1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/ec/ectest.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Originally written by Bodo Moeller for the OpenSSL project. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Portions of the attached software ("Contribution") are developed by 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The Contribution is licensed pursuant to the OpenSSL open source 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * license provided above. 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The elliptic curve binary polynomial software is originally written by 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FLAT_INC 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "e_os.h" 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "../e_os.h" 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <string.h> 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <time.h> 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_EC 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; } 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ec.h> 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/engine.h> 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/obj_mac.h> 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 97392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/opensslconf.h> 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* suppress "too big too optimize" warning */ 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#pragma warning(disable:4959) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ABORT do { \ 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); \ 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors_fp(stderr); \ 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EXIT(1); \ 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} while (0) 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define TIMING_BASE_PT 0 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define TIMING_RAND_PT 1 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define TIMING_SIMUL 2 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void timings(EC_GROUP *group, int type, BN_CTX *ctx) 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clock_t clck; 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, j; 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *s; 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *r[10], *r0[10]; 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *P; 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s = BN_new(); 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s == NULL) ABORT; 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group)); 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_get_order(group, s, ctx)) ABORT; 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s)); 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project P = EC_POINT_new(group); 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P == NULL) ABORT; 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_copy(P, EC_GROUP_get0_generator(group)); 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < 10; i++) 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((r[i] = BN_new()) == NULL) ABORT; 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type != TIMING_BASE_PT) 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((r0[i] = BN_new()) == NULL) ABORT; 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clck = clock(); 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < 10; i++) 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j = 0; j < 10; j++) 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clck = clock() - clck; 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CLOCKS_PER_SEC 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* "To determine the time in seconds, the value returned 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by the clock function should be divided by the value 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * of the macro CLOCKS_PER_SEC." 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * -- ISO/IEC 9899 */ 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define UNIT "s" 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * -- cc on NeXTstep/OpenStep */ 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define UNIT "units" 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define CLOCKS_PER_SEC 1 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TIMING_BASE_PT) { 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "base point multiplications", (double)clck/CLOCKS_PER_SEC); 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } else if (type == TIMING_RAND_PT) { 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "random point multiplications", (double)clck/CLOCKS_PER_SEC); 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } else if (type == TIMING_SIMUL) { 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(P); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(s); 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < 10; i++) 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(r[i]); 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type != TIMING_BASE_PT) BN_free(r0[i]); 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 195392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* test multiplication with group order, long and negative scalars */ 196392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic void group_order_tests(EC_GROUP *group) 197392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 198392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *n1, *n2, *order; 199392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT *P = EC_POINT_new(group); 200392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT *Q = EC_POINT_new(group); 201392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_CTX *ctx = BN_CTX_new(); 202c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root int i; 203392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 204392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n1 = BN_new(); n2 = BN_new(); order = BN_new(); 205392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "verify group order ..."); 206392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fflush(stdout); 207392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_get_order(group, order, ctx)) ABORT; 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT; 209392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "."); 211392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fflush(stdout); 212392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 213392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT; 214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, " ok\n"); 216c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root fprintf(stdout, "long/negative scalar tests "); 217c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root for (i = 1; i <= 2; i++) 218c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root { 219c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root const BIGNUM *scalars[6]; 220c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root const EC_POINT *points[6]; 221c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 222c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root fprintf(stdout, i == 1 ? 223c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root "allowing precomputation ... " : 224c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root "without precomputation ... "); 225c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!BN_set_word(n1, i)) ABORT; 226c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* If i == 1, P will be the predefined generator for which 227c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * EC_GROUP_precompute_mult has set up precomputation. */ 228c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) ABORT; 229c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 230c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!BN_one(n1)) ABORT; 231c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* n1 = 1 - order */ 232c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!BN_sub(n1, n1, order)) ABORT; 233c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT; 234c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 235c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 236c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* n2 = 1 + order */ 237c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!BN_add(n2, order, BN_value_one())) ABORT; 238c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 239c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 240c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 241c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ 242c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!BN_mul(n2, n1, n2, ctx)) ABORT; 243c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 244c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; 245c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 246c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* n2 = order^2 - 1 */ 247c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BN_set_negative(n2, 0); 248c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; 249c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* Add P to verify the result. */ 250c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_add(group, Q, Q, P, ctx)) ABORT; 251c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 252c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 253c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* Exercise EC_POINTs_mul, including corner cases. */ 254c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (EC_POINT_is_at_infinity(group, P)) ABORT; 255c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[0] = n1; points[0] = Q; /* => infinity */ 256c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[1] = n2; points[1] = P; /* => -P */ 257c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[2] = n1; points[2] = Q; /* => infinity */ 258c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[3] = n2; points[3] = Q; /* => infinity */ 259c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[4] = n1; points[4] = P; /* => P */ 260c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root scalars[5] = n2; points[5] = Q; /* => infinity */ 261c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT; 262c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (!EC_POINT_is_at_infinity(group, P)) ABORT; 263c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root } 264392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "ok\n"); 265c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root 266392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(P); 267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(Q); 268392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(n1); 269392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(n2); 270392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(order); 271392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_CTX_free(ctx); 272392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 273392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 274392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic void prime_field_tests(void) 27504ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom { 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx = NULL; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *p, *a, *b; 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *group; 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *P, *Q, *R; 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *x, *y, *z; 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char buf[100]; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t i, len; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int k; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 /* optional */ 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = BN_CTX_new(); 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ctx) ABORT; 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = BN_new(); 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a = BN_new(); 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b = BN_new(); 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!p || !a || !b) ABORT; 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "17")) ABORT; 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "1")) ABORT; 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "1")) ABORT; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so that the library gets to choose the EC_METHOD */ 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!group) ABORT; 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *tmp; 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp = EC_GROUP_new(EC_GROUP_method_of(group)); 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!tmp) ABORT; 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(tmp, group)) ABORT; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project group = tmp; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT; 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, p); 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ")\n a = 0x"); 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, a); 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n b = 0x"); 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, b); 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project P = EC_POINT_new(group); 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Q = EC_POINT_new(group); 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project R = EC_POINT_new(group); 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!P || !Q || !R) ABORT; 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_to_infinity(group, P)) ABORT; 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[0] = 0; 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x = BN_new(); 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project y = BN_new(); 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project z = BN_new(); 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!x || !y || !z) ABORT; 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "D")) ABORT; 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, Q, ctx)) 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, "Point is not on curve: x = 0x"); 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stderr, x); 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, ", y = 0x"); 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stderr, y); 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, "\n"); 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ABORT; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "A cyclic subgroup:\n"); 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project k = 100; 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (k-- == 0) ABORT; 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, P)) 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " point at infinity\n"); 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " x = 0x"); 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ", y = 0x"); 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_copy(R, P)) ABORT; 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* optional */ 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *points[3]; 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[0] = R; 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[1] = Q; 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[2] = P; 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT; 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (!EC_POINT_is_at_infinity(group, P)); 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "Generator as octet string, compressed form:\n "); 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT; 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ", Y = 0x"); 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ", Z = 0x"); 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, z); 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_invert(group, P, ctx)) ABORT; 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * -- not a NIST curve, but commonly used */ 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 160) ABORT; 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_160, group)) ABORT; 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve P-192 (FIPS PUB 186-2, App. 6) */ 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT; 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 192) ABORT; 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 494392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_192, group)) ABORT; 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve P-224 (FIPS PUB 186-2, App. 6) */ 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 224) ABORT; 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 528392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_224, group)) ABORT; 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve P-256 (FIPS PUB 186-2, App. 6) */ 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "84F3B9CAC2FC632551")) ABORT; 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 256) ABORT; 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 563392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_256, group)) ABORT; 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve P-384 (FIPS PUB 186-2, App. 6) */ 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT; 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT; 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT; 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 384) ABORT; 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 602392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 603392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_384, group)) ABORT; 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve P-521 (FIPS PUB 186-2, App. 6) */ 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "DF883D2C34F1EF451FD46B503F00")) ABORT; 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "3C1856A429BF97E7E31C2E5BD66")) ABORT; 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "C9B8899C47AEBB6FB71E91386409")) ABORT; 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "7086A272C24088BE94769FD16650")) ABORT; 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != 521) ABORT; 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); 648392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 649392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(P_521, group)) ABORT; 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* more tests using the last curve */ 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_copy(Q, P)) ABORT; 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, Q)) ABORT; 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EC_POINT *points[4]; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const BIGNUM *scalars[4]; 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM scalar3; 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, Q)) ABORT; 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[0] = Q; 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[1] = Q; 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[2] = Q; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[3] = Q; 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 678392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_get_order(group, z, ctx)) ABORT; 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(y, z, BN_value_one())) ABORT; 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_odd(y)) ABORT; 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_rshift1(y, y)) ABORT; 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = y; 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "combined multiplication ..."); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* z is still the group order */ 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "."); 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(z, z, y)) ABORT; 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_negative(z, 1); 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = y; 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = z; /* z = -(order + y) */ 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "."); 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(z, x, y)) ABORT; 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_negative(z, 1); 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = x; 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = y; 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[2] = z; /* z = -(x+y) */ 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&scalar3); 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_zero(&scalar3); 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[3] = &scalar3; 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT; 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n\n"); 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(&scalar3); 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_160, TIMING_BASE_PT, ctx); 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_160, TIMING_RAND_PT, ctx); 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_160, TIMING_SIMUL, ctx); 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_192, TIMING_BASE_PT, ctx); 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_192, TIMING_RAND_PT, ctx); 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_192, TIMING_SIMUL, ctx); 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_224, TIMING_BASE_PT, ctx); 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_224, TIMING_RAND_PT, ctx); 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_224, TIMING_SIMUL, ctx); 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_256, TIMING_BASE_PT, ctx); 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_256, TIMING_RAND_PT, ctx); 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_256, TIMING_SIMUL, ctx); 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_384, TIMING_BASE_PT, ctx); 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_384, TIMING_RAND_PT, ctx); 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_384, TIMING_SIMUL, ctx); 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_521, TIMING_BASE_PT, ctx); 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_521, TIMING_RAND_PT, ctx); 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(P_521, TIMING_SIMUL, ctx); 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx) 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(p); BN_free(a); BN_free(b); 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(P); 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(Q); 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(R); 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(x); BN_free(y); BN_free(z); 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_160) EC_GROUP_free(P_160); 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_192) EC_GROUP_free(P_192); 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_224) EC_GROUP_free(P_224); 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_256) EC_GROUP_free(P_256); 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_384) EC_GROUP_free(P_384); 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (P_521) EC_GROUP_free(P_521); 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Change test based on whether binary point compression is enabled or not. */ 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_EC_BIN_PT_COMP 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, _x)) ABORT; \ 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, _order)) ABORT; \ 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&cof, _cof)) ABORT; \ 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); \ 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); \ 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); \ 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); \ 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* G_y value taken from the standard: */ \ 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, _y)) ABORT; \ 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != BN_cmp(y, z)) ABORT; 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, _x)) ABORT; \ 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&y, _y)) ABORT; \ 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&z, _order)) ABORT; \ 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&cof, _cof)) ABORT; \ 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); \ 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n y = 0x"); \ 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); \ 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, _p)) ABORT; \ 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, _a)) ABORT; \ 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, _b)) ABORT; \ 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "verify degree ..."); \ 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_GROUP_get_degree(group) != _degree) ABORT; \ 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n"); \ 812392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(group); \ 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \ 814392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_copy(_variable, group)) ABORT; \ 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 816392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_EC2M 817392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 818392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic void char2_field_tests(void) 819392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx = NULL; 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *p, *a, *b; 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *group; 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL; 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL; 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *P, *Q, *R; 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *x, *y, *z, *cof; 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char buf[100]; 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t i, len; 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int k; 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 /* optional */ 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = BN_CTX_new(); 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ctx) ABORT; 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = BN_new(); 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a = BN_new(); 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b = BN_new(); 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!p || !a || !b) ABORT; 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&p, "13")) ABORT; 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&a, "3")) ABORT; 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&b, "1")) ABORT; 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so that the library gets to choose the EC_METHOD */ 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!group) ABORT; 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *tmp; 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp = EC_GROUP_new(EC_GROUP_method_of(group)); 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!tmp) ABORT; 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_copy(tmp, group)) ABORT; 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project group = tmp; 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT; 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, p); 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ")\n a = 0x"); 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, a); 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n b = 0x"); 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, b); 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n(0x... means binary polynomial)\n"); 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project P = EC_POINT_new(group); 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Q = EC_POINT_new(group); 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project R = EC_POINT_new(group); 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!P || !Q || !R) ABORT; 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_to_infinity(group, P)) ABORT; 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[0] = 0; 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x = BN_new(); 