jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
85 Commits
2 Branches
1.6 MiB
Tree: 5622eb9741
ed448goldilocks/test/test_goldilocks.c

test_goldilocks.c 5.3 KiB
Raw Normal View History

Internal changes which break compatibility with previous versions (you knew this would happen). Added ARM NEON support. Added support for precomputation on public keys, which speeds up later signatures and ECDH calls. See history.txt or the doc for details. Reworked internals so that private keys can be derived from any 32-byte secret random value. This also means that secret keys can be "compressed" for cold storage. Added more tests. Running the tests now requires GMP, though Goldilocks itself does not. Linking now uses visibility instead of exported.sym.
11 years ago
Minor src/include/barrett_field.h: - Requires review: corrected failure to cast to (mask_t) prior to negation. (Or, if this is wrong; should cast to needed bitwidth explicitly.) - Changed type of nwords_out to uint32_t to agree with header. src/include/intrinsics.h: - Fixed up various preprocessor statements to check for definition rather than value of built-ins. - Added macro to use Clang’s __builtin_readcyclecounter on platforms on which it’s available. (Which is most platforms these days.) src/include/magic.h: Preprocessor “if” versus “if defined”. src/include/word.h: Fixed ifdefs; enabled support for memset_s on Darwin. Added explicit cast to mask_t. Added void to function definitions and declarations in the following files (not including void is okay in modern C++, but not modern C, IIRC): include/goldilocks.h, src/crandom.c, src/goldilocks.c, src/include/api.h, src/include/intrinsics.h, test/bench.c, test/test.c, test/test.h, test/test_arithmetic.c, test/test_goldilocks.c, test/test_pointops.c, test/test_scalarmul.c, test/test_sha512.c
10 years ago
Internal changes which break compatibility with previous versions (you knew this would happen). Added ARM NEON support. Added support for precomputation on public keys, which speeds up later signatures and ECDH calls. See history.txt or the doc for details. Reworked internals so that private keys can be derived from any 32-byte secret random value. This also means that secret keys can be "compressed" for cold storage. Added more tests. Running the tests now requires GMP, though Goldilocks itself does not. Linking now uses visibility instead of exported.sym.
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195 
  1. #include "test.h"

  2. #include "goldilocks.h"

  3. #include <stdio.h>

  4. #include <stdlib.h>

  5. #include <string.h>

  6. 

  7. int test_goldilocks (void) {

  8.     const char *message1 = "hello world";

  9.     const char *message2 = "Jello world";

  10.     

  11.     unsigned char signature[GOLDI_SIGNATURE_BYTES];

  12.     

  13.     unsigned char

  14.         ss12[GOLDI_SHARED_SECRET_BYTES],

  15.         ss21[GOLDI_SHARED_SECRET_BYTES],

  16.         ss21p[GOLDI_SHARED_SECRET_BYTES],

  17.         proto[GOLDI_SYMKEY_BYTES];

  18.     

  19.     struct goldilocks_public_key_t  pub, pub2;

  20.     struct goldilocks_private_key_t priv, priv2;

  21.     struct goldilocks_precomputed_public_key_t *pre = NULL;

  22.     

  23.     int i, ret, good = 1;

  24.     

  25.     ret = goldilocks_init();

  26.     if (ret) {

  27.         youfail();

  28.         printf("    Failed init.\n");

  29.     }

  30.     

  31.     for (i=0; i<1000 && good; i++) {

  32.         

  33.         ret = goldilocks_keygen(&priv, &pub);

  34.         if (ret) {

  35.             youfail();

  36.             printf("    Failed keygen trial %d.\n", i);

  37.             good = 0;

  38.         }

  39.         

  40.         goldilocks_destroy_precomputed_public_key( pre );

  41.         pre = goldilocks_precompute_public_key ( &pub );

  42.         if (!pre) {

  43.             youfail();

  44.             printf("    Failed precomp-public trial %d.\n", i);

  45.             return -1;

  46.         }

  47.         

  48.         ret = goldilocks_sign(

  49.             signature,

  50.             (const unsigned char *)message1,

  51.             strlen(message1),

  52.             &priv

  53.         );

  54.         if (ret) {

  55.             youfail();

  56.             printf("    Failed sign trial %d.\n", i);

  57.             good = 0;

  58.         }

  59.         

  60.         ret = goldilocks_verify(

  61.             signature,

  62.             (const unsigned char *)message1,

  63.             strlen(message1),

  64.             &pub

  65.         );

  66.         if (ret) {

  67.             youfail();

  68.             printf("    Failed verify trial %d.\n", i);

  69.             good = 0;

  70.         }

  71. 

  72.         ret = goldilocks_verify_precomputed (

  73.             signature,

  74.             (const unsigned char *)message1,

  75.             strlen(message1),

  76.             pre

  77.         );

  78.         if (ret) {

  79.             youfail();

  80.             printf("    Failed verify-pre trial %d.\n", i);

  81.             good = 0;

  82.         }

  83.         

  84.         /* terrible negative test */

  85.         ret = goldilocks_verify(

  86.             signature,

  87.             (const unsigned char *)message2,

  88.             strlen(message1),

  89.             &pub

  90.         );

  91.         if (ret != GOLDI_EINVAL) {

  92.             youfail();

  93.             printf("    Failed nega-verify trial %d.\n", i);

  94.             good = 0;

  95.         }

  96.         ret = goldilocks_verify_precomputed(

  97.             signature,

  98.             (const unsigned char *)message2,

  99.             strlen(message1),

  100.             pre

  101.         );

  102.         if (ret != GOLDI_EINVAL) {

  103.             youfail();

  104.             printf("    Failed nega-verify-pre trial %d.\n", i);

  105.             good = 0;

  106.         }

  107.         

  108.         /* honestly a slightly better negative test */

  109.         memset(signature,0,sizeof(signature));

  110.         ret = goldilocks_verify(

  111.             signature,

  112.             (const unsigned char *)message1,

  113.             strlen(message1),

  114.             &pub

  115.         );

  116.         if (ret != GOLDI_EINVAL) {

  117.             youfail();

  118.             printf("    Failed nega-verify-0 trial %d.\n", i);

  119.             good = 0;

  120.         }

  121.         ret = goldilocks_verify_precomputed(

  122.             signature,

  123.             (const unsigned char *)message1,

  124.             strlen(message1),

  125.             pre

  126.         );

  127.         if (ret != GOLDI_EINVAL) {

  128.             youfail();

  129.             printf("    Failed nega-verify-pre-0 trial %d.\n", i);

  130.             good = 0;

  131.         }

  132.         

  133.         /* ecdh */

  134.         ret = goldilocks_keygen(&priv2, &pub2);

  135.         if (ret) {

  136.             youfail();

  137.             printf("    Failed keygen2 trial %d.\n", i);

  138.             good = 0;

  139.         }

  140.         

  141.         ret = goldilocks_shared_secret ( ss12, &priv, &pub2 );

  142.         if (ret) {

  143.             youfail();

  144.             printf("    Failed ss12 trial %d.\n", i);

  145.             good = 0;

  146.         }

  147.         

  148.         ret = goldilocks_shared_secret ( ss21, &priv2, &pub );

  149.         if (ret) {

  150.             youfail();

  151.             printf("    Failed ss21 trial %d.\n", i);

  152.             good = 0;

  153.         }

  154.         

  155.         ret = goldilocks_shared_secret_precomputed ( ss21p, &priv2, pre );

  156.         if (ret) {

  157.             youfail();

  158.             printf("    Failed ss21p trial %d.\n", i);

  159.             good = 0;

  160.         }

  161.         

  162.         if (memcmp(ss12,ss21,sizeof(ss12))) {

  163.             youfail();

  164.             printf("    Failed shared-secret trial %d.\n", i);

  165.             good = 0;

  166.         }

  167.         

  168.         if (memcmp(ss21,ss21p,sizeof(ss21))) {

  169.             youfail();

  170.             printf("    Failed shared-secret precomp trial %d.\n", i);

  171.             good = 0;

  172.         }

  173.         

  174.         /* test derive / underive / priv to pub */

  175.         goldilocks_underive_private_key ( proto, &priv );

  176.         ret = goldilocks_derive_private_key ( &priv2, proto );

  177.         if (ret || memcmp(&priv,&priv2,sizeof(priv))) {

  178.             youfail();    

  179.             printf("    Failed derive round-trip trial %d.\n", i);

  180.             good = 0;

  181.         }

  182.         

  183.         ret = goldilocks_private_to_public ( &pub2, &priv );

  184.         if (ret || memcmp(&pub,&pub2,sizeof(pub))) {

  185.             youfail();

  186.             printf("    Failed private-to-public trial %d.\n", i);

  187.             good = 0;

  188.         }

  189.         

  190.     }

  191.     

  192.     goldilocks_destroy_precomputed_public_key( pre );

  193.     

  194.     return good ? 0 : -1;

  195. }