Add tests for unclamped scalars

This commit is contained in:
Frank Denis 2018-12-18 23:11:15 +01:00
parent b42082d6d2
commit b6051b7ee2

View File

@ -43,18 +43,24 @@ main(void)
memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES); memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
if (crypto_scalarmult_ed25519_base(q, n) != -1) { if (crypto_scalarmult_ed25519_base(q, n) != -1) {
printf("crypto_scalarmult_ed25519_base(0) failed\n"); printf("crypto_scalarmult_ed25519_base(0) passed\n");
} }
if (crypto_scalarmult_ed25519(q2, n, p) != -1) { if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
printf("crypto_scalarmult_ed25519(0) passed\n"); printf("crypto_scalarmult_ed25519(0) passed\n");
} }
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp(0) passed\n");
}
n[0] = 1; n[0] = 1;
if (crypto_scalarmult_ed25519_base(q, n) != 0) { if (crypto_scalarmult_ed25519_base(q, n) != 0) {
printf("crypto_scalarmult_ed25519_base() failed\n"); printf("crypto_scalarmult_ed25519_base() failed\n");
} }
if (crypto_scalarmult_ed25519(q2, n, p) != 0) { if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519() passed\n"); printf("crypto_scalarmult_ed25519() failed\n");
}
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
} }
if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) { if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
@ -67,14 +73,40 @@ main(void)
printf("crypto_scalarmult_ed25519() failed\n"); printf("crypto_scalarmult_ed25519() failed\n");
} }
n[0] = 9;
if (crypto_scalarmult_ed25519(q, n, p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) {
printf("clamping not applied\n");
}
n[0] = 8;
n[31] = 64;
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
printf("inconsistent clamping\n");
}
memset(p, 0, crypto_scalarmult_ed25519_BYTES); memset(p, 0, crypto_scalarmult_ed25519_BYTES);
if (crypto_scalarmult_ed25519(q, n, p) != -1) { if (crypto_scalarmult_ed25519(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n"); printf("crypto_scalarmult_ed25519() didn't fail\n");
} }
if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
}
n[0] = 8; n[0] = 8;
if (crypto_scalarmult_ed25519(q, n, p) != -1) { if (crypto_scalarmult_ed25519(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n"); printf("crypto_scalarmult_ed25519() didn't fail\n");
} }
if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
}
sodium_free(q2); sodium_free(q2);
sodium_free(q); sodium_free(q);