1 #define TEST_NAME "scalarmult_ed25519" 2 #include "cmptest.h" 3 4 static const unsigned char non_canonical_p[32] = { 5 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 6 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f 7 }; 8 static const unsigned char non_canonical_invalid_p[32] = { 9 0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 10 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f 11 }; 12 static const unsigned char max_canonical_p[32] = { 13 0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 14 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f 15 }; 16 17 static const unsigned char B[32] = { 18 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 19 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66 20 }; 21 22 int 23 main(void) 24 { 25 unsigned char *n, *p, *q, *q2; 26 27 n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES); 28 p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); 29 q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); 30 q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); 31 32 randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES); 33 if (crypto_scalarmult_ed25519_base(q, n) != 0) { 34 printf("crypto_scalarmult_ed25519_base() failed\n"); 35 } 36 memcpy(p, B, crypto_scalarmult_ed25519_BYTES); 37 if (crypto_scalarmult_ed25519(q2, n, p) != 0) { 38 printf("crypto_scalarmult_ed25519() failed\n"); 39 } 40 if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) { 41 printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n"); 42 } 43 44 memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES); 45 if (crypto_scalarmult_ed25519_base(q, n) != -1) { 46 printf("crypto_scalarmult_ed25519_base(0) failed\n"); 47 } 48 if (crypto_scalarmult_ed25519(q2, n, p) != -1) { 49 printf("crypto_scalarmult_ed25519(0) passed\n"); 50 } 51 52 n[0] = 1; 53 if (crypto_scalarmult_ed25519_base(q, n) != 0) { 54 printf("crypto_scalarmult_ed25519_base() failed\n"); 55 } 56 if (crypto_scalarmult_ed25519(q2, n, p) != 0) { 57 printf("crypto_scalarmult_ed25519() passed\n"); 58 } 59 60 if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) { 61 printf("crypto_scalarmult_ed25519() didn't fail\n"); 62 } 63 if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) { 64 printf("crypto_scalarmult_ed25519() didn't fail\n"); 65 } 66 if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) { 67 printf("crypto_scalarmult_ed25519() failed\n"); 68 } 69 70 memset(p, 0, crypto_scalarmult_ed25519_BYTES); 71 if (crypto_scalarmult_ed25519(q, n, p) != -1) { 72 printf("crypto_scalarmult_ed25519() didn't fail\n"); 73 } 74 n[0] = 8; 75 if (crypto_scalarmult_ed25519(q, n, p) != -1) { 76 printf("crypto_scalarmult_ed25519() didn't fail\n"); 77 } 78 79 sodium_free(q2); 80 sodium_free(q); 81 sodium_free(p); 82 sodium_free(n); 83 84 assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes()); 85 assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes()); 86 87 printf("OK\n"); 88 89 return 0; 90 } 91