wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

ed25519: fixed initial data to auto values for embedded compilers

Browse Source
This commit is contained in:
Takashi Kojo
2015-08-29 12:08:52 +09:00
parent 1ba1acb8f7
commit 2a141f6a82
3 changed files with 539 additions and 536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

444
wolfcrypt/src/ge_low_mem.c
View File

@@ -44,10 +44,10 @@ void ed25519_double(ge_p3 *r, const ge_p3 *a);
static const byte ed25519_order[F25519_SIZE] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
/*Arithmetic modulo the group order m = 2^252 +
@@ -70,16 +70,16 @@ static const word32 mu[33] = {
int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
word32 keySz)
{
byte tmp[F25519_SIZE];
byte parity;
byte tmp[F25519_SIZE];
byte parity;
byte pt[32];
int i;
fe_copy(tmp, xIn);
parity = (tmp[0] & 1) << 7;
fe_copy(tmp, xIn);
parity = (tmp[0] & 1) << 7;
fe_copy(pt, yIn);
pt[31] |= parity;
fe_copy(pt, yIn);
pt[31] |= parity;
for(i = 0; i < 32; i++) {
out[32-i-1] = pt[i];
@@ -188,20 +188,20 @@ void sc_reduce(unsigned char x[64])
void sc_muladd(byte* out, const byte* a, const byte* b, const byte* c)
{
byte s[32];
byte s[32];
byte e[64];
XMEMSET(e, 0, sizeof(e));
XMEMCPY(e, b, 32);
/* Obtain e */
sc_reduce(e);
/* Obtain e */
sc_reduce(e);
/* Compute s = ze + k */
fprime_mul(s, a, e, ed25519_order);
fprime_add(s, c, ed25519_order);
/* Compute s = ze + k */
fprime_mul(s, a, e, ed25519_order);
fprime_add(s, c, ed25519_order);
XMEMCPY(out, s, 32);
XMEMCPY(out, s, 32);
}
@@ -217,267 +217,269 @@ void sc_muladd(byte* out, const byte* a, const byte* b, const byte* c)
* t is x*y.
*/
const ge_p3 ed25519_base = {
.X = {
0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9,
0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69,
0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
},
.Y = {
0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
},
.T = {
0xa3, 0xdd, 0xb7, 0xa5, 0xb3, 0x8a, 0xde, 0x6d,
0xf5, 0x52, 0x51, 0x77, 0x80, 0x9f, 0xf0, 0x20,
0x7d, 0xe3, 0xab, 0x64, 0x8e, 0x4e, 0xea, 0x66,
0x65, 0x76, 0x8b, 0xd7, 0x0f, 0x5f, 0x87, 0x67
},
.Z = {1, 0}
{
0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9,
0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69,
0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
},
{
0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
},
{1, 0}
{
0xa3, 0xdd, 0xb7, 0xa5, 0xb3, 0x8a, 0xde, 0x6d,
0xf5, 0x52, 0x51, 0x77, 0x80, 0x9f, 0xf0, 0x20,
0x7d, 0xe3, 0xab, 0x64, 0x8e, 0x4e, 0xea, 0x66,
0x65, 0x76, 0x8b, 0xd7, 0x0f, 0x5f, 0x87, 0x67
},
};
const ge_p3 ed25519_neutral = {
.X = {0},
.Y = {1, 0},
.T = {0},
.Z = {1, 0}
{0},
{1, 0},
{1, 0}
{0},
};
static const byte ed25519_d[F25519_SIZE] = {
0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
};
/* k = 2d */
static const byte ed25519_k[F25519_SIZE] = {
0x59, 0xf1, 0xb2, 0x26, 0x94, 0x9b, 0xd6, 0xeb,
0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00,
0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19,
0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24
0x59, 0xf1, 0xb2, 0x26, 0x94, 0x9b, 0xd6, 0xeb,
0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00,
0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19,
0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24
