Adapted OpenSSL part to changes to IsElement

lumip · lumip · commit e6c70f755a73 · 2021-03-13T16:08:58.000+02:00
diff --git a/CompactCryptoGroupAlgebra.OpenSsl.Tests/EllipticCurves/EllipticCurveAlgebraTests.cs b/CompactCryptoGroupAlgebra.OpenSsl.Tests/EllipticCurves/EllipticCurveAlgebraTests.cs
@@ -167,7 +167,17 @@ public void TestIsElement()
             var point = new ECPoint(groupHandle);
             ECPointHandle.Multiply(groupHandle, point.Handle, new BigNumber(index).Handle, ECPointHandle.Null, BigNumberHandle.Null, ctx);
             
-            Assert.That(algebra.IsElement(point), "valid point not accepted!");
+            Assert.That(algebra.IsPotentialElement(point), "valid point not accepted by IsPotentialElement!");
+            Assert.That(algebra.IsSafeElement(point), "valid point not accepted by IsSafeElement!");
+        }
+
+        [Test]
+        public void TestIsElementForPointAtInfinity()
+        {
+            var algebra = new EllipticCurveAlgebra(EllipticCurveID.Prime256v1);
+
+            Assert.That(algebra.IsPotentialElement(algebra.NeutralElement), "point at infinity not accepted by IsPotentialElement!");
+            Assert.That(!algebra.IsSafeElement(algebra.NeutralElement), "point at infinity accepted by IsSafeElement!");
         }
 
         [Test]
diff --git a/CompactCryptoGroupAlgebra.OpenSsl.Tests/Multiplicative/MultiplicativeGroupAlgebraTests.cs b/CompactCryptoGroupAlgebra.OpenSsl.Tests/Multiplicative/MultiplicativeGroupAlgebraTests.cs
@@ -113,7 +113,8 @@ public void TestInvalidElementRejectedAsGenerator(int generatorInt)
         public void TestIsElementAcceptsValidElements(int elementInt)
         {
             var element = new BigNumber(elementInt);
-            Assert.That(groupAlgebra!.IsElement(element));
+            Assert.That(groupAlgebra!.IsPotentialElement(element));
+            Assert.That(groupAlgebra!.IsSafeElement(element));
         }
 
         [Test]
@@ -124,16 +125,26 @@ public void TestIsElementAcceptsValidElements(int elementInt)
         public void TestIsElementRejectsInvalidElementsOutOfBounds(int elementInt)
         {
             var element = new BigNumber(elementInt);
-            Assert.That(!groupAlgebra!.IsElement(element));
+            Assert.That(!groupAlgebra!.IsPotentialElement(element));
+            Assert.That(!groupAlgebra!.IsSafeElement(element));
         }
 
         [Test]
         [TestCase(1)]
         [TestCase(22)]
-        public void TestIsElementRejectsUnsafeElements(int elementInt)
+        public void TestIsElementForUnsafeElements(int elementInt)
         {
             var element = new BigNumber(elementInt);
-            Assert.That(!groupAlgebra!.IsElement(element));
+            Assert.That(groupAlgebra!.IsPotentialElement(element));
+            Assert.That(!groupAlgebra!.IsSafeElement(element));
+        }
+
+        [Test]
+        public void TestIsElementForNeutralElementAndNoCofactor()
+        {
+            var groupAlgebra = new MultiplicativeGroupAlgebra(BigPrime.CreateWithoutChecks(11), BigPrime.CreateWithoutChecks(10), 2);
+            Assert.That(groupAlgebra.IsPotentialElement(groupAlgebra.NeutralElement));
+            Assert.That(!groupAlgebra.IsSafeElement(groupAlgebra.NeutralElement));
         }
 
         [Test]
@@ -222,27 +233,14 @@ public void TestEqualsFalseForUnrelatedObject()
         public void TestEqualsFalseForOtherAlgebra()
         {
             var otherAlgebra = new MultiplicativeGroupAlgebra(
-                BigPrime.CreateWithoutChecks(59),
-                BigPrime.CreateWithoutChecks(29),
-                5
-            );
-            Assert.That(!groupAlgebra!.Equals(otherAlgebra));
-
-            otherAlgebra = new MultiplicativeGroupAlgebra(
-                BigPrime.CreateWithoutChecks(23),
-                BigPrime.CreateWithoutChecks(11),
-                8
-            );
-            Assert.That(!groupAlgebra!.Equals(otherAlgebra));
-
-            otherAlgebra = new MultiplicativeGroupAlgebra(
-                BigPrime.CreateWithoutChecks(23),
-                BigPrime.CreateWithoutChecks(23),
-                5
+                BigPrime.CreateWithoutChecks(2*53+1),
+                BigPrime.CreateWithoutChecks(53),
+                4
             );
-            Assert.That(!groupAlgebra!.Equals(otherAlgebra));
+            Assert.IsFalse(groupAlgebra!.Equals(otherAlgebra));
         }
 
+
         [Test]
         public void TestGetHashCodeSameForEqual()
         {
diff --git a/CompactCryptoGroupAlgebra.OpenSsl/EllipticCurves/EllipticCurveAlgebra.cs b/CompactCryptoGroupAlgebra.OpenSsl/EllipticCurves/EllipticCurveAlgebra.cs
@@ -190,7 +190,17 @@ public bool IsPotentialElement(ECPoint element)
         /// <inheritdocs />
         public bool IsSafeElement(ECPoint element)
         {
-            return IsPotentialElement(element);
+            if (!IsPotentialElement(element)) return false;
+
+            // verifying that the point is not from a small subgroup of the whole curve (and thus outside
+            // of the safe subgroup over which operations are considered)
+            using (var cofactorBignum = new BigNumber(Cofactor))
+            {
+                var check = MultiplyScalar(element, SecureBigNumber.FromBigNumber(new BigNumber(Cofactor)));
+                if (check.IsAtInfinity)
+                    return false;
+            }
+            return true;
         }
 
         /// <inheritdocs />
diff --git a/CompactCryptoGroupAlgebra.OpenSsl/Multiplicative/MultiplicativeGroupAlgebra.cs b/CompactCryptoGroupAlgebra.OpenSsl/Multiplicative/MultiplicativeGroupAlgebra.cs
@@ -109,20 +109,18 @@ public bool IsPotentialElement(BigNumber element)
             return true;
         }
 
+        /// <inheritdocs />
         public bool IsSafeElement(BigNumber element)
         {
             if (!IsPotentialElement(element)) return false;
-            
+
             // verifying that the point is not from a small subgroup of the whole curve (and thus outside
             // of the safe subgroup over which operations are considered)
-            if (Cofactor > 1)
+            using (var cofactorBignum = new BigNumber(Cofactor))
             {
-                using (var cofactorBignum = new BigNumber(Cofactor))
-                {
-                    var check = element.ModExp(cofactorBignum, _modulo);
-                    if (check.Equals(NeutralElement))
-                        return false;
-                }
+                var check = element.ModExp(cofactorBignum, _modulo);
+                if (check.Equals(NeutralElement))
+                    return false;
             }
             return true;
         }

Original file line number	Diff line number	Diff line change
`@@ -109,20 +109,18 @@ public bool IsPotentialElement(BigNumber element)`
`109`	`109`	`return true;`
`110`	`110`	`}`
`111`	`111`
	`112`	`+ /// <inheritdocs />`
`112`	`113`	`public bool IsSafeElement(BigNumber element)`
`113`	`114`	`{`
`114`	`115`	`if (!IsPotentialElement(element)) return false;`
`115`		`-`
	`116`	`+`
`116`	`117`	`// verifying that the point is not from a small subgroup of the whole curve (and thus outside`
`117`	`118`	`// of the safe subgroup over which operations are considered)`
`118`		`- if (Cofactor > 1)`
	`119`	`+ using (var cofactorBignum = new BigNumber(Cofactor))`
`119`	`120`	`{`
`120`		`- using (var cofactorBignum = new BigNumber(Cofactor))`
`121`		`- {`
`122`		`- var check = element.ModExp(cofactorBignum, _modulo);`
`123`		`- if (check.Equals(NeutralElement))`
`124`		`- return false;`
`125`		`- }`
	`121`	`+ var check = element.ModExp(cofactorBignum, _modulo);`
	`122`	`+ if (check.Equals(NeutralElement))`
	`123`	`+ return false;`
`126`	`124`	`}`
`127`	`125`	`return true;`
`128`	`126`	`}`