Update EC regression tests.

Part of https://github.com/libressl-portable/openbsd/pull/94 from Billy Brumley and his team. ok jsing
author: tb <> 2018-07-11 06:16:40 +0000
committer: tb <> 2018-07-11 06:16:40 +0000
commit: c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2 (patch)
tree: a35d20188d14f03519d03917143d907dfaa7aee2 /src
parent: 265d2eba7d6daa9b8c60bbca09c0ed21ccaa608c (diff)
download: openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.tar.gz
openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.tar.bz2
openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.zip
1 files changed, 26 insertions, 160 deletions
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index 9d7533b628..d864a21a5b 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -661,101 +661,29 @@ prime_field_tests(void)
        /* more tests using the last curve */
+        fprintf(stdout, "infinity tests ...");
+        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
+        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx))
-                if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
-                        ABORT;
+        /* R := 2P - P = P */
+        if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
+        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+        if (!EC_POINT_is_at_infinity(group, R))
+                ABORT;
-        {
+        fprintf(stdout, " ok\n\n");
-                const EC_POINT *points[4];
-                const BIGNUM *scalars[4];
-                BIGNUM scalar3;
-                if (EC_POINT_is_at_infinity(group, Q))
-                        ABORT;
-                points[0] = Q;
-                points[1] = Q;
-                points[2] = Q;
-                points[3] = Q;
-                if (!EC_GROUP_get_order(group, z, ctx))
-                        ABORT;
-                if (!BN_add(y, z, BN_value_one()))
-                        ABORT;
-                if (BN_is_odd(y))
-                        ABORT;
-                if (!BN_rshift1(y, y))
-                        ABORT;
-                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-                scalars[1] = y;
-                fprintf(stdout, "combined multiplication ...");
-                fflush(stdout);
-                /* z is still the group order */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, P, R, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, R, Q, ctx))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-                        ABORT;
-                if (!BN_add(z, z, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = y;
-                scalars[1] = z; /* z = -(order + y) */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-                        ABORT;
-                if (!BN_add(z, x, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = x;
-                scalars[1] = y;
-                scalars[2] = z; /* z = -(x+y) */
-                BN_init(&scalar3);
-                BN_zero(&scalar3);
-                scalars[3] = &scalar3;
-                if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, " ok\n\n");
-                BN_free(&scalar3);
-        }
        if (ctx)
                BN_CTX_free(ctx);
@@ -1185,91 +1113,29 @@ prime_field_tests(void)
        );
        /* more tests using the last curve */
+        fprintf(stdout, "infinity tests ...");
+        fflush(stdout);
        if (!EC_POINT_copy(Q, P))
                ABORT;
        if (EC_POINT_is_at_infinity(group, Q))
                ABORT;
+        /* P := 2P */
        if (!EC_POINT_dbl(group, P, P, ctx))
                ABORT;
        if (!EC_POINT_is_on_curve(group, P, ctx))
                ABORT;
-        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+        /* Q := -P */
+        if (!EC_POINT_invert(group, Q, ctx))
-                if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
-                        ABORT;
+        /* R := 2P - P = P */
+        if (!EC_POINT_add(group, R, P, Q, ctx))
+                ABORT;
+        /* R := R + Q = P - P = infty */
        if (!EC_POINT_add(group, R, R, Q, ctx))
                ABORT;
-        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+        if (!EC_POINT_is_at_infinity(group, R))
+                ABORT;
-        {
