1#include <tomcrypt_test.h>
2
3#ifdef MECC
4
5static int sizes[] = {
6#ifdef ECC112
714,
8#endif
9#ifdef ECC128
1016,
11#endif
12#ifdef ECC160
1320,
14#endif
15#ifdef ECC192
1624,
17#endif
18#ifdef ECC224
1928,
20#endif
21#ifdef ECC256
2232,
23#endif
24#ifdef ECC384
2548,
26#endif
27#ifdef ECC521
2865
29#endif
30};
31
32#ifdef LTC_ECC_SHAMIR
33int ecc_test_shamir(void)
34{
35   void *modulus, *mp, *kA, *kB, *rA, *rB;
36   ecc_point *G, *A, *B, *C1, *C2;
37   int x, y, z;
38   unsigned char buf[ECC_BUF_SIZE];
39
40   DO(mp_init_multi(&kA, &kB, &rA, &rB, &modulus, NULL));
41   LTC_ARGCHK((G  = ltc_ecc_new_point()) != NULL);
42   LTC_ARGCHK((A  = ltc_ecc_new_point()) != NULL);
43   LTC_ARGCHK((B  = ltc_ecc_new_point()) != NULL);
44   LTC_ARGCHK((C1 = ltc_ecc_new_point()) != NULL);
45   LTC_ARGCHK((C2 = ltc_ecc_new_point()) != NULL);
46
47   for (x = 0; x < (int)(sizeof(sizes)/sizeof(sizes[0])); x++) {
48       /* get the base point */
49       for (z = 0; ltc_ecc_sets[z].name; z++) {
50           if (sizes[z] < ltc_ecc_sets[z].size) break;
51       }
52       LTC_ARGCHK(ltc_ecc_sets[z].name != NULL);
53
54       /* load it */
55       DO(mp_read_radix(G->x, ltc_ecc_sets[z].Gx, 16));
56       DO(mp_read_radix(G->y, ltc_ecc_sets[z].Gy, 16));
57       DO(mp_set(G->z, 1));
58       DO(mp_read_radix(modulus, ltc_ecc_sets[z].prime, 16));
59       DO(mp_montgomery_setup(modulus, &mp));
60
61       /* do 100 random tests */
62       for (y = 0; y < 100; y++) {
63          /* pick a random r1, r2 */
64          LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
65          DO(mp_read_unsigned_bin(rA, buf, sizes[x]));
66          LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
67          DO(mp_read_unsigned_bin(rB, buf, sizes[x]));
68
69          /* compute rA * G = A */
70          DO(ltc_mp.ecc_ptmul(rA, G, A, modulus, 1));
71
72          /* compute rB * G = B */
73          DO(ltc_mp.ecc_ptmul(rB, G, B, modulus, 1));
74
75          /* pick a random kA, kB */
76          LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
77          DO(mp_read_unsigned_bin(kA, buf, sizes[x]));
78          LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
79          DO(mp_read_unsigned_bin(kB, buf, sizes[x]));
80
81          /* now, compute kA*A + kB*B = C1 using the older method */
82          DO(ltc_mp.ecc_ptmul(kA, A, C1, modulus, 0));
83          DO(ltc_mp.ecc_ptmul(kB, B, C2, modulus, 0));
84          DO(ltc_mp.ecc_ptadd(C1, C2, C1, modulus, mp));
85          DO(ltc_mp.ecc_map(C1, modulus, mp));
86
87          /* now compute using mul2add */
88          DO(ltc_mp.ecc_mul2add(A, kA, B, kB, C2, modulus));
89
90          /* is they the sames?  */
91          if ((mp_cmp(C1->x, C2->x) != LTC_MP_EQ) || (mp_cmp(C1->y, C2->y) != LTC_MP_EQ) || (mp_cmp(C1->z, C2->z) != LTC_MP_EQ)) {
92             fprintf(stderr, "ECC failed shamir test: size=%d, testno=%d\n", sizes[x], y);
93             return 1;
94          }
95      }
96      mp_montgomery_free(mp);
97  }
98  ltc_ecc_del_point(C2);
99  ltc_ecc_del_point(C1);
100  ltc_ecc_del_point(B);
101  ltc_ecc_del_point(A);
102  ltc_ecc_del_point(G);
103  mp_clear_multi(kA, kB, rA, rB, modulus, NULL);
104  return 0;
105}
106#endif
107
108int ecc_tests (void)
109{
110  unsigned char buf[4][4096];
111  unsigned long x, y, z, s;
112  int           stat, stat2;
113  ecc_key usera, userb, pubKey, privKey;
114
115  DO(ecc_test ());
116  DO(ecc_test ());
117  DO(ecc_test ());
118  DO(ecc_test ());
119  DO(ecc_test ());
120
121  for (s = 0; s < (sizeof(sizes)/sizeof(sizes[0])); s++) {
122     /* make up two keys */
123     DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
124     DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &userb));
125
126     /* make the shared secret */
127     x = sizeof(buf[0]);
128     DO(ecc_shared_secret (&usera, &userb, buf[0], &x));
129
130     y = sizeof(buf[1]);
131     DO(ecc_shared_secret (&userb, &usera, buf[1], &y));
132
133     if (y != x) {
134       fprintf(stderr, "ecc Shared keys are not same size.");
135       return 1;
136     }
137
138     if (memcmp (buf[0], buf[1], x)) {
139       fprintf(stderr, "ecc Shared keys not same contents.");
140       return 1;
141     }
142
143     /* now export userb */
144     y = sizeof(buf[0]);
145     DO(ecc_export (buf[1], &y, PK_PUBLIC, &userb));
146     ecc_free (&userb);
147
148     /* import and make the shared secret again */
149     DO(ecc_import (buf[1], y, &userb));
150
151     z = sizeof(buf[0]);
152     DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
153
154     if (z != x) {
155       fprintf(stderr, "failed.  Size don't match?");
156       return 1;
157     }
158     if (memcmp (buf[0], buf[2], x)) {
159       fprintf(stderr, "Failed.  Contents didn't match.");
160       return 1;
161     }
162
163     /* export with ANSI X9.63 */
164     y = sizeof(buf[1]);
165     DO(ecc_ansi_x963_export(&userb, buf[1], &y));
166     ecc_free (&userb);
167
168     /* now import the ANSI key */
169     DO(ecc_ansi_x963_import(buf[1], y, &userb));
170
171     /* shared secret */
172     z = sizeof(buf[0]);
173     DO(ecc_shared_secret (&usera, &userb, buf[2], &z));
174
175     if (z != x) {
176       fprintf(stderr, "failed.  Size don't match?");
177       return 1;
178     }
179     if (memcmp (buf[0], buf[2], x)) {
180       fprintf(stderr, "Failed.  Contents didn't match.");
181       return 1;
182     }
183
184     ecc_free (&usera);
185     ecc_free (&userb);
186
187     /* test encrypt_key */
188     DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
189
190     /* export key */
191     x = sizeof(buf[0]);
192     DO(ecc_export(buf[0], &x, PK_PUBLIC, &usera));
193     DO(ecc_import(buf[0], x, &pubKey));
194     x = sizeof(buf[0]);
195     DO(ecc_export(buf[0], &x, PK_PRIVATE, &usera));
196     DO(ecc_import(buf[0], x, &privKey));
197
198     for (x = 0; x < 32; x++) {
199        buf[0][x] = x;
200     }
201     y = sizeof (buf[1]);
202     DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &yarrow_prng, find_prng ("yarrow"), find_hash ("sha256"), &pubKey));
203     zeromem (buf[0], sizeof (buf[0]));
204     x = sizeof (buf[0]);
205     DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey));
206     if (x != 32) {
207       fprintf(stderr, "Failed (length)");
208       return 1;
209     }
210     for (x = 0; x < 32; x++) {
211        if (buf[0][x] != x) {
212           fprintf(stderr, "Failed (contents)");
213           return 1;
214        }
215     }
216     /* test sign_hash */
217     for (x = 0; x < 16; x++) {
218        buf[0][x] = x;
219     }
220     x = sizeof (buf[1]);
221     DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey));
222     DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey));
223     buf[0][0] ^= 1;
224     DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey));
225     if (!(stat == 1 && stat2 == 0)) {
226        fprintf(stderr, "ecc_verify_hash failed %d, %d, ", stat, stat2);
227        return 1;
228     }
229     ecc_free (&usera);
230     ecc_free (&pubKey);
231     ecc_free (&privKey);
232  }
233#ifdef LTC_ECC_SHAMIR
234  return ecc_test_shamir();
235#else
236  return 0;
237#endif
238}
239
240#else
241
242int ecc_tests(void)
243{
244   fprintf(stderr, "NOP");
245   return 0;
246}
247
248#endif
249
250/* $Source: /cvs/libtom/libtomcrypt/testprof/ecc_test.c,v $ */
251/* $Revision: 1.21 $ */
252/* $Date: 2006/12/04 03:21:03 $ */
253