22018375255

Committed 14 Feb 2026 01:37PM UTC coverage: 90.069% (+0.007%) from 90.062%

Build # 22018375255

Build Type

Pull #5330

github

Committed by

web-flow

Commit Message

Merge d3b2de7c6 into fa5638d32

Pull Request Pull Request #5330: Avoid including assert.h into tests.h

Run Details

102246 of 113520 relevant lines covered (90.07%)

11438982.24 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.12

/src/tests/test_ecc_pointmul.cpp

/*
* (C) 2014,2015,2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_ECC_GROUP)
   #include <botan/assert.h>
   #include <botan/bigint.h>
   #include <botan/ec_group.h>
   #include <botan/rng.h>
   #include <botan/internal/fmt.h>
#endif

namespace Botan_Tests {

namespace {

#if defined(BOTAN_HAS_ECC_GROUP)

class ECC_Basepoint_Mul_Tests final : public Text_Based_Test {
   public:
      ECC_Basepoint_Mul_Tests() : Text_Based_Test("pubkey/ecc_base_point_mul.vec", "k,P") {}

      bool skip_this_test(const std::string& group_id, const VarMap& /*vars*/) override {
         return !Botan::EC_Group::supports_named_group(group_id);
      }

      Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {
         Test::Result result("ECC base point multiply " + group_id);

         const auto k_bytes = vars.get_req_bin("k");
         const auto P_bytes = vars.get_req_bin("P");

         const auto group = Botan::EC_Group::from_name(group_id);

         const Botan::BigInt k(k_bytes);

   #if defined(BOTAN_HAS_LEGACY_EC_POINT)
         const auto pt = group.OS2ECP(P_bytes);
         const Botan::EC_Point p1 = group.get_base_point() * k;
         result.test_eq("EC_Point Montgomery ladder", p1.encode(Botan::EC_Point_Format::Uncompressed), P_bytes);
   #endif

         const auto scalar = Botan::EC_Scalar::from_bigint(group, k);
         const auto apg = Botan::EC_AffinePoint::g_mul(scalar, this->rng());
         result.test_eq("AffinePoint::g_mul", apg.serialize_uncompressed(), P_bytes);

         const auto ag = Botan::EC_AffinePoint::generator(group);
         const auto ap = ag.mul(scalar, this->rng());
         result.test_eq("AffinePoint::mul", ap.serialize_uncompressed(), P_bytes);

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_basemul", ECC_Basepoint_Mul_Tests);

class ECC_Varpoint_Mul_Tests final : public Text_Based_Test {
   public:
      ECC_Varpoint_Mul_Tests() : Text_Based_Test("pubkey/ecc_var_point_mul.vec", "P,k,Z") {}

      bool skip_this_test(const std::string& group_id, const VarMap& /*vars*/) override {
         return !Botan::EC_Group::supports_named_group(group_id);
      }

      Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {
         Test::Result result("ECC var point multiply " + group_id);

         const auto p = vars.get_req_bin("P");
         const Botan::BigInt k = vars.get_req_bn("k");
         const auto z = vars.get_req_bin("Z");

         const auto group = Botan::EC_Group::from_name(group_id);

   #if defined(BOTAN_HAS_LEGACY_EC_POINT)
         const Botan::EC_Point p1 = group.OS2ECP(p) * k;
         result.test_eq("EC_Point Montgomery ladder", p1.encode(Botan::EC_Point::Compressed), z);
   #endif

         const auto s_k = Botan::EC_Scalar::from_bigint(group, k);
         const auto apt = Botan::EC_AffinePoint::deserialize(group, p).value();
         const auto apt_k = apt.mul(s_k, this->rng());
         result.test_eq("p * k (AffinePoint)", apt_k.serialize_compressed(), z);

         const auto apt_k_neg = apt.negate().mul(s_k.negate(), this->rng());
         result.test_eq("-p * -k (AffinePoint)", apt_k_neg.serialize_compressed(), z);

         const auto neg_apt_neg_k = apt.mul(s_k.negate(), this->rng()).negate();
         result.test_eq("-(p * -k) (AffinePoint)", neg_apt_neg_k.serialize_compressed(), z);

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_varmul", ECC_Varpoint_Mul_Tests);

class ECC_Mul2_Tests final : public Text_Based_Test {
   public:
      ECC_Mul2_Tests() : Text_Based_Test("pubkey/ecc_var_point_mul2.vec", "P,x,Q,y,Z") {}

      bool skip_this_test(const std::string& group_id, const VarMap& /*vars*/) override {
         return !Botan::EC_Group::supports_named_group(group_id);
      }

      Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {
         Test::Result result("ECC mul2 " + group_id);

         const auto Z_bytes = vars.get_req_bin("Z");

         const auto check_px_qy = [&](const char* what,
                                      const Botan::EC_AffinePoint& p,
                                      const Botan::EC_Scalar& x,
                                      const Botan::EC_AffinePoint& q,
                                      const Botan::EC_Scalar& y,
                                      bool with_final_negation = false) {
            if(const auto z = Botan::EC_AffinePoint::mul_px_qy(p, x, q, y, rng())) {
               if(with_final_negation) {
                  result.test_eq(what, z->negate().serialize_compressed(), Z_bytes);
               } else {
                  result.test_eq(what, z->serialize_compressed(), Z_bytes);
               }
            } else {
               result.test_failure("EC_AffinePoint::mul_px_qy failed to produce a result");
            }

            // Now check the same using naive multiply and add:
            auto z = p.mul(x, rng()).add(q.mul(y, rng()));
            if(with_final_negation) {
               z = z.negate();
            }
            result.test_eq("p*x + q*y naive", z.serialize_compressed(), Z_bytes);
         };

         const auto group = Botan::EC_Group::from_name(group_id);

         const auto p = Botan::EC_AffinePoint::deserialize(group, vars.get_req_bin("P")).value();
         const auto q = Botan::EC_AffinePoint::deserialize(group, vars.get_req_bin("Q")).value();
         const auto x = Botan::EC_Scalar::from_bigint(group, vars.get_req_bn("x"));
         const auto y = Botan::EC_Scalar::from_bigint(group, vars.get_req_bn("y"));

         const auto np = p.negate();
         const auto nq = q.negate();
         const auto nx = x.negate();
         const auto ny = y.negate();

         check_px_qy("p*x + q*y", p, x, q, y);
         check_px_qy("-p*-x + -q*-y", np, nx, nq, ny);
         check_px_qy("-(p*-x + q*-y)", p, nx, q, ny, true);
         check_px_qy("-(-p*x + -q*y)", np, x, nq, y, true);

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_mul2", ECC_Mul2_Tests);

class ECC_Mul2_Inf_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         for(const auto& group_id : Botan::EC_Group::known_named_groups()) {
            Test::Result result("ECC mul2 inf " + group_id);

            const auto check_px_qy = [&](const char* what,
                                         const Botan::EC_AffinePoint& p,
                                         const Botan::EC_Scalar& x,
                                         const Botan::EC_AffinePoint& q,
                                         const Botan::EC_Scalar& y) {
               if(const auto z = Botan::EC_AffinePoint::mul_px_qy(p, x, q, y, rng())) {
                  result.test_failure(Botan::fmt("EC_AffinePoint::mul_px_qy {} unexpectedly produced a result", what));
               } else {
                  result.test_success(Botan::fmt("EC_AffinePoint::mul_px_qy {} returned nullopt as expected", what));
               }
            };

            const auto group = Botan::EC_Group::from_name(group_id);

            const auto g = Botan::EC_AffinePoint::generator(group);

            // Choose some other random point z
            const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng());

            const auto r = Botan::EC_Scalar::random(group, rng());
            const auto neg_r = r.negate();
            const auto neg_r2 = neg_r + neg_r;

            const auto zero = r - r;  // NOLINT(*-redundant-expression)
            result.confirm("Computed EC_Scalar is zero", zero.is_zero());

            const auto g2 = g.add(g);

            const auto id = Botan::EC_AffinePoint::identity(group);

            check_px_qy("0*g + r*id", g, zero, id, r);
            check_px_qy("0*id + r*id", id, zero, id, r);
            check_px_qy("0*g + 0*z", g, zero, z, zero);
            check_px_qy("r*g + -r*g", g, r, g, neg_r);
            check_px_qy("-r*g + r*g", g, neg_r, g, r);
            check_px_qy("r*g + r*-g", g, r, g.negate(), r);
            check_px_qy("r*g2 + -r2*g", g2, r, g, neg_r2);

            // Test 'zeroization' (explicit erasure of the scalar content)
            auto r2 = Botan::EC_Scalar::random(group, rng());
            result.confirm("random value is not zero", !r2.is_zero());
            r2.zeroize();
            result.confirm("value is zero", r2.is_zero());

            results.push_back(result);
         }

         return results;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_mul2_inf", ECC_Mul2_Inf_Tests);

class ECC_Point_Addition_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         for(const auto& group_id : Botan::EC_Group::known_named_groups()) {
            Test::Result result("ECC addition " + group_id);

            const auto group = Botan::EC_Group::from_name(group_id);

            const auto g = Botan::EC_AffinePoint::generator(group);
            result.test_eq("g is not the identity element", g.is_identity(), false);

