New testcase for curve25519 dup.

660e482f · Niels Möller · 95652d25 · 660e482f · 660e482f · 660e482f
Commit 660e482f authored Jul 11, 2014 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
 2014-07-11  Niels Möller  <nisse@lysator.liu.se>

+	* testsuite/curve25519-dup-test.c: New testcase.
+	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+	curve25519-dup-test.c.
+
 	* testsuite/testutils.c (test_ecc_point): Made non-static.
 	* testsuite/testutils.h (struct ecc_ref_point): Moved here, from
 	testutils.h.

--- a/testsuite/.test-rules.make
+++ b/testsuite/.test-rules.make
@@ -187,6 +187,9 @@ dsa-test$(EXEEXT): dsa-test.$(OBJEXT)
 dsa-keygen-test$(EXEEXT): dsa-keygen-test.$(OBJEXT)
 	$(LINK) dsa-keygen-test.$(OBJEXT) $(TEST_OBJS) -o dsa-keygen-test$(EXEEXT)

+curve25519-dup-test$(EXEEXT): curve25519-dup-test.$(OBJEXT)
+	$(LINK) curve25519-dup-test.$(OBJEXT) $(TEST_OBJS) -o curve25519-dup-test$(EXEEXT)
+
 ecc-mod-test$(EXEEXT): ecc-mod-test.$(OBJEXT)
 	$(LINK) ecc-mod-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mod-test$(EXEEXT)


--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -38,6 +38,7 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
 		     pkcs1-test.c \
 		     rsa-test.c rsa-encrypt-test.c rsa-keygen-test.c \
 		     dsa-test.c dsa-keygen-test.c \
+		     curve25519-dup-test.c \
 		     ecc-mod-test.c ecc-modinv-test.c ecc-redc-test.c \
 		     ecc-mul-g-test.c ecc-mul-a-test.c \
 		     ecdsa-sign-test.c ecdsa-verify-test.c ecdsa-keygen-test.c

--- a/testsuite/curve25519-dup-test.c
+++ b/testsuite/curve25519-dup-test.c
+#include "testutils.h"
+
+static int
+point_zero_p (const struct ecc_curve *ecc, const mp_limb_t *p)
+{  
+  mp_limb_t *d;
+  int ret;
+  mp_size_t i;
+  d = xalloc_limbs (ecc->size);
+  ecc_modp_sub (ecc, d, p + ecc->size, p + 2*ecc->size);
+  while (mpn_cmp (d, ecc->p, ecc->size) >= 0)
+    mpn_sub_n (d, d, ecc->p, ecc->size);
+
+  for (i = 0, ret = 1; i < ecc->size; i++)
+    if (d[i])
+      {
+	ret = 0;
+	break;
+      }
+  
+  free (d);
+  return ret;
+}
+
+void
+test_main (void)
+{
+  const struct ecc_curve *ecc = &nettle_curve25519;
+  mp_limb_t *g;
+  mp_limb_t *z;
+  mp_limb_t *pe;
+  mp_limb_t *pa;
+  mp_limb_t *scratch;
+  const struct ecc_ref_point g2 =    
+    { /* In Edwards coordinates:
+	 x = 0x1a1c31f8665368131698fecfd54233fcdc638bb46d25cc61d8bc4bcdbfbb4459,
+	 y = 0x2260cdf3092329c21da25ee8c9a21f5697390f51643851560e5f46ae6af8a3c9
+      */
+      "20d342d51873f1b7d9750c687d157114"
+      "8f3f5ced1e350b5c5cae469cdd684efb",
+      "13b57e011700e8ae050a00945d2ba2f3"
+      "77659eb28d8d391ebcd70465c72df563"
+    };
+
+  g = xalloc_limbs (ecc_size_j (ecc));
+  z = xalloc_limbs (ecc_size_j (ecc));
+  pe = xalloc_limbs (ecc_size_j (ecc));
+  pa = xalloc_limbs (ecc_size_j (ecc));
+  scratch = xalloc_limbs (ECC_DUP_EH_ITCH(ecc->size));
+
+  mpn_copyi (g, ecc->g, 2*ecc->size);
+  g[2*ecc->size] = 1;
+  mpn_zero (g+2*ecc->size + 1, ecc->size - 1);
+
+  /* Zero point has x = 0, y = 1, z = 1 */
+  mpn_zero (z, 3*ecc->size);
+  z[ecc->size] = z[2*ecc->size] = 1;
+
+  ecc_dup_eh (ecc, pe, z, scratch);
+  if (!point_zero_p (ecc, pe))
+    die ("dup of zero point failed.\n");
+      
+  ecc_dup_eh (ecc, pe, g, scratch);
+  gmp_fprintf (stderr, "g2 (edwards):\n"
+	       "x = %Nx\n"
+	       "y = %Nx\n"
+	       "z = %Nx\n",
+	       pe, ecc->size,
+	       pe + ecc->size, ecc->size,
+	       pe + 2*ecc->size, ecc->size);
+
+  ecc_eh_to_a (ecc, 0, pa, pe, scratch);
+  test_ecc_point (ecc, &g2, pa);
+}