void
test_ecc_mul_j (unsigned curve, unsigned n, const mp_limb_t *p)
{
const struct ecc_curve *ecc = ecc_curves[curve];
mp_limb_t *np = xalloc_limbs (ecc_size_a (ecc));
mp_limb_t *scratch = xalloc_limbs (ecc_j_to_a_itch(ecc));
ecc_j_to_a (ecc, 1, np, p, scratch);
test_ecc_mul_a (curve, n, np);
free (np);
free (scratch);
}
static void
test_eddsa (const struct ecc_curve *ecc,
const struct nettle_hash *H,
const uint8_t *pub,
const struct tstring *msg,
const uint8_t *signature)
{
mp_limb_t *A = xalloc_limbs (ecc_size_a (ecc));
mp_limb_t *scratch = xalloc_limbs (_eddsa_verify_itch (ecc));
size_t nbytes = 1 + ecc->p.bit_size / 8;
uint8_t *cmsg = xalloc (msg->length);
uint8_t *csignature = xalloc (2*nbytes);
void *ctx = xalloc (H->context_size);
if (!_eddsa_decompress (ecc, A, pub, scratch))
die ("Invalid eddsa public key.\n");
memcpy (csignature, signature, 2*nbytes);
if (!_eddsa_verify (ecc, H, pub, A, ctx,
msg->length, msg->data, csignature, scratch))
{
fprintf (stderr, "eddsa_verify failed with valid signature.\n");
fail:
fprintf (stderr, "bit_size = %u\npub = ", ecc->p.bit_size);
print_hex (nbytes, pub);
fprintf (stderr, "\nmsg = ");
tstring_print_hex (msg);
fprintf (stderr, "\nsign = ");
print_hex (2*nbytes, csignature);
fprintf (stderr, "\n");
abort();
}
memcpy (csignature, signature, 2*nbytes);
csignature[nbytes/3] ^= 0x40;
if (_eddsa_verify (ecc, H, pub, A, ctx,
msg->length, msg->data, csignature, scratch))
{
fprintf (stderr,
"ecdsa_verify unexpectedly succeeded with invalid signature r.\n");
goto fail;
}
memcpy (csignature, signature, 2*nbytes);
csignature[5*nbytes/3] ^= 0x8;
if (_eddsa_verify (ecc, H, pub, A, ctx,
msg->length, msg->data, csignature, scratch))
{
fprintf (stderr,
"ecdsa_verify unexpectedly succeeded with invalid signature s.\n");
goto fail;
}
if (msg->length == 0)
{
if (_eddsa_verify (ecc, H, pub, A, ctx,
3, "foo", signature, scratch))
{
fprintf (stderr,
"ecdsa_verify unexpectedly succeeded with different message.\n");
goto fail;
}
}
else
{
if (_eddsa_verify (ecc, H, pub, A, ctx,
msg->length - 1, msg->data,
signature, scratch))
{
fprintf (stderr,
"ecdsa_verify unexpectedly succeeded with truncated message.\n");
goto fail;
}
memcpy (cmsg, msg->data, msg->length);
cmsg[2*msg->length / 3] ^= 0x20;
if (_eddsa_verify (ecc, H, pub, A, ctx,
msg->length, cmsg, signature, scratch))
{
fprintf (stderr,
"ecdsa_verify unexpectedly succeeded with modified message.\n");
goto fail;
}
}
free (A);
free (scratch);
free (cmsg);
free (csignature);
free (ctx);
}
static void
ecc_point_zclear (struct ecc_point *p)
{
zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
ecc_point_clear(p);
}
