summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/regress/lib/libcrypto/ec/ectest.c1375
1 files changed, 825 insertions, 550 deletions
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index 6199e88f53..9d7533b628 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,13 +58,13 @@
58/* ==================================================================== 58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * 60 *
61 * Portions of the attached software ("Contribution") are developed by 61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 * 63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source 64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above. 65 * license provided above.
66 * 66 *
67 * The elliptic curve binary polynomial software is originally written by 67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 * 69 *
70 */ 70 */
@@ -96,39 +96,58 @@
96#define TIMING_SIMUL 2 96#define TIMING_SIMUL 2
97 97
98/* test multiplication with group order, long and negative scalars */ 98/* test multiplication with group order, long and negative scalars */
99static void group_order_tests(EC_GROUP *group) 99static void
100 { 100group_order_tests(EC_GROUP *group)
101{
101 BIGNUM *n1, *n2, *order; 102 BIGNUM *n1, *n2, *order;
102 EC_POINT *P = EC_POINT_new(group); 103 EC_POINT *P = EC_POINT_new(group);
103 EC_POINT *Q = EC_POINT_new(group); 104 EC_POINT *Q = EC_POINT_new(group);
104 BN_CTX *ctx = BN_CTX_new(); 105 BN_CTX *ctx = BN_CTX_new();
105 106
106 n1 = BN_new(); n2 = BN_new(); order = BN_new(); 107 n1 = BN_new();
108 n2 = BN_new();
109 order = BN_new();
107 fprintf(stdout, "verify group order ..."); 110 fprintf(stdout, "verify group order ...");
108 fflush(stdout); 111 fflush(stdout);
109 if (!EC_GROUP_get_order(group, order, ctx)) ABORT; 112 if (!EC_GROUP_get_order(group, order, ctx))
110 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT; 113 ABORT;
111 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 114 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
115 ABORT;
116 if (!EC_POINT_is_at_infinity(group, Q))
117 ABORT;
112 fprintf(stdout, "."); 118 fprintf(stdout, ".");
113 fflush(stdout); 119 fflush(stdout);
114 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 120 if (!EC_GROUP_precompute_mult(group, ctx))
115 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT; 121 ABORT;
116 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 122 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
123 ABORT;
124 if (!EC_POINT_is_at_infinity(group, Q))
125 ABORT;
117 fprintf(stdout, " ok\n"); 126 fprintf(stdout, " ok\n");
118 fprintf(stdout, "long/negative scalar tests ... "); 127 fprintf(stdout, "long/negative scalar tests ... ");
119 if (!BN_one(n1)) ABORT; 128 if (!BN_one(n1))
129 ABORT;
120 /* n1 = 1 - order */ 130 /* n1 = 1 - order */
121 if (!BN_sub(n1, n1, order)) ABORT; 131 if (!BN_sub(n1, n1, order))
122 if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT; 132 ABORT;
123 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 133 if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
134 ABORT;
135 if (0 != EC_POINT_cmp(group, Q, P, ctx))
136 ABORT;
124 /* n2 = 1 + order */ 137 /* n2 = 1 + order */
125 if (!BN_add(n2, order, BN_value_one())) ABORT; 138 if (!BN_add(n2, order, BN_value_one()))
126 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 139 ABORT;
127 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 140 if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
141 ABORT;
142 if (0 != EC_POINT_cmp(group, Q, P, ctx))
143 ABORT;
128 /* n2 = (1 - order) * (1 + order) */ 144 /* n2 = (1 - order) * (1 + order) */
129 if (!BN_mul(n2, n1, n2, ctx)) ABORT; 145 if (!BN_mul(n2, n1, n2, ctx))
130 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 146 ABORT;
131 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 147 if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
148 ABORT;
149 if (0 != EC_POINT_cmp(group, Q, P, ctx))
150 ABORT;
132 fprintf(stdout, "ok\n"); 151 fprintf(stdout, "ok\n");
133 EC_POINT_free(P); 152 EC_POINT_free(P);
134 EC_POINT_free(Q); 153 EC_POINT_free(Q);
@@ -136,10 +155,11 @@ static void group_order_tests(EC_GROUP *group)
136 BN_free(n2); 155 BN_free(n2);
137 BN_free(order); 156 BN_free(order);
138 BN_CTX_free(ctx); 157 BN_CTX_free(ctx);
139 } 158}
140 159
141static void prime_field_tests(void) 160static void
142 { 161prime_field_tests(void)
162{
143 BN_CTX *ctx = NULL; 163 BN_CTX *ctx = NULL;
144 BIGNUM *p, *a, *b; 164 BIGNUM *p, *a, *b;
145 EC_GROUP *group; 165 EC_GROUP *group;
@@ -149,37 +169,47 @@ static void prime_field_tests(void)
149 unsigned char buf[100]; 169 unsigned char buf[100];
150 size_t i, len; 170 size_t i, len;
151 int k; 171 int k;
152 172
153#if 1 /* optional */ 173#if 1 /* optional */
154 ctx = BN_CTX_new(); 174 ctx = BN_CTX_new();
155 if (!ctx) ABORT; 175 if (!ctx)
176 ABORT;
156#endif 177#endif
157 178
158 p = BN_new(); 179 p = BN_new();
159 a = BN_new(); 180 a = BN_new();
160 b = BN_new(); 181 b = BN_new();
161 if (!p || !a || !b) ABORT; 182 if (!p || !a || !b)
183 ABORT;
184
185 if (!BN_hex2bn(&p, "17"))
186 ABORT;
187 if (!BN_hex2bn(&a, "1"))
188 ABORT;
189 if (!BN_hex2bn(&b, "1"))
190 ABORT;
162 191
163 if (!BN_hex2bn(&p, "17")) ABORT;
164 if (!BN_hex2bn(&a, "1")) ABORT;
165 if (!BN_hex2bn(&b, "1")) ABORT;
166
167 group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp 192 group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
168 * so that the library gets to choose the EC_METHOD */ 193 * so that the library gets to choose the EC_METHOD */
169 if (!group) ABORT; 194 if (!group)
195 ABORT;
170 196
171 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 197 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
198 ABORT;
172 199
173 { 200 {
174 EC_GROUP *tmp; 201 EC_GROUP *tmp;
175 tmp = EC_GROUP_new(EC_GROUP_method_of(group)); 202 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
176 if (!tmp) ABORT; 203 if (!tmp)
177 if (!EC_GROUP_copy(tmp, group)) ABORT; 204 ABORT;
205 if (!EC_GROUP_copy(tmp, group))
206 ABORT;
178 EC_GROUP_free(group); 207 EC_GROUP_free(group);
179 group = tmp; 208 group = tmp;
180 } 209 }
181 210
182 if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT; 211 if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
212 ABORT;
183 213
184 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); 214 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
185 BN_print_fp(stdout, p); 215 BN_print_fp(stdout, p);
@@ -192,96 +222,121 @@ static void prime_field_tests(void)
192 P = EC_POINT_new(group); 222 P = EC_POINT_new(group);
193 Q = EC_POINT_new(group); 223 Q = EC_POINT_new(group);
194 R = EC_POINT_new(group); 224 R = EC_POINT_new(group);
195 if (!P || !Q || !R) ABORT; 225 if (!P || !Q || !R)
196 226 ABORT;
197 if (!EC_POINT_set_to_infinity(group, P)) ABORT; 227
198 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 228 if (!EC_POINT_set_to_infinity(group, P))
229 ABORT;
230 if (!EC_POINT_is_at_infinity(group, P))
231 ABORT;
199 232
200 buf[0] = 0; 233 buf[0] = 0;
201 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; 234 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
235 ABORT;
202 236
203 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 237 if (!EC_POINT_add(group, P, P, Q, ctx))
204 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 238 ABORT;
239 if (!EC_POINT_is_at_infinity(group, P))
240 ABORT;
205 241
206 x = BN_new(); 242 x = BN_new();
207 y = BN_new(); 243 y = BN_new();
208 z = BN_new(); 244 z = BN_new();
209 if (!x || !y || !z) ABORT; 245 if (!x || !y || !z)
246 ABORT;
210 247
211 if (!BN_hex2bn(&x, "D")) ABORT; 248 if (!BN_hex2bn(&x, "D"))
212 if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; 249 ABORT;
213 if (!EC_POINT_is_on_curve(group, Q, ctx)) 250 if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
214 { 251 ABORT;
215 if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; 252 if (!EC_POINT_is_on_curve(group, Q, ctx)) {
253 if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
254 ABORT;
216 fprintf(stderr, "Point is not on curve: x = 0x"); 255 fprintf(stderr, "Point is not on curve: x = 0x");
217 BN_print_fp(stderr, x); 256 BN_print_fp(stderr, x);
218 fprintf(stderr, ", y = 0x"); 257 fprintf(stderr, ", y = 0x");
219 BN_print_fp(stderr, y); 258 BN_print_fp(stderr, y);
220 fprintf(stderr, "\n"); 259 fprintf(stderr, "\n");
221 ABORT; 260 ABORT;
222 } 261 }
223 262
224 fprintf(stdout, "A cyclic subgroup:\n"); 263 fprintf(stdout, "A cyclic subgroup:\n");
225 k = 100; 264 k = 100;
226 do 265 do
227 { 266 {
228 if (k-- == 0) ABORT; 267 if (k-- == 0)
268 ABORT;
229 269
230 if (EC_POINT_is_at_infinity(group, P)) 270 if (EC_POINT_is_at_infinity(group, P))
231 fprintf(stdout, " point at infinity\n"); 271 fprintf(stdout, " point at infinity\n");
232 else 272 else {
233 { 273 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
234 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 274 ABORT;
235 275
236 fprintf(stdout, " x = 0x"); 276 fprintf(stdout, " x = 0x");
237 BN_print_fp(stdout, x); 277 BN_print_fp(stdout, x);
238 fprintf(stdout, ", y = 0x"); 278 fprintf(stdout, ", y = 0x");
239 BN_print_fp(stdout, y); 279 BN_print_fp(stdout, y);
240 fprintf(stdout, "\n"); 280 fprintf(stdout, "\n");
241 } 281 }
242 282
243 if (!EC_POINT_copy(R, P)) ABORT; 283 if (!EC_POINT_copy(R, P))
244 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 284 ABORT;
285 if (!EC_POINT_add(group, P, P, Q, ctx))
286 ABORT;
245 287
246#if 0 /* optional */ 288#if 0 /* optional */
