diff options
Diffstat (limited to 'crypto/ec/ec_test.cc')
| -rw-r--r-- | crypto/ec/ec_test.cc | 127 |
1 files changed, 115 insertions, 12 deletions
diff --git a/crypto/ec/ec_test.cc b/crypto/ec/ec_test.cc index d45e193a..ce9d99f3 100644 --- a/crypto/ec/ec_test.cc +++ b/crypto/ec/ec_test.cc @@ -122,7 +122,7 @@ static bool EncodeECPrivateKey(std::vector<uint8_t> *out, const EC_KEY *key) { return true; } -bool Testd2i_ECPrivateKey() { +static bool Testd2i_ECPrivateKey() { ScopedEC_KEY key = DecodeECPrivateKey(kECKeyWithoutPublic, sizeof(kECKeyWithoutPublic)); if (!key) { @@ -349,23 +349,32 @@ static bool TestArbitraryCurve() { 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51, }; + ScopedBN_CTX ctx(BN_CTX_new()); ScopedBIGNUM p(BN_bin2bn(kP, sizeof(kP), nullptr)); ScopedBIGNUM a(BN_bin2bn(kA, sizeof(kA), nullptr)); ScopedBIGNUM b(BN_bin2bn(kB, sizeof(kB), nullptr)); - ScopedBIGNUM x(BN_bin2bn(kX, sizeof(kX), nullptr)); - ScopedBIGNUM y(BN_bin2bn(kY, sizeof(kY), nullptr)); + ScopedBIGNUM gx(BN_bin2bn(kX, sizeof(kX), nullptr)); + ScopedBIGNUM gy(BN_bin2bn(kY, sizeof(kY), nullptr)); ScopedBIGNUM order(BN_bin2bn(kOrder, sizeof(kOrder), nullptr)); ScopedBIGNUM cofactor(BN_new()); - if (!p || !a || !b || !x || !y || !order || !cofactor || + if (!ctx || !p || !a || !b || !gx || !gy || !order || !cofactor || !BN_set_word(cofactor.get(), 1)) { return false; } - ScopedEC_GROUP group(EC_GROUP_new_arbitrary(p.get(), a.get(), b.get(), - x.get(), y.get(), order.get(), - cofactor.get())); + + ScopedEC_GROUP group( + EC_GROUP_new_curve_GFp(p.get(), a.get(), b.get(), ctx.get())); if (!group) { return false; } + ScopedEC_POINT generator(EC_POINT_new(group.get())); + if (!generator || + !EC_POINT_set_affine_coordinates_GFp(group.get(), generator.get(), + gx.get(), gy.get(), ctx.get()) || + !EC_GROUP_set_generator(group.get(), generator.get(), order.get(), + cofactor.get())) { + return false; + } // |group| should not have a curve name. if (EC_GROUP_get_curve_name(group.get()) != NID_undef) { @@ -375,7 +384,8 @@ static bool TestArbitraryCurve() { // Copy |key| to |key2| using |group|. ScopedEC_KEY key2(EC_KEY_new()); ScopedEC_POINT point(EC_POINT_new(group.get())); - if (!key2 || !point || + ScopedBIGNUM x(BN_new()), y(BN_new()); + if (!key2 || !point || !x || !y || !EC_KEY_set_group(key2.get(), group.get()) || !EC_KEY_set_private_key(key2.get(), EC_KEY_get0_private_key(key.get())) || !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key.get()), @@ -394,6 +404,101 @@ static bool TestArbitraryCurve() { return false; } + // Repeat the process for |EC_GROUP_new_arbitrary|. + group.reset(EC_GROUP_new_arbitrary(p.get(), a.get(), b.get(), gx.get(), + gy.get(), order.get(), cofactor.get())); + if (!group) { + return false; + } + + // |group| should not have a curve name. + if (EC_GROUP_get_curve_name(group.get()) != NID_undef) { + return false; + } + + // Copy |key| to |key2| using |group|. + key2.reset(EC_KEY_new()); + point.reset(EC_POINT_new(group.get())); + if (!key2 || !point || + !EC_KEY_set_group(key2.get(), group.get()) || + !EC_KEY_set_private_key(key2.get(), EC_KEY_get0_private_key(key.get())) || + !EC_POINT_set_affine_coordinates_GFp(group.get(), point.get(), x.get(), + y.get(), nullptr) || + !EC_KEY_set_public_key(key2.get(), point.get())) { + fprintf(stderr, "Could not copy key.\n"); + return false; + } + + // The key must be valid according to the new group too. + if (!EC_KEY_check_key(key2.get())) { + fprintf(stderr, "Copied key is not valid.\n"); + return false; + } + + return true; +} + +static bool TestAddingEqualPoints(int nid) { + ScopedEC_KEY key(EC_KEY_new_by_curve_name(nid)); + if (!key) { + return false; + } + + const EC_GROUP *const group = EC_KEY_get0_group(key.get()); + + if (!EC_KEY_generate_key(key.get())) { + fprintf(stderr, "EC_KEY_generate_key failed with nid %d\n", nid); + ERR_print_errors_fp(stderr); + return false; + } + + ScopedEC_POINT p1(EC_POINT_new(group)); + ScopedEC_POINT p2(EC_POINT_new(group)); + ScopedEC_POINT double_p1(EC_POINT_new(group)); + ScopedEC_POINT p1_plus_p2(EC_POINT_new(group)); + if (!p1 || !p2 || !double_p1 || !p1_plus_p2) { + return false; + } + + if (!EC_POINT_copy(p1.get(), EC_KEY_get0_public_key(key.get())) || + !EC_POINT_copy(p2.get(), EC_KEY_get0_public_key(key.get()))) { + fprintf(stderr, "EC_POINT_COPY failed with nid %d\n", nid); + ERR_print_errors_fp(stderr); + return false; + } + + ScopedBN_CTX ctx(BN_CTX_new()); + if (!ctx) { + return false; + } + + if (!EC_POINT_dbl(group, double_p1.get(), p1.get(), ctx.get()) || + !EC_POINT_add(group, p1_plus_p2.get(), p1.get(), p2.get(), ctx.get())) { + fprintf(stderr, "Point operation failed with nid %d\n", nid); + ERR_print_errors_fp(stderr); + return false; + } + + if (EC_POINT_cmp(group, double_p1.get(), p1_plus_p2.get(), ctx.get()) != 0) { + fprintf(stderr, "A+A != 2A for nid %d", nid); + return false; + } + + return true; +} + +static bool ForEachCurve(bool (*test_func)(int nid)) { + const size_t num_curves = EC_get_builtin_curves(nullptr, 0); + std::vector<EC_builtin_curve> curves(num_curves); + EC_get_builtin_curves(curves.data(), num_curves); + + for (const auto& curve : curves) { + if (!test_func(curve.nid)) { + fprintf(stderr, "Test failed for %s\n", curve.comment); + return false; + } + } + return true; } @@ -403,10 +508,8 @@ int main(void) { if (!Testd2i_ECPrivateKey() || !TestZeroPadding() || !TestSpecifiedCurve() || - !TestSetAffine(NID_secp224r1) || - !TestSetAffine(NID_X9_62_prime256v1) || - !TestSetAffine(NID_secp384r1) || - !TestSetAffine(NID_secp521r1) || + !ForEachCurve(TestSetAffine) || + !ForEachCurve(TestAddingEqualPoints) || !TestArbitraryCurve()) { fprintf(stderr, "failed\n"); return 1; |