1#define TEST_NAME "scalarmult_ed25519"
2#include "cmptest.h"
3
4static const unsigned char non_canonical_p[32] = {
5    0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
7};
8static const unsigned char non_canonical_invalid_p[32] = {
9    0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
10    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
11};
12static const unsigned char max_canonical_p[32] = {
13    0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
14    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
15};
16
17static const unsigned char B[32] = {
18    0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
19    0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
20};
21
22int
23main(void)
24{
25    unsigned char *n, *p, *q, *q2;
26
27    n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
28    p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
29    q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
30    q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
31
32    randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES);
33    if (crypto_scalarmult_ed25519_base(q, n) != 0) {
34        printf("crypto_scalarmult_ed25519_base() failed\n");
35    }
36    memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
37    if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
38        printf("crypto_scalarmult_ed25519() failed\n");
39    }
40    if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
41        printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n");
42    }
43
44    memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
45    if (crypto_scalarmult_ed25519_base(q, n) != -1) {
46        printf("crypto_scalarmult_ed25519_base(0) failed\n");
47    }
48    if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
49        printf("crypto_scalarmult_ed25519(0) passed\n");
50    }
51
52    n[0] = 1;
53    if (crypto_scalarmult_ed25519_base(q, n) != 0) {
54        printf("crypto_scalarmult_ed25519_base() failed\n");
55    }
56    if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
57        printf("crypto_scalarmult_ed25519() passed\n");
58    }
59
60    if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
61        printf("crypto_scalarmult_ed25519() didn't fail\n");
62    }
63    if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) {
64        printf("crypto_scalarmult_ed25519() didn't fail\n");
65    }
66    if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) {
67        printf("crypto_scalarmult_ed25519() failed\n");
68    }
69
70    memset(p, 0, crypto_scalarmult_ed25519_BYTES);
71    if (crypto_scalarmult_ed25519(q, n, p) != -1) {
72        printf("crypto_scalarmult_ed25519() didn't fail\n");
73    }
74    n[0] = 8;
75    if (crypto_scalarmult_ed25519(q, n, p) != -1) {
76        printf("crypto_scalarmult_ed25519() didn't fail\n");
77    }
78
79    sodium_free(q2);
80    sodium_free(q);
81    sodium_free(p);
82    sodium_free(n);
83
84    assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes());
85    assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes());
86
87    printf("OK\n");
88
89    return 0;
90}
91