ed25519/ed25519-donna/test-internals.c

   1 #include <stdio.h>
   2 #include "ed25519-donna.h"
   3
   4 static int
   5 test_adds() {
   6 #if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
   7         /* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
   8         static const bignum25519 max_bignum = {
   9                 0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
  10         };
  11
  12         /* what max_bignum should fully reduce to */
  13         static const unsigned char max_bignum_raw[32] = {
  14                 0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  15                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  16         };
  17
  18         /* (max_bignum + max_bignum)^2 */
  19         static const unsigned char max_bignum2_squared_raw[32] = {
  20                 0x10,0x05,0x00,0x00,0x00,0x00,0x80,0xdc,0x51,0x00,0x00,0x00,0x00,0x61,0xed,0x4a,
  21                 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22         };
  23
  24         /* ((max_bignum + max_bignum) + max_bignum)^2 */
  25         static const unsigned char max_bignum3_squared_raw[32] = {
  26                 0x64,0x0b,0x00,0x00,0x00,0x00,0x20,0x30,0xb8,0x00,0x00,0x00,0x40,0x1a,0x96,0xe8,
  27                 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28         };
  29 #else
  30         /* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
  31         static const bignum25519 ALIGN(16) max_bignum = {
  32                 0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
  33                 0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
  34         };
  35
  36         /* what max_bignum should fully reduce to */
  37         static const unsigned char max_bignum2_squared_raw[32] = {
  38                 0x10,0x05,0x00,0x40,0xc2,0x06,0x40,0x80,0x41,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
  39                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  40         };
  41
  42         /* (max_bignum * max_bignum) */
  43         static const unsigned char max_bignum3_squared_raw[32] = {
  44                 0x64,0x0b,0x00,0x10,0x35,0x0f,0x90,0x60,0x13,0x05,0x00,0x00,0x00,0x00,0x00,0x00,
  45                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  46         };
  47 #endif
  48         unsigned char result[32];
  49         static const bignum25519 ALIGN(16) zero = {0};
  50         bignum25519 ALIGN(16) a, b, c;
  51         size_t i;
  52
  53         /* a = (max_bignum + max_bignum) */
  54         curve25519_add(a, max_bignum, max_bignum);
  55
  56         /* b = ((max_bignum + max_bignum) * (max_bignum + max_bignum)) */
  57         curve25519_mul(b, a, a);
  58         curve25519_contract(result, b);
  59         if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
  60                 return -1;
  61         curve25519_square(b, a);
  62         curve25519_contract(result, b);
  63         if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
  64                 return -1;
  65
  66         /* b = (max_bignum + max_bignum + max_bignum) */
  67         curve25519_add_after_basic(b, a, max_bignum);
  68
  69         /* a = ((max_bignum + max_bignum + max_bignum) * (max_bignum + max_bignum + max_bignum)) */
  70         curve25519_mul(a, b, b);
  71         curve25519_contract(result, a);
  72         if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
  73                 return -1;
  74         curve25519_square(a, b);
  75         curve25519_contract(result, a);
  76         if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
  77                 return -1;
  78
  79         return 0;
  80 }
  81
  82 static int
  83 test_subs() {
  84 #if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
  85         /* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
  86         static const bignum25519 max_bignum = {
  87                 0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
  88         };
  89
  90         /* what max_bignum should fully reduce to */
  91         static const unsigned char max_bignum_raw[32] = {
  92                 0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  93                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  94         };
  95
  96         /* (max_bignum * max_bignum) */
  97         static const unsigned char max_bignum_squared_raw[32] = {
  98                 0x44,0x01,0x00,0x00,0x00,0x00,0x20,0x77,0x14,0x00,0x00,0x00,0x40,0x58,0xbb,0x52,
  99                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
 100         };
 101 #else
 102         /* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
 103         static const bignum25519 ALIGN(16) max_bignum = {
 104                 0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
 105                 0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
 106         };
 107
 108         /* what max_bignum should fully reduce to */
 109         static const unsigned char max_bignum_raw[32] = {
 110                 0x12,0x00,0x00,0x04,0x0c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 111                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 112         };
 113
 114         /* (max_bignum * max_bignum) */
 115         static const unsigned char max_bignum_squared_raw[32] = {
 116                 0x44,0x01,0x00,0x90,0xb0,0x01,0x10,0x60,0x90,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 117                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 118         };
 119 #endif
 120         unsigned char result[32];
 121         static const bignum25519 ALIGN(16) zero = {0};
 122         bignum25519 ALIGN(16) a, b, c;
 123         size_t i;
 124
 125         /* a = max_bignum - 0, which expands to 2p + max_bignum - 0 */
 126         curve25519_sub(a, max_bignum, zero);
 127         curve25519_contract(result, a);
 128         if (memcmp(result, max_bignum_raw, 32) != 0)
 129                 return -1;
 130
 131         /* b = (max_bignum * max_bignum) */
 132         curve25519_mul(b, a, a);
 133         curve25519_contract(result, b);
 134         if (memcmp(result, max_bignum_squared_raw, 32) != 0)
 135                 return -1;
 136         curve25519_square(b, a);
 137         curve25519_contract(result, b);
 138         if (memcmp(result, max_bignum_squared_raw, 32) != 0)
 139                 return -1;
 140
 141         /* b = ((a - 0) - 0) */
 142         curve25519_sub_after_basic(b, a, zero);
 143         curve25519_contract(result, b);
 144         if (memcmp(result, max_bignum_raw, 32) != 0)
 145                 return -1;
 146
 147         /* a = (max_bignum * max_bignum) */
 148         curve25519_mul(a, b, b);
 149         curve25519_contract(result, a);
 150         if (memcmp(result, max_bignum_squared_raw, 32) != 0)
 151                 return -1;
 152         curve25519_square(a, b);
 153         curve25519_contract(result, a);
 154         if (memcmp(result, max_bignum_squared_raw, 32) != 0)
 155                 return -1;
 156
 157
 158         return 0;
 159 }
 160
 161
 162 int
 163 main() {
 164         int ret = 0;
 165         int single;
 166         single = test_adds();
 167         if (single) printf("test_adds: FAILED\n");
 168         ret |= single;
 169         single = test_subs();
 170         if (single) printf("test_subs: FAILED\n");
 171         ret |= single;
 172         if (!ret) printf("success\n");
 173         return ret;
 174 }
 175
 176