};
void ed25519_add(ge_p3 *r,
const ge_p3 *p1, const ge_p3 *p2)
const ge_p3 *p1, const ge_p3 *p2)
{
/* Explicit formulas database: add-2008-hwcd-3
*
* source 2008 Hisil--Wong--Carter--Dawson,
* http://eprint.iacr.org/2008/522, Section 3.1
* appliesto extended-1
* parameter k
* assume k = 2 d
* compute A = (Y1-X1)(Y2-X2)
* compute B = (Y1+X1)(Y2+X2)
* compute C = T1 k T2
* compute D = Z1 2 Z2
* compute E = B - A
* compute F = D - C
* compute G = D + C
* compute H = B + A
* compute X3 = E F
* compute Y3 = G H
* compute T3 = E H
* compute Z3 = F G
*/
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
byte d[F25519_SIZE];
byte e[F25519_SIZE];
byte f[F25519_SIZE];
byte g[F25519_SIZE];
byte h[F25519_SIZE];
/* Explicit formulas database: add-2008-hwcd-3
*
* source 2008 Hisil--Wong--Carter--Dawson,
* http://eprint.iacr.org/2008/522, Section 3.1
* appliesto extended-1
* parameter k
* assume k = 2 d
* compute A = (Y1-X1)(Y2-X2)
* compute B = (Y1+X1)(Y2+X2)
* compute C = T1 k T2
* compute D = Z1 2 Z2
* compute E = B - A
* compute F = D - C
* compute G = D + C
* compute H = B + A
* compute X3 = E F
* compute Y3 = G H
* compute T3 = E H
* compute Z3 = F G
*/
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
byte d[F25519_SIZE];
byte e[F25519_SIZE];
byte f[F25519_SIZE];
byte g[F25519_SIZE];
byte h[F25519_SIZE];
/* A = (Y1-X1)(Y2-X2) */
fe_sub(c, p1->Y, p1->X);
fe_sub(d, p2->Y, p2->X);
fe_mul__distinct(a, c, d);
/* A = (Y1-X1)(Y2-X2) */
fe_sub(c, p1->Y, p1->X);
fe_sub(d, p2->Y, p2->X);
fe_mul__distinct(a, c, d);
/* B = (Y1+X1)(Y2+X2) */
fe_add(c, p1->Y, p1->X);
fe_add(d, p2->Y, p2->X);
fe_mul__distinct(b, c, d);
/* B = (Y1+X1)(Y2+X2) */
fe_add(c, p1->Y, p1->X);
fe_add(d, p2->Y, p2->X);
fe_mul__distinct(b, c, d);
/* C = T1 k T2 */
fe_mul__distinct(d, p1->T, p2->T);
fe_mul__distinct(c, d, ed25519_k);
/* C = T1 k T2 */
fe_mul__distinct(d, p1->T, p2->T);
fe_mul__distinct(c, d, ed25519_k);
/* D = Z1 2 Z2 */
fe_mul__distinct(d, p1->Z, p2->Z);
fe_add(d, d, d);
/* D = Z1 2 Z2 */
fe_mul__distinct(d, p1->Z, p2->Z);
fe_add(d, d, d);
/* E = B - A */
fe_sub(e, b, a);
/* E = B - A */
fe_sub(e, b, a);
/* F = D - C */
fe_sub(f, d, c);
/* F = D - C */
fe_sub(f, d, c);
/* G = D + C */
fe_add(g, d, c);
/* G = D + C */
fe_add(g, d, c);
/* H = B + A */
fe_add(h, b, a);
/* H = B + A */
fe_add(h, b, a);
/* X3 = E F */
fe_mul__distinct(r->X, e, f);
/* X3 = E F */
fe_mul__distinct(r->X, e, f);
/* Y3 = G H */
fe_mul__distinct(r->Y, g, h);
/* Y3 = G H */
fe_mul__distinct(r->Y, g, h);
/* T3 = E H */
fe_mul__distinct(r->T, e, h);
/* T3 = E H */
fe_mul__distinct(r->T, e, h);
/* Z3 = F G */
fe_mul__distinct(r->Z, f, g);
/* Z3 = F G */
fe_mul__distinct(r->Z, f, g);
}
void ed25519_double(ge_p3 *r, const ge_p3 *p)
{
/* Explicit formulas database: dbl-2008-hwcd
*
* source 2008 Hisil--Wong--Carter--Dawson,
* http://eprint.iacr.org/2008/522, Section 3.3
* compute A = X1^2
* compute B = Y1^2
* compute C = 2 Z1^2
* compute D = a A
* compute E = (X1+Y1)^2-A-B
* compute G = D + B
* compute F = G - C
* compute H = D - B
* compute X3 = E F
* compute Y3 = G H
* compute T3 = E H
* compute Z3 = F G
*/
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
byte e[F25519_SIZE];
byte f[F25519_SIZE];
byte g[F25519_SIZE];
byte h[F25519_SIZE];
/* Explicit formulas database: dbl-2008-hwcd
*
* source 2008 Hisil--Wong--Carter--Dawson,
* http://eprint.iacr.org/2008/522, Section 3.3
* compute A = X1^2
* compute B = Y1^2
* compute C = 2 Z1^2
* compute D = a A
* compute E = (X1+Y1)^2-A-B
* compute G = D + B
* compute F = G - C
* compute H = D - B
* compute X3 = E F
* compute Y3 = G H
* compute T3 = E H
* compute Z3 = F G
*/
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
byte e[F25519_SIZE];
byte f[F25519_SIZE];
byte g[F25519_SIZE];
byte h[F25519_SIZE];
/* A = X1^2 */
fe_mul__distinct(a, p->X, p->X);
/* A = X1^2 */
fe_mul__distinct(a, p->X, p->X);
/* B = Y1^2 */
fe_mul__distinct(b, p->Y, p->Y);
/* B = Y1^2 */
fe_mul__distinct(b, p->Y, p->Y);
/* C = 2 Z1^2 */
fe_mul__distinct(c, p->Z, p->Z);
fe_add(c, c, c);
/* C = 2 Z1^2 */
fe_mul__distinct(c, p->Z, p->Z);
fe_add(c, c, c);
/* D = a A (alter sign) */
/* E = (X1+Y1)^2-A-B */
fe_add(f, p->X, p->Y);
fe_mul__distinct(e, f, f);
fe_sub(e, e, a);
fe_sub(e, e, b);
/* D = a A (alter sign) */
/* E = (X1+Y1)^2-A-B */
fe_add(f, p->X, p->Y);
fe_mul__distinct(e, f, f);
fe_sub(e, e, a);
fe_sub(e, e, b);
/* G = D + B */
fe_sub(g, b, a);
/* G = D + B */
fe_sub(g, b, a);
/* F = G - C */
fe_sub(f, g, c);
/* F = G - C */
fe_sub(f, g, c);
/* H = D - B */
fe_neg(h, b);
fe_sub(h, h, a);
/* H = D - B */
fe_neg(h, b);
fe_sub(h, h, a);
/* X3 = E F */
fe_mul__distinct(r->X, e, f);
/* X3 = E F */
fe_mul__distinct(r->X, e, f);
/* Y3 = G H */
fe_mul__distinct(r->Y, g, h);
/* Y3 = G H */
fe_mul__distinct(r->Y, g, h);
/* T3 = E H */
fe_mul__distinct(r->T, e, h);
/* T3 = E H */
fe_mul__distinct(r->T, e, h);
/* Z3 = F G */
fe_mul__distinct(r->Z, f, g);
/* Z3 = F G */
fe_mul__distinct(r->Z, f, g);
}
void ed25519_smult(ge_p3 *r_out, const ge_p3 *p, const byte *e)
{
ge_p3 r;
int i;
ge_p3 r;
int i;
XMEMCPY(&r, &ed25519_neutral, sizeof(r));
for (i = 255; i >= 0; i--) {
const byte bit = (e[i >> 3] >> (i & 7)) & 1;
ge_p3 s;
for (i = 255; i >= 0; i--) {
const byte bit = (e[i >> 3] >> (i & 7)) & 1;
ge_p3 s;
ed25519_double(&r, &r);
ed25519_add(&s, &r, p);
ed25519_double(&r, &r);
ed25519_add(&s, &r, p);
fe_select(r.X, r.X, s.X, bit);
fe_select(r.Y, r.Y, s.Y, bit);
fe_select(r.Z, r.Z, s.Z, bit);
fe_select(r.T, r.T, s.T, bit);
}
fe_select(r.X, r.X, s.X, bit);
fe_select(r.Y, r.Y, s.Y, bit);
fe_select(r.Z, r.Z, s.Z, bit);
fe_select(r.T, r.T, s.T, bit);
}
XMEMCPY(r_out, &r, sizeof(r));
}
void ge_scalarmult_base(ge_p3 *R,const unsigned char *nonce)
{
ed25519_smult(R, &ed25519_base, nonce);
ed25519_smult(R, &ed25519_base, nonce);
}
/* pack the point h into array s */
void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
{
byte x[F25519_SIZE];
byte y[F25519_SIZE];
byte z1[F25519_SIZE];
byte parity;
byte x[F25519_SIZE];
byte y[F25519_SIZE];
byte z1[F25519_SIZE];
byte parity;
fe_inv__distinct(z1, h->Z);
fe_mul__distinct(x, h->X, z1);
fe_mul__distinct(y, h->Y, z1);
fe_inv__distinct(z1, h->Z);
fe_mul__distinct(x, h->X, z1);
fe_mul__distinct(y, h->Y, z1);
fe_normalize(x);
fe_normalize(y);
fe_normalize(x);
fe_normalize(y);
parity = (x[0] & 1) << 7;
fe_copy(s, y);
fe_normalize(s);
s[31] |= parity;
parity = (x[0] & 1) << 7;
fe_copy(s, y);
fe_normalize(s);
s[31] |= parity;
}
/* pack the point h into array s */
void ge_tobytes(unsigned char *s,const ge_p2 *h)
{
byte x[F25519_SIZE];
byte y[F25519_SIZE];
byte z1[F25519_SIZE];
byte parity;
byte x[F25519_SIZE];
byte y[F25519_SIZE];
byte z1[F25519_SIZE];
byte parity;
fe_inv__distinct(z1, h->Z);
fe_mul__distinct(x, h->X, z1);
fe_mul__distinct(y, h->Y, z1);
fe_inv__distinct(z1, h->Z);
fe_mul__distinct(x, h->X, z1);
fe_mul__distinct(y, h->Y, z1);
fe_normalize(x);
fe_normalize(y);
fe_normalize(x);
fe_normalize(y);
parity = (x[0] & 1) << 7;
fe_copy(s, y);
fe_normalize(s);
s[31] |= parity;
parity = (x[0] & 1) << 7;
fe_copy(s, y);
fe_normalize(s);
s[31] |= parity;
}
@@ -488,40 +490,40 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h)
int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
{
byte parity;
byte parity;
byte x[F25519_SIZE];
byte y[F25519_SIZE];
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
byte y[F25519_SIZE];
byte a[F25519_SIZE];
byte b[F25519_SIZE];
byte c[F25519_SIZE];
int ret = 0;
/* unpack the key s */
parity = s[31] >> 7;
fe_copy(y, s);
y[31] &= 127;
y[31] &= 127;
fe_mul__distinct(c, y, y);
fe_mul__distinct(c, y, y);
fe_mul__distinct(b, c, ed25519_d);
fe_add(a, b, f25519_one);
fe_inv__distinct(b, a);
fe_sub(a, c, f25519_one);
fe_mul__distinct(c, a, b);
fe_sqrt(a, c);
fe_neg(b, a);
fe_select(x, a, b, (a[0] ^ parity) & 1);
fe_add(a, b, f25519_one);
fe_inv__distinct(b, a);
fe_sub(a, c, f25519_one);
fe_mul__distinct(c, a, b);
fe_sqrt(a, c);
fe_neg(b, a);
fe_select(x, a, b, (a[0] ^ parity) & 1);
/* test that x^2 is equal to c */
fe_mul__distinct(a, x, x);
fe_normalize(a);
fe_normalize(c);
ret |= ConstantCompare(a, c, F25519_SIZE);
fe_normalize(a);
fe_normalize(c);
ret |= ConstantCompare(a, c, F25519_SIZE);
/* project the key s onto p */
fe_copy(p->X, x);
fe_copy(p->Y, y);
fe_load(p->Z, 1);
fe_mul__distinct(p->T, x, y);
fe_copy(p->X, x);
fe_copy(p->Y, y);
fe_load(p->Z, 1);
fe_mul__distinct(p->T, x, y);
/* negate, the point becomes (-X,Y,Z,-T) */
fe_neg(p->X,p->X);
@@ -543,10 +545,10 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
ed25519_smult(&p, &ed25519_base, sig);
/* find H(R,A,M) * -A */
ed25519_smult(&A, &A, h);
ed25519_smult(&A, &A, h);
/* SB + -H(R,A,M)A */
ed25519_add(&A, &p, &A);
ed25519_add(&A, &p, &A);
fe_copy(R->X, A.X);
fe_copy(R->Y, A.Y);

115
wolfcrypt/src/ge_operations.c
View File

@@ -32,6 +32,7 @@
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ge_operations.h>
#include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@@ -690,7 +691,7 @@ int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz)
{
fe x,y,z;
ge_p3 g;
byte bArray[keySz];
byte bArray[ED25519_KEY_SIZE];
word32 i;
fe_0(x);
@@ -718,18 +719,18 @@ r = p + q
*/
void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
{
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->YplusX);
fe_mul(r->Y,r->Y,q->YminusX);
fe_mul(r->T,q->T2d,p->T);
fe_mul(r->X,p->Z,q->Z);
fe_add(t0,r->X,r->X);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_add(r->Z,t0,r->T);
fe_sub(r->T,t0,r->T);
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->YplusX);
fe_mul(r->Y,r->Y,q->YminusX);
fe_mul(r->T,q->T2d,p->T);
fe_mul(r->X,p->Z,q->Z);
fe_add(t0,r->X,r->X);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_add(r->Z,t0,r->T);
fe_sub(r->T,t0,r->T);
}
@@ -2387,17 +2388,17 @@ r = p + q
void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
{
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->yplusx);
fe_mul(r->Y,r->Y,q->yminusx);
fe_mul(r->T,q->xy2d,p->T);
fe_add(t0,p->Z,p->Z);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_add(r->Z,t0,r->T);
fe_sub(r->T,t0,r->T);
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->yplusx);
fe_mul(r->Y,r->Y,q->yminusx);
fe_mul(r->T,q->xy2d,p->T);
fe_add(t0,p->Z,p->Z);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_add(r->Z,t0,r->T);
fe_sub(r->T,t0,r->T);
}
@@ -2409,17 +2410,17 @@ r = p - q
void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
{
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->yminusx);
fe_mul(r->Y,r->Y,q->yplusx);
fe_mul(r->T,q->xy2d,p->T);
fe_add(t0,p->Z,p->Z);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_sub(r->Z,t0,r->T);
fe_add(r->T,t0,r->T);
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->yminusx);
fe_mul(r->Y,r->Y,q->yplusx);
fe_mul(r->T,q->xy2d,p->T);
fe_add(t0,p->Z,p->Z);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_sub(r->Z,t0,r->T);
fe_add(r->T,t0,r->T);
}
@@ -2469,16 +2470,16 @@ r = 2 * p
void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
{
fe t0;
fe_sq(r->X,p->X);
fe_sq(r->Z,p->Y);
fe_sq2(r->T,p->Z);
fe_add(r->Y,p->X,p->Y);
fe_sq(t0,r->Y);
fe_add(r->Y,r->Z,r->X);
fe_sub(r->Z,r->Z,r->X);
fe_sub(r->X,t0,r->Y);
fe_sub(r->T,r->T,r->Z);
fe t0;
fe_sq(r->X,p->X);
fe_sq(r->Z,p->Y);
fe_sq2(r->T,p->Z);
fe_add(r->Y,p->X,p->Y);
fe_sq(t0,r->Y);
fe_add(r->Y,r->Z,r->X);
fe_sub(r->Z,r->Z,r->X);
fe_sub(r->X,t0,r->Y);
fe_sub(r->T,r->T,r->Z);
}
@@ -2572,18 +2573,18 @@ r = p - q
void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
{
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->YminusX);
fe_mul(r->Y,r->Y,q->YplusX);
fe_mul(r->T,q->T2d,p->T);
fe_mul(r->X,p->Z,q->Z);
fe_add(t0,r->X,r->X);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_sub(r->Z,t0,r->T);
fe_add(r->T,t0,r->T);
fe t0;
fe_add(r->X,p->Y,p->X);
fe_sub(r->Y,p->Y,p->X);
fe_mul(r->Z,r->X,q->YminusX);
fe_mul(r->Y,r->Y,q->YplusX);
fe_mul(r->T,q->T2d,p->T);
fe_mul(r->X,p->Z,q->Z);
fe_add(t0,r->X,r->X);
fe_sub(r->X,r->Z,r->Y);
fe_add(r->Y,r->Z,r->Y);
fe_sub(r->Z,t0,r->T);
fe_add(r->T,t0,r->T);
}

516
wolfcrypt/test/test.c
View File

@@ -3459,7 +3459,7 @@ int rsa_test(void)
#endif
#ifdef sizeof
#undef sizeof
#undef sizeof
#endif
#ifdef WOLFSSL_TEST_CERT
@@ -5760,314 +5760,314 @@ int ed25519_test(void)
https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
*/
const byte sKey1[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
static const byte sKey1[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
const byte sKey2[] = {
0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
static const byte sKey2[] = {
0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
};
const byte sKey3[] = {
0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
static const byte sKey3[] = {
0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
};
/* uncompressed test */
const byte sKey4[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
static const byte sKey4[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
/* compressed prefix test */
const byte sKey5[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
