Document and test that ecc_modp_inv produces 0 for input a == 0 (mod p).

02c617a9 · Niels Möller · 752861f7 · 02c617a9 · 02c617a9 · 02c617a9
Commit 02c617a9 authored Aug 23, 2014 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
+2014-08-23  Niels Möller  <nisse@lysator.liu.se>
+
+	* sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
+	should produce the "inverse" 0.
+
+	* testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
+	produces 0 if a == 0 or a == p.
+
 2014-08-22  Niels Möller  <nisse@lysator.liu.se>

 	* x86_64/ecc-25519-modp.asm: New file. Assembly implementation,

--- a/sec-modinv.c
+++ b/sec-modinv.c
@@ -71,6 +71,7 @@ cnd_swap (int cnd, mp_limb_t *ap, mp_limb_t *bp, mp_size_t n)
 }

 /* Compute a^{-1} mod m, with running time depending only on the size.
+   Returns zero if a == 0 (mod m), to be consistent with a^{phi(m)-1}.
   Also needs (m+1)/2, and m must be odd. */
 void
 sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n,

--- a/testsuite/ecc-modinv-test.c
+++ b/testsuite/ecc-modinv-test.c
@@ -37,6 +37,17 @@ ref_modinv (mp_limb_t *rp, const mp_limb_t *ap, const mp_limb_t *mp, mp_size_t m
 #define MAX_ECC_SIZE (1 + 521 / GMP_NUMB_BITS)
 #define COUNT 500

+static int
+mpn_zero_p (mp_srcptr ap, mp_size_t n)
+{
+  while (--n >= 0)
+    {
+      if (ap[n] != 0)
+	return 0;
+    }
+  return 1;
+}
+
 void
 test_main (void)
 {
@@ -55,6 +66,36 @@ test_main (void)
    {
      const struct ecc_curve *ecc = ecc_curves[i];
      unsigned j;
+      /* Check behaviour for zero input */
+      mpn_zero (a, ecc->size);
+      memset (ai, 17, ecc->size * sizeof(*ai));
+      ecc_modp_inv (ecc, ai, a, scratch);
+      if (!mpn_zero_p (ai, ecc->size))
+	{
+	  fprintf (stderr, "ecc_modp_inv failed for zero input (bit size %u):\n",
+		       ecc->bit_size);
+	  gmp_fprintf (stderr, "p = %Nx\n"
+		       "t = %Nx (bad)\n",
+		       ecc->p, ecc->size,
+		       ai, ecc->size);
+	  abort ();
+	}
+	  
+      /* Check behaviour for a = p */
+      mpn_copyi (a, ecc->p, ecc->size);
+      memset (ai, 17, ecc->size * sizeof(*ai));
+      ecc_modp_inv (ecc, ai, a, scratch);
+      if (!mpn_zero_p (ai, ecc->size))
+	{
+	  fprintf (stderr, "ecc_modp_inv failed for a = p input (bit size %u):\n",
+		       ecc->bit_size);
+	  gmp_fprintf (stderr, "p = %Nx\n"
+		       "t = %Nx (bad)\n",
+		       ecc->p, ecc->size,
+		       ai, ecc->size);
+	  abort ();
+	}
+	
      for (j = 0; j < COUNT; j++)
 	{
 	  if (j & 1)