diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2016-05-02 21:44:27 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2016-05-02 21:44:27 +0200 |
| commit | 2bc389e8de5e5ce6f5f941eee1c3a9b5e6c25857 (patch) | |
| tree | e9ad91ac6357abbe52fd2925f3bc0becd3c41476 /testsuite/curve25519-dh-test.c | |
| parent | b18472f886a673c2f823fc69cb4994942badeef1 (diff) | |
| download | nettle-2bc389e8de5e5ce6f5f941eee1c3a9b5e6c25857.tar.gz | |
Add tests for ignored curve25519 input bits.
Diffstat (limited to 'testsuite/curve25519-dh-test.c')
| -rw-r--r-- | testsuite/curve25519-dh-test.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/testsuite/curve25519-dh-test.c b/testsuite/curve25519-dh-test.c index 11b42632..e9037523 100644 --- a/testsuite/curve25519-dh-test.c +++ b/testsuite/curve25519-dh-test.c @@ -75,9 +75,7 @@ test_a (const uint8_t *s, const uint8_t *b, const uint8_t *r) void test_main (void) { - /* From draft-turner-thecurve25519function-00 (same also in - draft-josefsson-tls-curve25519-05, but the latter uses different - endianness). */ + /* From RFC 7748. */ test_g (H("77076d0a7318a57d3c16c17251b26645" "df4c2f87ebc0992ab177fba51db92c2a"), H("8520f0098930a754748b7ddcb43ef75a" @@ -100,4 +98,44 @@ test_main (void) "0dbf3a0d26381af4eba4a98eaa9b4e6a"), H("4a5d9d5ba4ce2de1728e3bf480350f25" "e07e21c947d19e3376f09b3c1e161742")); + + /* Check that the least significant three bits (first octet) of the + scalar are ignored by mul_g. */ + test_g (H("70076d0a7318a57d3c16c17251b26645" + "df4c2f87ebc0992ab177fba51db92c2a"), + H("8520f0098930a754748b7ddcb43ef75a" + "0dbf3a0d26381af4eba4a98eaa9b4e6a")); + /* Check that the most significant two bits (last octet) of the + scalar are ignored by mul_g. */ + test_g (H("5dab087e624a8a4b79e17f8b83800ee6" + "6f3bb1292618b6fd1c2f8b27ff88e02b"), + H("de9edb7d7b7dc1b4d35b61c2ece43537" + "3f8343c85b78674dadfc7e146f882b4f")); + + /* Check that the least significant three bits (first octet) of the + scalar are ignored by mul_a. */ + test_a (H("5aab087e624a8a4b79e17f8b83800ee6" + "6f3bb1292618b6fd1c2f8b27ff88e0eb"), + H("8520f0098930a754748b7ddcb43ef75a" + "0dbf3a0d26381af4eba4a98eaa9b4e6a"), + H("4a5d9d5ba4ce2de1728e3bf480350f25" + "e07e21c947d19e3376f09b3c1e161742")); + + /* Check that the most significant two bits (last octet) of the + scalar are ignored by mul_g. */ + test_a (H("77076d0a7318a57d3c16c17251b26645" + "df4c2f87ebc0992ab177fba51db92cea"), + H("de9edb7d7b7dc1b4d35b61c2ece43537" + "3f8343c85b78674dadfc7e146f882b4f"), + H("4a5d9d5ba4ce2de1728e3bf480350f25" + "e07e21c947d19e3376f09b3c1e161742")); + + /* Check that the most significant bit (last octet) of the x + coordinate is ignored. */ + test_a (H("77076d0a7318a57d3c16c17251b26645" + "df4c2f87ebc0992ab177fba51db92c2a"), + H("de9edb7d7b7dc1b4d35b61c2ece43537" + "3f8343c85b78674dadfc7e146f882bcf"), + H("4a5d9d5ba4ce2de1728e3bf480350f25" + "e07e21c947d19e3376f09b3c1e161742")); } |