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project y = BN_new(); 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project z = BN_new(); 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cof = BN_new(); 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!x || !y || !z || !cof) ABORT; 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&x, "6")) ABORT; 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Change test based on whether binary point compression is enabled or not. */ 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_EC_BIN_PT_COMP 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT; 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&y, "8")) ABORT; 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, Q, ctx)) 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Change test based on whether binary point compression is enabled or not. */ 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_EC_BIN_PT_COMP 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, "Point is not on curve: x = 0x"); 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stderr, x); 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, ", y = 0x"); 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stderr, y); 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr, "\n"); 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ABORT; 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "A cyclic subgroup:\n"); 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project k = 100; 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (k-- == 0) ABORT; 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, P)) 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " point at infinity\n"); 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " x = 0x"); 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, x); 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, ", y = 0x"); 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_print_fp(stdout, y); 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_copy(R, P)) ABORT; 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (!EC_POINT_is_at_infinity(group, P)); 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Change test based on whether binary point compression is enabled or not. */ 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_EC_BIN_PT_COMP 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "Generator as octet string, compressed form:\n "); 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Change test based on whether binary point compression is enabled or not. */ 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_EC_BIN_PT_COMP 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 0) ABORT; 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\n"); 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_invert(group, P, ctx)) ABORT; 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve K-163 (FIPS PUB 186-2, App. 6) */ 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve K-163", 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0800000000000000000000000000000000000000C9", 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0289070FB05D38FF58321F2E800536D538CCDAA3D9", 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "04000000000000000000020108A2E0CC0D99F8A5EF", 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 163, 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_K163 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve B-163 (FIPS PUB 186-2, App. 6) */ 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve B-163", 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0800000000000000000000000000000000000000C9", 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "020A601907B8C953CA1481EB10512F78744A3205FD", 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "03F0EBA16286A2D57EA0991168D4994637E8343E36", 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "040000000000000000000292FE77E70C12A4234C33", 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 163, 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_B163 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve K-233 (FIPS PUB 186-2, App. 6) */ 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve K-233", 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "020000000000000000000000000000000000000004000000000000000001", 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0", 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "4", 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 233, 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_K233 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve B-233 (FIPS PUB 186-2, App. 6) */ 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve B-233", 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "020000000000000000000000000000000000000004000000000000000001", 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "000000000000000000000000000000000000000000000000000000000001", 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 233, 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_B233 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve K-283 (FIPS PUB 186-2, App. 6) */ 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve K-283", 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0800000000000000000000000000000000000000000000000000000000000000000010A1", 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0", 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", 1046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "4", 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 283, 1048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_K283 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve B-283 (FIPS PUB 186-2, App. 6) */ 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve B-283", 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0800000000000000000000000000000000000000000000000000000000000000000010A1", 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "000000000000000000000000000000000000000000000000000000000000000000000001", 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 283, 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_B283 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve K-409 (FIPS PUB 186-2, App. 6) */ 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve K-409", 1071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0", 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 1074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", 1075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "4", 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 409, 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_K409 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve B-409 (FIPS PUB 186-2, App. 6) */ 1084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve B-409", 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 1089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", 1094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 409, 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_B409 1097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve K-571 (FIPS PUB 186-2, App. 6) */ 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve K-571", 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0", 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "1", 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "4", 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571, 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_K571 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Curve B-571 (FIPS PUB 186-2, App. 6) */ 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CHAR2_CURVE_TEST 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ( 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "NIST curve B-571", 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1, 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "2", 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571, 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C2_B571 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ); 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* more tests using the last curve */ 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_copy(Q, P)) ABORT; 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, Q)) ABORT; 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EC_POINT *points[3]; 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const BIGNUM *scalars[3]; 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_POINT_is_at_infinity(group, Q)) ABORT; 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[0] = Q; 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[1] = Q; 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project points[2] = Q; 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(y, z, BN_value_one())) ABORT; 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_odd(y)) ABORT; 1154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_rshift1(y, y)) ABORT; 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = y; 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "combined multiplication ..."); 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* z is still the group order */ 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "."); 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(z, z, y)) ABORT; 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_negative(z, 1); 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = y; 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = z; /* z = -(order + y) */ 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "."); 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(z, x, y)) ABORT; 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_negative(z, 1); 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[0] = x; 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[1] = y; 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project scalars[2] = z; /* z = -(x+y) */ 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, P)) ABORT; 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, " ok\n\n"); 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K163, TIMING_BASE_PT, ctx); 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K163, TIMING_RAND_PT, ctx); 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K163, TIMING_SIMUL, ctx); 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B163, TIMING_BASE_PT, ctx); 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B163, TIMING_RAND_PT, ctx); 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B163, TIMING_SIMUL, ctx); 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K233, TIMING_BASE_PT, ctx); 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K233, TIMING_RAND_PT, ctx); 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K233, TIMING_SIMUL, ctx); 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B233, TIMING_BASE_PT, ctx); 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B233, TIMING_RAND_PT, ctx); 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B233, TIMING_SIMUL, ctx); 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K283, TIMING_BASE_PT, ctx); 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K283, TIMING_RAND_PT, ctx); 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K283, TIMING_SIMUL, ctx); 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B283, TIMING_BASE_PT, ctx); 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B283, TIMING_RAND_PT, ctx); 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B283, TIMING_SIMUL, ctx); 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K409, TIMING_BASE_PT, ctx); 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K409, TIMING_RAND_PT, ctx); 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K409, TIMING_SIMUL, ctx); 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B409, TIMING_BASE_PT, ctx); 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B409, TIMING_RAND_PT, ctx); 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B409, TIMING_SIMUL, ctx); 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K571, TIMING_BASE_PT, ctx); 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K571, TIMING_RAND_PT, ctx); 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_K571, TIMING_SIMUL, ctx); 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B571, TIMING_BASE_PT, ctx); 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B571, TIMING_RAND_PT, ctx); 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timings(C2_B571, TIMING_SIMUL, ctx); 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx) 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(p); BN_free(a); BN_free(b); 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(P); 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(Q); 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(R); 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(x); BN_free(y); BN_free(z); BN_free(cof); 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_K163) EC_GROUP_free(C2_K163); 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_B163) EC_GROUP_free(C2_B163); 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_K233) EC_GROUP_free(C2_K233); 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_B233) EC_GROUP_free(C2_B233); 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_K283) EC_GROUP_free(C2_K283); 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_B283) EC_GROUP_free(C2_B283); 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_K409) EC_GROUP_free(C2_K409); 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_B409) EC_GROUP_free(C2_B409); 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_K571) EC_GROUP_free(C2_K571); 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (C2_B571) EC_GROUP_free(C2_B571); 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1251392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1253392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic void internal_curve_test(void) 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_builtin_curve *curves = NULL; 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t crv_len = 0, n = 0; 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok = 1; 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crv_len = EC_get_builtin_curves(NULL, 0); 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (curves == NULL) 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_get_builtin_curves(curves, crv_len)) 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(curves); 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "testing internal curves: "); 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (n = 0; n < crv_len; n++) 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *group = NULL; 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nid = curves[n].nid; 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok = 0; 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " curve %s\n", OBJ_nid2sn(nid)); 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* try next curve */ 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_check(group, NULL)) 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok = 0; 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "\nEC_GROUP_check() failed with" 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " curve %s\n", OBJ_nid2sn(nid)); 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* try the next curve */ 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stdout, "."); 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fflush(stdout); 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(group); 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ok) 1300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, " ok\n\n"); 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, " failed\n\n"); 1304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ABORT; 1305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(curves); 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 1311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* nistp_test_params contains magic numbers for testing our optimized 1312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * implementations of several NIST curves with characteristic > 3. */ 1313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstruct nistp_test_params 1314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EC_METHOD* (*meth) (); 1316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int degree; 1317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Qx, Qy and D are taken from 1318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf 1319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Otherwise, values are standard curve parameters from FIPS 180-3 */ 1320392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; 1321392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }; 1322392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1323392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic const struct nistp_test_params nistp_tests_params[] = 1324392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* P-224 */ 1327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_GFp_nistp224_method, 1328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 224, 1329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */ 1330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */ 1331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */ 1332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */ 1333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */ 1334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */ 1335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */ 1336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */ 1337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */ 1338392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 1339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* P-256 */ 1341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_GFp_nistp256_method, 1342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 256, 1343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */ 1344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */ 1345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */ 1346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */ 1347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */ 1348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */ 1349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */ 1350392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */ 1351392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */ 1352392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 1353392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1354392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* P-521 */ 1355392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_GFp_nistp521_method, 1356392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 521, 1357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */ 1358392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */ 1359392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */ 1360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */ 1361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */ 1362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */ 1363392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */ 1364392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */ 1365392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */ 1366392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 1367392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }; 1368392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1369392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromvoid nistp_single_test(const struct nistp_test_params *test) 1370392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1371392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_CTX *ctx; 1372392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; 1373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_GROUP *NISTP; 1374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT *G, *P, *Q, *Q_CHECK; 1375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree); 1377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx = BN_CTX_new(); 1378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p = BN_new(); 1379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom a = BN_new(); 1380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom b = BN_new(); 1381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom x = BN_new(); y = BN_new(); 1382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom m = BN_new(); n = BN_new(); order = BN_new(); 1383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NISTP = EC_GROUP_new(test->meth()); 1385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!NISTP) ABORT; 1386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&p, test->p)) ABORT; 1387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; 1388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&a, test->a)) ABORT; 1389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&b, test->b)) ABORT; 1390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT; 1391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom G = EC_POINT_new(NISTP); 1392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom P = EC_POINT_new(NISTP); 1393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom Q = EC_POINT_new(NISTP); 1394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom Q_CHECK = EC_POINT_new(NISTP); 1395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!BN_hex2bn(&x, test->Qx)) ABORT; 1396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!BN_hex2bn(&y, test->Qy)) ABORT; 1397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT; 1398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&x, test->Gx)) ABORT; 1399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&y, test->Gy)) ABORT; 1400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT; 1401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&order, test->order)) ABORT; 1402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT; 1403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "verify degree ... "); 1405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT; 1406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "ok\n"); 1407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "NIST test vectors ... "); 1409392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_hex2bn(&n, test->d)) ABORT; 1410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* fixed point multiplication */ 1411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); 1412392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* random point multiplication */ 1414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); 1415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set generator to P = 2*G, where G is the standard generator */ 1418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT; 1419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT; 1420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set the scalar to m=n/2, where n is the NIST test scalar */ 1421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_rshift(m, n, 1)) ABORT; 1422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* test the non-standard generator */ 1424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* fixed point multiplication */ 1425392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); 1426392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1427392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* random point multiplication */ 1428392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); 1429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* now repeat all tests with precomputation */ 1432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT; 1433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* fixed point multiplication */ 1435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); 1436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* random point multiplication */ 1438392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); 1439392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1440392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1441392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* reset generator */ 1442392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT; 1443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* fixed point multiplication */ 1444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); 1445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* random point multiplication */ 1447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); 1448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; 1449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stdout, "ok\n"); 1451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom group_order_tests(NISTP); 1452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#if 0 1453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom timings(NISTP, TIMING_BASE_PT, ctx); 1454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom timings(NISTP, TIMING_RAND_PT, ctx); 1455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_GROUP_free(NISTP); 1457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(G); 1458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(P); 1459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(Q); 1460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EC_POINT_free(Q_CHECK); 1461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(n); 1462392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(m); 1463392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(p); 1464392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(a); 1465392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(b); 1466392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(x); 1467392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(y); 1468392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(order); 1469392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_CTX_free(ctx); 1470392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1471392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1472392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromvoid nistp_tests() 1473392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned i; 1475392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++) 1477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom nistp_single_test(&nistp_tests_params[i]); 1479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char rnd_seed[] = "string to make the random number generator think it has entropy"; 1484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint main(int argc, char *argv[]) 1486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* enable memory leak checking unless explicitly disabled */ 1489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) 1490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_malloc_debug_init(); 1492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 1493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* OPENSSL_DEBUG_MEMORY=off */ 1497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); 1498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 1500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_load_crypto_strings(); 1501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ 1503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project prime_field_tests(); 1505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project puts(""); 1506392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_EC2M 1507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char2_field_tests(); 1508392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1509392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 1510392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom nistp_tests(); 1511392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* test the internal curves */ 1513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project internal_curve_test(); 1514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 1516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE_cleanup(); 1517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_cleanup_all_ex_data(); 1519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_free_strings(); 1520221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_remove_thread_state(NULL); 1521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_mem_leaks_fp(stderr); 1522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1526