247 { 289 {
248 EC_POINT *points[3]; 290 EC_POINT *points[3];
249 291
250 points[0] = R; 292 points[0] = R;
251 points[1] = Q; 293 points[1] = Q;
252 points[2] = P; 294 points[2] = P;
253 if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT; 295 if (!EC_POINTs_make_affine(group, 2, points, ctx))
296 ABORT;
254 } 297 }
255#endif 298#endif
256 299
257 } 300 }
258 while (!EC_POINT_is_at_infinity(group, P)); 301 while (!EC_POINT_is_at_infinity(group, P));
259 302
260 if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; 303 if (!EC_POINT_add(group, P, Q, R, ctx))
261 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 304 ABORT;
305 if (!EC_POINT_is_at_infinity(group, P))
306 ABORT;
262 307
263 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); 308 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
264 if (len == 0) ABORT; 309 if (len == 0)
265 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 310 ABORT;
266 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 311 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
312 ABORT;
313 if (0 != EC_POINT_cmp(group, P, Q, ctx))
314 ABORT;
267 fprintf(stdout, "Generator as octet string, compressed form:\n "); 315 fprintf(stdout, "Generator as octet string, compressed form:\n ");
268 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 316 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
269 317
270 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); 318 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
271 if (len == 0) ABORT; 319 if (len == 0)
272 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 320 ABORT;
273 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 321 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
322 ABORT;
323 if (0 != EC_POINT_cmp(group, P, Q, ctx))
324 ABORT;
274 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); 325 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
275 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 326 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
276 327
277 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); 328 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
278 if (len == 0) ABORT; 329 if (len == 0)
279 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 330 ABORT;
280 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 331 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
332 ABORT;
333 if (0 != EC_POINT_cmp(group, P, Q, ctx))
334 ABORT;
281 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); 335 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
282 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 336 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
283 337
284 if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT; 338 if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
339 ABORT;
285 fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); 340 fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
286 BN_print_fp(stdout, x); 341 BN_print_fp(stdout, x);
287 fprintf(stdout, ", Y = 0x"); 342 fprintf(stdout, ", Y = 0x");
@@ -290,169 +345,241 @@ static void prime_field_tests(void)
290 BN_print_fp(stdout, z); 345 BN_print_fp(stdout, z);
291 fprintf(stdout, "\n"); 346 fprintf(stdout, "\n");
292 347
293 if (!EC_POINT_invert(group, P, ctx)) ABORT; 348 if (!EC_POINT_invert(group, P, ctx))
294 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 349 ABORT;
350 if (0 != EC_POINT_cmp(group, P, R, ctx))
351 ABORT;
295 352
296 353
297 /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) 354 /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
298 * -- not a NIST curve, but commonly used */ 355 * -- not a NIST curve, but commonly used */
299 356
300 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; 357 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
301 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 358 ABORT;
302 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; 359 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
303 if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; 360 ABORT;
304 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 361 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
305 362 ABORT;
306 if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; 363 if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
307 if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; 364 ABORT;
308 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 365 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
309 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 366 ABORT;
310 if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; 367
311 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 368 if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
312 369 ABORT;
313 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 370 if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
371 ABORT;
372 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
373 ABORT;
374 if (!EC_POINT_is_on_curve(group, P, ctx))
375 ABORT;
376 if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
377 ABORT;
378 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
379 ABORT;
380
381 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
382 ABORT;
314 fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); 383 fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
315 BN_print_fp(stdout, x); 384 BN_print_fp(stdout, x);
316 fprintf(stdout, "\n y = 0x"); 385 fprintf(stdout, "\n y = 0x");
317 BN_print_fp(stdout, y); 386 BN_print_fp(stdout, y);
318 fprintf(stdout, "\n"); 387 fprintf(stdout, "\n");
319 /* G_y value taken from the standard: */ 388 /* G_y value taken from the standard: */
320 if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; 389 if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
321 if (0 != BN_cmp(y, z)) ABORT; 390 ABORT;
391 if (0 != BN_cmp(y, z))
392 ABORT;
322 393
323 fprintf(stdout, "verify degree ..."); 394 fprintf(stdout, "verify degree ...");
324 if (EC_GROUP_get_degree(group) != 160) ABORT; 395 if (EC_GROUP_get_degree(group) != 160)
396 ABORT;
325 fprintf(stdout, " ok\n"); 397 fprintf(stdout, " ok\n");
326 398
327 group_order_tests(group); 399 group_order_tests(group);
328 400
329 if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 401 if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
330 if (!EC_GROUP_copy(P_160, group)) ABORT; 402 ABORT;
403 if (!EC_GROUP_copy(P_160, group))
404 ABORT;
331 405
332 406
333 /* Curve P-192 (FIPS PUB 186-2, App. 6) */ 407 /* Curve P-192 (FIPS PUB 186-2, App. 6) */
334 408
335 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; 409 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
336 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 410 ABORT;
337 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; 411 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
338 if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; 412 ABORT;
339 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 413 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
340 414 ABORT;
341 if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT; 415 if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
342 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 416 ABORT;
343 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 417 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
344 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; 418 ABORT;
345 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 419
346 420 if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
347 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 421 ABORT;
422 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
423 ABORT;
424 if (!EC_POINT_is_on_curve(group, P, ctx))
425 ABORT;
426 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
427 ABORT;
428 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
429 ABORT;
430
431 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
432 ABORT;
348 fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); 433 fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
349 BN_print_fp(stdout, x); 434 BN_print_fp(stdout, x);
350 fprintf(stdout, "\n y = 0x"); 435 fprintf(stdout, "\n y = 0x");
351 BN_print_fp(stdout, y); 436 BN_print_fp(stdout, y);
352 fprintf(stdout, "\n"); 437 fprintf(stdout, "\n");
353 /* G_y value taken from the standard: */ 438 /* G_y value taken from the standard: */
354 if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; 439 if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
355 if (0 != BN_cmp(y, z)) ABORT; 440 ABORT;
441 if (0 != BN_cmp(y, z))
442 ABORT;
356 443
357 fprintf(stdout, "verify degree ..."); 444 fprintf(stdout, "verify degree ...");
358 if (EC_GROUP_get_degree(group) != 192) ABORT; 445 if (EC_GROUP_get_degree(group) != 192)
446 ABORT;
359 fprintf(stdout, " ok\n"); 447 fprintf(stdout, " ok\n");
360 448
361 group_order_tests(group); 449 group_order_tests(group);
362 450
363 if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 451 if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
364 if (!EC_GROUP_copy(P_192, group)) ABORT; 452 ABORT;
453 if (!EC_GROUP_copy(P_192, group))
454 ABORT;
365 455
366 456
367 /* Curve P-224 (FIPS PUB 186-2, App. 6) */ 457 /* Curve P-224 (FIPS PUB 186-2, App. 6) */
368 458
369 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; 459 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
370 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 460 ABORT;
