author: J08nY 2017-12-15 01:51:36 +0100
committer: J08nY 2017-12-15 01:51:36 +0100
commit: 44371b75436094aa360e2123191da9cbb9c61fda (patch)
tree: 5e2acd56847dacf6eb2bbce8914d34276498ef69
parent: 61028f63d360d932659987a8d91c060723ee1279 (diff)
download: ecgen-44371b75436094aa360e2123191da9cbb9c61fda.tar.gz
ecgen-44371b75436094aa360e2123191da9cbb9c61fda.tar.zst
ecgen-44371b75436094aa360e2123191da9cbb9c61fda.zip
6 files changed, 193 insertions, 10 deletions
diff --git a/src/exhaustive/brainpool.c b/src/exhaustive/brainpool.c
index 1c8fb31..d7f0c59 100644
--- a/src/exhaustive/brainpool.c
+++ b/src/exhaustive/brainpool.c
@@ -42,7 +42,7 @@ bits_t *brainpool_hash(const bits_t *s, long w, long v) {
 	GEN z = bits_to_i(s);
 	GEN m = int2n(160);
 	for (long i = 1; i <= v; ++i) {
-		bits_t *si = bits_from_i(Fp_add(z, stoi(i), m));
+		bits_t *si = bits_from_i_len(Fp_add(z, stoi(i), m), 160);
 		bits_sha1(si, hashout + (20 * (i - 1)));
 		bits_free(&si);
 	}
@@ -149,7 +149,13 @@ GENERATOR(brainpool_gen_equation) {
 		    brainpool_hash(seed->seed, seed->brainpool.w, seed->brainpool.v);
 		GEN a = bits_to_i(a_bits);
 		bits_free(&a_bits);
-		z = Fp_sqrtn(a, stoi(4), curve->field, NULL);
+		GEN am = Fp_invsafe(a, curve->field);
+		if (am == NULL) {
+			brainpool_update_seed(seed->seed);
+			avma = btop;
+			continue;
+		}
+		z = Fp_sqrtn(Fp_muls(am, -1, curve->field), stoi(4), curve->field, NULL);
 		if (z == NULL) {
 			brainpool_update_seed(seed->seed);
 			avma = btop;
diff --git a/src/exhaustive/brainpool_rfc.c b/src/exhaustive/brainpool_rfc.c
index b3c5e5e..1a9fea9 100644
--- a/src/exhaustive/brainpool_rfc.c
+++ b/src/exhaustive/brainpool_rfc.c
@@ -27,6 +27,8 @@ GENERATOR(brainpool_rfc_gen_seed_input) {
 	brainpool_delegate(brainpool_gen_seed_input);
 }
 
+#undef brainpool_delegate
+
 GENERATOR(brainpool_rfc_gen_equation) {
 	// field is definitely prime
 	pari_sp btop = avma;
@@ -42,7 +44,13 @@ GENERATOR(brainpool_rfc_gen_equation) {
 		    brainpool_hash(seed->seed, seed->brainpool.w, seed->brainpool.v);
 		GEN a = bits_to_i(a_bits);
 		bits_free(&a_bits);
-		z = Fp_sqrtn(a, stoi(4), curve->field, NULL);
+		GEN am = Fp_invsafe(a, curve->field);
+		if (am == NULL) {
+			brainpool_update_seed(seed->seed);
+			avma = btop;
+			continue;
+		}
+		z = Fp_sqrtn(Fp_muls(am, -1, curve->field), stoi(4), curve->field, NULL);
 		if (z == NULL) {
 			brainpool_update_seed(seed->seed);
 			avma = btop;
diff --git a/src/gen/seed.c b/src/gen/seed.c
index 2e3f9e3..3baed9c 100644
--- a/src/gen/seed.c
+++ b/src/gen/seed.c
@@ -46,12 +46,11 @@ void seed_free(seed_t **seed) {
 			case SEED_ANSI:
 				break;
 			case SEED_BRAINPOOL:
+			case SEED_BRAINPOOL_RFC:
 				bits_free(&(*seed)->brainpool.seed_a);
 				bits_free(&(*seed)->brainpool.seed_b);
 				bits_free(&(*seed)->brainpool.seed_bp);
 				break;
-			case SEED_BRAINPOOL_RFC:
-				break;
 			case SEED_FIPS:
 				break;
 			case SEED_NONE:
diff --git a/test/src/exhaustive/test_ansi.c b/test/src/exhaustive/test_ansi.c
index 6938bc1..7558fa0 100644
--- a/test/src/exhaustive/test_ansi.c
+++ b/test/src/exhaustive/test_ansi.c
@@ -151,7 +151,7 @@ ParameterizedTestParameters(ansi, test_ansi_seed_prime_examples) {
 	// clang-format on
 
 	size_t nb_params = sizeof(params) / sizeof(struct prime_params);
-	return cr_make_param_array(struct prime_params, params, nb_params, NULL);
+	return cr_make_param_array(struct prime_params, params, nb_params, prime_params_cleanup);
 }
 ParameterizedTest(struct prime_params *param, ansi,
                   test_ansi_seed_prime_examples) {
@@ -261,8 +261,9 @@ ParameterizedTest(struct binary_params *param, ansi,
 	curve_t curve = {0};
 	curve.field = poly_gen(&param->field);
 
-	GEN expected_b = bits_to_i(bits_from_hex(param->b));
-	bits_t *b = bits_from_i(expected_b);
+	bits_t *b_bits = bits_from_hex(param->b);
+	GEN expected_b = bits_to_i(b_bits);
+	bits_free(&b_bits);
 
 	int ret = ansi_gen_seed_argument(&curve, NULL, OFFSET_SEED);
 	cr_assert_eq(ret, 1, );
@@ -272,6 +273,5 @@ ParameterizedTest(struct binary_params *param, ansi,
 	GEN curve_b = field_elementi(curve.b);
 	cr_assert(gequal(curve_b, expected_b), );
 
-	bits_free(&b);
 	seed_free(&curve.seed);
 }
 \ No newline at end of file
diff --git a/test/src/exhaustive/test_brainpool.c b/test/src/exhaustive/test_brainpool.c
index fe3d90e..d5fefe2 100644
--- a/test/src/exhaustive/test_brainpool.c
+++ b/test/src/exhaustive/test_brainpool.c
@@ -4,7 +4,6 @@
  */
 
 #include <criterion/criterion.h>
-#include <criterion/parameterized.h>
 #include "exhaustive/brainpool.h"
 #include "gen/seed.h"
 #include "test/io.h"
diff --git a/test/src/exhaustive/test_brainpool_rfc.c b/test/src/exhaustive/test_brainpool_rfc.c
new file mode 100644
index 0000000..ed6ae54
--- /dev/null
+++ b/test/src/exhaustive/test_brainpool_rfc.c
@@ -0,0 +1,171 @@
+/*
+ * ecgen, tool for generating Elliptic curve domain parameters
+ * Copyright (C) 2017 J08nY
+ */
+
+#include <criterion/criterion.h>
+#include <criterion/parameterized.h>
+#include "test/io.h"
+#include "test/memory.h"
+#include "misc/types.h"
+#include "gen/seed.h"
+#include "util/bits.h"
+#include "util/memory.h"
+#include "exhaustive/brainpool.h"
+#include "exhaustive/brainpool_rfc.h"
+
+TestSuite(brainpool_rfc, .init = io_setup, .fini = io_teardown);
+
+Test(brainpool_rfc, test_brainpool_rfc_seed_random) {
+	curve_t curve = {0};
+	cfg->bits = 256;
+	int ret = brainpool_rfc_gen_seed_random(&curve, NULL, OFFSET_SEED);
+
+	cr_assert_eq(ret, 1, );
+	cr_assert_not_null(curve.seed, );
+
+	seed_free(&curve.seed);
+}
+
+Test(brainpool_rfc, test_brainpool_rfc_seed_argument) {
+	curve_t curve = {0};
+	char *seed = "abcdefabcdefabcdefabcdefabcdefabcdefabcd";
+	cfg->seed = seed;
+	cfg->bits = 256;
+	int ret = brainpool_rfc_gen_seed_argument(&curve, NULL, OFFSET_SEED);
+
+	cr_assert_eq(ret, 1, );
+	cr_assert_not_null(curve.seed, );
+	char *hex = bits_to_hex(curve.seed->seed);
+	cr_assert_str_eq(hex, seed, );
