rpms / libsodium

Clone
Source Code
GIT

Blame SOURCES/libsodium-1.0.18/test/default/core_ed25519.c

c10s-sig-cloud-openstack-epoxy c9s-sig-cloud-openstack-xena
  1.   77578435c5d4664a1caf811b19b0353ae5f5f564
  2.   SOURCES
  3.   libsodium-1.0.18
  4.   test
  5.   default
  6.   core_ed25519.c
Blob History Raw
rdobuilder 775784 
#define TEST_NAME "core_ed25519"
rdobuilder 775784 
#include "cmptest.h"
rdobuilder 775784
rdobuilder 775784 
static const unsigned char non_canonical_p[32] = {
rdobuilder 775784 
    0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
rdobuilder 775784 
};
rdobuilder 775784 
static const unsigned char non_canonical_invalid_p[32] = {
rdobuilder 775784 
    0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
rdobuilder 775784 
};
rdobuilder 775784 
static const unsigned char max_canonical_p[32] = {
rdobuilder 775784 
    0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
rdobuilder 775784 
};
rdobuilder 775784
rdobuilder 775784 
static void
rdobuilder 775784 
add_P(unsigned char * const S)
rdobuilder 775784 
{
rdobuilder 775784 
    static const unsigned char P[32] = {
rdobuilder 775784 
        0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
rdobuilder 775784 
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
rdobuilder 775784 
    };
rdobuilder 775784
rdobuilder 775784 
    sodium_add(S, P, sizeof P);
rdobuilder 775784 
}
rdobuilder 775784
rdobuilder 775784 
static void
rdobuilder 775784 
add_l64(unsigned char * const S)
rdobuilder 775784 
{
rdobuilder 775784 
    static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
rdobuilder 775784 
      { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
rdobuilder 775784 
        0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
rdobuilder 775784 
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
rdobuilder 775784 
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
rdobuilder 775784 
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
rdobuilder 775784 
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
rdobuilder 775784
rdobuilder 775784 
    sodium_add(S, l, sizeof l);
rdobuilder 775784 
}
rdobuilder 775784
rdobuilder 775784 
int
rdobuilder 775784 
main(void)
rdobuilder 775784 
{
rdobuilder 775784 
    unsigned char *h, *r;
rdobuilder 775784 
    unsigned char *p, *p2, *p3;
rdobuilder 775784 
    unsigned char *sc, *sc2, *sc3;
rdobuilder 775784 
    unsigned char *sc64;
rdobuilder 775784 
    char          *hex;
rdobuilder 775784 
    unsigned int   i, j;
rdobuilder 775784
rdobuilder 775784 
    h = (unsigned char *) sodium_malloc(crypto_core_ed25519_HASHBYTES);
rdobuilder 775784 
    r = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES);
rdobuilder 775784 
    p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
rdobuilder 775784 
    for (i = 0; i < 500; i++) {
rdobuilder 775784 
        randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
rdobuilder 775784 
        if (crypto_core_ed25519_from_uniform(p, r) != 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_from_uniform() failed\n");
rdobuilder 775784 
        }
rdobuilder 775784 
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_from_uniform() returned an invalid point\n");
rdobuilder 775784 
        }
rdobuilder 775784
rdobuilder 775784 
        randombytes_buf(h, crypto_core_ed25519_HASHBYTES);
rdobuilder 775784 
        if (crypto_core_ed25519_from_hash(p, h) != 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_from_hash() failed\n");
rdobuilder 775784 
        }
rdobuilder 775784 
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_from_hash() returned an invalid point\n");
rdobuilder 775784 
        }
rdobuilder 775784
rdobuilder 775784 
        crypto_core_ed25519_random(p);
rdobuilder 775784 
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_random() returned an invalid point\n");
rdobuilder 775784 
        }
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    p2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
rdobuilder 775784 
    p3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
rdobuilder 775784
rdobuilder 775784 
    crypto_core_ed25519_random(p2);
rdobuilder 775784
rdobuilder 775784 
    j = 1 + (unsigned int) randombytes_uniform(100);
rdobuilder 775784 
    memcpy(p3, p, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    for (i = 0; i < j; i++) {
rdobuilder 775784 
        crypto_core_ed25519_add(p, p, p2);
rdobuilder 775784 
        if (crypto_core_ed25519_is_valid_point(p) != 1) {
rdobuilder 775784 
            printf("crypto_core_add() returned an invalid point\n");
rdobuilder 775784 
        }
rdobuilder 775784 
    }
rdobuilder 775784 
    if (memcmp(p, p3, crypto_core_ed25519_BYTES) == 0) {
rdobuilder 775784 
        printf("crypto_core_add() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    for (i = 0; i < j; i++) {
