tasiaiso/tildefriends
1
0
Fork 0
forked from cory/tildefriends
Code Issues Pull Requests Releases Wiki Activity

Add libsodium to the tree and build what's needed from source.

Browse Source 
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3859 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
Cory McWilliams
2022-03-08 03:42:47 +00:00
parent efc5eb2aff
commit 352f33f5a1
584 changed files with 140249 additions and 2 deletions
Makefile
deps/libsodium
.github
workflows
ci.ymlcodeql-analysis.ymldotnet-core.yml
.gitignoreAUTHORSChangeLogLICENSEMakefile.amMakefile.inREADME.markdownTHANKSaclocal.m4appveyor.ymlautogen.shazure-pipelines.yml
build-aux
compileconfig.guessconfig.subdepcompinstall-shltmain.shmissingtest-driver
builds
.gitignoreMakefile.amMakefile.in
msvc
build
buildall.batbuildbase.bat
properties
Common.propsDLL.propsDebug.propsDebugDEXE.propsDebugDLL.propsDebugLEXE.propsDebugLIB.propsDebugLTCG.propsDebugSEXE.propsEXE.propsLIB.propsLTCG.propsLink.propsMessages.propsOutput.propsRelease.propsReleaseDEXE.propsReleaseDLL.propsReleaseLEXE.propsReleaseLIB.propsReleaseLTCG.propsReleaseSEXE.propsWin32.propsx64.props
resource.hresource.rcversion.h
vs2010
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2012
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2013
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2015
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2017
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2019
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
vs2022
libsodium.import.propslibsodium.import.xmllibsodium.sln
libsodium
libsodium.propslibsodium.vcxprojlibsodium.vcxproj.filterslibsodium.xml
configureconfigure.ac
contrib
Findsodium.cmakeMakefile.amMakefile.in
dist-build
Makefile.amMakefile.inandroid-arm.shandroid-armv7-a.shandroid-armv8-a.shandroid-build.shandroid-mips32.shandroid-mips64.shandroid-x86.shandroid-x86_64.shapple-xcframework.shemscripten-symbols.defemscripten.shgenerate-emscripten-symbols.shios.shmsys2-win32.shmsys2-win64.shosx.shwasm32-wasi.shwatchos.sh
lgtm.ymllibsodium-uninstalled.pc.inlibsodium.pc.inlibsodium.slnlibsodium.vcxprojlibsodium.vcxproj.filterslogo.png
m4
ax_add_fortify_source.m4ax_check_catchable_abrt.m4ax_check_catchable_segv.m4ax_check_compile_flag.m4ax_check_define.m4ax_check_gnu_make.m4ax_check_link_flag.m4ax_pthread.m4ax_tls.m4ax_valgrind_check.m4ld-output-def.m4libtool.m4ltoptions.m4ltsugar.m4ltversion.m4lt~obsolete.m4
msvc-scripts
Makefile.amMakefile.inprocess.batrep.vbssodium.props
packaging
dotnet-core
libsodium.pkgprojtest.cs
nuget
.gitignorepackage.batpackage.configpackage.gsl
regen-msvc
libsodium.vcxprojlibsodium.vcxproj.filterslibsodium.vcxproj.filters.tpllibsodium.vcxproj.tplregen-msvc.pytl_libsodium.vcxproj.filters.tpltl_libsodium.vcxproj.tpl
src
Makefile.amMakefile.in
libsodium
Makefile.amMakefile.in
crypto_aead
aes256gcm
aesni
aead_aes256gcm_aesni.c
chacha20poly1305
sodium
aead_chacha20poly1305.c
xchacha20poly1305
sodium
aead_xchacha20poly1305.c
crypto_auth
crypto_auth.c
hmacsha256
auth_hmacsha256.c
hmacsha512
auth_hmacsha512.c
hmacsha512256
auth_hmacsha512256.c
crypto_box
crypto_box.ccrypto_box_easy.ccrypto_box_seal.c
curve25519xchacha20poly1305
box_curve25519xchacha20poly1305.cbox_seal_curve25519xchacha20poly1305.c
curve25519xsalsa20poly1305
box_curve25519xsalsa20poly1305.c
crypto_core
ed25519
core_ed25519.ccore_ristretto255.c
ref10
ed25519_ref10.c
fe_25_5
base.hbase2.hconstants.hfe.h
fe_51
base.hbase2.hconstants.hfe.h
hchacha20
core_hchacha20.c
hsalsa20
core_hsalsa20.c
ref2
core_hsalsa20_ref2.c
salsa
ref
core_salsa_ref.c
crypto_generichash
blake2b
generichash_blake2.c
ref
blake2.hblake2b-compress-avx2.cblake2b-compress-avx2.hblake2b-compress-ref.cblake2b-compress-sse41.cblake2b-compress-sse41.hblake2b-compress-ssse3.cblake2b-compress-ssse3.hblake2b-load-avx2.hblake2b-load-sse2.hblake2b-load-sse41.hblake2b-ref.cgenerichash_blake2b.c
crypto_generichash.c
crypto_hash
crypto_hash.c
sha256
cp
hash_sha256_cp.c
hash_sha256.c
sha512
cp
hash_sha512_cp.c
