v
Зеркало из https://github.com/vlang/v
1module edwards255192import os4import rand5import encoding.hex6import math.big7const github_job = os.getenv('GITHUB_JOB')9fn testsuite_begin() {11if github_job != '' {12// ensure that the CI does not run flaky tests:13rand.seed([u32(0xffff24), 0xabcd])14}15}16fn test_scalar_equal() {18assert sc_one.equal(sc_minus_one) != 119assert sc_minus_one.equal(sc_minus_one) != 021}22fn test_scalar_non_adjacent_form() {24mut s := Scalar{25s: [u8(0x1a), 0x0e, 0x97, 0x8a, 0x90, 0xf6, 0x62, 0x2d, 0x37, 0x47, 0x02, 0x3f, 0x8a, 0xd8,260x26, 0x4d, 0xa7, 0x58, 0xaa, 0x1b, 0x88, 0xe0, 0x40, 0xd1, 0x58, 0x9e, 0x7b, 0x7f,270x23, 0x76, 0xef, 0x09]!28}29expected_naf := [i8(0), 13, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, -9, 0, 0, 0, 0, -11,300, 0, 0, 0, 3, 0, 0, 0, 0, 1, 0, 0, 0, 0, 9, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, 3, 0, 0,310, 0, 11, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, -9, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 9, 0, 0, 0,320, 0, 1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 9, 0, 0, 0, 0, -15, 0, 0, 0, 0, -7, 0, 0,330, 0, -9, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -11, 0, 0, 0,340, -7, 0, 0, 0, 0, -13, 0, 0, 0, 0, 11, 0, 0, 0, 0, -9, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0,35-15, 0, 0, 0, 0, 1, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 13, 0, 0,360, 0, 0, 0, 11, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 0, -9, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0,370, 0, 0, 0, 7, 0, 0, 0, 0, 0, -15, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 15, 0, 0, 0, 0, 15, 0,380, 0, 0, 0, 1, 0, 0, 0, 0]39snaf := s.non_adjacent_form(5)41for i := 0; i < 256; i++ {42assert expected_naf[i] == snaf[i]43}44}45fn addlike_subneg(x Scalar, y Scalar) bool {47// Compute t1 = x - y48mut t1 := Scalar{}49t1.subtract(x, y)50// Compute t2 = -y + x52mut t2 := Scalar{}53t2.negate(y)54t2.add(t2, x)55return t1 == t2 && is_reduced(t1)57}58fn test_scalar_add_like_subneg() {60for i in 0 .. 15 {61x := generate_scalar(1000) or { panic(err) }62y := generate_scalar(1000) or { panic(err) }63assert addlike_subneg(x, y) == true64}65}66fn fg(sc Scalar) bool {68return is_reduced(sc)69}70fn test_scalar_generate() {72for i in 0 .. 15 {73sc := generate_scalar(1000) or { panic(err) }74assert fg(sc) == true76}77}78//80fn test_scalar_set_canonical_bytes() {81for i in 0 .. 10 {82mut buf := rand.bytes(32) or { panic(err) }83mut sc := generate_scalar(1000) or { panic(err) }84buf[buf.len - 1] &= (1 << 4) - 185sc = sc.set_canonical_bytes(buf) or { panic(err) }86assert buf[..] == sc.bytes()88assert is_reduced(sc)89}90}91fn test_scalar_set_canonical_bytes_round_trip() {93for i in 0 .. 