Commit 259f0d2b authored by Niels Möller's avatar Niels Möller
Browse files

Use _eddsa_expand_key in the tests.

parent 1df2957f
2014-10-08 Niels Möller <nisse@lysator.liu.se> 2014-10-08 Niels Möller <nisse@lysator.liu.se>
* testsuite/eddsa-sign-test.c (test_eddsa_sign): Use
_eddsa_expand_key, and check its public key output.
* eddsa-expand.c (_eddsa_expand_key): New file, new function. * eddsa-expand.c (_eddsa_expand_key): New file, new function.
* eddsa.h (_eddsa_expand_key): Declare it. * eddsa.h (_eddsa_expand_key): Declare it.
* Makefile.in (hogweed_SOURCES): Added eddsa-expand.c. * Makefile.in (hogweed_SOURCES): Added eddsa-expand.c.
......
...@@ -45,27 +45,30 @@ test_eddsa_sign (const struct ecc_curve *ecc, ...@@ -45,27 +45,30 @@ test_eddsa_sign (const struct ecc_curve *ecc,
size_t nbytes = 1 + ecc->p.bit_size / 8; size_t nbytes = 1 + ecc->p.bit_size / 8;
uint8_t *signature = xalloc (2*nbytes); uint8_t *signature = xalloc (2*nbytes);
void *ctx = xalloc (H->context_size); void *ctx = xalloc (H->context_size);
uint8_t *public_out = xalloc (nbytes);
uint8_t *k1 = xalloc (nbytes);
mp_limb_t *k2 = xalloc_limbs (ecc->p.size); mp_limb_t *k2 = xalloc_limbs (ecc->p.size);
ASSERT (public->length == nbytes); ASSERT (public->length == nbytes);
ASSERT (private->length == nbytes); ASSERT (private->length == nbytes);
ASSERT (ref->length == 2*nbytes); ASSERT (ref->length == 2*nbytes);
ASSERT (_eddsa_expand_key_itch (ecc) <= _eddsa_sign_itch (ecc));
/* Generate subkeys. FIXME: Needs a function for key expansion. */ _eddsa_expand_key (ecc, H, ctx, private->data,
H->init (ctx); public_out,
H->update (ctx, private->length, private->data); k1, k2, scratch);
H->digest (ctx, 2*nbytes, signature);
mpn_set_base256_le (k2, ecc->p.size, signature, nbytes); if (!MEMEQ (nbytes, public_out, public->data))
/* Clear low 3 bits */ {
k2[0] &= ~(mp_limb_t) 7; fprintf (stderr, "Bad public key from _eddsa_expand_key.\n");
/* Set bit number bit_size - 1 (bit 254 for curve25519) */ fprintf (stderr, "got:");
k2[(ecc->p.bit_size - 1) / GMP_NUMB_BITS] print_hex (nbytes, public_out);
|= (mp_limb_t) 1 << ((ecc->p.bit_size - 1) % GMP_NUMB_BITS); fprintf (stderr, "\nref:");
/* Clear any higher bits. */ tstring_print_hex (public);
k2[ecc->p.size - 1] &= ~(mp_limb_t) 0 fprintf (stderr, "\n");
>> (GMP_NUMB_BITS * ecc->p.size - ecc->p.bit_size); abort ();
}
H->update (ctx, nbytes, signature + nbytes); H->update (ctx, nbytes, k1);
_eddsa_sign (ecc, H, public->data, ctx, k2, _eddsa_sign (ecc, H, public->data, ctx, k2,
msg->length, msg->data, signature, scratch); msg->length, msg->data, signature, scratch);
...@@ -92,7 +95,9 @@ test_eddsa_sign (const struct ecc_curve *ecc, ...@@ -92,7 +95,9 @@ test_eddsa_sign (const struct ecc_curve *ecc,
free (scratch); free (scratch);
free (signature); free (signature);
free (ctx); free (ctx);
free (k1);
free (k2); free (k2);
free (public_out);
} }
void test_main (void) void test_main (void)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment