2014-09-17 Niels Möller <nisse@lysator.liu.se>
+ * testsuite/testutils.c (ecc_curves): Include curve25519 in list.
+ (test_ecc_mul_a): Include reference points for curve25519 (with
+ Edwards coordinates). Allow n == 1, and compare to the generator.
+
+ * testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
+ for curve25519.
+
+ * testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
+ support curve25519.
+ * testsuite/ecc-mul-g-test.c (test_main): Likewise.
+
* ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
functions.
* ecc.h: Deleted corresponding declarations.
mpn_sub_1 (n, ecc->q, size, 1);
ecc->mul (ecc, p, n, ecc->g, scratch);
ecc->h_to_a (ecc, 0, p, p, scratch);
- mpn_sub_n (p + size, ecc->p, p + size, size);
+ if (ecc->bit_size == 255)
+ /* For edwards curves, - (x,y ) == (-x, y). FIXME: Swap x and
+ y, to get identical negation? */
+ mpn_sub_n (p, ecc->p, p, size);
+ else
+ mpn_sub_n (p + size, ecc->p, p + size, size);
if (mpn_cmp (p, ecc->g, 2*size) != 0)
{
fprintf (stderr, "ecc->mul with n = order - 1 failed.\n");
mpn_sub_1 (n, ecc->q, size, 1);
ecc->mul_g (ecc, p, n, scratch);
ecc->h_to_a (ecc, 0, p, p, scratch);
- mpn_sub_n (p + size, ecc->p, p + size, size);
+ if (ecc->bit_size == 255)
+ /* For edwards curves, - (x,y ) == (-x, y). FIXME: Swap x and
+ y, to get identical negation? */
+ mpn_sub_n (p, ecc->p, p, size);
+ else
+ mpn_sub_n (p + size, ecc->p, p + size, size);
if (mpn_cmp (p, ecc->g, 2*size) != 0)
{
fprintf (stderr, "ecc->mul_g with n = order - 1 failed.\n");
mpz_roinit_n (y, pub->p + size, size);
mpz_mul (lhs, y, y);
- mpz_mul (rhs, x, x);
- mpz_sub_ui (rhs, rhs, 3);
- mpz_mul (rhs, rhs, x);
- mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
-
+
+ if (pub->ecc->bit_size == 255)
+ {
+ /* Check that
+ 121666 (1 + x^2 - y^2) = 121665 x^2 y^2 */
+ mpz_t x2;
+ mpz_init (x2);
+ mpz_mul (x2, x, x); /* x^2 */
+ mpz_mul (rhs, x2, lhs); /* x^2 y^2 */
+ mpz_sub (lhs, x2, lhs); /* x^2 - y^2 */
+ mpz_add_ui (lhs, lhs, 1); /* 1 + x^2 - y^2 */
+ mpz_mul_ui (lhs, lhs, 121666);
+ mpz_mul_ui (rhs, rhs, 121665);
+
+ mpz_clear (x2);
+ }
+ else
+ {
+ /* Check y^2 = x^3 - 3 x + b */
+ mpz_mul (rhs, x, x);
+ mpz_sub_ui (rhs, rhs, 3);
+ mpz_mul (rhs, rhs, x);
+ mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
+ }
res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, pub->ecc->p, size));
mpz_clear (lhs);
&nettle_secp_256r1,
&nettle_secp_384r1,
&nettle_secp_521r1,
+ &nettle_curve25519,
NULL
};
test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
{
/* For each curve, the points 2 g, 3 g and 4 g */
- static const struct ecc_ref_point ref[5][3] = {
+ static const struct ecc_ref_point ref[6][3] = {
{ { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
{ "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
"82"
"096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f2"
"79f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d" },
+ },
+ { { "36ab384c9f5a046c3d043b7d1833e7ac080d8e4515d7a45f83c5a14e2843ce0e",
+ "2260cdf3092329c21da25ee8c9a21f5697390f51643851560e5f46ae6af8a3c9" },
+ { "67ae9c4a22928f491ff4ae743edac83a6343981981624886ac62485fd3f8e25c",
+ "1267b1d177ee69aba126a18e60269ef79f16ec176724030402c3684878f5b4d4" },
+ { "203da8db56cff1468325d4b87a3520f91a739ec193ce1547493aa657c4c9f870",
+ "47d0e827cb1595e1470eb88580d5716c4cf22832ea2f0ff0df38ab61ca32112f" },
}
};
- assert (curve < 5);
- assert (n >= 2 && n <= 4);
- test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
+ assert (curve < 6);
+ assert (n >= 1 && n <= 4);
+ if (n == 1)
+ {
+ const struct ecc_curve *ecc = ecc_curves[curve];
+ if (mpn_cmp (p, ecc->g, 2*ecc->size) != 0)
+ {
+ fprintf (stderr, "Incorrect point (expected g)!\n"
+ "got: x = ");
+ write_mpn (stderr, 16, p, ecc->size);
+ fprintf (stderr, "\n"
+ " y = ");
+ write_mpn (stderr, 16, p + ecc->size, ecc->size);
+ fprintf (stderr, "\n"
+ "ref: x = ");
+ write_mpn (stderr, 16, ecc->g, ecc->size);
+ fprintf (stderr, "\n"
+ " y = ");
+ write_mpn (stderr, 16, ecc->g + ecc->size, ecc->size);
+ fprintf (stderr, "\n");
+ abort();
+ }
+ }
+ else
+ test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
}
void
projects / thirdparty / nettle.git / commitdiff
