Import Andrew Moon's ed25519-donna.

This is a clean copy of ed25519-donna as of commit: 8757bd4cd209cb032853ece0ce413f122eef212c https://github.com/floodyberry/ed25519-donna
author: Yawning Angel <yawning@schwanenlied.me> 2015-06-24 14:51:00 +0000
committer: Yawning Angel <yawning@schwanenlied.me> 2015-07-06 08:00:01 +0000
commit: 7b10741be4280d84a7ac9f41c54380cbc1f09c1b (patch)
tree: 07b0a153138949654750e046dd8b3ac18698cf1b /src/ext/ed25519/donna/test-internals.c
parent: 19440b9e58b3d824057abd3a0faf08fd7cb891ff (diff)
download: tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.tar.gz
tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.zip
1 files changed, 176 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/test-internals.c b/src/ext/ed25519/donna/test-internals.c
new file mode 100644
index 0000000000..3c67df516e
--- /dev/null
+++ b/src/ext/ed25519/donna/test-internals.c
@@ -0,0 +1,176 @@
+#include <stdio.h>
+#include "ed25519-donna.h"
+
+static int
+test_adds() {
+#if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 max_bignum = {
+		0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+
+	/* (max_bignum + max_bignum)^2 */
+	static const unsigned char max_bignum2_squared_raw[32] = {
+		0x10,0x05,0x00,0x00,0x00,0x00,0x80,0xdc,0x51,0x00,0x00,0x00,0x00,0x61,0xed,0x4a,
+		0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* ((max_bignum + max_bignum) + max_bignum)^2 */
+	static const unsigned char max_bignum3_squared_raw[32] = {
+		0x64,0x0b,0x00,0x00,0x00,0x00,0x20,0x30,0xb8,0x00,0x00,0x00,0x40,0x1a,0x96,0xe8,
+		0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#else
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 ALIGN(16) max_bignum = {
+		0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
+		0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum2_squared_raw[32] = {
+		0x10,0x05,0x00,0x40,0xc2,0x06,0x40,0x80,0x41,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum3_squared_raw[32] = {
+		0x64,0x0b,0x00,0x10,0x35,0x0f,0x90,0x60,0x13,0x05,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#endif
+	unsigned char result[32];
+	static const bignum25519 ALIGN(16) zero = {0};
+	bignum25519 ALIGN(16) a, b, c;
+	size_t i;
+
+	/* a = (max_bignum + max_bignum) */
+	curve25519_add(a, max_bignum, max_bignum);
+
+	/* b = ((max_bignum + max_bignum) * (max_bignum + max_bignum)) */
+	curve25519_mul(b, a, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(b, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
+		return -1;
+
+	/* b = (max_bignum + max_bignum + max_bignum) */
+	curve25519_add_after_basic(b, a, max_bignum);
+
+	/* a = ((max_bignum + max_bignum + max_bignum) * (max_bignum + max_bignum + max_bignum)) */
+	curve25519_mul(a, b, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(a, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
+		return -1;
+
+	return 0;
+}
+
+static int
+test_subs() {
+#if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 max_bignum = {
+		0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum_squared_raw[32] = {
+		0x44,0x01,0x00,0x00,0x00,0x00,0x20,0x77,0x14,0x00,0x00,0x00,0x40,0x58,0xbb,0x52,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+#else
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 ALIGN(16) max_bignum = {
+		0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
+		0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x04,0x0c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum_squared_raw[32] = {
+		0x44,0x01,0x00,0x90,0xb0,0x01,0x10,0x60,0x90,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#endif
+	unsigned char result[32];
+	static const bignum25519 ALIGN(16) zero = {0};
+	bignum25519 ALIGN(16) a, b, c;
+	size_t i;
+
+	/* a = max_bignum - 0, which expands to 2p + max_bignum - 0 */
+	curve25519_sub(a, max_bignum, zero);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_raw, 32) != 0)
+		return -1;
+
+	/* b = (max_bignum * max_bignum) */
+	curve25519_mul(b, a, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(b, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+
+	/* b = ((a - 0) - 0) */
+	curve25519_sub_after_basic(b, a, zero);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_raw, 32) != 0)
+		return -1;
+
+	/* a = (max_bignum * max_bignum) */
+	curve25519_mul(a, b, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(a, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+
+
+	return 0;
+}
+
+
+int
+main() {
+	int ret = 0;
+	int single;
+	single = test_adds();
+	if (single) printf("test_adds: FAILED\n");
+	ret |= single;
+	single = test_subs();
+	if (single) printf("test_subs: FAILED\n");
+	ret |= single;
+	if (!ret) printf("success\n");
+	return ret;
+}
+
+
author	Yawning Angel <yawning@schwanenlied.me>	2015-06-24 14:51:00 +0000
committer	Yawning Angel <yawning@schwanenlied.me>	2015-07-06 08:00:01 +0000
commit	7b10741be4280d84a7ac9f41c54380cbc1f09c1b (patch)
tree	07b0a153138949654750e046dd8b3ac18698cf1b /src/ext/ed25519/donna/test-internals.c
parent	19440b9e58b3d824057abd3a0faf08fd7cb891ff (diff)
download	tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.tar.gz tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.zip