diff options
| author |  Andres Erbsen <andreser@mit.edu> | 2017-07-04 00:35:51 -0400 |
|---|---|---|
| committer | Andres Erbsen <andreser@mit.edu> | 2017-07-04 00:35:51 -0400 |
| commit | e8d7196498560153959e38451a56745e42aa640f (patch) | |
| tree | b74f1f55b43abd30c7350e3a6259f6262858c44a /src/Specific/NISTP256/AMD64/test/p256_test.sage | |
| parent | 10368df56113091020e2c611ce92feda3da94ed9 (diff) | |
test p256 mixed addition
passed after fixing some stupid typos in glue code -- no conceptual
issues.
Diffstat (limited to 'src/Specific/NISTP256/AMD64/test/p256_test.sage')
| -rw-r--r-- | src/Specific/NISTP256/AMD64/test/p256_test.sage | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/src/Specific/NISTP256/AMD64/test/p256_test.sage b/src/Specific/NISTP256/AMD64/test/p256_test.sage new file mode 100644 index 000000000..4e249bcae --- /dev/null +++ b/src/Specific/NISTP256/AMD64/test/p256_test.sage @@ -0,0 +1,93 @@ +p256 = 2^256 - 2^224 + 2^192 + 2^96 - 1 +F = GF(p256) +a = F(-3) +b = F(41058363725152142129326129780047268409114441015993725554835256314039467401291) +E = EllipticCurve([a, b]) +B = E(0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296, 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5) + +def orzero(x): + if not x: + return "0" + return x + +def hex4(x): + x = int(x) + M = int(2^64-1) + return hex((x>>(3*64))&M) +', '+ hex((x>>(2*64))&M) +', '+ hex((x>>64)&M) +', '+ hex(x&M) + +R = 2^256 +testcount = [0] +def print_test(J, Z1, A): + Z1 = F(Z1) + print ("{") + print ("uint64_t out[12] = {0};") + + if not J.is_zero(): + X1, Y1 = J.xy() + X1 = X1 * Z1^2 + Y1 = Y1 * Z1^3 + else: + X1 = F(32421522) + Y1 = F(-451234651326) + Z1 = 0 + + if not A.is_zero(): + X2, Y2 = A.xy() + else: + X2 = 0 + Y2 = 0 + + print ("uint64_t J[12] = {" + hex4(R*X1) +", " + hex4(R*Y1) + ", " + hex4(R*Z1) + "};") + print ("uint64_t A[8] = {" + hex4(R*X2) +", " + hex4(R*Y2) + "};") + P = J+A + if not P.is_zero(): + X3, Y3 = P.xy() + if not J.is_zero() and not A.is_zero(): + print ("// both nz") + Z3 = Z1 * (Z1^2*X2 - X1) + elif not J.is_zero(): + print ("// J nz") + Z3 = Z1 + else: + print ("// maybe A nz, maybe neither") + Z3 = F(1) + X3 = X3 * Z3^2 + Y3 = Y3 * Z3^3 + else: + X3 = X1 + Y3 = Y1 + Z3 = 0 + print ("p256_jacobian_add_affine(out, J, A);") + print ("uint64_t ref[12] = {" + hex4(R*X3) +", " + hex4(R*Y3) + ", " + hex4(R*Z3) + "};") + testcount[0] = testcount[0] + 1 + print ("if (memcmp(out, ref, sizeof(uint64_t)*12)) return %d;"%testcount[0]) + print ("}") + +P = E(0, sqrt(b)) + +print (""" +#include <string.h> +#include <stdint.h> +#include "p256.h" + +int main() { +""") +print_test(B,1, P) +print_test(B,1, -P) +print_test(B,2, P) +print_test(B,2, -P) +print_test(P,2, P) +print_test(P,-1, P) +print_test(-P,1, B) +print_test(-P,-1, B) +print_test(B-B,0, B) +print_test(P,1, B-B) +print_test(P,-1, B-B) +print_test(B,1, B-B) +import random +random.seed(314) +for i in range(200): + print_test(random.randint(0,100)*B,random.randint(1,100)^random.randint(0,10), random.randint(0,100)*P) +print(""" +return 0; +}""") |