+static void
+test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
+{
+ int curve;
+ br_hmac_drbg_context rng;
+
+ printf("Test %s keygen: ", name);
+ fflush(stdout);
+
+ br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
+ br_hmac_drbg_update(&rng, name, strlen(name));
+
+ for (curve = -1; curve <= 35; curve ++) {
+ br_ec_private_key sk;
+ br_ec_public_key pk;
+ unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
+ unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
+
+ if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
+ if (br_ec_keygen(&rng.vtable, impl,
+ &sk, kbuf_priv, curve) != 0)
+ {
+ fprintf(stderr, "br_ec_keygen() did not"
+ " reject unsupported curve %d\n",
+ curve);
+ exit(EXIT_FAILURE);
+ }
+ sk.curve = curve;
+ if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
+ fprintf(stderr, "br_ec_keygen() did not"
+ " reject unsupported curve %d\n",
+ curve);
+ exit(EXIT_FAILURE);
+ }
+ } else {
+ size_t len, u;
+ unsigned char tmp_priv[sizeof kbuf_priv];
+ unsigned char tmp_pub[sizeof kbuf_pub];
+ unsigned z;
+
+ len = br_ec_keygen(&rng.vtable, impl,
+ NULL, NULL, curve);
+ if (len == 0) {
+ fprintf(stderr, "br_ec_keygen() rejects"
+ " supported curve %d\n", curve);
+ exit(EXIT_FAILURE);
+ }
+ if (len > sizeof kbuf_priv) {
+ fprintf(stderr, "oversized kbuf_priv\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(kbuf_priv, 0, sizeof kbuf_priv);
+ if (br_ec_keygen(&rng.vtable, impl,
+ NULL, kbuf_priv, curve) != len)
+ {
+ fprintf(stderr, "kbuf_priv length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ z = 0;
+ for (u = 0; u < len; u ++) {
+ z |= kbuf_priv[u];
+ }
+ if (z == 0) {
+ fprintf(stderr, "kbuf_priv not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+ for (u = len; u < sizeof kbuf_priv; u ++) {
+ if (kbuf_priv[u] != 0) {
+ fprintf(stderr, "kbuf_priv overflow\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (br_ec_keygen(&rng.vtable, impl,
+ NULL, tmp_priv, curve) != len)
+ {
+ fprintf(stderr, "tmp_priv length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
+ fprintf(stderr, "keygen stutter\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(&sk, 0, sizeof sk);
+ if (br_ec_keygen(&rng.vtable, impl,
+ &sk, kbuf_priv, curve) != len)
+ {
+ fprintf(stderr,
+ "kbuf_priv length mismatch (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ if (sk.curve != curve || sk.x != kbuf_priv
+ || sk.xlen != len)
+ {
+ fprintf(stderr, "sk not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+
+ len = br_ec_compute_pub(impl, NULL, NULL, &sk);
+ if (len > sizeof kbuf_pub) {
+ fprintf(stderr, "oversized kbuf_pub\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(kbuf_pub, 0, sizeof kbuf_pub);
+ if (br_ec_compute_pub(impl, NULL,
+ kbuf_pub, &sk) != len)
+ {
+ fprintf(stderr, "kbuf_pub length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ for (u = len; u < sizeof kbuf_pub; u ++) {
+ if (kbuf_pub[u] != 0) {
+ fprintf(stderr, "kbuf_pub overflow\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ memset(&pk, 0, sizeof pk);
+ if (br_ec_compute_pub(impl, &pk,
+ tmp_pub, &sk) != len)
+ {
+ fprintf(stderr, "tmp_pub length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
+ fprintf(stderr, "pubkey mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (pk.curve != curve || pk.q != tmp_pub
+ || pk.qlen != len)
+ {
+ fprintf(stderr, "pk not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (impl->mulgen(kbuf_pub,
+ sk.x, sk.xlen, curve) != len
+ || memcmp(pk.q, kbuf_pub, len) != 0)
+ {
+ fprintf(stderr, "wrong pubkey\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+