Test edddsa point compression with curve448.

author: Niels Möller <nisse@lysator.liu.se> 2020-01-01 14:42:01 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2020-01-01 14:42:01 +0100
commit: 9539db4ee8472feb08108041b621023fbbce7c19 (patch)
tree: b52b2c41457982bd7c278703e63d1348f6b11740
parent: 1a85646bdb96855b261280bcf814c01e2b8d462d (diff)
download: nettle-9539db4ee8472feb08108041b621023fbbce7c19.tar.gz
2 files changed, 76 insertions, 63 deletions
diff --git a/ChangeLog b/ChangeLog
index 54a5a346..c9895615 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2020-01-01  Niels Möller  <nisse@lysator.liu.se>
+
+	* testsuite/eddsa-compress-test.c: Test also with curve448.
+
 2019-12-30  Niels Möller  <nisse@lysator.liu.se>
 
 	Preparation for ed448, based on patch by Daiki Ueno.
diff --git a/testsuite/eddsa-compress-test.c b/testsuite/eddsa-compress-test.c
index f95da870..640421c5 100644
--- a/testsuite/eddsa-compress-test.c
+++ b/testsuite/eddsa-compress-test.c
@@ -38,76 +38,85 @@
 
 void test_main (void)
 {
-  const struct ecc_curve *ecc = &_nettle_curve25519;
   gmp_randstate_t rands;
-  mp_size_t size, itch;
-  mpz_t zp, t;
-  mp_limb_t *s;
-  mp_limb_t *p;
-  mp_limb_t *pa1;
-  mp_limb_t *pa2;
-  mp_limb_t *scratch;
-  size_t clen;
-  uint8_t *c;
-  unsigned j;
+  unsigned i;
 
   gmp_randinit_default (rands);
 
-  size = ecc_size (ecc);
-  clen = 1 + ecc->p.bit_size / 8;
-
-  mpz_roinit_n (zp, ecc->p.m, size);
-
-  mpz_init (t);
-  s = xalloc_limbs (size);
-  p = xalloc_limbs (ecc_size_j (ecc));
-  pa1 = xalloc_limbs (ecc_size_a (ecc));
-  pa2 = xalloc_limbs (ecc_size_a (ecc));
-  c = xalloc (clen);
-
-  itch = _eddsa_decompress_itch (ecc);
-  if (itch < ecc->mul_g_itch)
-    itch = ecc->mul_g_itch;
-
-  scratch = xalloc_limbs (itch);
-
-  for (j = 0; j < COUNT; j++)
+  for (i = 0; ecc_curves[i]; i++)
     {
-      mpz_t x1, y1, x2, y2;
-
-      mpz_urandomb (t, rands, ecc->q.bit_size);
-      mpz_limbs_copy (s, t, ecc->q.size);
-      ecc->mul_g (ecc, p, s, scratch);
-      _eddsa_compress (ecc, c, p, scratch);
-      ecc->h_to_a (ecc, 0, pa1, p, scratch);
-      _eddsa_decompress (ecc, pa2, c, scratch);
-      mpz_roinit_n (x1, pa1, size);
-      mpz_roinit_n (y1, pa1 + size, size);
-      mpz_roinit_n (x2, pa2, size);
-      mpz_roinit_n (y2, pa2 + size, size);
-      if (!(mpz_congruent_p (x1, x2, zp)
-	    && mpz_congruent_p (y1, y2, zp)))
+      const struct ecc_curve *ecc = ecc_curves[i];
+      mp_size_t size, itch;
+      mpz_t zp, t;
+      mp_limb_t *s;
+      mp_limb_t *p;
+      mp_limb_t *pa1;
+      mp_limb_t *pa2;
+      mp_limb_t *scratch;
+      size_t clen;
+      uint8_t *c;
+      unsigned j;
+
+      if (!(ecc->p.bit_size == 255 || ecc->p.bit_size == 448))
+	continue;
+  
+      size = ecc_size (ecc);
+      clen = 1 + ecc->p.bit_size / 8;
+
+      mpz_roinit_n (zp, ecc->p.m, size);
+
+      mpz_init (t);
+      s = xalloc_limbs (size);
+      p = xalloc_limbs (ecc_size_j (ecc));
+      pa1 = xalloc_limbs (ecc_size_a (ecc));
+      pa2 = xalloc_limbs (ecc_size_a (ecc));
+      c = xalloc (clen);
+
+      itch = _eddsa_decompress_itch (ecc);
+      if (itch < ecc->mul_g_itch)
+	itch = ecc->mul_g_itch;
+      ASSERT (_eddsa_compress_itch (ecc) <= itch);
+
+      scratch = xalloc_limbs (itch);
+
+      for (j = 0; j < COUNT; j++)
 	{
-	  fprintf (stderr, "eddsa compression failed:\nc = ");
-	  print_hex (clen, c);
-	  fprintf (stderr, "\np1 = 0x");
-	  mpz_out_str (stderr, 16, x1);
-	  fprintf (stderr, ",\n     0x");
-	  mpz_out_str (stderr, 16, y1);
-	  fprintf (stderr, "\np2 = 0x");
-	  mpz_out_str (stderr, 16, x2);
-	  fprintf (stderr, ",\n     0x");
-	  mpz_out_str (stderr, 16, y2);
-	  fprintf (stderr, "\n");
-	  abort ();
+	  mpz_t x1, y1, x2, y2;
+
+	  mpz_urandomb (t, rands, ecc->q.bit_size);
+	  mpz_limbs_copy (s, t, ecc->q.size);
+	  ecc->mul_g (ecc, p, s, scratch);
+	  _eddsa_compress (ecc, c, p, scratch);
+	  ecc->h_to_a (ecc, 0, pa1, p, scratch);
+	  _eddsa_decompress (ecc, pa2, c, scratch);
+	  mpz_roinit_n (x1, pa1, size);
+	  mpz_roinit_n (y1, pa1 + size, size);
+	  mpz_roinit_n (x2, pa2, size);
+	  mpz_roinit_n (y2, pa2 + size, size);
+	  if (!(mpz_congruent_p (x1, x2, zp)
+		&& mpz_congruent_p (y1, y2, zp)))
+	    {
+	      fprintf (stderr, "eddsa compression failed:\nc = ");
+	      print_hex (clen, c);
+	      fprintf (stderr, "\np1 = 0x");
+	      mpz_out_str (stderr, 16, x1);
+	      fprintf (stderr, ",\n     0x");
+	      mpz_out_str (stderr, 16, y1);
+	      fprintf (stderr, "\np2 = 0x");
+	      mpz_out_str (stderr, 16, x2);
+	      fprintf (stderr, ",\n     0x");
+	      mpz_out_str (stderr, 16, y2);
+	      fprintf (stderr, "\n");
+	      FAIL();
+	    }
 	}
+      mpz_clear (t);
+      free (s);
+      free (p);
+      free (c);
+      free (pa1);
+      free (pa2);
+      free (scratch);
     }
-  mpz_clear (t);
-  free (s);
-  free (p);
-  free (c);
-  free (pa1);
-  free (pa2);
-  free (scratch);
   gmp_randclear (rands);
 }
author	Niels Möller <nisse@lysator.liu.se>	2020-01-01 14:42:01 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2020-01-01 14:42:01 +0100
commit	9539db4ee8472feb08108041b621023fbbce7c19 (patch)
tree	b52b2c41457982bd7c278703e63d1348f6b11740
parent	1a85646bdb96855b261280bcf814c01e2b8d462d (diff)
download	nettle-9539db4ee8472feb08108041b621023fbbce7c19.tar.gz