1 /*
2  * Copyright (c) 2009 Chris K Cockrum <ckc@cockrum.net>
3  *
4  * Copyright (c) 2013 Jens Trillmann <jtrillma@tzi.de>
5  * Copyright (c) 2013 Marc Müller-Weinhardt <muewei@tzi.de>
6  * Copyright (c) 2013 Lars Schmertmann <lars@tzi.de>
7  * Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining a copy
10  * of this software and associated documentation files (the "Software"), to deal
11  * in the Software without restriction, including without limitation the rights
12  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13  * copies of the Software, and to permit persons to whom the Software is
14  * furnished to do so, subject to the following conditions:
15  *
16  * The above copyright notice and this permission notice shall be included in
17  * all copies or substantial portions of the Software.
18  *
19  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25  * THE SOFTWARE.
26  *
27  *
28  * This implementation is based in part on the paper Implementation of an
29  * Elliptic Curve Cryptosystem on an 8-bit Microcontroller [0] by
30  * Chris K Cockrum <ckc@cockrum.net>.
31  *
32  * [0]: http://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf
33  *
34  * This is a efficient ECC implementation on the secp256r1 curve for 32 Bit CPU
35  * architectures. It provides basic operations on the secp256r1 curve and support
36  * for ECDH and ECDSA.
37  */
38 #include <assert.h>
39 #include <string.h>
40 #include <stdio.h>
41 #include "ecc.h"
42 #include "test_helper.h"
43 
44 #ifdef CONTIKI
45 #include "contiki.h"
46 #endif /* CONTIKI */
47 
48 //arbitrary test values and results
49 uint32_t null[8] = {	0x00000000,0x00000000,0x00000000,0x00000000,
50 						0x00000000,0x00000000,0x00000000,0x00000000};
51 uint32_t null64[16] = {	0x00000000,0x00000000,0x00000000,0x00000000,
52 						0x00000000,0x00000000,0x00000000,0x00000000,
53 						0x00000000,0x00000000,0x00000000,0x00000000,
54 						0x00000000,0x00000000,0x00000000,0x00000000};
55 uint32_t one[8] = {	0x00000001,0x00000000,0x00000000,0x00000000,
56 					0x00000000,0x00000000,0x00000000,0x00000000};
57 uint32_t one64[16] = {	0x00000001,0x00000000,0x00000000,0x00000000,
58 						0x00000000,0x00000000,0x00000000,0x00000000,
59 						0x00000000,0x00000000,0x00000000,0x00000000,
60 						0x00000000,0x00000000,0x00000000,0x00000000};
61 uint32_t two[8] = {	0x00000002,0x00000000,0x00000000,0x00000000,
62 					0x00000000,0x00000000,0x00000000,0x00000000};
63 uint32_t two64[16] = {	0x00000002,0x00000000,0x00000000,0x00000000,
64 						0x00000000,0x00000000,0x00000000,0x00000000,
65 						0x00000000,0x00000000,0x00000000,0x00000000,
66 						0x00000000,0x00000000,0x00000000,0x00000000};
67 uint32_t three[8] = {	0x00000003,0x00000000,0x00000000,0x00000000,
68 						0x00000000,0x00000000,0x00000000,0x00000000};
69 uint32_t four[8] = {0x00000004,0x00000000,0x00000000,0x00000000,
70 					0x00000000,0x00000000,0x00000000,0x00000000};
71 uint32_t four64[16] = {	0x00000004,0x00000000,0x00000000,0x00000000,
72 						0x00000000,0x00000000,0x00000000,0x00000000,
73 						0x00000000,0x00000000,0x00000000,0x00000000,
74 						0x00000000,0x00000000,0x00000000,0x00000000};
75 uint32_t six[8] = {	0x00000006,0x00000000,0x00000000,0x00000000,
76 					0x00000000,0x00000000,0x00000000,0x00000000};
77 uint32_t eight[8] = {	0x00000008,0x00000000,0x00000000,0x00000000,
78 						0x00000000,0x00000000,0x00000000,0x00000000};
79 uint32_t full[8] = { 	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
80 						0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
81 //00000000fffffffeffffffffffffffffffffffff000000000000000000000001_16
82 uint32_t resultFullAdd[8] = {	0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
83 								0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000000};