            // Choose some other random point z
            const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng());
            result.test_eq("z is not the identity element", z.is_identity(), false);

            const auto id = Botan::EC_AffinePoint::identity(group);
            result.test_eq("id is the identity element", id.is_identity(), true);

            const auto g_bytes = g.serialize_uncompressed();

            auto check_expr_is_g = [&](const char* msg, const Botan::EC_AffinePoint& pt) {
               result.test_eq(Botan::fmt("{} is g", msg), pt.serialize_uncompressed(), g_bytes);
            };

            const auto nz = z.negate();

            check_expr_is_g("g + id", g.add(id));
            check_expr_is_g("id + g", id.add(g));
            check_expr_is_g("g + id", g.add(id));
            check_expr_is_g("g + -id", g.add(id.negate()));
            check_expr_is_g("g + g + -g", g.add(g).add(g.negate()));
            check_expr_is_g("-id + g", id.negate().add(g));
            check_expr_is_g("z + g - z", z.add(g).add(nz));
            check_expr_is_g("z - z + g", z.add(nz).add(g));
            check_expr_is_g("z + z + g - z - z", z.add(z).add(g).add(nz).add(nz));
            check_expr_is_g("z + id + g + z - z - z", z.add(id).add(g).add(z).add(nz).add(nz));

            results.push_back(result);
         }

         return results;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_pt_addition", ECC_Point_Addition_Tests);

class ECC_Scalar_Arithmetic_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         auto& rng = Test::rng();

         for(const auto& group_id : Botan::EC_Group::known_named_groups()) {
            const auto group = Botan::EC_Group::from_name(group_id);

            Test::Result result("ECC scalar arithmetic " + group_id);
            test_scalar_arith(result, group, rng);
            results.push_back(result);
         }
         return results;
      }

   private:
      void test_scalar_arith(Test::Result& result,
                             const Botan::EC_Group& group,
                             Botan::RandomNumberGenerator& rng) const {
         const auto one = Botan::EC_Scalar::one(group);
         const auto zero = one - one;  // NOLINT(*-redundant-expression)
         const auto two = one + one;

         const size_t order_bytes = group.get_order_bytes();

         const auto ser_zero = std::vector<uint8_t>(order_bytes);

         const auto ser_one = [=]() {
            auto b = ser_zero;
            BOTAN_ASSERT_NOMSG(b.size() > 1);
            b[b.size() - 1] = 1;
            return b;
         }();

         result.test_eq("Serialization of zero is expected value", zero.serialize(), ser_zero);
         result.test_eq("Serialization of one is expected value", one.serialize(), ser_one);

         result.test_eq("Zero is zero", zero.is_zero(), true);
         result.test_eq("Negation of zero is zero", zero.negate().is_zero(), true);
         result.test_eq("One is not zero", one.is_zero(), false);

         // Zero inverse is not mathematically correct, but works out for our purposes
         result.test_eq("Inverse of zero is zero", zero.invert().serialize(), ser_zero);
         result.test_eq("Inverse of one is one", one.invert().serialize(), ser_one);

         result.test_eq("Inverse (vt) of zero is zero", zero.invert_vartime().serialize(), ser_zero);
         result.test_eq("Inverse (vt) of one is one", one.invert_vartime().serialize(), ser_one);

         constexpr size_t test_iter = 128;

         for(size_t i = 0; i != test_iter; ++i) {
            const auto r = Botan::EC_Scalar::random(group, rng);

            // Negation and addition are inverses
            result.test_eq("r + -r == 0", (r + r.negate()).serialize(), ser_zero);

            // Serialization and deserialization are inverses
            const auto r_bytes = r.serialize();
            result.test_eq("Deserialization of r round trips",
                           Botan::EC_Scalar::deserialize(group, r_bytes).value().serialize(),
                           r_bytes);

            // Multiplication and inversion are inverses
            const auto r2 = r * r;
            const auto r_inv = r.invert();
            result.test_eq("r * r^-1 = 1", (r * r_inv).serialize(), ser_one);

            const auto r_inv_vt = r.invert_vartime();
            result.confirm("CT and variable time inversions produced same result", r_inv == r_inv_vt);
         }

         for(size_t i = 0; i != test_iter; ++i) {
            const auto a = Botan::EC_Scalar::random(group, rng);
            const auto b = Botan::EC_Scalar::random(group, rng);

            const auto ab = a * b;
            const auto a_inv = a.invert();
            const auto b_inv = b.invert();