hash_sha512.c
crypto_kdf
blake2b
kdf_blake2b.c
crypto_kdf.c
crypto_kx
crypto_kx.c
crypto_onetimeauth
crypto_onetimeauth.c
poly1305
donna
poly1305_donna.cpoly1305_donna.hpoly1305_donna32.hpoly1305_donna64.h
onetimeauth_poly1305.conetimeauth_poly1305.h
sse2
poly1305_sse2.cpoly1305_sse2.h
crypto_pwhash
argon2
argon2-core.cargon2-core.hargon2-encoding.cargon2-encoding.hargon2-fill-block-avx2.cargon2-fill-block-avx512f.cargon2-fill-block-ref.cargon2-fill-block-ssse3.cargon2.cargon2.hblake2b-long.cblake2b-long.hblamka-round-avx2.hblamka-round-avx512f.hblamka-round-ref.hblamka-round-ssse3.hpwhash_argon2i.cpwhash_argon2id.c
crypto_pwhash.c
scryptsalsa208sha256
crypto_scrypt-common.ccrypto_scrypt.h
nosse
pwhash_scryptsalsa208sha256_nosse.c
pbkdf2-sha256.cpbkdf2-sha256.hpwhash_scryptsalsa208sha256.cscrypt_platform.c
sse
pwhash_scryptsalsa208sha256_sse.c
crypto_scalarmult
crypto_scalarmult.c
curve25519
ref10
x25519_ref10.cx25519_ref10.h
sandy2x
consts.Sconsts_namespace.hcurve25519_sandy2x.ccurve25519_sandy2x.hfe.hfe51.hfe51_invert.cfe51_mul.Sfe51_namespace.hfe51_nsquare.Sfe51_pack.Sfe_frombytes_sandy2x.cladder.Sladder.hladder_namespace.hsandy2x.S
scalarmult_curve25519.cscalarmult_curve25519.h
ed25519
ref10
scalarmult_ed25519_ref10.c
ristretto255
ref10
scalarmult_ristretto255_ref10.c
crypto_secretbox
crypto_secretbox.ccrypto_secretbox_easy.c
xchacha20poly1305
secretbox_xchacha20poly1305.c
xsalsa20poly1305
secretbox_xsalsa20poly1305.c
crypto_secretstream
xchacha20poly1305
secretstream_xchacha20poly1305.c
crypto_shorthash
crypto_shorthash.c
siphash24
ref
shorthash_siphash24_ref.cshorthash_siphash_ref.hshorthash_siphashx24_ref.c
shorthash_siphash24.cshorthash_siphashx24.c
crypto_sign
crypto_sign.c
ed25519
ref10
keypair.cobsolete.copen.csign.csign_ed25519_ref10.h
sign_ed25519.c
crypto_stream
chacha20
dolbeau
chacha20_dolbeau-avx2.cchacha20_dolbeau-avx2.hchacha20_dolbeau-ssse3.cchacha20_dolbeau-ssse3.hu0.hu1.hu4.hu8.h
ref
chacha20_ref.cchacha20_ref.h
stream_chacha20.cstream_chacha20.h
crypto_stream.c
salsa20
ref
salsa20_ref.csalsa20_ref.h
stream_salsa20.cstream_salsa20.h
xmm6
salsa20_xmm6-asm.Ssalsa20_xmm6.csalsa20_xmm6.h
xmm6int
salsa20_xmm6int-avx2.csalsa20_xmm6int-avx2.hsalsa20_xmm6int-sse2.csalsa20_xmm6int-sse2.hu0.hu1.hu4.hu8.h
salsa2012
ref
stream_salsa2012_ref.c
stream_salsa2012.c
salsa208
ref
stream_salsa208_ref.c
stream_salsa208.c
xchacha20
stream_xchacha20.c
xsalsa20
stream_xsalsa20.c
crypto_verify
sodium
verify.c
include
Makefile.amMakefile.insodium.h
sodium
core.hcrypto_aead_aes256gcm.hcrypto_aead_chacha20poly1305.hcrypto_aead_xchacha20poly1305.hcrypto_auth.hcrypto_auth_hmacsha256.hcrypto_auth_hmacsha512.hcrypto_auth_hmacsha512256.hcrypto_box.hcrypto_box_curve25519xchacha20poly1305.hcrypto_box_curve25519xsalsa20poly1305.hcrypto_core_ed25519.hcrypto_core_hchacha20.hcrypto_core_hsalsa20.hcrypto_core_ristretto255.hcrypto_core_salsa20.hcrypto_core_salsa2012.hcrypto_core_salsa208.hcrypto_generichash.hcrypto_generichash_blake2b.hcrypto_hash.hcrypto_hash_sha256.hcrypto_hash_sha512.hcrypto_kdf.hcrypto_kdf_blake2b.hcrypto_kx.hcrypto_onetimeauth.hcrypto_onetimeauth_poly1305.hcrypto_pwhash.hcrypto_pwhash_argon2i.hcrypto_pwhash_argon2id.hcrypto_pwhash_scryptsalsa208sha256.hcrypto_scalarmult.hcrypto_scalarmult_curve25519.hcrypto_scalarmult_ed25519.hcrypto_scalarmult_ristretto255.hcrypto_secretbox.hcrypto_secretbox_xchacha20poly1305.hcrypto_secretbox_xsalsa20poly1305.hcrypto_secretstream_xchacha20poly1305.hcrypto_shorthash.hcrypto_shorthash_siphash24.hcrypto_sign.hcrypto_sign_ed25519.hcrypto_sign_edwards25519sha512batch.hcrypto_stream.hcrypto_stream_chacha20.hcrypto_stream_salsa20.hcrypto_stream_salsa2012.hcrypto_stream_salsa208.hcrypto_stream_xchacha20.hcrypto_stream_xsalsa20.hcrypto_verify_16.hcrypto_verify_32.hcrypto_verify_64.hexport.h
private
chacha20_ietf_ext.hcommon.hed25519_ref10.hed25519_ref10_fe_25_5.hed25519_ref10_fe_51.himplementations.hmutex.hsse2_64_32.h
randombytes.hrandombytes_internal_random.hrandombytes_sysrandom.hruntime.hutils.hversion.h.in