84 uint32_t primeMinusOne[8]=	{	0xfffffffe,0xffffffff,0xffffffff,0x00000000,
85 								0x00000000,0x00000000,0x00000001,0xffffffff};
86 uint32_t resultDoubleMod[8] = { 0xfffffffd,0xffffffff,0xffffffff,0x00000000,
87 								0x00000000,0x00000000,0x00000001,0xffffffff};
88 //fffffffe00000002fffffffe0000000100000001fffffffe00000001fffffffc00000003fffffffcfffffffffffffffffffffffc000000000000000000000004_16
89 uint32_t resultQuadMod[16] = {	0x00000004,0x00000000,0x00000000,0xFFFFFFFC,
90 								0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFC,0x00000003,
91 								0xFFFFFFFC,0x00000001,0xFFFFFFFE,0x00000001,
92 								0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE};
93 //00000002fffffffffffffffffffffffefffffffdffffffff0000000000000002_16
94 uint32_t resultFullMod[8] = { 	0x00000002,0x00000000,0xFFFFFFFF,0xFFFFFFFD,
95 								0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000002};
96 
97 static const uint32_t orderMinusOne[8] = {0xFC632550, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD,
98 					0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF};
99 static const uint32_t orderResultDoubleMod[8] = {0xFC63254F, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF};
100 
101 uint32_t temp[8];
102 uint32_t temp2[16];
103 
nullEverything()104 void nullEverything(){
105 	memset(temp, 0, sizeof(temp));
106 	memset(temp2, 0, sizeof(temp));
107 }
108 
fieldAddTest()109 void fieldAddTest(){
110 	assert(ecc_isSame(one, one, arrayLength));
111 	ecc_fieldAdd(one, null, ecc_prime_r, temp);
112 	assert(ecc_isSame(temp, one, arrayLength));
113 	nullEverything();
114 	ecc_fieldAdd(one, one, ecc_prime_r, temp);
115 	assert(ecc_isSame(temp, two, arrayLength));
116 	nullEverything();
117 	ecc_add(full, one, temp, 32);
118 	assert(ecc_isSame(null, temp, arrayLength));
119 	nullEverything();
120 	ecc_fieldAdd(full, one, ecc_prime_r, temp);
121 	assert(ecc_isSame(temp, resultFullAdd, arrayLength));
122 }
123 
fieldSubTest()124 void fieldSubTest(){
125 	assert(ecc_isSame(one, one, arrayLength));
126 	ecc_fieldSub(one, null, ecc_prime_m, temp);
127 	assert(ecc_isSame(one, temp, arrayLength));
128 	nullEverything();
129 	ecc_fieldSub(one, one, ecc_prime_m, temp);
130 	assert(ecc_isSame(null, temp, arrayLength));
131 	nullEverything();
132 	ecc_fieldSub(null, one, ecc_prime_m, temp);
133 	assert(ecc_isSame(primeMinusOne, temp, arrayLength));
134 }
135 
fieldMultTest()136 void fieldMultTest(){
137 	ecc_fieldMult(one, null, temp2, arrayLength);
138 	assert(ecc_isSame(temp2, null64, arrayLength * 2));
139 	nullEverything();
140 	ecc_fieldMult(one, two, temp2, arrayLength);
141 	assert(ecc_isSame(temp2, two64, arrayLength * 2));
142 	nullEverything();
143 	ecc_fieldMult(two, two, temp2, arrayLength);
144 	assert(ecc_isSame(temp2, four64, arrayLength * 2));
145 	nullEverything();
146 	ecc_fieldMult(primeMinusOne, primeMinusOne, temp2, arrayLength);
147 	assert(ecc_isSame(temp2, resultQuadMod, arrayLength * 2));
148 	nullEverything();
149 	ecc_fieldInv(two, ecc_prime_m, ecc_prime_r, temp);
150 	ecc_fieldMult(temp, two, temp2, arrayLength);
151 	ecc_fieldModP(temp, temp2);
152 	assert(ecc_isSame(temp, one, arrayLength));
153 }
154 
fieldModPTest()155 void fieldModPTest(){
156 	ecc_fieldMult(primeMinusOne, primeMinusOne, temp2, arrayLength);
157 	ecc_fieldModP(temp, temp2);
158 	assert(ecc_isSame(temp, one, arrayLength));
159 	nullEverything();
160 	ecc_fieldModP(temp, one64);
161 	assert(ecc_isSame(temp, one, arrayLength));
162 	nullEverything();
163 	ecc_fieldMult(two, primeMinusOne, temp2, arrayLength);
164 	ecc_fieldModP(temp, temp2);
165 	assert(ecc_isSame(temp, resultDoubleMod, arrayLength));
166 	nullEverything();
167 	/*fieldMult(full, full, temp2, arrayLength); //not working, maybe because of the number bigger than p^2?
