#include <string.h>
+#include <mLib/macros.h>
+
#include "fgoldi.h"
#include "ed448.h"
#include "scaf.h"
fgoldi_sub(&t1, &t1, &t2); /* t1 = C - D */
fgoldi_sub(X, &t0, Y); /* X = c (B - E) */
fgoldi_sqr(&t0, Z0); /* t0 = H = (c Z0)^2 */
- fgoldi_mulconst(&t0, &t0, 2); /* t0 = 2 H */
+ fgoldi_add(&t0, &t0, &t0); /* t0 = 2 H */
fgoldi_sub(&t0, Y, &t0); /* t0 = J = E - 2 H */
fgoldi_mul(X, X, &t0); /* X = c (B - E) J */
fgoldi_mul(Z, Y, &t0); /* Z = E J */
const void *m, size_t msz)
{
shake_ctx h;
- scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
fgoldi RX, RY, RZ;
octet h1[57], pb[PREFIX_BUFSZ], rb[114];
const octet sig[ED448_SIGSZ])
{
shake_ctx h;
- scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
fgoldi AX, AY, AZ, RX, RY, RZ;
octet b[PREFIX_BUFSZ];
scaf_loaddbl(tt, sig + 57, 57, 2*NPIECE, PIECEWD);
scaf_reduce(s, tt, l, mu, NPIECE, PIECEWD, scratch);
scaf_store(b, 57, s, NPIECE, PIECEWD);
- if (memcmp(b, sig + 57, 57) != 0) return (-1);
+ if (MEMCMP(b, !=, sig + 57, 57)) return (-1);
/* Check the signature. */
psz = prefix(b, phflag, p, psz);
scaf_reduce(t, tt, l, mu, NPIECE, PIECEWD, scratch);
ptsimmul(&RX, &RY, &RZ, s, BX, BY, BZ, t, &AX, &AY, &AZ);
ptencode(b, &RX, &RY, &RZ);
- if (memcmp(b, sig, 57) != 0) return (-1);
+ if (MEMCMP(b, !=, sig, 57)) return (-1);
/* All is good. */
return (0);
#include <mLib/report.h>
#include <mLib/testrig.h>
+#include "ct.h"
+
static int vrf_pubkey(dstr dv[])
{
dstr dpub = DSTR_INIT;
if (dv[1].len != ED448_PUBSZ) die(1, "bad pub length");
+ ct_poison(dv[0].buf, dv[0].len);
dstr_ensure(&dpub, ED448_PUBSZ); dpub.len = ED448_PUBSZ;
ed448_pubkey((octet *)dpub.buf, dv[0].buf, dv[0].len);
- if (memcmp(dpub.buf, dv[1].buf, ED448_PUBSZ) != 0) {
+ ct_remedy(dpub.buf, dpub.len);
+ if (MEMCMP(dpub.buf, !=, dv[1].buf, ED448_PUBSZ)) {
ok = 0;
fprintf(stderr, "failed!");
fprintf(stderr, "\n\tpriv = "); type_hex.dump(&dv[0], stderr);
if (want->len != ED448_SIGSZ) die(1, "bad result length");
+ ct_poison(priv->buf, priv->len);
dstr_ensure(&dsig, ED448_SIGSZ); dsig.len = ED448_SIGSZ;
if (phflag <= 0)
m = msg;
ed448_sign((octet *)dsig.buf, priv->buf, priv->len, K,
phflag, perso ? perso->buf : 0, perso ? perso->len : 0,
m->buf, m->len);
- if (memcmp(dsig.buf, want->buf, ED448_SIGSZ) != 0) {
+ ct_remedy(dsig.buf, dsig.len);
+ if (MEMCMP(dsig.buf, !=, want->buf, ED448_SIGSZ)) {
ok = 0;
fprintf(stderr, "failed!");
fprintf(stderr, "\n\tpriv = "); type_hex.dump(priv, stderr);