+
+	try_free(hex);
+	seed_free(&curve.seed);
+}
+
+Test(brainpool_rfc, test_brainpool_rfc_seed_input) {
+	curve_t curve = {0};
+	char *seed = "abcdefabcdefabcdefabcdefabcdefabcdefabcd";
+	cfg->bits = 256;
+	fprintf(write_in, "%s\n", seed);
+	int ret = brainpool_rfc_gen_seed_input(&curve, NULL, OFFSET_SEED);
+
+	cr_assert_eq(ret, 1, );
+	cr_assert_not_null(curve.seed, );
+	char *hex = bits_to_hex(curve.seed->seed);
+	cr_assert_str_eq(hex, seed, );
+
+	try_free(hex);
+	seed_free(&curve.seed);
+}
+
+struct rfc_params {
+	size_t bits;
+	char *p_seed;
+	char *p;
+	char *ab_seed;
+	char *a;
+	char *b;
+};
+
+void params_cleanup(struct criterion_test_params *ctp) {
+	struct rfc_params *params = (struct rfc_params *)ctp->params;
+	cr_free(params->p_seed);
+	cr_free(params->p);
+	cr_free(params->ab_seed);
+	cr_free(params->a);
+	cr_free(params->b);
+}
+
+ParameterizedTestParameters(brainpool_rfc, test_brainpool_rfc_params) {
+	static struct rfc_params params[7] = {{0}};
+
+	params[0].bits = 160;
+	params[0].p_seed = cr_strdup("3243F6A8885A308D313198A2E03707344A409382");
+	params[0].p = cr_strdup("E95E4A5F737059DC60DFC7AD95B3D8139515620F");
+	params[0].ab_seed = cr_strdup("2B7E151628AED2A6ABF7158809CF4F3C762E7160");
+	params[0].a = cr_strdup("340E7BE2A280EB74E2BE61BADA745D97E8F7C300");
+	params[0].b = cr_strdup("1E589A8595423412134FAA2DBDEC95C8D8675E58");
+	params[1].bits = 192;
+	params[1].p_seed = cr_strdup("2299F31D0082EFA98EC4E6C89452821E638D0137");
+	params[1].p = cr_strdup("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297");
+	params[1].ab_seed = cr_strdup("F38B4DA56A784D9045190CFEF324E7738926CFBE");
+	params[1].a = cr_strdup("6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF");
+	params[1].b = cr_strdup("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9");
+	params[2].bits = 224;
+	params[2].p_seed = cr_strdup("7BE5466CF34E90C6CC0AC29B7C97C50DD3F84D5B");
+	params[2].p = cr_strdup("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF");
+	params[2].ab_seed = cr_strdup("5F4BF8D8D8C31D763DA06C80ABB1185EB4F7C7B5");
+	params[2].a = cr_strdup("68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43");
+	params[2].b = cr_strdup("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B");
+	params[3].bits = 256;
+	params[3].p_seed = cr_strdup("5B54709179216D5D98979FB1BD1310BA698DFB5A");
+	params[3].p = cr_strdup("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377");
+	params[3].ab_seed = cr_strdup("757F5958490CFD47D7C19BB42158D9554F7B46BC");
+	params[3].a = cr_strdup("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9");
+	params[3].b = cr_strdup("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6");
+	params[4].bits = 320;
+	params[4].p_seed = cr_strdup("C2FFD72DBD01ADFB7B8E1AFED6A267E96BA7C904");
+	params[4].p = cr_strdup("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27");
+	params[4].ab_seed = cr_strdup("ED55C4D79FD5F24D6613C31C3839A2DDF8A9A276");
+	params[4].a = cr_strdup("3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4");
+	params[4].b = cr_strdup("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6");
+	params[5].bits = 384;
+	params[5].p_seed = cr_strdup("5F12C7F9924A19947B3916CF70801F2E2858EFC1");
+	params[5].p = cr_strdup("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53");
+	params[5].ab_seed = cr_strdup("BCFBFA1C877C56284DAB79CD4C2B3293D20E9E5E");
+	params[5].a = cr_strdup("7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826");
+	params[5].b = cr_strdup("04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11");
+	params[6].bits = 512;
+	params[6].p_seed = cr_strdup("6636920D871574E69A458FEA3F4933D7E0D95748");
+	params[6].p = cr_strdup("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3");
+	params[6].ab_seed = cr_strdup("AF02AC60ACC93ED874422A52ECB238FEEE5AB6AD");
+	params[6].a = cr_strdup("7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA");
+	params[6].b = cr_strdup("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723");
+
+	size_t nb_params = sizeof(params) / sizeof(struct rfc_params);
+	return cr_make_param_array(struct rfc_params, params, nb_params,
+							   params_cleanup);
+}
+ParameterizedTest(struct rfc_params *param, brainpool_rfc, test_brainpool_rfc_params) {
+	cfg->bits = param->bits;
+	cfg->field = FIELD_PRIME;
+
+	bits_t *p_bits = bits_from_hex(param->p);
+	bits_t *a_bits = bits_from_hex(param->a);
+	bits_t *b_bits = bits_from_hex(param->b);
+	GEN p = bits_to_i(p_bits);
+	GEN a = gmodulo(bits_to_i(a_bits), p);
+	GEN b = gmodulo(bits_to_i(b_bits), p);
+	bits_free(&p_bits);
+	bits_free(&a_bits);
+	bits_free(&b_bits);
+
+	curve_t curve = {0};
+	cfg->seed = param->p_seed;
+	int ret = brainpool_rfc_gen_seed_argument(&curve, NULL, OFFSET_SEED);
+	cr_assert_not_null(curve.seed, );
+	cr_assert_eq(ret, 1, );
+
+	ret = brainpool_gen_field(&curve, NULL, OFFSET_FIELD);
+	cr_assert_not_null(curve.field, );
+	cr_assert_eq(ret, 1, );
+	cr_assert(equalii(curve.field, p), );
+
+	seed_free(&curve.seed);
+	cfg->seed = param->ab_seed;
+	ret = brainpool_rfc_gen_seed_argument(&curve, NULL, OFFSET_SEED);
+	cr_assert_not_null(curve.seed, );
+	cr_assert_eq(ret, 1, );
+
+	ret = brainpool_rfc_gen_equation(&curve, NULL, OFFSET_B);
+	pari_printf("expected a = %P#x\n", lift(a));
+	pari_printf("real     a = %P#x\n", lift(curve.a));
+	cr_assert_not_null(curve.a, );
+	cr_assert_not_null(curve.b, );
+	cr_assert_eq(ret, 1, );
+	cr_assert(gequal(curve.a, a), );
+	cr_assert(gequal(curve.b, b), );
+
+	seed_free(&curve.seed);
+}
+\ No newline at end of file
author	J08nY	2017-12-15 01:51:36 +0100
committer	J08nY	2017-12-15 01:51:36 +0100
commit	44371b75436094aa360e2123191da9cbb9c61fda (patch)
tree	5e2acd56847dacf6eb2bbce8914d34276498ef69
parent	61028f63d360d932659987a8d91c060723ee1279 (diff)
download	ecgen-44371b75436094aa360e2123191da9cbb9c61fda.tar.gz ecgen-44371b75436094aa360e2123191da9cbb9c61fda.tar.zst ecgen-44371b75436094aa360e2123191da9cbb9c61fda.zip