1 #include <assert.h>
2 #include "common.h"
3 #include "mont.h"
4 #include "ec.h"
5 #include "endianess.h"
6 #include "modexp_utils.h"
7
8 void print_x(const char *s, const uint64_t *number, const MontContext *ctx);
9 Workplace *new_workplace(const MontContext *ctx);
10 void free_workplace(Workplace *wp);
11
12 void ec_projective_to_affine(uint64_t *x3, uint64_t *y3,
13 const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
14 Workplace *tmp,
15 const MontContext *ctx);
16
17 void ec_full_double(uint64_t *x3, uint64_t *y3, uint64_t *z3,
18 const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
19 const uint64_t *b,
20 Workplace *tmp, const MontContext *ctx);
21 void ec_mix_add(uint64_t *x3, uint64_t *y3, uint64_t *z3,
22 const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
23 const uint64_t *x2, const uint64_t *y2,
24 const uint64_t *b,
25 Workplace *tmp,
26 const MontContext *ctx);
27 void ec_full_add(uint64_t *x3, uint64_t *y3, uint64_t *z3,
28 const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
29 const uint64_t *x2, const uint64_t *y2, const uint64_t *z2,
30 const uint64_t *b,
31 Workplace *tmp,
32 const MontContext *ctx);
33 void ec_scalar(uint64_t *x3, uint64_t *y3, uint64_t *z3,
34 const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
35 uint64_t *b,
36 const uint8_t *exp, size_t exp_size, uint64_t seed,
37 Workplace *wp1,
38 Workplace *wp2,
39 const MontContext *ctx);
40
41 int ec_scalar_g_p256(uint64_t *x3, uint64_t *y3, uint64_t *z3,
42 const uint64_t *b,
43 const uint8_t *exp, size_t exp_size,
44 uint64_t seed,
45 Workplace *wp1,
46 Workplace *wp2,
47 ProtMemory **prot_g,
48 const MontContext *ctx);
49 ProtMemory** ec_scramble_g_p256(const MontContext *ctx, uint64_t seed);
50 void free_g_p256(ProtMemory **prot_g);
51
matches(const uint64_t * x1,const uint64_t * y1,const uint64_t * z1,const uint64_t * x2,const uint64_t * y2,const uint64_t * z2,Workplace * wp,const MontContext * ctx)52 static int matches(const uint64_t *x1, const uint64_t *y1, const uint64_t *z1,
53 const uint64_t *x2, const uint64_t *y2, const uint64_t *z2,
54 Workplace *wp,
55 const MontContext *ctx)
56 {
57 uint64_t *xa, *ya, *xb, *yb;
58 int result;
59
60 mont_number(&xa, 1, ctx);
61 mont_number(&ya, 1, ctx);
62 mont_number(&xb, 1, ctx);
63 mont_number(&yb, 1, ctx);
64
65 ec_projective_to_affine(xa, ya, x1, y1, z1, wp, ctx);
66 ec_projective_to_affine(xb, yb, x2, y2, z2, wp, ctx);
67
68 result = mont_is_equal(xa, xb, ctx);
69 result |= mont_is_equal(ya, yb, ctx);
70
71 free(xa);
72 free(ya);
73 free(xb);
74 free(yb);
75
76 return (result != 0);
77 }
78
test_ec_projective_to_affine(void)79 void test_ec_projective_to_affine(void)
80 {
81 Workplace *wp;
82 MontContext *ctx;
83 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
84 uint64_t *x, *y, *z;
85 uint8_t buffer[32];
86 uint64_t zero[4] = { 0 };
87
88 mont_context_init(&ctx, modulus, sizeof(modulus));
89 wp = new_workplace(ctx);
90
91 /** Arbitrary point on the curve with Z=10 **/
92 mont_from_bytes(&x, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
93 mont_from_bytes(&y, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
94 mont_from_bytes(&z, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
95 ec_projective_to_affine(x, y, x, y, z, wp, ctx);
96 mont_to_bytes(buffer, 32, x, ctx);
97 assert(0 == memcmp(buffer, (uint8_t*)"\xfa\x3a\xdb\x43\xa7\xbc\x69\x5c\xc8\xa1\x23\x87\x07\x74\x55\x8e\x93\x20\xdd\x79\x5f\x5f\xaf\x11\x58\xfa\x39\x01\xf9\x92\x58\xd5", 32));
98 mont_to_bytes(buffer, 32, y, ctx);
99 assert(0 == memcmp(buffer, (uint8_t*)"\xe3\xa8\xd6\xe0\xd0\x40\x8b\xc1\xce\x8c\x24\x04\x9a\x41\xd2\xff\x23\x77\x40\x98\x49\x17\x15\xc4\xd5\xd4\xb4\x6d\x1c\x88\x25\x96", 32));
100
101 /** Point-at-infinity **/
102 memset(x, 0xFF, 32);
103 memset(y, 0xFF, 32);
104 memset(z, 0, 32);
105 ec_projective_to_affine(x, y, x, y, z, wp, ctx);
106 assert(0 == memcmp(x, zero, 32));
107 assert(0 == memcmp(y, zero, 32));
108
109 free(x);
110 free(y);
111 free(z);
112
113 free_workplace(wp);
114 mont_context_free(ctx);
115 }
116
test_ec_full_double(void)117 void test_ec_full_double(void)
118 {
119 Workplace *wp;
120 MontContext *ctx;
121 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
122 uint64_t *x, *y, *z;
123 uint64_t *b;
124 uint8_t buffer[32];
125 uint64_t zero[4] = { 0 };
126
127 mont_context_init(&ctx, modulus, sizeof(modulus));
128 wp = new_workplace(ctx);
129 mont_from_bytes(&b, (uint8_t*)"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b", 32, ctx);
130
131 /** Arbitrary point on the curve with Z=10 **/
132 mont_from_bytes(&x, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
133 mont_from_bytes(&y, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
134 mont_from_bytes(&z, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
135 ec_full_double(x, y, z, x, y, z, b, wp, ctx);
136
137 mont_to_bytes(buffer, 32, x, ctx);
138 assert(0 == memcmp(buffer, "\x9e\x0e\xcb\x70\xd6\x15\x88\x5e\x6a\xce\x5a\x03\x41\x89\xd5\xe5\xf8\xb1\x6f\x38\xe5\xc0\x1e\x59\xf5\xcc\xe6\xdf\xb4\xf9\xdd\x02", 32));
139 mont_to_bytes(buffer, 32, y, ctx);
140 assert(0 == memcmp(buffer, "\xda\x30\xad\x21\x7a\x5d\xe2\x3a\xd6\x86\x12\xd2\x61\xa0\x7b\x51\xff\x05\x3c\x73\xa6\x63\x88\x4b\xa4\xe6\xb6\x84\x71\x9a\xe0\xb4", 32));
141 mont_to_bytes(buffer, 32, z, ctx);
142 assert(0 == memcmp(buffer, "\x62\x60\x97\xCF\xE5\x64\xFC\xD1\x02\x41\xD7\xD1\x63\xBE\xF2\x41\x3D\xA9\xA8\xD6\x60\x5B\x7B\xB5\x7C\x4E\x4A\x21\x69\xA5\xFA\xC2", 32));
143
144 /** Point-at-infinity **/
145 mont_set(x, 0, ctx);
146 mont_set(y, 1, ctx);
147 mont_set(z, 0, ctx);
148 ec_full_double(x, y, z, x, y, z, b, wp, ctx);
149 assert(0 == memcmp(z, zero, 32));
150
151 /* Points with Y=0; for P-256:
152 X = 0x512aecbfc85c47596a7fb7b1285159e35f22b92edfb04634ea63c40cb6134872
153 X = 0xaed5133f37a3b8a79580484ed7aea61ca0dd46d2204fb9cb159c3bf349ecb790
154 */
155 free(x);
156 free(z);
157 mont_from_bytes(&x, (uint8_t*)"\x2b\xad\x3f\x80\xd3\x9a\xc9\x7b\x28\xfd\x2c\xeb\x93\x2d\x82\xe1\xb7\x5b\x3b\xd1\xbc\xe2\xbe\x11\x27\xe5\xa8\x7f\x1c\xc0\xd4\x77", 32, ctx);
158 mont_set(y, 0, ctx);
159 mont_from_bytes(&z, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
160 ec_full_double(x, y, z, x, y, z, b, wp, ctx);
161 assert(0 == memcmp(z, zero, 32));
162
163 free(x);
164 free(y);
165 free(z);
166
167 free(b);
168 free_workplace(wp);
169 mont_context_free(ctx);
170 }
171
test_ec_mix_add(void)172 void test_ec_mix_add(void)
173 {
174 Workplace *wp;
175 MontContext *ctx;
176 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
177 uint64_t *x1, *y1, *z1;
178 uint64_t *x2, *y2;
179 uint64_t *b;
180 uint8_t buffer[32];
181
182 mont_context_init(&ctx, modulus, sizeof(modulus));
183 wp = new_workplace(ctx);
184 mont_from_bytes(&b, (uint8_t*)"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b", 32, ctx);
185
186 /* Arbitrary points */
187 mont_from_bytes(&x1, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
188 mont_from_bytes(&y1, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
189 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
190 mont_from_bytes(&x2, (uint8_t*)"\xf2\x49\x10\x4d\x0e\x6f\x8f\x29\xe6\x01\x62\x77\x78\x0c\xda\x84\xdc\x84\xb8\x3b\xc3\xd8\x99\xdf\xb7\x36\xca\x08\x31\xfb\xe8\xcf", 32, ctx);
191 mont_from_bytes(&y2, (uint8_t*)"\xb5\x7e\x12\xfc\xdb\x03\x1f\x59\xca\xb8\x1b\x1c\x6b\x1e\x1c\x07\xe4\x51\x2e\x52\xce\x83\x2f\x1a\x0c\xed\xef\xff\x8b\x43\x40\xe9", 32, ctx);
192 ec_mix_add(x1, y1, z1, x1, y1, z1, x2, y2, b, wp, ctx);
193
194 mont_to_bytes(buffer, 32, x1, ctx);
195 assert(0 == memcmp(buffer, "\x13\x6c\x0e\x59\xbe\x5f\xb3\x6f\x98\xce\x1e\xa8\xc3\x14\xf2\xef\x9f\x9e\x53\x99\x8f\xd7\x14\x3a\x98\x86\xeb\x74\xc8\x5a\xf1\xaf", 32));
196 mont_to_bytes(buffer, 32, y1, ctx);
197 assert(0 == memcmp(buffer, "\xcd\x8f\xd0\xf2\xb2\x1f\xcc\x70\xae\x5a\x7f\xa8\x89\xac\xb8\xa2\x01\xc7\x70\xf9\xa3\xaf\x47\x4a\xc1\xb9\xf1\xc5\x62\xf7\x73\x9a", 32));
198 mont_to_bytes(buffer, 32, z1, ctx);
199 assert(0 == memcmp(buffer, "\x7f\x3f\xac\x7e\x49\x3e\x61\x4b\x52\xd8\x49\x31\x8b\x57\xa7\xec\x89\x50\x27\xdb\x75\xbe\xa6\x61\x3c\x54\x42\x89\xb3\x9f\x31\x46", 32));
200
201 /* Affine input point is point-at-infinity */
202 memset(x2, 0, 32);
203 memset(y2, 0, 32);
204 ec_mix_add(x1, y1, z1, x1, y1, z1, x2, y2, b, wp, ctx);
205
206 mont_to_bytes(buffer, 32, x1, ctx);
207 assert(0 == memcmp(buffer, "\x13\x6c\x0e\x59\xbe\x5f\xb3\x6f\x98\xce\x1e\xa8\xc3\x14\xf2\xef\x9f\x9e\x53\x99\x8f\xd7\x14\x3a\x98\x86\xeb\x74\xc8\x5a\xf1\xaf", 32));
208 mont_to_bytes(buffer, 32, y1, ctx);
209 assert(0 == memcmp(buffer, "\xcd\x8f\xd0\xf2\xb2\x1f\xcc\x70\xae\x5a\x7f\xa8\x89\xac\xb8\xa2\x01\xc7\x70\xf9\xa3\xaf\x47\x4a\xc1\xb9\xf1\xc5\x62\xf7\x73\x9a", 32));
210 mont_to_bytes(buffer, 32, z1, ctx);
211 assert(0 == memcmp(buffer, "\x7f\x3f\xac\x7e\x49\x3e\x61\x4b\x52\xd8\x49\x31\x8b\x57\xa7\xec\x89\x50\x27\xdb\x75\xbe\xa6\x61\x3c\x54\x42\x89\xb3\x9f\x31\x46", 32));
212
213 /* Projective input point is point-at-infinity */
214 mont_set(x1, 0, ctx);
215 mont_set(y1, 1, ctx);
216 mont_set(z1, 0, ctx);
217
218 mont_from_bytes(&x2, (uint8_t*)"\xf2\x49\x10\x4d\x0e\x6f\x8f\x29\xe6\x01\x62\x77\x78\x0c\xda\x84\xdc\x84\xb8\x3b\xc3\xd8\x99\xdf\xb7\x36\xca\x08\x31\xfb\xe8\xcf", 32, ctx);
219 mont_from_bytes(&y2, (uint8_t*)"\xb5\x7e\x12\xfc\xdb\x03\x1f\x59\xca\xb8\x1b\x1c\x6b\x1e\x1c\x07\xe4\x51\x2e\x52\xce\x83\x2f\x1a\x0c\xed\xef\xff\x8b\x43\x40\xe9", 32, ctx);
220
221 ec_mix_add(x1, y1, z1, x1, y1, z1, x2, y2, b, wp, ctx);
222
223 ec_projective_to_affine(x1, y1, x1, y1, z1, wp, ctx);
224 mont_to_bytes(buffer, 32, x1, ctx);
225 assert(0 == memcmp(buffer, (uint8_t*)"\xf2\x49\x10\x4d\x0e\x6f\x8f\x29\xe6\x01\x62\x77\x78\x0c\xda\x84\xdc\x84\xb8\x3b\xc3\xd8\x99\xdf\xb7\x36\xca\x08\x31\xfb\xe8\xcf", 32));
226 mont_to_bytes(buffer, 32, y1, ctx);
227 assert(0 == memcmp(buffer, (uint8_t*)"\xb5\x7e\x12\xfc\xdb\x03\x1f\x59\xca\xb8\x1b\x1c\x6b\x1e\x1c\x07\xe4\x51\x2e\x52\xce\x83\x2f\x1a\x0c\xed\xef\xff\x8b\x43\x40\xe9", 32));
228
229 /* Affine and projective are actually the same point (doubling) */
230 mont_from_bytes(&x1, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
231 mont_from_bytes(&y1, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
232 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
233
234 mont_from_bytes(&x2, (uint8_t*)"\xfa\x3a\xdb\x43\xa7\xbc\x69\x5c\xc8\xa1\x23\x87\x07\x74\x55\x8e\x93\x20\xdd\x79\x5f\x5f\xaf\x11\x58\xfa\x39\x01\xf9\x92\x58\xd5", 32, ctx);
235 mont_from_bytes(&y2, (uint8_t*)"\xe3\xa8\xd6\xe0\xd0\x40\x8b\xc1\xce\x8c\x24\x04\x9a\x41\xd2\xff\x23\x77\x40\x98\x49\x17\x15\xc4\xd5\xd4\xb4\x6d\x1c\x88\x25\x96", 32, ctx);
236
237 ec_mix_add(x1, y1, z1, x1, y1, z1, x2, y2, b, wp, ctx);
238
239 mont_to_bytes(buffer, 32, x1, ctx);
240 assert(0 == memcmp(buffer, "\x96\x0f\x82\x08\x3a\x75\xf9\xaf\x9a\xab\x06\x05\x27\x0e\x2d\xa8\xb3\x20\x7e\x8d\xf2\xf0\x00\x4d\xb3\x19\x16\xc9\xea\xc5\x0f\x02", 32));
241 mont_to_bytes(buffer, 32, y1, ctx);
242 assert(0 == memcmp(buffer, "\x20\xe6\xe3\x02\xc6\x57\xfa\x95\x30\x39\xa9\x25\xf1\x9d\xc3\xcb\x0f\x59\xa7\x01\x46\xc8\xac\xe2\x09\x54\x3a\x25\x2a\x18\x96\xba", 32));
243 mont_to_bytes(buffer, 32, z1, ctx);
244 assert(0 == memcmp(buffer, "\xb4\x2f\x0b\xc1\x61\x03\x91\xe4\x11\xf1\x4c\x65\xef\x13\xd4\x57\xb1\x41\xb2\x54\xc3\x86\x08\xea\xc6\x5c\xf1\x61\x9d\x37\x6b\x77", 32));
245
246 free(x1);
247 free(y1);
248 free(z1);
249 free(x2);
250 free(y2);
251
252 free(b);
253 free_workplace(wp);
254 mont_context_free(ctx);
255 }
256
test_ec_full_add(void)257 void test_ec_full_add(void)
258 {
259 Workplace *wp;
260 MontContext *ctx;
261 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
262 uint64_t *x1, *y1, *z1;
263 uint64_t *x2, *y2, *z2;
264 uint64_t *x3, *y3, *z3;
265 uint64_t *b;
266 uint8_t buffer[32];
267
268 mont_context_init(&ctx, modulus, sizeof(modulus));
269 wp = new_workplace(ctx);
270 mont_from_bytes(&b, (uint8_t*)"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b", 32, ctx);
271
272 /* Arbitrary points */
273 mont_from_bytes(&x1, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
274 mont_from_bytes(&y1, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
275 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
276 mont_from_bytes(&x2, (uint8_t*)"\x15\xa0\x46\x37\xa6\x49\xfc\x67\x7a\xb4\xd0\x33\x25\x56\x7d\x14\xb9\xe8\x3a\xbf\x1a\xd1\xe4\x4e\xfa\x1c\x41\xc8\x2f\xb6\x76\x7e", 32, ctx);
277 mont_from_bytes(&y2, (uint8_t*)"\x4b\x3f\xda\x5a\xa0\xaa\xd1\x9f\x4c\xb6\x60\xa8\x24\x50\xf8\xa3\x7a\x8b\x43\x9e\xf0\x93\x35\x53\xe6\x0f\x54\xa6\xae\xd6\x4a\x83", 32, ctx);
278 mont_from_bytes(&z2, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
279 ec_full_add(x1, y1, z1, x1, y1, z1, x2, y2, z2, b, wp, ctx);
280
281 mont_to_bytes(buffer, 32, x1, ctx);
282 assert(0 == memcmp(buffer, "\x0a\x49\xc8\x32\x3a\x4f\x13\x47\x40\x5a\x25\x43\xd4\xc1\xc6\xc8\xf7\x74\x51\xc5\x83\x5c\x82\x20\x9b\x39\x9c\x23\xee\xf6\x29\x2a", 32));
283 mont_to_bytes(buffer, 32, y1, ctx);
284 assert(0 == memcmp(buffer, "\xaa\xb2\xaa\x93\x13\x26\xc2\xfe\x0f\x44\xd3\x2d\xfe\x19\x57\x6e\x6b\xa9\x9a\xc9\x50\xff\x6f\x73\xb5\x8d\xa4\x39\x4c\xf9\x29\xc2", 32));
285 mont_to_bytes(buffer, 32, z1, ctx);
286 assert(0 == memcmp(buffer, "\x7e\x70\xd6\x49\x38\x7c\xde\xe8\x7d\xbc\xe8\x58\x88\xce\xe4\xd9\x33\x50\x9b\xff\x02\xc6\x4f\x0f\x83\x30\xde\x9c\xf6\x38\x4e\xd4", 32));
287
288 /* Same point (doubling) */
289 free(x1); free(y1); free(z1); free(x2); free(y2); free(z2);
290 mont_from_bytes(&x1, (uint8_t*)"\xc6\x4c\x90\xad\x8d\x5c\x1d\x96\xd6\x4b\x63\x46\x4a\x8b\x57\x91\xbf\x48\xa6\xb4\xb9\xbc\xd6\xad\x79\xc6\x3a\x13\xbf\xb7\x78\x5b", 32, ctx);
291 mont_from_bytes(&y1, (uint8_t*)"\xe4\x98\x64\xd0\x22\x85\x75\x8a\x11\x79\x68\x2e\x06\x92\x3d\xf7\x62\xa8\x85\xea\xda\xe6\xd9\xb0\x5a\x4f\x0c\x43\x1d\x51\x77\xe4", 32, ctx);
292 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
293 mont_from_bytes(&x2, (uint8_t*)"\xfa\x3a\xdb\x43\xa7\xbc\x69\x5c\xc8\xa1\x23\x87\x07\x74\x55\x8e\x93\x20\xdd\x79\x5f\x5f\xaf\x11\x58\xfa\x39\x01\xf9\x92\x58\xd5", 32, ctx);
294 mont_from_bytes(&y2, (uint8_t*)"\xe3\xa8\xd6\xe0\xd0\x40\x8b\xc1\xce\x8c\x24\x04\x9a\x41\xd2\xff\x23\x77\x40\x98\x49\x17\x15\xc4\xd5\xd4\xb4\x6d\x1c\x88\x25\x96", 32, ctx);
295 mont_from_bytes(&z2, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 32, ctx);
296
297 ec_full_add(x1, y1, z1, x1, y1, z1, x2, y2, z2, b, wp, ctx);
298
299 mont_to_bytes(buffer, 32, x1, ctx);
300 assert(0 == memcmp(buffer, "\x96\x0f\x82\x08\x3a\x75\xf9\xaf\x9a\xab\x06\x05\x27\x0e\x2d\xa8\xb3\x20\x7e\x8d\xf2\xf0\x00\x4d\xb3\x19\x16\xc9\xea\xc5\x0f\x02", 32));
301 mont_to_bytes(buffer, 32, y1, ctx);
302 assert(0 == memcmp(buffer, "\x20\xe6\xe3\x02\xc6\x57\xfa\x95\x30\x39\xa9\x25\xf1\x9d\xc3\xcb\x0f\x59\xa7\x01\x46\xc8\xac\xe2\x09\x54\x3a\x25\x2a\x18\x96\xba", 32));
303 mont_to_bytes(buffer, 32, z1, ctx);
304 assert(0 == memcmp(buffer, "\xb4\x2f\x0b\xc1\x61\x03\x91\xe4\x11\xf1\x4c\x65\xef\x13\xd4\x57\xb1\x41\xb2\x54\xc3\x86\x08\xea\xc6\x5c\xf1\x61\x9d\x37\x6b\x77", 32));
305
306 /* Opposite points */
307 mont_set(y2, 0, ctx);
308 mont_sub(y2, y2, y1, wp->scratch, ctx);
309 ec_full_add(x1, y1, z1, x1, y1, z1, x1, y2, z1, b, wp, ctx);
310 assert(mont_is_zero(z1, ctx));
311
312 /* Point at infinity (first term) */
313 free(x1); free(y1); free(z1);
314 mont_from_bytes(&x1, (uint8_t*)"\xf3\x91\x4a\x3a\xf2\x1b\x11\x44\x58\x3e\xf2\xf8\x54\x01\x4b\x72\xfa\x94\x05\x8d\xf9\x7c\x32\x4f\x1a\xef\x49\x37\x3c\xe8\x5b\xef", 32, ctx);
315 mont_from_bytes(&y1, (uint8_t*)"\x23\xaa\x65\x85\x4c\xc5\xbc\x53\x0d\x4f\xe7\x3e\xd9\x58\x95\x67\xb2\xea\x79\x1a\x7c\x9b\xe5\xf6\x78\x8c\xd5\xbe\xd8\x55\x0d\xe7", 32, ctx);
316 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
317 mont_set(x2, 0, ctx);
318 mont_set(y2, 1, ctx);
319 mont_set(z2, 0, ctx);
320
321 ec_full_add(x2, y2, z2, x2, y2, z2, x1, y1, z1, b, wp, ctx);
322
323 ec_projective_to_affine(x1, y1, x1, y1, z1, wp, ctx);
324 ec_projective_to_affine(x2, y2, x2, y2, z2, wp, ctx);
325
326 assert(mont_is_equal(x1, x2, ctx));
327 assert(mont_is_equal(y1, y2, ctx));
328
329 free(x1); free(y1); free(z1);
330 mont_from_bytes(&x1, (uint8_t*)"\xf3\x91\x4a\x3a\xf2\x1b\x11\x44\x58\x3e\xf2\xf8\x54\x01\x4b\x72\xfa\x94\x05\x8d\xf9\x7c\x32\x4f\x1a\xef\x49\x37\x3c\xe8\x5b\xef", 32, ctx);
331 mont_from_bytes(&y1, (uint8_t*)"\x23\xaa\x65\x85\x4c\xc5\xbc\x53\x0d\x4f\xe7\x3e\xd9\x58\x95\x67\xb2\xea\x79\x1a\x7c\x9b\xe5\xf6\x78\x8c\xd5\xbe\xd8\x55\x0d\xe7", 32, ctx);
332 mont_from_bytes(&z1, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
333 mont_set(x2, 0, ctx);
334 mont_set(y2, 1, ctx);
335 mont_set(z2, 0, ctx);
336 mont_number(&x3, 1, ctx);
337 mont_number(&y3, 1, ctx);
338 mont_number(&z3, 1, ctx);
339
340 ec_full_add(x3, y3, z3, x1, y1, z1, x2, y2, z2, b, wp, ctx);
341
342 ec_projective_to_affine(x1, y1, x1, y1, z1, wp, ctx);
343 ec_projective_to_affine(x3, y3, x3, y3, z3, wp, ctx);
344
345 assert(mont_is_equal(x1, x3, ctx));
346 assert(mont_is_equal(y1, y3, ctx));
347
348 free(x1);
349 free(y1);
350 free(z1);
351 free(x2);
352 free(y2);
353 free(z2);
354 free(x3);
355 free(y3);
356 free(z3);
357
358 free(b);
359 free_workplace(wp);
360 mont_context_free(ctx);
361 }
362
test_ec_scalar(void)363 void test_ec_scalar(void)
364 {
365 Workplace *wp1, *wp2;
366 MontContext *ctx;
367 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
368 uint64_t *x1, *y1, *z1;
369 uint64_t *x2, *y2, *z2;
370 uint64_t *b;
371 uint8_t buffer[32];
372
373 mont_context_init(&ctx, modulus, sizeof(modulus));
374 wp1 = new_workplace(ctx);
375 wp2 = new_workplace(ctx);
376 mont_from_bytes(&b, (uint8_t*)"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b", 32, ctx);
377
378 /* 1*G */
379 mont_number(&x1, 1, ctx);
380 mont_number(&y1, 1, ctx);
381 mont_number(&z1, 1, ctx);
382 mont_from_bytes(&x2, (uint8_t*)"\x2e\xee\x33\x80\xcb\xba\x96\xcb\xb7\x61\x04\xf5\xe4\x6a\x89\x78\xa6\x22\xe7\x07\xcb\x30\x04\x49\x8e\x4c\x3c\xba\x75\xf7\x99\xe0", 32, ctx);
383 mont_from_bytes(&y2, (uint8_t*)"\x1e\xe0\x9c\xe0\xed\x08\xfc\x10\x95\x0f\x30\xe8\xd8\x9c\x2c\xdd\xb6\x0e\x01\x67\x2f\xed\xb4\x13\xf5\x1e\x84\x12\x2d\x79\x33\x95", 32, ctx);
384 mont_from_bytes(&z2, (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a", 32, ctx);
385
386 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\x01", 1, 0x4545, wp1, wp2, ctx);
387
388 assert(matches(x1, y1, z1, x2, y2, z2, wp1, ctx));
389
390 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\x00\x01", 2, 0x4545, wp1, wp2, ctx);
391
392 assert(matches(x1, y1, z1, x2, y2, z2, wp1, ctx));
393
394 /* (order+1)*G */
395 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x52", 32, 0x4545, wp1, wp2, ctx);
396 ec_projective_to_affine(x1, y1, x1, y1, z1, wp1, ctx);
397 mont_to_bytes(buffer, 32, x1, ctx);
398 assert(0 == memcmp(buffer, "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96", 32));
399 mont_to_bytes(buffer, 32, y1, ctx);
400 assert(0 == memcmp(buffer, "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5", 32));
401
402 /* 0*G */
403 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\x00", 1, 0x4545, wp1, wp2, ctx);
404 assert(mont_is_zero(z1, ctx));
405
406 /* order*G */
407 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51", 32, 0x4545, wp1, wp2, ctx);
408 assert(mont_is_zero(z1, ctx));
409
410 /* 255*O */
411 ec_scalar(x1, y1, z1, x1, y1, z1, b, (uint8_t*)"\x00\xFF", 2, 0x4545, wp1, wp2, ctx);
412 assert(mont_is_zero(z1, ctx));
413
414 /* arb */
415 free(x2);
416 free(y2);
417 mont_from_bytes(&x2, (uint8_t*)"\xde\x24\x44\xbe\xbc\x8d\x36\xe6\x82\xed\xd2\x7e\x0f\x27\x15\x08\x61\x75\x19\xb3\x22\x1a\x8f\xa0\xb7\x7c\xab\x39\x89\xda\x97\xc9", 32, ctx);
418 mont_from_bytes(&y2, (uint8_t*)"\xc0\x93\xae\x7f\xf3\x6e\x53\x80\xfc\x01\xa5\xaa\xd1\xe6\x66\x59\x70\x2d\xe8\x0f\x53\xce\xc5\x76\xb6\x35\x0b\x24\x30\x42\xa2\x56", 32, ctx);
419 mont_set(z2, 1, ctx);
420 ec_scalar(x1, y1, z1, x2, y2, z2, b, (uint8_t*)"\xc5\x1e\x47\x53\xaf\xde\xc1\xe6\xb6\xc6\xa5\xb9\x92\xf4\x3f\x8d\xd0\xc7\xa8\x93\x30\x72\x70\x8b\x65\x22\x46\x8b\x2f\xfb\x06\xfd", 32, 0x4545, wp1, wp2, ctx);
421 ec_projective_to_affine(x1, y1, x1, y1, z1, wp1, ctx);
422 mont_to_bytes(buffer, 32, x1, ctx);
423 assert(0 == memcmp(buffer, "\x51\xd0\x8d\x5f\x2d\x42\x78\x88\x29\x46\xd8\x8d\x83\xc9\x7d\x11\xe6\x2b\xec\xc3\xcf\xc1\x8b\xed\xac\xc8\x9b\xa3\x4e\xec\xa0\x3f", 32));
424 mont_to_bytes(buffer, 32, y1, ctx);
425 assert(0 == memcmp(buffer, "\x75\xee\x68\xeb\x8b\xf6\x26\xaa\x5b\x67\x3a\xb5\x1f\x6e\x74\x4e\x06\xf8\xfc\xf8\xa6\xc0\xcf\x30\x35\xbe\xca\x95\x6a\x7b\x41\xd5", 32));
426
427 free(x1);
428 free(y1);
429 free(z1);
430 free(x2);
431 free(y2);
432 free(z2);
433
434 free(b);
435 free_workplace(wp1);
436 free_workplace(wp2);
437 mont_context_free(ctx);
438 }
439
test_ec_scalar_g_p256(void)440 void test_ec_scalar_g_p256(void)
441 {
442 Workplace *wp1, *wp2;
443 MontContext *ctx;
444 const uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
445 const uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
446 const uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
447 uint64_t *b;
448 int res;
449
450 uint64_t *x1, *y1, *z1;
451 uint64_t *xw, *yw;
452 uint64_t *Gx_mont, *Gy_mont;
453 uint8_t buffer[32];
454 ProtMemory **prot_g;
455
456 mont_context_init(&ctx, modulus, sizeof(modulus));
457 wp1 = new_workplace(ctx);
458 wp2 = new_workplace(ctx);
459 mont_from_bytes(&b, (uint8_t*)"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b", 32, ctx);
460 prot_g = ec_scramble_g_p256(ctx, 0x1010);
461
462 mont_from_bytes(&Gx_mont, Gx, sizeof Gx, ctx);
463 mont_from_bytes(&Gy_mont, Gy, sizeof Gy, ctx);
464 mont_number(&xw, 1, ctx);
465 mont_number(&yw, 1, ctx);
466
467 /* 1*G */
468 mont_number(&x1, 1, ctx);
469 mont_number(&y1, 1, ctx);
470 mont_number(&z1, 1, ctx);
471 res = ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x01", 1, 0x4545, wp1, wp2, prot_g, ctx);
472 assert(res == 0);
473 ec_projective_to_affine(xw, yw, x1, y1, z1, wp1, ctx);
474 assert(mont_is_equal(xw, Gx_mont, ctx));
475 assert(mont_is_equal(yw, Gy_mont, ctx));
476
477 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x00\x01", 2, 0x4545, wp1, wp2, prot_g, ctx);
478 ec_projective_to_affine(xw, yw, x1, y1, z1, wp1, ctx);
479 assert(mont_is_equal(xw, Gx_mont, ctx));
480 assert(mont_is_equal(yw, Gy_mont, ctx));
481
482 /* 0*G */
483 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x00", 1, 0x4545, wp1, wp2, prot_g, ctx);
484 assert(mont_is_zero(z1, ctx));
485
486 /* 31*G */
487 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x1F", 1, 0x4545, wp1, wp2, prot_g, ctx);
488 ec_projective_to_affine(xw, yw, x1, y1, z1, wp1, ctx);
489 mont_to_bytes(buffer, 32, xw, ctx);
490 assert(0 == memcmp(buffer, "\x30\x1d\x9e\x50\x2d\xc7\xe0\x5d\xa8\x5d\xa0\x26\xa7\xae\x9a\xa0\xfa\xc9\xdb\x7d\x52\xa9\x5b\x3e\x3e\x3f\x9a\xa0\xa1\xb4\x5b\x8b", 32));
491 mont_to_bytes(buffer, 32, yw, ctx);
492 assert(0 == memcmp(buffer, "\x65\x51\xb6\xf6\xb3\x06\x12\x23\xe0\xd2\x3c\x02\x6b\x01\x7d\x72\x29\x8d\x9a\xe4\x68\x87\xca\x61\xd5\x8d\xb6\xae\xa1\x7e\xe2\x67", 32));
493
494 /* 32*G */
495 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x20", 1, 0x4545, wp1, wp2, prot_g, ctx);
496 ec_projective_to_affine(xw, yw, x1, y1, z1, wp1, ctx);
497 mont_to_bytes(buffer, 32, xw, ctx);
498 assert(0 == memcmp(buffer, "\x23\x77\xc7\xd6\x90\xa2\x42\xca\x6c\x45\x07\x4e\x8e\xa5\xbe\xef\xaa\x55\x7f\xd5\xb6\x83\x71\xd9\xd1\x47\x5b\xd5\x2a\x7e\xd0\xe1", 32));
499 mont_to_bytes(buffer, 32, yw, ctx);
500 assert(0 == memcmp(buffer, "\x47\xa1\x3f\xb9\x84\x13\xa4\x39\x3f\x8d\x90\xe9\xbf\x90\x1b\x7e\x66\x58\xa6\xcd\xec\xf4\x67\x16\xe7\xc0\x67\xb1\xdd\xb8\xd2\xb2", 32));
501
502 /* (order+1)*G */
503 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x52", 32, 0x4545, wp1, wp2, prot_g, ctx);
504 ec_projective_to_affine(x1, y1, x1, y1, z1, wp1, ctx);
505 mont_to_bytes(buffer, 32, x1, ctx);
506 assert(0 == memcmp(buffer, "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96", 32));
507 mont_to_bytes(buffer, 32, y1, ctx);
508 assert(0 == memcmp(buffer, "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5", 32));
509
510 /* order*G */
511 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51", 32, 0x4545, wp1, wp2, prot_g, ctx);
512 assert(mont_is_zero(z1, ctx));
513
514 /* arbirtrary */
515 ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\x73\x87\x34\x34\x3F\xF8\x93\x87", 8, 0x6776, wp1, wp2, prot_g, ctx);
516 ec_projective_to_affine(x1, y1, x1, y1, z1, wp1, ctx);
517 mont_to_bytes(buffer, 32, x1, ctx);
518 assert(0 == memcmp(buffer, "\xfc\x85\x6a\x26\x35\x51\x2a\x83\x44\x35\x55\x97\xbd\xbf\xa9\x3d\x33\x70\x2a\x48\xb0\x9d\x02\xbd\x1d\xc4\xfd\x4b\x5a\x4c\x6c\x09", 32));
519 mont_to_bytes(buffer, 32, y1, ctx);
520 assert(0 == memcmp(buffer, "\xcf\x0d\xc7\x68\x18\x61\xa0\xb7\x29\x22\xa9\xce\x17\xf1\x58\x22\x31\x1a\xab\x2a\x14\xc4\xbd\xb0\xc4\x32\xea\xfe\x93\x9a\x4a\x47", 32));
521
522 /* exponent is too long */
523 res = ec_scalar_g_p256(x1, y1, z1, b, (uint8_t*)"\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x52\xFF", 33, 0x4545, wp1, wp2, prot_g, ctx);
524 assert(res == ERR_VALUE);
525
526 free_g_p256(prot_g);
527 free(b);
528 free(x1);
529 free(y1);
530 free(z1);
531 free(xw);
532 free(yw);
533 free(Gx_mont);
534 free(Gy_mont);
535 free_workplace(wp1);
536 free_workplace(wp2);
537 mont_context_free(ctx);
538
539 }
540
541
test_ec_ws_new_point(void)542 void test_ec_ws_new_point(void)
543 {
544 EcContext *ec_ctx;
545 EcPoint *ecp;
546 int res;
547 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
548 uint8_t Gx_wrong[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x97";
549 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
550 const uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
551 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
552 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
553 uint8_t zero[32] = { 0 };
554
555 res = ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0);
556 assert(res == 0);
557 res = ec_ws_new_point(NULL, Gx, Gy, 32, ec_ctx);
558 assert(res == ERR_NULL);
559 res = ec_ws_new_point(&ecp, NULL, Gy, 32, ec_ctx);
560 assert(res == ERR_NULL);
561 res = ec_ws_new_point(&ecp, Gx, NULL, 32, ec_ctx);
562 assert(res == ERR_NULL);
563 res = ec_ws_new_point(&ecp, Gx, Gy, 32, NULL);
564 assert(res == ERR_NULL);
565
566 res = ec_ws_new_point(&ecp, Gx, Gy, 0, ec_ctx);
567 assert(res == ERR_NOT_ENOUGH_DATA);
568
569 res = ec_ws_new_point(&ecp, Gx_wrong, Gy, 32, ec_ctx);
570 assert(res == ERR_EC_POINT);
571
572 res = ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
573 assert(res == 0);
574
575 ec_free_point(ecp);
576 res = ec_ws_new_point(&ecp, zero, zero, 32, ec_ctx);
577 assert(res == 0);
578
579 ec_free_point(ecp);
580 ec_free_context(ec_ctx);
581 }
582
test_ec_ws_get_xy(void)583 void test_ec_ws_get_xy(void)
584 {
585 EcContext *ec_ctx;
586 EcPoint *ecp;
587 int res;
588 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
589 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
590 uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
591 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
592 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
593 uint8_t bufx[32], bufy[32];
594
595 res = ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0);
596 assert(res == 0);
597 res = ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
598 assert(res == 0);
599 assert(ecp != NULL);
600
601 res = ec_ws_get_xy(NULL, bufy, 32, ecp);
602 assert(res == ERR_NULL);
603 res = ec_ws_get_xy(bufx, NULL, 32, ecp);
604 assert(res == ERR_NULL);
605 res = ec_ws_get_xy(bufx, bufy, 32, NULL);
606 assert(res == ERR_NULL);
607
608 res = ec_ws_get_xy(bufx, bufy, 31, ecp);
609 assert(res == ERR_NOT_ENOUGH_DATA);
610
611 res = ec_ws_get_xy(bufx, bufy, 32, ecp);
612 assert(res == 0);
613
614 assert(0 == memcmp(bufx, Gx, 32));
615 assert(0 == memcmp(bufy, Gy, 32));
616
617 ec_free_point(ecp);
618 ec_free_context(ec_ctx);
619 }
620
test_ec_ws_double_p256(void)621 void test_ec_ws_double_p256(void)
622 {
623 EcContext *ec_ctx;
624 EcPoint *ecp;
625 int res;
626 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
627 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
628 uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
629 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
630 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
631 uint8_t bufx[32], bufy[32];
632
633 ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0);
634 ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
635
636 res = ec_ws_double(NULL);
637 assert(res == ERR_NULL);
638
639 res = ec_ws_double(ecp);
640 assert(res == 0);
641 ec_ws_get_xy(bufx, bufy, 32, ecp);
642 assert(0 == memcmp(bufx, "\x7c\xf2\x7b\x18\x8d\x03\x4f\x7e\x8a\x52\x38\x03\x04\xb5\x1a\xc3\xc0\x89\x69\xe2\x77\xf2\x1b\x35\xa6\x0b\x48\xfc\x47\x66\x99\x78", 32));
643 assert(0 == memcmp(bufy, "\x07\x77\x55\x10\xdb\x8e\xd0\x40\x29\x3d\x9a\xc6\x9f\x74\x30\xdb\xba\x7d\xad\xe6\x3c\xe9\x82\x29\x9e\x04\xb7\x9d\x22\x78\x73\xd1", 32));
644
645 ec_free_point(ecp);
646 ec_free_context(ec_ctx);
647 }
648
test_ec_ws_double_p521(void)649 void test_ec_ws_double_p521(void)
650 {
651 EcContext *ec_ctx;
652 EcPoint *ecp;
653 int res;
654 uint8_t Px[66] = "\x01\xD5\xC6\x93\xF6\x6C\x08\xED\x03\xAD\x0F\x03\x1F\x93\x74\x43\x45\x8F\x60\x1F\xD0\x98\xD3\xD0\x22\x7B\x4B\xF6\x28\x73\xAF\x50\x74\x0B\x0B\xB8\x4A\xA1\x57\xFC\x84\x7B\xCF\x8D\xC1\x6A\x8B\x2B\x8B\xFD\x8E\x2D\x0A\x7D\x39\xAF\x04\xB0\x89\x93\x0E\xF6\xDA\xD5\xC1\xB4";
655 uint8_t Py[66] = "\x01\x44\xB7\x77\x09\x63\xC6\x3A\x39\x24\x88\x65\xFF\x36\xB0\x74\x15\x1E\xAC\x33\x54\x9B\x22\x4A\xF5\xC8\x66\x4C\x54\x01\x2B\x81\x8E\xD0\x37\xB2\xB7\xC1\xA6\x3A\xC8\x9E\xBA\xA1\x1E\x07\xDB\x89\xFC\xEE\x5B\x55\x6E\x49\x76\x4E\xE3\xFA\x66\xEA\x7A\xE6\x1A\xC0\x18\x23";
656 uint8_t b[66] = "\x00\x51\x95\x3E\xB9\x61\x8E\x1C\x9A\x1F\x92\x9A\x21\xA0\xB6\x85\x40\xEE\xA2\xDA\x72\x5B\x99\xB3\x15\xF3\xB8\xB4\x89\x91\x8E\xF1\x09\xE1\x56\x19\x39\x51\xEC\x7E\x93\x7B\x16\x52\xC0\xBD\x3B\xB1\xBF\x07\x35\x73\xDF\x88\x3D\x2C\x34\xF1\xEF\x45\x1F\xD4\x6B\x50\x3F\x00";
657 const uint8_t order[66] = "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFA\x51\x86\x87\x83\xBF\x2F\x96\x6B\x7F\xCC\x01\x48\xF7\x09\xA5\xD0\x3B\xB5\xC9\xB8\x89\x9C\x47\xAE\xBB\x6F\xB7\x1E\x91\x38\x64\x09";
658 uint8_t modulus[66] = "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF";
659 uint8_t bufx[66], bufy[66];
660
661 ec_ws_new_context(&ec_ctx, modulus, b, order, 66, 0);
662 ec_ws_new_point(&ecp, Px, Py, 66, ec_ctx);
663
664 res = ec_ws_double(NULL);
665 assert(res == ERR_NULL);
666
667 res = ec_ws_double(ecp);
668 assert(res == 0);
669 ec_ws_get_xy(bufx, bufy, 66, ecp);
670 assert(0 == memcmp(bufx, "\x01\x28\x79\x44\x2F\x24\x50\xC1\x19\xE7\x11\x9A\x5F\x73\x8B\xE1\xF1\xEB\xA9\xE9\xD7\xC6\xCF\x41\xB3\x25\xD9\xCE\x6D\x64\x31\x06\xE9\xD6\x11\x24\xA9\x1A\x96\xBC\xF2\x01\x30\x5A\x9D\xEE\x55\xFA\x79\x13\x6D\xC7\x00\x83\x1E\x54\xC3\xCA\x4F\xF2\x64\x6B\xD3\xC3\x6B\xC6", 66));
