b79..01fdc477f 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -529,6 +529,24 @@ ECP check public-private #7 (wrong Qy) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_ecp_check_pub_priv:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ERR_ECP_BAD_INPUT_DATA +ECP calculate public: secp256r1, good +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff" + +ECP calculate public: secp256r1, private value out of range +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_ECP_INVALID_KEY:"" + +# Alice's private key from rfc 7748, masked and adjusted for endianness +# because the test function wants the little-endian representation. +ECP calculate public: Curve25519, good +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"6a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":0:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP calculate public: Curve25519, private value not masked +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"2a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":MBEDTLS_ERR_ECP_INVALID_KEY:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + ECP gen keypair [#1] depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_gen_keypair:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 53b78d900..8c8d32699 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -988,6 +988,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ +void ecp_calc_public(int grp_id, data_t *private, + int expected_ret, data_t *expected_public) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_test_rnd_pseudo_info rnd_info; + memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); + + TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); + TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, private->x, private->len), 0); + + TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(mbedtls_ecp_check_pub_priv(&key, &key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + 0); + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; + size_t length; + TEST_EQUAL(mbedtls_ecp_point_write_binary(&key.grp, &key.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &length, buf, sizeof(buf)), + 0); + ASSERT_COMPARE(expected_public->x, expected_public->len, buf, length); + } + +exit: + mbedtls_ecp_keypair_free(&key); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ void mbedtls_ecp_gen_keypair(int id) { From ad5e437c8e185d6a6d5ffc5c6e295475d560669c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 21:59:46 +0100 Subject: [PATCH 06/15] mbedtls_ecp_read_key: explain how to set the public key Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1847f2cb2..fc0a7636b 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1297,6 +1297,11 @@ int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, * \note This function does not set the public key in the * key pair object. Without a public key, the key pair object * cannot be used with operations that require the public key. + * Call mbedtls_ecp_keypair_calc_public() to set the public + * key from the private key. Alternatively, you can call + * mbedtls_ecp_set_public_key() to set the public key part, + * and then optionally mbedtls_ecp_check_pub_priv() to check + * that the private and public parts are consistent. * * \note If a public key has already been set in the key pair * object, this function does not check that it is consistent From 6dd87384ae26c5c828997b582b78265f7c355d50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 20:27:19 +0200 Subject: [PATCH 07/15] Rename variable that's a C++ keyword It gave uncrustify trouble (https://github.com/uncrustify/uncrustify/issues/4044) Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 8c8d32699..354a92cec 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -989,7 +989,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ -void ecp_calc_public(int grp_id, data_t *private, +void ecp_calc_public(int grp_id, data_t *private_data, int expected_ret, data_t *expected_public) { mbedtls_ecp_keypair key; @@ -998,7 +998,8 @@ void ecp_calc_public(int grp_id, data_t *private, memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); - TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, private->x, private->len), 0); + TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, + private_data->x, private_data->len), 0); TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key, &mbedtls_test_rnd_pseudo_rand, &rnd_info), From 62e33bcc64c05027a5873830b7a26dbdbb84f282 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 22:27:32 +0200 Subject: [PATCH 08/15] New function mbedtls_ecp_write_public_key Directly export the public part of a key pair without having to go through intermediate objects (using mbedtls_ecp_point_write_binary would require a group object and a point object). Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 26 ++++++++++++++++++++++++ library/ecp.c | 12 +++++++++++ tests/suites/test_suite_ecp.function | 30 +++++++++++++++++++--------- 3 files changed, 59 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index fc0a7636b..619a8a51a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1346,6 +1346,32 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, unsigned char *buf, size_t buflen); +/** + * \brief This function exports an elliptic curve public key. + * + * \param key The public key. + * \param format The point format. This must be either + * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. + * (For groups without these formats, this parameter is + * ignored. But it still has to be either of the above + * values.) + * \param olen The address at which to store the length of + * the output in Bytes. This must not be \c NULL. + * \param buf The output buffer. This must be a writable buffer + * of length \p buflen Bytes. + * \param buflen The length of the output buffer \p buf in Bytes. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer + * is too small to hold the point. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format + * or the export for the given group is not implemented. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen); + /** * \brief This function checks that the keypair objects * \p pub and \p prv have the same group and the diff --git a/library/ecp.c b/library/ecp.c index 43f7d6930..12924bf32 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3333,6 +3333,18 @@ cleanup: return ret; } +/* + * Write a public key. + */ +int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen) +{ + return mbedtls_ecp_point_write_binary(&key->grp, &key->Q, + format, olen, buf, buflen); +} + + #if defined(MBEDTLS_ECP_C) /* * Check a public-private key pair diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 354a92cec..ced4ca387 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -590,29 +590,41 @@ void ecp_write_binary(int id, char *x, char *y, char *z, int format, { mbedtls_ecp_group grp; mbedtls_ecp_point P; + mbedtls_ecp_keypair key; unsigned char buf[256]; size_t olen; memset(buf, 0, sizeof(buf)); mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P); + mbedtls_ecp_keypair_init(&key); - TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); + TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0); - - TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format, - &olen, buf, blen) == ret); + TEST_EQUAL(mbedtls_test_read_mpi(&P.X, x), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Y, y), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Z, z), 0); + TEST_EQUAL(mbedtls_ecp_point_write_binary(&grp, &P, format, + &olen, buf, blen), ret); if (ret == 0) { - TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN); - TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0); + TEST_LE_U(olen, MBEDTLS_ECP_MAX_PT_LEN); + ASSERT_COMPARE(buf, olen, + out->x, out->len); + } + + memset(buf, 0, blen); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp.id, &key, &P), 0); + TEST_EQUAL(mbedtls_ecp_write_public_key(&key, format, + &olen, buf, blen), ret); + if (ret == 0) { + ASSERT_COMPARE(buf, olen, + out->x, out->len); } exit: mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P); + mbedtls_ecp_keypair_free(&key); } /* END_CASE */ From 52cc2a6368872eb2116bc3ed1066e884920e91fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 22:32:05 +0200 Subject: [PATCH 09/15] Use new mbedtls_ecp_keypair functions in sample programs This eliminates the use of MBEDTLS_PRIVATE in sample programs to access fields of an mbedtls_ecp_keypair structure. When displaying elliptic curve points, the program now display the coordinates in the standard form instead of the internal representation. The auxiliary function show_ecp_key is present in three programs. It's more complex than the previous code which was also triplicated. There's no good place for such auxiliary functions that don't belong in the library and are used in multiple sample programs. Signed-off-by: Gilles Peskine --- programs/pkey/ecdsa.c | 23 +++++---- programs/pkey/gen_key.c | 75 ++++++++++++++++++++++++--- programs/pkey/key_app.c | 94 ++++++++++++++++++++++++++-------- programs/pkey/key_app_writer.c | 82 +++++++++++++++++++++++++---- 4 files changed, 228 insertions(+), 46 deletions(-) diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index afd6fb31a..5664b8c4e 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -60,8 +60,8 @@ static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) unsigned char buf[300]; size_t len; - if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q), - MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) { + if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf)) != 0) { mbedtls_printf("internal error\n"); return; } @@ -79,6 +79,8 @@ int main(int argc, char *argv[]) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_ecdsa_context ctx_sign, ctx_verify; + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char message[100]; @@ -128,7 +130,10 @@ int main(int argc, char *argv[]) goto exit; } - mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits); + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id(grp_id); + mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); dump_pubkey(" + Public key: ", &ctx_sign); @@ -174,16 +179,13 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Preparing verification context..."); fflush(stdout); - if ((ret = - mbedtls_ecp_group_copy(&ctx_verify.MBEDTLS_PRIVATE(grp), - &ctx_sign.MBEDTLS_PRIVATE(grp))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); goto exit; } - if ((ret = - mbedtls_ecp_copy(&ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); goto exit; } @@ -208,6 +210,7 @@ exit: mbedtls_ecdsa_free(&ctx_verify); mbedtls_ecdsa_free(&ctx_sign); + mbedtls_ecp_point_free(&Q); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f6bb23787..cbdf5b760 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -160,6 +160,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -365,12 +430,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_printf("curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name); - mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf(" ! key type not supported\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 194c4102d..e3a696605 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -53,6 +53,71 @@ int main(void) #else +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + /* * global options */ @@ -219,17 +284,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { @@ -269,16 +327,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index c07c56464..cc4c4dc72 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -176,6 +176,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -338,11 +403,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); - mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); @@ -384,10 +448,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); From 9552a52f5f334bf0f0eba5bcb8221c9d6ff29ea1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 23 Dec 2023 18:44:20 +0100 Subject: [PATCH 10/15] Declare dependency on bignum in sample programs Signed-off-by: Gilles Peskine --- programs/pkey/gen_key.c | 32 +++++++++++++----------------- programs/pkey/key_app_writer.c | 36 +++++++++++++++------------------- 2 files changed, 30 insertions(+), 38 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index cbdf5b760..6914c9390 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -9,8 +9,19 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " + "not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/ecdsa.h" @@ -61,7 +72,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, return 0; } #endif /* !