Additional sc25519 tests

This commit is contained in:
Frank Denis 2020-05-14 12:40:59 +02:00
parent 89943bdd38
commit 2952a15bfe
2 changed files with 150 additions and 0 deletions

View File

@ -13,6 +13,26 @@ static const unsigned char max_canonical_p[32] = {
0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
}; };
static const unsigned char L_p1[32] = {
0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char L[32] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char L_1[32] = {
0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char sc_8[32] = {
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const unsigned char sc_highbit[32] = {
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
};
static void static void
add_P(unsigned char * const S) add_P(unsigned char * const S)
@ -378,6 +398,114 @@ main(void)
crypto_core_ed25519_scalar_mul(sc3, sc, sc2); crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0); assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
} }
crypto_core_ed25519_scalar_mul(sc, L_1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)*8: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_8, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8(L-1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_1, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L, sc_8);
crypto_core_ed25519_scalar_mul(sc, L_p1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)*8: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_8, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8(L+1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_p1, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)h: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h(L-1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_p1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)h: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h(L+1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L, sc_8);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, sc_8, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L, L_1);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L_1, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_add(sc, L_1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)+8: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_8, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8+(L-1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_1, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)*2: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L, sc_8);
crypto_core_ed25519_scalar_add(sc, L_p1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)+8: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_8, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8+(L+1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_p1, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)*2: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)+h: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h+(L-1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_p1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)+h: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h+(L+1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h*2: %s\n", hex);
sodium_free(hex); sodium_free(hex);
sodium_free(sc64); sodium_free(sc64);
sodium_free(sc3); sodium_free(sc3);

View File

@ -15,4 +15,26 @@ sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202
add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202 add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202
sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d
mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b
(L-1)*8: e5d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
8(L-1): e5d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
(L-1)^2: 0100000000000000000000000000000000000000000000000000000000000000
(L+1)*8: 0800000000000000000000000000000000000000000000000000000000000000
8(L+1): 0800000000000000000000000000000000000000000000000000000000000000
(L+1)^2: 0100000000000000000000000000000000000000000000000000000000000000
(L-1)h: 609faee7d21893c0b2e6bc17f5cef7a600000000000000000000000000000000
h(L-1): 609faee7d21893c0b2e6bc17f5cef7a600000000000000000000000000000000
(L+1)h: 8d344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
h(L+1): 8d344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
h^2: 726cf51b9ec1dda146af8c58ffd22d148f6ffd85f41cbb738f260cdf4650e60c
(L-1)+8: 0700000000000000000000000000000000000000000000000000000000000000
8+(L-1): 0700000000000000000000000000000000000000000000000000000000000000
(L-1)*2: ebd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
(L+1)+8: 0900000000000000000000000000000000000000000000000000000000000000
8+(L+1): 0900000000000000000000000000000000000000000000000000000000000000
(L+1)*2: 0200000000000000000000000000000000000000000000000000000000000000
(L-1)+h: 8c344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
h+(L-1): 8c344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
(L+1)+h: 8e344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
h+(L+1): 8e344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
h*2: 1000000000000000000000000000000000000000000000000000000000000000
OK OK