crypto/curve25519_unittest.cc - Issue 12457004: Curve25519-donna changes.

Side by Side Diff: crypto/curve25519_unittest.cc

Issue 12457004: Curve25519-donna changes. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "crypto/curve25519.h"

	6

	7 #include <string>

	8

	9 #include "crypto/random.h"

	10 #include "testing/gtest/include/gtest/gtest.h"

	11

	12 namespace crypto {

	13

	14 // SharedKey just tests that the basic key exchange identity holds: that both

	15 // parties end up with the same key.

	16 TEST(Curve25519, SharedKey) {

	17 for (int i = 0; i < 5; i++) {

	18 uint8 alice_private_key[curve25519::kScalarBytes];

	19 crypto::RandBytes(alice_private_key, sizeof(alice_private_key));
	Ryan Sleevi 2013/03/06 21:18:32 This creates a non-deterministic unit test (as doe This creates a non-deterministic unit test (as does line 26). Additionally, it is not clear how or why the magic value 5 was chosen as the loop - why not simply --gtest_repeat=5? Better comments explaining that motivation is good - and perhaps a few fixed/KATs that ensure identities hold (eg: for forwards/backwards compatibility, if it ever becomes an issue) The loop seems unnecessary, and if you are going to use it, you should be using SCOPED_TRACE as well - but I would recommend not using it. agl 2013/03/06 21:47:50 Removing the loop is fine. This is coming from the Show quoted text On 2013/03/06 21:18:32, Ryan Sleevi wrote: > This creates a non-deterministic unit test (as does line 26). Additionally, it > is not clear how or why the magic value 5 was chosen as the loop - why not > simply --gtest_repeat=5? > > Better comments explaining that motivation is good - and perhaps a few > fixed/KATs that ensure identities hold (eg: for forwards/backwards > compatibility, if it ever becomes an issue) > > The loop seems unnecessary, and if you are going to use it, you should be using > SCOPED_TRACE as well - but I would recommend not using it. Removing the loop is fine. This is coming from the server side of the code where I ran it for a few hundred thousand iterations and then turned it down, but not to zero. The standard test for curve25519 runs for too long to be reasonable in a unittest, but an easy test is to start with {1}, run scalar_base_mult and then feed the answer back into scalar_base_mult as another scalar for n iterations and then just check the final result. ramant (doing other things) 2013/03/08 00:10:15 Removed the loop. Used a fixed private key. Show quoted text On 2013/03/06 21:18:32, Ryan Sleevi wrote: > This creates a non-deterministic unit test (as does line 26). Additionally, it > is not clear how or why the magic value 5 was chosen as the loop - why not > simply --gtest_repeat=5? > > Better comments explaining that motivation is good - and perhaps a few > fixed/KATs that ensure identities hold (eg: for forwards/backwards > compatibility, if it ever becomes an issue) > > The loop seems unnecessary, and if you are going to use it, you should be using > SCOPED_TRACE as well - but I would recommend not using it. Removed the loop. Used a fixed private key. ramant (doing other things) 2013/03/08 00:10:15 Changed the test to feed back answer from scalar_b Show quoted text On 2013/03/06 21:47:50, agl wrote: > On 2013/03/06 21:18:32, Ryan Sleevi wrote: > > This creates a non-deterministic unit test (as does line 26). Additionally, it > > is not clear how or why the magic value 5 was chosen as the loop - why not > > simply --gtest_repeat=5? > > > > Better comments explaining that motivation is good - and perhaps a few > > fixed/KATs that ensure identities hold (eg: for forwards/backwards > > compatibility, if it ever becomes an issue) > > > > The loop seems unnecessary, and if you are going to use it, you should be > using > > SCOPED_TRACE as well - but I would recommend not using it. > > Removing the loop is fine. This is coming from the server side of the code where > I ran it for a few hundred thousand iterations and then turned it down, but not > to zero. > > The standard test for curve25519 runs for too long to be reasonable in a > unittest, but an easy test is to start with {1}, run scalar_base_mult and then > feed the answer back into scalar_base_mult as another scalar for n iterations > and then just check the final result. Changed the test to feed back answer from scalar_base_mult to modify the private key and ran the test again. Did this for 5 times (derived this test from agl's test-curve25519.c). Done.
	20 curve25519::ConvertToPrivateKey(alice_private_key);

	21

	22 uint8 alice_public_key[curve25519::kBytes];

	23 curve25519::ScalarBaseMult(alice_private_key, alice_public_key);

	24

	25 uint8 bob_private_key[curve25519::kScalarBytes];

	26 crypto::RandBytes(bob_private_key, sizeof(bob_private_key));

	27 curve25519::ConvertToPrivateKey(bob_private_key);

	28

	29 uint8 bob_public_key[curve25519::kBytes];

	30 curve25519::ScalarBaseMult(bob_private_key, bob_public_key);

	31

	32 uint8 alice_shared_key[curve25519::kBytes];

	33 curve25519::ScalarMult(alice_private_key, bob_public_key, alice_shared_key);

	34 std::string alice_shared;

	35 alice_shared.assign(reinterpret_cast<char*>(alice_shared_key),

	36 sizeof(alice_shared_key));

	37

	38 uint8 bob_shared_key[curve25519::kBytes];

	39 curve25519::ScalarMult(bob_private_key, alice_public_key, bob_shared_key);

	40 std::string bob_shared;

	41 bob_shared.assign(reinterpret_cast<char*>(bob_shared_key),

	42 sizeof(bob_shared_key));

	43

	44 ASSERT_EQ(alice_shared, bob_shared);

	45 }

	46 }

	47

	48 } // namespace crypto

OLD	NEW

« crypto/curve25519.cc ('K') | « crypto/curve25519.cc ('k') | crypto/third_party/curve25519-donna/README » ('j') | crypto/third_party/curve25519-donna/README » ('J')