10 {94mut sc1 := generate_scalar(2)!95mut sc2 := generate_scalar(6)!96sc2.set_canonical_bytes(sc1.bytes()) or { panic(err) }97assert sc1 == sc299}100}101const sc_error = Scalar{103s: [32]u8{init: (u8(-1))}104}105fn test_scalar_set_canonical_bytes_on_noncanonical_value() {107mut b := sc_minus_one.s108b[31] += 1109mut s := sc_one111out := s.set_canonical_bytes(b[..]) or { sc_error } // set_canonical_bytes shouldn't worked on a non-canonical value"112assert out == sc_error113assert s == sc_one114}115fn test_scalar_set_uniform_bytes() {117// mod, _ := new(big.Integer).SetString("27742317777372353535851937790883648493", 10)118mut mod := big.integer_from_string('27742317777372353535851937790883648493')!119// mod.Add(mod, new(big.Integer).Lsh(big.NewInt(1), 252))120mod = mod + big.integer_from_i64(1).left_shift(252)121mut sc := generate_scalar(100)!123inp := rand.bytes(64)!124sc.set_uniform_bytes(inp[..])!126assert is_reduced(sc) == true127scbig := bigint_from_le_bytes(sc.s[..])129inbig := bigint_from_le_bytes(inp)130// return inbig.Mod(inbig, mod).Cmp(scbig) == 0131_, m := inbig.div_mod(mod)132assert m.abs_cmp(scbig) == 0 // NEED FIX133}134fn bigint_from_le_bytes(b []u8) big.Integer {136mut bc := b.clone()137buf := swap_endianness(mut bc) // WITHOUT THIS, some test would fail138bg := big.integer_from_bytes(buf)139return bg140}141fn test_scalar_set_bytes_with_clamping() {143// Generated with libsodium.js 1.0.18 crypto_scalarmult_ed25519_base.144/*145random := "633d368491364dc9cd4c1bf891b1d59460face1644813240a313e61f2c88216e"146s, _ := new(Scalar).SetBytesWithClamping(decodeHex(random))147p := new(Point).ScalarBaseMult(s)148want := "1d87a9026fd0126a5736fe1628c95dd419172b5b618457e041c9c861b2494a94"149if got := hex.EncodeToString(p.Bytes()); got != want {150t.Errorf("random: got %q, want %q", got, want)151}*/152random := '633d368491364dc9cd4c1bf891b1d59460face1644813240a313e61f2c88216e'153random_bytes := hex.decode(random) or { panic(err) }154mut s0 := Scalar{}156s0.set_bytes_with_clamping(random_bytes) or { panic(err) }157mut p0 := Point{}159p0.scalar_base_mult(mut s0)160want0 := '1d87a9026fd0126a5736fe1628c95dd419172b5b618457e041c9c861b2494a94'162got0 := hex.encode(p0.bytes())163assert got0 == want0165zero := '0000000000000000000000000000000000000000000000000000000000000000'167mut s1 := Scalar{}168zero_bytes := hex.decode(zero) or { panic(err) }169s1.set_bytes_with_clamping(zero_bytes) or { panic(err) }170mut p1 := Point{}171p1.scalar_base_mult(mut s1)172want1 := '693e47972caf527c7883ad1b39822f026f47db2ab0e1919955b8993aa04411d1'174got1 := hex.encode(p1.bytes())175assert want1 == got1176one := 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'178mut s2 := Scalar{}179mut one_bytes := hex.decode(one) or { panic(err) }180s2.set_bytes_with_clamping(one_bytes) or { panic(err) }181mut p2 := Point{}182p2.scalar_base_mult(mut s2)183want2 := '12e9a68b73fd5aacdbcaf3e88c46fea6ebedb1aa84eed1842f07f8edab65e3a7'185got2 := hex.encode(p2.bytes())186assert want2 == got2188}189fn test_scalar_multiply_distributes_over_add() {191x := generate_scalar(100)!192y := generate_scalar(100)!193z := generate_scalar(100)!194// Compute t1 = (x+y)*z196mut t1 := Scalar{}197t1.add(x, y)198t1.multiply(t1, z)199// Compute t2 = x*z + y*z201mut t2 := Scalar{}202mut t3 := Scalar{}203t2.multiply(x, z)204t3.multiply(y, z)205t2.add(t2, t3)206assert t1 == t2 && is_reduced(t1) && is_reduced(t3)208}209