X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fectest.c;h=bb2a08d59eb7632f59493cffd4e0eef83f4da495;hp=96677723150bfcd158b09ddae77dfb95b51730af;hb=b41f6b64f809e5992b9f1b601b3dff1a2129da2d;hpb=bbd86bf5424a611cb6b77a3a17fc522931c4dcb8 diff --git a/test/ectest.c b/test/ectest.c index 9667772315..bb2a08d59e 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1,60 +1,12 @@ -/* crypto/ec/ectest.c */ /* - * Originally written by Bodo Moeller for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -71,14 +23,11 @@ #include #include -#ifdef FLAT_INC -# include "e_os.h" -#else -# include "../e_os.h" -#endif #include #include +#include "e_os.h" + #ifdef OPENSSL_NO_EC int main(int argc, char *argv[]) { @@ -120,6 +69,8 @@ static void group_order_tests(EC_GROUP *group) BIGNUM *n1, *n2, *order; EC_POINT *P = EC_POINT_new(group); EC_POINT *Q = EC_POINT_new(group); + EC_POINT *R = EC_POINT_new(group); + EC_POINT *S = EC_POINT_new(group); BN_CTX *ctx = BN_CTX_new(); int i; @@ -199,6 +150,17 @@ static void group_order_tests(EC_GROUP *group) /* Exercise EC_POINTs_mul, including corner cases. */ if (EC_POINT_is_at_infinity(group, P)) ABORT; + + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_dbl(group, S, points[0], ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, S, ctx)) + ABORT; + scalars[0] = n1; points[0] = Q; /* => infinity */ scalars[1] = n2; @@ -220,6 +182,8 @@ static void group_order_tests(EC_GROUP *group) EC_POINT_free(P); EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); BN_free(n1); BN_free(n2); BN_free(order); @@ -234,7 +198,7 @@ static void prime_field_tests(void) EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z; + BIGNUM *x, *y, *z, *yplusone; unsigned char buf[100]; size_t i, len; int k; @@ -312,7 +276,8 @@ static void prime_field_tests(void) x = BN_new(); y = BN_new(); z = BN_new(); - if (!x || !y || !z) + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || yplusone == NULL) ABORT; if (!BN_hex2bn(&x, "D")) @@ -437,6 +402,14 @@ static void prime_field_tests(void) ABORT; if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; if (EC_POINT_is_on_curve(group, P, ctx) <= 0) @@ -508,6 +481,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 192) ABORT; @@ -563,6 +545,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 224) ABORT; @@ -623,6 +614,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 256) ABORT; @@ -678,6 +678,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 384) ABORT; @@ -739,6 +748,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 521) ABORT; @@ -753,6 +771,10 @@ static void prime_field_tests(void) /* more tests using the last curve */ + /* Restore the point that got mangled in the (x, y + 1) test. */ + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + if (!EC_POINT_copy(Q, P)) ABORT; if (EC_POINT_is_at_infinity(group, Q)) @@ -862,6 +884,7 @@ static void prime_field_tests(void) BN_free(x); BN_free(y); BN_free(z); + BN_free(yplusone); EC_GROUP_free(P_160); EC_GROUP_free(P_192); @@ -876,6 +899,13 @@ static void prime_field_tests(void) # ifdef OPENSSL_EC_BIN_PT_COMP # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ @@ -894,6 +924,12 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ @@ -931,7 +967,7 @@ static void char2_field_tests(void) EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL; EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z, *cof; + BIGNUM *x, *y, *z, *cof, *yplusone; unsigned char buf[100]; size_t i, len; int k; @@ -943,7 +979,7 @@ static void char2_field_tests(void) p = BN_new(); a = BN_new(); b = BN_new(); - if (!p || !a || !b) + if (p == NULL || a == NULL || b == NULL) ABORT; if (!BN_hex2bn(&p, "13")) @@ -1009,7 +1045,8 @@ static void char2_field_tests(void) y = BN_new(); z = BN_new(); cof = BN_new(); - if (!x || !y || !z || !cof) + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL) ABORT; if (!BN_hex2bn(&x, "6")) @@ -1337,6 +1374,7 @@ static void char2_field_tests(void) BN_free(y); BN_free(z); BN_free(cof); + BN_free(yplusone); EC_GROUP_free(C2_K163); EC_GROUP_free(C2_B163); @@ -1398,6 +1436,26 @@ static void internal_curve_test(void) fprintf(stdout, " failed\n\n"); ABORT; } + + /* Test all built-in curves and let the library choose the EC_METHOD */ + for (n = 0; n < crv_len; n++) { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + /* + * Skip for X25519 because low level operations such as EC_POINT_mul() + * are not supported for this curve + */ + if (nid == NID_X25519) + continue; + fprintf(stdout, "%s:\n", OBJ_nid2sn(nid)); + fflush(stdout); + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { + ABORT; + } + group_order_tests(group); + EC_GROUP_free(group); + } + OPENSSL_free(curves); return; } @@ -1493,7 +1551,7 @@ static const struct nistp_test_params nistp_tests_params[] = { static void nistp_single_test(const struct nistp_test_params *test) { BN_CTX *ctx; - BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; + BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; EC_GROUP *NISTP; EC_POINT *G, *P, *Q, *Q_CHECK; @@ -1508,6 +1566,7 @@ static void nistp_single_test(const struct nistp_test_params *test) m = BN_new(); n = BN_new(); order = BN_new(); + yplusone = BN_new(); NISTP = EC_GROUP_new(test->meth()); if (!NISTP) @@ -1530,6 +1589,14 @@ static void nistp_single_test(const struct nistp_test_params *test) ABORT; if (!BN_hex2bn(&y, test->Qy)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) + ABORT; if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT; if (!BN_hex2bn(&x, test->Gx)) @@ -1579,9 +1646,18 @@ static void nistp_single_test(const struct nistp_test_params *test) if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; + /* + * We have not performed precomputation so have_precompute mult should be + * false + */ + if (EC_GROUP_have_precompute_mult(NISTP)) + ABORT; + /* now repeat all tests with precomputation */ if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT; + if (!EC_GROUP_have_precompute_mult(NISTP)) + ABORT; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); @@ -1619,6 +1695,7 @@ static void nistp_single_test(const struct nistp_test_params *test) BN_free(x); BN_free(y); BN_free(order); + BN_free(yplusone); BN_CTX_free(ctx); } @@ -1632,6 +1709,33 @@ static void nistp_tests() } # endif +static void parameter_test(void) +{ + EC_GROUP *group, *group2; + ECPARAMETERS *ecparameters; + + fprintf(stderr, "\ntesting ecparameters conversion ..."); + + group = EC_GROUP_new_by_curve_name(NID_secp112r1); + if (!group) + ABORT; + + ecparameters = EC_GROUP_get_ecparameters(group, NULL); + if (!ecparameters) + ABORT; + group2 = EC_GROUP_new_from_ecparameters(ecparameters); + if (!group2) + ABORT; + if (EC_GROUP_cmp(group, group2, NULL)) + ABORT; + + fprintf(stderr, " ok\n"); + + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); +} + static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -1643,7 +1747,6 @@ int main(int argc, char *argv[]) if (p != NULL && strcmp(p, "on") == 0) CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ @@ -1658,14 +1761,11 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); -# ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -# endif - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_thread_state(NULL); -#ifdef CRYPTO_MDEBUG - CRYPTO_mem_leaks_fp(stderr); + parameter_test(); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; #endif return 0;