168 	fieldModP(temp, temp2);
169 	assert(ecc_isSame(temp, resultFullMod, arrayLength));*/
170 }
171 
fieldModOTest()172 void fieldModOTest(){
173 	ecc_fieldMult(orderMinusOne, orderMinusOne, temp2, arrayLength);
174 	ecc_fieldModO(temp2, temp, arrayLength * 2);
175 	assert(ecc_isSame(temp, one, arrayLength));
176 	nullEverything();
177 	ecc_fieldModO(one64, temp, arrayLength * 2);
178 	assert(ecc_isSame(temp, one, arrayLength));
179 	nullEverything();
180 	ecc_fieldMult(two, orderMinusOne, temp2, arrayLength);
181 	ecc_fieldModO(temp2, temp, arrayLength * 2);
182 	assert(ecc_isSame(temp, orderResultDoubleMod, arrayLength));
183 	nullEverything();
184 }
185 
186 
187 // void rShiftTest(){
188 // 	printNumber(full, 32);
189 // 	rshift(full);
190 // 	printNumber(full, 32);
191 // 	printNumber(two, 32);
192 // 	rshift(two);
193 // 	printNumber(two, 32);
194 // 	printNumber(four, 32);
195 // 	rshift(four);
196 // 	printNumber(four, 32);
197 // }
198 
199 // void isOneTest(){
200 // 	printf("%d\n", isone(one));
201 // 	printf("%d\n", isone(two));
202 // 	printf("%d\n", isone(four));
203 // 	printf("%d\n", isone(full));
204 // 	printf("%d\n", isone(null));
205 // }
206 
fieldInvTest()207 void fieldInvTest(){
208 	nullEverything();
209 	ecc_fieldInv(two, ecc_prime_m, ecc_prime_r, temp);
210 	ecc_fieldMult(temp, two, temp2, arrayLength);
211 	ecc_fieldModP(temp, temp2);
212 	assert(ecc_isSame(one, temp, arrayLength));
213 	nullEverything();
214 	ecc_fieldInv(eight, ecc_prime_m, ecc_prime_r, temp);
215 	ecc_fieldMult(temp, eight, temp2, arrayLength);
216 	ecc_fieldModP(temp, temp2);
217 	assert(ecc_isSame(one, temp, arrayLength));
218 	nullEverything();
219 	ecc_fieldInv(three, ecc_prime_m, ecc_prime_r, temp);
220 	ecc_fieldMult(temp, three, temp2, arrayLength);
221 	ecc_fieldModP(temp, temp2);
222 	assert(ecc_isSame(one, temp, arrayLength));
223 	nullEverything();
224 	ecc_fieldInv(six, ecc_prime_m, ecc_prime_r, temp);
225 	ecc_fieldMult(temp, six, temp2, arrayLength);
226 	ecc_fieldModP(temp, temp2);
227 	assert(ecc_isSame(one, temp, arrayLength));
228 	nullEverything();
229 	ecc_fieldInv(primeMinusOne, ecc_prime_m, ecc_prime_r, temp);
230 	ecc_fieldMult(temp, primeMinusOne, temp2, arrayLength);
231 	ecc_fieldModP(temp, temp2);
232 	assert(ecc_isSame(one, temp, arrayLength));
233 }
234 
235 // void randomStuff(){
236 
237 // }
238 
239 #ifdef CONTIKI
240 PROCESS(ecc_filed_test, "ECC field test");
241 AUTOSTART_PROCESSES(&ecc_filed_test);
PROCESS_THREAD(ecc_filed_test,ev,d)242 PROCESS_THREAD(ecc_filed_test, ev, d)
243 {
244 	PROCESS_BEGIN();
245 
246 	nullEverything();
247 	//randomStuff();
248 	nullEverything();
249 	fieldAddTest();
250 	nullEverything();
251 	fieldSubTest();
252 	nullEverything();
253 	fieldMultTest();
254 	nullEverything();
255 	fieldModPTest();
256 	nullEverything();
257 	fieldModOTest();
258 	nullEverything();
259 	fieldInvTest();
260 	nullEverything();
261 	//rShiftTest();
262 	//isOneTest();
263 	printf("%s\n", "All Tests succesfull!");
264 
265 	PROCESS_END();
266 }
267 #else /* CONTIKI */
main(int argc,char const * argv[])268 int main(int argc, char const *argv[])
269 {
270 	nullEverything();
271 	//randomStuff();
272 	nullEverything();
273 	fieldAddTest();
274 	nullEverything();
275 	fieldSubTest();
276 	nullEverything();
277 	fieldMultTest();
278 	nullEverything();
279 	fieldModPTest();
280 	nullEverything();
281 	fieldModOTest();
282 	nullEverything();
283 	fieldInvTest();
284 	nullEverything();
285 	//rShiftTest();
286 	//isOneTest();
287 	printf("%s\n", "All Tests succesfull!");
288 	return 0;
289 }
290 #endif /* CONTIKI */
291