diff options
author | Moxie Marlinspike <moxie@thoughtcrime.org> | 2014-11-24 12:54:30 -0800 |
---|---|---|
committer | Moxie Marlinspike <moxie@thoughtcrime.org> | 2014-11-24 12:54:30 -0800 |
commit | 60800e155612bea797eed93c67046a23d26054cc (patch) | |
tree | d88368c1c26162e27e790195133ca2b526597afe /jni/ed25519/main/main.c |
Break out into separate repo.
Diffstat (limited to 'jni/ed25519/main/main.c')
-rw-r--r-- | jni/ed25519/main/main.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/jni/ed25519/main/main.c b/jni/ed25519/main/main.c new file mode 100644 index 00000000..5fbe3995 --- /dev/null +++ b/jni/ed25519/main/main.c @@ -0,0 +1,106 @@ +#include <stdio.h> +#include <string.h> +#include "crypto_hash_sha512.h" +#include "curve_sigs.h" + +#define MSG_LEN 200 + +int main(int argc, char* argv[]) +{ + unsigned char privkey[32]; + unsigned char pubkey[32]; + unsigned char signature[64]; + unsigned char msg[MSG_LEN]; + unsigned char random[64]; + + /* Initialize pubkey, privkey, msg */ + memset(msg, 0, MSG_LEN); + memset(privkey, 0, 32); + memset(pubkey, 0, 32); + privkey[0] &= 248; + privkey[31] &= 63; + privkey[31] |= 64; + + privkey[8] = 189; /* just so there's some bits set */ + + + /* SHA512 test */ + unsigned char sha512_input[112] = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + unsigned char sha512_correct_output[64] = +{ +0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA, +0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F, +0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1, +0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18, +0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4, +0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A, +0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54, +0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 +}; + unsigned char sha512_actual_output[64]; + + crypto_hash_sha512(sha512_actual_output, sha512_input, sizeof(sha512_input)); + if (memcmp(sha512_actual_output, sha512_correct_output, 64) != 0) + printf("SHA512 bad #1\n"); + else + printf("SHA512 good #1\n"); + + sha512_input[111] ^= 1; + + crypto_hash_sha512(sha512_actual_output, sha512_input, sizeof(sha512_input)); + if (memcmp(sha512_actual_output, sha512_correct_output, 64) != 0) + printf("SHA512 good #2\n"); + else + printf("SHA512 bad #2\n"); + + /* Signature test */ + curve25519_keygen(pubkey, privkey); + + curve25519_sign(signature, privkey, msg, MSG_LEN, random); + + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) + printf("Signature good #1\n"); + else + printf("Signature bad #1\n"); + + signature[0] ^= 1; + + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) + printf("Signature bad #2\n"); + else + printf("Signature good #2\n"); + + + printf("Random testing...\n"); + for (int count = 0; count < 10000; count++) { + unsigned char b[64]; + crypto_hash_sha512(b, privkey, 32); + memmove(privkey, b, 32); + crypto_hash_sha512(b, privkey, 32); + memmove(random, b, 64); + + privkey[0] &= 248; + privkey[31] &= 63; + privkey[31] |= 64; + + curve25519_keygen(pubkey, privkey); + + curve25519_sign(signature, privkey, msg, MSG_LEN, random); + + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) != 0) { + printf("failure #1 %d\n", count); + return -1; + } + + if (b[63] & 1) + signature[count % 64] ^= 1; + else + msg[count % MSG_LEN] ^= 1; + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) { + printf("failure #2 %d\n", count); + return -1; + } + } + printf("OK\n"); + return 1; +} |