From 77923a291a5c993cca5c11c9b7dc00891d88bd8e Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 11 Dec 2018 16:17:56 -0500
Subject: Add Langley's curve25519 (GH #761, PR# 762)

---
 validat0.cpp | 80 ++++++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 64 insertions(+), 16 deletions(-)

(limited to 'validat0.cpp')

diff --git a/validat0.cpp b/validat0.cpp
index 1e2fc9b5..e4138bd5 100644
--- a/validat0.cpp
+++ b/validat0.cpp
@@ -21,6 +21,11 @@
 #include "gzip.h"
 #include "zlib.h"
 
+//curve25519
+#include "xed25519.h"
+#include "donna.h"
+#include "naclite.h"
+
 #include <iostream>
 #include <iomanip>
 #include <sstream>
@@ -41,12 +46,11 @@ NAMESPACE_BEGIN(Test)
 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
 bool TestPolynomialMod2()
 {
-    bool pass1 = true, pass2 = true, pass3 = true;
-
     std::cout << "\nTesting PolynomialMod2 bit operations...\n\n";
+    bool pass1 = true, pass2 = true, pass3 = true;
 
-    static const unsigned int start = 0;
-    static const unsigned int stop = 4 * WORD_BITS + 1;
+    const unsigned int start = 0;
+    const unsigned int stop = 4 * WORD_BITS + 1;
 
     for (unsigned int i = start; i < stop; i++)
     {
@@ -424,10 +428,54 @@ bool TestCompressors()
     return !fail1 && !fail2 && !fail3;
 }
 
+bool TestCurve25519()
+{
+    std::cout << "\nTesting curve25519 Key Agreements...\n\n";
+    const unsigned int AGREE_COUNT = 64;
+    bool pass = true;
+
+    SecByteBlock priv1(32), priv2(32), pub1(32), pub2(32), share1(32), share2(32);
+    for (unsigned int i=0; i<AGREE_COUNT; ++i)
+    {
+        // Langley's curve25519-donna
+        GlobalRNG().GenerateBlock(priv1, priv1.size());
+        GlobalRNG().GenerateBlock(priv2, priv2.size());
+
+        priv1[0] &= 248; priv1[31] &= 127; priv1[31] |= 64;
+        priv2[0] &= 248; priv2[31] &= 127; priv2[31] |= 64;
+
+        const byte base[32] = {9};
+        Donna::curve25519(pub1, priv1, base);
+        Donna::curve25519(pub2, priv2, base);
+
+        int ret1 = Donna::curve25519(share1, priv1, pub2);
+        int ret2 = Donna::curve25519(share2, priv2, pub1);
+        int ret3 = std::memcmp(share1, share2, 32);
+
+        // Bernstein's Tweet NaCl
+        NaCl::crypto_box_keypair(pub2, priv2);
+
+        int ret4 = Donna::curve25519(share1, priv1, pub2);
+        int ret5 = NaCl::crypto_scalarmult(share2, priv2, pub1);
+        int ret6 = std::memcmp(share1, share2, 32);
+
+        bool fail = ret1 != 0 || ret2 != 0 || ret3 != 0 || ret4 != 0 || ret5 != 0 || ret6 != 0;
+        pass = pass && !fail;
+    }
+
+    if (pass)
+        std::cout << "passed:";
+    else
+        std::cout << "FAILED:";
+    std::cout << "  " << AGREE_COUNT << " key agreements" << std::endl;
+
+    return pass;
+}
+
 bool TestEncryptors()
 {
     std::cout << "\nTesting Default Encryptors and Decryptors...\n\n";
-    static const unsigned int ENCRYPT_COUNT = 64, ENCRYPT_MAC_COUNT = 64;
+    const unsigned int ENCRYPT_COUNT = 64, ENCRYPT_MAC_COUNT = 64;
     bool fail0 = false, fail1 = false, fail2 = false, fail3 = false, fail4 = false;
 
     // **************************************************************
@@ -440,7 +488,7 @@ bool TestEncryptors()
 
         // This data was generated with Crypto++ 5.6.2
         //StringSource(message, true, new LegacyEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac1.bin")));
-        FileSource("TestData/defdmac1.bin", true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+        FileSource(DataDir("TestData/defdmac1.bin").c_str(), true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
         if (message != recovered)
             throw Exception(Exception::OTHER_ERROR, "LegacyDecryptorWithMAC failed a self test");
 
@@ -449,7 +497,7 @@ bool TestEncryptors()
 
         // This data was generated with Crypto++ 6.0
         //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac2.bin")));
-        FileSource("TestData/defdmac2.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+        FileSource(DataDir("TestData/defdmac2.bin").c_str(), true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
         if (message != recovered)
             throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test");
     }
@@ -658,9 +706,9 @@ bool TestEncryptors()
 bool TestSharing()
 {
     std::cout << "\nInformation Dispersal and Secret Sharing...\n\n";
-    static const unsigned int INFORMATION_SHARES = 64;
-    static const unsigned int SECRET_SHARES = 64;
-    static const unsigned int CHID_LENGTH = 4;
+    const unsigned int INFORMATION_SHARES = 64;
+    const unsigned int SECRET_SHARES = 64;
+    const unsigned int CHID_LENGTH = 4;
     bool pass=true, fail=false;
 
     // ********** Infrmation Dispersal **********//
@@ -1337,7 +1385,7 @@ bool TestASN1Parse()
 
     // All the types Crypto++ recognizes.
     //   "C" is one content octet with value 0x43.
-    static const ASN1_TestTuple bitStrings[] =
+    const ASN1_TestTuple bitStrings[] =
     {
         // The first "\x00" content octet is the "initial octet" representing unused bits. In the
         //   primitive encoding form, there may be zero, one or more contents after the initial octet.
@@ -1364,7 +1412,7 @@ bool TestASN1Parse()
 
     pass = RunASN1TestSet(bitStrings, COUNTOF(bitStrings)) && pass;
 
-    static const ASN1_TestTuple octetStrings[] =
+    const ASN1_TestTuple octetStrings[] =
     {
         // In the primitive encoding form, there may be zero, one or more contents.
         {ACCEPT, OCTET_STRING, "OCTET_STRING", "\x04\x00", 2},  // definite length, short form, zero content octets
@@ -1391,7 +1439,7 @@ bool TestASN1Parse()
 
     pass = RunASN1TestSet(octetStrings, COUNTOF(octetStrings)) && pass;
 
-    static const ASN1_TestTuple utf8Strings[] =
+    const ASN1_TestTuple utf8Strings[] =
     {
         {ACCEPT, UTF8_STRING, "UTF8_STRING", "\x0c\x00", 2},  // definite length, short form, zero content octets
         {ACCEPT, UTF8_STRING, "UTF8_STRING", "\x0c\x01" "C", 3},  // definite length, short form, expected content octets
@@ -1417,7 +1465,7 @@ bool TestASN1Parse()
 
     pass = RunASN1TestSet(utf8Strings, COUNTOF(utf8Strings)) && pass;
 
-    static const ASN1_TestTuple printableStrings[] =
+    const ASN1_TestTuple printableStrings[] =
     {
         {ACCEPT, PRINTABLE_STRING, "PRINTABLE_STRING", "\x13\x00", 2},  // definite length, short form, zero content octets
         {ACCEPT, PRINTABLE_STRING, "PRINTABLE_STRING", "\x13\x01" "C", 3},  // definite length, short form, expected content octets
@@ -1443,7 +1491,7 @@ bool TestASN1Parse()
 
     pass = RunASN1TestSet(printableStrings, COUNTOF(printableStrings)) && pass;
 
-    static const ASN1_TestTuple ia5Strings[] =
+    const ASN1_TestTuple ia5Strings[] =
     {
         {ACCEPT, IA5_STRING, "IA5_STRING", "\x16\x00", 2},  // definite length, short form, zero content octets
         {ACCEPT, IA5_STRING, "IA5_STRING", "\x16\x01" "C", 3},  // definite length, short form, expected content octets
@@ -1469,7 +1517,7 @@ bool TestASN1Parse()
 
     pass = RunASN1TestSet(ia5Strings, COUNTOF(ia5Strings)) && pass;
 
-    static const ASN1_TestTuple integerValues[] =
+    const ASN1_TestTuple integerValues[] =
     {
         // 8.3.1 The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets.
         {REJECT, INTEGER, "INTEGER", "\x02\x00", 2},  // definite length, short form, zero content octets
-- 
cgit v1.2.1