Check that scalarmult() returns -1 with a point of small order

325606250916557431795983626356110631294008115727848805560023387167927233504 is a point of order 8
2015-11-17 09:09:44 +01:00 · 2015-11-17 09:09:44 +01:00 · 5e17a7adf8
commit 5e17a7adf8
parent 1e33a0beab
2 changed files with 12 additions and 1 deletions
--- a/test/default/scalarmult.c
+++ b/test/default/scalarmult.c
@ -12,6 +12,11 @@ const unsigned char bobsk[crypto_scalarmult_BYTES]
        0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
        0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };

+const unsigned char small_order_p[crypto_scalarmult_BYTES]
+    = { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
+        0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
+        0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 };
+
 char hex[crypto_scalarmult_BYTES * 2 + 1];

 int main(void)
@ -44,9 +49,14 @@ int main(void)
    sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES);
    printf("%s\n", hex);

-    sodium_free(k);
+    ret = crypto_scalarmult(k, bobsk, small_order_p);
+    assert(ret == -1);
+    sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES);
+    printf("%s\n", hex);
+
    sodium_free(bobpk);
    sodium_free(alicepk);
+    sodium_free(k);

    assert(crypto_scalarmult_bytes() > 0U);
    assert(crypto_scalarmult_scalarbytes() > 0U);
--- a/test/default/scalarmult.exp
+++ b/test/default/scalarmult.exp
@ -2,3 +2,4 @@
 de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f
 4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742
 4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742
+0000000000000000000000000000000000000000000000000000000000000000