xref: /freebsd/sys/contrib/libsodium/test/default/ed25519_convert.c (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
1 
2 #define TEST_NAME "ed25519_convert"
3 #include "cmptest.h"
4 
5 static const unsigned char keypair_seed[crypto_sign_ed25519_SEEDBYTES] = {
6     0x42, 0x11, 0x51, 0xa4, 0x59, 0xfa, 0xea, 0xde, 0x3d, 0x24, 0x71,
7     0x15, 0xf9, 0x4a, 0xed, 0xae, 0x42, 0x31, 0x81, 0x24, 0x09, 0x5a,
8     0xfa, 0xbe, 0x4d, 0x14, 0x51, 0xa5, 0x59, 0xfa, 0xed, 0xee
9 };
10 
11 int
12 main(void)
13 {
14     unsigned char ed25519_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
15     unsigned char ed25519_skpk[crypto_sign_ed25519_SECRETKEYBYTES];
16     unsigned char curve25519_pk[crypto_scalarmult_curve25519_BYTES];
17     unsigned char curve25519_pk2[crypto_scalarmult_curve25519_BYTES];
18     unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES];
19     char          curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
20     char          curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
21     unsigned char hseed[crypto_hash_sha512_BYTES];
22     unsigned int  i;
23 
24     assert(crypto_sign_ed25519_SEEDBYTES <= crypto_hash_sha512_BYTES);
25 #ifdef ED25519_NONDETERMINISTIC
26     crypto_hash_sha512(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
27 #else
28     memcpy(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
29 #endif
30     crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, hseed);
31 
32     if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) != 0) {
33         printf("conversion failed\n");
34     }
35     crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
36     sodium_bin2hex(curve25519_pk_hex, sizeof curve25519_pk_hex, curve25519_pk,
37                    sizeof curve25519_pk);
38     sodium_bin2hex(curve25519_sk_hex, sizeof curve25519_sk_hex, curve25519_sk,
39                    sizeof curve25519_sk);
40 
41     printf("curve25519 pk: [%s]\n", curve25519_pk_hex);
42     printf("curve25519 sk: [%s]\n", curve25519_sk_hex);
43 
44     for (i = 0U; i < 500U; i++) {
45         crypto_sign_ed25519_keypair(ed25519_pk, ed25519_skpk);
46         if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) !=
47             0) {
48             printf("conversion failed\n");
49         }
50         crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
51         crypto_scalarmult_curve25519_base(curve25519_pk2, curve25519_sk);
52         if (memcmp(curve25519_pk, curve25519_pk2, sizeof curve25519_pk) != 0) {
53             printf("conversion failed\n");
54         }
55     }
56 
57     sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
58                    "0000000000000000000000000000000000000000000000000000000000000000"
59                    "0000000000000000000000000000000000000000000000000000000000000000",
60                    64, NULL, NULL, NULL);
61     assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
62     sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
63                    "0200000000000000000000000000000000000000000000000000000000000000"
64                    "0000000000000000000000000000000000000000000000000000000000000000",
65                    64, NULL, NULL, NULL);
66     assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
67     sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
68                    "0500000000000000000000000000000000000000000000000000000000000000"
69                    "0000000000000000000000000000000000000000000000000000000000000000",
70                    64, NULL, NULL, NULL);
71     assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
72 
73     printf("ok\n");
74 
75     return 0;
76 }
77