            result.test_eq("a * b / b = a", (ab * b_inv).serialize(), a.serialize());
            result.test_eq("a * b / a = b", (ab * a_inv).serialize(), b.serialize());

            auto a_plus_b = a + b;
            result.test_eq("(a + b) - b == a", (a_plus_b - b).serialize(), a.serialize());
            result.test_eq("(a + b) - a == b", (a_plus_b - a).serialize(), b.serialize());
            result.test_eq("b - (a + b) == -a", (b - a_plus_b).serialize(), a.negate().serialize());
            result.test_eq("a - (a + b) == -b", (a - a_plus_b).serialize(), b.negate().serialize());
         }

         for(size_t i = 0; i != test_iter; ++i) {
            const auto a = Botan::EC_Scalar::random(group, rng);
            const auto b = Botan::EC_Scalar::random(group, rng);
            const auto c = Botan::EC_Scalar::random(group, rng);

            const auto ab_c = (a + b) * c;
            const auto ac_bc = a * c + b * c;

            result.test_eq("(a + b)*c == a * c + b * c", ab_c.serialize(), ac_bc.serialize());
         }

         for(size_t i = 0; i != test_iter; ++i) {
            const auto a = Botan::EC_Scalar::random(group, rng);
            const auto b = Botan::EC_Scalar::random(group, rng);
            const auto c = a * b;

            const auto c_bn = (a.to_bigint() * b.to_bigint());
            result.test_eq("matches BigInt", c.serialize(), (c_bn % group.get_order()).serialize(order_bytes));

            const auto c_wide_bytes = c_bn.serialize();
            result.test_lte("Expected size", c_wide_bytes.size(), 2 * order_bytes);

            const auto z = Botan::EC_Scalar::from_bytes_mod_order(group, c_wide_bytes);

            result.test_eq("from_bytes_mod_order", c.serialize(), z.serialize());
         }

         for(size_t i = 0; i != test_iter; ++i) {
            std::vector<uint8_t> r(2 * group.get_order_bytes());

            rng.randomize(r);

            const auto ref = Botan::BigInt::from_bytes(r) % group.get_order();

            const auto scalar = Botan::EC_Scalar::from_bytes_mod_order(group, r);

            result.test_eq("from_bytes_mod_order (random)", scalar.serialize(), ref.serialize(group.get_order_bytes()));
         }

         result.end_timer();
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecc_scalar_arith", ECC_Scalar_Arithmetic_Tests);

