Tests for _eddsa_sign.

diff --git a/ChangeLog b/ChangeLog
index 82ad092d47584148a86f0f311176b33585704762..cc35aa1f1c78c53d7fad2826c5d31dcd65f649f2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2014-10-04  Niels Möller  <nisse@lysator.liu.se>
 
+       * testsuite/eddsa-sign-test.c: New testcase.
+       * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+       eddsa-sign-test.c.
+
        * eddsa-sign.c (_eddsa_sign, _eddsa_sign_itch): New file, new
        functions.
        * eddsa-hash.c (_eddsa_hash): New file and function.

diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make
index bfa2c9933f0f40b7012a89fcef7a8f5a4432bdec..c9c9dfe9054725911457c1aa1778fe6b37a799e8 100644 (file)
--- a/testsuite/.test-rules.make
+++ b/testsuite/.test-rules.make
@@ -229,6 +229,9 @@ ecdh-test$(EXEEXT): ecdh-test.$(OBJEXT)
 eddsa-compress-test$(EXEEXT): eddsa-compress-test.$(OBJEXT)
        $(LINK) eddsa-compress-test.$(OBJEXT) $(TEST_OBJS) -o eddsa-compress-test$(EXEEXT)
 
+eddsa-sign-test$(EXEEXT): eddsa-sign-test.$(OBJEXT)
+       $(LINK) eddsa-sign-test.$(OBJEXT) $(TEST_OBJS) -o eddsa-sign-test$(EXEEXT)
+
 sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT)
        $(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT)
 

diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index 3fafed249cccd77a83ef8822e905cff1b5dbd4c6..5d59de673f1de9af96ee961b239ea0316ac7fb02 100644 (file)
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -45,7 +45,7 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
                     ecc-mul-g-test.c ecc-mul-a-test.c \
                     ecdsa-sign-test.c ecdsa-verify-test.c \
                     ecdsa-keygen-test.c ecdh-test.c \
-                    eddsa-compress-test.c
+                    eddsa-compress-test.c eddsa-sign-test.c
 
 TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
 CXX_SOURCES = cxx-test.cxx

