p256_test.go

Documentation: crypto/elliptic

		 1  // Copyright 2021 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  package elliptic
		 6  
		 7  import (
		 8  	"math/big"
		 9  	"testing"
		10  )
		11  
		12  type scalarMultTest struct {
		13  	k					string
		14  	xIn, yIn	 string
		15  	xOut, yOut string
		16  }
		17  
		18  var p256MultTests = []scalarMultTest{
		19  	{
		20  		"2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737",
		21  		"023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea",
		22  		"f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad",
		23  		"4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3",
		24  		"a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0",
		25  	},
		26  	{
		27  		"313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd",
		28  		"cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06",
		29  		"a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031",
		30  		"831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991",
		31  		"93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684",
		32  	},
		33  }
		34  
		35  func TestP256BaseMult(t *testing.T) {
		36  	p256 := P256()
		37  	p256Generic := p256.Params()
		38  
		39  	scalars := make([]*big.Int, 0, len(p224BaseMultTests)+1)
		40  	for _, e := range p224BaseMultTests {
		41  		k, _ := new(big.Int).SetString(e.k, 10)
		42  		scalars = append(scalars, k)
		43  	}
		44  	k := new(big.Int).SetInt64(1)
		45  	k.Lsh(k, 500)
		46  	scalars = append(scalars, k)
		47  
		48  	for i, k := range scalars {
		49  		x, y := p256.ScalarBaseMult(k.Bytes())
		50  		x2, y2 := p256Generic.ScalarBaseMult(k.Bytes())
		51  		if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 {
		52  			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2)
		53  		}
		54  
		55  		if testing.Short() && i > 5 {
		56  			break
		57  		}
		58  	}
		59  }
		60  
		61  func TestP256Mult(t *testing.T) {
		62  	p256 := P256()
		63  	p256Generic := p256.Params()
		64  
		65  	for i, e := range p224BaseMultTests {
		66  		x, _ := new(big.Int).SetString(e.x, 16)
		67  		y, _ := new(big.Int).SetString(e.y, 16)
		68  		k, _ := new(big.Int).SetString(e.k, 10)
		69  
		70  		xx, yy := p256.ScalarMult(x, y, k.Bytes())
		71  		xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes())
		72  		if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 {
		73  			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2)
		74  		}
		75  		if testing.Short() && i > 5 {
		76  			break
		77  		}
		78  	}
		79  
		80  	for i, e := range p256MultTests {
		81  		x, _ := new(big.Int).SetString(e.xIn, 16)
		82  		y, _ := new(big.Int).SetString(e.yIn, 16)
		83  		k, _ := new(big.Int).SetString(e.k, 16)
		84  		expectedX, _ := new(big.Int).SetString(e.xOut, 16)
		85  		expectedY, _ := new(big.Int).SetString(e.yOut, 16)
		86  
		87  		xx, yy := p256.ScalarMult(x, y, k.Bytes())
		88  		if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
		89  			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY)
		90  		}
		91  	}
		92  }
		93  
		94  type synthCombinedMult struct {
		95  	Curve
		96  }
		97  
		98  func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) {
		99  	x1, y1 := s.ScalarBaseMult(baseScalar)
	 100  	x2, y2 := s.ScalarMult(bigX, bigY, scalar)
	 101  	return s.Add(x1, y1, x2, y2)
	 102  }
	 103  
	 104  func TestP256CombinedMult(t *testing.T) {
	 105  	type combinedMult interface {
	 106  		Curve
	 107  		CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int)
	 108  	}
	 109  
	 110  	p256, ok := P256().(combinedMult)
	 111  	if !ok {
	 112  		p256 = &synthCombinedMult{P256()}
	 113  	}
	 114  
	 115  	gx := p256.Params().Gx
	 116  	gy := p256.Params().Gy
	 117  
	 118  	zero := make([]byte, 32)
	 119  	one := make([]byte, 32)
	 120  	one[31] = 1
	 121  	two := make([]byte, 32)
	 122  	two[31] = 2
	 123  
	 124  	// 0×G + 0×G = ∞
	 125  	x, y := p256.CombinedMult(gx, gy, zero, zero)
	 126  	if x.Sign() != 0 || y.Sign() != 0 {
	 127  		t.Errorf("0×G + 0×G = (%d, %d), should be ∞", x, y)
	 128  	}
	 129  
	 130  	// 1×G + 0×G = G
	 131  	x, y = p256.CombinedMult(gx, gy, one, zero)
	 132  	if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
	 133  		t.Errorf("1×G + 0×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
	 134  	}
	 135  
	 136  	// 0×G + 1×G = G
	 137  	x, y = p256.CombinedMult(gx, gy, zero, one)
	 138  	if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
	 139  		t.Errorf("0×G + 1×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
	 140  	}
	 141  
	 142  	// 1×G + 1×G = 2×G
	 143  	x, y = p256.CombinedMult(gx, gy, one, one)
	 144  	ggx, ggy := p256.ScalarBaseMult(two)
	 145  	if x.Cmp(ggx) != 0 || y.Cmp(ggy) != 0 {
	 146  		t.Errorf("1×G + 1×G = (%d, %d), should be (%d, %d)", x, y, ggx, ggy)
	 147  	}
	 148  
	 149  	minusOne := new(big.Int).Sub(p256.Params().N, big.NewInt(1))
	 150  	// 1×G + (-1)×G = ∞
	 151  	x, y = p256.CombinedMult(gx, gy, one, minusOne.Bytes())
	 152  	if x.Sign() != 0 || y.Sign() != 0 {
	 153  		t.Errorf("1×G + (-1)×G = (%d, %d), should be ∞", x, y)
	 154  	}
	 155  }
	 156  
	 157  func TestIssue52075(t *testing.T) {
	 158  	Gx, Gy := P256().Params().Gx, P256().Params().Gy
	 159  	scalar := make([]byte, 33)
	 160  	scalar[32] = 1
	 161  	x, y := P256().ScalarBaseMult(scalar)
	 162  	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
	 163  		t.Errorf("unexpected output (%v,%v)", x, y)
	 164  	}
	 165  	x, y = P256().ScalarMult(Gx, Gy, scalar)
	 166  	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
	 167  		t.Errorf("unexpected output (%v,%v)", x, y)
	 168  	}
	 169  }
	 170
View as plain text