1 1.1 christos /* 2 1.1 christos * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"); 5 1.1 christos * you may not use this file except in compliance with the License. 6 1.1 christos * You may obtain a copy of the License at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos * or in the file LICENSE in the source distribution. 9 1.1 christos */ 10 1.1 christos 11 1.1 christos #include "internal/nelem.h" 12 1.1 christos #include "testutil.h" 13 1.1 christos 14 1.1 christos #include <stdio.h> 15 1.1 christos #include <stdlib.h> 16 1.1 christos #include <string.h> 17 1.1 christos #include <ctype.h> 18 1.1 christos 19 1.1 christos #define NUM_REPEATS "1000000" 20 1.1 christos 21 1.1 christos static ossl_intmax_t num_repeats; 22 1.1 christos static int print_mode = 0; 23 1.1 christos 24 1.1 christos #ifndef OPENSSL_NO_EC 25 1.1.1.2 christos #include <openssl/ec.h> 26 1.1.1.2 christos #include <openssl/err.h> 27 1.1.1.2 christos #include <openssl/obj_mac.h> 28 1.1.1.2 christos #include <openssl/objects.h> 29 1.1.1.2 christos #include <openssl/rand.h> 30 1.1.1.2 christos #include <openssl/bn.h> 31 1.1.1.2 christos #include <openssl/opensslconf.h> 32 1.1 christos 33 1.1.1.2 christos static const char *kP256DefaultResult = "A1E24B223B8E81BC1FFF99BAFB909EDB895FACDE7D6DA5EF5E7B3255FB378E0F"; 34 1.1 christos 35 1.1 christos /* 36 1.1 christos * Perform a deterministic walk on the curve, by starting from |point| and 37 1.1 christos * using the X-coordinate of the previous point as the next scalar for 38 1.1 christos * point multiplication. 39 1.1 christos * Returns the X-coordinate of the end result or NULL on error. 40 1.1 christos */ 41 1.1 christos static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, 42 1.1.1.2 christos ossl_intmax_t num) 43 1.1 christos { 44 1.1 christos BIGNUM *scalar = NULL; 45 1.1 christos ossl_intmax_t i; 46 1.1 christos 47 1.1 christos if (!TEST_ptr(scalar = BN_new()) 48 1.1.1.2 christos || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, 49 1.1.1.2 christos NULL, NULL))) 50 1.1 christos goto err; 51 1.1 christos 52 1.1 christos for (i = 0; i < num; i++) { 53 1.1 christos if (!TEST_true(EC_POINT_mul(group, point, NULL, point, scalar, NULL)) 54 1.1.1.2 christos || !TEST_true(EC_POINT_get_affine_coordinates(group, point, 55 1.1.1.2 christos scalar, 56 1.1.1.2 christos NULL, NULL))) 57 1.1 christos goto err; 58 1.1 christos } 59 1.1 christos return scalar; 60 1.1 christos 61 1.1 christos err: 62 1.1 christos BN_free(scalar); 63 1.1 christos return NULL; 64 1.1 christos } 65 1.1 christos 66 1.1 christos static int test_curve(void) 67 1.1 christos { 68 1.1 christos EC_GROUP *group = NULL; 69 1.1 christos EC_POINT *point = NULL; 70 1.1 christos BIGNUM *result = NULL, *expected_result = NULL; 71 1.1 christos int ret = 0; 72 1.1 christos 73 1.1 christos /* 74 1.1 christos * We currently hard-code P-256, though adaptation to other curves. 75 1.1 christos * would be straightforward. 76 1.1 christos */ 77 1.1 christos if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) 78 1.1.1.2 christos || !TEST_ptr(point = EC_POINT_dup(EC_GROUP_get0_generator(group), 79 1.1.1.2 christos group)) 80 1.1.1.2 christos || !TEST_ptr(result = walk_curve(group, point, num_repeats))) 81 1.1 christos goto err; 82 1.1 christos 83 1.1 christos if (print_mode) { 84 1.1 christos BN_print(bio_out, result); 85 1.1 christos BIO_printf(bio_out, "\n"); 86 1.1 christos ret = 1; 87 1.1 christos } else { 88 1.1 christos if (!TEST_true(BN_hex2bn(&expected_result, kP256DefaultResult)) 89 1.1.1.2 christos || !TEST_ptr(expected_result) 90 1.1.1.2 christos || !TEST_BN_eq(result, expected_result)) 91 1.1 christos goto err; 92 1.1 christos ret = 1; 93 1.1 christos } 94 1.1 christos 95 1.1 christos err: 96 1.1 christos EC_GROUP_free(group); 97 1.1 christos EC_POINT_free(point); 98 1.1 christos BN_free(result); 99 1.1 christos BN_free(expected_result); 100 1.1 christos return ret; 101 1.1 christos } 102 1.1 christos #endif 103 1.1 christos 104 1.1 christos typedef enum OPTION_choice { 105 1.1 christos OPT_ERR = -1, 106 1.1 christos OPT_EOF = 0, 107 1.1 christos OPT_NUM_REPEATS, 108 1.1 christos OPT_TEST_ENUM 109 1.1 christos } OPTION_CHOICE; 110 1.1 christos 111 1.1 christos const OPTIONS *test_get_options(void) 112 1.1 christos { 113 1.1 christos static const OPTIONS test_options[] = { 114 1.1 christos OPT_TEST_OPTIONS_DEFAULT_USAGE, 115 1.1 christos { "num", OPT_NUM_REPEATS, 'M', "Number of repeats" }, 116 1.1 christos { NULL } 117 1.1 christos }; 118 1.1 christos return test_options; 119 1.1 christos } 120 1.1 christos 121 1.1 christos /* 122 1.1 christos * Stress test the curve. If the '-num' argument is given, runs the loop 123 1.1 christos * |num| times and prints the resulting X-coordinate. Otherwise runs the test 124 1.1 christos * the default number of times and compares against the expected result. 125 1.1 christos */ 126 1.1 christos int setup_tests(void) 127 1.1 christos { 128 1.1 christos OPTION_CHOICE o; 129 1.1 christos 130 1.1 christos if (!opt_intmax(NUM_REPEATS, &num_repeats)) { 131 1.1 christos TEST_error("Cannot parse " NUM_REPEATS); 132 1.1 christos return 0; 133 1.1 christos } 134 1.1 christos 135 1.1 christos while ((o = opt_next()) != OPT_EOF) { 136 1.1 christos switch (o) { 137 1.1 christos case OPT_NUM_REPEATS: 138 1.1 christos if (!opt_intmax(opt_arg(), &num_repeats) 139 1.1.1.2 christos || num_repeats < 0) 140 1.1 christos return 0; 141 1.1 christos print_mode = 1; 142 1.1 christos break; 143 1.1 christos case OPT_TEST_CASES: 144 1.1.1.2 christos break; 145 1.1 christos default: 146 1.1 christos case OPT_ERR: 147 1.1 christos return 0; 148 1.1 christos } 149 1.1 christos } 150 1.1 christos 151 1.1 christos #ifndef OPENSSL_NO_EC 152 1.1 christos ADD_TEST(test_curve); 153 1.1 christos #endif 154 1.1 christos return 1; 155 1.1 christos } 156
Indexes created Sat Feb 28 05:31:39 UTC 2026