Commit d1e2bbec authored by Michael Hamburg's avatar Michael Hamburg

fix Ed448-prehash and test against newly-corrected cfrg vectors

parent c558c0ec
......@@ -70,7 +70,9 @@ private:
}
if (SUPPORTS_CONTEXTS) {
const char pfx[] = "$(eddsa_dom)";
uint8_t dom[2] = {2, (uint8_t)context_.size() };
update((const unsigned char*)pfx,strlen(pfx));
update(dom,2);
update(context_);
}
......
......@@ -113,6 +113,15 @@ const uint8_t ed448_eddsa_sk[][57] = {{
0xf2,0x9a,0xdf,0x86,0xec,0x99,0x29,0xdc,
0xcb,0x52,0xc1,0xc5,0xfd,0x2f,0xf7,0xe2,
0x1b
}, {
0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42,
0xef,0x78,0x22,0xe0,0xd5,0x10,0x41,0x27,
0xdc,0x05,0xd6,0xdb,0xef,0xde,0x69,0xe3,
0xab,0x2c,0xec,0x7c,0x86,0x7c,0x6e,0x2c,
0x49
}};
const uint8_t ed448_eddsa_pk[][57] = {{
0x5f,0xd7,0x44,0x9b,0x59,0xb4,0x61,0xfd,
......@@ -150,6 +159,15 @@ const uint8_t ed448_eddsa_pk[][57] = {{
0x94,0xd1,0x9b,0x94,0x53,0x61,0x72,0x6b,
0xd7,0x5e,0x14,0x9e,0xf0,0x98,0x17,0xf5,
0x80
}, {
0x25,0x9b,0x71,0xc1,0x9f,0x83,0xef,0x77,
0xa7,0xab,0xd2,0x65,0x24,0xcb,0xdb,0x31,
0x61,0xb5,0x90,0xa4,0x8f,0x7d,0x17,0xde,
0x3e,0xe0,0xba,0x9c,0x52,0xbe,0xb7,0x43,
0xc0,0x94,0x28,0xa1,0x31,0xd6,0xb1,0xb5,
0x73,0x03,0xd9,0x0d,0x81,0x32,0xc2,0x76,
0xd5,0xed,0x3d,0x5d,0x01,0xc0,0xf5,0x38,
0x80
}};
const uint8_t ed448_eddsa_message[][12] = {{
0
......@@ -161,16 +179,17 @@ const uint8_t ed448_eddsa_message[][12] = {{
}, {
0x64,0xa6,0x5f,0x3c,0xde,0xdc,0xdd,0x66,
0x81,0x1e,0x29,0x15
}, {
0x61,0x62,0x63
}};
/* TODO: prehashed test vectors, once spec is fixed */
template<> const bool Tests<Ed448Goldilocks>::eddsa_prehashed[] = {
false,
false,
false,
false,
false
false,
true
};
const uint8_t ed448_eddsa_context[][3] = {{
......@@ -256,6 +275,22 @@ const uint8_t ed448_eddsa_sig[][114] = {{
0x54,0x28,0x40,0x7e,0x85,0xdc,0xbc,0x98,
0xa4,0x91,0x55,0xc1,0x37,0x64,0xe6,0x6c,
0x3c,0x00
}, {
0x86,0xa6,0xbf,0x52,0xf9,0xe8,0xf8,0x4f,
0x45,0x1b,0x2f,0x39,0x2a,0x8d,0x1c,0x3a,
0x41,0x44,0x25,0xfa,0xc0,0x06,0x8f,0x74,
0xae,0xea,0xd5,0x3b,0x0e,0x6b,0x53,0xd4,
0x55,0x5c,0xea,0x17,0x26,0xda,0x4a,0x65,
0x20,0x28,0x80,0xd4,0x07,0x26,0x70,0x87,
0x9e,0x8e,0x6f,0xa4,0xd9,0x69,0x4c,0x06,
0x00,0x54,0xf2,0x06,0x5d,0xc2,0x06,0xa6,
0xe6,0x15,0xd0,0xd8,0xc9,0x9b,0x95,0x20,
0x9b,0x69,0x6c,0x81,0x25,0xc5,0xfb,0xb9,
0xbc,0x82,0xa0,0xf7,0xed,0x3d,0x99,0xc4,
0xc1,0x1c,0x47,0x79,0x8e,0xf0,0xf7,0xeb,
0x97,0xb3,0xb7,0x2a,0xb4,0xac,0x86,0xea,
0xf8,0xb4,0x34,0x49,0xe8,0xac,0x30,0xff,
0x3f,0x00
}};
template<> const Block Tests<Ed448Goldilocks>::eddsa_sk[] = {
Block(ed448_eddsa_sk[0],57),
......@@ -263,6 +298,7 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_sk[] = {
Block(ed448_eddsa_sk[1],57),
Block(ed448_eddsa_sk[2],57),
Block(ed448_eddsa_sk[3],57),
Block(ed448_eddsa_sk[4],57),
Block(NULL,0)
};
template<> const Block Tests<Ed448Goldilocks>::eddsa_pk[] = {
......@@ -270,28 +306,32 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_pk[] = {
Block(ed448_eddsa_pk[1],57),
Block(ed448_eddsa_pk[1],57),
Block(ed448_eddsa_pk[2],57),
Block(ed448_eddsa_pk[3],57)
Block(ed448_eddsa_pk[3],57),
Block(ed448_eddsa_pk[4],57)
};
template<> const Block Tests<Ed448Goldilocks>::eddsa_message[] = {
Block(ed448_eddsa_message[0],0),
Block(ed448_eddsa_message[1],1),
Block(ed448_eddsa_message[1],1),
Block(ed448_eddsa_message[2],11),
Block(ed448_eddsa_message[3],12)
Block(ed448_eddsa_message[3],12),
Block(ed448_eddsa_message[4],3)
};
template<> const Block Tests<Ed448Goldilocks>::eddsa_context[] = {
Block(NULL,0),
Block(NULL,0),
Block(ed448_eddsa_context[0],3),
Block(NULL,0),
Block(NULL,0)
Block(NULL,0),
Block(ed448_eddsa_context[0],3)
};
template<> const Block Tests<Ed448Goldilocks>::eddsa_sig[] = {
Block(ed448_eddsa_sig[0],114),
Block(ed448_eddsa_sig[1],114),
Block(ed448_eddsa_sig[4],114),
Block(ed448_eddsa_sig[2],114),
Block(ed448_eddsa_sig[3],114)
Block(ed448_eddsa_sig[3],114),
Block(ed448_eddsa_sig[5],114)
};
const uint8_t ed25519_eddsa_sk[][32] = {{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment