xref: /openbsd/regress/lib/libcrypto/ec/ectest.c (revision 4acc544f) 
1*4acc544fStb /*	$OpenBSD: ectest.c,v 1.24 2024/10/18 19:55:34 tb Exp $	*/
23c6bd008Smiod /*
33c6bd008Smiod  * Originally written by Bodo Moeller for the OpenSSL project.
43c6bd008Smiod  */
53c6bd008Smiod /* ====================================================================
63c6bd008Smiod  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
73c6bd008Smiod  *
83c6bd008Smiod  * Redistribution and use in source and binary forms, with or without
93c6bd008Smiod  * modification, are permitted provided that the following conditions
103c6bd008Smiod  * are met:
113c6bd008Smiod  *
123c6bd008Smiod  * 1. Redistributions of source code must retain the above copyright
133c6bd008Smiod  *    notice, this list of conditions and the following disclaimer.
143c6bd008Smiod  *
153c6bd008Smiod  * 2. Redistributions in binary form must reproduce the above copyright
163c6bd008Smiod  *    notice, this list of conditions and the following disclaimer in
173c6bd008Smiod  *    the documentation and/or other materials provided with the
183c6bd008Smiod  *    distribution.
193c6bd008Smiod  *
203c6bd008Smiod  * 3. All advertising materials mentioning features or use of this
213c6bd008Smiod  *    software must display the following acknowledgment:
223c6bd008Smiod  *    "This product includes software developed by the OpenSSL Project
233c6bd008Smiod  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
243c6bd008Smiod  *
253c6bd008Smiod  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
263c6bd008Smiod  *    endorse or promote products derived from this software without
273c6bd008Smiod  *    prior written permission. For written permission, please contact
283c6bd008Smiod  *    openssl-core@openssl.org.
293c6bd008Smiod  *
303c6bd008Smiod  * 5. Products derived from this software may not be called "OpenSSL"
313c6bd008Smiod  *    nor may "OpenSSL" appear in their names without prior written
323c6bd008Smiod  *    permission of the OpenSSL Project.
333c6bd008Smiod  *
343c6bd008Smiod  * 6. Redistributions of any form whatsoever must retain the following
353c6bd008Smiod  *    acknowledgment:
363c6bd008Smiod  *    "This product includes software developed by the OpenSSL Project
373c6bd008Smiod  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
383c6bd008Smiod  *
393c6bd008Smiod  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
403c6bd008Smiod  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
413c6bd008Smiod  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
423c6bd008Smiod  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
433c6bd008Smiod  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
443c6bd008Smiod  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
453c6bd008Smiod  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
463c6bd008Smiod  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
473c6bd008Smiod  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
483c6bd008Smiod  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
493c6bd008Smiod  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
503c6bd008Smiod  * OF THE POSSIBILITY OF SUCH DAMAGE.
513c6bd008Smiod  * ====================================================================
523c6bd008Smiod  *
533c6bd008Smiod  * This product includes cryptographic software written by Eric Young
543c6bd008Smiod  * (eay@cryptsoft.com).  This product includes software written by Tim
553c6bd008Smiod  * Hudson (tjh@cryptsoft.com).
563c6bd008Smiod  *
573c6bd008Smiod  */
583c6bd008Smiod /* ====================================================================
593c6bd008Smiod  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
603c6bd008Smiod  *
613c6bd008Smiod  * Portions of the attached software ("Contribution") are developed by
623c6bd008Smiod  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
633c6bd008Smiod  *
643c6bd008Smiod  * The Contribution is licensed pursuant to the OpenSSL open source
653c6bd008Smiod  * license provided above.
663c6bd008Smiod  *
673c6bd008Smiod  * The elliptic curve binary polynomial software is originally written by
683c6bd008Smiod  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
693c6bd008Smiod  *
703c6bd008Smiod  */
713c6bd008Smiod 
723c6bd008Smiod #include <stdio.h>
733c6bd008Smiod #include <stdlib.h>
743c6bd008Smiod #include <string.h>
753c6bd008Smiod #include <time.h>
763c6bd008Smiod 
773c6bd008Smiod #include <openssl/ec.h>
783c6bd008Smiod #include <openssl/err.h>
793c6bd008Smiod #include <openssl/obj_mac.h>
803c6bd008Smiod #include <openssl/objects.h>
813c6bd008Smiod #include <openssl/bn.h>
823c6bd008Smiod #include <openssl/opensslconf.h>
833c6bd008Smiod 
843c6bd008Smiod #define ABORT do { \
853c6bd008Smiod 	fflush(stdout); \
863c6bd008Smiod 	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
873c6bd008Smiod 	ERR_print_errors_fp(stderr); \
883c6bd008Smiod 	exit(1); \
893c6bd008Smiod } while (0)
903c6bd008Smiod 
913c6bd008Smiod #define TIMING_BASE_PT 0
923c6bd008Smiod #define TIMING_RAND_PT 1
933c6bd008Smiod #define TIMING_SIMUL 2
943c6bd008Smiod 
954bec30b6Stb int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
964bec30b6Stb     const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
974bec30b6Stb 
983c6bd008Smiod /* test multiplication with group order, long and negative scalars */
99bb8ec7f4Sjsing static void
group_order_tests(EC_GROUP * group)100bb8ec7f4Sjsing group_order_tests(EC_GROUP *group)
1013c6bd008Smiod {
1023c6bd008Smiod 	BIGNUM *n1, *n2, *order;
1033c6bd008Smiod 	EC_POINT *P = EC_POINT_new(group);
1043c6bd008Smiod 	EC_POINT *Q = EC_POINT_new(group);
1059ec92463Stb 	BN_CTX *ctx;
1063c6bd008Smiod 
1079ec92463Stb 	if ((ctx = BN_CTX_new()) == NULL)
1089ec92463Stb 		ABORT;
1099ec92463Stb 
1109ec92463Stb 	if ((n1 = BN_new()) == NULL)
1119ec92463Stb 		ABORT;
1129ec92463Stb 	if ((n2 = BN_new()) == NULL)
1139ec92463Stb 		ABORT;
1149ec92463Stb 	if ((order = BN_new()) == NULL)
1159ec92463Stb 		ABORT;
1163c6bd008Smiod 	fprintf(stdout, "verify group order ...");
1173c6bd008Smiod 	fflush(stdout);
118bb8ec7f4Sjsing 	if (!EC_GROUP_get_order(group, order, ctx))
119bb8ec7f4Sjsing 		ABORT;
120bb8ec7f4Sjsing 	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
121bb8ec7f4Sjsing 		ABORT;
122bb8ec7f4Sjsing 	if (!EC_POINT_is_at_infinity(group, Q))
123bb8ec7f4Sjsing 		ABORT;
1243c6bd008Smiod 	fprintf(stdout, ".");
1253c6bd008Smiod 	fflush(stdout);
126bb8ec7f4Sjsing 	if (!EC_GROUP_precompute_mult(group, ctx))
127bb8ec7f4Sjsing 		ABORT;
128bb8ec7f4Sjsing 	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
129bb8ec7f4Sjsing 		ABORT;
130bb8ec7f4Sjsing 	if (!EC_POINT_is_at_infinity(group, Q))
131bb8ec7f4Sjsing 		ABORT;
1323c6bd008Smiod 	fprintf(stdout, " ok\n");
1333c6bd008Smiod 	fprintf(stdout, "long/negative scalar tests ... ");
1344bec30b6Stb 	/* XXX - switch back to BN_one() after next bump. */
1354bec30b6Stb 	if (!BN_set_word(n1, 1))
136bb8ec7f4Sjsing 		ABORT;
1373c6bd008Smiod 	/* n1 = 1 - order */
138bb8ec7f4Sjsing 	if (!BN_sub(n1, n1, order))
139bb8ec7f4Sjsing 		ABORT;
140bb8ec7f4Sjsing 	if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
141bb8ec7f4Sjsing 		ABORT;
142bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, Q, P, ctx))
143bb8ec7f4Sjsing 		ABORT;
1443c6bd008Smiod 	/* n2 = 1 + order */
145bb8ec7f4Sjsing 	if (!BN_add(n2, order, BN_value_one()))
146bb8ec7f4Sjsing 		ABORT;
147bb8ec7f4Sjsing 	if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
148bb8ec7f4Sjsing 		ABORT;
149bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, Q, P, ctx))
150bb8ec7f4Sjsing 		ABORT;
1513c6bd008Smiod 	/* n2 = (1 - order) * (1 + order) */
152bb8ec7f4Sjsing 	if (!BN_mul(n2, n1, n2, ctx))
153bb8ec7f4Sjsing 		ABORT;
154bb8ec7f4Sjsing 	if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
155bb8ec7f4Sjsing 		ABORT;
156bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, Q, P, ctx))
157bb8ec7f4Sjsing 		ABORT;
1583c6bd008Smiod 	fprintf(stdout, "ok\n");
1593c6bd008Smiod 	EC_POINT_free(P);
1603c6bd008Smiod 	EC_POINT_free(Q);
1613c6bd008Smiod 	BN_free(n1);
1623c6bd008Smiod 	BN_free(n2);
1633c6bd008Smiod 	BN_free(order);
1643c6bd008Smiod 	BN_CTX_free(ctx);
1653c6bd008Smiod }
1663c6bd008Smiod 
167bb8ec7f4Sjsing static void
prime_field_tests(void)168bb8ec7f4Sjsing prime_field_tests(void)
1693c6bd008Smiod {
1703c6bd008Smiod 	BN_CTX *ctx = NULL;
1713c6bd008Smiod 	BIGNUM *p, *a, *b;
1723c6bd008Smiod 	EC_GROUP *group;
1733c6bd008Smiod 	EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
1743c6bd008Smiod 	EC_POINT *P, *Q, *R;
1753c6bd008Smiod 	BIGNUM *x, *y, *z;
1763c6bd008Smiod 	unsigned char buf[100];
1773c6bd008Smiod 	size_t i, len;
1783c6bd008Smiod 	int k;
1793c6bd008Smiod 
1803c6bd008Smiod 	ctx = BN_CTX_new();
181bb8ec7f4Sjsing 	if (!ctx)
182bb8ec7f4Sjsing 		ABORT;
1833c6bd008Smiod 
1843c6bd008Smiod 	p = BN_new();
1853c6bd008Smiod 	a = BN_new();
1863c6bd008Smiod 	b = BN_new();
187bb8ec7f4Sjsing 	if (!p || !a || !b)
188bb8ec7f4Sjsing 		ABORT;
1893c6bd008Smiod 
190bb8ec7f4Sjsing 	if (!BN_hex2bn(&p, "17"))
191bb8ec7f4Sjsing 		ABORT;
192bb8ec7f4Sjsing 	if (!BN_hex2bn(&a, "1"))
193bb8ec7f4Sjsing 		ABORT;
194bb8ec7f4Sjsing 	if (!BN_hex2bn(&b, "1"))
195bb8ec7f4Sjsing 		ABORT;
1963c6bd008Smiod 
1973c6bd008Smiod 	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
1983c6bd008Smiod 	                                             * so that the library gets to choose the EC_METHOD */
199bb8ec7f4Sjsing 	if (!group)
200bb8ec7f4Sjsing 		ABORT;
2013c6bd008Smiod 
2020318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
203bb8ec7f4Sjsing 		ABORT;
2043c6bd008Smiod 
2053c6bd008Smiod 	{
2063c6bd008Smiod 		EC_GROUP *tmp;
2073c6bd008Smiod 		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
208bb8ec7f4Sjsing 		if (!tmp)
209bb8ec7f4Sjsing 			ABORT;
210bb8ec7f4Sjsing 		if (!EC_GROUP_copy(tmp, group))
211bb8ec7f4Sjsing 			ABORT;
2123c6bd008Smiod 		EC_GROUP_free(group);
2133c6bd008Smiod 		group = tmp;
2143c6bd008Smiod 	}
2153c6bd008Smiod 
2160318edf0Stb 	if (!EC_GROUP_get_curve(group, p, a, b, ctx))
217bb8ec7f4Sjsing 		ABORT;
2183c6bd008Smiod 
2193c6bd008Smiod 	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
2203c6bd008Smiod 	BN_print_fp(stdout, p);
2213c6bd008Smiod 	fprintf(stdout, ")\n     a = 0x");
2223c6bd008Smiod 	BN_print_fp(stdout, a);
2233c6bd008Smiod 	fprintf(stdout, "\n     b = 0x");
2243c6bd008Smiod 	BN_print_fp(stdout, b);
2253c6bd008Smiod 	fprintf(stdout, "\n");
2263c6bd008Smiod 
2273c6bd008Smiod 	P = EC_POINT_new(group);
2283c6bd008Smiod 	Q = EC_POINT_new(group);
2293c6bd008Smiod 	R = EC_POINT_new(group);
230bb8ec7f4Sjsing 	if (!P || !Q || !R)
231bb8ec7f4Sjsing 		ABORT;
2323c6bd008Smiod 
233bb8ec7f4Sjsing 	if (!EC_POINT_set_to_infinity(group, P))
234bb8ec7f4Sjsing 		ABORT;
235bb8ec7f4Sjsing 	if (!EC_POINT_is_at_infinity(group, P))
236bb8ec7f4Sjsing 		ABORT;
2373c6bd008Smiod 
2383c6bd008Smiod 	buf[0] = 0;
239bb8ec7f4Sjsing 	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
240bb8ec7f4Sjsing 		ABORT;
2413c6bd008Smiod 
242bb8ec7f4Sjsing 	if (!EC_POINT_add(group, P, P, Q, ctx))
243bb8ec7f4Sjsing 		ABORT;
244bb8ec7f4Sjsing 	if (!EC_POINT_is_at_infinity(group, P))
245bb8ec7f4Sjsing 		ABORT;
2463c6bd008Smiod 
2473c6bd008Smiod 	x = BN_new();
2483c6bd008Smiod 	y = BN_new();
2493c6bd008Smiod 	z = BN_new();
250bb8ec7f4Sjsing 	if (!x || !y || !z)
251bb8ec7f4Sjsing 		ABORT;
2523c6bd008Smiod 
253bb8ec7f4Sjsing 	if (!BN_hex2bn(&x, "D"))
254bb8ec7f4Sjsing 		ABORT;
255a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))
256bb8ec7f4Sjsing 		ABORT;
257a267e192Stb 	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
258b425ed70Stb 		if (!EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))
259bb8ec7f4Sjsing 			ABORT;
2603c6bd008Smiod 		fprintf(stderr, "Point is not on curve: x = 0x");
2613c6bd008Smiod 		BN_print_fp(stderr, x);
2623c6bd008Smiod 		fprintf(stderr, ", y = 0x");
2633c6bd008Smiod 		BN_print_fp(stderr, y);
2643c6bd008Smiod 		fprintf(stderr, "\n");
2653c6bd008Smiod 		ABORT;
2663c6bd008Smiod 	}
2673c6bd008Smiod 
2683c6bd008Smiod 	fprintf(stdout, "A cyclic subgroup:\n");
2693c6bd008Smiod 	k = 100;
2704bd67212Stb 	do {
271bb8ec7f4Sjsing 		if (k-- == 0)
272bb8ec7f4Sjsing 			ABORT;
2733c6bd008Smiod 
2743c6bd008Smiod 		if (EC_POINT_is_at_infinity(group, P))
2753c6bd008Smiod 			fprintf(stdout, "     point at infinity\n");
276bb8ec7f4Sjsing 		else {
277b425ed70Stb 			if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
278bb8ec7f4Sjsing 				ABORT;
2793c6bd008Smiod 
2803c6bd008Smiod 			fprintf(stdout, "     x = 0x");
2813c6bd008Smiod 			BN_print_fp(stdout, x);
2823c6bd008Smiod 			fprintf(stdout, ", y = 0x");
2833c6bd008Smiod 			BN_print_fp(stdout, y);
2843c6bd008Smiod 			fprintf(stdout, "\n");
2853c6bd008Smiod 		}
2863c6bd008Smiod 
287bb8ec7f4Sjsing 		if (!EC_POINT_copy(R, P))
288bb8ec7f4Sjsing 			ABORT;
289bb8ec7f4Sjsing 		if (!EC_POINT_add(group, P, P, Q, ctx))
290bb8ec7f4Sjsing 			ABORT;
2914bd67212Stb 	} while (!EC_POINT_is_at_infinity(group, P));
2923c6bd008Smiod 
293bb8ec7f4Sjsing 	if (!EC_POINT_add(group, P, Q, R, ctx))
294bb8ec7f4Sjsing 		ABORT;
295bb8ec7f4Sjsing 	if (!EC_POINT_is_at_infinity(group, P))
296bb8ec7f4Sjsing 		ABORT;
2973c6bd008Smiod 
2983c6bd008Smiod 	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
299bb8ec7f4Sjsing 	if (len == 0)
300bb8ec7f4Sjsing 		ABORT;
301bb8ec7f4Sjsing 	if (!EC_POINT_oct2point(group, P, buf, len, ctx))
302bb8ec7f4Sjsing 		ABORT;
303bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, P, Q, ctx))
304bb8ec7f4Sjsing 		ABORT;
3053c6bd008Smiod 	fprintf(stdout, "Generator as octet string, compressed form:\n     ");
3063c6bd008Smiod 	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
3073c6bd008Smiod 
3083c6bd008Smiod 		len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
309bb8ec7f4Sjsing 	if (len == 0)
310bb8ec7f4Sjsing 		ABORT;
311bb8ec7f4Sjsing 	if (!EC_POINT_oct2point(group, P, buf, len, ctx))
312bb8ec7f4Sjsing 		ABORT;
313bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, P, Q, ctx))
314bb8ec7f4Sjsing 		ABORT;
3153c6bd008Smiod 	fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
3163c6bd008Smiod 	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
3173c6bd008Smiod 
3183c6bd008Smiod 		len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
319bb8ec7f4Sjsing 	if (len == 0)
320bb8ec7f4Sjsing 		ABORT;
321bb8ec7f4Sjsing 	if (!EC_POINT_oct2point(group, P, buf, len, ctx))
322bb8ec7f4Sjsing 		ABORT;
323bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, P, Q, ctx))
324bb8ec7f4Sjsing 		ABORT;
3253c6bd008Smiod 	fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
3263c6bd008Smiod 	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
3273c6bd008Smiod 
3284bec30b6Stb 		if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
329bb8ec7f4Sjsing 			ABORT;
3303c6bd008Smiod 	fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
3313c6bd008Smiod 	BN_print_fp(stdout, x);
3323c6bd008Smiod 	fprintf(stdout, ", Y = 0x");
3333c6bd008Smiod 	BN_print_fp(stdout, y);
3343c6bd008Smiod 	fprintf(stdout, ", Z = 0x");
3353c6bd008Smiod 	BN_print_fp(stdout, z);
3363c6bd008Smiod 	fprintf(stdout, "\n");
3373c6bd008Smiod 
338bb8ec7f4Sjsing 	if (!EC_POINT_invert(group, P, ctx))
339bb8ec7f4Sjsing 		ABORT;
340bb8ec7f4Sjsing 	if (0 != EC_POINT_cmp(group, P, R, ctx))
341bb8ec7f4Sjsing 		ABORT;
3423c6bd008Smiod 
3433c6bd008Smiod 
3443c6bd008Smiod 	/* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
3453c6bd008Smiod 	 * -- not a NIST curve, but commonly used */
3463c6bd008Smiod 
347bb8ec7f4Sjsing 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
348bb8ec7f4Sjsing 		ABORT;
349bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
350bb8ec7f4Sjsing 		ABORT;
351bb8ec7f4Sjsing 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
352bb8ec7f4Sjsing 		ABORT;
353bb8ec7f4Sjsing 	if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
354bb8ec7f4Sjsing 		ABORT;
3550318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
356bb8ec7f4Sjsing 		ABORT;
3573c6bd008Smiod 
358bb8ec7f4Sjsing 	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
359bb8ec7f4Sjsing 		ABORT;
360bb8ec7f4Sjsing 	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
361bb8ec7f4Sjsing 		ABORT;
362b425ed70Stb 	if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
363bb8ec7f4Sjsing 		ABORT;
364a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
365bb8ec7f4Sjsing 		ABORT;
366bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
367bb8ec7f4Sjsing 		ABORT;
368bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
369bb8ec7f4Sjsing 		ABORT;
3703c6bd008Smiod 
371b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
372bb8ec7f4Sjsing 		ABORT;
3733c6bd008Smiod 	fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
3743c6bd008Smiod 	BN_print_fp(stdout, x);
3753c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
3763c6bd008Smiod 	BN_print_fp(stdout, y);
3773c6bd008Smiod 	fprintf(stdout, "\n");
3783c6bd008Smiod 	/* G_y value taken from the standard: */
379bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
380bb8ec7f4Sjsing 		ABORT;
381bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
382bb8ec7f4Sjsing 		ABORT;
3833c6bd008Smiod 
3843c6bd008Smiod 	fprintf(stdout, "verify degree ...");
385bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 160)
386bb8ec7f4Sjsing 		ABORT;
3873c6bd008Smiod 	fprintf(stdout, " ok\n");
3883c6bd008Smiod 
3893c6bd008Smiod 	group_order_tests(group);
3903c6bd008Smiod 
391bb8ec7f4Sjsing 	if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
392bb8ec7f4Sjsing 		ABORT;
393bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_160, group))
394bb8ec7f4Sjsing 		ABORT;
3953c6bd008Smiod 
3963c6bd008Smiod 
3973c6bd008Smiod 	/* Curve P-192 (FIPS PUB 186-2, App. 6) */
3983c6bd008Smiod 
399bb8ec7f4Sjsing 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
400bb8ec7f4Sjsing 		ABORT;
401bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
402bb8ec7f4Sjsing 		ABORT;
403bb8ec7f4Sjsing 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
404bb8ec7f4Sjsing 		ABORT;
405bb8ec7f4Sjsing 	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
406bb8ec7f4Sjsing 		ABORT;
4070318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
408bb8ec7f4Sjsing 		ABORT;
4093c6bd008Smiod 
410bb8ec7f4Sjsing 	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
411bb8ec7f4Sjsing 		ABORT;
412a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
413bb8ec7f4Sjsing 		ABORT;
414a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
415bb8ec7f4Sjsing 		ABORT;
416bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
417bb8ec7f4Sjsing 		ABORT;
418bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
419bb8ec7f4Sjsing 		ABORT;
4203c6bd008Smiod 
421b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
422bb8ec7f4Sjsing 		ABORT;
4233c6bd008Smiod 	fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
4243c6bd008Smiod 	BN_print_fp(stdout, x);
4253c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
4263c6bd008Smiod 	BN_print_fp(stdout, y);
4273c6bd008Smiod 	fprintf(stdout, "\n");
4283c6bd008Smiod 	/* G_y value taken from the standard: */
429bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
430bb8ec7f4Sjsing 		ABORT;
431bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
432bb8ec7f4Sjsing 		ABORT;
4333c6bd008Smiod 
4343c6bd008Smiod 	fprintf(stdout, "verify degree ...");
435bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 192)
436bb8ec7f4Sjsing 		ABORT;
4373c6bd008Smiod 	fprintf(stdout, " ok\n");
4383c6bd008Smiod 
4393c6bd008Smiod 	group_order_tests(group);
4403c6bd008Smiod 
441bb8ec7f4Sjsing 	if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
442bb8ec7f4Sjsing 		ABORT;
443bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_192, group))
444bb8ec7f4Sjsing 		ABORT;
4453c6bd008Smiod 
4463c6bd008Smiod 
4473c6bd008Smiod 	/* Curve P-224 (FIPS PUB 186-2, App. 6) */
4483c6bd008Smiod 
449bb8ec7f4Sjsing 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
450bb8ec7f4Sjsing 		ABORT;
451bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
452bb8ec7f4Sjsing 		ABORT;
453bb8ec7f4Sjsing 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
454bb8ec7f4Sjsing 		ABORT;
455bb8ec7f4Sjsing 	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
456bb8ec7f4Sjsing 		ABORT;
4570318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
458bb8ec7f4Sjsing 		ABORT;
4593c6bd008Smiod 
460bb8ec7f4Sjsing 	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
461bb8ec7f4Sjsing 		ABORT;
462a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
463bb8ec7f4Sjsing 		ABORT;
464a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
465bb8ec7f4Sjsing 		ABORT;
466bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
467bb8ec7f4Sjsing 		ABORT;
468bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
469bb8ec7f4Sjsing 		ABORT;
4703c6bd008Smiod 
471b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
472bb8ec7f4Sjsing 		ABORT;
4733c6bd008Smiod 	fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
4743c6bd008Smiod 	BN_print_fp(stdout, x);
4753c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
4763c6bd008Smiod 	BN_print_fp(stdout, y);
4773c6bd008Smiod 	fprintf(stdout, "\n");
4783c6bd008Smiod 	/* G_y value taken from the standard: */
479bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
480bb8ec7f4Sjsing 		ABORT;
481bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
482bb8ec7f4Sjsing 		ABORT;
4833c6bd008Smiod 
4843c6bd008Smiod 	fprintf(stdout, "verify degree ...");
485bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 224)
486bb8ec7f4Sjsing 		ABORT;
4873c6bd008Smiod 	fprintf(stdout, " ok\n");
4883c6bd008Smiod 
4893c6bd008Smiod 	group_order_tests(group);
4903c6bd008Smiod 
491bb8ec7f4Sjsing 	if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
492bb8ec7f4Sjsing 		ABORT;
493bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_224, group))
494bb8ec7f4Sjsing 		ABORT;
4953c6bd008Smiod 
4963c6bd008Smiod 
4973c6bd008Smiod 	/* Curve P-256 (FIPS PUB 186-2, App. 6) */
4983c6bd008Smiod 
499bb8ec7f4Sjsing 	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
500bb8ec7f4Sjsing 		ABORT;
501bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
502bb8ec7f4Sjsing 		ABORT;
503bb8ec7f4Sjsing 	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
504bb8ec7f4Sjsing 		ABORT;
505bb8ec7f4Sjsing 	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
506bb8ec7f4Sjsing 		ABORT;
5070318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
508bb8ec7f4Sjsing 		ABORT;
5093c6bd008Smiod 
510bb8ec7f4Sjsing 	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
511bb8ec7f4Sjsing 		ABORT;
512a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
513bb8ec7f4Sjsing 		ABORT;
514a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
515bb8ec7f4Sjsing 		ABORT;
5163c6bd008Smiod 	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
5173c6bd008Smiod 	    "84F3B9CAC2FC632551")) ABORT;
518bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
519bb8ec7f4Sjsing 		ABORT;
5203c6bd008Smiod 
521b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
522bb8ec7f4Sjsing 		ABORT;
5233c6bd008Smiod 	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
5243c6bd008Smiod 	BN_print_fp(stdout, x);
5253c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
5263c6bd008Smiod 	BN_print_fp(stdout, y);
5273c6bd008Smiod 	fprintf(stdout, "\n");
5283c6bd008Smiod 	/* G_y value taken from the standard: */
529bb8ec7f4Sjsing 	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
530bb8ec7f4Sjsing 		ABORT;
531bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
532bb8ec7f4Sjsing 		ABORT;
5333c6bd008Smiod 
5343c6bd008Smiod 	fprintf(stdout, "verify degree ...");
535bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 256)
536bb8ec7f4Sjsing 		ABORT;
5373c6bd008Smiod 	fprintf(stdout, " ok\n");
5383c6bd008Smiod 