_WIN32 */ -#endif #if defined(MBEDTLS_ECP_C) #define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id @@ -96,19 +106,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, USAGE_DEV_RANDOM \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C" - "not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -478,5 +475,4 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && - * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index cc4c4dc72..60f992e43 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -9,9 +9,21 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ - defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/error.h" @@ -21,7 +33,6 @@ #include #include -#endif #if defined(MBEDTLS_PEM_WRITE_C) #define USAGE_OUT \ @@ -66,20 +77,6 @@ USAGE_OUT \ "\n" -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -495,5 +492,4 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ From 3b17ae78d2123cfb8f1596ff4a9c85d288ba50c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Jun 2023 11:08:39 +0200 Subject: [PATCH 11/15] Add ECP-heavy-only test cases to the driver parity analysis ignore list Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d3ea8c0e1..96d4e46bb 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -325,6 +325,7 @@ KNOWN_TASKS = { # is required. 'test_suite_ecp': [ re.compile(r'ECP check public-private .*'), + re.compile(r'ECP calculate public: .*'), re.compile(r'ECP gen keypair .*'), re.compile(r'ECP point muladd .*'), re.compile(r'ECP point multiplication .*'), From 28e9d86cbc23ea4f202f9dc639cd3a2925dbc5fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 20:40:55 +0200 Subject: [PATCH 12/15] Changelog entry for the new ECP functions Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp-keypair-utilities.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/ecp-keypair-utilities.txt diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt new file mode 100644 index 000000000..6f9714aaa --- /dev/null +++ b/ChangeLog.d/ecp-keypair-utilities.txt @@ -0,0 +1,5 @@ +Features + * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling + gaps made by making its fields private: mbedtls_ecp_set_public_key(), + mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), + mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. From 39b7bba8a08ad1fd171659ea8f231627a6f3367c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 17:56:54 +0100 Subject: [PATCH 13/15] Make input parameter const Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 2 +- library/ecp.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 619a8a51a..76aef32fb 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1368,7 +1368,7 @@ int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, * or the export for the given group is not implemented. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, int format, size_t *olen, unsigned char *buf, size_t buflen); diff --git a/library/ecp.c b/library/ecp.c index 12924bf32..758d54bd7 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3336,7 +3336,7 @@ cleanup: /* * Write a public key. */ -int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, int format, size_t *olen, unsigned char *buf, size_t buflen) { From 5d867872dda985052ac9304f06f7060f4f15e261 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 17:57:51 +0100 Subject: [PATCH 14/15] Improve readability of null-argument tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index ced4ca387..c8be4e581 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1401,17 +1401,21 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval TEST_EQUAL(export_grp.id, mbedtls_ecp_keypair_get_group_id(&key)); - /* Test null arguments */ + /* Test null arguments: grp only */ mbedtls_ecp_group_free(&export_grp); - mbedtls_mpi_free(&export_d); - mbedtls_ecp_point_free(&export_Q); mbedtls_ecp_group_init(&export_grp); - mbedtls_mpi_init(&export_d); - mbedtls_ecp_point_init(&export_Q); TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0); TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Test null arguments: d only */ + mbedtls_mpi_free(&export_d); + mbedtls_mpi_init(&export_d); TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); + + /* Test null arguments: Q only */ + mbedtls_ecp_point_free(&export_Q); + mbedtls_ecp_point_init(&export_Q); TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); } From a10d112e456bfebab8a55757d8ef1efc7d90e54d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 14:08:10 +0100 Subject: [PATCH 15/15] Remove useless guards on MBEDTLS_BIGNUM_C All of ECP requires the bignum module and there is no plan to change that, so guarding a few bits of code is just noise. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index c8be4e581..295fe7f15 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1123,7 +1123,6 @@ void ecp_set_public_key_good(int grp_id, data_t *public_data) TEST_EQUAL(key.grp.id, grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#if defined(MBEDTLS_BIGNUM_C) /* Key with a public key already set to a different value */ TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0); @@ -1131,7 +1130,6 @@ void ecp_set_public_key_good(int grp_id, data_t *public_data) TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); TEST_EQUAL(key.grp.id, grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#endif exit: mbedtls_ecp_keypair_free(&key); @@ -1150,10 +1148,8 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, mbedtls_ecp_group_init(&grp); mbedtls_ecp_point Q; mbedtls_ecp_point_init(&Q); -#if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi d; mbedtls_mpi_init(&d); -#endif TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0); TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, @@ -1162,9 +1158,7 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key, private_data->x, private_data->len), 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0); -#endif int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q); @@ -1172,9 +1166,7 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, TEST_EQUAL(ret, 0); TEST_EQUAL(key.grp.id, public_grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0); -#endif } else { TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } @@ -1183,9 +1175,7 @@ exit: mbedtls_ecp_keypair_free(&key); mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&Q); -#if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi_free(&d); -#endif } /* END_CASE */ @@ -1198,11 +1188,9 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica mbedtls_ecp_keypair key2; mbedtls_ecp_keypair_init(&key2); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0); -#endif ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len); TEST_ASSERT(ret == expected); @@ -1212,11 +1200,9 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); -#endif if (canonical) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES];