*/
#include <string.h>
+#include <errno.h>
#include <ipxe/ecdhe.h>
/**
return rc;
}
+ /* Check that partner and shared keys are not the point at infinity */
+ if ( elliptic_is_infinity ( curve, shared ) ) {
+ DBGC ( curve, "CURVE %s constructed point at infinity\n",
+ curve->name );
+ return -EPERM;
+ }
+
return 0;
}
}
/**
- * Verify point is on curve
+ * Verify freshly initialised point is on curve
*
* @v curve Weierstrass curve
* @v point0 Element 0 of point (x,y,z) to be verified
* As with point addition, points are represented in projective
* coordinates, with all values in Montgomery form and in the range
* [0,4N) where N is the field prime.
+ *
+ * This verification logic is valid only for points that have been
+ * freshly constructed via weierstrass_init() (i.e. must either have
+ * z=1 or be the point at infinity (0,1,0)).
*/
static int weierstrass_verify_raw ( const struct weierstrass_curve *curve,
const bigint_element_t *point0 ) {
* = 3*(x^3 + a*x + b - y^2) (mod 13N)
*/
WEIERSTRASS_ADD2 ( Wt, 3b ),
+ /* [Wt] check = 3Txaxyb * z (mod 2N)
+ * = 3*(x^3 + a*x + b - y^2) * z (mod 2N)
+ */
+ WEIERSTRASS_MUL2 ( Wt, z1 ),
/* Stop */
WEIERSTRASS_STOP
};
regs[WEIERSTRASS_3b] = ( ( void * ) b3 );
regs[WEIERSTRASS_x1] = ( ( void * ) &point->x );
regs[WEIERSTRASS_y1] = ( ( void * ) &point->y );
+ regs[WEIERSTRASS_z1] = ( ( void * ) &point->z );
regs[WEIERSTRASS_Wt] = &temp.Wt;
regs[WEIERSTRASS_Wp] = &temp.Wp;
}
/**
- * Verify point is on curve
+ * Verify freshly initialised point is on curve
*
* @v curve Weierstrass curve
* @v point Point (x,y,z) to be verified
weierstrass_t ( size ) point;
} __attribute__ (( may_alias )) *temp = ( ( void * ) temp0 );
size_t offset;
+ int is_infinite;
unsigned int i;
int rc;
bigint_montgomery_relaxed ( prime, &temp->product,
&point->axis[i] );
}
- bigint_copy ( one, &point->z );
+ memset ( &point->z, 0, sizeof ( point->z ) );
+ is_infinite = bigint_is_zero ( &point->xy );
+ bigint_copy ( one, &point->axis[ is_infinite ? 1 : 2 ] );
DBGC ( curve, ")\n" );
/* Verify point is on curve */
* @v point0 Element 0 of point (x,y,z)
* @v temp0 Element 0 of temporary point buffer
* @v out Output buffer
- * @ret rc Return status code
*/
-static int weierstrass_done_raw ( struct weierstrass_curve *curve,
- bigint_element_t *point0,
- bigint_element_t *temp0, void *out ) {
+static void weierstrass_done_raw ( struct weierstrass_curve *curve,
+ bigint_element_t *point0,
+ bigint_element_t *temp0, void *out ) {
unsigned int size = curve->size;
size_t len = curve->len;
const bigint_t ( size ) __attribute__ (( may_alias )) *prime =
bigint_done ( &point->axis[i], ( out + offset ), len );
}
DBGC ( curve, ")\n" );
-
- /* Verify result is not the point at infinity */
- if ( bigint_is_zero ( &temp->point.z ) )
- return -EINVAL;
-
- return 0;
}
/**
(temp)->all.element, (out) ); \
} )
+/**
+ * Check if this is the point at infinity
+ *
+ * @v point Curve point
+ * @ret is_infinity This is the point at infinity
+ */
+int weierstrass_is_infinity ( struct weierstrass_curve *curve,
+ const void *point ) {
+ unsigned int size = curve->size;
+ size_t len = curve->len;
+ struct {
+ bigint_t ( size ) axis;
+ } temp;
+ size_t offset;
+ int is_finite = 0;
+ unsigned int i;
+
+ /* We use all zeroes to represent the point at infinity */
+ DBGC ( curve, "WEIERSTRASS %s point (", curve->name );
+ for ( i = 0, offset = 0 ; i < WEIERSTRASS_AXES ; i++, offset += len ) {
