Gitly


1 module edwards25519
2 
3 const dalek_scalar = Scalar{[u8(219), 106, 114, 9, 174, 249, 155, 89, 69, 203, 201, 93, 92, 116,
4     234, 187, 78, 115, 103, 172, 182, 98, 62, 103, 187, 136, 13, 100, 248, 110, 12, 4]!}
5 const dsc_basepoint = [u8(0xf4), 0xef, 0x7c, 0xa, 0x34, 0x55, 0x7b, 0x9f, 0x72, 0x3b, 0xb6, 0x1e,
6     0xf9, 0x46, 0x9, 0x91, 0x1c, 0xb9, 0xc0, 0x6c, 0x17, 0x28, 0x2d, 0x8b, 0x43, 0x2b, 0x5, 0x18,
7     0x6a, 0x54, 0x3e, 0x48]
8 
9 fn dalek_scalar_basepoint() Point {
10     mut p := Point{}
11     p.set_bytes(dsc_basepoint) or { panic(err) }
12     return p
13 }
14 
15 fn test_scalar_mult_small_scalars() {
16     mut z := Scalar{}
17     mut p := Point{}
18     mut b := new_generator_point()
19     mut i := new_identity_point()
20     p.scalar_mult(mut z, b)
21 
22     assert i.equal(p) == 1
23     assert check_on_curve(p) == true
24 
25     z = Scalar{[u8(1), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
26         0, 0, 0, 0, 0, 0, 0]!}
27     p.scalar_mult(mut z, b)
28 
29     assert b.equal(p) == 1
30     assert check_on_curve(p) == true
31 }
32 
33 fn test_scalar_mult_vs_dalek() {
34     mut p := Point{}
35     mut b := new_generator_point()
36     mut dsc := dalek_scalar
37     p.scalar_mult(mut dsc, b)
38     mut ds := dalek_scalar_basepoint()
39     assert ds.equal(p) == 1
40 
41     assert check_on_curve(p) == true
42 }
43 
44 fn test_scalar_base_mult_vs_dalek() {
45     mut p := Point{}
46     mut dsc := dalek_scalar
47     p.scalar_base_mult(mut dsc)
48     mut ds := dalek_scalar_basepoint()
49     assert ds.equal(p) == 1
50 
51     assert check_on_curve(p)
52 }
53 
54 fn test_vartime_double_basemult_vs_dalek() {
55     mut p := Point{}
56     mut z := Scalar{}
57     b := new_generator_point()
58     p.vartime_double_scalar_base_mult(dalek_scalar, b, z)
59 
60     mut ds := dalek_scalar_basepoint()
61     assert ds.equal(p) == 1
62     assert check_on_curve(p)
63 
64     p.vartime_double_scalar_base_mult(z, b, dalek_scalar)
65 
66     assert ds.equal(p) == 1
67     assert check_on_curve(p)
68 }
69 
70 fn test_scalar_mult_distributes_over_add() {
71     mut x := generate_scalar(100) or { panic(err) }
72     mut y := generate_scalar(100) or { panic(err) }
73     mut z := Scalar{}
74 
75     z.add(x, y)
76 
77     mut p := Point{}
78     mut q := Point{}
79     mut r := Point{}
80     mut check := Point{}
81     mut b := new_generator_point()
82 
83     p.scalar_mult(mut x, b)
84     q.scalar_mult(mut y, b)
85     r.scalar_mult(mut z, b)
86     check.add(p, q)
87 
88     assert check_on_curve(p, q, r, check) == true
89     assert check.equal(r) == 1
90 }
91 
92 fn test_scalarmult_non_identity_point() {
93     // Check whether p.ScalarMult and q.ScalaBaseMult give the same,
94     // when p and q are originally set to the base point.
95 
96     mut x := generate_scalar(5000)!
97 
98     mut p := Point{}
99     mut q := Point{}
100     mut b := new_generator_point()
101     p.set(b)
102     q.set(b)
103 
104     p.scalar_mult(mut x, b)
105     q.scalar_base_mult(mut x)
106 
107     assert check_on_curve(p, q) == true
108 
109     assert p.equal(q) == 1
110 }
111 
112 fn test_basepoint_table_generation() {
113     // The basepoint table is 32 affineLookupTables,
114     // corresponding to (16^2i)*B for table i.
