AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add test vector for ZKP verification

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-08-12 10:09:55 +02:00
parent 6029a85572
commit 967cd7192d
1 changed files with 39 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
library/ecjpake.c
View File

@ -255,37 +255,25 @@ int mbedtls_ecjpake_self_test( int verbose )
} }
#else #else
static const unsigned char ecjpake_test_G[] = {
0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6,
0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33,
0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42,
0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e,
0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40,
0x68, 0x37, 0xbf, 0x51, 0xf5
};
static const unsigned char ecjpake_test_V[] = {
0x04, 0xfa, 0x9a, 0x24, 0x9d, 0x73, 0x6e, 0x30, 0x28, 0xd1, 0x2d, 0xf1,
0xdc, 0xfa, 0x22, 0xd1, 0xed, 0x62, 0x82, 0xbf, 0xab, 0x27, 0x7c, 0x7c,
0x52, 0x56, 0xf3, 0xfd, 0x38, 0x07, 0xa5, 0xae, 0xe0, 0x72, 0xfb, 0x4d,
0x9c, 0x2b, 0xd6, 0xa4, 0x70, 0xf7, 0xb4, 0xd0, 0xbd, 0xfb, 0x4a, 0x94,
0x96, 0xcf, 0xcd, 0xd3, 0x53, 0xf9, 0x90, 0x3c, 0x0a, 0x69, 0xa4, 0x4b,
0x18, 0xc6, 0xd2, 0x9b, 0xb8
};
static const unsigned char ecjpake_test_X[] = { static const unsigned char ecjpake_test_X[] = {
0x04, 0x52, 0xa4, 0xda, 0x90, 0xa5, 0x15, 0x7f, 0xc0, 0xe5, 0x1f, 0x79, 0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19, 0x33,
0x4b, 0xe3, 0xbb, 0x3f, 0x1d, 0xf8, 0xdf, 0xb1, 0xe3, 0x18, 0xa8, 0x10, 0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44, 0xe5,
0xf2, 0x05, 0x2e, 0x64, 0xa8, 0xe8, 0x35, 0x64, 0xe8, 0xe2, 0x8c, 0x17, 0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad, 0xa7,
0x15, 0xab, 0xf7, 0x8d, 0x1f, 0x8b, 0x18, 0x99, 0x6d, 0x6a, 0xb7, 0xbd, 0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62, 0x1f,
0xcc, 0xbe, 0x52, 0x08, 0x1a, 0x3a, 0xe7, 0x65, 0x4b, 0xdf, 0x66, 0x62, 0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9, 0x06,
0xf5, 0x74, 0xe0, 0xfd, 0x80 0x07, 0x31, 0xf6, 0x94, 0xa4
}; };
static const unsigned char ecjpake_test_h[] = { static const unsigned char ecjpake_test_zkp[] = {
0xec, 0xf3, 0x24, 0x46, 0x16, 0xce, 0xa5, 0x34, 0x58, 0x46, 0xd2, 0x45, 0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d, 0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce,
0xba, 0x27, 0x63, 0x36, 0x50, 0xc4, 0x70, 0x3d, 0x56, 0x0c, 0x7a, 0x7c, 0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e, 0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66,
0x51, 0x69, 0xfe, 0xa7, 0xa3, 0xf7, 0x79, 0x10 0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e, 0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0,
0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73, 0x61, 0x0d, 0x34, 0xde, 0x44, 0x24,
0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22, 0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d,
0x74, 0x49, 0x30, 0x8b, 0xab, 0xce, 0x20, 0x72, 0xfe, 0x16, 0x66, 0x29,
0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00, 0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8,
0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b, 0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e,
0x98, 0x34, 0x58
}; };
/* For tests we don't need a secure RNG; /* For tests we don't need a secure RNG;
@ -314,18 +302,15 @@ int mbedtls_ecjpake_self_test( int verbose )
{ {
int ret; int ret;
mbedtls_ecp_group grp; mbedtls_ecp_group grp;
mbedtls_ecp_point G, V, X; mbedtls_ecp_point X;
mbedtls_mpi x, h, h_ref; mbedtls_mpi x;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
unsigned char buf[1000]; unsigned char buf[1000];
unsigned char *p; unsigned char *p;
const unsigned char *end;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &G );
mbedtls_ecp_point_init( &V );
mbedtls_ecp_point_init( &X ); mbedtls_ecp_point_init( &X );
mbedtls_mpi_init( &h_ref );
mbedtls_mpi_init( &h );
mbedtls_mpi_init( &x ); mbedtls_mpi_init( &x );
/* Common to all tests */ /* Common to all tests */
@ -333,24 +318,30 @@ int mbedtls_ecjpake_self_test( int verbose )
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP256R1 ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP256R1 ) );
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " ECJPAKE test #1 (hash): " ); mbedtls_printf( " ECJPAKE test #1 (zkp read): " );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &G, ecjpake_test_G, MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &X,
sizeof( ecjpake_test_G ) ) ); ecjpake_test_X,
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &V, ecjpake_test_V, sizeof( ecjpake_test_X ) ) );
sizeof( ecjpake_test_V ) ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &X, ecjpake_test_X,
sizeof( ecjpake_test_X ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &h_ref, ecjpake_test_h,
sizeof( ecjpake_test_h ) ) );
MBEDTLS_MPI_CHK( ecjpake_hash( md_info, &grp, &G, &V, &X, "client", &h ) ); p = (unsigned char *) ecjpake_test_zkp;
end = ecjpake_test_zkp + sizeof( ecjpake_test_zkp );
MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client",
&p, end ) );
if( mbedtls_mpi_cmp_mpi( &h, &h_ref ) != 0 ) /* Corrupt proof */
memcpy( buf, ecjpake_test_zkp, sizeof( ecjpake_test_zkp ) );
buf[sizeof( ecjpake_test_zkp ) - 1]--;
p = buf;
end = buf + sizeof( ecjpake_test_zkp );
ret = ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client", &p, end );
if( ret != MBEDTLS_ERR_ECP_VERIFY_FAILED )
{ {
ret = 1; ret = 1;
goto cleanup; goto cleanup;
} }
ret = 0;
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "passed\n" ); mbedtls_printf( "passed\n" );
@ -358,16 +349,16 @@ int mbedtls_ecjpake_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " ECJPAKE test #2 (zkp write/read): " ); mbedtls_printf( " ECJPAKE test #2 (zkp write/read): " );
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( &grp, &G, &x, &X, MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( &grp, &grp.G, &x, &X,
ecjpake_lgc, NULL ) ); ecjpake_lgc, NULL ) );
p = buf; p = buf;
MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, &grp, &G, &x, &X, "client", MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, &grp, &grp.G, &x, &X, "client",
&p, buf + sizeof( buf ), &p, buf + sizeof( buf ),
ecjpake_lgc, NULL ) ); ecjpake_lgc, NULL ) );
p = buf; p = buf;
MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &G, &X, "client", MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client",
&p, buf + sizeof( buf ) ) ); &p, buf + sizeof( buf ) ) );
if( verbose != 0 ) if( verbose != 0 )
@ -375,11 +366,7 @@ int mbedtls_ecjpake_self_test( int verbose )
cleanup: cleanup:
mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &G );
mbedtls_ecp_point_free( &V );
mbedtls_ecp_point_free( &X ); mbedtls_ecp_point_free( &X );
mbedtls_mpi_free( &h_ref );
mbedtls_mpi_free( &h );
mbedtls_mpi_free( &x ); mbedtls_mpi_free( &x );
if( ret != 0 ) if( ret != 0 )