fbec517255
This is done in preparation of generalizing the optimization to all our EC_METHODs. Wycheproof happily does cover the case where x needed a reduction, but they don't appear to check x being just above or below n, only x = p - 1 (adjusted downwards). Also we can tailor the test vectors a bit to the x == r*z^2 (mod p) strategy to make sure we don't mess that up. Additionally, the scenario is different for n > p. There is also the nuisance of EC_FELEM vs EC_SCALAR having different widths. All our built-in curves are well-behaved (same width, and consistently p < n), but secp160r1 is reachable from custom curves and violates both properties. Generate some tests to cover it as well. Change-Id: Iefa5ebfe689a81870be21f04f5962ab161d38dab Reviewed-on: https://boringssl-review.googlesource.com/c/32985 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| ecdsa_sign_tests.txt | ||
| ecdsa_test.cc | ||
| ecdsa_verify_tests.txt | ||
| ecdsa.c | ||