1 /* 2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * https://www.openssl.org/source/license.html 8 * or in the file LICENSE in the source distribution. 9 */ 10 11 #include "internal/nelem.h" 12 #include "testutil.h" 13 14 #include <stdio.h> 15 #include <stdlib.h> 16 #include <string.h> 17 #include <ctype.h> 18 19 #define NUM_REPEATS "1000000" 20 21 static ossl_intmax_t num_repeats; 22 static int print_mode = 0; 23 24 #ifndef OPENSSL_NO_EC 25 #include <openssl/ec.h> 26 #include <openssl/err.h> 27 #include <openssl/obj_mac.h> 28 #include <openssl/objects.h> 29 #include <openssl/rand.h> 30 #include <openssl/bn.h> 31 #include <openssl/opensslconf.h> 32 33 static const char *kP256DefaultResult = "A1E24B223B8E81BC1FFF99BAFB909EDB895FACDE7D6DA5EF5E7B3255FB378E0F"; 34 35 /* 36 * Perform a deterministic walk on the curve, by starting from |point| and 37 * using the X-coordinate of the previous point as the next scalar for 38 * point multiplication. 39 * Returns the X-coordinate of the end result or NULL on error. 40 */ 41 static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, 42 ossl_intmax_t num) 43 { 44 BIGNUM *scalar = NULL; 45 ossl_intmax_t i; 46 47 if (!TEST_ptr(scalar = BN_new()) 48 || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, 49 NULL, NULL))) 50 goto err; 51 52 for (i = 0; i < num; i++) { 53 if (!TEST_true(EC_POINT_mul(group, point, NULL, point, scalar, NULL)) 54 || !TEST_true(EC_POINT_get_affine_coordinates(group, point, 55 scalar, 56 NULL, NULL))) 57 goto err; 58 } 59 return scalar; 60 61 err: 62 BN_free(scalar); 63 return NULL; 64 } 65 66 static int test_curve(void) 67 { 68 EC_GROUP *group = NULL; 69 EC_POINT *point = NULL; 70 BIGNUM *result = NULL, *expected_result = NULL; 71 int ret = 0; 72 73 /* 74 * We currently hard-code P-256, though adaptation to other curves. 75 * would be straightforward. 76 */ 77 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) 78 || !TEST_ptr(point = EC_POINT_dup(EC_GROUP_get0_generator(group), 79 group)) 80 || !TEST_ptr(result = walk_curve(group, point, num_repeats))) 81 goto err; 82 83 if (print_mode) { 84 BN_print(bio_out, result); 85 BIO_printf(bio_out, "\n"); 86 ret = 1; 87 } else { 88 if (!TEST_true(BN_hex2bn(&expected_result, kP256DefaultResult)) 89 || !TEST_ptr(expected_result) 90 || !TEST_BN_eq(result, expected_result)) 91 goto err; 92 ret = 1; 93 } 94 95 err: 96 EC_GROUP_free(group); 97 EC_POINT_free(point); 98 BN_free(result); 99 BN_free(expected_result); 100 return ret; 101 } 102 #endif 103 104 typedef enum OPTION_choice { 105 OPT_ERR = -1, 106 OPT_EOF = 0, 107 OPT_NUM_REPEATS, 108 OPT_TEST_ENUM 109 } OPTION_CHOICE; 110 111 const OPTIONS *test_get_options(void) 112 { 113 static const OPTIONS test_options[] = { 114 OPT_TEST_OPTIONS_DEFAULT_USAGE, 115 { "num", OPT_NUM_REPEATS, 'M', "Number of repeats" }, 116 { NULL } 117 }; 118 return test_options; 119 } 120 121 /* 122 * Stress test the curve. If the '-num' argument is given, runs the loop 123 * |num| times and prints the resulting X-coordinate. Otherwise runs the test 124 * the default number of times and compares against the expected result. 125 */ 126 int setup_tests(void) 127 { 128 OPTION_CHOICE o; 129 130 if (!opt_intmax(NUM_REPEATS, &num_repeats)) { 131 TEST_error("Cannot parse " NUM_REPEATS); 132 return 0; 133 } 134 135 while ((o = opt_next()) != OPT_EOF) { 136 switch (o) { 137 case OPT_NUM_REPEATS: 138 if (!opt_intmax(opt_arg(), &num_repeats) 139 || num_repeats < 0) 140 return 0; 141 print_mode = 1; 142 break; 143 case OPT_TEST_CASES: 144 break; 145 default: 146 case OPT_ERR: 147 return 0; 148 } 149 } 150 151 #ifndef OPENSSL_NO_EC 152 ADD_TEST(test_curve); 153 #endif 154 return 1; 155 } 156
Indexes created Sat Feb 28 05:31:39 UTC 2026