#include <string.h>
+#include <mLib/macros.h>
+
#include "f25519.h"
#include "ed25519.h"
#include "scaf.h"
/* (E = a C = -C) */
f25519_sub(&t0, &t2, &t1); /* t0 = F = D - C = E + D */
f25519_sqr(&t1, Z0); /* t1 = H = Z0^2 */
- f25519_mulconst(&t1, &t1, 2); /* t1 = 2 H */
+ f25519_add(&t1, &t1, &t1); /* t1 = 2 H */
f25519_sub(&t1, &t0, &t1); /* t1 = J = F - 2 H */
f25519_mul(X, X, &t1); /* X = (B - C - D) J */
f25519_mul(Y, Y, &t0); /* Y = -F (E - D) */
const void *m, size_t msz)
{
sha512_ctx h;
- scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
f25519 RX, RY, RZ;
octet h1[32], pb[PREFIX_BUFSZ], rb[SHA512_HASHSZ];
const octet sig[ED25519_SIGSZ])
{
sha512_ctx h;
- scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
f25519 AX, AY, AZ, RX, RY, RZ;
octet b[PREFIX_BUFSZ];
scaf_loaddbl(tt, sig + 32, 32, 2*NPIECE, PIECEWD);
scaf_reduce(s, tt, l, mu, NPIECE, PIECEWD, scratch);
scaf_store(b, 32, s, NPIECE, PIECEWD);
- if (memcmp(b, sig + 32, 32) != 0) return (-1);
+ if (MEMCMP(b, !=, sig + 32, 32)) return (-1);
/* Check the signature. */
psz = prefix(b, phflag, p, psz);
scaf_reduce(t, tt, l, mu, NPIECE, PIECEWD, scratch);
ptsimmul(&RX, &RY, &RZ, s, BX, BY, BZ, t, &AX, &AY, &AZ);
ptencode(b, &RX, &RY, &RZ);
- if (memcmp(b, sig, 32) != 0) return (-1);
+ if (MEMCMP(b, !=, sig, 32)) return (-1);
/* All is good. */
return (0);
#include <mLib/report.h>
#include <mLib/testrig.h>
+#include "ct.h"
+
static int vrf_pubkey(dstr dv[])
{
dstr dpub = DSTR_INIT;
if (dv[1].len != ED25519_PUBSZ) die(1, "bad pub length");
+ ct_poison(dv[0].buf, dv[0].len);
dstr_ensure(&dpub, ED25519_PUBSZ); dpub.len = ED25519_PUBSZ;
ed25519_pubkey((octet *)dpub.buf, dv[0].buf, dv[0].len);
- if (memcmp(dpub.buf, dv[1].buf, ED25519_PUBSZ) != 0) {
+ ct_remedy(dpub.buf, dpub.len);
+ if (MEMCMP(dpub.buf, !=, dv[1].buf, ED25519_PUBSZ)) {
ok = 0;
fprintf(stderr, "failed!");
fprintf(stderr, "\n\tpriv = "); type_hex.dump(&dv[0], stderr);
if (want->len != ED25519_SIGSZ) die(1, "bad result length");
+ ct_poison(priv->buf, priv->len);
dstr_ensure(&dsig, ED25519_SIGSZ); dsig.len = ED25519_SIGSZ;
if (phflag <= 0)
m = msg;
ed25519ctx_sign((octet *)dsig.buf, priv->buf, priv->len, K,
phflag, perso ? perso->buf : 0, perso ? perso->len : 0,
m->buf, m->len);
- if (memcmp(dsig.buf, want->buf, ED25519_SIGSZ) != 0) {
+ ct_remedy(dsig.buf, dsig.len);
+ if (MEMCMP(dsig.buf, !=, want->buf, ED25519_SIGSZ)) {
ok = 0;
fprintf(stderr, "failed!");
fprintf(stderr, "\n\tpriv = "); type_hex.dump(priv, stderr);