115     bptable := basepoint_table()
116     b := new_generator_point()
117     mut tmp1 := ProjectiveP1{}
118     mut tmp2 := ProjectiveP2{}
119     mut tmp3 := Point{}
120     tmp3.set(b)
121     mut table := []AffineLookupTable{len: 32}
122     for i := 0; i < 32; i++ {
123         // Build the table
124         table[i].from_p3(tmp3)
125 
126         // Assert equality with the hardcoded one
127         assert table[i] == bptable[i]
128 
129         // Set p = (16^2)*p = 256*p = 2^8*p
130         tmp2.from_p3(tmp3)
131         for j := 0; j < 7; j++ {
132             tmp1.double(tmp2)
133             tmp2.from_p1(tmp1)
134         }
135         tmp1.double(tmp2)
136         tmp3.from_p1(tmp1)
137 
138         assert check_on_curve(tmp3) == true
139     }
140 }
141 
142 fn test_scalar_mult_matches_base_mult() {
143     mut x := generate_scalar(100) or { panic(err) }
144     b := new_generator_point()
145     mut p := Point{}
146     mut q := Point{}
147 
148     p.scalar_mult(mut x, b)
149     q.scalar_base_mult(mut x)
150 
151     assert check_on_curve(p, q) == true
152     assert p.equal(q) == 1
153 }
154 
155 fn test_basepoint_naf_table_generation() {
156     mut table := NafLookupTable8{}
157     b := new_generator_point()
158 
159     table.from_p3(b)
160 
161     bnt := basepoint_naf_table()
162     assert table == bnt
163 }
164 
165 fn test_vartime_double_scalar_base_mult() {
166     mut x := generate_scalar(100) or { panic(err) }
167     mut y := generate_scalar(100) or { panic(err) }
168     b := new_generator_point()
169 
170     mut p := Point{}
171     mut q1 := Point{}
172     mut q2 := Point{}
173     mut check := Point{}
174 
175     p.vartime_double_scalar_base_mult(x, b, y)
176 
177     q1.scalar_base_mult(mut x)
178     q2.scalar_base_mult(mut y)
179     check.add(q1, q2)
180 
181     assert check_on_curve(p, check, q1, q2) == true
182     assert p.equal(check) == 1
183 }
184

1	module edwards25519
2
3	const dalek_scalar = Scalar{[u8(219), 106, 114, 9, 174, 249, 155, 89, 69, 203, 201, 93, 92, 116,
4	234, 187, 78, 115, 103, 172, 182, 98, 62, 103, 187, 136, 13, 100, 248, 110, 12, 4]!}
5	const dsc_basepoint = [u8(0xf4), 0xef, 0x7c, 0xa, 0x34, 0x55, 0x7b, 0x9f, 0x72, 0x3b, 0xb6, 0x1e,
6	0xf9, 0x46, 0x9, 0x91, 0x1c, 0xb9, 0xc0, 0x6c, 0x17, 0x28, 0x2d, 0x8b, 0x43, 0x2b, 0x5, 0x18,
7	0x6a, 0x54, 0x3e, 0x48]
8
9	fn dalek_scalar_basepoint() Point {
10	mut p := Point{}
11	p.set_bytes(dsc_basepoint) or { panic(err) }
12	return p
13	}
14
15	fn test_scalar_mult_small_scalars() {
16	mut z := Scalar{}
17	mut p := Point{}
18	mut b := new_generator_point()
19	mut i := new_identity_point()
20	p.scalar_mult(mut z, b)
21
22	assert i.equal(p) == 1
23	assert check_on_curve(p) == true
24
25	z = Scalar{[u8(1), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
26	0, 0, 0, 0, 0, 0, 0]!}
27	p.scalar_mult(mut z, b)
28
29	assert b.equal(p) == 1
30	assert check_on_curve(p) == true
31	}
32
33	fn test_scalar_mult_vs_dalek() {
34	mut p := Point{}
35	mut b := new_generator_point()
36	mut dsc := dalek_scalar
37	p.scalar_mult(mut dsc, b)
38	mut ds := dalek_scalar_basepoint()
39	assert ds.equal(p) == 1
40
41	assert check_on_curve(p) == true
42	}
43
44	fn test_scalar_base_mult_vs_dalek() {
45	mut p := Point{}
46	mut dsc := dalek_scalar
47	p.scalar_base_mult(mut dsc)
48	mut ds := dalek_scalar_basepoint()
49	assert ds.equal(p) == 1
50
51	assert check_on_curve(p)
52	}
53
54	fn test_vartime_double_basemult_vs_dalek() {
55	mut p := Point{}
56	mut z := Scalar{}
57	b := new_generator_point()
58	p.vartime_double_scalar_base_mult(dalek_scalar, b, z)
59
60	mut ds := dalek_scalar_basepoint()
61	assert ds.equal(p) == 1
62	assert check_on_curve(p)
63
64	p.vartime_double_scalar_base_mult(z, b, dalek_scalar)
65
66	assert ds.equal(p) == 1
67	assert check_on_curve(p)
68	}
69
70	fn test_scalar_mult_distributes_over_add() {
71	mut x := generate_scalar(100) or { panic(err) }
72	mut y := generate_scalar(100) or { panic(err) }
73	mut z := Scalar{}
74
75	z.add(x, y)
76
77	mut p := Point{}
78	mut q := Point{}
79	mut r := Point{}
80	mut check := Point{}
81	mut b := new_generator_point()
82
83	p.scalar_mult(mut x, b)
84	q.scalar_mult(mut y, b)
85	r.scalar_mult(mut z, b)
86	check.add(p, q)
87
88	assert check_on_curve(p, q, r, check) == true
89	assert check.equal(r) == 1
90	}
91
92	fn test_scalarmult_non_identity_point() {
93	// Check whether p.ScalarMult and q.ScalaBaseMult give the same,
94	// when p and q are originally set to the base point.
95
96	mut x := generate_scalar(5000)!
97
98	mut p := Point{}
99	mut q := Point{}
100	mut b := new_generator_point()
101	p.set(b)
102	q.set(b)
103
104	p.scalar_mult(mut x, b)
105	q.scalar_base_mult(mut x)
106
107	assert check_on_curve(p, q) == true
108
109	assert p.equal(q) == 1
110	}
111
112	fn test_basepoint_table_generation() {
113	// The basepoint table is 32 affineLookupTables,
114	// corresponding to (16^2i)B for table i.*
115	bptable := basepoint_table()
116	b := new_generator_point()
117	mut tmp1 := ProjectiveP1{}
118	mut tmp2 := ProjectiveP2{}
119	mut tmp3 := Point{}
120	tmp3.set(b)
121	mut table := []AffineLookupTable{len: 32}
122	for i := 0; i < 32; i++ {
123	// Build the table
124	table[i].from_p3(tmp3)
125
126	// Assert equality with the hardcoded one
127	assert table[i] == bptable[i]
128
129	// Set p = (16^2)p = 256p = 2^8p*
130	tmp2.from_p3(tmp3)
131	for j := 0; j < 7; j++ {
132	tmp1.double(tmp2)
133	tmp2.from_p1(tmp1)
134	}
135	tmp1.double(tmp2)
136	tmp3.from_p1(tmp1)
137
138	assert check_on_curve(tmp3) == true
139	}
140	}
141
142	fn test_scalar_mult_matches_base_mult() {
143	mut x := generate_scalar(100) or { panic(err) }
144	b := new_generator_point()
145	mut p := Point{}
146	mut q := Point{}
147
148	p.scalar_mult(mut x, b)
149	q.scalar_base_mult(mut x)
150
151	assert check_on_curve(p, q) == true
152	assert p.equal(q) == 1
153	}
154
155	fn test_basepoint_naf_table_generation() {
156	mut table := NafLookupTable8{}
157	b := new_generator_point()
158
159	table.from_p3(b)
160
161	bnt := basepoint_naf_table()
162	assert table == bnt
163	}
164
165	fn test_vartime_double_scalar_base_mult() {
166	mut x := generate_scalar(100) or { panic(err) }
167	mut y := generate_scalar(100) or { panic(err) }
168	b := new_generator_point()
169
170	mut p := Point{}
171	mut q1 := Point{}
172	mut q2 := Point{}
173	mut check := Point{}
174
175	p.vartime_double_scalar_base_mult(x, b, y)
176
177	q1.scalar_base_mult(mut x)
178	q2.scalar_base_mult(mut y)
179	check.add(q1, q2)
180
181	assert check_on_curve(p, check, q1, q2) == true
182	assert p.equal(check) == 1
183	}
184