xref: /freebsd/sys/contrib/libsodium/test/default/scalarmult_ed25519.c (revision 3611ec604864a7d4dcc9a3ea898c80eb35eef8a0) 
1*0ac341f1SConrad Meyer #define TEST_NAME "scalarmult_ed25519"
2*0ac341f1SConrad Meyer #include "cmptest.h"
3*0ac341f1SConrad Meyer 
4*0ac341f1SConrad Meyer static const unsigned char non_canonical_p[32] = {
5*0ac341f1SConrad Meyer     0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6*0ac341f1SConrad Meyer     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
7*0ac341f1SConrad Meyer };
8*0ac341f1SConrad Meyer static const unsigned char non_canonical_invalid_p[32] = {
9*0ac341f1SConrad Meyer     0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
10*0ac341f1SConrad Meyer     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
11*0ac341f1SConrad Meyer };
12*0ac341f1SConrad Meyer static const unsigned char max_canonical_p[32] = {
13*0ac341f1SConrad Meyer     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
14*0ac341f1SConrad Meyer     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
15*0ac341f1SConrad Meyer };
16*0ac341f1SConrad Meyer 
17*0ac341f1SConrad Meyer static const unsigned char B[32] = {
18*0ac341f1SConrad Meyer     0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
19*0ac341f1SConrad Meyer     0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
20*0ac341f1SConrad Meyer };
21*0ac341f1SConrad Meyer 
22*0ac341f1SConrad Meyer int
main(void)23*0ac341f1SConrad Meyer main(void)
24*0ac341f1SConrad Meyer {
25*0ac341f1SConrad Meyer     unsigned char *n, *p, *q, *q2;
26*0ac341f1SConrad Meyer 
27*0ac341f1SConrad Meyer     n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
28*0ac341f1SConrad Meyer     p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
29*0ac341f1SConrad Meyer     q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
30*0ac341f1SConrad Meyer     q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
31*0ac341f1SConrad Meyer 
32*0ac341f1SConrad Meyer     randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES);
33*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
34*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519_base() failed\n");
35*0ac341f1SConrad Meyer     }
36*0ac341f1SConrad Meyer     memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
37*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
38*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() failed\n");
39*0ac341f1SConrad Meyer     }
40*0ac341f1SConrad Meyer     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
41*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n");
42*0ac341f1SConrad Meyer     }
43*0ac341f1SConrad Meyer 
44*0ac341f1SConrad Meyer     memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
45*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519_base(q, n) != -1) {
46*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519_base(0) failed\n");
47*0ac341f1SConrad Meyer     }
48*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
49*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519(0) passed\n");
50*0ac341f1SConrad Meyer     }
51*0ac341f1SConrad Meyer 
52*0ac341f1SConrad Meyer     n[0] = 1;
53*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
54*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519_base() failed\n");
55*0ac341f1SConrad Meyer     }
56*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
57*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() passed\n");
58*0ac341f1SConrad Meyer     }
59*0ac341f1SConrad Meyer 
60*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
61*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() didn't fail\n");
62*0ac341f1SConrad Meyer     }
63*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) {
64*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() didn't fail\n");
65*0ac341f1SConrad Meyer     }
66*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) {
67*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() failed\n");
68*0ac341f1SConrad Meyer     }
69*0ac341f1SConrad Meyer 
70*0ac341f1SConrad Meyer     memset(p, 0, crypto_scalarmult_ed25519_BYTES);
71*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
72*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() didn't fail\n");
73*0ac341f1SConrad Meyer     }
74*0ac341f1SConrad Meyer     n[0] = 8;
75*0ac341f1SConrad Meyer     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
76*0ac341f1SConrad Meyer         printf("crypto_scalarmult_ed25519() didn't fail\n");
77*0ac341f1SConrad Meyer     }
78*0ac341f1SConrad Meyer 
79*0ac341f1SConrad Meyer     sodium_free(q2);
80*0ac341f1SConrad Meyer     sodium_free(q);
81*0ac341f1SConrad Meyer     sodium_free(p);
82*0ac341f1SConrad Meyer     sodium_free(n);
83*0ac341f1SConrad Meyer 
84*0ac341f1SConrad Meyer     assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes());
85*0ac341f1SConrad Meyer     assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes());
86*0ac341f1SConrad Meyer 
87*0ac341f1SConrad Meyer     printf("OK\n");
88*0ac341f1SConrad Meyer 
89*0ac341f1SConrad Meyer     return 0;
90*0ac341f1SConrad Meyer }
91