diff options
| -rw-r--r-- | test/data/formulas/add-boringssl-p224 | 2 | ||||
| -rw-r--r-- | test/data/formulas/add-boringssl-p224.op3 | 23 | ||||
| -rw-r--r-- | test/data/formulas/dbl-boringssl-p224 | 2 | ||||
| -rw-r--r-- | test/data/formulas/dbl-boringssl-p224.op3 | 20 | ||||
| -rw-r--r-- | test/data/formulas/ladd-bc-r1rv76-x25519.op3 | 2 | ||||
| -rw-r--r-- | test/sca/test_structural.py | 34 |
6 files changed, 72 insertions, 11 deletions
diff --git a/test/data/formulas/add-boringssl-p224 b/test/data/formulas/add-boringssl-p224 new file mode 100644 index 0000000..f3b8097 --- /dev/null +++ b/test/data/formulas/add-boringssl-p224 @@ -0,0 +1,2 @@ +source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/fipsmodule/ec/p224-64.c#L676 +coords jacobian-3 diff --git a/test/data/formulas/add-boringssl-p224.op3 b/test/data/formulas/add-boringssl-p224.op3 new file mode 100644 index 0000000..bd0f88e --- /dev/null +++ b/test/data/formulas/add-boringssl-p224.op3 @@ -0,0 +1,23 @@ +ftmp2 = Z2^2 +ftmp4 = Z2 * ftmp2 +ftmp4 = ftmp4 * Y1 +ftmp2 = ftmp2 * X1 +ftmp = Z1^2 +ftmp3 = Z1 * ftmp +tmp = ftmp3 * Y2 +ftmp3 = tmp - ftmp4 +tmp = ftmp * X2 +ftmp = tmp - ftmp2 +ftmp5 = Z1 * Z2 +Z3 = ftmp * ftmp5 +_ftmp = ftmp^2 +ftmp5 = ftmp * _ftmp +ftmp2 = ftmp2 * _ftmp +tmp = ftmp4 * ftmp5 +tmp2 = ftmp3^2 +tmp2 = tmp2 - ftmp5 +ftmp5 = 2 * ftmp2 +X3 = tmp2 - ftmp5 +ftmp2 = ftmp2 - X3 +tmp2 = ftmp3 * ftmp2 +Y3 = tmp2 - tmp diff --git a/test/data/formulas/dbl-boringssl-p224 b/test/data/formulas/dbl-boringssl-p224 new file mode 100644 index 0000000..db28389 --- /dev/null +++ b/test/data/formulas/dbl-boringssl-p224 @@ -0,0 +1,2 @@ +source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/fipsmodule/ec/p224-64.c#L591 +coords jacobian-3 diff --git a/test/data/formulas/dbl-boringssl-p224.op3 b/test/data/formulas/dbl-boringssl-p224.op3 new file mode 100644 index 0000000..a0d6fe8 --- /dev/null +++ b/test/data/formulas/dbl-boringssl-p224.op3 @@ -0,0 +1,20 @@ +delta = Z1^2 +gamma = Y1^2 +beta = X1 * gamma +ftmp = X1 - delta +ftmp2 = X1 + delta +ftmp2 = 3 * ftmp2 +alpha = ftmp * ftmp2 +tmp = alpha^2 +ftmp = 8 * beta +X3 = tmp - ftmp +delta = delta + gamma +ftmp = Y1 + Z1 +tmp = ftmp^2 +Z3 = tmp - delta +beta = 4 * beta +beta = beta - X3 +tmp = alpha * beta +tmp2 = gamma^2 +tmp2 = 8 * tmp2 +Y3 = tmp - tmp2 diff --git a/test/data/formulas/ladd-bc-r1rv76-x25519.op3 b/test/data/formulas/ladd-bc-r1rv76-x25519.op3 index 4142bff..2859b26 100644 --- a/test/data/formulas/ladd-bc-r1rv76-x25519.op3 +++ b/test/data/formulas/ladd-bc-r1rv76-x25519.op3 @@ -4,7 +4,7 @@ Z3 = X2 + Z2 X2 = X2 - Z2 t1 = t1 * X2 X3 = X3 * Z3 -Z3 = Z3^3 +Z3 = Z3^2 X2 = X2^2 t2 = Z3 - X2 Z2 = t2 * a24 diff --git a/test/sca/test_structural.py b/test/sca/test_structural.py index 1fe0288..d8200a3 100644 --- a/test/sca/test_structural.py +++ b/test/sca/test_structural.py @@ -18,14 +18,14 @@ import itertools def test_formula_match(): model = ShortWeierstrassModel() coords = model.coordinates["jacobian"] - secp128r1 = get_params("secg", "secp128r1", "jacobian") + secp128r1 = get_params("secg", "secp224r1", "jacobian-3") with as_file( - files(test.data.formulas).joinpath("dbl-bc-r1rv76-jac") + files(test.data.formulas).joinpath("dbl-boringssl-p224") ) as meta_path, as_file( - files(test.data.formulas).joinpath("dbl-bc-r1rv76-jac.op3") + files(test.data.formulas).joinpath("dbl-boringssl-p224.op3") ) as op3_path: bc_formula = DoublingEFDFormula( - meta_path, op3_path, "dbl-bc-r1rv76-jac", coords + meta_path, op3_path, "dbl-boringssl-p224", coords ) print() for other_name, other_formula in coords.formulas.items(): @@ -129,6 +129,20 @@ def test_efd_formula_match(): ("other", "Curve25519"), LadderEFDFormula, ], + [ + "dbl-boringssl-p224", + ShortWeierstrassModel, + "jacobian-3", + ("secg", "secp224r1"), + DoublingEFDFormula, + ], + [ + "add-boringssl-p224", + ShortWeierstrassModel, + "jacobian-3", + ("secg", "secp224r1"), + AdditionEFDFormula, + ], ], ) def test_formula_correctness(name, model, coords, param_spec, formula_type): @@ -153,7 +167,7 @@ def test_formula_correctness(name, model, coords, param_spec, formula_type): P = Paff.to_model(coordinate_model, params.curve) P2 = P2aff.to_model(coordinate_model, params.curve) Q = Qaff.to_model(coordinate_model, params.curve) - Q2 = Q2aff.to_model(coordinate_model, params.curve) # noqa + Q2 = Q2aff.to_model(coordinate_model, params.curve) R = Raff.to_model(coordinate_model, params.curve) R2 = R2aff.to_model(coordinate_model, params.curve) # noqa QR = QRaff.to_model(coordinate_model, params.curve) @@ -176,7 +190,7 @@ def test_formula_correctness(name, model, coords, param_spec, formula_type): ) elif issubclass(formula_type, LadderFormula): try: - # assert res[0].to_affine() == Q2aff + assert res[0].to_affine() == Q2aff assert res[1].to_affine() == QRaff except NotImplementedError: # print(scale(params.curve.prime, res[0], **params.curve.parameters)[0]) @@ -193,7 +207,7 @@ def test_formula_correctness(name, model, coords, param_spec, formula_type): scale(params.curve.prime, res[1], **params.curve.parameters)[0] == QR ) - # assert ( - # scale(params.curve.prime, res[0], **params.curve.parameters)[0] - # == Q2 - # ) + assert ( + scale(params.curve.prime, res[0], **params.curve.parameters)[0] + == Q2 + ) |