security/nss/lib/freebl/ecl/tests/ec_naft.c@6474c204b198 (annotated)
security/nss/lib/freebl/ecl/tests/ec_naft.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #include "mpi.h" |
| michael@0 | 6 | #include "mplogic.h" |
| michael@0 | 7 | #include "ecl.h" |
| michael@0 | 8 | #include "ecp.h" |
| michael@0 | 9 | #include "ecl-priv.h" |
| michael@0 | 10 | |
| michael@0 | 11 | #include <sys/types.h> |
| michael@0 | 12 | #include <stdio.h> |
| michael@0 | 13 | #include <time.h> |
| michael@0 | 14 | #include <sys/time.h> |
| michael@0 | 15 | #include <sys/resource.h> |
| michael@0 | 16 | |
| michael@0 | 17 | /* Returns 2^e as an integer. This is meant to be used for small powers of |
| michael@0 | 18 | * two. */ |
| michael@0 | 19 | int ec_twoTo(int e); |
| michael@0 | 20 | |
| michael@0 | 21 | /* Number of bits of scalar to test */ |
| michael@0 | 22 | #define BITSIZE 160 |
| michael@0 | 23 | |
| michael@0 | 24 | /* Time k repetitions of operation op. */ |
| michael@0 | 25 | #define M_TimeOperation(op, k) { \ |
| michael@0 | 26 | double dStart, dNow, dUserTime; \ |
| michael@0 | 27 | struct rusage ru; \ |
| michael@0 | 28 | int i; \ |
| michael@0 | 29 | getrusage(RUSAGE_SELF, &ru); \ |
| michael@0 | 30 | dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ |
| michael@0 | 31 | for (i = 0; i < k; i++) { \ |
| michael@0 | 32 | { op; } \ |
| michael@0 | 33 | }; \ |
| michael@0 | 34 | getrusage(RUSAGE_SELF, &ru); \ |
| michael@0 | 35 | dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ |
| michael@0 | 36 | dUserTime = dNow-dStart; \ |
| michael@0 | 37 | if (dUserTime) printf(" %-45s\n k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \ |
| michael@0 | 38 | } |
| michael@0 | 39 | |
| michael@0 | 40 | /* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D. |
| michael@0 | 41 | * Hankerson, J. Hernandez and A. Menezes, "Software implementation of |
| michael@0 | 42 | * elliptic curve cryptography over binary fields", Proc. CHES 2000. */ |
| michael@0 | 43 | |
| michael@0 | 44 | mp_err |
| michael@0 | 45 | main(void) |
| michael@0 | 46 | { |
| michael@0 | 47 | signed char naf[BITSIZE + 1]; |
| michael@0 | 48 | ECGroup *group = NULL; |
| michael@0 | 49 | mp_int k; |
| michael@0 | 50 | mp_int *scalar; |
| michael@0 | 51 | int i, count; |
| michael@0 | 52 | int res; |
| michael@0 | 53 | int w = 5; |
| michael@0 | 54 | char s[1000]; |
| michael@0 | 55 | |
| michael@0 | 56 | /* Get a 160 bit scalar to compute wNAF from */ |
| michael@0 | 57 | group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1); |
| michael@0 | 58 | scalar = &group->genx; |
| michael@0 | 59 | |
| michael@0 | 60 | /* Compute wNAF representation of scalar */ |
| michael@0 | 61 | ec_compute_wNAF(naf, BITSIZE, scalar, w); |
| michael@0 | 62 | |
| michael@0 | 63 | /* Verify correctness of representation */ |
| michael@0 | 64 | mp_init(&k); /* init k to 0 */ |
| michael@0 | 65 | |
| michael@0 | 66 | for (i = BITSIZE; i >= 0; i--) { |
| michael@0 | 67 | mp_add(&k, &k, &k); |
| michael@0 | 68 | /* digits in mp_???_d are unsigned */ |
| michael@0 | 69 | if (naf[i] >= 0) { |
| michael@0 | 70 | mp_add_d(&k, naf[i], &k); |
| michael@0 | 71 | } else { |
| michael@0 | 72 | mp_sub_d(&k, -naf[i], &k); |
| michael@0 | 73 | } |
| michael@0 | 74 | } |
| michael@0 | 75 | |
| michael@0 | 76 | if (mp_cmp(&k, scalar) != 0) { |
| michael@0 | 77 | printf("Error: incorrect NAF value.\n"); |
| michael@0 | 78 | MP_CHECKOK(mp_toradix(&k, s, 16)); |
| michael@0 | 79 | printf("NAF value %s\n", s); |
| michael@0 | 80 | MP_CHECKOK(mp_toradix(scalar, s, 16)); |
| michael@0 | 81 | printf("original value %s\n", s); |
| michael@0 | 82 | goto CLEANUP; |
| michael@0 | 83 | } |
| michael@0 | 84 | |
| michael@0 | 85 | /* Verify digits of representation are valid */ |
| michael@0 | 86 | for (i = 0; i <= BITSIZE; i++) { |
| michael@0 | 87 | if (naf[i] % 2 == 0 && naf[i] != 0) { |
| michael@0 | 88 | printf("Error: Even non-zero digit found.\n"); |
| michael@0 | 89 | goto CLEANUP; |
| michael@0 | 90 | } |
| michael@0 | 91 | if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) { |
| michael@0 | 92 | printf("Error: Magnitude of naf digit too large.\n"); |
| michael@0 | 93 | goto CLEANUP; |
| michael@0 | 94 | } |
| michael@0 | 95 | } |
| michael@0 | 96 | |
| michael@0 | 97 | /* Verify sparsity of representation */ |
| michael@0 | 98 | count = w - 1; |
| michael@0 | 99 | for (i = 0; i <= BITSIZE; i++) { |
| michael@0 | 100 | if (naf[i] != 0) { |
| michael@0 | 101 | if (count < w - 1) { |
| michael@0 | 102 | printf("Error: Sparsity failed.\n"); |
| michael@0 | 103 | goto CLEANUP; |
| michael@0 | 104 | } |
| michael@0 | 105 | count = 0; |
| michael@0 | 106 | } else |
| michael@0 | 107 | count++; |
| michael@0 | 108 | } |
| michael@0 | 109 | |
| michael@0 | 110 | /* Check timing */ |
| michael@0 | 111 | M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000); |
| michael@0 | 112 | |
| michael@0 | 113 | printf("Test passed.\n"); |
| michael@0 | 114 | CLEANUP: |
| michael@0 | 115 | ECGroup_free(group); |
| michael@0 | 116 | return MP_OKAY; |
| michael@0 | 117 | } |