rdobuilder 775784 
        crypto_core_ed25519_sub(p, p, p2);
rdobuilder 775784 
    }
rdobuilder 775784 
    if (memcmp(p, p3, crypto_core_ed25519_BYTES) != 0) {
rdobuilder 775784 
        printf("crypto_core_add() or crypto_core_sub() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    sc = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
rdobuilder 775784 
    memset(sc, 0, crypto_scalarmult_ed25519_SCALARBYTES);
rdobuilder 775784 
    sc[0] = 8;
rdobuilder 775784 
    memcpy(p2, p, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    memcpy(p3, p, crypto_core_ed25519_BYTES);
rdobuilder 775784
rdobuilder 775784 
    for (i = 0; i < 254; i++) {
rdobuilder 775784 
        crypto_core_ed25519_add(p2, p2, p2);
rdobuilder 775784 
    }
rdobuilder 775784 
    for (i = 0; i < 8; i++) {
rdobuilder 775784 
        crypto_core_ed25519_add(p2, p2, p);
rdobuilder 775784 
    }
rdobuilder 775784 
    if (crypto_scalarmult_ed25519(p3, sc, p) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    if (memcmp(p2, p3, crypto_core_ed25519_BYTES) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519() is inconsistent with crypto_core_ed25519_add()\n");
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(p) == 1);
rdobuilder 775784
rdobuilder 775784 
    memset(p, 0, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(p) == 0);
rdobuilder 775784
rdobuilder 775784 
    p[0] = 1;
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(p) == 0);
rdobuilder 775784
rdobuilder 775784 
    p[0] = 2;
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(p) == 0);
rdobuilder 775784
rdobuilder 775784 
    p[0] = 9;
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(p) == 1);
rdobuilder 775784
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
rdobuilder 775784 
    assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);
rdobuilder 775784
rdobuilder 775784 
    memcpy(p2, p, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    add_P(p2);
rdobuilder 775784 
    crypto_core_ed25519_add(p3, p2, p2);
rdobuilder 775784 
    crypto_core_ed25519_sub(p3, p3, p2);
rdobuilder 775784 
    assert(memcmp(p2, p, crypto_core_ed25519_BYTES) != 0);
rdobuilder 775784 
    assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
rdobuilder 775784
rdobuilder 775784 
    p[0] = 2;
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, p2, p) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, p2, non_canonical_p) == 0);
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, p2, non_canonical_invalid_p) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, p, p3) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, non_canonical_p, p3) == 0);
rdobuilder 775784 
    assert(crypto_core_ed25519_add(p3, non_canonical_invalid_p, p3) == -1);
rdobuilder 775784
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, p2, p) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_p) == 0);
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_invalid_p) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, p, p3) == -1);
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, non_canonical_p, p3) == 0);
rdobuilder 775784 
    assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1);
rdobuilder 775784
rdobuilder 775784 
    for (i = 0; i < 1000; i++) {
rdobuilder 775784 
        crypto_core_ed25519_random(p);
rdobuilder 775784 
        do {
rdobuilder 775784 
            crypto_core_ed25519_scalar_random(sc);
rdobuilder 775784 
        } while (sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784 
        if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) {
rdobuilder 775784 
            printf("crypto_scalarmult_ed25519_noclamp() failed\n");
rdobuilder 775784 
        }
rdobuilder 775784 
        assert(crypto_core_ed25519_is_valid_point(p2));
rdobuilder 775784 
        if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
rdobuilder 775784 
            printf("crypto_core_ed25519_scalar_invert() failed\n");
rdobuilder 775784 
        }
rdobuilder 775784 
        if (crypto_scalarmult_ed25519_noclamp(p3, sc, p2) != 0) {
rdobuilder 775784 
            printf("crypto_scalarmult_ed25519_noclamp() failed\n");
rdobuilder 775784 
        }
rdobuilder 775784 
        assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    sc64 = (unsigned char *) sodium_malloc(64);
rdobuilder 775784 
    crypto_core_ed25519_scalar_random(sc);
rdobuilder 775784 
    memcpy(sc64, sc, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    memset(sc64 + crypto_core_ed25519_BYTES, 0,
rdobuilder 775784 
           64 - crypto_core_ed25519_BYTES);
rdobuilder 775784 
    i = (unsigned int) randombytes_uniform(100);
rdobuilder 775784 
    do {
rdobuilder 775784 
        add_l64(sc64);
rdobuilder 775784 
    } while (i-- > 0);
rdobuilder 775784 
    crypto_core_ed25519_scalar_reduce(sc64, sc64);
rdobuilder 775784 
    if (memcmp(sc64, sc, crypto_core_ed25519_BYTES) != 0) {
rdobuilder 775784 
        printf("crypto_core_ed25519_scalar_reduce() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
rdobuilder 775784 
    crypto_core_ed25519_from_uniform(p, r);
rdobuilder 775784 
    memcpy(p2, p, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    crypto_core_ed25519_scalar_random(sc);
rdobuilder 775784 
    if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519_noclamp() failed (1)\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_complement(sc, sc);
rdobuilder 775784 
    if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519_noclamp() failed (2)\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_add(p3, p, p2);
rdobuilder 775784 
    crypto_core_ed25519_from_uniform(p, r);
rdobuilder 775784 
    crypto_core_ed25519_sub(p, p, p3);
rdobuilder 775784 
    assert(p[0] == 0x01);
rdobuilder 775784 
    for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
rdobuilder 775784 
        assert(p[i] == 0);
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    crypto_core_ed25519_random(p);
rdobuilder 775784 
    memcpy(p2, p, crypto_core_ed25519_BYTES);
rdobuilder 775784 
    crypto_core_ed25519_scalar_random(sc);
rdobuilder 775784 
    if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519_noclamp() failed (3)\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_negate(sc, sc);
rdobuilder 775784 
    if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
rdobuilder 775784 
        printf("crypto_scalarmult_ed25519_noclamp() failed (4)\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_add(p, p, p2);
rdobuilder 775784 
    assert(p[0] == 0x01);
rdobuilder 775784 
    for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
rdobuilder 775784 
        assert(p[i] == 0);
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    hex = (char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1);
rdobuilder 775784
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 255 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
rdobuilder 775784 
        printf("crypto_core_ed25519_scalar_invert() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("inv1: %s\n", hex);
rdobuilder 775784 
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
rdobuilder 775784 
        printf("crypto_core_ed25519_scalar_invert() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("inv2: %s\n", hex);
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 32 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
rdobuilder 775784 
        printf("crypto_core_ed25519_scalar_invert() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("inv3: %s\n", hex);
rdobuilder 775784 
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
rdobuilder 775784 
        printf("crypto_core_ed25519_scalar_invert() failed\n");
rdobuilder 775784 
    }
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("inv4: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 255 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_negate(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("neg1: %s\n", hex);
rdobuilder 775784 
    crypto_core_ed25519_scalar_negate(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("neg2: %s\n", hex);
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 32 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_negate(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("neg3: %s\n", hex);
rdobuilder 775784 
    crypto_core_ed25519_scalar_negate(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("neg4: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 255 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_complement(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("comp1: %s\n", hex);
rdobuilder 775784 
    crypto_core_ed25519_scalar_complement(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("comp2: %s\n", hex);
rdobuilder 775784 
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
rdobuilder 775784 
        sc[i] = 32 - i;
rdobuilder 775784 
    }
rdobuilder 775784 
    crypto_core_ed25519_scalar_complement(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("comp3: %s\n", hex);
rdobuilder 775784 
    crypto_core_ed25519_scalar_complement(sc, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("comp4: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    sc2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    sc3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    for (i = 0; i < 1000; i++) {
rdobuilder 775784 
        randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
        randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
        sc[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
rdobuilder 775784 
        sc2[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
rdobuilder 775784 
        crypto_core_ed25519_scalar_add(sc3, sc, sc2);
rdobuilder 775784 
        assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784 
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc2);
rdobuilder 775784 
        assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784 
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
rdobuilder 775784 
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784 
    }
rdobuilder 775784
rdobuilder 775784 
    memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    crypto_core_ed25519_scalar_add(sc, sc, sc2);
rdobuilder 775784 
    crypto_core_ed25519_scalar_add(sc, sc2, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("add1: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    crypto_core_ed25519_scalar_sub(sc, sc2, sc);
rdobuilder 775784 
    crypto_core_ed25519_scalar_sub(sc, sc, sc2);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("sub1: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    memset(sc, 0xcd, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    crypto_core_ed25519_scalar_add(sc, sc, sc2);
rdobuilder 775784 
    crypto_core_ed25519_scalar_add(sc, sc2, sc);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("add2: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    crypto_core_ed25519_scalar_sub(sc, sc2, sc);
rdobuilder 775784 
    crypto_core_ed25519_scalar_sub(sc, sc, sc2);
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("sub2: %s\n", hex);
rdobuilder 775784
rdobuilder 775784 
    memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    for (i = 0; i < 100; i++) {
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc, sc, sc2);
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc2, sc, sc2);
rdobuilder 775784 
    }
rdobuilder 775784 
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
rdobuilder 775784 
                   sc2, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    printf("mul: %s\n", hex);
rdobuilder 775784 
    for (i = 0; i < 1000; i++) {
rdobuilder 775784 
        crypto_core_ed25519_scalar_random(sc);
rdobuilder 775784 
        memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
rdobuilder 775784 
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784
rdobuilder 775784 
        sc2[0]++;
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
rdobuilder 775784 
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
rdobuilder 775784
rdobuilder 775784 
        sc2[0]++;
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
rdobuilder 775784 
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
rdobuilder 775784 
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
rdobuilder 775784 
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784
rdobuilder 775784 
        do {
rdobuilder 775784 
            crypto_core_ed25519_scalar_random(sc2);
rdobuilder 775784 
        } while (sodium_is_zero(sc2, crypto_core_ed25519_SCALARBYTES));
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
rdobuilder 775784 
        crypto_core_ed25519_scalar_invert(sc2, sc2);
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);
rdobuilder 775784 
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
rdobuilder 775784
rdobuilder 775784 
        sc[31] |= 0x11;
rdobuilder 775784 
        memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
        sc2[0] = 1;
rdobuilder 775784 
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
rdobuilder 775784 
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
rdobuilder 775784 
    }
rdobuilder 775784 
    sodium_free(hex);
rdobuilder 775784 
    sodium_free(sc64);
rdobuilder 775784 
    sodium_free(sc3);
rdobuilder 775784 
    sodium_free(sc2);
rdobuilder 775784 
    sodium_free(sc);
rdobuilder 775784 
    sodium_free(p3);
rdobuilder 775784 
    sodium_free(p2);
rdobuilder 775784 
    sodium_free(p);
rdobuilder 775784 
    sodium_free(r);
rdobuilder 775784 
    sodium_free(h);
rdobuilder 775784
rdobuilder 775784 
    assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
rdobuilder 775784 
    assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes());
rdobuilder 775784 
    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes());
rdobuilder 775784 
    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES);
rdobuilder 775784 
    assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
rdobuilder 775784 
    assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);
rdobuilder 775784 
    assert(crypto_core_ed25519_HASHBYTES == crypto_core_ed25519_hashbytes());
rdobuilder 775784 
    assert(crypto_core_ed25519_HASHBYTES >= 2 * crypto_core_ed25519_BYTES);
rdobuilder 775784
rdobuilder 775784 
    printf("OK\n");
rdobuilder 775784
rdobuilder 775784 
    return 0;
rdobuilder 775784 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation