Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
AUTHORS	4.78 KB	-rw-r--r--
ChangeLog	27.5 KB	-rw-r--r--
README.markdown	2.04 KB	-rw-r--r--
THANKS	2.24 KB	-rw-r--r--
aead_aes256gcm.c	145.83 KB	-rw-r--r--
aead_aes256gcm.exp	3 B	-rw-r--r--
aead_aes256gcm2.c	13.62 KB	-rw-r--r--
aead_aes256gcm2.exp	3 B	-rw-r--r--
aead_chacha20poly1305.c	14.77 KB	-rw-r--r--
aead_chacha20poly1305.exp	2.35 KB	-rw-r--r--
aead_chacha20poly13052.c	63.87 KB	-rw-r--r--
aead_chacha20poly13052.exp	3 B	-rw-r--r--
aead_xchacha20poly1305.c	8.4 KB	-rw-r--r--
aead_xchacha20poly1305.exp	1.95 KB	-rw-r--r--
auth.c	4.96 KB	-rw-r--r--
auth.exp	1.12 KB	-rw-r--r--
auth2.c	1.08 KB	-rw-r--r--
auth2.exp	164 B	-rw-r--r--
auth3.c	1.43 KB	-rw-r--r--
auth3.exp	2 B	-rw-r--r--
auth5.c	1.06 KB	-rw-r--r--
auth5.exp	0 B	-rw-r--r--
auth6.c	449 B	-rw-r--r--
auth6.exp	328 B	-rw-r--r--
auth7.c	1.14 KB	-rw-r--r--
auth7.exp	0 B	-rw-r--r--
box.c	4.42 KB	-rw-r--r--
box.exp	1.47 KB	-rw-r--r--
box2.c	3.31 KB	-rw-r--r--
box2.exp	1.31 KB	-rw-r--r--
box7.c	1.53 KB	-rw-r--r--
box7.exp	0 B	-rw-r--r--
box8.c	1.7 KB	-rw-r--r--
box8.exp	0 B	-rw-r--r--
box_easy.c	2.84 KB	-rw-r--r--
box_easy.exp	908 B	-rw-r--r--
box_easy2.c	5.42 KB	-rw-r--r--
box_easy2.exp	15 B	-rw-r--r--
box_seal.c	2.85 KB	-rw-r--r--
box_seal.exp	22 B	-rw-r--r--
box_seed.c	839 B	-rw-r--r--
box_seed.exp	328 B	-rw-r--r--
chacha20.c	7.63 KB	-rw-r--r--
chacha20.exp	20.19 KB	-rw-r--r--
cmptest.h	4.6 KB	-rw-r--r--
codecs.c	11.94 KB	-rw-r--r--
codecs.exp	417 B	-rw-r--r--
core1.c	1.18 KB	-rw-r--r--
core1.exp	164 B	-rw-r--r--
core2.c	1.19 KB	-rw-r--r--
core2.exp	164 B	-rw-r--r--
core3.c	3.19 KB	-rw-r--r--
core3.exp	195 B	-rw-r--r--
core4.c	981 B	-rw-r--r--
core4.exp	264 B	-rw-r--r--
core5.c	908 B	-rw-r--r--
core5.exp	164 B	-rw-r--r--
core6.c	1.31 KB	-rw-r--r--
core6.exp	164 B	-rw-r--r--
core_ed25519.c	16.35 KB	-rw-r--r--
core_ed25519.exp	1.18 KB	-rw-r--r--
core_ristretto255.c	11.36 KB	-rw-r--r--
core_ristretto255.exp	458 B	-rw-r--r--
ed25519_convert.c	3.18 KB	-rw-r--r--
ed25519_convert.exp	167 B	-rw-r--r--
generichash.c	144.46 KB	-rw-r--r--
generichash.exp	4.25 KB	-rw-r--r--
generichash2.c	2.41 KB	-rw-r--r--
generichash2.exp	4.13 KB	-rw-r--r--
generichash3.c	7.19 KB	-rw-r--r--
generichash3.exp	5.51 KB	-rw-r--r--
hash.c	1.47 KB	-rw-r--r--
hash.exp	388 B	-rw-r--r--
hash2.exp	129 B	-rw-r--r--
hash3.c	335 B	-rw-r--r--
hash3.exp	129 B	-rw-r--r--
kdf.c	2.31 KB	-rw-r--r--
kdf.exp	5.97 KB	-rw-r--r--
keygen.c	2.62 KB	-rw-r--r--
keygen.exp	14 B	-rw-r--r--
kx.c	6.21 KB	-rw-r--r--
kx.exp	478 B	-rw-r--r--
metamorphic.c	5.48 KB	-rw-r--r--
metamorphic.exp	3 B	-rw-r--r--
misuse.c	4.37 KB	-rw-r--r--
misuse.exp	0 B	-rw-r--r--
onetimeauth.c	2.32 KB	-rw-r--r--
onetimeauth.exp	164 B	-rw-r--r--
onetimeauth2.c	1.38 KB	-rw-r--r--
onetimeauth2.exp	2 B	-rw-r--r--
onetimeauth7.c	948 B	-rw-r--r--
onetimeauth7.exp	0 B	-rw-r--r--
pwhash_argon2i.c	21.74 KB	-rw-r--r--
pwhash_argon2i.exp	3.03 KB	-rw-r--r--
pwhash_argon2id.c	25.31 KB	-rw-r--r--
pwhash_argon2id.exp	3.61 KB	-rw-r--r--
pwhash_scrypt.c	18.18 KB	-rw-r--r--
pwhash_scrypt.exp	4.5 KB	-rw-r--r--
pwhash_scrypt_ll.c	1.68 KB	-rw-r--r--
pwhash_scrypt_ll.exp	714 B	-rw-r--r--
quirks.h	488 B	-rw-r--r--
randombytes.c	3.87 KB	-rw-r--r--
randombytes.exp	220 B	-rw-r--r--
scalarmult.c	2.42 KB	-rw-r--r--
scalarmult.exp	260 B	-rw-r--r--
scalarmult2.c	794 B	-rw-r--r--
scalarmult2.exp	164 B	-rw-r--r--
scalarmult5.c	1.18 KB	-rw-r--r--
scalarmult5.exp	164 B	-rw-r--r--
scalarmult6.c	1.51 KB	-rw-r--r--
scalarmult6.exp	164 B	-rw-r--r--
scalarmult7.c	909 B	-rw-r--r--
scalarmult7.exp	2 B	-rw-r--r--
scalarmult8.c	24.37 KB	-rw-r--r--
scalarmult8.exp	2.16 KB	-rw-r--r--
scalarmult_ed25519.c	4.92 KB	-rw-r--r--
scalarmult_ed25519.exp	3 B	-rw-r--r--
scalarmult_ristretto255.c	1.87 KB	-rw-r--r--
scalarmult_ristretto255.exp	1.06 KB	-rw-r--r--
secretbox.c	3.5 KB	-rw-r--r--
secretbox.exp	1.47 KB	-rw-r--r--
secretbox2.c	2.37 KB	-rw-r--r--
secretbox2.exp	672 B	-rw-r--r--
secretbox7.c	1.05 KB	-rw-r--r--
secretbox7.exp	0 B	-rw-r--r--
secretbox8.c	1.2 KB	-rw-r--r--
secretbox8.exp	0 B	-rw-r--r--
secretbox_easy.c	4.44 KB	-rw-r--r--
secretbox_easy.exp	4.02 KB	-rw-r--r--
secretbox_easy2.c	2.54 KB	-rw-r--r--
secretbox_easy2.exp	10 B	-rw-r--r--
secretstream.c	11.43 KB	-rw-r--r--
secretstream.exp	3 B	-rw-r--r--
shorthash.c	968 B	-rw-r--r--
shorthash.exp	1.06 KB	-rw-r--r--
sign.c	2.65 MB	-rw-r--r--
sign.exp	512 B	-rw-r--r--
siphashx24.c	1.02 KB	-rw-r--r--
siphashx24.exp	2.06 KB	-rw-r--r--
sodium_core.c	936 B	-rw-r--r--
sodium_core.exp	17 B	-rw-r--r--
sodium_utils.c	8.22 KB	-rw-r--r--
sodium_utils.exp	756 B	-rw-r--r--
sodium_utils2.c	2.27 KB	-rw-r--r--
sodium_utils2.exp	46 B	-rw-r--r--
sodium_utils3.c	1.41 KB	-rw-r--r--
sodium_utils3.exp	43 B	-rw-r--r--
sodium_version.c	387 B	-rw-r--r--
sodium_version.exp	6 B	-rw-r--r--
stream.c	2.71 KB	-rw-r--r--
stream.exp	42.58 KB	-rw-r--r--
stream2.c	1.58 KB	-rw-r--r--
stream2.exp	130 B	-rw-r--r--
stream3.c	979 B	-rw-r--r--
stream3.exp	164 B	-rw-r--r--
stream4.c	2.02 KB	-rw-r--r--
stream4.exp	672 B	-rw-r--r--
verify1.c	2.05 KB	-rw-r--r--
verify1.exp	6 B	-rw-r--r--
xchacha20.c	25.49 KB	-rw-r--r--
xchacha20.exp	482 B	-rw-r--r--

Code Editor : core_ed25519.c

#define TEST_NAME "core_ed25519"
#include "cmptest.h"

static const unsigned char non_canonical_p[32] = {
    0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char non_canonical_invalid_p[32] = {
    0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};
static const unsigned char max_canonical_p[32] = {
    0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
};

static void
add_P(unsigned char * const S)
{
    static const unsigned char P[32] = {
        0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
    };

sodium_add(S, P, sizeof P);
}

static void
add_l64(unsigned char * const S)
{
    static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
      { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
        0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };

sodium_add(S, l, sizeof l);
}

int
main(void)
{
    unsigned char *h, *r;
    unsigned char *p, *p2, *p3;
    unsigned char *sc, *sc2, *sc3;
    unsigned char *sc64;
    char          *hex;
    unsigned int   i, j;

h = (unsigned char *) sodium_malloc(crypto_core_ed25519_HASHBYTES);
    r = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES);
    p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
    for (i = 0; i < 500; i++) {
        randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
        if (crypto_core_ed25519_from_uniform(p, r) != 0) {
            printf("crypto_core_ed25519_from_uniform() failed\n");
        }
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
            printf("crypto_core_ed25519_from_uniform() returned an invalid point\n");
        }

randombytes_buf(h, crypto_core_ed25519_HASHBYTES);
        if (crypto_core_ed25519_from_hash(p, h) != 0) {
            printf("crypto_core_ed25519_from_hash() failed\n");
        }
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
            printf("crypto_core_ed25519_from_hash() returned an invalid point\n");
        }

crypto_core_ed25519_random(p);
        if (crypto_core_ed25519_is_valid_point(p) == 0) {
            printf("crypto_core_ed25519_random() returned an invalid point\n");
        }
    }

p2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
    p3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);

crypto_core_ed25519_random(p2);

j = 1 + (unsigned int) randombytes_uniform(100);
    memcpy(p3, p, crypto_core_ed25519_BYTES);
    for (i = 0; i < j; i++) {
        crypto_core_ed25519_add(p, p, p2);
        if (crypto_core_ed25519_is_valid_point(p) != 1) {
            printf("crypto_core_add() returned an invalid point\n");
        }
    }
    if (memcmp(p, p3, crypto_core_ed25519_BYTES) == 0) {
        printf("crypto_core_add() failed\n");
    }
    for (i = 0; i < j; i++) {
        crypto_core_ed25519_sub(p, p, p2);
    }
    if (memcmp(p, p3, crypto_core_ed25519_BYTES) != 0) {
        printf("crypto_core_add() or crypto_core_sub() failed\n");
    }
    sc = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
    memset(sc, 0, crypto_scalarmult_ed25519_SCALARBYTES);
    sc[0] = 8;
    memcpy(p2, p, crypto_core_ed25519_BYTES);
    memcpy(p3, p, crypto_core_ed25519_BYTES);

for (i = 0; i < 254; i++) {
        crypto_core_ed25519_add(p2, p2, p2);
    }
    for (i = 0; i < 8; i++) {
        crypto_core_ed25519_add(p2, p2, p);
    }
    if (crypto_scalarmult_ed25519(p3, sc, p) != 0) {
        printf("crypto_scalarmult_ed25519() failed\n");
    }
    if (memcmp(p2, p3, crypto_core_ed25519_BYTES) != 0) {
        printf("crypto_scalarmult_ed25519() is inconsistent with crypto_core_ed25519_add()\n");
    }

assert(crypto_core_ed25519_is_valid_point(p) == 1);

memset(p, 0, crypto_core_ed25519_BYTES);
    assert(crypto_core_ed25519_is_valid_point(p) == 0);

p[0] = 1;
    assert(crypto_core_ed25519_is_valid_point(p) == 0);

p[0] = 2;
    assert(crypto_core_ed25519_is_valid_point(p) == 0);

p[0] = 9;
    assert(crypto_core_ed25519_is_valid_point(p) == 1);

assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
    assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
    assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);

memcpy(p2, p, crypto_core_ed25519_BYTES);
    add_P(p2);
    crypto_core_ed25519_add(p3, p2, p2);
    crypto_core_ed25519_sub(p3, p3, p2);
    assert(memcmp(p2, p, crypto_core_ed25519_BYTES) != 0);
    assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);

p[0] = 2;
    assert(crypto_core_ed25519_add(p3, p2, p) == -1);
    assert(crypto_core_ed25519_add(p3, p2, non_canonical_p) == 0);
    assert(crypto_core_ed25519_add(p3, p2, non_canonical_invalid_p) == -1);
    assert(crypto_core_ed25519_add(p3, p, p3) == -1);
    assert(crypto_core_ed25519_add(p3, non_canonical_p, p3) == 0);
    assert(crypto_core_ed25519_add(p3, non_canonical_invalid_p, p3) == -1);

assert(crypto_core_ed25519_sub(p3, p2, p) == -1);
    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_p) == 0);
    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_invalid_p) == -1);
    assert(crypto_core_ed25519_sub(p3, p, p3) == -1);
    assert(crypto_core_ed25519_sub(p3, non_canonical_p, p3) == 0);
    assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1);

for (i = 0; i < 1000; i++) {
        crypto_core_ed25519_random(p);
        do {
            crypto_core_ed25519_scalar_random(sc);
        } while (sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
        if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) {
            printf("crypto_scalarmult_ed25519_noclamp() failed\n");
        }
        assert(crypto_core_ed25519_is_valid_point(p2));
        if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
            printf("crypto_core_ed25519_scalar_invert() failed\n");
        }
        if (crypto_scalarmult_ed25519_noclamp(p3, sc, p2) != 0) {
            printf("crypto_scalarmult_ed25519_noclamp() failed\n");
        }
        assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
    }

sc64 = (unsigned char *) sodium_malloc(64);
    crypto_core_ed25519_scalar_random(sc);
    memcpy(sc64, sc, crypto_core_ed25519_BYTES);
    memset(sc64 + crypto_core_ed25519_BYTES, 0,
           64 - crypto_core_ed25519_BYTES);
    i = (unsigned int) randombytes_uniform(100);
    do {
        add_l64(sc64);
    } while (i-- > 0);
    crypto_core_ed25519_scalar_reduce(sc64, sc64);
    if (memcmp(sc64, sc, crypto_core_ed25519_BYTES) != 0) {
        printf("crypto_core_ed25519_scalar_reduce() failed\n");
    }

randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES);
    crypto_core_ed25519_from_uniform(p, r);
    memcpy(p2, p, crypto_core_ed25519_BYTES);
    crypto_core_ed25519_scalar_random(sc);
    if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
        printf("crypto_scalarmult_ed25519_noclamp() failed (1)\n");
    }
    crypto_core_ed25519_scalar_complement(sc, sc);
    if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
        printf("crypto_scalarmult_ed25519_noclamp() failed (2)\n");
    }
    crypto_core_ed25519_add(p3, p, p2);
    crypto_core_ed25519_from_uniform(p, r);
    crypto_core_ed25519_sub(p, p, p3);
    assert(p[0] == 0x01);
    for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
        assert(p[i] == 0);
    }

crypto_core_ed25519_random(p);
    memcpy(p2, p, crypto_core_ed25519_BYTES);
    crypto_core_ed25519_scalar_random(sc);
    if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) {
        printf("crypto_scalarmult_ed25519_noclamp() failed (3)\n");
    }
    crypto_core_ed25519_scalar_negate(sc, sc);
    if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) {
        printf("crypto_scalarmult_ed25519_noclamp() failed (4)\n");
    }
    crypto_core_ed25519_add(p, p, p2);
    assert(p[0] == 0x01);
    for (i = 1; i < crypto_core_ed25519_BYTES; i++) {
        assert(p[i] == 0);
    }

hex = (char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1);

for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 255 - i;
    }
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
        printf("crypto_core_ed25519_scalar_invert() failed\n");
    }
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("inv1: %s\n", hex);
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
        printf("crypto_core_ed25519_scalar_invert() failed\n");
    }
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("inv2: %s\n", hex);
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 32 - i;
    }
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
        printf("crypto_core_ed25519_scalar_invert() failed\n");
    }

sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("inv3: %s\n", hex);
    if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) {
        printf("crypto_core_ed25519_scalar_invert() failed\n");
    }
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("inv4: %s\n", hex);

for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 255 - i;
    }
    crypto_core_ed25519_scalar_negate(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("neg1: %s\n", hex);
    crypto_core_ed25519_scalar_negate(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("neg2: %s\n", hex);
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 32 - i;
    }
    crypto_core_ed25519_scalar_negate(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("neg3: %s\n", hex);
    crypto_core_ed25519_scalar_negate(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("neg4: %s\n", hex);

for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 255 - i;
    }
    crypto_core_ed25519_scalar_complement(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("comp1: %s\n", hex);
    crypto_core_ed25519_scalar_complement(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("comp2: %s\n", hex);
    for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) {
        sc[i] = 32 - i;
    }
    crypto_core_ed25519_scalar_complement(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("comp3: %s\n", hex);
    crypto_core_ed25519_scalar_complement(sc, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("comp4: %s\n", hex);

sc2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
    sc3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES);
    for (i = 0; i < 1000; i++) {
        randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES);
        randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES);
        sc[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
        sc2[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f;
        crypto_core_ed25519_scalar_add(sc3, sc, sc2);
        assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc2);
        assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));
    }

memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
    crypto_core_ed25519_scalar_add(sc, sc, sc2);
    crypto_core_ed25519_scalar_add(sc, sc2, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("add1: %s\n", hex);

crypto_core_ed25519_scalar_sub(sc, sc2, sc);
    crypto_core_ed25519_scalar_sub(sc, sc, sc2);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("sub1: %s\n", hex);

memset(sc, 0xcd, crypto_core_ed25519_SCALARBYTES);
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
    crypto_core_ed25519_scalar_add(sc, sc, sc2);
    crypto_core_ed25519_scalar_add(sc, sc2, sc);
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc, crypto_core_ed25519_SCALARBYTES);
    printf("add2: %s\n", hex);

memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES);
    memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES);
    for (i = 0; i < 100; i++) {
        crypto_core_ed25519_scalar_mul(sc, sc, sc2);
        crypto_core_ed25519_scalar_mul(sc2, sc, sc2);
    }
    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
                   sc2, crypto_core_ed25519_SCALARBYTES);
    printf("mul: %s\n", hex);
    for (i = 0; i < 1000; i++) {
        crypto_core_ed25519_scalar_random(sc);
        memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));

sc2[0]++;
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);

sc2[0]++;
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
        crypto_core_ed25519_scalar_sub(sc3, sc3, sc);
        assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES));

do {
            crypto_core_ed25519_scalar_random(sc2);
        } while (sodium_is_zero(sc2, crypto_core_ed25519_SCALARBYTES));
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
        crypto_core_ed25519_scalar_invert(sc2, sc2);
        crypto_core_ed25519_scalar_mul(sc3, sc3, sc2);
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0);

sc[31] |= 0x11;
        memset(sc2, 0, crypto_core_ed25519_SCALARBYTES);
        sc2[0] = 1;
        crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
        assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
    }
    sodium_free(hex);
    sodium_free(sc64);
    sodium_free(sc3);
    sodium_free(sc2);
    sodium_free(sc);
    sodium_free(p3);
    sodium_free(p2);
    sodium_free(p);
    sodium_free(r);
    sodium_free(h);

assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
    assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes());
    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes());
    assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES);
    assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
    assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);
    assert(crypto_core_ed25519_HASHBYTES == crypto_core_ed25519_hashbytes());
    assert(crypto_core_ed25519_HASHBYTES >= 2 * crypto_core_ed25519_BYTES);

printf("OK\n");

return 0;
}

${this.title}

Code Editor : core_ed25519.c