xref: /freebsd/sys/contrib/libsodium/test/default/scalarmult_ed25519.c (revision f81cdf24ba5436367377f7c8e8f51f6df2a75ca7) 
1 #define TEST_NAME "scalarmult_ed25519"
2 #include "cmptest.h"
3 
4 static const unsigned char non_canonical_p[32] = {
5     0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
7 };
8 static const unsigned char non_canonical_invalid_p[32] = {
9     0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
10     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
11 };
12 static const unsigned char max_canonical_p[32] = {
13     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
14     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
15 };
16 
17 static const unsigned char B[32] = {
18     0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
19     0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
20 };
21 
22 int
23 main(void)
24 {
25     unsigned char *n, *p, *q, *q2;
26 
27     n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
28     p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
29     q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
30     q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
31 
32     randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES);
33     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
34         printf("crypto_scalarmult_ed25519_base() failed\n");
35     }
36     memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
37     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
38         printf("crypto_scalarmult_ed25519() failed\n");
39     }
40     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
41         printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n");
42     }
43 
44     memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
45     if (crypto_scalarmult_ed25519_base(q, n) != -1) {
46         printf("crypto_scalarmult_ed25519_base(0) failed\n");
47     }
48     if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
49         printf("crypto_scalarmult_ed25519(0) passed\n");
50     }
51 
52     n[0] = 1;
53     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
54         printf("crypto_scalarmult_ed25519_base() failed\n");
55     }
56     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
57         printf("crypto_scalarmult_ed25519() passed\n");
58     }
59 
60     if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
61         printf("crypto_scalarmult_ed25519() didn't fail\n");
62     }
63     if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) {
64         printf("crypto_scalarmult_ed25519() didn't fail\n");
65     }
66     if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) {
67         printf("crypto_scalarmult_ed25519() failed\n");
68     }
69 
70     memset(p, 0, crypto_scalarmult_ed25519_BYTES);
71     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
72         printf("crypto_scalarmult_ed25519() didn't fail\n");
73     }
74     n[0] = 8;
75     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
76         printf("crypto_scalarmult_ed25519() didn't fail\n");
77     }
78 
79     sodium_free(q2);
80     sodium_free(q);
81     sodium_free(p);
82     sodium_free(n);
83 
84     assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes());
85     assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes());
86 
87     printf("OK\n");
88 
89     return 0;
90 }
91