#endif

}  // namespace

}  // namespace Botan_Tests

1	/*
2	* (C) 2014,2015,2019 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "tests.h"
8
9	#if defined(BOTAN_HAS_ECC_GROUP)
10	#include <botan/assert.h>
11	#include <botan/bigint.h>
12	#include <botan/ec_group.h>
13	#include <botan/rng.h>
14	#include <botan/internal/fmt.h>
15	#endif
16
17	namespace Botan_Tests {
18
19	namespace {
20
21	#if defined(BOTAN_HAS_ECC_GROUP)
22
23	class ECC_Basepoint_Mul_Tests final : public Text_Based_Test {	×
24	public:
25	ECC_Basepoint_Mul_Tests() : Text_Based_Test("pubkey/ecc_base_point_mul.vec", "k,P") {}	2✔
26
27	bool skip_this_test(const std::string& group_id, const VarMap& /vars/) override {	535✔
28	return !Botan::EC_Group::supports_named_group(group_id);	535✔
29	}
30
31	Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {	535✔
32	Test::Result result("ECC base point multiply " + group_id);	535✔
33
34	const auto k_bytes = vars.get_req_bin("k");	535✔
35	const auto P_bytes = vars.get_req_bin("P");	535✔
36
37	const auto group = Botan::EC_Group::from_name(group_id);	535✔
38
39	const Botan::BigInt k(k_bytes);	535✔
40
41	#if defined(BOTAN_HAS_LEGACY_EC_POINT)
42	const auto pt = group.OS2ECP(P_bytes);	535✔
43	const Botan::EC_Point p1 = group.get_base_point() * k;	535✔
44	result.test_eq("EC_Point Montgomery ladder", p1.encode(Botan::EC_Point_Format::Uncompressed), P_bytes);	535✔
45	#endif
46
47	const auto scalar = Botan::EC_Scalar::from_bigint(group, k);	535✔
48	const auto apg = Botan::EC_AffinePoint::g_mul(scalar, this->rng());	535✔
49	result.test_eq("AffinePoint::g_mul", apg.serialize_uncompressed(), P_bytes);	535✔
50
51	const auto ag = Botan::EC_AffinePoint::generator(group);	535✔
52	const auto ap = ag.mul(scalar, this->rng());	535✔
53	result.test_eq("AffinePoint::mul", ap.serialize_uncompressed(), P_bytes);	535✔
54
55	return result;	1,070✔
56	}	1,605✔
57	};
58
59	BOTAN_REGISTER_TEST("pubkey", "ecc_basemul", ECC_Basepoint_Mul_Tests);
60
61	class ECC_Varpoint_Mul_Tests final : public Text_Based_Test {	×
62	public:
63	ECC_Varpoint_Mul_Tests() : Text_Based_Test("pubkey/ecc_var_point_mul.vec", "P,k,Z") {}	2✔
64
65	bool skip_this_test(const std::string& group_id, const VarMap& /vars/) override {	829✔
66	return !Botan::EC_Group::supports_named_group(group_id);	829✔
67	}
68
69	Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {	829✔
70	Test::Result result("ECC var point multiply " + group_id);	829✔
71
72	const auto p = vars.get_req_bin("P");	829✔
73	const Botan::BigInt k = vars.get_req_bn("k");	829✔
74	const auto z = vars.get_req_bin("Z");	829✔
75
76	const auto group = Botan::EC_Group::from_name(group_id);	829✔
77
78	#if defined(BOTAN_HAS_LEGACY_EC_POINT)
79	const Botan::EC_Point p1 = group.OS2ECP(p) * k;	1,658✔
80	result.test_eq("EC_Point Montgomery ladder", p1.encode(Botan::EC_Point::Compressed), z);	829✔
81	#endif
82
83	const auto s_k = Botan::EC_Scalar::from_bigint(group, k);	829✔
84	const auto apt = Botan::EC_AffinePoint::deserialize(group, p).value();	1,658✔
85	const auto apt_k = apt.mul(s_k, this->rng());	829✔
86	result.test_eq("p * k (AffinePoint)", apt_k.serialize_compressed(), z);	829✔
87
88	const auto apt_k_neg = apt.negate().mul(s_k.negate(), this->rng());	829✔
89	result.test_eq("-p * -k (AffinePoint)", apt_k_neg.serialize_compressed(), z);	829✔
90
91	const auto neg_apt_neg_k = apt.mul(s_k.negate(), this->rng()).negate();	829✔
92	result.test_eq("-(p * -k) (AffinePoint)", neg_apt_neg_k.serialize_compressed(), z);	829✔
93
94	return result;	1,658✔
95	}	2,487✔
96	};
97
98	BOTAN_REGISTER_TEST("pubkey", "ecc_varmul", ECC_Varpoint_Mul_Tests);
99
100	class ECC_Mul2_Tests final : public Text_Based_Test {	×
101	public:
102	ECC_Mul2_Tests() : Text_Based_Test("pubkey/ecc_var_point_mul2.vec", "P,x,Q,y,Z") {}	2✔
103
104	bool skip_this_test(const std::string& group_id, const VarMap& /vars/) override {	819✔
105	return !Botan::EC_Group::supports_named_group(group_id);	819✔
106	}
107
108	Test::Result run_one_test(const std::string& group_id, const VarMap& vars) override {	819✔