diff --git a/testsuite/eddsa-sign-test.c b/testsuite/eddsa-sign-test.c
new file mode 100644 (file)
index 0000000..0fbfa39
--- /dev/null
+++ b/testsuite/eddsa-sign-test.c
@@ -0,0 +1,138 @@
+/* eddsa-sign-test.c
+
+   Copyright (C) 2014 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#include "testutils.h"
+
+#include "eddsa.h"
+
+static void
+test_eddsa_sign (const struct ecc_curve *ecc,
+                const struct nettle_hash *H,
+                const struct tstring *public,
+                const struct tstring *private,
+                const struct tstring *msg,
+                const struct tstring *ref)
+{
+  mp_limb_t *scratch = xalloc_limbs (_eddsa_sign_itch (ecc));
+  size_t nbytes = 1 + ecc->p.bit_size / 8;
+  uint8_t *signature = xalloc (2*nbytes);
+  void *ctx = xalloc (H->context_size);
+  mp_limb_t *k2 = xalloc_limbs (ecc->p.size);
+
+  ASSERT (public->length == nbytes);
+  ASSERT (private->length == nbytes);
+  ASSERT (ref->length == 2*nbytes);
+
+  /* Generate subkeys. FIXME: Needs a function for key expansion. */
+  H->init (ctx);
+  H->update (ctx, private->length, private->data);
+  H->digest (ctx, 2*nbytes, signature);
+  mpn_set_base256_le (k2, ecc->p.size, signature, nbytes);
+  /* Clear low 3 bits */
+  k2[0] &= ~(mp_limb_t) 7;
+  /* Set bit number bit_size - 1 (bit 254 for curve25519) */
+  k2[(ecc->p.bit_size - 1) / GMP_NUMB_BITS]
+    |= (mp_limb_t) 1 << ((ecc->p.bit_size - 1) % GMP_NUMB_BITS);
+  /* Clear any higher bits. */
+  k2[ecc->p.size - 1] &= ~(mp_limb_t) 0
+    >> (GMP_NUMB_BITS * ecc->p.size - ecc->p.bit_size);
+
+  H->update (ctx, nbytes, signature + nbytes);
+  
+  _eddsa_sign (ecc, H, public->data, ctx, k2,
+              msg->length, msg->data, signature, scratch);
+
+  if (!MEMEQ (2*nbytes, signature, ref->data))
+    {
+      fprintf (stderr, "Bad _eddsa_sign output.\n");
+      fprintf (stderr, "Public key:");
+      tstring_print_hex (public);
+      fprintf (stderr, "\nPrivate key:");
+      tstring_print_hex (private);
+      fprintf (stderr, "\nk2:");
+      mpn_out_str (stderr, 16, k2, ecc->p.size);
+      fprintf (stderr, "\nMessage (length %u):", (unsigned) msg->length);
+      tstring_print_hex (msg);      
+      fprintf (stderr, "\ngot:");
+      print_hex (2*nbytes, signature);
+      fprintf (stderr, "\nref:");
+      tstring_print_hex (ref);
+      fprintf (stderr, "\n");
+      abort ();
+    }
+  
+  free (scratch);
+  free (signature);
+  free (ctx);
+  free (k2);
+}
+
+void test_main (void)
+{
+  /* Based on a few of the test vectors at
+     http://ed25519.cr.yp.to/python/sign.input */
+  test_eddsa_sign (&nettle_curve25519, &nettle_sha512,
+                  SHEX("d75a980182b10ab7 d54bfed3c964073a"
+                       "0ee172f3daa62325 af021a68f707511a"),
+                  SHEX("9d61b19deffd5a60 ba844af492ec2cc4"
+                       "4449c5697b326919 703bac031cae7f60"),
+                  SHEX(""),
+                  SHEX("e5564300c360ac72 9086e2cc806e828a"
+                       "84877f1eb8e5d974 d873e06522490155"
+                       "5fb8821590a33bac c61e39701cf9b46b"
+                       "d25bf5f0595bbe24 655141438e7a100b"));
+  test_eddsa_sign (&nettle_curve25519, &nettle_sha512,
+                  SHEX("3d4017c3e843895a 92b70aa74d1b7ebc"
+                       "9c982ccf2ec4968c c0cd55f12af4660c"),
+                  SHEX("4ccd089b28ff96da 9db6c346ec114e0f"
+                       "5b8a319f35aba624 da8cf6ed4fb8a6fb"),
+                  SHEX("72"),
+                  SHEX("92a009a9f0d4cab8 720e820b5f642540"
+                       "a2b27b5416503f8f b3762223ebdb69da"
+                       "085ac1e43e15996e 458f3613d0f11d8c"
+                       "387b2eaeb4302aee b00d291612bb0c00"));
+  test_eddsa_sign (&nettle_curve25519, &nettle_sha512,
+                  SHEX("1ed506485b09a645 0be7c9337d9fe87e"
+                       "f99c96f8bd11cd63 1ca160d0fd73067e"),
+                  SHEX("f215d34fe2d757cf f9cf5c05430994de"
+                       "587987ce45cb0459 f61ec6c825c62259"),
+                  SHEX("fbed2a7df418ec0e 8036312ec239fcee"
+                       "6ef97dc8c2df1f2e 14adee287808b788"
+                       "a6072143b851d975 c8e8a0299df846b1"
+                       "9113e38cee83da71 ea8e9bd6f57bdcd3"
+                       "557523f4feb616ca a595aea01eb0b3d4"
+                       "90b99b525ea4fbb9 258bc7fbb0deea8f"
+                       "568cb2"),
+                  SHEX("cbef65b6f3fd5809 69fc3340cfae4f7c"
+                       "99df1340cce54626 183144ef46887163"
+                       "4b0a5c0033534108 e1c67c0dc99d3014"
+                       "f01084e98c95e101 4b309b1dbb2e6704"));
+}