diff options
author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-27 21:25:19 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-27 21:25:19 +0000 |
commit | 5edb84671e92de756662871e912488107d15dedd (patch) | |
tree | 5da0baeb94a3385173fbcc65d13c07f0991beee4 /crypto/p224_unittest.cc | |
parent | 2500961f4fdfc570c0b51f027547a734d03c6bd3 (diff) | |
download | chromium_src-5edb84671e92de756662871e912488107d15dedd.zip chromium_src-5edb84671e92de756662871e912488107d15dedd.tar.gz chromium_src-5edb84671e92de756662871e912488107d15dedd.tar.bz2 |
crypto: special case ∞+a, a+∞ and a+a in p224.
In unrelated work, I found that the group addition formula used in p224.cc
doesn't work when one of the arguments is the point at infinity. This change
catches that case and simplifies the ScalarMult loop as a consequence.
In the course of doing this, I found a couple of bugs in Contract that would
have produced the wrong answer is very rare cases.
I also added a catch for a+a. This can't happen in the ScalarMult loop, but it
could happen from SPAKE2 at a rate of 1 in ~2**220 evaluations.
BUG=none
TEST=crypto_unittests
Review URL: https://chromiumcodereview.appspot.com/10822019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148815 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/p224_unittest.cc')
-rw-r--r-- | crypto/p224_unittest.cc | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/p224_unittest.cc b/crypto/p224_unittest.cc index 1ab2ff7..c6acfdd 100644 --- a/crypto/p224_unittest.cc +++ b/crypto/p224_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -806,3 +806,16 @@ TEST(P224, Addition) { p224::Add(minus_b, sum, &a_again); EXPECT_TRUE(a_again.ToString() == a.ToString()); } + +TEST(P224, Infinity) { + char zeros[56]; + memset(zeros, 0, sizeof(zeros)); + + // Test that x^0 = ∞. + Point a; + p224::ScalarBaseMult(reinterpret_cast<const uint8*>(zeros), &a); + EXPECT_TRUE(memcmp(zeros, a.ToString().data(), sizeof(zeros)) == 0); + + // We shouldn't allow ∞ to be imported. + EXPECT_FALSE(a.SetFromString(std::string(zeros, sizeof(zeros)))); +} |