Merge pull request #5642 from mprse/ecp_export

Add ECP keypair export function

ChangeLog.d/mbedtls_ecp_export.txt

@@ -0,0 +1,3 @@
+Features
+   * Add mbedtls_ecp_export() function to export ECP
+     keypair parameters. Fixes #4838.

include/mbedtls/ecp.h

@@ -1278,6 +1278,26 @@ int mbedtls_ecp_check_pub_priv(
         const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
+/**
+ * \brief           This function exports generic key-pair parameters.
+ *
+ * \param key       The key pair to export from.
+ * \param grp       Slot for exported ECP group.
+ *                  It must point to an initialized ECP group.
+ * \param d         Slot for the exported secret value.
+ *                  It must point to an initialized mpi.
+ * \param Q         Slot for the exported public value.
+ *                  It must point to an initialized ECP point.
+ *
+ * \return          \c 0 on success,
+ * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+ *                  correspond to a known group.
+ * \return          Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+                       mbedtls_mpi *d, mbedtls_ecp_point *Q);
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**

library/ecp.c

@@ -3356,6 +3356,26 @@ int mbedtls_ecp_check_pub_priv(
     return( ret );
 }
 
+/*
+ * Export generic key-pair parameters.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+                       mbedtls_mpi *d, mbedtls_ecp_point *Q)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    if( ( ret = mbedtls_ecp_group_copy( grp, &key->grp ) ) != 0 )
+        return ret;
+
+    if( ( ret = mbedtls_mpi_copy( d, &key->d ) ) != 0 )
+        return ret;
+
+    if( ( ret = mbedtls_ecp_copy( Q, &key->Q ) ) != 0 )
+        return ret;
+
+    return 0;
+}
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /*

tests/suites/test_suite_ecp.data

@@ -882,3 +882,11 @@ fix_negative:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":
 # The first call to fix_negative in the test case of issue #4296.
 ECP fix_negative: #4296.1
 fix_negative:"8A4DD4C8B42C5EAED15FE4F4579F4CE513EC90A94010BF000000000000000000":-1:256
+
+ECP export key parameters #1 (OK)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:0
+
+ECP export key parameters #2 (invalid group)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:1

tests/suites/test_suite_ecp.function

@@ -16,6 +16,44 @@
     mbedtls_ecp_point_free( x );    \
     mbedtls_ecp_point_init( x );
 
+/* Auxiliary function to compare two mbedtls_ecp_group objects. */
+inline static int mbedtls_ecp_group_cmp( mbedtls_ecp_group *grp1,
+                                         mbedtls_ecp_group *grp2 )
+{
+    if( mbedtls_mpi_cmp_mpi( &grp1->P, &grp2->P ) != 0 )
+        return 1;
+    if( mbedtls_mpi_cmp_mpi( &grp1->A, &grp2->A ) != 0 )
+        return 1;
+    if( mbedtls_mpi_cmp_mpi( &grp1->B, &grp2->B ) != 0 )
+        return 1;
+    if( mbedtls_mpi_cmp_mpi( &grp1->N, &grp2->N ) != 0 )
+        return 1;
+    if( mbedtls_ecp_point_cmp( &grp1->G, &grp2->G ) != 0 )
+        return 1;
+    if( grp1->id != grp2->id )
+        return 1;
+    if( grp1->pbits != grp2->pbits )
+        return 1;
+    if( grp1->nbits != grp2->nbits )
+        return 1;
+    if( grp1->h != grp2->h )
+        return 1;
+    if( grp1->modp != grp2->modp )
+        return 1;
+    if( grp1->t_pre != grp2->t_pre )
+        return 1;
+    if( grp1->t_post != grp2->t_post )
+        return 1;
+    if( grp1->t_data != grp2->t_data )
+        return 1;
+    if( grp1->T_size != grp2->T_size )
+        return 1;
+    if( grp1->T != grp2->T )
+        return 1;
+
+    return 0;
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -988,3 +1026,40 @@ void ecp_selftest(  )
     TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_export( int id, char * Qx, char * Qy,char * d, int expected_ret, int invalid_grp )
+{
+    mbedtls_ecp_keypair key;
+    mbedtls_ecp_group export_grp;
+    mbedtls_mpi export_d;
+    mbedtls_ecp_point export_Q;
+
+    mbedtls_ecp_group_init( &export_grp );
+    mbedtls_ecp_group_init( &key.grp );
+    mbedtls_mpi_init( &export_d );
+    mbedtls_ecp_point_init( &export_Q );
+
+    mbedtls_ecp_keypair_init( &key );
+    if( invalid_grp == 0 )
+        TEST_ASSERT( mbedtls_ecp_group_load( &key.grp, id ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_point_read_string( &key.Q, 16, Qx, Qy ) == 0 );
+    TEST_ASSERT( mbedtls_test_read_mpi( &key.d, 16, d ) == 0 );
+
+    TEST_EQUAL( mbedtls_ecp_export( &key, &export_grp,
+                                    &export_d, &export_Q ), expected_ret );
+
+    if( expected_ret == 0 )
+    {
+        TEST_EQUAL( mbedtls_ecp_point_cmp( &key.Q, &export_Q ), 0 );
+        TEST_EQUAL( mbedtls_mpi_cmp_mpi( &key.d, &export_d ), 0 );
+        TEST_EQUAL( mbedtls_ecp_group_cmp( &key.grp, &export_grp ), 0 );
+    }
+
+exit:
+    mbedtls_ecp_keypair_free( &key );
+    mbedtls_ecp_group_free( &export_grp );
+    mbedtls_mpi_free( &export_d );
+    mbedtls_ecp_point_free( &export_Q );
+}
+/* END_CASE */