1160814Ssimon/* crypto/ecdh/ecdhtest.c */ 2160814Ssimon/* ==================================================================== 3160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 4160814Ssimon * 5160814Ssimon * The Elliptic Curve Public-Key Crypto Library (ECC Code) included 6160814Ssimon * herein is developed by SUN MICROSYSTEMS, INC., and is contributed 7160814Ssimon * to the OpenSSL project. 8160814Ssimon * 9160814Ssimon * The ECC Code is licensed pursuant to the OpenSSL open source 10160814Ssimon * license provided below. 11160814Ssimon * 12160814Ssimon * The ECDH software is originally written by Douglas Stebila of 13160814Ssimon * Sun Microsystems Laboratories. 14160814Ssimon * 15160814Ssimon */ 16160814Ssimon/* ==================================================================== 17160814Ssimon * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 18160814Ssimon * 19160814Ssimon * Redistribution and use in source and binary forms, with or without 20160814Ssimon * modification, are permitted provided that the following conditions 21160814Ssimon * are met: 22160814Ssimon * 23160814Ssimon * 1. Redistributions of source code must retain the above copyright 24296341Sdelphij * notice, this list of conditions and the following disclaimer. 25160814Ssimon * 26160814Ssimon * 2. Redistributions in binary form must reproduce the above copyright 27160814Ssimon * notice, this list of conditions and the following disclaimer in 28160814Ssimon * the documentation and/or other materials provided with the 29160814Ssimon * distribution. 30160814Ssimon * 31160814Ssimon * 3. All advertising materials mentioning features or use of this 32160814Ssimon * software must display the following acknowledgment: 33160814Ssimon * "This product includes software developed by the OpenSSL Project 34160814Ssimon * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 35160814Ssimon * 36160814Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 37160814Ssimon * endorse or promote products derived from this software without 38160814Ssimon * prior written permission. For written permission, please contact 39160814Ssimon * openssl-core@openssl.org. 40160814Ssimon * 41160814Ssimon * 5. Products derived from this software may not be called "OpenSSL" 42160814Ssimon * nor may "OpenSSL" appear in their names without prior written 43160814Ssimon * permission of the OpenSSL Project. 44160814Ssimon * 45160814Ssimon * 6. Redistributions of any form whatsoever must retain the following 46160814Ssimon * acknowledgment: 47160814Ssimon * "This product includes software developed by the OpenSSL Project 48160814Ssimon * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 49160814Ssimon * 50160814Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 51160814Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52160814Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 53160814Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 54160814Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 55160814Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 56160814Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 57160814Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 58160814Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 59160814Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 60160814Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 61160814Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 62160814Ssimon * ==================================================================== 63160814Ssimon * 64160814Ssimon * This product includes cryptographic software written by Eric Young 65160814Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 66160814Ssimon * Hudson (tjh@cryptsoft.com). 67160814Ssimon * 68160814Ssimon */ 69160814Ssimon 70160814Ssimon#include <stdio.h> 71160814Ssimon#include <stdlib.h> 72160814Ssimon#include <string.h> 73160814Ssimon 74160814Ssimon#include "../e_os.h" 75160814Ssimon 76296341Sdelphij#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */ 77160814Ssimon#include <openssl/crypto.h> 78160814Ssimon#include <openssl/bio.h> 79160814Ssimon#include <openssl/bn.h> 80160814Ssimon#include <openssl/objects.h> 81160814Ssimon#include <openssl/rand.h> 82160814Ssimon#include <openssl/sha.h> 83160814Ssimon#include <openssl/err.h> 84160814Ssimon 85160814Ssimon#ifdef OPENSSL_NO_ECDH 86160814Ssimonint main(int argc, char *argv[]) 87160814Ssimon{ 88160814Ssimon printf("No ECDH support\n"); 89296341Sdelphij return (0); 90160814Ssimon} 91160814Ssimon#else 92296341Sdelphij# include <openssl/ec.h> 93296341Sdelphij# include <openssl/ecdh.h> 94160814Ssimon 95296341Sdelphij# ifdef OPENSSL_SYS_WIN16 96296341Sdelphij# define MS_CALLBACK _far _loadds 97296341Sdelphij# else 98296341Sdelphij# define MS_CALLBACK 99296341Sdelphij# endif 100160814Ssimon 101296341Sdelphij# if 0 102160814Ssimonstatic void MS_CALLBACK cb(int p, int n, void *arg); 103296341Sdelphij# endif 104160814Ssimon 105296341Sdelphijstatic const char rnd_seed[] = 106296341Sdelphij "string to make the random number generator think it has entropy"; 107160814Ssimon 108160814Ssimonstatic const int KDF1_SHA1_len = 20; 109296341Sdelphijstatic void *KDF1_SHA1(const void *in, size_t inlen, void *out, 110296341Sdelphij size_t *outlen) 111296341Sdelphij{ 112296341Sdelphij# ifndef OPENSSL_NO_SHA 113296341Sdelphij if (*outlen < SHA_DIGEST_LENGTH) 114296341Sdelphij return NULL; 115296341Sdelphij else 116296341Sdelphij *outlen = SHA_DIGEST_LENGTH; 117296341Sdelphij return SHA1(in, inlen, out); 118296341Sdelphij# else 119296341Sdelphij return NULL; 120296341Sdelphij# endif 121296341Sdelphij} 122160814Ssimon 123160814Ssimonstatic int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) 124296341Sdelphij{ 125296341Sdelphij EC_KEY *a = NULL; 126296341Sdelphij EC_KEY *b = NULL; 127296341Sdelphij BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL; 128296341Sdelphij char buf[12]; 129296341Sdelphij unsigned char *abuf = NULL, *bbuf = NULL; 130296341Sdelphij int i, alen, blen, aout, bout, ret = 0; 131296341Sdelphij const EC_GROUP *group; 132160814Ssimon 133296341Sdelphij a = EC_KEY_new_by_curve_name(nid); 134296341Sdelphij b = EC_KEY_new_by_curve_name(nid); 135296341Sdelphij if (a == NULL || b == NULL) 136296341Sdelphij goto err; 137160814Ssimon 138296341Sdelphij group = EC_KEY_get0_group(a); 139160814Ssimon 140296341Sdelphij if ((x_a = BN_new()) == NULL) 141296341Sdelphij goto err; 142296341Sdelphij if ((y_a = BN_new()) == NULL) 143296341Sdelphij goto err; 144296341Sdelphij if ((x_b = BN_new()) == NULL) 145296341Sdelphij goto err; 146296341Sdelphij if ((y_b = BN_new()) == NULL) 147296341Sdelphij goto err; 148160814Ssimon 149296341Sdelphij BIO_puts(out, "Testing key generation with "); 150296341Sdelphij BIO_puts(out, text); 151296341Sdelphij# ifdef NOISY 152296341Sdelphij BIO_puts(out, "\n"); 153296341Sdelphij# else 154296341Sdelphij (void)BIO_flush(out); 155296341Sdelphij# endif 156160814Ssimon 157296341Sdelphij if (!EC_KEY_generate_key(a)) 158296341Sdelphij goto err; 159160814Ssimon 160296341Sdelphij if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == 161296341Sdelphij NID_X9_62_prime_field) { 162296341Sdelphij if (!EC_POINT_get_affine_coordinates_GFp 163296341Sdelphij (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) 164296341Sdelphij goto err; 165296341Sdelphij } 166296341Sdelphij# ifndef OPENSSL_NO_EC2M 167296341Sdelphij else { 168296341Sdelphij if (!EC_POINT_get_affine_coordinates_GF2m(group, 169296341Sdelphij EC_KEY_get0_public_key(a), 170296341Sdelphij x_a, y_a, ctx)) 171296341Sdelphij goto err; 172296341Sdelphij } 173296341Sdelphij# endif 174296341Sdelphij# ifdef NOISY 175296341Sdelphij BIO_puts(out, " pri 1="); 176296341Sdelphij BN_print(out, a->priv_key); 177296341Sdelphij BIO_puts(out, "\n pub 1="); 178296341Sdelphij BN_print(out, x_a); 179296341Sdelphij BIO_puts(out, ","); 180296341Sdelphij BN_print(out, y_a); 181296341Sdelphij BIO_puts(out, "\n"); 182296341Sdelphij# else 183296341Sdelphij BIO_printf(out, " ."); 184296341Sdelphij (void)BIO_flush(out); 185296341Sdelphij# endif 186160814Ssimon 187296341Sdelphij if (!EC_KEY_generate_key(b)) 188296341Sdelphij goto err; 189160814Ssimon 190296341Sdelphij if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == 191296341Sdelphij NID_X9_62_prime_field) { 192296341Sdelphij if (!EC_POINT_get_affine_coordinates_GFp 193296341Sdelphij (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) 194296341Sdelphij goto err; 195296341Sdelphij } 196296341Sdelphij# ifndef OPENSSL_NO_EC2M 197296341Sdelphij else { 198296341Sdelphij if (!EC_POINT_get_affine_coordinates_GF2m(group, 199296341Sdelphij EC_KEY_get0_public_key(b), 200296341Sdelphij x_b, y_b, ctx)) 201296341Sdelphij goto err; 202296341Sdelphij } 203296341Sdelphij# endif 204160814Ssimon 205296341Sdelphij# ifdef NOISY 206296341Sdelphij BIO_puts(out, " pri 2="); 207296341Sdelphij BN_print(out, b->priv_key); 208296341Sdelphij BIO_puts(out, "\n pub 2="); 209296341Sdelphij BN_print(out, x_b); 210296341Sdelphij BIO_puts(out, ","); 211296341Sdelphij BN_print(out, y_b); 212296341Sdelphij BIO_puts(out, "\n"); 213296341Sdelphij# else 214296341Sdelphij BIO_printf(out, "."); 215296341Sdelphij (void)BIO_flush(out); 216296341Sdelphij# endif 217160814Ssimon 218296341Sdelphij alen = KDF1_SHA1_len; 219296341Sdelphij abuf = (unsigned char *)OPENSSL_malloc(alen); 220296341Sdelphij aout = 221296341Sdelphij ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1); 222160814Ssimon 223296341Sdelphij# ifdef NOISY 224296341Sdelphij BIO_puts(out, " key1 ="); 225296341Sdelphij for (i = 0; i < aout; i++) { 226296341Sdelphij sprintf(buf, "%02X", abuf[i]); 227296341Sdelphij BIO_puts(out, buf); 228296341Sdelphij } 229296341Sdelphij BIO_puts(out, "\n"); 230296341Sdelphij# else 231296341Sdelphij BIO_printf(out, "."); 232296341Sdelphij (void)BIO_flush(out); 233296341Sdelphij# endif 234160814Ssimon 235296341Sdelphij blen = KDF1_SHA1_len; 236296341Sdelphij bbuf = (unsigned char *)OPENSSL_malloc(blen); 237296341Sdelphij bout = 238296341Sdelphij ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1); 239160814Ssimon 240296341Sdelphij# ifdef NOISY 241296341Sdelphij BIO_puts(out, " key2 ="); 242296341Sdelphij for (i = 0; i < bout; i++) { 243296341Sdelphij sprintf(buf, "%02X", bbuf[i]); 244296341Sdelphij BIO_puts(out, buf); 245296341Sdelphij } 246296341Sdelphij BIO_puts(out, "\n"); 247296341Sdelphij# else 248296341Sdelphij BIO_printf(out, "."); 249296341Sdelphij (void)BIO_flush(out); 250296341Sdelphij# endif 251160814Ssimon 252296341Sdelphij if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { 253296341Sdelphij# ifndef NOISY 254296341Sdelphij BIO_printf(out, " failed\n\n"); 255296341Sdelphij BIO_printf(out, "key a:\n"); 256296341Sdelphij BIO_printf(out, "private key: "); 257296341Sdelphij BN_print(out, EC_KEY_get0_private_key(a)); 258296341Sdelphij BIO_printf(out, "\n"); 259296341Sdelphij BIO_printf(out, "public key (x,y): "); 260296341Sdelphij BN_print(out, x_a); 261296341Sdelphij BIO_printf(out, ","); 262296341Sdelphij BN_print(out, y_a); 263296341Sdelphij BIO_printf(out, "\nkey b:\n"); 264296341Sdelphij BIO_printf(out, "private key: "); 265296341Sdelphij BN_print(out, EC_KEY_get0_private_key(b)); 266296341Sdelphij BIO_printf(out, "\n"); 267296341Sdelphij BIO_printf(out, "public key (x,y): "); 268296341Sdelphij BN_print(out, x_b); 269296341Sdelphij BIO_printf(out, ","); 270296341Sdelphij BN_print(out, y_b); 271296341Sdelphij BIO_printf(out, "\n"); 272296341Sdelphij BIO_printf(out, "generated key a: "); 273296341Sdelphij for (i = 0; i < bout; i++) { 274296341Sdelphij sprintf(buf, "%02X", bbuf[i]); 275296341Sdelphij BIO_puts(out, buf); 276296341Sdelphij } 277296341Sdelphij BIO_printf(out, "\n"); 278296341Sdelphij BIO_printf(out, "generated key b: "); 279296341Sdelphij for (i = 0; i < aout; i++) { 280296341Sdelphij sprintf(buf, "%02X", abuf[i]); 281296341Sdelphij BIO_puts(out, buf); 282296341Sdelphij } 283296341Sdelphij BIO_printf(out, "\n"); 284296341Sdelphij# endif 285296341Sdelphij fprintf(stderr, "Error in ECDH routines\n"); 286296341Sdelphij ret = 0; 287296341Sdelphij } else { 288296341Sdelphij# ifndef NOISY 289296341Sdelphij BIO_printf(out, " ok\n"); 290296341Sdelphij# endif 291296341Sdelphij ret = 1; 292296341Sdelphij } 293296341Sdelphij err: 294296341Sdelphij ERR_print_errors_fp(stderr); 295160814Ssimon 296296341Sdelphij if (abuf != NULL) 297296341Sdelphij OPENSSL_free(abuf); 298296341Sdelphij if (bbuf != NULL) 299296341Sdelphij OPENSSL_free(bbuf); 300296341Sdelphij if (x_a) 301296341Sdelphij BN_free(x_a); 302296341Sdelphij if (y_a) 303296341Sdelphij BN_free(y_a); 304296341Sdelphij if (x_b) 305296341Sdelphij BN_free(x_b); 306296341Sdelphij if (y_b) 307296341Sdelphij BN_free(y_b); 308296341Sdelphij if (b) 309296341Sdelphij EC_KEY_free(b); 310296341Sdelphij if (a) 311296341Sdelphij EC_KEY_free(a); 312296341Sdelphij return (ret); 313296341Sdelphij} 314296341Sdelphij 315160814Ssimonint main(int argc, char *argv[]) 316296341Sdelphij{ 317296341Sdelphij BN_CTX *ctx = NULL; 318296341Sdelphij int ret = 1; 319296341Sdelphij BIO *out; 320160814Ssimon 321296341Sdelphij CRYPTO_malloc_debug_init(); 322296341Sdelphij CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); 323296341Sdelphij CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 324160814Ssimon 325296341Sdelphij# ifdef OPENSSL_SYS_WIN32 326296341Sdelphij CRYPTO_malloc_init(); 327296341Sdelphij# endif 328160814Ssimon 329296341Sdelphij RAND_seed(rnd_seed, sizeof rnd_seed); 330160814Ssimon 331296341Sdelphij out = BIO_new(BIO_s_file()); 332296341Sdelphij if (out == NULL) 333296341Sdelphij EXIT(1); 334296341Sdelphij BIO_set_fp(out, stdout, BIO_NOCLOSE); 335160814Ssimon 336296341Sdelphij if ((ctx = BN_CTX_new()) == NULL) 337296341Sdelphij goto err; 338160814Ssimon 339296341Sdelphij /* NIST PRIME CURVES TESTS */ 340296341Sdelphij if (!test_ecdh_curve 341296341Sdelphij (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) 342296341Sdelphij goto err; 343296341Sdelphij if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) 344296341Sdelphij goto err; 345296341Sdelphij if (!test_ecdh_curve 346296341Sdelphij (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) 347296341Sdelphij goto err; 348296341Sdelphij if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) 349296341Sdelphij goto err; 350296341Sdelphij if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) 351296341Sdelphij goto err; 352296341Sdelphij# ifndef OPENSSL_NO_EC2M 353296341Sdelphij /* NIST BINARY CURVES TESTS */ 354296341Sdelphij if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) 355296341Sdelphij goto err; 356296341Sdelphij if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) 357296341Sdelphij goto err; 358296341Sdelphij if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) 359296341Sdelphij goto err; 360296341Sdelphij if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) 361296341Sdelphij goto err; 362296341Sdelphij if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) 363296341Sdelphij goto err; 364296341Sdelphij if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) 365296341Sdelphij goto err; 366296341Sdelphij if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) 367296341Sdelphij goto err; 368296341Sdelphij if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) 369296341Sdelphij goto err; 370296341Sdelphij if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) 371296341Sdelphij goto err; 372296341Sdelphij if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) 373296341Sdelphij goto err; 374296341Sdelphij# endif 375160814Ssimon 376296341Sdelphij ret = 0; 377160814Ssimon 378296341Sdelphij err: 379296341Sdelphij ERR_print_errors_fp(stderr); 380296341Sdelphij if (ctx) 381296341Sdelphij BN_CTX_free(ctx); 382296341Sdelphij BIO_free(out); 383296341Sdelphij CRYPTO_cleanup_all_ex_data(); 384296341Sdelphij ERR_remove_thread_state(NULL); 385296341Sdelphij CRYPTO_mem_leaks_fp(stderr); 386296341Sdelphij EXIT(ret); 387296341Sdelphij return (ret); 388296341Sdelphij} 389160814Ssimon 390296341Sdelphij# if 0 391160814Ssimonstatic void MS_CALLBACK cb(int p, int n, void *arg) 392296341Sdelphij{ 393296341Sdelphij char c = '*'; 394160814Ssimon 395296341Sdelphij if (p == 0) 396296341Sdelphij c = '.'; 397296341Sdelphij if (p == 1) 398296341Sdelphij c = '+'; 399296341Sdelphij if (p == 2) 400296341Sdelphij c = '*'; 401296341Sdelphij if (p == 3) 402296341Sdelphij c = '\n'; 403296341Sdelphij BIO_write((BIO *)arg, &c, 1); 404296341Sdelphij (void)BIO_flush((BIO *)arg); 405296341Sdelphij# ifdef LINT 406296341Sdelphij p = n; 407296341Sdelphij# endif 408296341Sdelphij} 409296341Sdelphij# endif 410160814Ssimon#endif 411