Also revert regression tests so that EC_POINTs_mul() with longer vectors

gets exercised again.
author: tb <> 2018-07-15 06:02:42 +0000
committer: tb <> 2018-07-15 06:02:42 +0000
commit: f2cfc72ba8a4b95c60cee0f11692b973732e452e (patch)
tree: 41c5994cad046932a282dbb7071f5a831409ea02
parent: ccbfd1fe05749d4f08db7f45fe5db1fac8d14d6b (diff)
download: openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.tar.gz
openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.tar.bz2
openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.zip
1 files changed, 160 insertions, 26 deletions
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index d864a21a5b..9d7533b628 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -661,29 +661,101 @@ prime_field_tests(void)
        /* more tests using the last curve */
-        fprintf(stdout, "infinity tests ...");
-        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
-        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-        if (!EC_POINT_invert(group, Q, ctx))
-                ABORT;
+                if (!EC_POINT_add(group, R, P, Q, ctx))
-        /* R := 2P - P = P */
+                        ABORT;
-        if (!EC_POINT_add(group, R, P, Q, ctx))
-                ABORT;
-        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R))
+        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-                ABORT;
-        fprintf(stdout, " ok\n\n");
+        {
+                const EC_POINT *points[4];
+                const BIGNUM *scalars[4];
+                BIGNUM scalar3;
+                if (EC_POINT_is_at_infinity(group, Q))
+                        ABORT;
+                points[0] = Q;
+                points[1] = Q;
+                points[2] = Q;
+                points[3] = Q;
+                if (!EC_GROUP_get_order(group, z, ctx))
+                        ABORT;
+                if (!BN_add(y, z, BN_value_one()))
+                        ABORT;
+                if (BN_is_odd(y))
+                        ABORT;
+                if (!BN_rshift1(y, y))
+                        ABORT;
+                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+                scalars[1] = y;
+                fprintf(stdout, "combined multiplication ...");
+                fflush(stdout);
+                /* z is still the group order */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+                        ABORT;
+                if (0 != EC_POINT_cmp(group, P, R, ctx))
+                        ABORT;
+                if (0 != EC_POINT_cmp(group, R, Q, ctx))
+                        ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+                        ABORT;
+                if (!BN_add(z, z, y))
+                        ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = y;
+                scalars[1] = z; /* z = -(order + y) */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINT_is_at_infinity(group, P))
+                        ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+                        ABORT;
+                if (!BN_add(z, x, y))
+                        ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = x;
+                scalars[1] = y;
+                scalars[2] = z; /* z = -(x+y) */
+                BN_init(&scalar3);
+                BN_zero(&scalar3);
+                scalars[3] = &scalar3;
+                if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINT_is_at_infinity(group, P))
+                        ABORT;
+                fprintf(stdout, " ok\n\n");
+                BN_free(&scalar3);
+        }
        if (ctx)
                BN_CTX_free(ctx);
@@ -1113,29 +1185,91 @@ prime_field_tests(void)
        );
        /* more tests using the last curve */
-        fprintf(stdout, "infinity tests ...");
-        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
-        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-        if (!EC_POINT_invert(group, Q, ctx))
-                ABORT;
+                if (!EC_POINT_add(group, R, P, Q, ctx))
-        /* R := 2P - P = P */
+                        ABORT;
-        if (!EC_POINT_add(group, R, P, Q, ctx))
-                ABORT;
-        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R))
+        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-                ABORT;
-        fprintf(stdout, " ok\n\n");
+        {
+                const EC_POINT *points[3];
+                const BIGNUM *scalars[3];
+                if (EC_POINT_is_at_infinity(group, Q))
+                        ABORT;
+                points[0] = Q;
+                points[1] = Q;
+                points[2] = Q;
+                if (!BN_add(y, z, BN_value_one()))
+                        ABORT;
+                if (BN_is_odd(y))
+                        ABORT;
+                if (!BN_rshift1(y, y))
+                        ABORT;
+                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+                scalars[1] = y;
+                fprintf(stdout, "combined multiplication ...");
+                fflush(stdout);
+                /* z is still the group order */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+                        ABORT;
+                if (0 != EC_POINT_cmp(group, P, R, ctx))
+                        ABORT;
+                if (0 != EC_POINT_cmp(group, R, Q, ctx))
+                        ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+                        ABORT;
+                if (!BN_add(z, z, y))
+                        ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = y;
+                scalars[1] = z; /* z = -(order + y) */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINT_is_at_infinity(group, P))
+                        ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+                        ABORT;
+                if (!BN_add(z, x, y))
+                        ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = x;
+                scalars[1] = y;
+                scalars[2] = z; /* z = -(x+y) */
+                if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
+                        ABORT;
+                if (!EC_POINT_is_at_infinity(group, P))
+                        ABORT;
+                fprintf(stdout, " ok\n\n");
+        }
        if (ctx)
                BN_CTX_free(ctx);
author	tb <>	2018-07-15 06:02:42 +0000
committer	tb <>	2018-07-15 06:02:42 +0000
commit	f2cfc72ba8a4b95c60cee0f11692b973732e452e (patch)
tree	41c5994cad046932a282dbb7071f5a831409ea02
parent	ccbfd1fe05749d4f08db7f45fe5db1fac8d14d6b (diff)
download	openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.tar.gz openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.tar.bz2 openbsd-f2cfc72ba8a4b95c60cee0f11692b973732e452e.zip

diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c index d864a21a5b..9d7533b628 100644 --- a/src/regress/lib/libcrypto/ec/ectest.c +++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -661,29 +661,101 @@ prime_field_tests(void)
661		661
662		662
663	/* more tests using the last curve */	663	/* more tests using the last curve */
664	fprintf(stdout, "infinity tests ...");	664
665	fflush(stdout);
666	if (!EC_POINT_copy(Q, P))	665	if (!EC_POINT_copy(Q, P))
667	ABORT;	666	ABORT;
668	if (EC_POINT_is_at_infinity(group, Q))	667	if (EC_POINT_is_at_infinity(group, Q))
669	ABORT;	668	ABORT;
670	/* P := 2P */
671	if (!EC_POINT_dbl(group, P, P, ctx))	669	if (!EC_POINT_dbl(group, P, P, ctx))
672	ABORT;	670	ABORT;
673	if (!EC_POINT_is_on_curve(group, P, ctx))	671	if (!EC_POINT_is_on_curve(group, P, ctx))
674	ABORT;	672	ABORT;
675	/* Q := -P */	673	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
676	if (!EC_POINT_invert(group, Q, ctx))	674
677	ABORT;	675	if (!EC_POINT_add(group, R, P, Q, ctx))
678	/* R := 2P - P = P */	676	ABORT;
679	if (!EC_POINT_add(group, R, P, Q, ctx))
680	ABORT;
681	/* R := R + Q = P - P = infty */
682	if (!EC_POINT_add(group, R, R, Q, ctx))	677	if (!EC_POINT_add(group, R, R, Q, ctx))
683	ABORT;	678	ABORT;
684	if (!EC_POINT_is_at_infinity(group, R))	679	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
685	ABORT;	680
686	fprintf(stdout, " ok\n\n");	681	{
		682	const EC_POINT *points[4];
		683	const BIGNUM *scalars[4];
		684	BIGNUM scalar3;
		685
		686	if (EC_POINT_is_at_infinity(group, Q))
		687	ABORT;
		688	points[0] = Q;
		689	points[1] = Q;
		690	points[2] = Q;
		691	points[3] = Q;
		692
		693	if (!EC_GROUP_get_order(group, z, ctx))
		694	ABORT;
		695	if (!BN_add(y, z, BN_value_one()))
		696	ABORT;
		697	if (BN_is_odd(y))
		698	ABORT;
		699	if (!BN_rshift1(y, y))
		700	ABORT;
		701	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
		702	scalars[1] = y;
		703
		704	fprintf(stdout, "combined multiplication ...");
		705	fflush(stdout);
		706
		707	/* z is still the group order */
		708	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
		709	ABORT;
		710	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
		711	ABORT;
		712	if (0 != EC_POINT_cmp(group, P, R, ctx))
		713	ABORT;
		714	if (0 != EC_POINT_cmp(group, R, Q, ctx))
		715	ABORT;
		716
		717	fprintf(stdout, ".");
		718	fflush(stdout);
		719
		720	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
		721	ABORT;
		722	if (!BN_add(z, z, y))
		723	ABORT;
		724	BN_set_negative(z, 1);
		725	scalars[0] = y;
		726	scalars[1] = z; /* z = -(order + y) */
		727
		728	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
		729	ABORT;
		730	if (!EC_POINT_is_at_infinity(group, P))
		731	ABORT;
		732
		733	fprintf(stdout, ".");
		734	fflush(stdout);
		735
		736	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
		737	ABORT;
		738	if (!BN_add(z, x, y))
		739	ABORT;
		740	BN_set_negative(z, 1);
		741	scalars[0] = x;
		742	scalars[1] = y;
		743	scalars[2] = z; /* z = -(x+y) */
		744
		745	BN_init(&scalar3);
		746	BN_zero(&scalar3);
		747	scalars[3] = &scalar3;
		748
		749	if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
		750	ABORT;
		751	if (!EC_POINT_is_at_infinity(group, P))
		752	ABORT;
		753
		754	fprintf(stdout, " ok\n\n");
		755
		756	BN_free(&scalar3);
		757	}
		758
687		759
688	if (ctx)	760	if (ctx)
689	BN_CTX_free(ctx);	761	BN_CTX_free(ctx);
@@ -1113,29 +1185,91 @@ prime_field_tests(void)
1113	);	1185	);
1114		1186
1115	/* more tests using the last curve */	1187	/* more tests using the last curve */
1116	fprintf(stdout, "infinity tests ...");	1188
1117	fflush(stdout);
1118	if (!EC_POINT_copy(Q, P))	1189	if (!EC_POINT_copy(Q, P))
1119	ABORT;	1190	ABORT;
1120	if (EC_POINT_is_at_infinity(group, Q))	1191	if (EC_POINT_is_at_infinity(group, Q))
1121	ABORT;	1192	ABORT;
1122	/* P := 2P */
1123	if (!EC_POINT_dbl(group, P, P, ctx))	1193	if (!EC_POINT_dbl(group, P, P, ctx))
1124	ABORT;	1194	ABORT;
1125	if (!EC_POINT_is_on_curve(group, P, ctx))	1195	if (!EC_POINT_is_on_curve(group, P, ctx))
1126	ABORT;	1196	ABORT;
1127	/* Q := -P */	1197	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
1128	if (!EC_POINT_invert(group, Q, ctx))	1198
1129	ABORT;	1199	if (!EC_POINT_add(group, R, P, Q, ctx))
1130	/* R := 2P - P = P */	1200	ABORT;
1131	if (!EC_POINT_add(group, R, P, Q, ctx))
1132	ABORT;
1133	/* R := R + Q = P - P = infty */
1134	if (!EC_POINT_add(group, R, R, Q, ctx))	1201	if (!EC_POINT_add(group, R, R, Q, ctx))
1135	ABORT;	1202	ABORT;
1136	if (!EC_POINT_is_at_infinity(group, R))	1203	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
1137	ABORT;	1204
1138	fprintf(stdout, " ok\n\n");	1205	{
		1206	const EC_POINT *points[3];
		1207	const BIGNUM *scalars[3];
		1208
		1209	if (EC_POINT_is_at_infinity(group, Q))
		1210	ABORT;
		1211	points[0] = Q;
		1212	points[1] = Q;
		1213	points[2] = Q;
		1214
		1215	if (!BN_add(y, z, BN_value_one()))
		1216	ABORT;
		1217	if (BN_is_odd(y))
		1218	ABORT;
		1219	if (!BN_rshift1(y, y))
		1220	ABORT;
		1221	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
		1222	scalars[1] = y;
		1223
		1224	fprintf(stdout, "combined multiplication ...");
		1225	fflush(stdout);
		1226
		1227	/* z is still the group order */
		1228	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
		1229	ABORT;
		1230	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
		1231	ABORT;
		1232	if (0 != EC_POINT_cmp(group, P, R, ctx))
		1233	ABORT;
		1234	if (0 != EC_POINT_cmp(group, R, Q, ctx))
		1235	ABORT;
		1236
		1237	fprintf(stdout, ".");
		1238	fflush(stdout);
		1239
		1240	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
		1241	ABORT;
		1242	if (!BN_add(z, z, y))
		1243	ABORT;
		1244	BN_set_negative(z, 1);
		1245	scalars[0] = y;
		1246	scalars[1] = z; /* z = -(order + y) */
		1247
		1248	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
		1249	ABORT;
		1250	if (!EC_POINT_is_at_infinity(group, P))
		1251	ABORT;
		1252
		1253	fprintf(stdout, ".");
		1254	fflush(stdout);
		1255
		1256	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
		1257	ABORT;
		1258	if (!BN_add(z, x, y))
		1259	ABORT;
		1260	BN_set_negative(z, 1);
		1261	scalars[0] = x;
		1262	scalars[1] = y;
		1263	scalars[2] = z; /* z = -(x+y) */
		1264
		1265	if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
		1266	ABORT;
		1267	if (!EC_POINT_is_at_infinity(group, P))
		1268	ABORT;
		1269
		1270	fprintf(stdout, " ok\n\n");
		1271	}
		1272
1139		1273
1140	if (ctx)	1274	if (ctx)
1141	BN_CTX_free(ctx);	1275	BN_CTX_free(ctx);