ed25519 prehashed test vector. ed448 prehashed test vectors look invalid??

src/per_curve/eddsa.tmpl.hxx

@@ -110,7 +110,7 @@ template<class CRTP, Prehashed ph> class Signing;
 template<class CRTP> class Signing<CRTP,PREHASHED> {
 public:
     /* Sign a prehash context, and reset the context */
-    inline SecureBuffer sign_prehashed ( Prehash &ph ) const throw(std::bad_alloc) {
+    inline SecureBuffer sign_prehashed ( Prehash &ph ) const /*throw(std::bad_alloc)*/ {
         SecureBuffer out(CRTP::SIG_BYTES);
         FixedArrayBuffer<Prehash::OUTPUT_BYTES> tmp;
         ph.final(tmp);
@@ -126,6 +126,17 @@ public:
             ph.context_.size()
 #endif
         );
+        return out;
+    }
+    
+    /* Sign a message using the prehasher */
+    inline SecureBuffer sign_with_prehash (
+        const Block &message,
+        const Block &context = Block(NULL,0)
+    ) const /*throw(LengthException,CryptoException)*/ {
+        Prehash ph(context);
+        ph += message;
+        return sign_prehashed(ph);
     }
 };
 
@@ -229,14 +240,14 @@ public:
     }
     
     /** Assignment from string */
-    inline PrivateKey &operator=(const FixedBlock<SER_BYTES> &b) NOEXCEPT {
+    inline PrivateKeyBase &operator=(const FixedBlock<SER_BYTES> &b) NOEXCEPT {
         memcpy(priv_.data(),b.data(),b.size());
         $(c_ns)_eddsa_derive_public_key(pub_.data(), priv_.data());
         return *this;
     }
     
     /** Copy assignment */
-    inline PrivateKey &operator=(const PrivateKey &k) NOEXCEPT {
+    inline PrivateKeyBase &operator=(const PrivateKey &k) NOEXCEPT {
         memcpy(priv_.data(),k.priv_.data(), priv_.size());
         memcpy(pub_.data(),k.pub_.data(), pub_.size());
         return *this;
@@ -355,6 +366,17 @@ public:
             throw CryptoException();
         }
     }
+    
+    /* Verify a message using the prehasher */
+    inline void verify_with_prehash (
+        const FixedBlock<$(C_NS)_EDDSA_SIGNATURE_BYTES> &sig,
+        const Block &message,
+        const Block &context = Block(NULL,0)
+    ) const /*throw(LengthException,CryptoException)*/ {
+        Prehash ph(context);
+        ph += message;
+        verify_prehashed(sig,ph);
+    }
 };
 
 

test/test_decaf.cxx

@@ -466,6 +466,7 @@ static void test_cfrg_crypto() {
     }
 }
 
+static const bool eddsa_prehashed[];
 static const Block eddsa_sk[], eddsa_pk[], eddsa_message[], eddsa_context[], eddsa_sig[];
 
 static void test_cfrg_vectors() {
@@ -490,10 +491,20 @@ static void test_cfrg_vectors() {
             printf("\n");
         }
         SecureBuffer sig;
-        if (priv.SUPPORTS_CONTEXTS) {
-            sig = priv.sign(eddsa_message[t],eddsa_context[t]);
+        
+        if (eddsa_prehashed[t]) {
+            typename EdDSA<Group>::PrivateKeyPh priv2(eddsa_sk[t]); 
+            if (priv2.SUPPORTS_CONTEXTS) {
+                sig = priv2.sign_with_prehash(eddsa_message[t],eddsa_context[t]);
+            } else {
+                sig = priv2.sign_with_prehash(eddsa_message[t]);
+            }
         } else {
-            sig = priv.sign(eddsa_message[t]);
+            if (priv.SUPPORTS_CONTEXTS) {
+                sig = priv.sign(eddsa_message[t],eddsa_context[t]);
+            } else {
+                sig = priv.sign(eddsa_message[t]);
+            }
         }
 
         if (!memeq(SecureBuffer(eddsa_sig[t]),sig)) {
@@ -572,7 +583,7 @@ static void run() {
 
 }; /* template<GroupId GROUP> struct Tests */
 
-#include "vectors.inc.c"
+#include "vectors.inc.cxx"
 
 int main(int argc, char **argv) {
     (void) argc; (void) argv;

test/vectors.inc.c → test/vectors.inc.cxx

@@ -163,6 +163,15 @@ const uint8_t ed448_eddsa_message[][12] = {{
     0x81,0x1e,0x29,0x15
 }};
 
+
+template<> const bool Tests<Ed448Goldilocks>::eddsa_prehashed[] = {
+    false,
+    false,
+    false,
+    false,
+    false
+};
+
 const uint8_t ed448_eddsa_context[][3] = {{
     0x66,0x6f,0x6f
 }};
@@ -284,7 +293,7 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_sig[] = {
     Block(ed448_eddsa_sig[3],114)
 };
 
-const uint8_t ed25519_eddsa_sk[3][32] = {{
+const uint8_t ed25519_eddsa_sk[][32] = {{
     0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
     0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
     0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
@@ -299,8 +308,13 @@ const uint8_t ed25519_eddsa_sk[3][32] = {{
     0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
     0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
     0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
+}, {
+    0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
+    0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
+    0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
+    0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
 }};
-const uint8_t ed25519_eddsa_pk[3][32] = {{
+const uint8_t ed25519_eddsa_pk[][32] = {{
     0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
     0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
     0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
@@ -315,15 +329,22 @@ const uint8_t ed25519_eddsa_pk[3][32] = {{
     0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
     0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
     0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
+}, {
+    0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
+    0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
+    0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
+    0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
 }};
-const uint8_t ed25519_eddsa_message[3][2] = {{
+const uint8_t ed25519_eddsa_message[][3] = {{
     0
 }, {
     0x72
 }, {
     0xaf,0x82
+}, {
+    0x61,0x62,0x63
 }};
-const uint8_t ed25519_eddsa_sig[3][64] = {{
+const uint8_t ed25519_eddsa_sig[][64] = {{
     0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
     0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
     0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
@@ -350,29 +371,51 @@ const uint8_t ed25519_eddsa_sig[3][64] = {{
     0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
     0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
     0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
+}, {
+    0xdc,0x2a,0x44,0x59,0xe7,0x36,0x96,0x33,
+    0xa5,0x2b,0x1b,0xf2,0x77,0x83,0x9a,0x00,
+    0x20,0x10,0x09,0xa3,0xef,0xbf,0x3e,0xcb,
+    0x69,0xbe,0xa2,0x18,0x6c,0x26,0xb5,0x89,
+    0x09,0x35,0x1f,0xc9,0xac,0x90,0xb3,0xec,
+    0xfd,0xfb,0xc7,0xc6,0x64,0x31,0xe0,0x30,
+    0x3d,0xca,0x17,0x9c,0x13,0x8a,0xc1,0x7a,
+    0xd9,0xbe,0xf1,0x17,0x73,0x31,0xa7,0x04
 }};
 
+template<> const bool Tests<IsoEd25519>::eddsa_prehashed[] = {
+    false,
+    false,
+    false,
+    true
+};
 template<> const Block Tests<IsoEd25519>::eddsa_sk[] = {
     Block(ed25519_eddsa_sk[0],32),
     Block(ed25519_eddsa_sk[1],32),
     Block(ed25519_eddsa_sk[2],32),
+    Block(ed25519_eddsa_sk[3],32),
     Block(NULL,0)
 };
 template<> const Block Tests<IsoEd25519>::eddsa_pk[] = {
     Block(ed25519_eddsa_pk[0],32),
     Block(ed25519_eddsa_pk[1],32),
-    Block(ed25519_eddsa_pk[2],32)
+    Block(ed25519_eddsa_pk[2],32),
+    Block(ed25519_eddsa_pk[3],32)
 };
 template<> const Block Tests<IsoEd25519>::eddsa_context[] = {
+    Block(NULL,0),
+    Block(NULL,0),
+    Block(NULL,0),
     Block(NULL,0)
 };
 template<> const Block Tests<IsoEd25519>::eddsa_message[] = {
     Block(ed25519_eddsa_message[0],0),
     Block(ed25519_eddsa_message[1],1),
-    Block(ed25519_eddsa_message[2],2)
+    Block(ed25519_eddsa_message[2],2),
+    Block(ed25519_eddsa_message[3],3)
 };
 template<> const Block Tests<IsoEd25519>::eddsa_sig[] = {
     Block(ed25519_eddsa_sig[0],64),
     Block(ed25519_eddsa_sig[1],64),
-    Block(ed25519_eddsa_sig[2],64)
+    Block(ed25519_eddsa_sig[2],64),
+    Block(ed25519_eddsa_sig[3],64)
 };