109	Test::Result result("ECC mul2 " + group_id);	819✔
110
111	const auto Z_bytes = vars.get_req_bin("Z");	819✔
112
113	const auto check_px_qy = [&](const char* what,	4,095✔
114	const Botan::EC_AffinePoint& p,
115	const Botan::EC_Scalar& x,
116	const Botan::EC_AffinePoint& q,
117	const Botan::EC_Scalar& y,
118	bool with_final_negation = false) {
119	if(const auto z = Botan::EC_AffinePoint::mul_px_qy(p, x, q, y, rng())) {	3,276✔
120	if(with_final_negation) {	3,276✔
121	result.test_eq(what, z->negate().serialize_compressed(), Z_bytes);	3,276✔
122	} else {
123	result.test_eq(what, z->serialize_compressed(), Z_bytes);	3,276✔
124	}
125	} else {
126	result.test_failure("EC_AffinePoint::mul_px_qy failed to produce a result");	×
127	}	×
128
129	// Now check the same using naive multiply and add:
130	auto z = p.mul(x, rng()).add(q.mul(y, rng()));	3,276✔
131	if(with_final_negation) {	3,276✔
132	z = z.negate();	1,638✔
133	}
134	result.test_eq("px + qy naive", z.serialize_compressed(), Z_bytes);	3,276✔
135	};	3,276✔
136
137	const auto group = Botan::EC_Group::from_name(group_id);	819✔
138
139	const auto p = Botan::EC_AffinePoint::deserialize(group, vars.get_req_bin("P")).value();	3,276✔
140	const auto q = Botan::EC_AffinePoint::deserialize(group, vars.get_req_bin("Q")).value();	3,276✔
141	const auto x = Botan::EC_Scalar::from_bigint(group, vars.get_req_bn("x"));	819✔
142	const auto y = Botan::EC_Scalar::from_bigint(group, vars.get_req_bn("y"));	819✔
143
144	const auto np = p.negate();	819✔
145	const auto nq = q.negate();	819✔
146	const auto nx = x.negate();	819✔
147	const auto ny = y.negate();	819✔
148
149	check_px_qy("px + qy", p, x, q, y);	819✔
150	check_px_qy("-p-x + -q-y", np, nx, nq, ny);	819✔
151	check_px_qy("-(p-x + q-y)", p, nx, q, ny, true);	819✔
152	check_px_qy("-(-px + -qy)", np, x, nq, y, true);	819✔
153
154	return result;	1,638✔
155	}	1,638✔
156	};
157
158	BOTAN_REGISTER_TEST("pubkey", "ecc_mul2", ECC_Mul2_Tests);
159
160	class ECC_Mul2_Inf_Tests final : public Test {	1✔
161	public:
162	std::vector<Test::Result> run() override {	1✔
163	std::vector<Test::Result> results;	1✔
164
165	for(const auto& group_id : Botan::EC_Group::known_named_groups()) {	29✔
166	Test::Result result("ECC mul2 inf " + group_id);	28✔
167
168	const auto check_px_qy = [&](const char* what,	224✔
169	const Botan::EC_AffinePoint& p,
170	const Botan::EC_Scalar& x,
171	const Botan::EC_AffinePoint& q,
172	const Botan::EC_Scalar& y) {
173	if(const auto z = Botan::EC_AffinePoint::mul_px_qy(p, x, q, y, rng())) {	196✔
174	result.test_failure(Botan::fmt("EC_AffinePoint::mul_px_qy {} unexpectedly produced a result", what));	×
175	} else {
176	result.test_success(Botan::fmt("EC_AffinePoint::mul_px_qy {} returned nullopt as expected", what));	392✔
177	}	196✔
178	};	196✔
179
180	const auto group = Botan::EC_Group::from_name(group_id);	28✔
181
182	const auto g = Botan::EC_AffinePoint::generator(group);	28✔
183
184	// Choose some other random point z
185	const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng());	28✔
186
187	const auto r = Botan::EC_Scalar::random(group, rng());	28✔
188	const auto neg_r = r.negate();	28✔
189	const auto neg_r2 = neg_r + neg_r;	28✔
190
191	const auto zero = r - r; // NOLINT(*-redundant-expression)	28✔
192	result.confirm("Computed EC_Scalar is zero", zero.is_zero());	28✔
193
194	const auto g2 = g.add(g);	28✔
195
196	const auto id = Botan::EC_AffinePoint::identity(group);	28✔
197
198	check_px_qy("0g + rid", g, zero, id, r);	28✔
199	check_px_qy("0id + rid", id, zero, id, r);	28✔
200	check_px_qy("0g + 0z", g, zero, z, zero);	28✔
201	check_px_qy("rg + -rg", g, r, g, neg_r);	28✔
202	check_px_qy("-rg + rg", g, neg_r, g, r);	28✔
203	check_px_qy("rg + r-g", g, r, g.negate(), r);	28✔
204	check_px_qy("rg2 + -r2g", g2, r, g, neg_r2);	28✔
205
206	// Test 'zeroization' (explicit erasure of the scalar content)
207	auto r2 = Botan::EC_Scalar::random(group, rng());	28✔
208	result.confirm("random value is not zero", !r2.is_zero());	28✔