371 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; 461 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
372 if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; 462 ABORT;
373 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 463 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
374 464 ABORT;
375 if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT; 465 if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
376 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; 466 ABORT;
377 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 467 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
378 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT; 468 ABORT;
379 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 469
380 470 if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
381 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 471 ABORT;
472 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
473 ABORT;
474 if (!EC_POINT_is_on_curve(group, P, ctx))
475 ABORT;
476 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
477 ABORT;
478 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
479 ABORT;
480
481 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
482 ABORT;
382 fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); 483 fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
383 BN_print_fp(stdout, x); 484 BN_print_fp(stdout, x);
384 fprintf(stdout, "\n y = 0x"); 485 fprintf(stdout, "\n y = 0x");
385 BN_print_fp(stdout, y); 486 BN_print_fp(stdout, y);
386 fprintf(stdout, "\n"); 487 fprintf(stdout, "\n");
387 /* G_y value taken from the standard: */ 488 /* G_y value taken from the standard: */
388 if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; 489 if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
389 if (0 != BN_cmp(y, z)) ABORT; 490 ABORT;
390 491 if (0 != BN_cmp(y, z))
492 ABORT;
493
391 fprintf(stdout, "verify degree ..."); 494 fprintf(stdout, "verify degree ...");
392 if (EC_GROUP_get_degree(group) != 224) ABORT; 495 if (EC_GROUP_get_degree(group) != 224)
496 ABORT;
393 fprintf(stdout, " ok\n"); 497 fprintf(stdout, " ok\n");
394 498
395 group_order_tests(group); 499 group_order_tests(group);
396 500
397 if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 501 if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
398 if (!EC_GROUP_copy(P_224, group)) ABORT; 502 ABORT;
503 if (!EC_GROUP_copy(P_224, group))
504 ABORT;
399 505
400 506
401 /* Curve P-256 (FIPS PUB 186-2, App. 6) */ 507 /* Curve P-256 (FIPS PUB 186-2, App. 6) */
402 508
403 if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; 509 if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
404 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 510 ABORT;
405 if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; 511 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
406 if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; 512 ABORT;
407 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 513 if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
408 514 ABORT;
409 if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT; 515 if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
410 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 516 ABORT;
411 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 517 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
518 ABORT;
519
520 if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
521 ABORT;
522 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
523 ABORT;
524 if (!EC_POINT_is_on_curve(group, P, ctx))
525 ABORT;
412 if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" 526 if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
413 "84F3B9CAC2FC632551")) ABORT; 527 "84F3B9CAC2FC632551")) ABORT;
414 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 528 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
529 ABORT;
415 530
416 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 531 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
532 ABORT;
417 fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); 533 fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
418 BN_print_fp(stdout, x); 534 BN_print_fp(stdout, x);
419 fprintf(stdout, "\n y = 0x"); 535 fprintf(stdout, "\n y = 0x");
420 BN_print_fp(stdout, y); 536 BN_print_fp(stdout, y);
421 fprintf(stdout, "\n"); 537 fprintf(stdout, "\n");
422 /* G_y value taken from the standard: */ 538 /* G_y value taken from the standard: */
423 if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; 539 if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
424 if (0 != BN_cmp(y, z)) ABORT; 540 ABORT;
425 541 if (0 != BN_cmp(y, z))
542 ABORT;
543
426 fprintf(stdout, "verify degree ..."); 544 fprintf(stdout, "verify degree ...");
427 if (EC_GROUP_get_degree(group) != 256) ABORT; 545 if (EC_GROUP_get_degree(group) != 256)
546 ABORT;
428 fprintf(stdout, " ok\n"); 547 fprintf(stdout, " ok\n");
429 548
430 group_order_tests(group); 549 group_order_tests(group);
431 550
432 if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 551 if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
433 if (!EC_GROUP_copy(P_256, group)) ABORT; 552 ABORT;
553 if (!EC_GROUP_copy(P_256, group))
554 ABORT;
434 555
435 556
436 /* Curve P-384 (FIPS PUB 186-2, App. 6) */ 557 /* Curve P-384 (FIPS PUB 186-2, App. 6) */
437 558
438 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 559 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
439 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; 560 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
440 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 561 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
562 ABORT;
441 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 563 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
442 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; 564 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
443 if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" 565 if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
444 "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT; 566 "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
445 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 567 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
568 ABORT;
446 569
447 if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" 570 if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
448 "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT; 571 "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
449 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 572 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
450 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 573 ABORT;
574 if (!EC_POINT_is_on_curve(group, P, ctx))
575 ABORT;
451 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 576 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
452 "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT; 577 "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
453 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 578 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
579 ABORT;
454 580
455 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 581 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
582 ABORT;
456 fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); 583 fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
457 BN_print_fp(stdout, x); 584 BN_print_fp(stdout, x);
458 fprintf(stdout, "\n y = 0x"); 585 fprintf(stdout, "\n y = 0x");
@@ -460,44 +587,54 @@ static void prime_field_tests(void)
460 fprintf(stdout, "\n"); 587 fprintf(stdout, "\n");
461 /* G_y value taken from the standard: */ 588 /* G_y value taken from the standard: */
462 if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" 589 if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
463 "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; 590 "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
464 if (0 != BN_cmp(y, z)) ABORT; 591 if (0 != BN_cmp(y, z))
465 592 ABORT;
593
466 fprintf(stdout, "verify degree ..."); 594 fprintf(stdout, "verify degree ...");
467 if (EC_GROUP_get_degree(group) != 384) ABORT; 595 if (EC_GROUP_get_degree(group) != 384)
596 ABORT;
468 fprintf(stdout, " ok\n"); 597 fprintf(stdout, " ok\n");
469 598
470 group_order_tests(group); 599 group_order_tests(group);
471 600
472 if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 601 if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
473 if (!EC_GROUP_copy(P_384, group)) ABORT; 602 ABORT;
603 if (!EC_GROUP_copy(P_384, group))
604 ABORT;
474 605
475 606
476 /* Curve P-521 (FIPS PUB 186-2, App. 6) */ 607 /* Curve P-521 (FIPS PUB 186-2, App. 6) */
477 608
478 if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 609 if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
479 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 610 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
480 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; 611 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
481 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 612 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
613 ABORT;
482 if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 614 if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
483 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 615 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
484 "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; 616 "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
485 if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" 617 if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
486 "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" 618 "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
487 "DF883D2C34F1EF451FD46B503F00")) ABORT; 619 "DF883D2C34F1EF451FD46B503F00")) ABORT;
488 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 620 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
621 ABORT;
489 622
490 if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" 623 if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
491 "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" 624 "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
492 "3C1856A429BF97E7E31C2E5BD66")) ABORT; 625 "3C1856A429BF97E7E31C2E5BD66")) ABORT;
493 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; 626 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
494 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 627 ABORT;
628 if (!EC_POINT_is_on_curve(group, P, ctx))
629 ABORT;
495 if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 630 if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
496 "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" 631 "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
497 "C9B8899C47AEBB6FB71E91386409")) ABORT; 632 "C9B8899C47AEBB6FB71E91386409")) ABORT;
498 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 633 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
634 ABORT;
499 635
500 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 636 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
637 ABORT;
501 fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); 638 fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
502 BN_print_fp(stdout, x); 639 BN_print_fp(stdout, x);
503 fprintf(stdout, "\n y = 0x"); 640 fprintf(stdout, "\n y = 0x");
@@ -505,47 +642,62 @@ static void prime_field_tests(void)
505 fprintf(stdout, "\n"); 642 fprintf(stdout, "\n");
506 /* G_y value taken from the standard: */ 643 /* G_y value taken from the standard: */
507 if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" 644 if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
508 "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" 645 "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
509 "7086A272C24088BE94769FD16650")) ABORT; 646 "7086A272C24088BE94769FD16650")) ABORT;
510 if (0 != BN_cmp(y, z)) ABORT; 647 if (0 != BN_cmp(y, z))
511 648 ABORT;
649
512 fprintf(stdout, "verify degree ..."); 650 fprintf(stdout, "verify degree ...");
513 if (EC_GROUP_get_degree(group) != 521) ABORT; 651 if (EC_GROUP_get_degree(group) != 521)
652 ABORT;
514 fprintf(stdout, " ok\n"); 653 fprintf(stdout, " ok\n");
515 654
516 group_order_tests(group); 655 group_order_tests(group);
517 656
518 if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 657 if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
519 if (!EC_GROUP_copy(P_521, group)) ABORT; 658 ABORT;
659 if (!EC_GROUP_copy(P_521, group))
660 ABORT;
520 661
521 662
522 /* more tests using the last curve */ 663 /* more tests using the last curve */
523 664
524 if (!EC_POINT_copy(Q, P)) ABORT; 665 if (!EC_POINT_copy(Q, P))
525 if (EC_POINT_is_at_infinity(group, Q)) ABORT; 666 ABORT;
526 if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; 667 if (EC_POINT_is_at_infinity(group, Q))
527 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 668 ABORT;
669 if (!EC_POINT_dbl(group, P, P, ctx))
670 ABORT;
671 if (!EC_POINT_is_on_curve(group, P, ctx))
672 ABORT;
528 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ 673 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
529 674
530 if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; 675 if (!EC_POINT_add(group, R, P, Q, ctx))
531 if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; 676 ABORT;
677 if (!EC_POINT_add(group, R, R, Q, ctx))
678 ABORT;
532 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ 679 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
533 680
534 { 681 {
535 const EC_POINT *points[4]; 682 const EC_POINT *points[4];
536 const BIGNUM *scalars[4]; 683 const BIGNUM *scalars[4];
537 BIGNUM scalar3; 684 BIGNUM scalar3;
538 685
539 if (EC_POINT_is_at_infinity(group, Q)) ABORT; 686 if (EC_POINT_is_at_infinity(group, Q))
687 ABORT;
540 points[0] = Q; 688 points[0] = Q;
541 points[1] = Q; 689 points[1] = Q;
542 points[2] = Q; 690 points[2] = Q;
543 points[3] = Q; 691 points[3] = Q;
544 692
545 if (!EC_GROUP_get_order(group, z, ctx)) ABORT; 693 if (!EC_GROUP_get_order(group, z, ctx))
546 if (!BN_add(y, z, BN_value_one())) ABORT; 694 ABORT;
547 if (BN_is_odd(y)) ABORT; 695 if (!BN_add(y, z, BN_value_one()))
548 if (!BN_rshift1(y, y)) ABORT; 696 ABORT;
697 if (BN_is_odd(y))
698 ABORT;
699 if (!BN_rshift1(y, y))
700 ABORT;
549 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ 701 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
550 scalars[1] = y; 702 scalars[1] = y;
551 703
@@ -553,28 +705,38 @@ static void prime_field_tests(void)
553 fflush(stdout); 705 fflush(stdout);
554 706
555 /* z is still the group order */ 707 /* z is still the group order */
556 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 708 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
557 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; 709 ABORT;
558 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 710 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
559 if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; 711 ABORT;
712 if (0 != EC_POINT_cmp(group, P, R, ctx))
713 ABORT;
714 if (0 != EC_POINT_cmp(group, R, Q, ctx))
715 ABORT;
560 716
561 fprintf(stdout, "."); 717 fprintf(stdout, ".");
562 fflush(stdout); 718 fflush(stdout);
563 719
564 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; 720 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
565 if (!BN_add(z, z, y)) ABORT; 721 ABORT;
722 if (!BN_add(z, z, y))
723 ABORT;
566 BN_set_negative(z, 1); 724 BN_set_negative(z, 1);
567 scalars[0] = y; 725 scalars[0] = y;
568 scalars[1] = z; /* z = -(order + y) */ 726 scalars[1] = z; /* z = -(order + y) */
569 727
570 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 728 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
571 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 729 ABORT;
730 if (!EC_POINT_is_at_infinity(group, P))
731 ABORT;
572 732
573 fprintf(stdout, "."); 733 fprintf(stdout, ".");
574 fflush(stdout); 734 fflush(stdout);
575 735
576 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; 736 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
577 if (!BN_add(z, x, y)) ABORT; 737 ABORT;
738 if (!BN_add(z, x, y))
739 ABORT;
578 BN_set_negative(z, 1); 740 BN_set_negative(z, 1);
579 scalars[0] = x; 741 scalars[0] = x;
580 scalars[1] = y; 742 scalars[1] = y;
@@ -584,8 +746,10 @@ static void prime_field_tests(void)
584 BN_zero(&scalar3); 746 BN_zero(&scalar3);
585 scalars[3] = &scalar3; 747 scalars[3] = &scalar3;
586 748
587 if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT; 749 if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
588 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 750 ABORT;
751 if (!EC_POINT_is_at_infinity(group, P))
752 ABORT;
589 753
590 fprintf(stdout, " ok\n\n"); 754 fprintf(stdout, " ok\n\n");
591 755
@@ -595,21 +759,31 @@ static void prime_field_tests(void)
595 759
596 if (ctx) 760 if (ctx)
597 BN_CTX_free(ctx); 761 BN_CTX_free(ctx);
598 BN_free(p); BN_free(a); BN_free(b); 762 BN_free(p);
763 BN_free(a);
764 BN_free(b);
599 EC_GROUP_free(group); 765 EC_GROUP_free(group);
600 EC_POINT_free(P); 766 EC_POINT_free(P);
601 EC_POINT_free(Q); 767 EC_POINT_free(Q);
602 EC_POINT_free(R); 768 EC_POINT_free(R);
603 BN_free(x); BN_free(y); BN_free(z); 769 BN_free(x);
604 770 BN_free(y);
605 if (P_160) EC_GROUP_free(P_160); 771 BN_free(z);
606 if (P_192) EC_GROUP_free(P_192); 772
607 if (P_224) EC_GROUP_free(P_224); 773 if (P_160)
608 if (P_256) EC_GROUP_free(P_256); 774 EC_GROUP_free(P_160);
609 if (P_384) EC_GROUP_free(P_384); 775 if (P_192)
610 if (P_521) EC_GROUP_free(P_521); 776 EC_GROUP_free(P_192);
611 777 if (P_224)
612 } 778 EC_GROUP_free(P_224);
779 if (P_256)
780 EC_GROUP_free(P_256);
781 if (P_384)
782 EC_GROUP_free(P_384);
783 if (P_521)
784 EC_GROUP_free(P_521);
785
786}
613 787
614/* Change test based on whether binary point compression is enabled or not. */ 788/* Change test based on whether binary point compression is enabled or not. */
615#ifdef OPENSSL_EC_BIN_PT_COMP 789#ifdef OPENSSL_EC_BIN_PT_COMP
@@ -629,7 +803,7 @@ static void prime_field_tests(void)
629 /* G_y value taken from the standard: */ \ 803 /* G_y value taken from the standard: */ \
630 if (!BN_hex2bn(&z, _y)) ABORT; \ 804 if (!BN_hex2bn(&z, _y)) ABORT; \
631 if (0 != BN_cmp(y, z)) ABORT; 805 if (0 != BN_cmp(y, z)) ABORT;
632#else 806#else
633#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ 807#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
634 if (!BN_hex2bn(&x, _x)) ABORT; \ 808 if (!BN_hex2bn(&x, _x)) ABORT; \
635 if (!BN_hex2bn(&y, _y)) ABORT; \ 809 if (!BN_hex2bn(&y, _y)) ABORT; \
@@ -660,8 +834,8 @@ static void prime_field_tests(void)
660 834
661#ifndef OPENSSL_NO_EC2M 835#ifndef OPENSSL_NO_EC2M
662 836
663static void char2_field_tests(void) 837 static void char2_field_tests(void)
664 { 838{
665 BN_CTX *ctx = NULL; 839 BN_CTX *ctx = NULL;
666 BIGNUM *p, *a, *b; 840 BIGNUM *p, *a, *b;
667 EC_GROUP *group; 841 EC_GROUP *group;
@@ -672,36 +846,46 @@ static void char2_field_tests(void)
672 unsigned char buf[100]; 846 unsigned char buf[100];
673 size_t i, len; 847 size_t i, len;
674 int k; 848 int k;
675 849
676#if 1 /* optional */ 850#if 1 /* optional */
677 ctx = BN_CTX_new(); 851 ctx = BN_CTX_new();
678 if (!ctx) ABORT; 852 if (!ctx)
853 ABORT;
679#endif 854#endif
680 855
681 p = BN_new(); 856 p = BN_new();
682 a = BN_new(); 857 a = BN_new();
683 b = BN_new(); 858 b = BN_new();
684 if (!p || !a || !b) ABORT; 859 if (!p || !a || !b)
860 ABORT;
861
862 if (!BN_hex2bn(&p, "13"))
863 ABORT;
864 if (!BN_hex2bn(&a, "3"))
865 ABORT;
866 if (!BN_hex2bn(&b, "1"))
867 ABORT;
685 868
686 if (!BN_hex2bn(&p, "13")) ABORT;
687 if (!BN_hex2bn(&a, "3")) ABORT;
688 if (!BN_hex2bn(&b, "1")) ABORT;
689
690 group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m 869 group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
691 * so that the library gets to choose the EC_METHOD */ 870 * so that the library gets to choose the EC_METHOD */
692 if (!group) ABORT; 871 if (!group)
693 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; 872 ABORT;
873 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
874 ABORT;
694 875
695 { 876 {
696 EC_GROUP *tmp; 877 EC_GROUP *tmp;
697 tmp = EC_GROUP_new(EC_GROUP_method_of(group)); 878 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
698 if (!tmp) ABORT; 879 if (!tmp)
699 if (!EC_GROUP_copy(tmp, group)) ABORT; 880 ABORT;
881 if (!EC_GROUP_copy(tmp, group))
882 ABORT;
700 EC_GROUP_free(group); 883 EC_GROUP_free(group);
701 group = tmp; 884 group = tmp;
702 } 885 }
703 886
704 if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT; 887 if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
888 ABORT;
705 889
706 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); 890 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
707 BN_print_fp(stdout, p); 891 BN_print_fp(stdout, p);
@@ -714,36 +898,47 @@ static void char2_field_tests(void)
714 P = EC_POINT_new(group); 898 P = EC_POINT_new(group);
715 Q = EC_POINT_new(group); 899 Q = EC_POINT_new(group);
716 R = EC_POINT_new(group); 900 R = EC_POINT_new(group);
717 if (!P || !Q || !R) ABORT; 901 if (!P || !Q || !R)
718 902 ABORT;
719 if (!EC_POINT_set_to_infinity(group, P)) ABORT; 903
720 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 904 if (!EC_POINT_set_to_infinity(group, P))
905 ABORT;
906 if (!EC_POINT_is_at_infinity(group, P))
907 ABORT;
721 908
722 buf[0] = 0; 909 buf[0] = 0;
723 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; 910 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
911 ABORT;
724 912
725 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 913 if (!EC_POINT_add(group, P, P, Q, ctx))
726 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 914 ABORT;
915 if (!EC_POINT_is_at_infinity(group, P))
916 ABORT;
727 917
728 x = BN_new(); 918 x = BN_new();
729 y = BN_new(); 919 y = BN_new();
730 z = BN_new(); 920 z = BN_new();
731 cof = BN_new(); 921 cof = BN_new();
732 if (!x || !y || !z || !cof) ABORT; 922 if (!x || !y || !z || !cof)
923 ABORT;
733 924
734 if (!BN_hex2bn(&x, "6")) ABORT; 925 if (!BN_hex2bn(&x, "6"))
926 ABORT;
735/* Change test based on whether binary point compression is enabled or not. */ 927/* Change test based on whether binary point compression is enabled or not. */
736#ifdef OPENSSL_EC_BIN_PT_COMP 928#ifdef OPENSSL_EC_BIN_PT_COMP
737 if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT; 929 if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
930 ABORT;
738#else 931#else
739 if (!BN_hex2bn(&y, "8")) ABORT; 932 if (!BN_hex2bn(&y, "8"))
740 if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; 933 ABORT;
934 if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
935 ABORT;
741#endif 936#endif
742 if (!EC_POINT_is_on_curve(group, Q, ctx)) 937 if (!EC_POINT_is_on_curve(group, Q, ctx)) {
743 {
744/* Change test based on whether binary point compression is enabled or not. */ 938/* Change test based on whether binary point compression is enabled or not. */
745#ifdef OPENSSL_EC_BIN_PT_COMP 939#ifdef OPENSSL_EC_BIN_PT_COMP
746 if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; 940 if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
941 ABORT;
747#endif 942#endif
748 fprintf(stderr, "Point is not on curve: x = 0x"); 943 fprintf(stderr, "Point is not on curve: x = 0x");
749 BN_print_fp(stderr, x); 944 BN_print_fp(stderr, x);
@@ -751,252 +946,278 @@ static void char2_field_tests(void)
751 BN_print_fp(stderr, y); 946 BN_print_fp(stderr, y);
752 fprintf(stderr, "\n"); 947 fprintf(stderr, "\n");
753 ABORT; 948 ABORT;
754 } 949 }
755 950
756 fprintf(stdout, "A cyclic subgroup:\n"); 951 fprintf(stdout, "A cyclic subgroup:\n");
757 k = 100; 952 k = 100;
758 do 953 do
759 { 954 {
760 if (k-- == 0) ABORT; 955 if (k-- == 0)
956 ABORT;
761 957
762 if (EC_POINT_is_at_infinity(group, P)) 958 if (EC_POINT_is_at_infinity(group, P))
763 fprintf(stdout, " point at infinity\n"); 959 fprintf(stdout, " point at infinity\n");
764 else 960 else {
765 { 961 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
766 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; 962 ABORT;
767 963
768 fprintf(stdout, " x = 0x"); 964 fprintf(stdout, " x = 0x");
769 BN_print_fp(stdout, x); 965 BN_print_fp(stdout, x);
770 fprintf(stdout, ", y = 0x"); 966 fprintf(stdout, ", y = 0x");
771 BN_print_fp(stdout, y); 967 BN_print_fp(stdout, y);
772 fprintf(stdout, "\n"); 968 fprintf(stdout, "\n");
773 }
774
775 if (!EC_POINT_copy(R, P)) ABORT;
776 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
777 } 969 }
970
971 if (!EC_POINT_copy(R, P))
972 ABORT;
973 if (!EC_POINT_add(group, P, P, Q, ctx))
974 ABORT;
975 }
778 while (!EC_POINT_is_at_infinity(group, P)); 976 while (!EC_POINT_is_at_infinity(group, P));
779 977
780 if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; 978 if (!EC_POINT_add(group, P, Q, R, ctx))
781 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 979 ABORT;
980 if (!EC_POINT_is_at_infinity(group, P))
981 ABORT;
782 982
783/* Change test based on whether binary point compression is enabled or not. */ 983/* Change test based on whether binary point compression is enabled or not. */
784#ifdef OPENSSL_EC_BIN_PT_COMP 984#ifdef OPENSSL_EC_BIN_PT_COMP
785 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); 985 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
786 if (len == 0) ABORT; 986 if (len == 0)
787 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 987 ABORT;
788 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 988 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
989 ABORT;
990 if (0 != EC_POINT_cmp(group, P, Q, ctx))
991 ABORT;
789 fprintf(stdout, "Generator as octet string, compressed form:\n "); 992 fprintf(stdout, "Generator as octet string, compressed form:\n ");
790 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 993 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
791#endif 994#endif
792 995
793 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); 996 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
794 if (len == 0) ABORT; 997 if (len == 0)
795 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 998 ABORT;
796 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 999 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
1000 ABORT;
1001 if (0 != EC_POINT_cmp(group, P, Q, ctx))
1002 ABORT;
797 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); 1003 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
798 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 1004 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
799 1005
800/* Change test based on whether binary point compression is enabled or not. */ 1006/* Change test based on whether binary point compression is enabled or not. */
801#ifdef OPENSSL_EC_BIN_PT_COMP 1007#ifdef OPENSSL_EC_BIN_PT_COMP
802 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); 1008 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
803 if (len == 0) ABORT; 1009 if (len == 0)
804 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 1010 ABORT;
805 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 1011 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
1012 ABORT;
1013 if (0 != EC_POINT_cmp(group, P, Q, ctx))
1014 ABORT;
806 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); 1015 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
807 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 1016 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
808#endif 1017#endif
809 1018
810 fprintf(stdout, "\n"); 1019 fprintf(stdout, "\n");
811 1020
812 if (!EC_POINT_invert(group, P, ctx)) ABORT; 1021 if (!EC_POINT_invert(group, P, ctx))
813 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 1022 ABORT;
1023 if (0 != EC_POINT_cmp(group, P, R, ctx))
1024 ABORT;
814 1025
815 1026
816 /* Curve K-163 (FIPS PUB 186-2, App. 6) */ 1027 /* Curve K-163 (FIPS PUB 186-2, App. 6) */
817 CHAR2_CURVE_TEST 1028 CHAR2_CURVE_TEST
818 ( 1029 (
819 "NIST curve K-163", 1030 "NIST curve K-163",
820 "0800000000000000000000000000000000000000C9", 1031 "0800000000000000000000000000000000000000C9",
821 "1", 1032 "1",
822 "1", 1033 "1",
823 "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", 1034 "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
824 "0289070FB05D38FF58321F2E800536D538CCDAA3D9", 1035 "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
825 1, 1036 1,
826 "04000000000000000000020108A2E0CC0D99F8A5EF", 1037 "04000000000000000000020108A2E0CC0D99F8A5EF",
827 "2", 1038 "2",
828 163, 1039 163,
829 C2_K163 1040 C2_K163
830 ); 1041 );
831 1042
832 /* Curve B-163 (FIPS PUB 186-2, App. 6) */ 1043 /* Curve B-163 (FIPS PUB 186-2, App. 6) */
833 CHAR2_CURVE_TEST 1044 CHAR2_CURVE_TEST
834 ( 1045 (
835 "NIST curve B-163", 1046 "NIST curve B-163",
836 "0800000000000000000000000000000000000000C9", 1047 "0800000000000000000000000000000000000000C9",
837 "1", 1048 "1",
838 "020A601907B8C953CA1481EB10512F78744A3205FD", 1049 "020A601907B8C953CA1481EB10512F78744A3205FD",
839 "03F0EBA16286A2D57EA0991168D4994637E8343E36", 1050 "03F0EBA16286A2D57EA0991168D4994637E8343E36",
840 "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 1051 "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
841 1, 1052 1,
842 "040000000000000000000292FE77E70C12A4234C33", 1053 "040000000000000000000292FE77E70C12A4234C33",
843 "2", 1054 "2",
844 163, 1055 163,
845 C2_B163 1056 C2_B163
846 ); 1057 );
847 1058
848 /* Curve K-233 (FIPS PUB 186-2, App. 6) */ 1059 /* Curve K-233 (FIPS PUB 186-2, App. 6) */
849 CHAR2_CURVE_TEST 1060 CHAR2_CURVE_TEST
850 ( 1061 (
851 "NIST curve K-233", 1062 "NIST curve K-233",
852 "020000000000000000000000000000000000000004000000000000000001", 1063 "020000000000000000000000000000000000000004000000000000000001",
853 "0", 1064 "0",
854 "1", 1065 "1",
855 "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", 1066 "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
856 "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", 1067 "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
857 0, 1068 0,
858 "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 1069 "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
859 "4", 1070 "4",
860 233, 1071 233,
861 C2_K233 1072 C2_K233
862 ); 1073 );
863 1074
864 /* Curve B-233 (FIPS PUB 186-2, App. 6) */ 1075 /* Curve B-233 (FIPS PUB 186-2, App. 6) */
865 CHAR2_CURVE_TEST 1076 CHAR2_CURVE_TEST
866 ( 1077 (
867 "NIST curve B-233", 1078 "NIST curve B-233",
868 "020000000000000000000000000000000000000004000000000000000001", 1079 "020000000000000000000000000000000000000004000000000000000001",
869 "000000000000000000000000000000000000000000000000000000000001", 1080 "000000000000000000000000000000000000000000000000000000000001",
870 "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", 1081 "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
871 "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", 1082 "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
872 "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", 1083 "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
873 1, 1084 1,
874 "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 1085 "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
875 "2", 1086 "2",
876 233, 1087 233,
877 C2_B233 1088 C2_B233
878 ); 1089 );
879 1090
880 /* Curve K-283 (FIPS PUB 186-2, App. 6) */ 1091 /* Curve K-283 (FIPS PUB 186-2, App. 6) */
881 CHAR2_CURVE_TEST 1092 CHAR2_CURVE_TEST
882 ( 1093 (
883 "NIST curve K-283", 1094 "NIST curve K-283",
884 "0800000000000000000000000000000000000000000000000000000000000000000010A1", 1095 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
885 "0", 1096 "0",
886 "1", 1097 "1",
887 "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", 1098 "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
888 "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", 1099 "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
889 0, 1100 0,
890 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", 1101 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
891 "4", 1102 "4",
892 283, 1103 283,
893 C2_K283 1104 C2_K283
894 ); 1105 );
895 1106
896 /* Curve B-283 (FIPS PUB 186-2, App. 6) */ 1107 /* Curve B-283 (FIPS PUB 186-2, App. 6) */
897 CHAR2_CURVE_TEST 1108 CHAR2_CURVE_TEST
898 ( 1109 (
899 "NIST curve B-283", 1110 "NIST curve B-283",
900 "0800000000000000000000000000000000000000000000000000000000000000000010A1", 1111 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
901 "000000000000000000000000000000000000000000000000000000000000000000000001", 1112 "000000000000000000000000000000000000000000000000000000000000000000000001",
902 "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", 1113 "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
903 "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", 1114 "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
904 "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", 1115 "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
905 1, 1116 1,
906 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", 1117 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
907 "2", 1118 "2",
908 283, 1119 283,
909 C2_B283 1120 C2_B283
910 ); 1121 );
911 1122
912 /* Curve K-409 (FIPS PUB 186-2, App. 6) */ 1123 /* Curve K-409 (FIPS PUB 186-2, App. 6) */
913 CHAR2_CURVE_TEST 1124 CHAR2_CURVE_TEST
914 ( 1125 (
915 "NIST curve K-409", 1126 "NIST curve K-409",
916 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", 1127 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
917 "0", 1128 "0",
918 "1", 1129 "1",
919 "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", 1130 "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
920 "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", 1131 "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
921 1, 1132 1,
922 "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 1133 "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
923 "4", 1134 "4",
924 409, 1135 409,
925 C2_K409 1136 C2_K409
926 ); 1137 );
927 1138
928 /* Curve B-409 (FIPS PUB 186-2, App. 6) */ 1139 /* Curve B-409 (FIPS PUB 186-2, App. 6) */
929 CHAR2_CURVE_TEST 1140 CHAR2_CURVE_TEST
930 ( 1141 (
931 "NIST curve B-409", 1142 "NIST curve B-409",
932 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", 1143 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
933 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 1144 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
934 "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", 1145 "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
935 "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", 1146 "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
936 "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", 1147 "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
937 1, 1148 1,
938 "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", 1149 "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
939 "2", 1150 "2",
940 409, 1151 409,
941 C2_B409 1152 C2_B409
942 ); 1153 );
943 1154
944 /* Curve K-571 (FIPS PUB 186-2, App. 6) */ 1155 /* Curve K-571 (FIPS PUB 186-2, App. 6) */
945 CHAR2_CURVE_TEST 1156 CHAR2_CURVE_TEST
946 ( 1157 (
947 "NIST curve K-571", 1158 "NIST curve K-571",
948 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", 1159 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
949 "0", 1160 "0",
950 "1", 1161 "1",
951 "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", 1162 "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
952 "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", 1163 "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
953 0, 1164 0,
954 "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", 1165 "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
955 "4", 1166 "4",
956 571, 1167 571,
957 C2_K571 1168 C2_K571
958 ); 1169 );
959 1170
960 /* Curve B-571 (FIPS PUB 186-2, App. 6) */ 1171 /* Curve B-571 (FIPS PUB 186-2, App. 6) */
961 CHAR2_CURVE_TEST 1172 CHAR2_CURVE_TEST
962 ( 1173 (
963 "NIST curve B-571", 1174 "NIST curve B-571",
964 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", 1175 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
965 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 1176 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
966 "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", 1177 "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
967 "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", 1178 "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
968 "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", 1179 "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
969 1, 1180 1,
970 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", 1181 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
971 "2", 1182 "2",
972 571, 1183 571,
973 C2_B571 1184 C2_B571
974 ); 1185 );
975 1186
976 /* more tests using the last curve */ 1187 /* more tests using the last curve */
977 1188
978 if (!EC_POINT_copy(Q, P)) ABORT; 1189 if (!EC_POINT_copy(Q, P))
979 if (EC_POINT_is_at_infinity(group, Q)) ABORT; 1190 ABORT;
980 if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; 1191 if (EC_POINT_is_at_infinity(group, Q))
981 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 1192 ABORT;
1193 if (!EC_POINT_dbl(group, P, P, ctx))
1194 ABORT;
1195 if (!EC_POINT_is_on_curve(group, P, ctx))
1196 ABORT;
982 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ 1197 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
983 1198
984 if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; 1199 if (!EC_POINT_add(group, R, P, Q, ctx))
985 if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; 1200 ABORT;
1201 if (!EC_POINT_add(group, R, R, Q, ctx))
1202 ABORT;
986 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ 1203 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
987 1204
988 { 1205 {
989 const EC_POINT *points[3]; 1206 const EC_POINT *points[3];
