summaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-02-01 16:33:13 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2018-02-01 19:51:50 +0100
commitb9bf37d3e1d0aec3690832b65ebcdf5389a47c44 (patch)
tree88d3927bcb579807188727498e2e099f1e9e3c2c
parenttools: dedup secret normalization (diff)
downloadwireguard-monolithic-historical-b9bf37d3e1d0aec3690832b65ebcdf5389a47c44.tar.xz
wireguard-monolithic-historical-b9bf37d3e1d0aec3690832b65ebcdf5389a47c44.zip
curve25519: verify that specialized basepoint implementations are correct
-rw-r--r--src/selftest/curve25519.h20
1 files changed, 17 insertions, 3 deletions
diff --git a/src/selftest/curve25519.h b/src/selftest/curve25519.h
index 1c86eae..c8a25ed 100644
--- a/src/selftest/curve25519.h
+++ b/src/selftest/curve25519.h
@@ -56,9 +56,9 @@ static const struct curve25519_test_vector curve25519_test_vectors[] __initconst
};
bool __init curve25519_selftest(void)
{
- bool success = true, ret;
- size_t i = 0;
- u8 out[CURVE25519_POINT_SIZE];
+ bool success = true, ret, ret2;
+ size_t i = 0, j;
+ u8 in[CURVE25519_POINT_SIZE], out[CURVE25519_POINT_SIZE], out2[CURVE25519_POINT_SIZE];
for (i = 0; i < ARRAY_SIZE(curve25519_test_vectors); ++i) {
memset(out, 0, CURVE25519_POINT_SIZE);
@@ -70,6 +70,20 @@ bool __init curve25519_selftest(void)
}
}
+ for (i = 0; i < 5; ++i) {
+ get_random_bytes(in, sizeof(in));
+ ret = curve25519_generate_public(out, in);
+ ret2 = curve25519(out2, in, (u8[CURVE25519_POINT_SIZE]){ 9 });
+ if (ret != ret2 || memcmp(out, out2, CURVE25519_POINT_SIZE)) {
+ pr_info("curve25519 basepoint self-test %zu: FAIL: input - 0x", i + 1);
+ for (j = CURVE25519_POINT_SIZE; j-- > 0;)
+ printk(KERN_CONT "%02x", in[j]);
+ printk(KERN_CONT "\n");
+ success = false;
+ break;
+ }
+ }
+
if (success)
pr_info("curve25519 self-tests: pass\n");
return success;