Curve25519-donna changes.

crypto/curve25519_unittest.cc

Index: crypto/curve25519_unittest.cc
===================================================================
--- crypto/curve25519_unittest.cc	(revision 0)
+++ crypto/curve25519_unittest.cc	(revision 0)
@@ -0,0 +1,74 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/curve25519.h"
+
+#include <string>
+
+#include "crypto/random.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace crypto {
+
+// Test that the basic shared key exchange identity holds: that both parties end
+// up with the same shared key. This test starts with a fixed private key for
+// two parties: alice and bob. Runs ScalarBaseMult and ScalarMult to compute
+// public key and shared key for alice and bob. It asserts that alice and bob
+// have the same shared key.
+//
+// It feeds the answers from ScalarBaseMult to modify the private key of alice
+// and bob and then performs the shared key identity test again.
+//
+// It repeats this test 5 times (running it for thousands of iterations takes
+// long time, thus turned it down to 5 times).

[Ryan Sleevi, 2013/03/08 18:27:33]

I can understand the thousands of iterations test, because you originally
started off with a random value, and so the thousands of iterations was trying
to permute different inputs.

But you now run this test with a fixed set of inputs (line 26-27), so every
other part of the test is also deterministic. So it's not clear why you're
repeating this test.

It also seems like you're trying to duplicate the test from the C code, which
shouldn't be necessary, since things should only break if the C code changes.

Have I missed anything?

[ramant (doing other things), 2013/03/08 18:30:45]

Removed the 5 times iteration.
Done.

+TEST(Curve25519, SharedKeyIdentity) {
+  uint8 alice_private_key[curve25519::kScalarBytes] = {3};
+  uint8 bob_private_key[curve25519::kScalarBytes] = {5};
+
+  for (size_t i = 0; i < 5; i++) {
+    SCOPED_TRACE(i);
+
+    // Get public key for alice and bob.
+    uint8 alice_public_key[curve25519::kBytes];
+    curve25519::ScalarBaseMult(alice_private_key, alice_public_key);
+
+    uint8 bob_public_key[curve25519::kBytes];
+    curve25519::ScalarBaseMult(bob_private_key, bob_public_key);
+
+    // Get the shared key for alice, by using alice's private key and bob's
+    // public key.
+    uint8 alice_shared_key[curve25519::kBytes];
+    curve25519::ScalarMult(alice_private_key, bob_public_key, alice_shared_key);
+    std::string alice_shared;
+    alice_shared.assign(reinterpret_cast<char*>(alice_shared_key),
+                        sizeof(alice_shared_key));
+
+    // Get the shared key for bob, by using bob's private key and alice's public
+    // key.
+    uint8 bob_shared_key[curve25519::kBytes];
+    curve25519::ScalarMult(bob_private_key, alice_public_key, bob_shared_key);
+    std::string bob_shared;
+    bob_shared.assign(reinterpret_cast<char*>(bob_shared_key),
+                      sizeof(bob_shared_key));
+
+    // Computed shared key of alice and bob should be the same.
+    ASSERT_EQ(alice_shared, bob_shared);
+
+    // Changed alice's private key with the answer from bob's public key
+    // computed by ScalarBaseMult.
+    for (size_t j = 0; j < curve25519::kScalarBytes; ++j) {
+      SCOPED_TRACE(j);
+      alice_private_key[j] ^= bob_public_key[j];
+    }
+
+    // Changed bob's private key with the answer from alice's  public key
+    // computed by ScalarBaseMult.
+    for (size_t j = 0; j < curve25519::kScalarBytes; ++j) {
+      SCOPED_TRACE(j);
+      bob_private_key[j] ^= alice_public_key[j];
+    }
+  }
+}
+
+}  // namespace crypto