+        fprintf(stdout, " ok\n\n");
-                const EC_POINT *points[3];
-                const BIGNUM *scalars[3];
-                if (EC_POINT_is_at_infinity(group, Q))
-                        ABORT;
-                points[0] = Q;
-                points[1] = Q;
-                points[2] = Q;
-                if (!BN_add(y, z, BN_value_one()))
-                        ABORT;
-                if (BN_is_odd(y))
-                        ABORT;
-                if (!BN_rshift1(y, y))
-                        ABORT;
-                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-                scalars[1] = y;
-                fprintf(stdout, "combined multiplication ...");
-                fflush(stdout);
-                /* z is still the group order */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, P, R, ctx))
-                        ABORT;
-                if (0 != EC_POINT_cmp(group, R, Q, ctx))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-                        ABORT;
-                if (!BN_add(z, z, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = y;
-                scalars[1] = z; /* z = -(order + y) */
-                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, ".");
-                fflush(stdout);
-                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-                        ABORT;
-                if (!BN_add(z, x, y))
-                        ABORT;
-                BN_set_negative(z, 1);
-                scalars[0] = x;
-                scalars[1] = y;
-                scalars[2] = z; /* z = -(x+y) */
-                if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
-                        ABORT;
-                if (!EC_POINT_is_at_infinity(group, P))
-                        ABORT;
-                fprintf(stdout, " ok\n\n");
-        }
        if (ctx)
                BN_CTX_free(ctx);
author	tb <>	2018-07-11 06:16:40 +0000
committer	tb <>	2018-07-11 06:16:40 +0000
commit	c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2 (patch)
tree	a35d20188d14f03519d03917143d907dfaa7aee2 /src
parent	265d2eba7d6daa9b8c60bbca09c0ed21ccaa608c (diff)
download	openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.tar.gz openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.tar.bz2 openbsd-c01ae3757cbf4ddd99f5a39a6bfe4cb7b8f7cae2.zip

diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c index 9d7533b628..d864a21a5b 100644 --- a/src/regress/lib/libcrypto/ec/ectest.c +++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -661,101 +661,29 @@ prime_field_tests(void)
661		661
662		662
663	/* more tests using the last curve */	663	/* more tests using the last curve */
664		664	fprintf(stdout, "infinity tests ...");
		665	fflush(stdout);
665	if (!EC_POINT_copy(Q, P))	666	if (!EC_POINT_copy(Q, P))
666	ABORT;	667	ABORT;
667	if (EC_POINT_is_at_infinity(group, Q))	668	if (EC_POINT_is_at_infinity(group, Q))
668	ABORT;	669	ABORT;
		670	/* P := 2P */
669	if (!EC_POINT_dbl(group, P, P, ctx))	671	if (!EC_POINT_dbl(group, P, P, ctx))
670	ABORT;	672	ABORT;
671	if (!EC_POINT_is_on_curve(group, P, ctx))	673	if (!EC_POINT_is_on_curve(group, P, ctx))
672	ABORT;	674	ABORT;
673	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */	675	/* Q := -P */
674		676	if (!EC_POINT_invert(group, Q, ctx))
675	if (!EC_POINT_add(group, R, P, Q, ctx))	677	ABORT;
676	ABORT;	678	/* R := 2P - P = P */
		679	if (!EC_POINT_add(group, R, P, Q, ctx))
		680	ABORT;
		681	/* R := R + Q = P - P = infty */
677	if (!EC_POINT_add(group, R, R, Q, ctx))	682	if (!EC_POINT_add(group, R, R, Q, ctx))
678	ABORT;	683	ABORT;
679	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */	684	if (!EC_POINT_is_at_infinity(group, R))
680		685	ABORT;
681	{	686	fprintf(stdout, " ok\n\n");
682	const EC_POINT *points[4];
683	const BIGNUM *scalars[4];
684	BIGNUM scalar3;
685
686	if (EC_POINT_is_at_infinity(group, Q))
687	ABORT;
688	points[0] = Q;
689	points[1] = Q;
690	points[2] = Q;
691	points[3] = Q;
692
693	if (!EC_GROUP_get_order(group, z, ctx))
694	ABORT;
695	if (!BN_add(y, z, BN_value_one()))
696	ABORT;
697	if (BN_is_odd(y))
698	ABORT;
699	if (!BN_rshift1(y, y))
700	ABORT;
701	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
702	scalars[1] = y;
703
704	fprintf(stdout, "combined multiplication ...");
705	fflush(stdout);
706
707	/* z is still the group order */
708	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
709	ABORT;
710	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
711	ABORT;
712	if (0 != EC_POINT_cmp(group, P, R, ctx))
713	ABORT;
714	if (0 != EC_POINT_cmp(group, R, Q, ctx))
715	ABORT;
716
717	fprintf(stdout, ".");
718	fflush(stdout);
719
720	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
721	ABORT;
722	if (!BN_add(z, z, y))
723	ABORT;
724	BN_set_negative(z, 1);
725	scalars[0] = y;
726	scalars[1] = z; /* z = -(order + y) */
727
728	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
729	ABORT;
730	if (!EC_POINT_is_at_infinity(group, P))
731	ABORT;
732
733	fprintf(stdout, ".");
734	fflush(stdout);
735
736	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
737	ABORT;
738	if (!BN_add(z, x, y))
739	ABORT;
740	BN_set_negative(z, 1);
741	scalars[0] = x;
742	scalars[1] = y;
743	scalars[2] = z; /* z = -(x+y) */
744
745	BN_init(&scalar3);
746	BN_zero(&scalar3);
747	scalars[3] = &scalar3;
748
749	if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
750	ABORT;
751	if (!EC_POINT_is_at_infinity(group, P))
752	ABORT;
753
754	fprintf(stdout, " ok\n\n");
755
756	BN_free(&scalar3);
757	}
758
759		687
760	if (ctx)	688	if (ctx)
761	BN_CTX_free(ctx);	689	BN_CTX_free(ctx);
@@ -1185,91 +1113,29 @@ prime_field_tests(void)
1185	);	1113	);
1186		1114
1187	/* more tests using the last curve */	1115	/* more tests using the last curve */
1188		1116	fprintf(stdout, "infinity tests ...");
		1117	fflush(stdout);
1189	if (!EC_POINT_copy(Q, P))	1118	if (!EC_POINT_copy(Q, P))
1190	ABORT;	1119	ABORT;
1191	if (EC_POINT_is_at_infinity(group, Q))	1120	if (EC_POINT_is_at_infinity(group, Q))
1192	ABORT;	1121	ABORT;
		1122	/* P := 2P */
1193	if (!EC_POINT_dbl(group, P, P, ctx))	1123	if (!EC_POINT_dbl(group, P, P, ctx))
1194	ABORT;	1124	ABORT;
1195	if (!EC_POINT_is_on_curve(group, P, ctx))	1125	if (!EC_POINT_is_on_curve(group, P, ctx))
1196	ABORT;	1126	ABORT;
1197	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */	1127	/* Q := -P */
1198		1128	if (!EC_POINT_invert(group, Q, ctx))
1199	if (!EC_POINT_add(group, R, P, Q, ctx))	1129	ABORT;
1200	ABORT;	1130	/* R := 2P - P = P */
		1131	if (!EC_POINT_add(group, R, P, Q, ctx))
		1132	ABORT;
		1133	/* R := R + Q = P - P = infty */
1201	if (!EC_POINT_add(group, R, R, Q, ctx))	1134	if (!EC_POINT_add(group, R, R, Q, ctx))
1202	ABORT;	1135	ABORT;
1203	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */	1136	if (!EC_POINT_is_at_infinity(group, R))
1204		1137	ABORT;
1205	{	1138	fprintf(stdout, " ok\n\n");
1206	const EC_POINT *points[3];
1207	const BIGNUM *scalars[3];
1208
1209	if (EC_POINT_is_at_infinity(group, Q))
1210	ABORT;
1211	points[0] = Q;
1212	points[1] = Q;
1213	points[2] = Q;
1214
1215	if (!BN_add(y, z, BN_value_one()))
1216	ABORT;
1217	if (BN_is_odd(y))
1218	ABORT;
1219	if (!BN_rshift1(y, y))
1220	ABORT;
1221	scalars[0] = y; /* (group order + 1)/2, so yQ + yQ = Q */
1222	scalars[1] = y;
1223
1224	fprintf(stdout, "combined multiplication ...");
1225	fflush(stdout);
1226
1227	/* z is still the group order */
1228	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1229	ABORT;
1230	if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
1231	ABORT;
1232	if (0 != EC_POINT_cmp(group, P, R, ctx))
1233	ABORT;
1234	if (0 != EC_POINT_cmp(group, R, Q, ctx))
1235	ABORT;
1236
1237	fprintf(stdout, ".");
1238	fflush(stdout);
1239
1240	if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
1241	ABORT;
1242	if (!BN_add(z, z, y))
1243	ABORT;
1244	BN_set_negative(z, 1);
1245	scalars[0] = y;
1246	scalars[1] = z; /* z = -(order + y) */
1247
1248	if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1249	ABORT;
1250	if (!EC_POINT_is_at_infinity(group, P))
1251	ABORT;
1252
1253	fprintf(stdout, ".");
1254	fflush(stdout);
1255
1256	if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
1257	ABORT;
1258	if (!BN_add(z, x, y))
1259	ABORT;
1260	BN_set_negative(z, 1);
1261	scalars[0] = x;
1262	scalars[1] = y;
1263	scalars[2] = z; /* z = -(x+y) */
1264
1265	if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
1266	ABORT;
1267	if (!EC_POINT_is_at_infinity(group, P))
1268	ABORT;
1269
1270	fprintf(stdout, " ok\n\n");
1271	}
1272
1273		1139
1274	if (ctx)	1140	if (ctx)
1275	BN_CTX_free(ctx);	1141	BN_CTX_free(ctx);