Extend general ecc testcases to also test curve25519.

2b372dfd · Niels Möller · 9f306c0c · 2b372dfd · 2b372dfd · 2b372dfd
Commit 2b372dfd authored Sep 17, 2014 by Niels Möller
5 changed files
--- a/ChangeLog
+++ b/ChangeLog
 2014-09-17  Niels Möller  <nisse@lysator.liu.se>

+	* testsuite/testutils.c (ecc_curves): Include curve25519 in list.
+	(test_ecc_mul_a): Include reference points for curve25519 (with
+	Edwards coordinates). Allow n == 1, and compare to the generator.
+
+	* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
+	for curve25519.
+
+	* testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
+	support curve25519.
+	* testsuite/ecc-mul-g-test.c (test_main): Likewise.
+
 	* ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
 	functions.
 	* ecc.h: Deleted corresponding declarations.

--- a/testsuite/ecc-mul-a-test.c
+++ b/testsuite/ecc-mul-a-test.c
@@ -47,7 +47,12 @@ test_main (void)
      mpn_sub_1 (n, ecc->q, size, 1);
      ecc->mul (ecc, p, n, ecc->g, scratch);
      ecc->h_to_a (ecc, 0, p, p, scratch);
-      mpn_sub_n (p + size, ecc->p, p + size, size);
+      if (ecc->bit_size == 255)
+	/* For edwards curves, - (x,y ) == (-x, y). FIXME: Swap x and
+	   y, to get identical negation? */
+	mpn_sub_n (p, ecc->p, p, size);
+      else
+	mpn_sub_n (p + size, ecc->p, p + size, size);
      if (mpn_cmp (p, ecc->g, 2*size) != 0)
 	{
 	  fprintf (stderr, "ecc->mul with n = order - 1 failed.\n");

--- a/testsuite/ecc-mul-g-test.c
+++ b/testsuite/ecc-mul-g-test.c
@@ -49,7 +49,12 @@ test_main (void)
      mpn_sub_1 (n, ecc->q, size, 1);
      ecc->mul_g (ecc, p, n, scratch);
      ecc->h_to_a (ecc, 0, p, p, scratch);
-      mpn_sub_n (p + size, ecc->p, p + size, size);
+      if (ecc->bit_size == 255)
+	/* For edwards curves, - (x,y ) == (-x, y). FIXME: Swap x and
+	   y, to get identical negation? */
+	mpn_sub_n (p, ecc->p, p, size);
+      else
+	mpn_sub_n (p + size, ecc->p, p + size, size);
      if (mpn_cmp (p, ecc->g, 2*size) != 0)
 	{
 	  fprintf (stderr, "ecc->mul_g with n = order - 1 failed.\n");

--- a/testsuite/ecdsa-keygen-test.c
+++ b/testsuite/ecdsa-keygen-test.c
@@ -24,11 +24,30 @@ ecc_valid_p (struct ecc_point *pub)
  mpz_roinit_n (y, pub->p + size, size);

  mpz_mul (lhs, y, y);
-  mpz_mul (rhs, x, x);
-  mpz_sub_ui (rhs, rhs, 3);
-  mpz_mul (rhs, rhs, x);
-  mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
-
+  
+  if (pub->ecc->bit_size == 255)
+    {
+      /* Check that
+	 121666 (1 + x^2 - y^2) = 121665 x^2 y^2 */
+      mpz_t x2;
+      mpz_init (x2);
+      mpz_mul (x2, x, x); /* x^2 */
+      mpz_mul (rhs, x2, lhs); /* x^2 y^2 */
+      mpz_sub (lhs, x2, lhs); /* x^2 - y^2 */
+      mpz_add_ui (lhs, lhs, 1); /* 1 + x^2 - y^2 */
+      mpz_mul_ui (lhs, lhs, 121666);
+      mpz_mul_ui (rhs, rhs, 121665);
+
+      mpz_clear (x2);
+    }
+  else
+    {
+      /* Check y^2 = x^3 - 3 x + b */
+      mpz_mul (rhs, x, x);
+      mpz_sub_ui (rhs, rhs, 3);
+      mpz_mul (rhs, rhs, x);
+      mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
+    }
  res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, pub->ecc->p, size));
  
  mpz_clear (lhs);

--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -1258,6 +1258,7 @@ const struct ecc_curve * const ecc_curves[] = {
  &nettle_secp_256r1,
  &nettle_secp_384r1,
  &nettle_secp_521r1,
+  &nettle_curve25519,
  NULL
 };

@@ -1309,7 +1310,7 @@ void
 test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
 {
  /* For each curve, the points 2 g, 3 g and 4 g */
-  static const struct ecc_ref_point ref[5][3] = {
+  static const struct ecc_ref_point ref[6][3] = {
    { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
 	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
      { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
@@ -1363,11 +1364,40 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
 	"82"
 	"096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f2"
 	"79f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d" },
+    },
+    { { "36ab384c9f5a046c3d043b7d1833e7ac080d8e4515d7a45f83c5a14e2843ce0e",
+	"2260cdf3092329c21da25ee8c9a21f5697390f51643851560e5f46ae6af8a3c9" },
+      { "67ae9c4a22928f491ff4ae743edac83a6343981981624886ac62485fd3f8e25c",
+	"1267b1d177ee69aba126a18e60269ef79f16ec176724030402c3684878f5b4d4" },
+      { "203da8db56cff1468325d4b87a3520f91a739ec193ce1547493aa657c4c9f870",
+	"47d0e827cb1595e1470eb88580d5716c4cf22832ea2f0ff0df38ab61ca32112f" },
    }
  };
-  assert (curve < 5);
-  assert (n >= 2 && n <= 4);
-  test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
+  assert (curve < 6);
+  assert (n >= 1 && n <= 4);
+  if (n == 1)
+    {
+      const struct ecc_curve *ecc = ecc_curves[curve];
+      if (mpn_cmp (p, ecc->g, 2*ecc->size) != 0)
+	{
+	  fprintf (stderr, "Incorrect point (expected g)!\n"
+		   "got: x = ");
+	  write_mpn (stderr, 16, p, ecc->size);
+	  fprintf (stderr, "\n"
+		   "     y = ");
+	  write_mpn (stderr, 16, p + ecc->size, ecc->size);
+	  fprintf (stderr, "\n"
+		   "ref: x = ");
+	  write_mpn (stderr, 16, ecc->g, ecc->size);
+	  fprintf (stderr, "\n"
+		   "     y = ");
+	  write_mpn (stderr, 16, ecc->g + ecc->size, ecc->size);
+	  fprintf (stderr, "\n");
+	  abort();
+	}
+    }
+  else
+    test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
 }

 void