diff options
| author | tb <> | 2024-10-18 09:01:44 +0000 |
|---|---|---|
| committer | tb <> | 2024-10-18 09:01:44 +0000 |
| commit | 0ad30516ab56113d4662d890c78fe0618aad0d22 (patch) | |
| tree | dd4031567440d4eeec3876c61f37231fb280349e /src | |
| parent | a2ef0e2df9a19f862265cd5c206555caba13070f (diff) | |
| download | openbsd-0ad30516ab56113d4662d890c78fe0618aad0d22.tar.gz openbsd-0ad30516ab56113d4662d890c78fe0618aad0d22.tar.bz2 openbsd-0ad30516ab56113d4662d890c78fe0618aad0d22.zip | |
ec_asn1_test: clean up & refactor; test Wei25519 with simple method
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libcrypto/ec/ec_asn1_test.c | 298 |
1 files changed, 189 insertions, 109 deletions
diff --git a/src/regress/lib/libcrypto/ec/ec_asn1_test.c b/src/regress/lib/libcrypto/ec/ec_asn1_test.c index 171014bda7..c53864cadd 100644 --- a/src/regress/lib/libcrypto/ec/ec_asn1_test.c +++ b/src/regress/lib/libcrypto/ec/ec_asn1_test.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_asn1_test.c,v 1.6 2024/10/16 23:58:25 tb Exp $ */ | 1 | /* $OpenBSD: ec_asn1_test.c,v 1.7 2024/10/18 09:01:44 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> |
| @@ -344,35 +344,6 @@ ec_group_roundtrip_builtin_curves(void) | |||
| 344 | * From draft-ietf-lwig-curve-representation-23, Appendix E.3 | 344 | * From draft-ietf-lwig-curve-representation-23, Appendix E.3 |
| 345 | */ | 345 | */ |
| 346 | 346 | ||
| 347 | static const struct { | ||
| 348 | const char *oid; | ||
| 349 | const char *sn; | ||
| 350 | const char *ln; | ||
| 351 | const char *p; | ||
| 352 | const char *a; | ||
| 353 | const char *b; | ||
| 354 | const char *order; | ||
| 355 | const char *cofactor; | ||
| 356 | const char *x; | ||
| 357 | const char *y; | ||
| 358 | } wei25519 = { | ||
| 359 | .oid = "1.3.101.108", | ||
| 360 | .sn = "Wei25519", | ||
| 361 | .p = "7fffffff" "ffffffff" "ffffffff" "ffffffff" | ||
| 362 | "ffffffff" "ffffffff" "ffffffff" "ffffffed", | ||
| 363 | .a = "2aaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" | ||
| 364 | "aaaaaaaa" "aaaaaaaa" "aaaaaa98" "4914a144", | ||
| 365 | .b = "7b425ed0" "97b425ed" "097b425e" "d097b425" | ||
| 366 | "ed097b42" "5ed097b4" "260b5e9c" "7710c864", | ||
| 367 | .x = "2aaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" | ||
| 368 | "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaad245a", | ||
| 369 | .y = "20ae19a1" "b8a086b4" "e01edd2c" "7748d14c" | ||
| 370 | "923d4d7e" "6d7c61b2" "29e9c5a2" "7eced3d9", | ||
| 371 | .order = "10000000" "00000000" "00000000" "00000000" | ||
| 372 | "14def9de" "a2f79cd6" "5812631a" "5cf5d3ed", | ||
| 373 | .cofactor = "8", | ||
| 374 | }; | ||
| 375 | |||
| 376 | const uint8_t ec_wei25519_pkparameters_named_curve[] = { | 347 | const uint8_t ec_wei25519_pkparameters_named_curve[] = { |