671 assert(0 == memcmp(bufy, "\x01\x98\x64\xA8\xB8\x85\x5C\x24\x79\xCB\xEF\xE3\x75\xAE\x55\x3E\x23\x93\x27\x1E\xD3\x6F\xAD\xFC\x44\x94\xFC\x05\x83\xF6\xBD\x03\x59\x88\x96\xF3\x98\x54\xAB\xEA\xE5\xF9\xA6\x51\x5A\x02\x1E\x2C\x0E\xEF\x13\x9E\x71\xDE\x61\x01\x43\xF5\x33\x82\xF4\x10\x4D\xCC\xB5\x43", 66));
672
673 ec_free_point(ecp);
674 ec_free_context(ec_ctx);
675 }
676
test_ec_ws_add(void)677 void test_ec_ws_add(void)
678 {
679 EcContext *ec_ctx;
680 EcPoint *ecp, *ecp2;
681 int res;
682 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
683 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
684 uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
685 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
686 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
687 uint8_t bufx[32], bufy[32];
688
689 ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0);
690 ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
691 ec_ws_new_point(&ecp2, Gx, Gy, 32, ec_ctx);
692 ec_ws_double(ecp2);
693
694 res = ec_ws_add(NULL, ecp);
695 assert(res == ERR_NULL);
696 res = ec_ws_add(ecp, NULL);
697 assert(res == ERR_NULL);
698
699 res = ec_ws_add(ecp, ecp2);
700 assert(res == 0);
701 ec_ws_get_xy(bufx, bufy, 32, ecp);
702 assert(0 == memcmp(bufx, "\x5e\xcb\xe4\xd1\xa6\x33\x0a\x44\xc8\xf7\xef\x95\x1d\x4b\xf1\x65\xe6\xc6\xb7\x21\xef\xad\xa9\x85\xfb\x41\x66\x1b\xc6\xe7\xfd\x6c", 32));
703 assert(0 == memcmp(bufy, "\x87\x34\x64\x0c\x49\x98\xff\x7e\x37\x4b\x06\xce\x1a\x64\xa2\xec\xd8\x2a\xb0\x36\x38\x4f\xb8\x3d\x9a\x79\xb1\x27\xa2\x7d\x50\x32", 32));
704
705 ec_free_point(ecp);
706 ec_free_point(ecp2);
707 ec_free_context(ec_ctx);
708 }
709
test_ec_ws_scalar(void)710 void test_ec_ws_scalar(void)
711 {
712 EcContext *ec_ctx;
713 EcPoint *ecp;
714 int res;
715 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
716 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
717 uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
718 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
719 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
720 uint8_t bufx[32], bufy[32];
721
722 ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0x5EED);
723 ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
724
725 res = ec_ws_scalar(NULL, (uint8_t*)"\xFF\xFF", 2, 0xFFFF);
726 assert(res == ERR_NULL);
727 res = ec_ws_scalar(ecp, NULL, 2, 0xFFFF);
728 assert(res == ERR_NULL);
729
730 res = ec_ws_scalar(ecp, (uint8_t*)"\xFF\xFF", 2, 0xFFFF);
731 assert(res == 0);
732 ec_ws_get_xy(bufx, bufy, 32, ecp);
733 assert(0 == memcmp(bufx, "\xf2\x49\x10\x4d\x0e\x6f\x8f\x29\xe6\x01\x62\x77\x78\x0c\xda\x84\xdc\x84\xb8\x3b\xc3\xd8\x99\xdf\xb7\x36\xca\x08\x31\xfb\xe8\xcf", 32));
734 assert(0 == memcmp(bufy, "\xb5\x7e\x12\xfc\xdb\x03\x1f\x59\xca\xb8\x1b\x1c\x6b\x1e\x1c\x07\xe4\x51\x2e\x52\xce\x83\x2f\x1a\x0c\xed\xef\xff\x8b\x43\x40\xe9", 32));
735
736 ec_free_point(ecp);
737 ec_free_context(ec_ctx);
738 }
739
test_ec_ws_neg(void)740 void test_ec_ws_neg(void)
741 {
742 EcContext *ec_ctx;
743 EcPoint *ecp;
744 int res;
745 uint8_t Gx[32] = "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96";
746 uint8_t Gy[32] = "\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5";
747 uint8_t b[32] = "\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b";
748 const uint8_t order[32] = "\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51";
749 uint8_t modulus[32] = "\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
750 uint8_t bufx[32], bufy[32];
751
752 ec_ws_new_context(&ec_ctx, modulus, b, order, 32, 0);
753 ec_ws_new_point(&ecp, Gx, Gy, 32, ec_ctx);
754
755 res = ec_ws_neg(NULL);
756 assert(res == ERR_NULL);
757
758 res = ec_ws_neg(ecp);
759 assert(res == 0);
760 ec_ws_get_xy(bufx, bufy, 32, ecp);
761 assert(0 == memcmp(bufx, "\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96", 32));
762 assert(0 == memcmp(bufy, "\xb0\x1c\xbd\x1c\x01\xe5\x80\x65\x71\x18\x14\xb5\x83\xf0\x61\xe9\xd4\x31\xcc\xa9\x94\xce\xa1\x31\x34\x49\xbf\x97\xc8\x40\xae\x0a", 32));
763
764 ec_free_point(ecp);
765 ec_free_context(ec_ctx);
766 }
767
768
main(void)769 int main(void) {
770 test_ec_projective_to_affine();
771 test_ec_full_double();
772 test_ec_mix_add();
773 test_ec_full_add();
774 test_ec_scalar();
775 test_ec_scalar_g_p256();
776 test_ec_ws_new_point();
777 test_ec_ws_get_xy();
778 test_ec_ws_double_p256();
779 test_ec_ws_double_p521();
780 test_ec_ws_add();
781 test_ec_ws_scalar();
782 test_ec_ws_neg();
783 return 0;
784 }
785