From 1df228536251ef66fd5998e4a1036019200a0796 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 15 Nov 2017 01:34:43 +0100
Subject: [PATCH] Add a preliminary test for core_ed25519

---
 .gitignore                                    |  1 +
 .../include/sodium/crypto_core_ed25519.h      |  3 +
 test/default/Makefile.am                      |  8 ++
 test/default/core_ed25519.c                   | 75 +++++++++++++++++++
 test/default/core_ed25519.exp                 |  1 +
 5 files changed, 88 insertions(+)
 create mode 100644 test/default/core_ed25519.c
 create mode 100644 test/default/core_ed25519.exp

diff --git a/.gitignore b/.gitignore
index f601120a..bbe102bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -101,6 +101,7 @@ test/default/box_seal
 test/default/box_seed
 test/default/chacha20
 test/default/codecs
+test/default/core_ed25519
 test/default/core1
 test/default/core2
 test/default/core3
diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h
index 4f4531f5..f6b5820f 100644
--- a/src/libsodium/include/sodium/crypto_core_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_core_ed25519.h
@@ -8,6 +8,9 @@
 extern "C" {
 #endif
 
+#define crypto_core_ed25519_BYTES 32
+#define crypto_core_ed25519_UNIFORMBYTES 32
+
 SODIUM_EXPORT
 int crypto_core_ed25519_is_valid_point(const unsigned char *p);
 
diff --git a/test/default/Makefile.am b/test/default/Makefile.am
index 96b677e9..59c40151 100644
--- a/test/default/Makefile.am
+++ b/test/default/Makefile.am
@@ -22,6 +22,7 @@ EXTRA_DIST = \
 	box_seed.exp \
 	chacha20.exp \
 	codecs.exp \
+	core_ed25519.exp \
 	core1.exp \
 	core2.exp \
 	core3.exp \
@@ -95,6 +96,7 @@ DISTCLEANFILES = \
 	box_seed.res \
 	chacha20.res \
 	codecs.res \
+	core_ed25519.res \
 	core1.res \
 	core2.res \
 	core3.res \
@@ -169,6 +171,7 @@ CLEANFILES = \
 	box_seed.final \
 	chacha20.final \
 	codecs.final \
+	core_ed25519.final \
 	core1.final \
 	core2.final \
 	core3.final \
@@ -238,6 +241,7 @@ CLEANFILES = \
 	box_seed.nexe \
 	chacha20.nexe \
 	codecs.nexe \
+	core_ed25519.nexe \
 	core1.nexe \
 	core2.nexe \
 	core3.nexe \
@@ -438,6 +442,9 @@ chacha20_LDADD            = $(TESTS_LDADD)
 codecs_SOURCE             = cmptest.h codecs.c
 codecs_LDADD              = $(TESTS_LDADD)
 
+core_ed25519_SOURCE       = cmptest.h core_ed25519.c
+core_ed25519_LDADD        = $(TESTS_LDADD)
+
 core1_SOURCE              = cmptest.h core1.c
 core1_LDADD               = $(TESTS_LDADD)
 
@@ -593,6 +600,7 @@ xchacha20_LDADD           = $(TESTS_LDADD)
 
 if !MINIMAL
 TESTS_TARGETS += \
+	core_ed25519 \
 	pwhash_scrypt \
 	pwhash_scrypt_ll \
 	siphashx24 \
diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c
new file mode 100644
index 00000000..ae453aa8
--- /dev/null
+++ b/test/default/core_ed25519.c
@@ -0,0 +1,75 @@
+
+#define TEST_NAME "core_ed25519"
+#include "cmptest.h"
+
+int
+main(void)
+{
+    unsigned char *h;
+    unsigned char *p, *p2, *p3;
+    unsigned char *sc;
+    int            i, j;
+
+    h = sodium_malloc(crypto_core_ed25519_UNIFORMBYTES);
+    p = sodium_malloc(crypto_core_ed25519_BYTES);
+    for (i = 0; i < 1000; i++) {
+        randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES);
+        if (crypto_core_ed25519_from_uniform(p, h) != 0) {
+            printf("crypto_core_ed25519_from_uniform() failed\n");
+        }
+        if (crypto_core_ed25519_is_valid_point(p) == 0) {
+            printf("crypto_core_ed25519_from_uniform() returned an invalid point\n");
+        }
+    }
+
+    p2 = sodium_malloc(crypto_core_ed25519_BYTES);
+    p3 = sodium_malloc(crypto_core_ed25519_BYTES);
+    randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES);
+    crypto_core_ed25519_from_uniform(p2, h);
+
+    j = 1 + (int) randombytes_uniform(100);
+    memcpy(p3, p, crypto_core_ed25519_BYTES);
+    for (i = 0; i < j; i++) {
+        crypto_core_ed25519_add(p, p, p2);
+        if (crypto_core_ed25519_is_valid_point(p) != 1) {
+            printf("crypto_core_add() returned an invalid point\n");
+        }
+    }
+    if (memcmp(p, p3, crypto_core_ed25519_BYTES) == 0) {
+        printf("crypto_core_add() failed\n");
+    }
+    for (i = 0; i < j; i++) {
+        crypto_core_ed25519_sub(p, p, p2);
+    }
+    if (memcmp(p, p3, crypto_core_ed25519_BYTES) != 0) {
+        printf("crypto_core_add() or crypto_core_sub() failed\n");
+    }
+    sc = sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
+    memset(sc, 0, crypto_scalarmult_ed25519_SCALARBYTES);
+    sc[0] = 8;
+    memcpy(p2, p, crypto_core_ed25519_BYTES);
+    memcpy(p3, p, crypto_core_ed25519_BYTES);
+
+    for (i = 0; i < 254; i++) {
+        crypto_core_ed25519_add(p2, p2, p2);
+    }
+    for (i = 0; i < 8; i++) {
+        crypto_core_ed25519_add(p2, p2, p);
+    }
+    if (crypto_scalarmult_ed25519(p3, sc, p) != 0) {
+        printf("crypto_scalarmult_ed25519() failed\n");
+    }
+    if (memcmp(p2, p3, crypto_core_ed25519_BYTES) != 0) {
+        printf("crypto_scalarmult_ed25519() is inconsistent with crypto_core_ed25519_add()\n");
+    }
+
+    sodium_free(sc);
+    sodium_free(p3);
+    sodium_free(p2);
+    sodium_free(p);
+    sodium_free(h);
+
+    printf("OK\n");
+
+    return 0;
+}
diff --git a/test/default/core_ed25519.exp b/test/default/core_ed25519.exp
new file mode 100644
index 00000000..d86bac9d
--- /dev/null
+++ b/test/default/core_ed25519.exp
@@ -0,0 +1 @@
+OK