| 377 | 0x06, 0x03, 0x2b, 0x65, 0x6c, | 348 | 0x06, 0x03, 0x2b, 0x65, 0x6c, |
| 378 | }; | 349 | }; |
| @@ -409,100 +380,163 @@ const uint8_t ec_wei25519_pkparameters_parameters[] = { | |||
| 409 | 0x08, | 380 | 0x08, |
| 410 | }; | 381 | }; |
| 411 | 382 | ||
| 412 | static int | 383 | struct curve { |
| 413 | ec_weierstrass25519(void) | 384 | const char *oid; |
| 385 | const char *sn; | ||
| 386 | const char *ln; | ||
| 387 | const char *p; | ||
| 388 | const char *a; | ||
| 389 | const char *b; | ||
| 390 | const char *order; | ||
| 391 | const char *cofactor; | ||
| 392 | const char *x; | ||
| 393 | const char *y; | ||
| 394 | const char *named; | ||
| 395 | size_t named_len; | ||
| 396 | const char *param; | ||
| 397 | size_t param_len; | ||
| 398 | }; | ||
| 399 | |||
| 400 | static const struct curve wei25519 = { | ||
| 401 | .oid = "1.3.101.108", | ||
| 402 | .sn = "Wei25519", | ||
| 403 | .p = "7fffffff" "ffffffff" "ffffffff" "ffffffff" | ||
| 404 | "ffffffff" "ffffffff" "ffffffff" "ffffffed", | ||
| 405 | .a = "2aaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" | ||
| 406 | "aaaaaaaa" "aaaaaaaa" "aaaaaa98" "4914a144", | ||
| 407 | .b = "7b425ed0" "97b425ed" "097b425e" "d097b425" | ||
| 408 | "ed097b42" "5ed097b4" "260b5e9c" "7710c864", | ||
| 409 | .x = "2aaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" | ||
| 410 | "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaad245a", | ||
| 411 | .y = "20ae19a1" "b8a086b4" "e01edd2c" "7748d14c" | ||
| 412 | "923d4d7e" "6d7c61b2" "29e9c5a2" "7eced3d9", | ||
| 413 | .order = "10000000" "00000000" "00000000" "00000000" | ||
| 414 | "14def9de" "a2f79cd6" "5812631a" "5cf5d3ed", | ||
| 415 | .cofactor = "8", | ||
| 416 | .named = ec_wei25519_pkparameters_named_curve, | ||
| 417 | .named_len = sizeof(ec_wei25519_pkparameters_named_curve), | ||
| 418 | .param = ec_wei25519_pkparameters_parameters, | ||
| 419 | .param_len = sizeof(ec_wei25519_pkparameters_parameters), | ||
| 420 | }; | ||
| 421 | |||
| 422 | static EC_GROUP * | ||
| 423 | ec_group_from_curve_method(const struct curve *curve, const EC_METHOD *method, | ||
| 424 | BN_CTX *ctx) | ||
| 414 | { | 425 | { |
| 415 | EC_GROUP *group = NULL, *new_group = NULL; | 426 | EC_GROUP *group; |
| 416 | EC_POINT *generator = NULL; | 427 | EC_POINT *generator = NULL; |
| 417 | BN_CTX *ctx = NULL; | ||
| 418 | BIGNUM *p, *a, *b; | 428 | BIGNUM *p, *a, *b; |
| 419 | BIGNUM *order, *cofactor, *guessed_cofactor, *x, *y; | 429 | BIGNUM *order, *x, *y; |
| 420 | const unsigned char *pder; | ||
| 421 | unsigned char *der = NULL; | ||
| 422 | long error; | ||
| 423 | int der_len = 0; | ||
| 424 | int nid; | ||
| 425 | int failed = 1; | ||
| 426 | 430 | ||
| 427 | ERR_clear_error(); | ||
| 428 | if ((ctx = BN_CTX_new()) == NULL) | ||
| 429 | goto err; | ||
| 430 | BN_CTX_start(ctx); | 431 | BN_CTX_start(ctx); |
| 431 | 432 | ||
| 432 | if ((nid = OBJ_create(wei25519.oid, wei25519.sn, NULL)) == NID_undef) { | ||
| 433 | fprintf(stderr, "FAIL: %s OBJ_create(wei25519)\n", __func__); | ||
| 434 | goto err; | ||
| 435 | } | ||
| 436 | |||
| 437 | if ((p = BN_CTX_get(ctx)) == NULL) | 433 | if ((p = BN_CTX_get(ctx)) == NULL) |
| 438 | errx(1, "BN_CTX_get"); | 434 | errx(1, "BN_CTX_get"); |
| 439 | if ((a = BN_CTX_get(ctx)) == NULL) | 435 | if ((a = BN_CTX_get(ctx)) == NULL) |
| 440 | errx(1, "BN_CTX_get"); | 436 | errx(1, "BN_CTX_get"); |
| 441 | if ((b = BN_CTX_get(ctx)) == NULL) | 437 | if ((b = BN_CTX_get(ctx)) == NULL) |
| 442 | errx(1, "BN_CTX_get"); | 438 | errx(1, "BN_CTX_get"); |
| 439 | |||
| 443 | if ((order = BN_CTX_get(ctx)) == NULL) | 440 | if ((order = BN_CTX_get(ctx)) == NULL) |
| 444 | errx(1, "BN_CTX_get"); | 441 | errx(1, "BN_CTX_get"); |
| 445 | if ((cofactor = BN_CTX_get(ctx)) == NULL) | ||
| 446 | errx(1, "BN_CTX_get"); | ||
| 447 | if ((guessed_cofactor = BN_CTX_get(ctx)) == NULL) | ||
| 448 | errx(1, "BN_CTX_get"); | ||
| 449 | if ((x = BN_CTX_get(ctx)) == NULL) | 442 | if ((x = BN_CTX_get(ctx)) == NULL) |
| 450 | errx(1, "BN_CTX_get"); | 443 | errx(1, "BN_CTX_get"); |
| 451 | if ((y = BN_CTX_get(ctx)) == NULL) | 444 | if ((y = BN_CTX_get(ctx)) == NULL) |
| 452 | errx(1, "BN_CTX_get"); | 445 | errx(1, "BN_CTX_get"); |
| 453 | 446 | ||
| 454 | if (BN_hex2bn(&p, wei25519.p) == 0) | 447 | if (BN_hex2bn(&p, curve->p) == 0) |
| 455 | errx(1, "BN_hex2bn(p)"); | 448 | errx(1, "BN_hex2bn(p)"); |
| 456 | if (BN_hex2bn(&a, wei25519.a) == 0) | 449 | if (BN_hex2bn(&a, curve->a) == 0) |
| 457 | errx(1, "BN_hex2bn(a)"); | 450 | errx(1, "BN_hex2bn(a)"); |
| 458 | if (BN_hex2bn(&b, wei25519.b) == 0) | 451 | if (BN_hex2bn(&b, curve->b) == 0) |
| 459 | errx(1, "BN_hex2bn(b)"); | 452 | errx(1, "BN_hex2bn(b)"); |
| 460 | 453 | ||
| 461 | /* | 454 | if ((group = EC_GROUP_new(method)) == NULL) |
| 462 | * XXX - this uses the Montgomery method. Consider exercising the | 455 | errx(1, "EC_GROUP_new"); |
| 463 | * simple method as well. | 456 | |
| 464 | */ | 457 | if (!EC_GROUP_set_curve(group, p, a, b, ctx)) |
| 465 | if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { | 458 | errx(1, "EC_GROUP_set_curve"); |
| 466 | fprintf(stderr, "FAIL: %s EC_GROUP_new_curve_GFp", __func__); | ||
| 467 | goto err; | ||
| 468 | } | ||
| 469 | 459 | ||
| 470 | if (BN_hex2bn(&x, wei25519.x) == 0) | 460 | if (BN_hex2bn(&x, curve->x) == 0) |
| 471 | errx(1, "BN_hex2bn(x)"); | 461 | errx(1, "BN_hex2bn(x)"); |
| 472 | if (BN_hex2bn(&x, wei25519.x) == 0) | 462 | if (BN_hex2bn(&x, curve->x) == 0) |
| 473 | errx(1, "BN_hex2bn(x)"); | 463 | errx(1, "BN_hex2bn(x)"); |
| 474 | if (BN_hex2bn(&y, wei25519.y) == 0) | 464 | if (BN_hex2bn(&y, curve->y) == 0) |
