From b9bf37d3e1d0aec3690832b65ebcdf5389a47c44 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 1 Feb 2018 16:33:13 +0100
Subject: curve25519: verify that specialized basepoint implementations are
 correct

---
 src/selftest/curve25519.h | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/selftest/curve25519.h b/src/selftest/curve25519.h
index 1c86eae..c8a25ed 100644
--- a/src/selftest/curve25519.h
+++ b/src/selftest/curve25519.h
@@ -56,9 +56,9 @@ static const struct curve25519_test_vector curve25519_test_vectors[] __initconst
 };
 bool __init curve25519_selftest(void)
 {
-	bool success = true, ret;
-	size_t i = 0;
-	u8 out[CURVE25519_POINT_SIZE];
+	bool success = true, ret, ret2;
+	size_t i = 0, j;
+	u8 in[CURVE25519_POINT_SIZE], out[CURVE25519_POINT_SIZE], out2[CURVE25519_POINT_SIZE];
 
 	for (i = 0; i < ARRAY_SIZE(curve25519_test_vectors); ++i) {
 		memset(out, 0, CURVE25519_POINT_SIZE);
@@ -70,6 +70,20 @@ bool __init curve25519_selftest(void)
 		}
 	}
 
+	for (i = 0; i < 5; ++i) {
+		get_random_bytes(in, sizeof(in));
+		ret = curve25519_generate_public(out, in);
+		ret2 = curve25519(out2, in, (u8[CURVE25519_POINT_SIZE]){ 9 });
+		if (ret != ret2 || memcmp(out, out2, CURVE25519_POINT_SIZE)) {
+			pr_info("curve25519 basepoint self-test %zu: FAIL: input - 0x", i + 1);
+			for (j = CURVE25519_POINT_SIZE; j-- > 0;)
+				printk(KERN_CONT "%02x", in[j]);
+			printk(KERN_CONT "\n");
+			success = false;
+			break;
+		}
+	}
+
 	if (success)
 		pr_info("curve25519 self-tests: pass\n");
 	return success;
-- 
cgit v1.2.3-59-g8ed1b