Add some tests for scalar operations.

Largely random data, but make it easy to add things in the future. Change-Id: I30bee790bd9671b4d0327c2244fe5cd1a8954f90 Reviewed-on: https://boringssl-review.googlesource.com/27591 Reviewed-by: Adam Langley <alangley@gmail.com>
pirms 6 gadiem · b27b579fdd
--- a/crypto/fipsmodule/ec/p256-x86_64.h
+++ b/crypto/fipsmodule/ec/p256-x86_64.h
@@ -62,6 +62,24 @@ static inline void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
 }


 // P-256 scalar operations.
 //
 // The following functions compute modulo N, where N is the order of P-256. They
 // take fully-reduced inputs and give fully-reduced outputs.

 // ecp_nistz256_ord_mul_mont sets |res| to |a| * |b| where inputs and outputs
 // are in Montgomery form. That is, |res| is |a| * |b| * 2^-256 mod N.
 void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS],
                               const BN_ULONG a[P256_LIMBS],
                               const BN_ULONG b[P256_LIMBS]);

 // ecp_nistz256_ord_sqr_mont sets |res| to |a|^(2*|rep|) where inputs and
 // outputs are in Montgomery form. That is, |res| is
 // (|a| * 2^-256)^(2*|rep|) * 2^256 mod N.
 void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS],
                               const BN_ULONG a[P256_LIMBS], int rep);


 // P-256 point operations.
 //
 // The following functions may be used in-place. All coordinates are in the
--- a/crypto/fipsmodule/ec/p256-x86_64_test.cc
+++ b/crypto/fipsmodule/ec/p256-x86_64_test.cc
@@ -365,6 +365,47 @@ static void TestPointAdd(FileTest *t) {
  }
 }

 static void TestOrdMulMont(FileTest *t) {
  // This test works on scalars rather than field elements, but the
  // representation is the same.
  BN_ULONG a[P256_LIMBS], b[P256_LIMBS], result[P256_LIMBS];
  ASSERT_TRUE(GetFieldElement(t, a, "A"));
  ASSERT_TRUE(GetFieldElement(t, b, "B"));
  ASSERT_TRUE(GetFieldElement(t, result, "Result"));

  BN_ULONG ret[P256_LIMBS];
  ecp_nistz256_ord_mul_mont(ret, a, b);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  ecp_nistz256_ord_mul_mont(ret, b, a);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  OPENSSL_memcpy(ret, a, sizeof(ret));
  ecp_nistz256_ord_mul_mont(ret, ret /* a */, b);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  OPENSSL_memcpy(ret, a, sizeof(ret));
  ecp_nistz256_ord_mul_mont(ret, b, ret);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  OPENSSL_memcpy(ret, b, sizeof(ret));
  ecp_nistz256_ord_mul_mont(ret, a, ret /* b */);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  OPENSSL_memcpy(ret, b, sizeof(ret));
  ecp_nistz256_ord_mul_mont(ret, ret /* b */, a);
  EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

  if (OPENSSL_memcmp(a, b, sizeof(a)) == 0) {
    ecp_nistz256_ord_sqr_mont(ret, a, 1);
    EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);

    OPENSSL_memcpy(ret, a, sizeof(ret));
    ecp_nistz256_ord_sqr_mont(ret, ret /* a */, 1);
    EXPECT_FIELD_ELEMENTS_EQUAL(result, ret);
  }
 }

 TEST(P256_X86_64Test, TestVectors) {
  return FileTestGTest("crypto/fipsmodule/ec/p256-x86_64_tests.txt",
                       [](FileTest *t) {
@@ -376,6 +417,8 @@ TEST(P256_X86_64Test, TestVectors) {
      TestFromMont(t);
    } else if (t->GetParameter() == "PointAdd") {
      TestPointAdd(t);
    } else if (t->GetParameter() == "OrdMulMont") {
      TestOrdMulMont(t);
    } else {
      FAIL() << "Unknown test type:" << t->GetParameter();
    }
--- a/crypto/fipsmodule/ec/p256-x86_64_tests.txt
+++ b/crypto/fipsmodule/ec/p256-x86_64_tests.txt
@@ -1403,3 +1403,141 @@ B.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32
 B.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8
 Result.X = fba400ae656ec3103c5c5f531d2a0f7368031e01a48a91f1a4f3138d294b13be
 Result.Y = 160e358ad1f059eb62722df01a7440048a1db21ecaea8698efa9677db6e9ff97


 # Scalar montgomery multiplication tests.
 #
 # The following tests satisfy A * B * 2^-256 = Result (mod N).

 Test = OrdMulMont
 A = 0000000000000000000000000000000000000000000000000000000000000000
 B = b4e9b0aea84aa5ed86964a22881a4d0e58f88e9225f30990c18751e7d4b9ec95
 Result = 0000000000000000000000000000000000000000000000000000000000000000

 Test = OrdMulMont
 A = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf
 B = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323
 Result = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323

 Test = OrdMulMont
 A = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550
 B = abafdc695e4c2c850f8fc60f1efdbf7406a3cd2c6c59bb7e608985723896c187
 Result = 917b1214c7b31a7ee7e53be0b41a139e435ff576b51ec6af1e1a944412bea38b

 Test = OrdMulMont
 A = cf0f01b83670a1c79154ea16f3574ca2d4c688a3c3b6017795cbe54854418904
 B = c5ec4d3b00fb2e11fb3b1aa09e60f7d187f7c515977d1343dab9745961fcbb43
 Result = 7aaddcee32e3b340af5ad06f854284cbbce5a1ab919e9b7771c3b0e937093438

 Test = OrdMulMont
 A = 50023f9913879ac4020bc45a89a0ea89082db6265b96b851af29969dd8a9661c
 B = 7c165b1cba80808db114441563aa0fbfba41b9e8acff77312a2dd2138b74ef89
 Result = 3d2ca1705d8d38cbc76a5409c6535044733cafcb95d12654af1d14de177978b5

 Test = OrdMulMont
 A = 4d5341ea735e53d2e4f2934755642adee209bd0e5a1506206513227f3c48b270
 B = 6e48f2b60eb8fb86760134abaf3d61692557862924069c599ceb31309ea18704
 Result = 37cde3e35c814d4287bd345b910d687983929907b7a08afa2acd8596832ea86c

 Test = OrdMulMont
 A = 33d06c3f5a595a41a6f9c4356f8ab2b8c550d4c64b806eab5560af247c5fa9ed
 B = 0e52f34adf5754343bcf3529d652620da3c05b5dd9cdcddfb08b674a1ad21a09
 Result = 9dc64d7b4c1bc33b930e0daee2a24fc41f770378659ee71b846d2239b0fea8ea

 Test = OrdMulMont
 A = 8f211780cce4f93b7193b9378e6f83e1147fb3602b052eef782de8cc833e54ab
 B = e1e4f7f1feb15be64292cff86b47cd9730bcb15b133340022b824d591a660cdf
 Result = dfa2b683b1ae23027c7c109e0abb40a1366eda027ad2cad1a09061a57bee391f

 Test = OrdMulMont
 A = 803c279c7e4c11a5568290c0a5789ceab6860f51a942bf646501a45e1ec0a6bf
 B = c0a1145a12037129c571f5f939bf16ea0b8b480f08ec774c045d059841f7d5ed
 Result = ab48fa3b4aa692a7c077cc55ee3c3fff895118a23728c2fa5f361b30730d955a

 Test = OrdMulMont
 A = 0e5c95158297d75dbf0b02c3090730f65bf14704495b14837dd907af569407f1
 B = 5a03e3787c8772b2fb7ab07d7fe7fe653a58bdae7fde3174c6ed305e524f5728
 Result = 71296d305dcf9ce39010ea4f4bbf9f7c1064a413597bdc7574c13dea3fa514dc

 Test = OrdMulMont
 A = 366299be07886f7846fc74231db624b169360e3c8f60196a1afc9f2101e03922
 B = d6d7c830a6edb6861868b964519a6b68f6f24f7c09d66003f3f88eadd1e00158
 Result = 0b89596bf5054ebe95a39dab6e975b58190160610b09b2a4f93331ecc0e79fd3

 Test = OrdMulMont
 A = 8f36f0ef275a72192c3b7388e84df2b8acf66fc53aaf556e3be05c76b3f782c0
 B = 704e519363d44e8df8d91f5f347eb61e8d3e85c8fc1b82980c370a379b2bc81c
 Result = b70a392e3ce5e85b5efbbded9b8c16a3068ba9b93b4cbed9a9a71dffaad6b58a

 Test = OrdMulMont
 A = bf4466ef4dea9f06f0f3b4f14e01140a774262c7e0706584f4d7dac19be46d58
 B = 4af12d528b2cef0f6714961bca2ab682f8abaa97600ea8181f71563d56f8a9f5
 Result = 7b6827c0881b9846e32499e13277efb07917cf4b8c8c72bfb3daa8c1786a8e15


 # Test cases where A == B to test squaring.

 Test = OrdMulMont
 A = 0000000000000000000000000000000000000000000000000000000000000000
 B = 0000000000000000000000000000000000000000000000000000000000000000
 Result = 0000000000000000000000000000000000000000000000000000000000000000

 Test = OrdMulMont
 A = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf
 B = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf
 Result = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf

 Test = OrdMulMont
 A = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550
 B = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550
 Result = 60d066334905c1e907f8b6041e607725badef3e243566fafce1bc8f79c197c79

 Test = OrdMulMont
 A = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41
 B = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41
 Result = 5ec68604412205b380e26ee4e4081eccc10ac7d1417b09cd534f8517b0de81ec

 Test = OrdMulMont
 A = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47
 B = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47
 Result = 552c094a8841621d6cc26b3b54ce5da5664283888445196a6433d3cfdcad3aee

 Test = OrdMulMont
 A = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd
 B = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd
 Result = 971aaa9e70ad082cf43725f2e65bc73f4bf762459cee13167545072ec7bdcaf8

 Test = OrdMulMont
 A = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496
 B = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496
 Result = eb3284e5799fbe93171f08e6de9f792cd17f036b3a17671b0310e49b48e589b3

 Test = OrdMulMont
 A = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900
 B = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900
 Result = 74f70a95399b7ad061a2200fa50528d68eee4654341c8158101e1e3f8f16e642

 Test = OrdMulMont
 A = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732
 B = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732
 Result = e1e9cfa4724995bb50971ca22f3c028cd31cb51fbef8a37c31f10fd1d468f13b

 Test = OrdMulMont
 A = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60
 B = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60
 Result = b9ccb67f377e1278f1d2eeda26e5eed76f32406c9deed9764fc0aa346d91e02b

 Test = OrdMulMont
 A = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304
 B = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304
 Result = 82c3467bc5f7ca8b45f4ee61546745e2f53755a02e87f65f572418d60e471c8b

 Test = OrdMulMont
 A = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978
 B = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978
 Result = dbf3c2fc67a0688c3b5ff12cab1739d50b6093c5d98943d388652b1207e4a0f2

 Test = OrdMulMont
 A = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81
 B = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81
 Result = 9232aa2759ca9c5efbaefb0cf45cc6bc9c89def8c25e5c169fe623f30787df36