| 475 | errx(1, "BN_hex2bn(y)"); | 465 | errx(1, "BN_hex2bn(y)"); |
| 476 | 466 | ||
| 477 | if ((generator = EC_POINT_new(group)) == NULL) | 467 | if ((generator = EC_POINT_new(group)) == NULL) |
| 478 | errx(1, "EC_POINT_new()"); | 468 | errx(1, "EC_POINT_new()"); |
| 479 | 469 | ||
| 480 | if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) { | 470 | if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) { |
| 481 | fprintf(stderr, "FAIL: %s EC_POINT_set_affine_coordinates", __func__); | 471 | fprintf(stderr, "FAIL: %s EC_POINT_set_affine_coordinates", |
| 472 | curve->sn); | ||
| 482 | ERR_print_errors_fp(stderr); | 473 | ERR_print_errors_fp(stderr); |
| 483 | goto err; | 474 | goto err; |
| 484 | } | 475 | } |
| 485 | 476 | ||
| 486 | if (BN_hex2bn(&order, wei25519.order) == 0) | 477 | if (BN_hex2bn(&order, curve->order) == 0) |
| 487 | errx(1, "BN_hex2bn(order)"); | 478 | errx(1, "BN_hex2bn(order)"); |
| 488 | if (BN_hex2bn(&cofactor, wei25519.cofactor) == 0) | ||
| 489 | errx(1, "BN_hex2bn(cofactor)"); | ||
| 490 | 479 | ||
| 491 | /* Don't set cofactor to exercise the cofactor guessing code. */ | 480 | /* Don't set cofactor to exercise the cofactor guessing code. */ |
| 492 | if (!EC_GROUP_set_generator(group, generator, order, NULL)) { | 481 | if (!EC_GROUP_set_generator(group, generator, order, NULL)) { |
| 493 | fprintf(stderr, "FAIL: %s EC_GROUP_set_generator\n", __func__); | 482 | fprintf(stderr, "FAIL: %s EC_GROUP_set_generator\n", curve->sn); |
| 483 | ERR_print_errors_fp(stderr); | ||
| 484 | goto err; | ||
| 485 | } | ||
| 486 | |||
| 487 | EC_POINT_free(generator); | ||
| 488 | |||
| 489 | BN_CTX_end(ctx); | ||
| 490 | |||
| 491 | return group; | ||
| 492 | |||
| 493 | err: | ||
| 494 | BN_CTX_end(ctx); | ||
| 495 | |||
| 496 | EC_POINT_free(generator); | ||
| 497 | EC_GROUP_free(group); | ||
| 498 | |||
| 499 | return NULL; | ||
| 500 | } | ||
| 501 | |||
| 502 | static EC_GROUP * | ||
| 503 | ec_group_new(const struct curve *curve, const EC_METHOD *method, BN_CTX *ctx) | ||
| 504 | { | ||
| 505 | EC_GROUP *group = NULL; | ||
| 506 | BIGNUM *cofactor, *guessed_cofactor; | ||
| 507 | int nid; | ||
| 508 | |||
| 509 | BN_CTX_start(ctx); | ||
| 510 | |||
| 511 | if ((nid = OBJ_txt2nid(curve->oid)) == NID_undef) | ||
| 512 | nid = OBJ_create(curve->oid, curve->sn, curve->ln); | ||
| 513 | if (nid == NID_undef) { | ||
| 514 | fprintf(stderr, "FAIL: OBJ_create(%s)\n", curve->sn); | ||
| 515 | goto err; | ||
| 516 | } | ||
| 517 | |||
| 518 | if ((cofactor = BN_CTX_get(ctx)) == NULL) | ||
| 519 | errx(1, "BN_CTX_get"); | ||
| 520 | if ((guessed_cofactor = BN_CTX_get(ctx)) == NULL) | ||
| 521 | errx(1, "BN_CTX_get"); | ||
| 522 | |||
| 523 | if (BN_hex2bn(&cofactor, curve->cofactor) == 0) | ||
| 524 | errx(1, "BN_hex2bn(cofactor)"); | ||
| 525 | |||
| 526 | if ((group = ec_group_from_curve_method(curve, method, ctx)) == NULL) { | ||
| 527 | fprintf(stderr, "FAIL: %s ec_group_from_curve_method\n", curve->sn); | ||
| 494 | ERR_print_errors_fp(stderr); | 528 | ERR_print_errors_fp(stderr); |
| 495 | goto err; | 529 | goto err; |
| 496 | } | 530 | } |
| 497 | 531 | ||
| 498 | if (!EC_GROUP_get_cofactor(group, guessed_cofactor, ctx)) { | 532 | if (!EC_GROUP_get_cofactor(group, guessed_cofactor, ctx)) { |
| 499 | fprintf(stderr, "FAIL: %s EC_GROUP_get_cofactor\n", __func__); | 533 | fprintf(stderr, "FAIL: %s EC_GROUP_get_cofactor\n", curve->sn); |
| 500 | ERR_print_errors_fp(stderr); | 534 | ERR_print_errors_fp(stderr); |
| 501 | goto err; | 535 | goto err; |
| 502 | } | 536 | } |
| 503 | 537 | ||
| 504 | if (BN_cmp(cofactor, guessed_cofactor) != 0) { | 538 | if (BN_cmp(cofactor, guessed_cofactor) != 0) { |
| 505 | fprintf(stderr, "FAIL: %s cofactor: want ", __func__); | 539 | fprintf(stderr, "FAIL: %s cofactor: want ", curve->sn); |
| 506 | BN_print_fp(stderr, cofactor); | 540 | BN_print_fp(stderr, cofactor); |
| 507 | fprintf(stderr, ", got "); | 541 | fprintf(stderr, ", got "); |
| 508 | BN_print_fp(stderr, guessed_cofactor); | 542 | BN_print_fp(stderr, guessed_cofactor); |
| @@ -511,49 +545,80 @@ ec_weierstrass25519(void) | |||
| 511 | } | 545 | } |
| 512 | 546 | ||
| 513 | if (!EC_GROUP_check(group, ctx)) { | 547 | if (!EC_GROUP_check(group, ctx)) { |
| 514 | fprintf(stderr, "FAIL: %s EC_GROUP_check\n", __func__); | 548 | fprintf(stderr, "FAIL: %s EC_GROUP_check\n", curve->sn); |
| 515 | ERR_print_errors_fp(stderr); | 549 | ERR_print_errors_fp(stderr); |
| 516 | goto err; | 550 | goto err; |
| 517 | } | 551 | } |
| 518 | 552 | ||
| 519 | /* Explicit curve parameter encoding should work without NID set. */ | 553 | EC_GROUP_set_curve_name(group, nid); |
| 520 | if (EC_GROUP_get_curve_name(group) != NID_undef) { | 554 | |
| 521 | fprintf(stderr, "FAIL: %s unexpected curve name %d\n", __func__, | 555 | BN_CTX_end(ctx); |
| 522 | EC_GROUP_get_curve_name(group)); | 556 | |
| 523 | ERR_print_errors_fp(stderr); | 557 | return group; |
| 558 | |||
| 559 | err: | ||
| 560 | BN_CTX_end(ctx); | ||
| 561 | |||
| 562 | EC_GROUP_free(group); | ||
| 563 | |||
| 564 | return NULL; | ||
| 565 | } | ||
| 566 | |||
| 567 | static int | ||
| 568 | ec_group_non_builtin_curve(const struct curve *curve, const EC_METHOD *method, | ||
| 569 | BN_CTX *ctx) | ||
| 570 | { | ||
| 571 | EC_GROUP *group = NULL, *new_group = NULL; | ||
| 572 | const unsigned char *pder; | ||
| 573 | unsigned char *der = NULL; | ||
| 574 | long error; | ||
| 575 | int der_len = 0; | ||
| 576 | int nid; | ||
| 577 | int failed = 1; | ||
| 578 | |||
| 579 | ERR_clear_error(); | ||
| 580 | BN_CTX_start(ctx); | ||
| 581 | |||
| 582 | if ((group = ec_group_new(curve, method, ctx)) == NULL) | ||
| 583 | goto err; | ||
| 584 | |||
| 585 | if ((nid = EC_GROUP_get_curve_name(group)) == NID_undef) { | ||
| 586 | fprintf(stderr, "FAIL: no curve name set for %s\n", curve->sn); | ||
| 524 | goto err; | 587 | goto err; |
| 525 | } | 588 | } |
| 526 | 589 | ||
| 527 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); | 590 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); |
| 528 | 591 | ||
| 529 | der = NULL; | 592 | der = NULL; |
| 530 | if ((der_len = i2d_ECPKParameters(group, &der)) <= 0) { | 593 | if ((der_len = i2d_ECPKParameters(group, &der)) <= 0) { |
| 531 | fprintf(stderr, "FAIL: %s i2d_ECPKParameters (explicit)\n", __func__); | 594 | fprintf(stderr, "FAIL: %s i2d_ECPKParameters (named)\n", |
| 595 | curve->sn); | ||
| 532 | ERR_print_errors_fp(stderr); | 596 | ERR_print_errors_fp(stderr); |
| 533 | goto err; | 597 | goto err; |
| 534 | } | 598 | } |
| 535 | 599 | ||
| 536 | if (compare_data("Weierstrass 25519 explicit", der, der_len, | 600 | if (compare_data("Weierstrass 25519 named curve", der, der_len, |
| 537 | ec_wei25519_pkparameters_parameters, | 601 | ec_wei25519_pkparameters_named_curve, |
| 538 | sizeof(ec_wei25519_pkparameters_parameters)) == -1) | 602 | sizeof(ec_wei25519_pkparameters_named_curve)) == -1) |
| 539 | goto err; | 603 | goto err; |
| 540 | 604 | ||
| 541 | freezero(der, der_len); | 605 | freezero(der, der_len); |
| 542 | der = NULL; | 606 | der = NULL; |
| 543 | 607 | ||
| 544 | EC_GROUP_set_curve_name(group, nid); | 608 | /* Explicit curve parameter encoding should work without NID set. */ |
| 545 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | 609 | EC_GROUP_set_curve_name(group, NID_undef); |
| 610 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); | ||
| 546 | 611 | ||
| 547 | der = NULL; | 612 | der = NULL; |
| 548 | if ((der_len = i2d_ECPKParameters(group, &der)) <= 0) { | 613 | if ((der_len = i2d_ECPKParameters(group, &der)) <= 0) { |
| 549 | fprintf(stderr, "FAIL: %s i2d_ECPKParameters (named)\n", __func__); | 614 | fprintf(stderr, "FAIL: i2d_ECPKParameters (explicit) %s\n", |
| 615 | curve->sn); | ||
| 550 | ERR_print_errors_fp(stderr); | 616 | ERR_print_errors_fp(stderr); |
| 551 | goto err; | 617 | goto err; |
| 552 | } | 618 | } |
| 553 | 619 | ||
| 554 | if (compare_data("Weierstrass 25519 named curve", der, der_len, | 620 | if (compare_data(curve->sn, der, der_len, |
| 555 | ec_wei25519_pkparameters_named_curve, | 621 | curve->param, curve->param_len) == -1) |
| 556 | sizeof(ec_wei25519_pkparameters_named_curve)) == -1) | ||
| 557 | goto err; | 622 | goto err; |
| 558 | 623 | ||
| 559 | freezero(der, der_len); | 624 | freezero(der, der_len); |
| @@ -561,51 +626,51 @@ ec_weierstrass25519(void) | |||
| 561 | 626 | ||
| 562 | /* At this point we should have no error on the stack. */ | 627 | /* At this point we should have no error on the stack. */ |
| 563 | if (ERR_peek_last_error() != 0) { | 628 | if (ERR_peek_last_error() != 0) { |
| 564 | fprintf(stderr, "FAIL: %s unexpected error %lu\n", __func__, | 629 | fprintf(stderr, "FAIL: %s unexpected error %lu\n", curve->sn, |
| 565 | ERR_peek_last_error()); | 630 | ERR_peek_last_error()); |
| 566 | goto err; | 631 | goto err; |
| 567 | } | 632 | } |
| 568 | 633 | ||
| 569 | pder = ec_wei25519_pkparameters_named_curve; | 634 | pder = curve->named; |
| 570 | der_len = sizeof(ec_wei25519_pkparameters_named_curve); | 635 | der_len = curve->named_len; |
| 571 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) { | 636 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) { |
| 572 | fprintf(stderr, "FAIL: %s managed to decode unknown named curve\n", | 637 | fprintf(stderr, "FAIL: managed to decode unknown named curve %s\n", |
| 573 | __func__); | 638 | curve->sn); |
| 574 | goto err; | 639 | goto err; |
| 575 | } | 640 | } |
| 576 | 641 | ||
| 577 | error = ERR_get_error(); | 642 | error = ERR_get_error(); |
| 578 | if (ERR_GET_REASON(error) != EC_R_UNKNOWN_GROUP) { | 643 | if (ERR_GET_REASON(error) != EC_R_UNKNOWN_GROUP) { |
| 579 | fprintf(stderr, "FAIL: %s unexpected error: want %d, got %d\n", | 644 | fprintf(stderr, "FAIL: %s unexpected error: want %d, got %d\n", |
| 580 | __func__, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error)); | 645 | curve->sn, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error)); |
| 581 | goto err; | 646 | goto err; |
| 582 | } | 647 | } |
| 583 | 648 | ||
| 584 | ERR_clear_error(); | 649 | ERR_clear_error(); |
| 585 | pder = ec_wei25519_pkparameters_parameters; | 650 | pder = curve->param; |
| 586 | der_len = sizeof(ec_wei25519_pkparameters_parameters); | 651 | der_len = curve->param_len; |
| 587 | |||
| 588 | #if 0 | 652 | #if 0 |
| 589 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) { | 653 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) { |
| 590 | fprintf(stderr, "FAIL: %s managed to decode non-builtin parameters\n", | 654 | fprintf(stderr, "FAIL: managed to decode non-builtin parameters %s\n", |
| 591 | __func__); | 655 | curve->sn); |
| 592 | goto err; | 656 | goto err; |
| 593 | } | 657 | } |
| 594 | 658 | ||
| 595 | error = ERR_peek_last_error(); | 659 | error = ERR_peek_last_error(); |
| 596 | if (ERR_GET_REASON(error) != EC_R_PKPARAMETERS2GROUP_FAILURE) { | 660 | if (ERR_GET_REASON(error) != EC_R_PKPARAMETERS2GROUP_FAILURE) { |
| 597 | fprintf(stderr, "FAIL: %s unexpected error: want %d, got %d\n", | 661 | fprintf(stderr, "FAIL: %s unexpected error: want %d, got %d\n", |
| 598 | __func__, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error)); | 662 | curve->sn, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error)); |
| 599 | goto err; | 663 | goto err; |
| 600 | } | 664 | } |
| 601 | #else | 665 | #else |
| 602 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) == NULL) { | 666 | if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) == NULL) { |
| 603 | fprintf(stderr, "FAIL: %s d2i_ECPKParameters(Wei25519)\n", __func__); | 667 | fprintf(stderr, "FAIL: d2i_ECPKParameters(%s)\n", curve->sn); |
| 604 | goto err; | 668 | goto err; |
| 605 | } | 669 | } |
| 606 | if (EC_GROUP_cmp(group, new_group, ctx) != 0) { | 670 | if (method == EC_GFp_mont_method() && |
| 671 | EC_GROUP_cmp(group, new_group, ctx) != 0) { | ||
| 607 | fprintf(stderr, "FAIL: %s Weierstrass groups do not match!\n", | 672 | fprintf(stderr, "FAIL: %s Weierstrass groups do not match!\n", |
| 608 | __func__); | 673 | curve->sn); |
| 609 | goto err; | 674 | goto err; |
| 610 | } | 675 | } |
| 611 | #endif | 676 | #endif |
| @@ -614,17 +679,32 @@ ec_weierstrass25519(void) | |||
| 614 | 679 | ||
| 615 | err: | 680 | err: |
| 616 | BN_CTX_end(ctx); | 681 | BN_CTX_end(ctx); |
| 617 | BN_CTX_free(ctx); | ||
| 618 | 682 | ||
| 619 | EC_GROUP_free(group); | 683 | EC_GROUP_free(group); |
| 620 | EC_GROUP_free(new_group); | 684 | EC_GROUP_free(new_group); |
| 621 | EC_POINT_free(generator); | ||
| 622 | 685 | ||
| 623 | freezero(der, der_len); | 686 | freezero(der, der_len); |
| 624 | 687 | ||
| 625 | return failed; | 688 | return failed; |
| 626 | } | 689 | } |
| 627 | 690 | ||
| 691 | static int | ||
| 692 | ec_group_non_builtin_curves(void) | ||
| 693 | { | ||
| 694 | BN_CTX *ctx; | ||
| 695 | int failed = 0; | ||
| 696 | |||
| 697 | if ((ctx = BN_CTX_new()) == NULL) | ||
| 698 | errx(1, "BN_CTX_new"); | ||
| 699 | |||
| 700 | failed |= ec_group_non_builtin_curve(&wei25519, EC_GFp_mont_method(), ctx); | ||
| 701 | failed |= ec_group_non_builtin_curve(&wei25519, EC_GFp_simple_method(), ctx); | ||
| 702 | |||
| 703 | BN_CTX_free(ctx); | ||
| 704 | |||
| 705 | return failed; | ||
| 706 | } | ||
| 707 | |||
| 628 | int | 708 | int |
| 629 | main(int argc, char **argv) | 709 | main(int argc, char **argv) |
| 630 | { | 710 | { |
| @@ -634,7 +714,7 @@ main(int argc, char **argv) | |||
| 634 | failed |= ec_group_pkparameters_parameters_test(); | 714 | failed |= ec_group_pkparameters_parameters_test(); |
| 635 | failed |= ec_group_pkparameters_correct_padding_test(); | 715 | failed |= ec_group_pkparameters_correct_padding_test(); |
| 636 | failed |= ec_group_roundtrip_builtin_curves(); | 716 | failed |= ec_group_roundtrip_builtin_curves(); |
| 637 | failed |= ec_weierstrass25519(); | 717 | failed |= ec_group_non_builtin_curves(); |
| 638 | 718 | ||
| 639 | return (failed); | 719 | return (failed); |
| 640 | } | 720 | } |