990 const BIGNUM *scalars[3]; 1207 const BIGNUM *scalars[3];
991 1208
992 if (EC_POINT_is_at_infinity(group, Q)) ABORT; 1209 if (EC_POINT_is_at_infinity(group, Q))
1210 ABORT;
993 points[0] = Q; 1211 points[0] = Q;
994 points[1] = Q; 1212 points[1] = Q;
995 points[2] = Q; 1213 points[2] = Q;
996 1214
997 if (!BN_add(y, z, BN_value_one())) ABORT; 1215 if (!BN_add(y, z, BN_value_one()))
998 if (BN_is_odd(y)) ABORT; 1216 ABORT;
999 if (!BN_rshift1(y, y)) ABORT; 1217 if (BN_is_odd(y))
1218 ABORT;
1219 if (!BN_rshift1(y, y))
1220 ABORT;
1000 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ 1221 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
1001 scalars[1] = y; 1222 scalars[1] = y;
1002 1223
@@ -1004,35 +1225,47 @@ static void char2_field_tests(void)
1004 fflush(stdout); 1225 fflush(stdout);
1005 1226
1006 /* z is still the group order */ 1227 /* z is still the group order */
1007 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 1228 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1008 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; 1229 ABORT;
1009 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 1230 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
1010 if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; 1231 ABORT;
1232 if (0 != EC_POINT_cmp(group, P, R, ctx))
1233 ABORT;
1234 if (0 != EC_POINT_cmp(group, R, Q, ctx))
1235 ABORT;
1011 1236
1012 fprintf(stdout, "."); 1237 fprintf(stdout, ".");
1013 fflush(stdout); 1238 fflush(stdout);
1014 1239
1015 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; 1240 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
1016 if (!BN_add(z, z, y)) ABORT; 1241 ABORT;
1242 if (!BN_add(z, z, y))
1243 ABORT;
1017 BN_set_negative(z, 1); 1244 BN_set_negative(z, 1);
1018 scalars[0] = y; 1245 scalars[0] = y;
1019 scalars[1] = z; /* z = -(order + y) */ 1246 scalars[1] = z; /* z = -(order + y) */
1020 1247
1021 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 1248 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
1022 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 1249 ABORT;
1250 if (!EC_POINT_is_at_infinity(group, P))
1251 ABORT;
1023 1252
1024 fprintf(stdout, "."); 1253 fprintf(stdout, ".");
1025 fflush(stdout); 1254 fflush(stdout);
1026 1255
1027 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; 1256 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
1028 if (!BN_add(z, x, y)) ABORT; 1257 ABORT;
1258 if (!BN_add(z, x, y))
1259 ABORT;
1029 BN_set_negative(z, 1); 1260 BN_set_negative(z, 1);
1030 scalars[0] = x; 1261 scalars[0] = x;
1031 scalars[1] = y; 1262 scalars[1] = y;
1032 scalars[2] = z; /* z = -(x+y) */ 1263 scalars[2] = z; /* z = -(x+y) */
1033 1264
1034 if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; 1265 if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
1035 if (!EC_POINT_is_at_infinity(group, P)) ABORT; 1266 ABORT;
1267 if (!EC_POINT_is_at_infinity(group, P))
1268 ABORT;
1036 1269
1037 fprintf(stdout, " ok\n\n"); 1270 fprintf(stdout, " ok\n\n");
1038 } 1271 }
@@ -1040,29 +1273,45 @@ static void char2_field_tests(void)
1040 1273
1041 if (ctx) 1274 if (ctx)
1042 BN_CTX_free(ctx); 1275 BN_CTX_free(ctx);
1043 BN_free(p); BN_free(a); BN_free(b); 1276 BN_free(p);
1277 BN_free(a);
1278 BN_free(b);
1044 EC_GROUP_free(group); 1279 EC_GROUP_free(group);
1045 EC_POINT_free(P); 1280 EC_POINT_free(P);
1046 EC_POINT_free(Q); 1281 EC_POINT_free(Q);
1047 EC_POINT_free(R); 1282 EC_POINT_free(R);
1048 BN_free(x); BN_free(y); BN_free(z); BN_free(cof); 1283 BN_free(x);
1049 1284 BN_free(y);
1050 if (C2_K163) EC_GROUP_free(C2_K163); 1285 BN_free(z);
1051 if (C2_B163) EC_GROUP_free(C2_B163); 1286 BN_free(cof);
1052 if (C2_K233) EC_GROUP_free(C2_K233); 1287
1053 if (C2_B233) EC_GROUP_free(C2_B233); 1288 if (C2_K163)
1054 if (C2_K283) EC_GROUP_free(C2_K283); 1289 EC_GROUP_free(C2_K163);
1055 if (C2_B283) EC_GROUP_free(C2_B283); 1290 if (C2_B163)
1056 if (C2_K409) EC_GROUP_free(C2_K409); 1291 EC_GROUP_free(C2_B163);
1057 if (C2_B409) EC_GROUP_free(C2_B409); 1292 if (C2_K233)
1058 if (C2_K571) EC_GROUP_free(C2_K571); 1293 EC_GROUP_free(C2_K233);
1059 if (C2_B571) EC_GROUP_free(C2_B571); 1294 if (C2_B233)
1060 1295 EC_GROUP_free(C2_B233);
1061 } 1296 if (C2_K283)
1297 EC_GROUP_free(C2_K283);
1298 if (C2_B283)
1299 EC_GROUP_free(C2_B283);
1300 if (C2_K409)
1301 EC_GROUP_free(C2_K409);
1302 if (C2_B409)
1303 EC_GROUP_free(C2_B409);
1304 if (C2_K571)
1305 EC_GROUP_free(C2_K571);
1306 if (C2_B571)
1307 EC_GROUP_free(C2_B571);
1308
1309}
1062#endif 1310#endif
1063 1311
1064static void internal_curve_test(void) 1312static void
1065 { 1313internal_curve_test(void)
1314{
1066 EC_builtin_curve *curves = NULL; 1315 EC_builtin_curve *curves = NULL;
1067 size_t crv_len = 0, n = 0; 1316 size_t crv_len = 0, n = 0;
1068 int ok = 1; 1317 int ok = 1;
@@ -1074,69 +1323,61 @@ static void internal_curve_test(void)
1074 if (curves == NULL) 1323 if (curves == NULL)
1075 return; 1324 return;
1076 1325
1077 if (!EC_get_builtin_curves(curves, crv_len)) 1326 if (!EC_get_builtin_curves(curves, crv_len)) {
1078 {
1079 free(curves); 1327 free(curves);
1080 return; 1328 return;
1081 } 1329 }
1082 1330
1083 fprintf(stdout, "testing internal curves: "); 1331 fprintf(stdout, "testing internal curves: ");
1084 1332
1085 for (n = 0; n < crv_len; n++) 1333 for (n = 0; n < crv_len; n++) {
1086 {
1087 EC_GROUP *group = NULL; 1334 EC_GROUP *group = NULL;
1088 int nid = curves[n].nid; 1335 int nid = curves[n].nid;
1089 if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) 1336 if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
1090 {
1091 ok = 0; 1337 ok = 0;
1092 fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" 1338 fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
1093 " curve %s\n", OBJ_nid2sn(nid)); 1339 " curve %s\n", OBJ_nid2sn(nid));
1094 /* try next curve */ 1340 /* try next curve */
1095 continue; 1341 continue;
1096 } 1342 }
1097 if (!EC_GROUP_check(group, NULL)) 1343 if (!EC_GROUP_check(group, NULL)) {
1098 {
1099 ok = 0; 1344 ok = 0;
1100 fprintf(stdout, "\nEC_GROUP_check() failed with" 1345 fprintf(stdout, "\nEC_GROUP_check() failed with"
1101 " curve %s\n", OBJ_nid2sn(nid)); 1346 " curve %s\n", OBJ_nid2sn(nid));
1102 EC_GROUP_free(group); 1347 EC_GROUP_free(group);
1103 /* try the next curve */ 1348 /* try the next curve */
1104 continue; 1349 continue;
1105 } 1350 }
1106 fprintf(stdout, "."); 1351 fprintf(stdout, ".");
1107 fflush(stdout); 1352 fflush(stdout);
1108 EC_GROUP_free(group); 1353 EC_GROUP_free(group);
1109 } 1354 }
1110 if (ok) 1355 if (ok)
1111 fprintf(stdout, " ok\n\n"); 1356 fprintf(stdout, " ok\n\n");
1112 else 1357 else {
1113 {
1114 fprintf(stdout, " failed\n\n"); 1358 fprintf(stdout, " failed\n\n");
1115 ABORT; 1359 ABORT;
1116 } 1360 }
1117 free(curves); 1361 free(curves);
1118 return; 1362 return;
1119 } 1363}
1120 1364
1121#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 1365#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1122/* nistp_test_params contains magic numbers for testing our optimized 1366/* nistp_test_params contains magic numbers for testing our optimized
1123 * implementations of several NIST curves with characteristic > 3. */ 1367 * implementations of several NIST curves with characteristic > 3. */
1124struct nistp_test_params 1368struct nistp_test_params {
1125 {
1126 const EC_METHOD* (*meth) (); 1369 const EC_METHOD* (*meth) ();
1127 int degree; 1370 int degree;
1128 /* Qx, Qy and D are taken from 1371 /* Qx, Qy and D are taken from
1129 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf 1372 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
1130 * Otherwise, values are standard curve parameters from FIPS 180-3 */ 1373 * Otherwise, values are standard curve parameters from FIPS 180-3 */
1131 const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; 1374 const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
1132 }; 1375};
1133 1376
1134static const struct nistp_test_params nistp_tests_params[] = 1377static const struct nistp_test_params nistp_tests_params[] = { {
1135 {
1136 {
1137 /* P-224 */ 1378 /* P-224 */
1138 EC_GFp_nistp224_method, 1379 EC_GFp_nistp224_method,
1139 224, 1380 224,
1140 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */ 1381 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
1141 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */ 1382 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
1142 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */ 1383 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
@@ -1146,11 +1387,11 @@ static const struct nistp_test_params nistp_tests_params[] =
1146 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */ 1387 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
1147 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */ 1388 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
1148 "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */ 1389 "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
1149 }, 1390 },
1150 { 1391 {
1151 /* P-256 */ 1392 /* P-256 */
1152 EC_GFp_nistp256_method, 1393 EC_GFp_nistp256_method,
1153 256, 1394 256,
1154 "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */ 1395 "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
1155 "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */ 1396 "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
1156 "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */ 1397 "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
@@ -1160,11 +1401,11 @@ static const struct nistp_test_params nistp_tests_params[] =
1160 "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */ 1401 "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
1161 "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */ 1402 "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
1162 "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */ 1403 "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
1163 }, 1404 },
1164 { 1405 {
1165 /* P-521 */ 1406 /* P-521 */
1166 EC_GFp_nistp521_method, 1407 EC_GFp_nistp521_method,
1167 521, 1408 521,
1168 "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */ 1409 "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
1169 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */ 1410 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
1170 "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */ 1411 "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
@@ -1174,11 +1415,12 @@ static const struct nistp_test_params nistp_tests_params[] =
1174 "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */ 1415 "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
1175 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */ 1416 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
1176 "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */ 1417 "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
1177 }, 1418 },
1178 }; 1419};
1179 1420
1180void nistp_single_test(const struct nistp_test_params *test) 1421void
1181 { 1422nistp_single_test(const struct nistp_test_params *test)
1423{
1182 BN_CTX *ctx; 1424 BN_CTX *ctx;
1183 BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; 1425 BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
1184 EC_GROUP *NISTP; 1426 EC_GROUP *NISTP;
@@ -1189,74 +1431,106 @@ void nistp_single_test(const struct nistp_test_params *test)
1189 p = BN_new(); 1431 p = BN_new();
1190 a = BN_new(); 1432 a = BN_new();
1191 b = BN_new(); 1433 b = BN_new();
1192 x = BN_new(); y = BN_new(); 1434 x = BN_new();
1193 m = BN_new(); n = BN_new(); order = BN_new(); 1435 y = BN_new();
1436 m = BN_new();
1437 n = BN_new();
1438 order = BN_new();
1194 1439
1195 NISTP = EC_GROUP_new(test->meth()); 1440 NISTP = EC_GROUP_new(test->meth());
1196 if(!NISTP) ABORT; 1441 if (!NISTP)
1197 if (!BN_hex2bn(&p, test->p)) ABORT; 1442 ABORT;
1198 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 1443 if (!BN_hex2bn(&p, test->p))
1199 if (!BN_hex2bn(&a, test->a)) ABORT; 1444 ABORT;
1200 if (!BN_hex2bn(&b, test->b)) ABORT; 1445 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
1201 if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT; 1446 ABORT;
1447 if (!BN_hex2bn(&a, test->a))
1448 ABORT;
1449 if (!BN_hex2bn(&b, test->b))
1450 ABORT;
1451 if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
1452 ABORT;
1202 G = EC_POINT_new(NISTP); 1453 G = EC_POINT_new(NISTP);
1203 P = EC_POINT_new(NISTP); 1454 P = EC_POINT_new(NISTP);
1204 Q = EC_POINT_new(NISTP); 1455 Q = EC_POINT_new(NISTP);
1205 Q_CHECK = EC_POINT_new(NISTP); 1456 Q_CHECK = EC_POINT_new(NISTP);
1206 if(!BN_hex2bn(&x, test->Qx)) ABORT; 1457 if (!BN_hex2bn(&x, test->Qx))
1207 if(!BN_hex2bn(&y, test->Qy)) ABORT; 1458 ABORT;
1208 if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT; 1459 if (!BN_hex2bn(&y, test->Qy))
1209 if (!BN_hex2bn(&x, test->Gx)) ABORT; 1460 ABORT;
1210 if (!BN_hex2bn(&y, test->Gy)) ABORT; 1461 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
1211 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT; 1462 ABORT;
1212 if (!BN_hex2bn(&order, test->order)) ABORT; 1463 if (!BN_hex2bn(&x, test->Gx))
1213 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT; 1464 ABORT;
1465 if (!BN_hex2bn(&y, test->Gy))
1466 ABORT;
1467 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
1468 ABORT;
1469 if (!BN_hex2bn(&order, test->order))
1470 ABORT;
1471 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
1472 ABORT;
1214 1473
1215 fprintf(stdout, "verify degree ... "); 1474 fprintf(stdout, "verify degree ... ");
1216 if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT; 1475 if (EC_GROUP_get_degree(NISTP) != test->degree)
1476 ABORT;
1217 fprintf(stdout, "ok\n"); 1477 fprintf(stdout, "ok\n");
1218 1478
1219 fprintf(stdout, "NIST test vectors ... "); 1479 fprintf(stdout, "NIST test vectors ... ");
1220 if (!BN_hex2bn(&n, test->d)) ABORT; 1480 if (!BN_hex2bn(&n, test->d))
1481 ABORT;
1221 /* fixed point multiplication */ 1482 /* fixed point multiplication */
1222 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); 1483 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1223 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1484 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1485 ABORT;
1224 /* random point multiplication */ 1486 /* random point multiplication */
1225 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); 1487 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1226 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1488 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1489 ABORT;
1227 1490
1228 /* set generator to P = 2*G, where G is the standard generator */ 1491 /* set generator to P = 2*G, where G is the standard generator */
1229 if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT; 1492 if (!EC_POINT_dbl(NISTP, P, G, ctx))
1230 if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT; 1493 ABORT;
1494 if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
1495 ABORT;
1231 /* set the scalar to m=n/2, where n is the NIST test scalar */ 1496 /* set the scalar to m=n/2, where n is the NIST test scalar */
1232 if (!BN_rshift(m, n, 1)) ABORT; 1497 if (!BN_rshift(m, n, 1))
1498 ABORT;
1233 1499
1234 /* test the non-standard generator */ 1500 /* test the non-standard generator */
1235 /* fixed point multiplication */ 1501 /* fixed point multiplication */
1236 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); 1502 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1237 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1503 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1504 ABORT;
1238 /* random point multiplication */ 1505 /* random point multiplication */
1239 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); 1506 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1240 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1507 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1508 ABORT;
1241 1509
1242 /* now repeat all tests with precomputation */ 1510 /* now repeat all tests with precomputation */
1243 if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT; 1511 if (!EC_GROUP_precompute_mult(NISTP, ctx))
1512 ABORT;
1244 1513
1245 /* fixed point multiplication */ 1514 /* fixed point multiplication */
1246 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); 1515 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1247 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1516 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1517 ABORT;
1248 /* random point multiplication */ 1518 /* random point multiplication */
1249 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); 1519 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1250 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1520 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1521 ABORT;
1251 1522
1252 /* reset generator */ 1523 /* reset generator */
1253 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT; 1524 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
1525 ABORT;
1254 /* fixed point multiplication */ 1526 /* fixed point multiplication */
1255 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); 1527 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1256 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1528 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1529 ABORT;
1257 /* random point multiplication */ 1530 /* random point multiplication */
1258 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); 1531 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1259 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1532 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1533 ABORT;
1260 1534
1261 fprintf(stdout, "ok\n"); 1535 fprintf(stdout, "ok\n");
1262 group_order_tests(NISTP); 1536 group_order_tests(NISTP);
@@ -1274,21 +1548,22 @@ void nistp_single_test(const struct nistp_test_params *test)
1274 BN_free(y); 1548 BN_free(y);
1275 BN_free(order); 1549 BN_free(order);
1276 BN_CTX_free(ctx); 1550 BN_CTX_free(ctx);
1277 } 1551}
1278 1552
1279void nistp_tests() 1553void
1280 { 1554nistp_tests()
1555{
1281 unsigned i; 1556 unsigned i;
1282 1557
1283 for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++) 1558 for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++) {
1284 {
1285 nistp_single_test(&nistp_tests_params[i]); 1559 nistp_single_test(&nistp_tests_params[i]);
1286 }
1287 } 1560 }
1561}
1288#endif 1562#endif
1289 1563
1290int main(int argc, char *argv[]) 1564int
1291 { 1565main(int argc, char *argv[])
1566{
1292 ERR_load_crypto_strings(); 1567 ERR_load_crypto_strings();
1293 1568
1294 prime_field_tests(); 1569 prime_field_tests();
@@ -1309,6 +1584,6 @@ int main(int argc, char *argv[])
1309 ERR_free_strings(); 1584 ERR_free_strings();
1310 ERR_remove_thread_state(NULL); 1585 ERR_remove_thread_state(NULL);
1311 CRYPTO_mem_leaks_fp(stderr); 1586 CRYPTO_mem_leaks_fp(stderr);
1312 1587
1313 return 0; 1588 return 0;
1314 } 1589}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:06:36 +0000