quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

core_ristretto255.c (11705B)

      1 #define TEST_NAME "core_ristretto255"
      2 #include "cmptest.h"
      3 
      4 static void
      5 tv1(void)
      6 {
      7     static const char *bad_encodings_hex[] = {
      8         /* Non-canonical field encodings */
      9         "00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
     10         "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
     11         "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
     12         "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
     13         "0100000000000000000000000000000000000000000000000000000000000080",
     14 
     15         /* Negative field elements */
     16         "0100000000000000000000000000000000000000000000000000000000000000",
     17         "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
     18         "ed57ffd8c914fb201471d1c3d245ce3c746fcbe63a3679d51b6a516ebebe0e20",
     19         "c34c4e1826e5d403b78e246e88aa051c36ccf0aafebffe137d148a2bf9104562",
     20         "c940e5a4404157cfb1628b108db051a8d439e1a421394ec4ebccb9ec92a8ac78",
     21         "47cfc5497c53dc8e61c91d17fd626ffb1c49e2bca94eed052281b510b1117a24",
     22         "f1c6165d33367351b0da8f6e4511010c68174a03b6581212c71c0e1d026c3c72",
     23         "87260f7a2f12495118360f02c26a470f450dadf34a413d21042b43b9d93e1309",
     24 
     25         /* Non-square x^2 */
     26         "26948d35ca62e643e26a83177332e6b6afeb9d08e4268b650f1f5bbd8d81d371",
     27         "4eac077a713c57b4f4397629a4145982c661f48044dd3f96427d40b147d9742f",
     28         "de6a7b00deadc788eb6b6c8d20c0ae96c2f2019078fa604fee5b87d6e989ad7b",
     29         "bcab477be20861e01e4a0e295284146a510150d9817763caf1a6f4b422d67042",
     30         "2a292df7e32cababbd9de088d1d1abec9fc0440f637ed2fba145094dc14bea08",
     31         "f4a9e534fc0d216c44b218fa0c42d99635a0127ee2e53c712f70609649fdff22",
     32         "8268436f8c4126196cf64b3c7ddbda90746a378625f9813dd9b8457077256731",
     33         "2810e5cbc2cc4d4eece54f61c6f69758e289aa7ab440b3cbeaa21995c2f4232b",
     34 
     35         /* Negative xy value */
     36         "3eb858e78f5a7254d8c9731174a94f76755fd3941c0ac93735c07ba14579630e",
     37         "a45fdc55c76448c049a1ab33f17023edfb2be3581e9c7aade8a6125215e04220",
     38         "d483fe813c6ba647ebbfd3ec41adca1c6130c2beeee9d9bf065c8d151c5f396e",
     39         "8a2e1d30050198c65a54483123960ccc38aef6848e1ec8f5f780e8523769ba32",
     40         "32888462f8b486c68ad7dd9610be5192bbeaf3b443951ac1a8118419d9fa097b",
     41         "227142501b9d4355ccba290404bde41575b037693cef1f438c47f8fbf35d1165",
     42         "5c37cc491da847cfeb9281d407efc41e15144c876e0170b499a96a22ed31e01e",
     43         "445425117cb8c90edcbc7c1cc0e74f747f2c1efa5630a967c64f287792a48a4b",
     44 
     45         /* s = -1, which causes y = 0 */
     46         "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
     47     };
     48     unsigned char *s;
     49     size_t         i;
     50 
     51     s = (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES);
     52     for (i = 0; i < sizeof bad_encodings_hex / sizeof bad_encodings_hex[0]; i++) {
     53         sodium_hex2bin(s, crypto_core_ristretto255_BYTES, bad_encodings_hex[i],
     54                        crypto_core_ristretto255_BYTES * 2 + 1,
     55                        NULL, NULL, NULL);
     56         if (crypto_core_ristretto255_is_valid_point(s)) {
     57             printf("[%s] was not rejected\n", bad_encodings_hex[i]);
     58         }
     59     }
     60     sodium_free(s);
     61 };
     62 
     63 static void
     64 tv2(void)
     65 {
     66     static const char *hash_hex[] = {
     67         "5d1be09e3d0c82fc538112490e35701979d99e06ca3e2b5b54bffe8b4dc772c1"
     68         "4d98b696a1bbfb5ca32c436cc61c16563790306c79eaca7705668b47dffe5bb6",
     69 
     70         "f116b34b8f17ceb56e8732a60d913dd10cce47a6d53bee9204be8b44f6678b27"
     71         "0102a56902e2488c46120e9276cfe54638286b9e4b3cdb470b542d46c2068d38",
     72 
     73         "8422e1bbdaab52938b81fd602effb6f89110e1e57208ad12d9ad767e2e25510c"
     74         "27140775f9337088b982d83d7fcf0b2fa1edffe51952cbe7365e95c86eaf325c",
     75 
     76         "ac22415129b61427bf464e17baee8db65940c233b98afce8d17c57beeb7876c2"
     77         "150d15af1cb1fb824bbd14955f2b57d08d388aab431a391cfc33d5bafb5dbbaf",
     78 
     79         "165d697a1ef3d5cf3c38565beefcf88c0f282b8e7dbd28544c483432f1cec767"
     80         "5debea8ebb4e5fe7d6f6e5db15f15587ac4d4d4a1de7191e0c1ca6664abcc413",
     81 
     82         "a836e6c9a9ca9f1e8d486273ad56a78c70cf18f0ce10abb1c7172ddd605d7fd2"
     83         "979854f47ae1ccf204a33102095b4200e5befc0465accc263175485f0e17ea5c",
     84 
     85         "2cdc11eaeb95daf01189417cdddbf95952993aa9cb9c640eb5058d09702c7462"
     86         "2c9965a697a3b345ec24ee56335b556e677b30e6f90ac77d781064f866a3c982"
     87     };
     88     unsigned char *s;
     89     unsigned char *u;
     90     char          *hex;
     91     size_t         i;
     92 
     93     s = (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES);
     94     u = (unsigned char *) sodium_malloc(crypto_core_ristretto255_HASHBYTES);
     95     hex = (char *) sodium_malloc(crypto_core_ristretto255_BYTES * 2 + 1);
     96     for (i = 0; i < sizeof hash_hex / sizeof hash_hex[0]; i++) {
     97         sodium_hex2bin(u, crypto_core_ristretto255_HASHBYTES, hash_hex[i],
     98                        crypto_core_ristretto255_HASHBYTES * 2 + 1,
     99                        NULL, NULL, NULL);
    100         crypto_core_ristretto255_from_hash(s, u);
    101         sodium_bin2hex(hex, crypto_core_ristretto255_BYTES * 2 + 1,
    102                        s, crypto_core_ristretto255_BYTES);
    103         printf("%s\n", hex);
    104     }
    105     sodium_free(hex);
    106     sodium_free(u);
    107     sodium_free(s);
    108 }
    109 
    110 static void
    111 tv3(void)
    112 {
    113     static const unsigned char l[crypto_core_ed25519_BYTES] =
    114       { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
    115         0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
    116         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    117         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
    118 
    119     unsigned char *r =
    120         (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    121     unsigned char *r_inv =
    122         (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    123     unsigned char *ru =
    124         (unsigned char *) sodium_malloc(crypto_core_ristretto255_HASHBYTES);
    125     unsigned char *s =
    126         (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES);
    127     unsigned char *s_ =
    128         (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES);
    129     unsigned char *s2 =
    130         (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES);
    131     int            i;
    132 
    133     for (i = 0; i < 1000; i++) {
    134         crypto_core_ristretto255_scalar_random(r);
    135         if (crypto_scalarmult_ristretto255_base(s, r) != 0 ||
    136             crypto_core_ristretto255_is_valid_point(s) != 1) {
    137             printf("crypto_scalarmult_ristretto255_base() failed\n");
    138         }
    139         crypto_core_ristretto255_random(s);
    140         if (crypto_core_ristretto255_is_valid_point(s) != 1) {
    141             printf("crypto_core_ristretto255_random() failed\n");
    142         }
    143         if (crypto_scalarmult_ristretto255(s, l, s) == 0) {
    144             printf("s*l != inf (1)\n");
    145         }
    146         randombytes_buf(ru, crypto_core_ristretto255_HASHBYTES);
    147         if (crypto_core_ristretto255_from_hash(s, ru) != 0 ||
    148             crypto_core_ristretto255_is_valid_point(s) != 1) {
    149             printf("crypto_core_ristretto255_from_hash() failed\n");
    150         }
    151         if (crypto_scalarmult_ristretto255(s2, l, s) == 0) {
    152             printf("s*l != inf (2)\n");
    153         }
    154         if (crypto_scalarmult_ristretto255(s2, r, s) != 0  ||
    155             crypto_core_ristretto255_is_valid_point(s2) != 1) {
    156             printf("crypto_scalarmult_ristretto255() failed\n");
    157         }
    158         if (crypto_core_ristretto255_scalar_invert(r_inv, r) != 0) {
    159             printf("crypto_core_ristretto255_scalar_invert() failed\n");
    160         }
    161         if (crypto_scalarmult_ristretto255(s_, r_inv, s2) != 0  ||
    162             crypto_core_ristretto255_is_valid_point(s_) != 1) {
    163             printf("crypto_scalarmult_ristretto255() failed\n");
    164         }
    165         if (memcmp(s, s_, crypto_core_ristretto255_BYTES) != 0) {
    166             printf("inversion failed\n");
    167         }
    168         if (crypto_scalarmult_ristretto255(s2, l, s2) == 0) {
    169             printf("s*l != inf (3)\n");
    170         }
    171         if (crypto_core_ristretto255_add(s2, s, s_) != 0) {
    172             printf("addition failed");
    173         }
    174         if (crypto_core_ristretto255_sub(s2, s2, s_) != 0) {
    175             printf("subtraction failed");
    176         }
    177         if (crypto_core_ristretto255_is_valid_point(s2) == 0) {
    178             printf("invalid point");
    179         }
    180         if (memcmp(s, s2, crypto_core_ristretto255_BYTES) != 0) {
    181             printf("s2 + s - s_ != s\n");
    182         }
    183         if (crypto_core_ristretto255_sub(s2, s2, s) != 0) {
    184             printf("subtraction failed");
    185         }
    186         if (crypto_core_ristretto255_is_valid_point(s2) == -1) {
    187             printf("s + s' - s - s' != 0");
    188         }
    189     }
    190 
    191     crypto_core_ristretto255_random(s);
    192     memset(s_, 0xfe, crypto_core_ristretto255_BYTES);
    193     assert(crypto_core_ristretto255_add(s2, s_, s) == -1);
    194     assert(crypto_core_ristretto255_add(s2, s, s_) == -1);
    195     assert(crypto_core_ristretto255_add(s2, s_, s_) == -1);
    196     assert(crypto_core_ristretto255_add(s2, s, s) == 0);
    197     assert(crypto_core_ristretto255_sub(s2, s_, s) == -1);
    198     assert(crypto_core_ristretto255_sub(s2, s, s_) == -1);
    199     assert(crypto_core_ristretto255_sub(s2, s_, s_) == -1);
    200     assert(crypto_core_ristretto255_sub(s2, s, s) == 0);
    201 
    202     sodium_free(s2);
    203     sodium_free(s_);
    204     sodium_free(s);
    205     sodium_free(ru);
    206     sodium_free(r_inv);
    207     sodium_free(r);
    208 }
    209 
    210 static void
    211 tv4(void)
    212 {
    213     unsigned char *r;
    214     unsigned char *s1;
    215     unsigned char *s2;
    216     unsigned char *s3;
    217     unsigned char *s4;
    218 
    219     r = (unsigned char *) sodium_malloc(crypto_core_ristretto255_NONREDUCEDSCALARBYTES);
    220     s1 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    221     s2 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    222     s3 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    223     s4 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES);
    224 
    225     crypto_core_ristretto255_scalar_random(s1);
    226     randombytes_buf(r, crypto_core_ristretto255_NONREDUCEDSCALARBYTES);
    227     crypto_core_ristretto255_scalar_reduce(s2, r);
    228     memcpy(s4, s1, crypto_core_ristretto255_SCALARBYTES);
    229     crypto_core_ristretto255_scalar_add(s3, s1, s2);
    230     crypto_core_ristretto255_scalar_sub(s4, s1, s2);
    231     crypto_core_ristretto255_scalar_add(s2, s3, s4);
    232     crypto_core_ristretto255_scalar_sub(s2, s2, s1);
    233     crypto_core_ristretto255_scalar_mul(s2, s3, s2);
    234     crypto_core_ristretto255_scalar_invert(s4, s3);
    235     crypto_core_ristretto255_scalar_mul(s2, s2, s4);
    236     crypto_core_ristretto255_scalar_negate(s1, s1);
    237     crypto_core_ristretto255_scalar_add(s2, s2, s1);
    238     crypto_core_ristretto255_scalar_complement(s1, s2);
    239     s1[0]--;
    240     assert(sodium_is_zero(s1, crypto_core_ristretto255_SCALARBYTES));
    241 
    242     sodium_free(s1);
    243     sodium_free(s2);
    244     sodium_free(s3);
    245     sodium_free(s4);
    246     sodium_free(r);
    247 }
    248 
    249 int
    250 main(void)
    251 {
    252     tv1();
    253     tv2();
    254     tv3();
    255     tv4();
    256 
    257     assert(crypto_core_ristretto255_BYTES == crypto_core_ristretto255_bytes());
    258     assert(crypto_core_ristretto255_SCALARBYTES == crypto_core_ristretto255_scalarbytes());
    259     assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES == crypto_core_ristretto255_nonreducedscalarbytes());
    260     assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES >= crypto_core_ristretto255_SCALARBYTES);
    261     assert(crypto_core_ristretto255_HASHBYTES == crypto_core_ristretto255_hashbytes());
    262     assert(crypto_core_ristretto255_HASHBYTES >= crypto_core_ristretto255_BYTES);
    263     assert(crypto_core_ristretto255_BYTES == crypto_core_ed25519_BYTES);
    264     assert(crypto_core_ristretto255_SCALARBYTES == crypto_core_ed25519_SCALARBYTES);
    265     assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES == crypto_core_ed25519_NONREDUCEDSCALARBYTES);
    266     assert(crypto_core_ristretto255_HASHBYTES >= 2 * crypto_core_ed25519_UNIFORMBYTES);
    267 
    268     printf("OK\n");
    269 
    270     return 0;
    271 }