From 1281c77873f3bbbb86d2ba531e8019d1f5e29d0d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Thu, 2 Oct 2014 15:54:27 +0200 Subject: [PATCH] Tests for eddsa compression and decompression. --- ChangeLog | 4 ++ testsuite/.test-rules.make | 3 + testsuite/Makefile.in | 3 +- testsuite/eddsa-compress-test.c | 112 ++++++++++++++++++++++++++++++++ 4 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 testsuite/eddsa-compress-test.c diff --git a/ChangeLog b/ChangeLog index d7f70a2f..bb68d2a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2014-10-02 Niels Möller + * testsuite/eddsa-compress-test.c: New testcase. + * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added + eddsa-compress-test.c. + * eddsa-decompress.c (_eddsa_decompress): New file, new function. * eddsa-compress.c (_eddsa_compress): New file, new function. * eddsa.h: New file. diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index 3399f9ef..bfa2c993 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -226,6 +226,9 @@ ecdsa-keygen-test$(EXEEXT): ecdsa-keygen-test.$(OBJEXT) ecdh-test$(EXEEXT): ecdh-test.$(OBJEXT) $(LINK) ecdh-test.$(OBJEXT) $(TEST_OBJS) -o ecdh-test$(EXEEXT) +eddsa-compress-test$(EXEEXT): eddsa-compress-test.$(OBJEXT) + $(LINK) eddsa-compress-test.$(OBJEXT) $(TEST_OBJS) -o eddsa-compress-test$(EXEEXT) + sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT) $(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT) diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index 31bd29d5..3fafed24 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -44,7 +44,8 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \ ecc-dup-test.c ecc-add-test.c \ ecc-mul-g-test.c ecc-mul-a-test.c \ ecdsa-sign-test.c ecdsa-verify-test.c \ - ecdsa-keygen-test.c ecdh-test.c + ecdsa-keygen-test.c ecdh-test.c \ + eddsa-compress-test.c TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES) CXX_SOURCES = cxx-test.cxx diff --git a/testsuite/eddsa-compress-test.c b/testsuite/eddsa-compress-test.c new file mode 100644 index 00000000..e264620c --- /dev/null +++ b/testsuite/eddsa-compress-test.c @@ -0,0 +1,112 @@ +/* eddsa-compress-test.c + + Copyright (C) 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#include "testutils.h" + +#include "eddsa.h" + +#define COUNT 1000 + +void test_main (void) +{ + const struct ecc_curve *ecc = &nettle_curve25519; + gmp_randstate_t rands; + mp_size_t size, itch; + mpz_t zp, t; + mp_limb_t *s; + mp_limb_t *p; + mp_limb_t *pa1; + mp_limb_t *pa2; + mp_limb_t *scratch; + size_t clen; + uint8_t *c; + unsigned j; + + gmp_randinit_default (rands); + + size = ecc_size (ecc); + clen = 1 + ecc->p.bit_size / 8; + + mpz_roinit_n (zp, ecc->p.m, size); + + mpz_init (t); + s = xalloc_limbs (size); + p = xalloc_limbs (ecc_size_j (ecc)); + pa1 = xalloc_limbs (ecc_size_a (ecc)); + pa2 = xalloc_limbs (ecc_size_a (ecc)); + c = xalloc (clen); + + itch = _eddsa_decompress_itch (ecc); + if (itch < ecc->mul_g_itch) + itch = ecc->mul_g_itch; + + scratch = xalloc_limbs (itch); + + for (j = 0; j < COUNT; j++) + { + mpz_t x1, y1, x2, y2; + + mpz_urandomb (t, rands, ecc->q.bit_size); + mpz_limbs_copy (s, t, ecc->q.size); + ecc->mul_g (ecc, p, s, scratch); + _eddsa_compress (ecc, c, p, scratch); + ecc->h_to_a (ecc, 0, pa1, p, scratch); + _eddsa_decompress (ecc, pa2, c, scratch); + mpz_roinit_n (x1, pa1, size); + mpz_roinit_n (y1, pa1 + size, size); + mpz_roinit_n (x2, pa2, size); + mpz_roinit_n (y2, pa2 + size, size); + if (!(mpz_congruent_p (x1, x2, zp) + && mpz_congruent_p (y1, y2, zp))) + { + fprintf (stderr, "eddsa compression failed:\nc = "); + print_hex (clen, c); + fprintf (stderr, "\np1 = 0x"); + mpz_out_str (stderr, 16, x1); + fprintf (stderr, ",\n 0x"); + mpz_out_str (stderr, 16, y1); + fprintf (stderr, "\np2 = 0x"); + mpz_out_str (stderr, 16, x2); + fprintf (stderr, ",\n 0x"); + mpz_out_str (stderr, 16, y2); + fprintf (stderr, "\n"); + abort (); + } + } + mpz_clear (t); + free (s); + free (p); + free (c); + free (pa1); + free (pa2); + free (scratch); + gmp_randclear (rands); +} -- 2.47.2