Fix ristretto255 tests

Both tests were skipped because of a typo in the checked constant name. The scalarmult test was using illegal test vectors. The new test is based on: https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455150aba9/test/default/scalarmult_ristretto255.c The $L value contained one extra null byte. The number of "false" return values was too small. scalar_invert() doesn't return a valid point -- not sure on that one.
php · Aug 10, 2021 · 9168aab · 9168aab
1 parent 5e997ec
commit 9168aab
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 18 deletions.
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
@@ -2588,7 +2588,7 @@ PHP_FUNCTION(sodium_crypto_scalarmult_ristretto255)
 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
 		RETURN_THROWS();
 	}
-	ZSTR_VAL(q)[crypto_scalarmult_BYTES] = 0;
+	ZSTR_VAL(q)[crypto_scalarmult_ristretto255_BYTES] = 0;
 
 	RETURN_NEW_STR(q);
 }

diff --git a/ext/sodium/tests/crypto_core_ristretto255.phpt b/ext/sodium/tests/crypto_core_ristretto255.phpt
@@ -1,10 +1,10 @@
 --TEST--
-Check for libsodium scalarmult ristretto255
+Check for libsodium core ristretto255
 --EXTENSIONS--
 sodium
 --SKIPIF--
 <?php
-if (!defined('SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_HASHBYTES')) print "skip libsodium without Ristretto255";
+if (!defined('SODIUM_CRYPTO_CORE_RISTRETTO255_HASHBYTES')) print "skip libsodium without Ristretto255";
 ?>
 --FILE--
 <?php
@@ -69,11 +69,17 @@ $s0 = sodium_crypto_scalarmult_ristretto255_base($r);
 var_dump(sodium_crypto_core_ristretto255_is_valid_point($s0));
 
 // Test that multiplying by the order of the curve fails:
-$L = "\xed\xd3\xf5\x5c\x1a\x63\x12\x58\xd6\x9c\xf7\xa2\xde\xf9\xde\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10";
+$L = "\xed\xd3\xf5\x5c\x1a\x63\x12\x58" .
+     "\xd6\x9c\xf7\xa2\xde\xf9\xde\x14" .
+     "\x00\x00\x00\x00\x00\x00\x00\x00" .
+     "\x00\x00\x00\x00\x00\x00\x00\x10";
 
 $s = sodium_crypto_core_ristretto255_random();
-$multL = sodium_crypto_scalarmult_ristretto255($s, $L);
-var_dump(sodium_crypto_core_ristretto255_is_valid_point($multL));
+try {
+    $multL = sodium_crypto_scalarmult_ristretto255($s, $L);
+} catch (SodiumException $e) {
+    echo $e->getMessage(), "\n";
+}
 $s2 = sodium_crypto_scalarmult_ristretto255($r, $s);
 
 // _from_hash should produce a valid point
@@ -108,7 +114,7 @@ bool(false)
 bool(false)
 string(64) "3066f82a1a747d45120d1740f14358531a8f04bbffe6a819f86dfe50f44a0a46"
 bool(true)
-bool(false)
+internal error
 bool(true)
 bool(true)
 bool(true)
diff --git a/ext/sodium/tests/crypto_scalarmult_ristretto255.phpt b/ext/sodium/tests/crypto_scalarmult_ristretto255.phpt
@@ -4,24 +4,46 @@ Check for libsodium scalarmult ristretto255
 sodium
 --SKIPIF--
 <?php
-if (!defined('SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_HASHBYTES')) print "skip libsodium without Ristretto255";
+if (!defined('SODIUM_CRYPTO_CORE_RISTRETTO255_HASHBYTES')) print "skip libsodium without Ristretto255";
 ?>
 --FILE--
 <?php
-$n = sodium_hex2bin("94938bc8631c7d760f6a8b9d9c9c07569e65d9cf79dc809221186205fea3ec05");
-$p = sodium_hex2bin("edf2014b8a2ca9ec18e3ba4600c3c9c48d38acebba01601ad7b104a492035b06");
-$q = sodium_crypto_scalarmult_ristretto255($n, $p);
-$q2 = sodium_crypto_scalarmult_ristretto255_base($n);
+$b = sodium_hex2bin("e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76");
+$n = str_repeat("\0", SODIUM_CRYPTO_SCALARMULT_RISTRETTO255_SCALARBYTES);
+for ($i = 0; $i < 16; $i++, sodium_increment($n)) {
+    try {
+        $p = sodium_crypto_scalarmult_ristretto255_base($n);
+        $p2 = sodium_crypto_scalarmult_ristretto255($n, $b);
+    } catch (SodiumException $ex) {
+        echo $ex->getMessage(), "\n";
+        continue;
+    }
+    var_dump(sodium_bin2hex($p));
+    assert($p === $p2);
+}
 
-var_dump(sodium_bin2hex($q));
-var_dump(sodium_bin2hex($q2));
 try {
     sodium_crypto_scalarmult(substr($n, 1), $p);
 } catch (SodiumException $ex) {
-    var_dump(true);
+    echo $ex->getMessage(), "\n";
 }
+
 ?>
 --EXPECT--
-string(64) "2a684afd8de19c6964fffd28509294e2752fdbb79e13a58dec3aff51de65505e"
-string(64) "e08ec8d22c0901c1746da3844857e9bc25b77cfe14a412e7bcd2b4017aff0556"
-bool(true)
+internal error
+string(64) "e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76"
+string(64) "6a493210f7499cd17fecb510ae0cea23a110e8d5b901f8acadd3095c73a3b919"
+string(64) "94741f5d5d52755ece4f23f044ee27d5d1ea1e2bd196b462166b16152a9d0259"
+string(64) "da80862773358b466ffadfe0b3293ab3d9fd53c5ea6c955358f568322daf6a57"
+string(64) "e882b131016b52c1d3337080187cf768423efccbb517bb495ab812c4160ff44e"
+string(64) "f64746d3c92b13050ed8d80236a7f0007c3b3f962f5ba793d19a601ebb1df403"
+string(64) "44f53520926ec81fbd5a387845beb7df85a96a24ece18738bdcfa6a7822a176d"
+string(64) "903293d8f2287ebe10e2374dc1a53e0bc887e592699f02d077d5263cdd55601c"
+string(64) "02622ace8f7303a31cafc63f8fc48fdc16e1c8c8d234b2f0d6685282a9076031"
+string(64) "20706fd788b2720a1ed2a5dad4952b01f413bcf0e7564de8cdc816689e2db95f"
+string(64) "bce83f8ba5dd2fa572864c24ba1810f9522bc6004afe95877ac73241cafdab42"
+string(64) "e4549ee16b9aa03099ca208c67adafcafa4c3f3e4e5303de6026e3ca8ff84460"
+string(64) "aa52e000df2e16f55fb1032fc33bc42742dad6bd5a8fc0be0167436c5948501f"
+string(64) "46376b80f409b29dc2b5f6f0c52591990896e5716f41477cd30085ab7f10301e"
+string(64) "e0c418f7c8d9c4cdd7395b93ea124f3ad99021bb681dfc3302a9d99a2e53e64e"
+sodium_crypto_scalarmult(): Argument #1 ($n) must be SODIUM_CRYPTO_SCALARMULT_SCALARBYTES bytes long