randombytes
internal
randombytes_internal_random.c
randombytes.c
sysrandom
randombytes_sysrandom.c
sodium
codecs.ccore.cruntime.cutils.cversion.c
test
Makefile.amMakefile.inconstcheck.sh
default
Makefile.amMakefile.inaead_aes256gcm.caead_aes256gcm.expaead_aes256gcm2.caead_aes256gcm2.expaead_chacha20poly1305.caead_chacha20poly1305.expaead_chacha20poly13052.caead_chacha20poly13052.expaead_xchacha20poly1305.caead_xchacha20poly1305.expauth.cauth.expauth2.cauth2.expauth3.cauth3.expauth5.cauth5.expauth6.cauth6.expauth7.cauth7.expbox.cbox.expbox2.cbox2.expbox7.cbox7.expbox8.cbox8.expbox_easy.cbox_easy.expbox_easy2.cbox_easy2.expbox_seal.cbox_seal.expbox_seed.cbox_seed.expchacha20.cchacha20.expcmptest.hcodecs.ccodecs.expcore1.ccore1.expcore2.ccore2.expcore3.ccore3.expcore4.ccore4.expcore5.ccore5.expcore6.ccore6.expcore_ed25519.ccore_ed25519.expcore_ristretto255.ccore_ristretto255.exped25519_convert.ced25519_convert.expgenerichash.cgenerichash.expgenerichash2.cgenerichash2.expgenerichash3.cgenerichash3.exphash.chash.exphash3.chash3.expindex.html.tplkdf.ckdf.expkeygen.ckeygen.expkx.ckx.expmetamorphic.cmetamorphic.expmisuse.cmisuse.exponetimeauth.conetimeauth.exponetimeauth2.conetimeauth2.exponetimeauth7.conetimeauth7.exppre.js.incpwhash_argon2i.cpwhash_argon2i.exppwhash_argon2id.cpwhash_argon2id.exppwhash_scrypt.cpwhash_scrypt.exppwhash_scrypt_ll.cpwhash_scrypt_ll.exprandombytes.crandombytes.expscalarmult.cscalarmult.expscalarmult2.cscalarmult2.expscalarmult5.cscalarmult5.expscalarmult6.cscalarmult6.expscalarmult7.cscalarmult7.expscalarmult8.cscalarmult8.expscalarmult_ed25519.cscalarmult_ed25519.expscalarmult_ristretto255.cscalarmult_ristretto255.expsecretbox.csecretbox.expsecretbox2.csecretbox2.expsecretbox7.csecretbox7.expsecretbox8.csecretbox8.expsecretbox_easy.csecretbox_easy.expsecretbox_easy2.csecretbox_easy2.expsecretstream.csecretstream.expshorthash.cshorthash.expsign.csign.expsiphashx24.csiphashx24.expsodium_core.csodium_core.expsodium_utils.csodium_utils.expsodium_utils2.csodium_utils2.expsodium_utils3.csodium_utils3.expsodium_version.csodium_version.expstream.cstream.expstream2.cstream2.expstream3.cstream3.expstream4.cstream4.expverify1.cverify1.expwasi-test-wrapper.shwintest.batxchacha20.cxchacha20.exp
quirks
quirks.h

529
deps/libsodium/test/default/core_ed25519.c vendored Normal file

@ -0,0 +1,529 @@
#define TEST_NAME "core_ed25519"
#include "cmptest.h"
static const unsigned char non_canonical_p[32] = {
0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char non_canonical_invalid_p[32] = {
0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char max_canonical_p[32] = {
0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char L_p1[32] = {
0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char L[32] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char L_1[32] = {
0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
static const unsigned char sc_8[32] = {
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const unsigned char sc_highbit[32] = {
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
};
static void
add_P(unsigned char * const S)
{
static const unsigned char P[32] = {
0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
sodium_add(S, P, sizeof P);
}
static void
add_l64(unsigned char * const S)
{
static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
{ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
sodium_add(S, l, sizeof l);
}
int
main(void)
{
unsigned char *r;
unsigned char *p, *p2, *p3;
unsigned char *sc, *sc2, *sc3;
unsigned char *sc64;
char *hex;
unsigned int i, j;
r = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES);
p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
for (i = 0; i < 500; i++) {
randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
if (crypto_core_ed25519_from_uniform(p, r) != 0) {
printf("crypto_core_ed25519_from_uniform() failed\n");
}
if (crypto_core_ed25519_is_valid_point(p) == 0) {
printf("crypto_core_ed25519_from_uniform() returned an invalid point\n");