+ bigint_init ( &temp.axis, ( point + offset ), len );
+ DBGC ( curve, "%s%s", ( i ? "," : "" ),
+ bigint_ntoa ( &temp.axis ) );
+ is_finite |= ( ! bigint_is_zero ( &temp.axis ) );
+ }
+ DBGC ( curve, ") is%s infinity\n", ( is_finite ? " not" : "" ) );
+
+ return ( ! is_finite );
+}
+
/**
* Multiply curve point by scalar
*
weierstrass_add_ladder, curve, NULL );
/* Convert result back to affine co-ordinates */
- if ( ( rc = weierstrass_done ( curve, &temp.result, &temp.multiple,
- result ) ) != 0 ) {
- return rc;
- }
+ weierstrass_done ( curve, &temp.result, &temp.multiple, result );
return 0;
}
* @v result Curve point to hold result
* @ret rc Return status code
*/
-int weierstrass_add_once ( struct weierstrass_curve *curve, const void *addend,
- const void *augend, void *result ) {
+int weierstrass_add_once ( struct weierstrass_curve *curve,
+ const void *addend, const void *augend,
+ void *result ) {
unsigned int size = curve->size;
struct {
weierstrass_t ( size ) addend;
weierstrass_add ( curve, &temp.augend, &temp.addend, &temp.result );
/* Convert result back to affine co-ordinates */
- if ( ( rc = weierstrass_done ( curve, &temp.result, &temp.addend,
- result ) ) != 0 ) {
- return rc;
- }
+ weierstrass_done ( curve, &temp.result, &temp.addend, result );
return 0;
}
} while ( ++low < --high );
}
+/**
+ * Check if X25519 value is zero
+ *
+ * @v value Value to check
+ * @ret is_zero Value is zero
+ */
+int x25519_is_zero ( const struct x25519_value *value ) {
+ x25519_t point;
+
+ /* Check if value is zero */
+ bigint_init ( &point, value->raw, sizeof ( value->raw ) );
+ return bigint_is_zero ( &point );
+}
+
/**
* Calculate X25519 key
*
* @v base Base point
* @v scalar Scalar multiple
* @v result Point to hold result (may overlap base point)
- * @ret rc Return status code
*/
-int x25519_key ( const struct x25519_value *base,
- const struct x25519_value *scalar,
- struct x25519_value *result ) {
+void x25519_key ( const struct x25519_value *base,
+ const struct x25519_value *scalar,
+ struct x25519_value *result ) {
struct x25519_value *tmp = result;
union x25519_quad257 point;
/* Reverse result */
bigint_done ( &point.value, result->raw, sizeof ( result->raw ) );
x25519_reverse ( result );
+}
+
+/**
+ * Check if this is the point at infinity
+ *
+ * @v point Curve point
+ * @ret is_infinity This is the point at infinity
+ */
+static int x25519_curve_is_infinity ( const void *point ) {
- /* Fail if result was all zeros (as required by RFC8422) */
- return ( bigint_is_zero ( &point.value ) ? -EPERM : 0 );
+ /* We use all zeroes for the point at infinity (as per RFC8422) */
+ return x25519_is_zero ( point );
}
/**
static int x25519_curve_multiply ( const void *base, const void *scalar,
void *result ) {
- return x25519_key ( base, scalar, result );
+ x25519_key ( base, scalar, result );
+ return 0;
}
/**
.pointsize = sizeof ( struct x25519_value ),
.keysize = sizeof ( struct x25519_value ),
.base = x25519_generator.raw,
+ .is_infinity = x25519_curve_is_infinity,
.multiply = x25519_curve_multiply,
.add = x25519_curve_add,
};
const void *base;
/** Order of the generator (if prime) */
const void *order;
+ /** Check if this is the point at infinity
+ *
+ * @v point Curve point
+ * @ret is_infinity This is the point at infinity
+ *
+ * The point at infinity cannot be represented in affine
+ * coordinates. Each curve must choose a representation of
+ * the point at infinity (e.g. all zeroes).
+ */
+ int ( * is_infinity ) ( const void *point );
/** Multiply scalar by curve point
*
* @v base Base point
return pubkey->match ( private_key, public_key );
}
+static inline __attribute__ (( always_inline )) int
+elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) {
+ return curve->is_infinity ( point );
+}
+
static inline __attribute__ (( always_inline )) int
elliptic_multiply ( struct elliptic_curve *curve,
const void *base, const void *scalar, void *result ) {
#define ERRFILE_usb_settings ( ERRFILE_OTHER | 0x00650000 )
#define ERRFILE_weierstrass ( ERRFILE_OTHER | 0x00660000 )
#define ERRFILE_efi_cacert ( ERRFILE_OTHER | 0x00670000 )
+#define ERRFILE_ecdhe ( ERRFILE_OTHER | 0x00680000 )
/** @} */
bigint_t ( size ) y; \
bigint_t ( size ) z; \
}; \
+ bigint_t ( size * 2 ) xy; \
bigint_t ( size * 3 ) all; \
}
};
};
+extern int weierstrass_is_infinity ( struct weierstrass_curve *curve,
+ const void *point );
extern int weierstrass_multiply ( struct weierstrass_curve *curve,
const void *base, const void *scalar,
void *result );
.a = (_name ## _cache)[6].element, \
.b3 = (_name ## _cache)[7].element, \
}; \
+ static int _name ## _is_infinity ( const void *point) { \
+ return weierstrass_is_infinity ( &_name ## _weierstrass,\
+ point ); \
+ } \
static int _name ## _multiply ( const void *base, \
const void *scalar, \
void *result ) { \
.keysize = (_len), \
.base = (_base), \
.order = (_order), \
+ .is_infinity = _name ## _is_infinity, \
.multiply = _name ## _multiply, \
.add = _name ## _add, \
}
extern void x25519_invert ( const union x25519_oct258 *invertend,
union x25519_quad257 *result );
extern void x25519_reduce ( union x25519_quad257 *value );
-extern int x25519_key ( const struct x25519_value *base,
- const struct x25519_value *scalar,
- struct x25519_value *result );
+extern void x25519_key ( const struct x25519_value *base,
+ const struct x25519_value *scalar,
+ struct x25519_value *result );
+extern int x25519_is_zero ( const struct x25519_value *value );
extern struct elliptic_curve x25519_curve;
/* Check that curve has the required properties */
okx ( curve->base != NULL, file, line );
okx ( curve->order != NULL, file, line );
+ okx ( ( ! elliptic_is_infinity ( curve, curve->base ) ), file, line );
/* Test multiplying base point by group order. Result should
- * be the point at infinity, which should not be representable
- * as a point in affine coordinates (and so should fail).
+ * be the point at infinity.
*/
okx ( elliptic_multiply ( curve, curve->base, curve->order,
- point ) != 0, file, line );
+ point ) == 0, file, line );
+ okx ( elliptic_is_infinity ( curve, point ), file, line );
/* Test multiplying base point by group order plus one, to get
* back to the base point.
0xd4, 0x31, 0xcc, 0xa9, 0x94, 0xce, 0xa1, 0x31,
0x34, 0x49, 0xbf, 0x97, 0xc8, 0x40, 0xae, 0x0a ) );
-/* Invalid curve point zero */
-ELLIPTIC_MULTIPLY_TEST ( invalid_zero, &p256_curve,
+/* Point at infinity */
+ELLIPTIC_MULTIPLY_TEST ( infinity, &p256_curve,
BASE ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+ SCALAR ( 0x8d, 0x50, 0x48, 0x0c, 0xbe, 0x22, 0x4d, 0x01,
+ 0xbc, 0xff, 0x67, 0x8d, 0xad, 0xb1, 0x87, 0x99,
+ 0x47, 0xb9, 0x79, 0x02, 0xb0, 0x70, 0x47, 0xf0,
+ 0x9f, 0x17, 0x25, 0x7e, 0xcf, 0x0b, 0x3e, 0x73 ),
+ EXPECTED ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ) );
+
+/* Invalid curve point (zero, base_y) */
+ELLIPTIC_MULTIPLY_TEST ( invalid_zero, &p256_curve,
+ BASE ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
+ 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+ 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+ 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf4 ),
SCALAR ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x71, 0x18, 0x14, 0xb5, 0x83, 0xf0, 0x61, 0xe9,
0xd4, 0x31, 0xcc, 0xa9, 0x94, 0xce, 0xa1, 0x31,
0x34, 0x49, 0xbf, 0x97, 0xc8, 0x40, 0xae, 0x0a ),
- EXPECTED_FAIL );
+ EXPECTED ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ) );
/**
* Perform P-256 self-test
elliptic_multiply_ok ( &poi_mid );
elliptic_multiply_ok ( &poi_large );
+ /* Point at infinity */
+ elliptic_multiply_ok ( &infinity );
+
/* Invalid point tests */
elliptic_multiply_ok ( &invalid_zero );
elliptic_multiply_ok ( &invalid_one );
0xf5, 0x9f, 0x4e, 0x30, 0xe2, 0x81, 0x7e, 0x62,
0x85, 0xbc, 0xe2, 0x84, 0x6f, 0x15, 0xf1, 0xa0 ) );
-/* Invalid curve point zero */
-ELLIPTIC_MULTIPLY_TEST ( invalid_zero, &p384_curve,
+/* Point at infinity */
+ELLIPTIC_MULTIPLY_TEST ( infinity, &p384_curve,
BASE ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ),
+ EXPECTED ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ) );
+
+/* Invalid curve point (zero, base_y) */
+ELLIPTIC_MULTIPLY_TEST ( invalid_zero, &p384_curve,
+ BASE ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
+ 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
+ 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+ 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
+ 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
+ 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5e ),
+ SCALAR ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ),
EXPECTED_FAIL );
/* Invalid curve point (base_x, base_y - 1) */
ELLIPTIC_MULTIPLY_TEST ( invalid_one, &p384_curve,
- BASE ( 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
- 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
- 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
- 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
- 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
- 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7,
- 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
- 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
- 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
- 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
- 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
- 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5e ),
+ BASE ( 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
+ 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
+ 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
+ 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
+ 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
+ 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7,
+ 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
+ 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
+ 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+ 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
+ 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
+ 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5e ),
SCALAR ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x16, 0x25, 0xce, 0xec, 0x4a, 0x0f, 0x47, 0x3e,
0xf5, 0x9f, 0x4e, 0x30, 0xe2, 0x81, 0x7e, 0x62,
0x85, 0xbc, 0xe2, 0x84, 0x6f, 0x15, 0xf1, 0xa0 ),
- EXPECTED_FAIL );
+ EXPECTED ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ) );
/**
* Perform P-384 self-test
elliptic_multiply_ok ( &poi_mid );
elliptic_multiply_ok ( &poi_large );
+ /* Point at infinity */
+ elliptic_multiply_ok ( &infinity );
+
/* Invalid point tests */
elliptic_multiply_ok ( &invalid_zero );
elliptic_multiply_ok ( &invalid_one );
struct x25519_value scalar;
struct x25519_value actual;
unsigned int i;
- int rc;
/* Construct input values */
memcpy ( &base, &test->base, sizeof ( test->base ) );
/* Calculate key */
for ( i = 0 ; i < test->count ; i++ ) {
- rc = x25519_key ( &base, &scalar, &actual );
+ x25519_key ( &base, &scalar, &actual );
if ( test->fail ) {
- okx ( rc != 0, file, line );
+ okx ( x25519_is_zero ( &actual ), file, line );
} else {
- okx ( rc == 0, file, line );
+ okx ( ( ! x25519_is_zero ( &actual ) ), file, line );
}
memcpy ( &base, &scalar, sizeof ( base ) );
memcpy ( &scalar, &actual, sizeof ( scalar ) );
projects / thirdparty / ipxe.git / commitdiff
