From bd8cbd3175cd2041945ea28bf0d4521fa79de26b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 13 Oct 2013 12:49:15 -0700 Subject: [PATCH] Make curve25519-donna-c64 handle non-canonical points like the ref implementation. --- .gitignore | 2 ++ .../donna_c64/smult_curve25519_donna_c64.c | 2 +- test/default/Makefile.am | 12 +++++++ test/default/scalarmult7.c | 34 +++++++++++++++++++ test/default/scalarmult7.exp | 1 + test/default/scalarmult8.c | 34 +++++++++++++++++++ test/default/scalarmult8.exp | 1 + 7 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 test/default/scalarmult7.c create mode 100644 test/default/scalarmult7.exp create mode 100644 test/default/scalarmult8.c create mode 100644 test/default/scalarmult8.exp diff --git a/.gitignore b/.gitignore index ce9eb12c..fd18116c 100644 --- a/.gitignore +++ b/.gitignore @@ -77,6 +77,8 @@ test/default/scalarmult test/default/scalarmult2 test/default/scalarmult5 test/default/scalarmult6 +test/default/scalarmult7 +test/default/scalarmult8 test/default/secretbox test/default/secretbox2 test/default/secretbox7 diff --git a/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c b/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c index c10b9ad7..0b1bc98f 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c +++ b/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c @@ -196,7 +196,7 @@ fexpand(limb *output, const u8 *in) { output[1] = (*((const uint64_t *)(in+6)) >> 3) & 0x7ffffffffffff; output[2] = (*((const uint64_t *)(in+12)) >> 6) & 0x7ffffffffffff; output[3] = (*((const uint64_t *)(in+19)) >> 1) & 0x7ffffffffffff; - output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0x7ffffffffffff; + output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0xfffffffffffff; } /* Take a fully reduced polynomial form number and contract it into a diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 45f2494c..cd836958 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -27,6 +27,8 @@ EXTRA_DIST = \ scalarmult2.exp \ scalarmult5.exp \ scalarmult6.exp \ + scalarmult7.exp \ + scalarmult8.exp \ secretbox.exp \ secretbox2.exp \ secretbox7.exp \ @@ -69,6 +71,8 @@ DISTCLEANFILES = \ scalarmult2.res \ scalarmult5.res \ scalarmult6.res \ + scalarmult7.res \ + scalarmult8.res \ secretbox.res \ secretbox2.res \ secretbox7.res \ @@ -119,6 +123,8 @@ TESTS_TARGETS = \ scalarmult2 \ scalarmult5 \ scalarmult6 \ + scalarmult7 \ + scalarmult8 \ secretbox \ secretbox2 \ secretbox7 \ @@ -219,6 +225,12 @@ scalarmult5_LDADD = $(TESTS_LDADD) scalarmult6_SOURCE = cmptest.h scalarmult6.c scalarmult6_LDADD = $(TESTS_LDADD) +scalarmult7_SOURCE = cmptest.h scalarmult7.c +scalarmult7_LDADD = $(TESTS_LDADD) + +scalarmult8_SOURCE = cmptest.h scalarmult8.c +scalarmult8_LDADD = $(TESTS_LDADD) + secretbox_SOURCE = cmptest.h secretbox.c secretbox_LDADD = $(TESTS_LDADD) diff --git a/test/default/scalarmult7.c b/test/default/scalarmult7.c new file mode 100644 index 00000000..77ce820b --- /dev/null +++ b/test/default/scalarmult7.c @@ -0,0 +1,34 @@ +#include +#include +#define TEST_NAME "scalarmult7" +#include "cmptest.h" + +unsigned char p1[32] = { + 0x72, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, + 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, + 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0xea +}; + +unsigned char p2[32] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, + 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, + 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a +}; + +unsigned char scalar[32]; +unsigned char out1[32]; +unsigned char out2[32]; + +int main(void) +{ + int i; + + scalar[0] = 1U; + crypto_scalarmult_curve25519(out1, scalar, p1); + crypto_scalarmult_curve25519(out2, scalar, p2); + printf("%d\n", memcmp(out1, out2, sizeof out1)); + + return 0; +} diff --git a/test/default/scalarmult7.exp b/test/default/scalarmult7.exp new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/test/default/scalarmult7.exp @@ -0,0 +1 @@ +0 diff --git a/test/default/scalarmult8.c b/test/default/scalarmult8.c new file mode 100644 index 00000000..0092bcd0 --- /dev/null +++ b/test/default/scalarmult8.c @@ -0,0 +1,34 @@ +#include +#include +#define TEST_NAME "scalarmult7" +#include "cmptest.h" + +unsigned char p1[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF +}; + +unsigned char p2[32] = { + 0x25,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 +}; + +unsigned char scalar[32]; +unsigned char out1[32]; +unsigned char out2[32]; + +int main(void) +{ + int i; + + scalar[0] = 1U; + crypto_scalarmult_curve25519(out1, scalar, p1); + crypto_scalarmult_curve25519(out2, scalar, p2); + printf("%d\n", memcmp(out1, out2, sizeof out1)); + + return 0; +} diff --git a/test/default/scalarmult8.exp b/test/default/scalarmult8.exp new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/test/default/scalarmult8.exp @@ -0,0 +1 @@ +0