From 0d4b3c1f2e8e0c247c3d85cb84bbf8ad6fa1304b Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 Sep 2019 09:13:22 +0100
Subject: [PATCH] @@@ and ed448

---
 Makefile.in  |  12 +++++-
 ed448-test.c | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 131 insertions(+), 2 deletions(-)
 create mode 100644 ed448-test.c

diff --git a/Makefile.in b/Makefile.in
index 7df4bf6..f7376e5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -62,7 +62,7 @@ OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
 	resolver.o random.o udp.o site.o transform-cbcmac.o transform-eax.o \
 	comm-common.o polypath.o \
 	netlink.o rsa.o dh.o xdh.o serpent.o serpentbe.o \
-	scaf.o f25519.o x25519.o ed25519.o fgoldi.o x448.o \
+	scaf.o f25519.o x25519.o ed25519.o fgoldi.o x448.o ed448.o \
 	md5.o sha512.o keccak1600.o sha3.o \
 	tun.o slip.o sha1.o ipaddr.o log.o \
 	process.o @LIBOBJS@ \
@@ -150,7 +150,7 @@ check: eax-aes-test.confirm eax-serpent-test.confirm \
 	msgcode-test.confirm \
 	keccak1600-test.confirm sha3-test.confirm \
 	f25519-test.confirm x25519-test.confirm ed25519-test.confirm \
-	fgoldi-test.confirm x448-test.confirm
+	fgoldi-test.confirm x448-test.confirm ed448-test.confirm
 
 version.c: Makefile
 	echo "#include \"secnet.h\"" >$@.new
@@ -225,6 +225,14 @@ ed25519-test.confirm: ed25519-test ed25519-tests.in
 	./ed25519-test <$(srcdir)/ed25519-tests.in
 	touch $@
 
+ed448-test: ed448-test.o keccak1600.o sha3.o \
+		fgoldi.o scaf.o ed448.o crypto-test.o
+	$(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^
+
+ed448-test.confirm: ed448-test ed448-tests.in
+	./ed448-test <$(srcdir)/ed448-tests.in
+	touch $@
+
 check-ipaddrset: ipaddrset-test.py ipaddrset.py ipaddrset-test.expected
 	$(srcdir)/ipaddrset-test.py >ipaddrset-test.new
 	diff -u $(srcdir)/ipaddrset-test.expected ipaddrset-test.new
diff --git a/ed448-test.c b/ed448-test.c
new file mode 100644
index 0000000..b240ace
--- /dev/null
+++ b/ed448-test.c
@@ -0,0 +1,121 @@
+/*
+ * ed448-test.c: test harness for elliptic curve signatures
+ *
+ * (The implementations originally came with different test arrangements,
+ * with complicated external dependencies.  This file replicates the original
+ * tests, but without the dependencies.)
+ */
+/*
+ * This file is Free Software.  It was originally written for secnet.
+ *
+ * Copyright 2019 Mark Wooding
+ *
+ * You may redistribute secnet as a whole and/or modify it under the
+ * terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3, or (at your option) any
+ * later version.
+ *
+ * You may redistribute this file and/or modify it under the terms of
+ * the GNU General Public License as published by the Free Software
+ * Foundation; either version 2, or (at your option) any later
+ * version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
+ */
+
+#include <stdio.h>
+
+#include "secnet.h"
+
+#include "sha3.h"
+#include "ed448.h"
+
+#include "crypto-test.h"
+
+enum {
+    RSIGOUT, RAOUT = RSIGOUT, RRC = RSIGOUT, NROUT,
+    RA = NROUT, RPH, RCTX, RM, RSIGIN, NREG
+};
+
+static void test_pubkey(struct reg *out, const struct reg *in, void *ctx)
+{
+    allocate_bytes(&out[RAOUT].v, ED448_PUBSZ);
+    ed448_pubkey(out[RAOUT].v.bytes.p,
+		 in[RA].v.bytes.p, in[RA].v.bytes.sz);
+}
+
+static void test_sign(struct reg *out, const struct reg *in, void *ctx)
+{
+    octet K[ED448_PUBSZ];
+    const octet *m = in[RM].v.bytes.p; size_t msz = in[RM].v.bytes.sz;
+    octet h[64];
+    shake_ctx hctx;
+
+    if (in[RPH].v.i) {
+	shake256_init(&hctx);
+	shake_hash(&hctx, m, msz);
+	shake_done(&hctx, h, sizeof(h));
+	m = h; msz = sizeof(h);
+    }
+
+    allocate_bytes(&out[RSIGOUT].v, ED448_SIGSZ);
+    ed448_pubkey(K, in[RA].v.bytes.p, in[RA].v.bytes.sz);
+    ed448_sign(out[RSIGOUT].v.bytes.p,
+	       in[RA].v.bytes.p, in[RA].v.bytes.sz, K,
+	       in[RPH].v.i,
+	       in[RCTX].v.bytes.p, in[RCTX].v.bytes.sz,
+	       m, msz);
+}
+
+static void test_verify(struct reg *out, const struct reg *in, void *ctx)
+{
+    const octet *m = in[RM].v.bytes.p; size_t msz = in[RM].v.bytes.sz;
+    octet h[64];
+    shake_ctx hctx;
+
+    if (in[RPH].v.i) {
+	shake256_init(&hctx);
+	shake_hash(&hctx, m, msz);
+	shake_done(&hctx, h, sizeof(h));
+	m = h; msz = sizeof(h);
+    }
+
+    out[RRC].v.i = ed448_verify(in[RA].v.bytes.p,
+				in[RPH].v.i,
+				in[RCTX].v.bytes.p, in[RCTX].v.bytes.sz,
+				m, msz, in[RSIGIN].v.bytes.p);
+}
+
+#define REG_A { "a", RA, &regty_bytes, 0 }
+#define REG_BIGA { "A", RA, &regty_bytes, 0 }
+#define REG_PH { "ph", RPH, &regty_int, 0 }
+#define REG_CTX { "ctx", RCTX, &regty_bytes, 0 }
+#define REG_M { "m", RM, &regty_bytes, 0 }
+#define REG_SIGIN { "sig", RSIGIN, &regty_bytes, 0 }
+
+#define REG_SIGOUT { "sig", RSIGOUT, &regty_bytes, 0 }
+#define REG_AOUT { "A", RAOUT, &regty_bytes, 0 }
+#define REG_RC { "rc", RRC, &regty_int, 0 }
+static const struct regdef
+    pubkey_regs[] = { REG_A, REG_AOUT, REGLIST_END },
+    sign_regs[] = { REG_A, REG_PH, REG_CTX,
+		    REG_M, REG_SIGOUT, REGLIST_END },
+    verify_regs[] = { REG_BIGA, REG_PH, REG_CTX,
+		      REG_M, REG_SIGIN, REG_RC, REGLIST_END };
+
+static const struct test tests[] = {
+    { "pubkey", run_test, pubkey_regs, test_pubkey },
+    { "sign", run_test, sign_regs, test_sign },
+    { "verify", run_test, verify_regs, test_verify },
+    { 0 }
+};
+
+int main(void)
+    { return run_test_suite(NROUT, NREG, sizeof(struct reg), tests, stdin); }
-- 
2.11.0