209	r2.zeroize();	28✔
210	result.confirm("value is zero", r2.is_zero());	28✔
211
212	results.push_back(result);	28✔
213	}	28✔
214
215	return results;	1✔
216	}	×
217	};
218
219	BOTAN_REGISTER_TEST("pubkey", "ecc_mul2_inf", ECC_Mul2_Inf_Tests);
220
221	class ECC_Point_Addition_Tests final : public Test {	1✔
222	public:
223	std::vector<Test::Result> run() override {	1✔
224	std::vector<Test::Result> results;	1✔
225
226	for(const auto& group_id : Botan::EC_Group::known_named_groups()) {	29✔
227	Test::Result result("ECC addition " + group_id);	28✔
228
229	const auto group = Botan::EC_Group::from_name(group_id);	28✔
230
231	const auto g = Botan::EC_AffinePoint::generator(group);	28✔
232	result.test_eq("g is not the identity element", g.is_identity(), false);	28✔
233
234	// Choose some other random point z
235	const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng());	28✔
236	result.test_eq("z is not the identity element", z.is_identity(), false);	28✔
237
238	const auto id = Botan::EC_AffinePoint::identity(group);	28✔
239	result.test_eq("id is the identity element", id.is_identity(), true);	28✔
240
241	const auto g_bytes = g.serialize_uncompressed();	28✔
242
243	auto check_expr_is_g = [&](const char* msg, const Botan::EC_AffinePoint& pt) {	308✔
244	result.test_eq(Botan::fmt("{} is g", msg), pt.serialize_uncompressed(), g_bytes);	280✔
245	};	280✔
246
247	const auto nz = z.negate();	28✔
248
249	check_expr_is_g("g + id", g.add(id));	28✔
250	check_expr_is_g("id + g", id.add(g));	28✔
251	check_expr_is_g("g + id", g.add(id));	28✔
252	check_expr_is_g("g + -id", g.add(id.negate()));	28✔
253	check_expr_is_g("g + g + -g", g.add(g).add(g.negate()));	28✔
254	check_expr_is_g("-id + g", id.negate().add(g));	28✔
255	check_expr_is_g("z + g - z", z.add(g).add(nz));	28✔
256	check_expr_is_g("z - z + g", z.add(nz).add(g));	28✔
257	check_expr_is_g("z + z + g - z - z", z.add(z).add(g).add(nz).add(nz));	28✔
258	check_expr_is_g("z + id + g + z - z - z", z.add(id).add(g).add(z).add(nz).add(nz));	28✔
259
260	results.push_back(result);	28✔
261	}	56✔
262
263	return results;	1✔
264	}	×
265	};
266
267	BOTAN_REGISTER_TEST("pubkey", "ecc_pt_addition", ECC_Point_Addition_Tests);
268
269	class ECC_Scalar_Arithmetic_Tests final : public Test {	1✔
270	public:
271	std::vector<Test::Result> run() override {	1✔
272	std::vector<Test::Result> results;	1✔
273
274	auto& rng = Test::rng();	1✔
275
276	for(const auto& group_id : Botan::EC_Group::known_named_groups()) {	29✔
277	const auto group = Botan::EC_Group::from_name(group_id);	28✔
278
279	Test::Result result("ECC scalar arithmetic " + group_id);	28✔
280	test_scalar_arith(result, group, rng);	28✔
281	results.push_back(result);	28✔
282	}	28✔
283	return results;	1✔
284	}	×
285
286	private:
287	void test_scalar_arith(Test::Result& result,	28✔
288	const Botan::EC_Group& group,
289	Botan::RandomNumberGenerator& rng) const {
290	const auto one = Botan::EC_Scalar::one(group);	28✔
291	const auto zero = one - one; // NOLINT(*-redundant-expression)	28✔
292	const auto two = one + one;	28✔
293
294	const size_t order_bytes = group.get_order_bytes();	28✔
295
296	const auto ser_zero = std::vector<uint8_t>(order_bytes);	28✔
297
298	const auto ser_one = [=]() {	56✔
299	auto b = ser_zero;	28✔
300	BOTAN_ASSERT_NOMSG(b.size() > 1);	28✔
301	b[b.size() - 1] = 1;	28✔
302	return b;	28✔
303	}();	28✔
304
305	result.test_eq("Serialization of zero is expected value", zero.serialize(), ser_zero);	28✔
306	result.test_eq("Serialization of one is expected value", one.serialize(), ser_one);	28✔
307
308	result.test_eq("Zero is zero", zero.is_zero(), true);	28✔
309	result.test_eq("Negation of zero is zero", zero.negate().is_zero(), true);	28✔
310	result.test_eq("One is not zero", one.is_zero(), false);	28✔
311
312	// Zero inverse is not mathematically correct, but works out for our purposes
313	result.test_eq("Inverse of zero is zero", zero.invert().serialize(), ser_zero);	56✔
314	result.test_eq("Inverse of one is one", one.invert().serialize(), ser_one);	56✔
315
316	result.test_eq("Inverse (vt) of zero is zero", zero.invert_vartime().serialize(), ser_zero);	56✔
317	result.test_eq("Inverse (vt) of one is one", one.invert_vartime().serialize(), ser_one);	56✔
318
319	constexpr size_t test_iter = 128;	28✔
320
321	for(size_t i = 0; i != test_iter; ++i) {	3,612✔
322	const auto r = Botan::EC_Scalar::random(group, rng);	3,584✔
323
324	// Negation and addition are inverses
325	result.test_eq("r + -r == 0", (r + r.negate()).serialize(), ser_zero);	10,752✔
326
327	// Serialization and deserialization are inverses
328	const auto r_bytes = r.serialize();	3,584✔
329	result.test_eq("Deserialization of r round trips",	7,168✔
330	Botan::EC_Scalar::deserialize(group, r_bytes).value().serialize(),	10,752✔
331	r_bytes);
332
333	// Multiplication and inversion are inverses
334	const auto r2 = r * r;	3,584✔
335	const auto r_inv = r.invert();	3,584✔
336	result.test_eq("r * r^-1 = 1", (r * r_inv).serialize(), ser_one);	7,168✔
337
338	const auto r_inv_vt = r.invert_vartime();	3,584✔
339	result.confirm("CT and variable time inversions produced same result", r_inv == r_inv_vt);	3,584✔
340	}	7,168✔
341
342	for(size_t i = 0; i != test_iter; ++i) {	3,612✔
343	const auto a = Botan::EC_Scalar::random(group, rng);	3,584✔
344	const auto b = Botan::EC_Scalar::random(group, rng);	3,584✔
345
346	const auto ab = a * b;	3,584✔
347	const auto a_inv = a.invert();	3,584✔
348	const auto b_inv = b.invert();	3,584✔
349
350	result.test_eq("a * b / b = a", (ab * b_inv).serialize(), a.serialize());	7,168✔
351	result.test_eq("a * b / a = b", (ab * a_inv).serialize(), b.serialize());	7,168✔
352
353	auto a_plus_b = a + b;	3,584✔
354	result.test_eq("(a + b) - b == a", (a_plus_b - b).serialize(), a.serialize());	7,168✔
355	result.test_eq("(a + b) - a == b", (a_plus_b - a).serialize(), b.serialize());	7,168✔
356	result.test_eq("b - (a + b) == -a", (b - a_plus_b).serialize(), a.negate().serialize());	10,752✔
357	result.test_eq("a - (a + b) == -b", (a - a_plus_b).serialize(), b.negate().serialize());	10,752✔
358	}	3,584✔
359
360	for(size_t i = 0; i != test_iter; ++i) {	3,612✔
361	const auto a = Botan::EC_Scalar::random(group, rng);	3,584✔
362	const auto b = Botan::EC_Scalar::random(group, rng);	3,584✔
363	const auto c = Botan::EC_Scalar::random(group, rng);	3,584✔
364
365	const auto ab_c = (a + b) * c;	3,584✔
366	const auto ac_bc = a * c + b * c;	3,584✔
367
368	result.test_eq("(a + b)c == a c + b * c", ab_c.serialize(), ac_bc.serialize());	7,168✔
369	}	3,584✔
370
371	for(size_t i = 0; i != test_iter; ++i) {	3,612✔
372	const auto a = Botan::EC_Scalar::random(group, rng);	3,584✔
373	const auto b = Botan::EC_Scalar::random(group, rng);	3,584✔
374	const auto c = a * b;	3,584✔
375
376	const auto c_bn = (a.to_bigint() * b.to_bigint());	3,584✔
377	result.test_eq("matches BigInt", c.serialize(), (c_bn % group.get_order()).serialize(order_bytes));	10,752✔
378
379	const auto c_wide_bytes = c_bn.serialize();	3,584✔
380	result.test_lte("Expected size", c_wide_bytes.size(), 2 * order_bytes);	3,584✔
381
382	const auto z = Botan::EC_Scalar::from_bytes_mod_order(group, c_wide_bytes);	3,584✔
383
384	result.test_eq("from_bytes_mod_order", c.serialize(), z.serialize());	7,168✔
385	}	7,168✔
386
387	for(size_t i = 0; i != test_iter; ++i) {	3,612✔
388	std::vector<uint8_t> r(2 * group.get_order_bytes());	3,584✔
389
390	rng.randomize(r);	3,584✔
391
392	const auto ref = Botan::BigInt::from_bytes(r) % group.get_order();	3,584✔
393
394	const auto scalar = Botan::EC_Scalar::from_bytes_mod_order(group, r);	3,584✔
395
396	result.test_eq("from_bytes_mod_order (random)", scalar.serialize(), ref.serialize(group.get_order_bytes()));	7,168✔
397	}	7,168✔
398
399	result.end_timer();	28✔
400	}	56✔
401	};
402
403	BOTAN_REGISTER_TEST("pubkey", "ecc_scalar_arith", ECC_Scalar_Arithmetic_Tests);
404
405	#endif
406
407	} // namespace
408
409	} // namespace Botan_Tests

randombit / botan / 22018375255

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous