void test_ecc_mul_j (unsigned curve, unsigned n, const mp_limb_t *p) { const struct ecc_curve *ecc = ecc_curves[curve]; mp_limb_t *np = xalloc_limbs (ecc_size_a (ecc)); mp_limb_t *scratch = xalloc_limbs (ecc_j_to_a_itch(ecc)); ecc_j_to_a (ecc, 1, np, p, scratch); test_ecc_mul_a (curve, n, np); free (np); free (scratch); }
static void test_eddsa (const struct ecc_curve *ecc, const struct nettle_hash *H, const uint8_t *pub, const struct tstring *msg, const uint8_t *signature) { mp_limb_t *A = xalloc_limbs (ecc_size_a (ecc)); mp_limb_t *scratch = xalloc_limbs (_eddsa_verify_itch (ecc)); size_t nbytes = 1 + ecc->p.bit_size / 8; uint8_t *cmsg = xalloc (msg->length); uint8_t *csignature = xalloc (2*nbytes); void *ctx = xalloc (H->context_size); if (!_eddsa_decompress (ecc, A, pub, scratch)) die ("Invalid eddsa public key.\n"); memcpy (csignature, signature, 2*nbytes); if (!_eddsa_verify (ecc, H, pub, A, ctx, msg->length, msg->data, csignature, scratch)) { fprintf (stderr, "eddsa_verify failed with valid signature.\n"); fail: fprintf (stderr, "bit_size = %u\npub = ", ecc->p.bit_size); print_hex (nbytes, pub); fprintf (stderr, "\nmsg = "); tstring_print_hex (msg); fprintf (stderr, "\nsign = "); print_hex (2*nbytes, csignature); fprintf (stderr, "\n"); abort(); } memcpy (csignature, signature, 2*nbytes); csignature[nbytes/3] ^= 0x40; if (_eddsa_verify (ecc, H, pub, A, ctx, msg->length, msg->data, csignature, scratch)) { fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature r.\n"); goto fail; } memcpy (csignature, signature, 2*nbytes); csignature[5*nbytes/3] ^= 0x8; if (_eddsa_verify (ecc, H, pub, A, ctx, msg->length, msg->data, csignature, scratch)) { fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature s.\n"); goto fail; } if (msg->length == 0) { if (_eddsa_verify (ecc, H, pub, A, ctx, 3, "foo", signature, scratch)) { fprintf (stderr, "ecdsa_verify unexpectedly succeeded with different message.\n"); goto fail; } } else { if (_eddsa_verify (ecc, H, pub, A, ctx, msg->length - 1, msg->data, signature, scratch)) { fprintf (stderr, "ecdsa_verify unexpectedly succeeded with truncated message.\n"); goto fail; } memcpy (cmsg, msg->data, msg->length); cmsg[2*msg->length / 3] ^= 0x20; if (_eddsa_verify (ecc, H, pub, A, ctx, msg->length, cmsg, signature, scratch)) { fprintf (stderr, "ecdsa_verify unexpectedly succeeded with modified message.\n"); goto fail; } } free (A); free (scratch); free (cmsg); free (csignature); free (ctx); }
static void ecc_point_zclear (struct ecc_point *p) { zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t)); ecc_point_clear(p); }