i0x404
/
torzu
forked from litucks/torzu


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601
							/* BEGIN_HEADER */
#include "mbedtls/ecdh.h"

static int load_public_key( int grp_id, data_t *point,
                            mbedtls_ecp_keypair *ecp )
{
    int ok = 0;
    TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
    TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
                                                &ecp->Q,
                                                point->x,
                                                point->len ) == 0 );
    TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
                                           &ecp->Q ) == 0 );
    ok = 1;
exit:
    return( ok );
}

static int load_private_key( int grp_id, data_t *private_key,
                             mbedtls_ecp_keypair *ecp,
                             rnd_pseudo_info *rnd_info )
{
    int ok = 0;
    TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_binary( &ecp->d,
                                          private_key->x,
                                          private_key->len ) == 0 );
    TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
    /* Calculate the public key from the private key. */
    TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
                                  &ecp->grp.G,
                                  &rnd_pseudo_rand, rnd_info ) == 0 );
    ok = 1;
exit:
    return( ok );
}

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_ECDH_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void ecdh_valid_param( )
{
    TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void ecdh_invalid_param( )
{
    mbedtls_ecp_group grp;
    mbedtls_ecdh_context ctx;
    mbedtls_mpi m;
    mbedtls_ecp_point P;
    mbedtls_ecp_keypair kp;
    size_t olen;
    unsigned char buf[42] = { 0 };
    const unsigned char *buf_null = NULL;
    size_t const buflen = sizeof( buf );
    int invalid_side = 42;
    mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;

    TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );

#if defined(MBEDTLS_ECP_RESTARTABLE)
    TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
#endif /* MBEDTLS_ECP_RESTARTABLE */

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_gen_public( NULL, &m, &P,
                                                     rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_gen_public( &grp, NULL, &P,
                                                     rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_gen_public( &grp, &m, NULL,
                                                     rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_gen_public( &grp, &m, &P,
                                                     NULL, NULL ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
                                                         rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
                                                         rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
                                                         rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
                                                         rnd_std_rand, NULL ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_setup( NULL, valid_grp ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_params( NULL, &olen,
                                                      buf, buflen,
                                                      rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_params( &ctx, NULL,
                                                      buf, buflen,
                                                      rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_params( &ctx, &olen,
                                                      NULL, buflen,
                                                      rnd_std_rand, NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_params( &ctx, &olen,
                                                      buf, buflen,
                                                      NULL, NULL ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_params( NULL,
                                                  (const unsigned char**) &buf,
                                                  buf ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_params( &ctx, &buf_null,
                                                      buf ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_params( &ctx,
                                                  (const unsigned char**) &buf,
                                                  NULL ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_get_params( NULL, &kp,
                                                     MBEDTLS_ECDH_OURS ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_get_params( &ctx, NULL,
                                                     MBEDTLS_ECDH_OURS ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_get_params( &ctx, &kp,
                                                     invalid_side ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_public( NULL, &olen,
                                                      buf, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_public( &ctx, NULL,
                                                      buf, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_public( &ctx, &olen,
                                                      NULL, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_make_public( &ctx, &olen,
                                                      buf, buflen,
                                                      NULL,
                                                      NULL ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_public( NULL, buf, buflen ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                            mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
                                                      rnd_std_rand,
                                                      NULL ) );

exit:
    return;
}
/* END_CASE */

/* BEGIN_CASE */
void ecdh_primitive_random( int id )
{
    mbedtls_ecp_group grp;
    mbedtls_ecp_point qA, qB;
    mbedtls_mpi dA, dB, zA, zB;
    rnd_pseudo_info rnd_info;

    mbedtls_ecp_group_init( &grp );
    mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
    mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
    mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );

    TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );

    TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info )
                 == 0 );
    TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info )
                 == 0 );
    TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
                                      &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
                                      NULL, NULL ) == 0 );

    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );

exit:
    mbedtls_ecp_group_free( &grp );
    mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
    mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
    mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB );
}
/* END_CASE */

/* BEGIN_CASE */
void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
                             char * yA_str, data_t * rnd_buf_B,
                             char * xB_str, char * yB_str, char * z_str )
{
    mbedtls_ecp_group grp;
    mbedtls_ecp_point qA, qB;
    mbedtls_mpi dA, dB, zA, zB, check;
    rnd_buf_info rnd_info_A, rnd_info_B;

    mbedtls_ecp_group_init( &grp );
    mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
    mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
    mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );

    TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );

    rnd_info_A.buf = rnd_buf_A->x;
    rnd_info_A.length = rnd_buf_A->len;

    /* Fix rnd_buf_A->x by shifting it left if necessary */
    if( grp.nbits % 8 != 0 )
    {
        unsigned char shift = 8 - ( grp.nbits % 8 );
        size_t i;

        for( i = 0; i < rnd_info_A.length - 1; i++ )
            rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
                         | rnd_buf_A->x[i+1] >> ( 8 - shift );

        rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
    }

    rnd_info_B.buf = rnd_buf_B->x;
    rnd_info_B.length = rnd_buf_B->len;

    /* Fix rnd_buf_B->x by shifting it left if necessary */
    if( grp.nbits % 8 != 0 )
    {
        unsigned char shift = 8 - ( grp.nbits % 8 );
        size_t i;

        for( i = 0; i < rnd_info_B.length - 1; i++ )
            rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
                         | rnd_buf_B->x[i+1] >> ( 8 - shift );

        rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
    }

    TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
                                  rnd_buffer_rand, &rnd_info_A ) == 0 );
    TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );

    TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
                                  rnd_buffer_rand, &rnd_info_B ) == 0 );
    TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );

    TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );

exit:
    mbedtls_ecp_group_free( &grp );
    mbedtls_ecp_point_free( &qA ); mbedtls_ecp_point_free( &qB );
    mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &dB );
    mbedtls_mpi_free( &zA ); mbedtls_mpi_free( &zB ); mbedtls_mpi_free( &check );
}
/* END_CASE */

/* BEGIN_CASE */
void ecdh_exchange( int id )
{
    mbedtls_ecdh_context srv, cli;
    unsigned char buf[1000];
    const unsigned char *vbuf;
    size_t len;
    rnd_pseudo_info rnd_info;
    unsigned char res_buf[1000];
    size_t res_len;

    mbedtls_ecdh_init( &srv );
    mbedtls_ecdh_init( &cli );
    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );

    TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );

    memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
    TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );

    memset( buf, 0x00, sizeof( buf ) );
    TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );

    TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
                                           NULL, NULL ) == 0 );
    TEST_ASSERT( len == res_len );
    TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );

exit:
    mbedtls_ecdh_free( &srv );
    mbedtls_ecdh_free( &cli );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
                   int enable, int max_ops, int min_restart, int max_restart )
{
    int ret;
    mbedtls_ecdh_context srv, cli;
    unsigned char buf[1000];
    const unsigned char *vbuf;
    size_t len;
    rnd_buf_info rnd_info_A, rnd_info_B;
    int cnt_restart;
    mbedtls_ecp_group grp;

    mbedtls_ecp_group_init( &grp );
    mbedtls_ecdh_init( &srv );
    mbedtls_ecdh_init( &cli );

    rnd_info_A.buf = dA->x;
    rnd_info_A.length = dA->len;

    rnd_info_B.buf = dB->x;
    rnd_info_B.length = dB->len;

    /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
     * in every configuration, therefore we load it separately. */
    TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );

    /* Otherwise we would have to fix the random buffer,
     * as in ecdh_primitive_testvec. */
    TEST_ASSERT( grp.nbits % 8 == 0 );

    TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );

    /* set up restart parameters */
    mbedtls_ecp_set_max_ops( max_ops );

    if( enable )
    {
        mbedtls_ecdh_enable_restart( &srv );
        mbedtls_ecdh_enable_restart( &cli );
    }

    /* server writes its parameters */
    memset( buf, 0x00, sizeof( buf ) );
    len = 0;

    cnt_restart = 0;
    do {
        ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
                                        rnd_buffer_rand, &rnd_info_A );
    } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );

    TEST_ASSERT( ret == 0 );
    TEST_ASSERT( cnt_restart >= min_restart );
    TEST_ASSERT( cnt_restart <= max_restart );

    /* client read server params */
    vbuf = buf;
    TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );

    /* client writes its key share */
    memset( buf, 0x00, sizeof( buf ) );
    len = 0;

    cnt_restart = 0;
    do {
        ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
                                        rnd_buffer_rand, &rnd_info_B );
    } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );

    TEST_ASSERT( ret == 0 );
    TEST_ASSERT( cnt_restart >= min_restart );
    TEST_ASSERT( cnt_restart <= max_restart );

    /* server reads client key share */
    TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );

    /* server computes shared secret */
    memset( buf, 0, sizeof( buf ) );
    len = 0;

    cnt_restart = 0;
    do {
        ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
                                              NULL, NULL );
    } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );

    TEST_ASSERT( ret == 0 );
    TEST_ASSERT( cnt_restart >= min_restart );
    TEST_ASSERT( cnt_restart <= max_restart );

    TEST_ASSERT( len == z->len );
    TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );

    /* client computes shared secret */
    memset( buf, 0, sizeof( buf ) );
    len = 0;

    cnt_restart = 0;
    do {
        ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
                                              NULL, NULL );
    } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );

    TEST_ASSERT( ret == 0 );
    TEST_ASSERT( cnt_restart >= min_restart );
    TEST_ASSERT( cnt_restart <= max_restart );

    TEST_ASSERT( len == z->len );
    TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );

exit:
    mbedtls_ecp_group_free( &grp );
    mbedtls_ecdh_free( &srv );
    mbedtls_ecdh_free( &cli );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
void ecdh_exchange_legacy( int id )
{
    mbedtls_ecdh_context srv, cli;
    unsigned char buf[1000];
    const unsigned char *vbuf;
    size_t len;

    rnd_pseudo_info rnd_info;

    mbedtls_ecdh_init( &srv );
    mbedtls_ecdh_init( &cli );
    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );

    TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );

    memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
    TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
                                   &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );

    memset( buf, 0x00, sizeof( buf ) );
    TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );

    TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
                                           NULL ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );

exit:
    mbedtls_ecdh_free( &srv );
    mbedtls_ecdh_free( &cli );
}
/* END_CASE */

/* BEGIN_CASE */
void ecdh_exchange_calc_secret( int grp_id,
                                data_t *our_private_key,
                                data_t *their_point,
                                int ours_first,
                                data_t *expected )
{
    rnd_pseudo_info rnd_info;
    mbedtls_ecp_keypair our_key;
    mbedtls_ecp_keypair their_key;
    mbedtls_ecdh_context ecdh;
    unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
    size_t shared_secret_length = 0;

    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
    mbedtls_ecdh_init( &ecdh );
    mbedtls_ecp_keypair_init( &our_key );
    mbedtls_ecp_keypair_init( &their_key );

    if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
        goto exit;
    if( ! load_public_key( grp_id, their_point, &their_key ) )
        goto exit;

    /* Import the keys to the ECDH calculation. */
    if( ours_first )
    {
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
    }
    else
    {
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
    }

    /* Perform the ECDH calculation. */
    TEST_ASSERT( mbedtls_ecdh_calc_secret(
                     &ecdh,
                     &shared_secret_length,
                     shared_secret, sizeof( shared_secret ),
                     &rnd_pseudo_rand, &rnd_info ) == 0 );
    TEST_ASSERT( shared_secret_length == expected->len );
    TEST_ASSERT( memcmp( expected->x, shared_secret,
                         shared_secret_length ) == 0 );

exit:
    mbedtls_ecdh_free( &ecdh );
    mbedtls_ecp_keypair_free( &our_key );
    mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */

/* BEGIN_CASE */
void ecdh_exchange_get_params_fail( int our_grp_id,
                                    data_t *our_private_key,
                                    int their_grp_id,
                                    data_t *their_point,
                                    int ours_first,
                                    int expected_ret )
{
    rnd_pseudo_info rnd_info;
    mbedtls_ecp_keypair our_key;
    mbedtls_ecp_keypair their_key;
    mbedtls_ecdh_context ecdh;

    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
    mbedtls_ecdh_init( &ecdh );
    mbedtls_ecp_keypair_init( &our_key );
    mbedtls_ecp_keypair_init( &their_key );

    if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
        goto exit;
    if( ! load_public_key( their_grp_id, their_point, &their_key ) )
        goto exit;

    if( ours_first )
    {
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
                     expected_ret );
    }
    else
    {
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
        TEST_ASSERT( mbedtls_ecdh_get_params(
                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
                     expected_ret );
    }

exit:
    mbedtls_ecdh_free( &ecdh );
    mbedtls_ecp_keypair_free( &our_key );
    mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */