quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

scalarmult_ed25519.c (5039B)

      1 #define TEST_NAME "scalarmult_ed25519"
      2 #include "cmptest.h"
      3 
      4 static const unsigned char non_canonical_p[32] = {
      5     0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
      6     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
      7 };
      8 static const unsigned char non_canonical_invalid_p[32] = {
      9     0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     10     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
     11 };
     12 static const unsigned char max_canonical_p[32] = {
     13     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     14     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
     15 };
     16 
     17 static const unsigned char B[32] = {
     18     0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
     19     0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
     20 };
     21 
     22 int
     23 main(void)
     24 {
     25     unsigned char *n, *p, *q, *q2;
     26 
     27     n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
     28     p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
     29     q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
     30     q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
     31 
     32     randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES);
     33     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
     34         printf("crypto_scalarmult_ed25519_base() failed\n");
     35     }
     36     memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
     37     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
     38         printf("crypto_scalarmult_ed25519() failed\n");
     39     }
     40     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
     41         printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n");
     42     }
     43 
     44     memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
     45     if (crypto_scalarmult_ed25519_base(q, n) != -1) {
     46         printf("crypto_scalarmult_ed25519_base(0) passed\n");
     47     }
     48     if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
     49         printf("crypto_scalarmult_ed25519(0) passed\n");
     50     }
     51     if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != -1) {
     52         printf("crypto_scalarmult_ed25519_noclamp(0) passed\n");
     53     }
     54 
     55     n[0] = 1;
     56     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
     57         printf("crypto_scalarmult_ed25519_base() failed\n");
     58     }
     59     if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
     60         printf("crypto_scalarmult_ed25519() failed\n");
     61     }
     62     if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
     63         printf("crypto_scalarmult_ed25519_noclamp() failed\n");
     64     }
     65 
     66     if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
     67         printf("crypto_scalarmult_ed25519() didn't fail\n");
     68     }
     69     if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) {
     70         printf("crypto_scalarmult_ed25519() didn't fail\n");
     71     }
     72     if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) {
     73         printf("crypto_scalarmult_ed25519() failed\n");
     74     }
     75 
     76     n[0] = 9;
     77     if (crypto_scalarmult_ed25519(q, n, p) != 0) {
     78         printf("crypto_scalarmult_ed25519() failed\n");
     79     }
     80     if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
     81         printf("crypto_scalarmult_ed25519_noclamp() failed\n");
     82     }
     83     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) {
     84         printf("clamping not applied\n");
     85     }
     86 
     87     n[0] = 9;
     88     if (crypto_scalarmult_ed25519_base(q, n) != 0) {
     89         printf("crypto_scalarmult_ed25519_base() failed\n");
     90     }
     91     if (crypto_scalarmult_ed25519_base_noclamp(q2, n) != 0) {
     92         printf("crypto_scalarmult_ed25519_base_noclamp() failed\n");
     93     }
     94     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) {
     95         printf("clamping not applied\n");
     96     }
     97 
     98     n[0] = 8;
     99     n[31] = 64;
    100     if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
    101         printf("crypto_scalarmult_ed25519_noclamp() failed\n");
    102     }
    103     if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
    104         printf("inconsistent clamping\n");
    105     }
    106 
    107     memset(p, 0, crypto_scalarmult_ed25519_BYTES);
    108     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
    109         printf("crypto_scalarmult_ed25519() didn't fail\n");
    110     }
    111     if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
    112         printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
    113     }
    114 
    115     n[0] = 8;
    116     if (crypto_scalarmult_ed25519(q, n, p) != -1) {
    117         printf("crypto_scalarmult_ed25519() didn't fail\n");
    118     }
    119     if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
    120         printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
    121     }
    122 
    123     sodium_free(q2);
    124     sodium_free(q);
    125     sodium_free(p);
    126     sodium_free(n);
    127 
    128     assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes());
    129     assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes());
    130 
    131     printf("OK\n");
    132 
    133     return 0;
    134 }