2014-06-24 12:59:22 -07:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
2014-07-24 11:24:54 -07:00
|
|
|
#include "crypto_hash_sha512.h"
|
2014-06-24 12:59:22 -07:00
|
|
|
#include "curve_sigs.h"
|
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
#define MSG_LEN 200
|
|
|
|
|
2014-06-24 12:59:22 -07:00
|
|
|
int main(int argc, char* argv[])
|
|
|
|
{
|
|
|
|
unsigned char privkey[32];
|
|
|
|
unsigned char pubkey[32];
|
|
|
|
unsigned char signature[64];
|
2014-07-28 09:28:49 -07:00
|
|
|
unsigned char msg[MSG_LEN];
|
2014-07-24 11:24:54 -07:00
|
|
|
unsigned char random[64];
|
2014-06-24 12:59:22 -07:00
|
|
|
|
|
|
|
/* Initialize pubkey, privkey, msg */
|
2014-07-28 09:28:49 -07:00
|
|
|
memset(msg, 0, MSG_LEN);
|
2014-06-24 12:59:22 -07:00
|
|
|
memset(privkey, 0, 32);
|
|
|
|
memset(pubkey, 0, 32);
|
|
|
|
privkey[0] &= 248;
|
|
|
|
privkey[31] &= 63;
|
|
|
|
privkey[31] |= 64;
|
|
|
|
|
|
|
|
privkey[8] = 189; /* just so there's some bits set */
|
|
|
|
|
2014-07-24 11:24:54 -07:00
|
|
|
|
|
|
|
/* SHA512 test */
|
|
|
|
unsigned char sha512_input[112] = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
|
|
|
|
unsigned char sha512_correct_output[64] =
|
|
|
|
{
|
|
|
|
0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
|
|
|
|
0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
|
|
|
|
0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
|
|
|
|
0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
|
|
|
|
0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
|
|
|
|
0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
|
|
|
|
0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
|
|
|
|
0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09
|
|
|
|
};
|
|
|
|
unsigned char sha512_actual_output[64];
|
|
|
|
|
2014-09-13 10:31:34 -07:00
|
|
|
crypto_hash_sha512(sha512_actual_output, sha512_input, sizeof(sha512_input));
|
2014-07-24 11:24:54 -07:00
|
|
|
if (memcmp(sha512_actual_output, sha512_correct_output, 64) != 0)
|
|
|
|
printf("SHA512 bad #1\n");
|
|
|
|
else
|
|
|
|
printf("SHA512 good #1\n");
|
|
|
|
|
|
|
|
sha512_input[111] ^= 1;
|
|
|
|
|
2014-09-13 10:31:34 -07:00
|
|
|
crypto_hash_sha512(sha512_actual_output, sha512_input, sizeof(sha512_input));
|
2014-07-24 11:24:54 -07:00
|
|
|
if (memcmp(sha512_actual_output, sha512_correct_output, 64) != 0)
|
|
|
|
printf("SHA512 good #2\n");
|
|
|
|
else
|
|
|
|
printf("SHA512 bad #2\n");
|
|
|
|
|
|
|
|
/* Signature test */
|
2014-06-24 12:59:22 -07:00
|
|
|
curve25519_keygen(pubkey, privkey);
|
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
curve25519_sign(signature, privkey, msg, MSG_LEN, random);
|
2014-06-24 12:59:22 -07:00
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("Signature good #1\n");
|
2014-06-24 12:59:22 -07:00
|
|
|
else
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("Signature bad #1\n");
|
2014-06-24 12:59:22 -07:00
|
|
|
|
|
|
|
signature[0] ^= 1;
|
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("Signature bad #2\n");
|
2014-06-24 12:59:22 -07:00
|
|
|
else
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("Signature good #2\n");
|
|
|
|
|
|
|
|
|
|
|
|
printf("Random testing...\n");
|
|
|
|
for (int count = 0; count < 10000; count++) {
|
|
|
|
unsigned char b[64];
|
2014-09-13 10:31:34 -07:00
|
|
|
crypto_hash_sha512(b, privkey, 32);
|
2014-07-24 11:24:54 -07:00
|
|
|
memmove(privkey, b, 32);
|
2014-09-13 10:31:34 -07:00
|
|
|
crypto_hash_sha512(b, privkey, 32);
|
2014-07-24 11:24:54 -07:00
|
|
|
memmove(random, b, 64);
|
|
|
|
|
|
|
|
privkey[0] &= 248;
|
|
|
|
privkey[31] &= 63;
|
|
|
|
privkey[31] |= 64;
|
|
|
|
|
|
|
|
curve25519_keygen(pubkey, privkey);
|
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
curve25519_sign(signature, privkey, msg, MSG_LEN, random);
|
2014-07-24 11:24:54 -07:00
|
|
|
|
2014-07-28 09:28:49 -07:00
|
|
|
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) != 0) {
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("failure #1 %d\n", count);
|
|
|
|
return -1;
|
|
|
|
}
|
2014-06-24 12:59:22 -07:00
|
|
|
|
2014-07-24 11:24:54 -07:00
|
|
|
if (b[63] & 1)
|
|
|
|
signature[count % 64] ^= 1;
|
|
|
|
else
|
2014-07-28 09:28:49 -07:00
|
|
|
msg[count % MSG_LEN] ^= 1;
|
|
|
|
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) {
|
2014-07-24 11:24:54 -07:00
|
|
|
printf("failure #2 %d\n", count);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
printf("OK\n");
|
2014-06-24 12:59:22 -07:00
|
|
|
return 1;
|
|
|
|
}
|