2 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
14 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
15 * to the OpenSSL project.
17 * The ECC Code is licensed pursuant to the OpenSSL open source
18 * license provided below.
20 * The ECDH software is originally written by Douglas Stebila of
21 * Sun Microsystems Laboratories.
31 #include <openssl/opensslconf.h> /* for OPENSSL_NO_EC */
32 #include <openssl/crypto.h>
33 #include <openssl/bio.h>
34 #include <openssl/bn.h>
35 #include <openssl/objects.h>
36 #include <openssl/rand.h>
37 #include <openssl/sha.h>
38 #include <openssl/err.h>
41 int main(int argc, char *argv[])
43 printf("No ECDH support\n");
47 # include <openssl/ec.h>
49 static const char rnd_seed[] =
50 "string to make the random number generator think it has entropy";
52 /* Given private value and NID, create EC_KEY structure */
54 static EC_KEY *mk_eckey(int nid, const char *str)
61 k = EC_KEY_new_by_curve_name(nid);
64 if(!BN_hex2bn(&priv, str))
68 if (!EC_KEY_set_private_key(k, priv))
70 grp = EC_KEY_get0_group(k);
71 pub = EC_POINT_new(grp);
74 if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
76 if (!EC_KEY_set_public_key(k, pub))
88 #include "ecdhtest_cavs.h"
91 * NIST SP800-56A co-factor ECDH tests.
92 * KATs taken from NIST documents with parameters:
94 * - (QCAVSx,QCAVSy) is the public key for CAVS.
95 * - dIUT is the private key for IUT.
96 * - (QIUTx,QIUTy) is the public key for IUT.
97 * - ZIUT is the shared secret KAT.
99 * CAVS: Cryptographic Algorithm Validation System
100 * IUT: Implementation Under Test
102 * This function tests two things:
104 * 1. dIUT * G = (QIUTx,QIUTy)
105 * i.e. public key for IUT computes correctly.
106 * 2. x-coord of cofactor * dIUT * (QCAVSx,QCAVSy) = ZIUT
107 * i.e. co-factor ECDH key computes correctly.
109 * returns zero on failure or unsupported curve. One otherwise.
111 static int ecdh_cavs_kat(BIO *out, const ecdh_cavs_kat_t *kat)
113 int rv = 0, is_char_two = 0;
115 EC_POINT *pub = NULL;
116 const EC_GROUP *group = NULL;
117 BIGNUM *bnz = NULL, *x = NULL, *y = NULL;
118 unsigned char *Ztmp = NULL, *Z = NULL;
119 size_t Ztmplen, Zlen;
120 BIO_puts(out, "Testing ECC CDH Primitive SP800-56A with ");
121 BIO_puts(out, OBJ_nid2sn(kat->nid));
123 /* dIUT is IUT's private key */
124 if ((key1 = mk_eckey(kat->nid, kat->dIUT)) == NULL)
126 /* these are cofactor ECDH KATs */
127 EC_KEY_set_flags(key1, EC_FLAG_COFACTOR_ECDH);
129 if ((group = EC_KEY_get0_group(key1)) == NULL)
131 if ((pub = EC_POINT_new(group)) == NULL)
134 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field)
137 /* (QIUTx, QIUTy) is IUT's public key */
138 if(!BN_hex2bn(&x, kat->QIUTx))
140 if(!BN_hex2bn(&y, kat->QIUTy))
143 #ifdef OPENSSL_NO_EC2M
146 if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL))
151 if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL))
154 /* dIUT * G = (QIUTx, QIUTy) should hold */
155 if (EC_POINT_cmp(group, EC_KEY_get0_public_key(key1), pub, NULL))
158 /* (QCAVSx, QCAVSy) is CAVS's public key */
159 if(!BN_hex2bn(&x, kat->QCAVSx))
161 if(!BN_hex2bn(&y, kat->QCAVSy))
164 #ifdef OPENSSL_NO_EC2M
167 if (!EC_POINT_set_affine_coordinates_GF2m(group, pub, x, y, NULL))
172 if (!EC_POINT_set_affine_coordinates_GFp(group, pub, x, y, NULL))
176 /* ZIUT is the shared secret */
177 if(!BN_hex2bn(&bnz, kat->ZIUT))
179 Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8;
180 Zlen = BN_num_bytes(bnz);
183 if((Ztmp = OPENSSL_zalloc(Ztmplen)) == NULL)
185 if((Z = OPENSSL_zalloc(Ztmplen)) == NULL)
187 if(!BN_bn2binpad(bnz, Z, Ztmplen))
189 if (!ECDH_compute_key(Ztmp, Ztmplen, pub, key1, 0))
191 /* shared secrets should be identical */
192 if (memcmp(Ztmp, Z, Ztmplen))
204 BIO_puts(out, " ok\n");
207 fprintf(stderr, "Error in ECC CDH routines\n");
208 ERR_print_errors_fp(stderr);
213 int main(int argc, char *argv[])
219 CRYPTO_set_mem_debug(1);
220 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
222 RAND_seed(rnd_seed, sizeof rnd_seed);
224 out = BIO_new(BIO_s_file());
227 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
229 /* NAMED CURVES TESTS: moved to evptests.txt */
231 /* KATs: moved to evptests.txt */
233 /* NIST SP800-56A co-factor ECDH KATs */
234 for (n = 0; n < (sizeof(ecdh_cavs_kats)/sizeof(ecdh_cavs_kat_t)); n++) {
235 if (!ecdh_cavs_kat(out, &ecdh_cavs_kats[n]))
242 ERR_print_errors_fp(stderr);
245 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
246 if (CRYPTO_mem_leaks_fp(stderr) <= 0)