static const byte sKey5[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
const byte sKey6[] = {
0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
static const byte sKey6[] = {
0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
};
const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
const byte pKey1[] = {
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
static const byte pKey1[] = {
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
const byte pKey2[] = {
0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
static const byte pKey2[] = {
0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
};
const byte pKey3[] = {
0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
static const byte pKey3[] = {
0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
};
/* uncompressed test */
const byte pKey4[] = {
0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
0xd7
static const byte pKey4[] = {
0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
0xd7
};
/* compressed prefix */
const byte pKey5[] = {
0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
static const byte pKey5[] = {
0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
const byte pKey6[] = {
0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
static const byte pKey6[] = {
0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
};
const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
const byte sig1[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
static const byte sig1[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
const byte sig2[] = {
0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
static const byte sig2[] = {
0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
};
const byte sig3[] = {
0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
static const byte sig3[] = {
0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
};
/* uncompressed test */
const byte sig4[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
static const byte sig4[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
/* compressed prefix */
const byte sig5[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
static const byte sig5[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
const byte sig6[] = {
0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
static const byte sig6[] = {
0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
};
const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
const byte msg1[] = {};
const byte msg2[] = {0x72};
const byte msg3[] = {0xAF,0x82};
static const byte msg1[] = {0x0 };
static const byte msg2[] = {0x72};
static const byte msg3[] = {0xAF,0x82};
/* test of a 1024 byte long message */
const byte msg4[] = {
0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
static const byte msg4[] = {
0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
};
const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
const word16 msgSz[] = {sizeof(msg1), sizeof(msg2), sizeof(msg3),
sizeof(msg1), sizeof(msg1), sizeof(msg4)};
static const byte* msgs[] = { msg1, msg2, msg3, msg1, msg1, msg4};
static const word16 msgSz[] = {0 /*sizeof(msg1)*/, sizeof(msg2), sizeof(msg3),
0 /*sizeof(msg1)*/, 0 /*sizeof(msg1)*/, sizeof(msg4)};
/* create ed25519 keys */
wc_InitRng(&rng);