}
crypto_core_ed25519_random(p);
if (crypto_core_ed25519_is_valid_point(p) == 0) {
printf("crypto_core_ed25519_random() returned an invalid point\n");
}
}
p2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
p3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
crypto_core_ed25519_random(p2);
j = 1 + (unsigned int) randombytes_uniform(100);
memcpy(p3, p, crypto_core_ed25519_BYTES);
for (i = 0; i < j; i++) {
crypto_core_ed25519_add(p, p, p2);
if (crypto_core_ed25519_is_valid_point(p) != 1) {
printf("crypto_core_add() returned an invalid point\n");
}
}
if (memcmp(p, p3, crypto_core_ed25519_BYTES) == 0) {
printf("crypto_core_add() failed\n");
}
for (i = 0; i < j; i++) {
crypto_core_ed25519_sub(p, p, p2);
}
if (memcmp(p, p3, crypto_core_ed25519_BYTES) != 0) {
printf("crypto_core_add() or crypto_core_sub() failed\n");
}
sc = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
memset(sc, 0, crypto_scalarmult_ed25519_SCALARBYTES);
sc[0] = 8;
memcpy(p2, p, crypto_core_ed25519_BYTES);
memcpy(p3, p, crypto_core_ed25519_BYTES);
for (i = 0; i < 254; i++) {
crypto_core_ed25519_add(p2, p2, p2);
}
for (i = 0; i < 8; i++) {
crypto_core_ed25519_add(p2, p2, p);
}
if (crypto_scalarmult_ed25519(p3, sc, p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
if (memcmp(p2, p3, crypto_core_ed25519_BYTES) != 0) {
printf("crypto_scalarmult_ed25519() is inconsistent with crypto_core_ed25519_add()\n");
}
assert(crypto_core_ed25519_is_valid_point(p) == 1);
memset(p, 0, crypto_core_ed25519_BYTES);
assert(crypto_core_ed25519_is_valid_point(p) == 0);
p[0] = 1;
assert(crypto_core_ed25519_is_valid_point(p) == 0);
p[0] = 2;
assert(crypto_core_ed25519_is_valid_point(p) == 0);
p[0] = 9;
assert(crypto_core_ed25519_is_valid_point(p) == 1);
assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);
memcpy(p2, p, crypto_core_ed25519_BYTES);
add_P(p2);
crypto_core_ed25519_add(p3, p2, p2);
crypto_core_ed25519_sub(p3, p3, p2);
assert(memcmp(p2, p, crypto_core_ed25519_BYTES) != 0);
assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
p[0] = 2;
assert(crypto_core_ed25519_add(p3, p2, p) == -1);
assert(crypto_core_ed25519_add(p3, p2, non_canonical_p) == 0);
assert(crypto_core_ed25519_add(p3, p2, non_canonical_invalid_p) == -1);
assert(crypto_core_ed25519_add(p3, p, p3) == -1);
assert(crypto_core_ed25519_add(p3, non_canonical_p, p3) == 0);
assert(crypto_core_ed25519_add(p3, non_canonical_invalid_p, p3) == -1);
assert(crypto_core_ed25519_sub(p3, p2, p) == -1);
assert(crypto_core_ed25519_sub(p3, p2, non_canonical_p) == 0);
assert(crypto_core_ed25519_sub(p3, p2, non_canonical_invalid_p) == -1);
assert(crypto_core_ed25519_sub(p3, p, p3) == -1);
assert(crypto_core_ed25519_sub(p3, non_canonical_p, p3) == 0);
assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1);
for (i = 0; i < 1000; i++) {
crypto_core_ed25519_random(p);
do {
crypto_core_ed25519_scalar_random(sc);
} while (sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
assert(crypto_core_ed25519_is_valid_point(p2));
if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
printf("crypto_core_ed25519_scalar_invert() failed\n");
}
if (crypto_scalarmult_ed25519_noclamp(p3, sc, p2) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
}
sc64 = (unsigned char *) sodium_malloc(64);
crypto_core_ed25519_scalar_random(sc);
memcpy(sc64, sc, crypto_core_ed25519_BYTES);
memset(sc64 + crypto_core_ed25519_BYTES, 0,
64 - crypto_core_ed25519_BYTES);
i = (unsigned int) randombytes_uniform(100);
do {
add_l64(sc64);
} while (i-- > 0);
crypto_core_ed25519_scalar_reduce(sc64, sc64);
if (memcmp(sc64, sc, crypto_core_ed25519_BYTES) != 0) {
printf("crypto_core_ed25519_scalar_reduce() failed\n");
}
randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
crypto_core_ed25519_from_uniform(p, r);
memcpy(p2, p, crypto_core_ed25519_BYTES);
crypto_core_ed25519_scalar_random(sc);
if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed (1)\n");
}
crypto_core_ed25519_scalar_complement(sc, sc);
if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed (2)\n");
}
crypto_core_ed25519_add(p3, p, p2);
crypto_core_ed25519_from_uniform(p, r);
crypto_core_ed25519_sub(p, p, p3);
assert(p[0] == 0x01);
for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
assert(p[i] == 0);
}
crypto_core_ed25519_random(p);
memcpy(p2, p, crypto_core_ed25519_BYTES);
crypto_core_ed25519_scalar_random(sc);
if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed (3)\n");
}
crypto_core_ed25519_scalar_negate(sc, sc);
if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed (4)\n");
}
crypto_core_ed25519_add(p, p, p2);
assert(p[0] == 0x01);
for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
assert(p[i] == 0);
}
hex = (char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 255 - i;
}
if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
printf("crypto_core_ed25519_scalar_invert() failed\n");
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("inv1: %s\n", hex);
if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
printf("crypto_core_ed25519_scalar_invert() failed\n");
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("inv2: %s\n", hex);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 32 - i;
}
if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
printf("crypto_core_ed25519_scalar_invert() failed\n");
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("inv3: %s\n", hex);
if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
printf("crypto_core_ed25519_scalar_invert() failed\n");
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("inv4: %s\n", hex);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 255 - i;
}
crypto_core_ed25519_scalar_negate(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("neg1: %s\n", hex);
crypto_core_ed25519_scalar_negate(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("neg2: %s\n", hex);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 32 - i;
}
crypto_core_ed25519_scalar_negate(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("neg3: %s\n", hex);
crypto_core_ed25519_scalar_negate(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("neg4: %s\n", hex);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 255 - i;
}
crypto_core_ed25519_scalar_complement(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("comp1: %s\n", hex);
crypto_core_ed25519_scalar_complement(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("comp2: %s\n", hex);
for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
sc[i] = 32 - i;
}
crypto_core_ed25519_scalar_complement(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("comp3: %s\n", hex);
crypto_core_ed25519_scalar_complement(sc, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("comp4: %s\n", hex);
sc2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
sc3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
for (i = 0; i < 1000; i++) {
randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES);
randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES);
sc[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
sc2[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
crypto_core_ed25519_scalar_add(sc3, sc, sc2);
assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_sub(sc3, sc3, sc2);
assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
}
memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_add(sc, sc, sc2);
crypto_core_ed25519_scalar_add(sc, sc2, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("add1: %s\n", hex);
crypto_core_ed25519_scalar_sub(sc, sc2, sc);
crypto_core_ed25519_scalar_sub(sc, sc, sc2);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("sub1: %s\n", hex);
memset(sc, 0xcd, crypto_core_ed25519_SCALARBYTES);
memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_add(sc, sc, sc2);
crypto_core_ed25519_scalar_add(sc, sc2, sc);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("add2: %s\n", hex);
crypto_core_ed25519_scalar_sub(sc, sc2, sc);
crypto_core_ed25519_scalar_sub(sc, sc, sc2);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("sub2: %s\n", hex);
memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
for (i = 0; i < 100; i++) {
crypto_core_ed25519_scalar_mul(sc, sc, sc2);
crypto_core_ed25519_scalar_mul(sc2, sc, sc2);
}
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc2, crypto_core_ed25519_SCALARBYTES);
printf("mul: %s\n", hex);
for (i = 0; i < 1000; i++) {
crypto_core_ed25519_scalar_random(sc);
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
sc2[0]++;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
sc2[0]++;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
do {
crypto_core_ed25519_scalar_random(sc2);
} while (sodium_is_zero(sc2, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
crypto_core_ed25519_scalar_invert(sc2, sc2);
crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);
sc[31] |= 0x11;
memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
sc2[0] = 1;
crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
}
crypto_core_ed25519_scalar_mul(sc, L_1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)*8: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_8, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8(L-1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_1, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L, sc_8);
crypto_core_ed25519_scalar_mul(sc, L_p1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)*8: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_8, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8(L+1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_p1, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)h: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h(L-1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L_p1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)h: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h(L+1): %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, sc_highbit, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h^2: %s\n", hex);
crypto_core_ed25519_scalar_mul(sc, L, sc_8);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, sc_8, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L, L_1);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_mul(sc, L_1, L);
assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
crypto_core_ed25519_scalar_add(sc, L_1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)+8: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_8, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8+(L-1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_1, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)*2: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L, sc_8);
crypto_core_ed25519_scalar_add(sc, L_p1, sc_8);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)+8: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_8, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("8+(L+1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_p1, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)*2: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L-1)+h: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, L_1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h+(L-1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, L_p1, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("(L+1)+h: %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, L_p1);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h+(L+1): %s\n", hex);
crypto_core_ed25519_scalar_add(sc, sc_highbit, sc_highbit);
sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
sc, crypto_core_ed25519_SCALARBYTES);
printf("h*2: %s\n", hex);
sodium_free(hex);
sodium_free(sc64);
sodium_free(sc3);
sodium_free(sc2);
sodium_free(sc);
sodium_free(p3);
sodium_free(p2);
sodium_free(p);
sodium_free(r);
assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes());
assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes());
assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES);
assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);
printf("OK\n");
return 0;
}