Merge commit 'e50ac707' as 'lib/curve25519-donna'

6c56bcf2 · Mark Haines · 09d8e84c · e50ac707 · 6c56bcf2 · 6c56bcf2
Commit 6c56bcf2 authored 10 years ago by Mark Haines
--- a/lib/curve25519-donna/test-noncanon.c
+++ b/lib/curve25519-donna/test-noncanon.c
+/* This file can be used to test whether the code handles non-canonical curve
+ * points (i.e. points with the 256th bit set) in the same way as the reference
+ * implementation. */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+extern void curve25519_donna(unsigned char *output, const unsigned char *a,
+                             const unsigned char *b);
+int
+main()
+{
+  static const uint8_t point1[32] = {
+    0x25,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+  };
+  static const uint8_t point2[32] = {
+    0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+  };
+  static const uint8_t scalar[32] = { 1 };
+  uint8_t out1[32], out2[32];
+
+  curve25519_donna(out1, scalar, point1);
+  curve25519_donna(out2, scalar, point2);
+
+  if (0 == memcmp(out1, out2, sizeof(out1))) {
+    fprintf(stderr, "Top bit not ignored.\n");
+    return 1;
+  }
+
+  fprintf(stderr, "Top bit correctly ignored.\n");
+  return 0;
+}
--- a/lib/curve25519-donna/test-sc-curve25519.c
+++ b/lib/curve25519-donna/test-sc-curve25519.c
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+#include <math.h>
+
+extern void curve25519_donna(uint8_t *, const uint8_t *, const uint8_t *);
+extern uint64_t tsc_read();
+
+int
+main(int argc, char **argv) {
+  uint8_t private_key[32], public[32], peer1[32], peer2[32], output[32];
+  static const uint8_t basepoint[32] = {9};
+  unsigned i;
+  uint64_t sum = 0, sum_squares = 0, skipped = 0, mean;
+  static const unsigned count = 200000;
+
+  memset(private_key, 42, sizeof(private_key));
+
+  private_key[0] &= 248;
+  private_key[31] &= 127;
+  private_key[31] |= 64;
+
+  curve25519_donna(public, private_key, basepoint);
+  memset(peer1, 0, sizeof(peer1));
+  memset(peer2, 255, sizeof(peer2));
+
+  for (i = 0; i < count; ++i) {
+    const uint64_t start = tsc_read();
+    curve25519_donna(output, peer1, public);
+    const uint64_t end = tsc_read();
+    const uint64_t delta = end - start;
+    if (delta > 650000) {
+      // something terrible happened (task switch etc)
+      skipped++;
+      continue;
+    }
+    sum += delta;
+    sum_squares += (delta * delta);
+  }
+
+  mean = sum / ((uint64_t) count);
+  printf("all 0: mean:%lu sd:%f skipped:%lu\n",
+         mean,
+         sqrt((double)(sum_squares/((uint64_t) count) - mean*mean)),
+         skipped);
+
+  sum = sum_squares = skipped = 0;
+
+  for (i = 0; i < count; ++i) {
+    const uint64_t start = tsc_read();
+    curve25519_donna(output, peer2, public);
+    const uint64_t end = tsc_read();
+    const uint64_t delta = end - start;
+    if (delta > 650000) {
+      // something terrible happened (task switch etc)
+      skipped++;
+      continue;
+    }
+    sum += delta;
+    sum_squares += (delta * delta);
+  }
+
+  mean = sum / ((uint64_t) count);
+  printf("all 1: mean:%lu sd:%f skipped:%lu\n",
+         mean,
+         sqrt((double)(sum_squares/((uint64_t) count) - mean*mean)),
+         skipped);
+
+  return 0;
+}
--- a/lib/curve25519-donna/test-sc-curve25519.s
+++ b/lib/curve25519-donna/test-sc-curve25519.s
+.text
+.globl tsc_read
+
+tsc_read:
+rdtsc
+shl $32,%rdx
+or %rdx,%rax
+ret