diff options
| author | Russ Cox <rsc@golang.org> | 2017-06-14 13:53:57 -0400 |
|---|---|---|
| committer | Russ Cox <rsc@golang.org> | 2017-06-14 13:53:57 -0400 |
| commit | 8a5ef1501dee0715093e87cdc1c9b6becb81c882 (patch) | |
| tree | 85a4b4d1e5633edb79567d9deb3bbbf02ee9383e /src/crypto | |
| parent | 1ba29926f3bfd245d46cf1f287716290bc2f1034 (diff) | |
| parent | 352996a381701cfa0c16e8de29cbde8f3922182f (diff) | |
| download | go-git-dev.typealias.tar.gz | |
[dev.typealias] all: merge go1.8.3 into dev.typealiasdev.typealias
352996a381 (tag: go1.8.3) [release-branch.go1.8] go1.8.3
bb5055d6f1 [release-branch.go1.8] doc: document go1.8.3
439c0c8be8 [release-branch.go1.8] cmd/compile: don't move spills to loop exits where the spill is dead
e396667ba3 [release-branch.go1.8] cmd/compile: zero ambiguously live variables at VARKILLs
daf6706f37 [release-branch.go1.8] runtime: use pselect6 for usleep on linux/386
958c64bbab [release-branch.go1.8] runtime: use pselect6 for usleep on linux/amd64 and linux/arm
195e20a976 [release-branch.go1.8] cmd/compile: ignore types when considering tuple select for CSE
f55bc1c4eb [release-branch.go1.8] net/http: update bundled http2 for gracefulShutdownCh lock contention slowdown
51f508bb4a [release-branch.go1.8] cmd/compile: fix s390x unsigned comparison constant merging rules
243dee1737 [release-branch.go1.8] cmd/go: if we get a C compiler dwarf2 warning, try without -g
a43c0d2dc8 [release-branch.go1.8] runtime: don't corrupt arena bounds on low mmap
1054085dcf [release-branch.go1.8] cmd/compile: fix store chain in schedule pass
18a13d373a [release-branch.go1.8] runtime: doubly fix "double wakeup" panic
6efa2f22ac [release-branch.go1.8] database/sql: ensure releaseConn is defined before a possible close
fb9770f09b [release-branch.go1.8] runtime: print debug info on "base out of range"
b6a8fc8d8c [release-branch.go1.8] doc: remove mentions of yacc tool
59870f9e19 (tag: go1.8.2) [release-branch.go1.8] go1.8.2
c9688ddb6b [release-branch.go1.8] doc: document go1.8.2 and go1.7.6
38d35f49e7 [release-branch.go1.8] crypto/elliptic: fix carry bug in x86-64 P-256 implementation.
Change-Id: I2aa0eab7a990d24e25809fb13ce6cb031104f474
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/elliptic/elliptic_test.go | 36 | ||||
| -rw-r--r-- | src/crypto/elliptic/p256_asm_amd64.s | 10 |
2 files changed, 41 insertions, 5 deletions
diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go index 902c414383..c3e4c17d25 100644 --- a/src/crypto/elliptic/elliptic_test.go +++ b/src/crypto/elliptic/elliptic_test.go @@ -300,6 +300,29 @@ var p224BaseMultTests = []baseMultTest{ }, } +type scalarMultTest struct { + k string + xIn, yIn string + xOut, yOut string +} + +var p256MultTests = []scalarMultTest{ + { + "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737", + "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea", + "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad", + "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3", + "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0", + }, + { + "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd", + "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06", + "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031", + "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991", + "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684", + }, +} + func TestBaseMult(t *testing.T) { p224 := P224() for i, e := range p224BaseMultTests { @@ -379,6 +402,19 @@ func TestP256Mult(t *testing.T) { break } } + + for i, e := range p256MultTests { + x, _ := new(big.Int).SetString(e.xIn, 16) + y, _ := new(big.Int).SetString(e.yIn, 16) + k, _ := new(big.Int).SetString(e.k, 16) + expectedX, _ := new(big.Int).SetString(e.xOut, 16) + expectedY, _ := new(big.Int).SetString(e.yOut, 16) + + xx, yy := p256.ScalarMult(x, y, k.Bytes()) + if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 { + t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY) + } + } } func TestInfinity(t *testing.T) { diff --git a/src/crypto/elliptic/p256_asm_amd64.s b/src/crypto/elliptic/p256_asm_amd64.s index 6c7bde16e5..ea4a6fab9a 100644 --- a/src/crypto/elliptic/p256_asm_amd64.s +++ b/src/crypto/elliptic/p256_asm_amd64.s @@ -1314,12 +1314,12 @@ TEXT p256SubInternal(SB),NOSPLIT,$0 ADCQ p256const0<>(SB), acc5 ADCQ $0, acc6 ADCQ p256const1<>(SB), acc7 - ADCQ $0, mul0 + ANDQ $1, mul0 - CMOVQNE acc0, acc4 - CMOVQNE acc1, acc5 - CMOVQNE acc2, acc6 - CMOVQNE acc3, acc7 + CMOVQEQ acc0, acc4 + CMOVQEQ acc1, acc5 + CMOVQEQ acc2, acc6 + CMOVQEQ acc3, acc7 RET /* ---------------------------------------*/ |