5393c6bd008Smiod 	group_order_tests(group);
5403c6bd008Smiod 
541bb8ec7f4Sjsing 	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
542bb8ec7f4Sjsing 		ABORT;
543bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_256, group))
544bb8ec7f4Sjsing 		ABORT;
5453c6bd008Smiod 
5463c6bd008Smiod 
5473c6bd008Smiod 	/* Curve P-384 (FIPS PUB 186-2, App. 6) */
5483c6bd008Smiod 
5493c6bd008Smiod 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
5503c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
551bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
552bb8ec7f4Sjsing 		ABORT;
5533c6bd008Smiod 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
5543c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
5553c6bd008Smiod 	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
5563c6bd008Smiod 	    "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
5570318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
558bb8ec7f4Sjsing 		ABORT;
5593c6bd008Smiod 
5603c6bd008Smiod 	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
5613c6bd008Smiod 	    "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
562a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
563bb8ec7f4Sjsing 		ABORT;
564a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
565bb8ec7f4Sjsing 		ABORT;
5663c6bd008Smiod 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
5673c6bd008Smiod 	    "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
568bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
569bb8ec7f4Sjsing 		ABORT;
5703c6bd008Smiod 
571b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
572bb8ec7f4Sjsing 		ABORT;
5733c6bd008Smiod 	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
5743c6bd008Smiod 	BN_print_fp(stdout, x);
5753c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
5763c6bd008Smiod 	BN_print_fp(stdout, y);
5773c6bd008Smiod 	fprintf(stdout, "\n");
5783c6bd008Smiod 	/* G_y value taken from the standard: */
5793c6bd008Smiod 	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
5803c6bd008Smiod 	    "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
581bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
582bb8ec7f4Sjsing 		ABORT;
5833c6bd008Smiod 
5843c6bd008Smiod 	fprintf(stdout, "verify degree ...");
585bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 384)
586bb8ec7f4Sjsing 		ABORT;
5873c6bd008Smiod 	fprintf(stdout, " ok\n");
5883c6bd008Smiod 
5893c6bd008Smiod 	group_order_tests(group);
5903c6bd008Smiod 
591bb8ec7f4Sjsing 	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
592bb8ec7f4Sjsing 		ABORT;
593bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_384, group))
594bb8ec7f4Sjsing 		ABORT;
5953c6bd008Smiod 
5963c6bd008Smiod 
5973c6bd008Smiod 	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
5983c6bd008Smiod 
5993c6bd008Smiod 	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
6003c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
6013c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
602bb8ec7f4Sjsing 	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
603bb8ec7f4Sjsing 		ABORT;
6043c6bd008Smiod 	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
6053c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
6063c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
6073c6bd008Smiod 	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
6083c6bd008Smiod 	    "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
6093c6bd008Smiod 	    "DF883D2C34F1EF451FD46B503F00")) ABORT;
6100318edf0Stb 	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
611bb8ec7f4Sjsing 		ABORT;
6123c6bd008Smiod 
6133c6bd008Smiod 	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
6143c6bd008Smiod 	    "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
6153c6bd008Smiod 	    "3C1856A429BF97E7E31C2E5BD66")) ABORT;
616a20a87c2Stb 	if (!EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
617bb8ec7f4Sjsing 		ABORT;
618a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
619bb8ec7f4Sjsing 		ABORT;
6203c6bd008Smiod 	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
6213c6bd008Smiod 	    "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
6223c6bd008Smiod 	    "C9B8899C47AEBB6FB71E91386409")) ABORT;
623bb8ec7f4Sjsing 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
624bb8ec7f4Sjsing 		ABORT;
6253c6bd008Smiod 
626b425ed70Stb 	if (!EC_POINT_get_affine_coordinates(group, P, x, y, ctx))
627bb8ec7f4Sjsing 		ABORT;
6283c6bd008Smiod 	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
6293c6bd008Smiod 	BN_print_fp(stdout, x);
6303c6bd008Smiod 	fprintf(stdout, "\n     y = 0x");
6313c6bd008Smiod 	BN_print_fp(stdout, y);
6323c6bd008Smiod 	fprintf(stdout, "\n");
6333c6bd008Smiod 	/* G_y value taken from the standard: */
6343c6bd008Smiod 	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
6353c6bd008Smiod 	    "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
6363c6bd008Smiod 	    "7086A272C24088BE94769FD16650")) ABORT;
637bb8ec7f4Sjsing 	if (0 != BN_cmp(y, z))
638bb8ec7f4Sjsing 		ABORT;
6393c6bd008Smiod 
6403c6bd008Smiod 	fprintf(stdout, "verify degree ...");
641bb8ec7f4Sjsing 	if (EC_GROUP_get_degree(group) != 521)
642bb8ec7f4Sjsing 		ABORT;
6433c6bd008Smiod 	fprintf(stdout, " ok\n");
6443c6bd008Smiod 
6453c6bd008Smiod 	group_order_tests(group);
6463c6bd008Smiod 
647bb8ec7f4Sjsing 	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
648bb8ec7f4Sjsing 		ABORT;
649bb8ec7f4Sjsing 	if (!EC_GROUP_copy(P_521, group))
650bb8ec7f4Sjsing 		ABORT;
6513c6bd008Smiod 
6523c6bd008Smiod 
6533c6bd008Smiod 	/* more tests using the last curve */
654089cda23Stb 	fprintf(stdout, "infinity tests ...");
655089cda23Stb 	fflush(stdout);
656bb8ec7f4Sjsing 	if (!EC_POINT_copy(Q, P))
657bb8ec7f4Sjsing 		ABORT;
658bb8ec7f4Sjsing 	if (EC_POINT_is_at_infinity(group, Q))
659bb8ec7f4Sjsing 		ABORT;
660089cda23Stb 	/* P := 2P */
661bb8ec7f4Sjsing 	if (!EC_POINT_dbl(group, P, P, ctx))
662bb8ec7f4Sjsing 		ABORT;
663a267e192Stb 	if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
664bb8ec7f4Sjsing 		ABORT;
665089cda23Stb 	/* Q := -P */
666089cda23Stb 	if (!EC_POINT_invert(group, Q, ctx))
667089cda23Stb 		ABORT;
668089cda23Stb 	/* R := 2P - P = P */
669bb8ec7f4Sjsing 	if (!EC_POINT_add(group, R, P, Q, ctx))
670bb8ec7f4Sjsing 		ABORT;
671089cda23Stb 	/* R := R + Q = P - P = infty */
672bb8ec7f4Sjsing 	if (!EC_POINT_add(group, R, R, Q, ctx))
673bb8ec7f4Sjsing 		ABORT;
674089cda23Stb 	if (!EC_POINT_is_at_infinity(group, R))
675bb8ec7f4Sjsing 		ABORT;
6763c6bd008Smiod 	fprintf(stdout, " ok\n\n");
6773c6bd008Smiod 
6783c6bd008Smiod 	if (ctx)
6793c6bd008Smiod 		BN_CTX_free(ctx);
680bb8ec7f4Sjsing 	BN_free(p);
681bb8ec7f4Sjsing 	BN_free(a);
682bb8ec7f4Sjsing 	BN_free(b);
6833c6bd008Smiod 	EC_GROUP_free(group);
6843c6bd008Smiod 	EC_POINT_free(P);
6853c6bd008Smiod 	EC_POINT_free(Q);
6863c6bd008Smiod 	EC_POINT_free(R);
687bb8ec7f4Sjsing 	BN_free(x);
688bb8ec7f4Sjsing 	BN_free(y);
689bb8ec7f4Sjsing 	BN_free(z);
6903c6bd008Smiod 
691bb8ec7f4Sjsing 	if (P_160)
692bb8ec7f4Sjsing 		EC_GROUP_free(P_160);
693bb8ec7f4Sjsing 	if (P_192)
694bb8ec7f4Sjsing 		EC_GROUP_free(P_192);
695bb8ec7f4Sjsing 	if (P_224)
696bb8ec7f4Sjsing 		EC_GROUP_free(P_224);
697bb8ec7f4Sjsing 	if (P_256)
698bb8ec7f4Sjsing 		EC_GROUP_free(P_256);
699bb8ec7f4Sjsing 	if (P_384)
700bb8ec7f4Sjsing 		EC_GROUP_free(P_384);
701bb8ec7f4Sjsing 	if (P_521)
702bb8ec7f4Sjsing 		EC_GROUP_free(P_521);
7033c6bd008Smiod 
7043c6bd008Smiod }
7053c6bd008Smiod 
706bb8ec7f4Sjsing int
main(int argc,char * argv[])707bb8ec7f4Sjsing main(int argc, char *argv[])
7083c6bd008Smiod {
7093c6bd008Smiod 	ERR_load_crypto_strings();
7103c6bd008Smiod 
7113c6bd008Smiod 	prime_field_tests();
7123c6bd008Smiod 
7133c6bd008Smiod 	CRYPTO_cleanup_all_ex_data();
7143c6bd008Smiod 	ERR_free_strings();
7153c6bd008Smiod 	ERR_remove_thread_state(NULL);
7163c6bd008Smiod 
7173c6bd008Smiod 	return 0;
7183c6bd008Smiod }
719