aboutsummaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/data/formulas/add-ipp-x255192
-rw-r--r--test/data/formulas/add-ipp-x25519.op39
-rw-r--r--test/data/formulas/dbl-ipp-x255194
-rw-r--r--test/data/formulas/dbl-ipp-x25519.op39
-rw-r--r--test/data/formulas/ladd-boringssl-x255194
-rw-r--r--test/data/formulas/ladd-boringssl-x25519.op318
-rw-r--r--test/sca/test_structural.py14
7 files changed, 60 insertions, 0 deletions
diff --git a/test/data/formulas/add-ipp-x25519 b/test/data/formulas/add-ipp-x25519
new file mode 100644
index 0000000..befda7b
--- /dev/null
+++ b/test/data/formulas/add-ipp-x25519
@@ -0,0 +1,2 @@
+source Intel IPP crypto https://github.com/intel/ipp-crypto/blob/ippcp_2021.9.0/sources/ippcp/crypto_mb/src/x25519/ifma_x25519.c#L1676
+coords xz
diff --git a/test/data/formulas/add-ipp-x25519.op3 b/test/data/formulas/add-ipp-x25519.op3
new file mode 100644
index 0000000..2b2a446
--- /dev/null
+++ b/test/data/formulas/add-ipp-x25519.op3
@@ -0,0 +1,9 @@
+B = X1 - Z1
+A = X1 + Z1
+C = mu * B //???
+B = A - C
+A = A + C
+A = A^2
+B = B^2
+X1 = Z2 * A
+Z1 = X2 * B
diff --git a/test/data/formulas/dbl-ipp-x25519 b/test/data/formulas/dbl-ipp-x25519
new file mode 100644
index 0000000..9010ee9
--- /dev/null
+++ b/test/data/formulas/dbl-ipp-x25519
@@ -0,0 +1,4 @@
+source Intel IPP crypto https://github.com/intel/ipp-crypto/blob/ippcp_2021.9.0/sources/ippcp/crypto_mb/src/x25519/ifma_x25519.c#L1689
+parameter a24
+assume a24 = (a+2)/4
+coords xz
diff --git a/test/data/formulas/dbl-ipp-x25519.op3 b/test/data/formulas/dbl-ipp-x25519.op3
new file mode 100644
index 0000000..baaeb54
--- /dev/null
+++ b/test/data/formulas/dbl-ipp-x25519.op3
@@ -0,0 +1,9 @@
+A = X1 + Z1
+B = X1 - Z1
+A = A^2
+B = B^2
+C = A - B
+D = a24 * C
+D = D + B
+X3 = A * B
+Z3 = C * D
diff --git a/test/data/formulas/ladd-boringssl-x25519 b/test/data/formulas/ladd-boringssl-x25519
new file mode 100644
index 0000000..416b245
--- /dev/null
+++ b/test/data/formulas/ladd-boringssl-x25519
@@ -0,0 +1,4 @@
+source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/curve25519/curve25519.c#L624
+parameter a24
+assume a24 = (a+2)/4
+coords xz
diff --git a/test/data/formulas/ladd-boringssl-x25519.op3 b/test/data/formulas/ladd-boringssl-x25519.op3
new file mode 100644
index 0000000..738d213
--- /dev/null
+++ b/test/data/formulas/ladd-boringssl-x25519.op3
@@ -0,0 +1,18 @@
+tmp0 = X3 - Z3
+tmp1 = X2 - Z2
+X2 = X2 + Z2
+Z2 = X3 + Z3
+Z3 = tmp0 * X2
+Z2 = Z2 * tmp1
+tmp0 = tmp1^2
+tmp1 = X2^2
+X3 = Z3 + Z2
+Z2 = Z3 - Z2
+X4 = tmp1 * tmp0
+tmp1 = tmp1 - tmp0
+Z2 = Z2^2
+Z3 = tmp1 * a24
+X5 = X3^2
+tmp0 = tmp0 + Z3
+Z5 = X1 * Z2
+Z4 = tmp1 * tmp0
diff --git a/test/sca/test_structural.py b/test/sca/test_structural.py
index bf93a20..b323f58 100644
--- a/test/sca/test_structural.py
+++ b/test/sca/test_structural.py
@@ -224,6 +224,20 @@ def test_formula_similarity(secp128r1):
("secg", "secp256r1"),
DoublingEFDFormula,
],
+ [
+ "ladd-boringssl-x25519",
+ MontgomeryModel,
+ "xz",
+ ("other", "Curve25519"),
+ LadderEFDFormula,
+ ],
+ [
+ "dbl-ipp-x25519",
+ MontgomeryModel,
+ "xz",
+ ("other", "Curve25519"),
+ DoublingEFDFormula,
+ ],
],
)
def test_formula_correctness(name, model, coords, param_spec, formula_type):
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2026-01-03 21:19:10 +0000