From e32b091eadfabd0a9bae71e5836ce7093118c574 Mon Sep 17 00:00:00 2001
From: "Matthias J. Kannwischer" <matthias@kannwischer.eu>
Date: Wed, 16 Jan 2019 14:21:52 +0100
Subject: [PATCH] add testvector generation

---
 Makefile                  | 14 ++++++++++
 crypto_kem/testvectors.c  | 47 ++++++++++++++++++++++++++++++++
 crypto_sign/testvectors.c | 57 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 118 insertions(+)
 create mode 100644 crypto_kem/testvectors.c
 create mode 100644 crypto_sign/testvectors.c

diff --git a/Makefile b/Makefile
index ff5290b0..ec029152 100644
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,19 @@ functest: bin/functest_$(subst /,_,$(SCHEME))
 run-functest: bin/functest_$(subst /,_,$(SCHEME))
 	./$<
 
+bin/testvectors_$(subst /,_,$(SCHEME)): $(dir $(SCHEME))testvectors.c $(wildcard $(SCHEME)/clean/*.c) $(wildcard $(SCHEME)/clean/*.h) | require_scheme
+	mkdir -p bin
+	$(CC) $(CFLAGS) \
+		-iquote "./common/" \
+		-iquote "$(SCHEME)/clean/" \
+		-o bin/testvectors_$(subst /,_,$(SCHEME)) \
+		common/*.c \
+		$(SCHEME)/clean/*.c \
+		$<
+
+.PHONY: testvectors
+testvectors: bin/testvectors_$(subst /,_,$(SCHEME))
+
 .PHONY: clean
 clean:
 	rm -rf bin
@@ -71,6 +84,7 @@ help:
 	@echo "make functest SCHEME=scheme		Build functional tests for SCHEME"
 	@echo "make run-functest SCHEME=scheme		Run functional tests for SCHEME"
 	@echo "make run-functest-all			Run all functests"
+	@echo "make testvectors SCHEME=scheme		Build testvector generator for SCHEME"
 	@echo "make clean				Clean up the bin/ folder"
 	@echo "make format				Automatically formats all the source code"
 	@echo "make tidy SCHEME=scheme  		Runs the clang-tidy linter against SCHEME"
diff --git a/crypto_kem/testvectors.c b/crypto_kem/testvectors.c
new file mode 100644
index 00000000..16b6973f
--- /dev/null
+++ b/crypto_kem/testvectors.c
@@ -0,0 +1,47 @@
+#include "api.h"
+#include "randombytes.h"
+#include <stdio.h>
+#include <string.h>
+
+#define NTESTS 100
+
+static void printbytes(const unsigned char *x, unsigned long long xlen) {
+    unsigned long long i;
+    for (i = 0; i < xlen; i++) {
+        printf("%02x", x[i]);
+    }
+    printf("\n");
+}
+
+int main(void) {
+    unsigned char key_a[CRYPTO_BYTES], key_b[CRYPTO_BYTES];
+    unsigned char pk[CRYPTO_PUBLICKEYBYTES];
+    unsigned char sendb[CRYPTO_CIPHERTEXTBYTES];
+    unsigned char sk_a[CRYPTO_SECRETKEYBYTES];
+    int i, j;
+    for (i = 0; i < NTESTS; i++) {
+        // Key-pair generation
+        crypto_kem_keypair(pk, sk_a);
+
+        printbytes(pk, CRYPTO_PUBLICKEYBYTES);
+        printbytes(sk_a, CRYPTO_SECRETKEYBYTES);
+
+        // Encapsulation
+        crypto_kem_enc(sendb, key_b, pk);
+
+        printbytes(sendb, CRYPTO_CIPHERTEXTBYTES);
+        printbytes(key_b, CRYPTO_BYTES);
+
+        // Decapsulation
+        crypto_kem_dec(key_a, sendb, sk_a);
+        printbytes(key_a, CRYPTO_BYTES);
+
+        for (j = 0; j < CRYPTO_BYTES; j++) {
+            if (key_a[j] != key_b[j]) {
+                printf("ERROR\n");
+                return -1;
+            }
+        }
+    }
+    return 0;
+}
diff --git a/crypto_sign/testvectors.c b/crypto_sign/testvectors.c
new file mode 100644
index 00000000..156352a8
--- /dev/null
+++ b/crypto_sign/testvectors.c
@@ -0,0 +1,57 @@
+#include "api.h"
+#include "randombytes.h"
+#include <stdio.h>
+#include <string.h>
+
+#define NTESTS 100
+#define MAXMLEN 2048
+
+static void printbytes(const unsigned char *x, unsigned long long xlen) {
+    unsigned long long i;
+    for (i = 0; i < xlen; i++) {
+        printf("%02x", x[i]);
+    }
+    printf("\n");
+}
+
+int main(void) {
+    unsigned char sk[CRYPTO_SECRETKEYBYTES];
+    unsigned char pk[CRYPTO_PUBLICKEYBYTES];
+
+    unsigned char mi[MAXMLEN];
+    unsigned char sm[MAXMLEN + CRYPTO_BYTES];
+    unsigned long long smlen;
+    unsigned long long mlen;
+
+    int r;
+    unsigned long long i, k;
+
+    for (i = 0; i < MAXMLEN; i = (i == 0) ? i + 1 : i << 1) {
+        randombytes(mi, i);
+
+        crypto_sign_keypair(pk, sk);
+
+        printbytes(pk, CRYPTO_PUBLICKEYBYTES);
+        printbytes(sk, CRYPTO_SECRETKEYBYTES);
+
+        crypto_sign(sm, &smlen, mi, i, sk);
+
+        printbytes(sm, smlen);
+
+        // By relying on m == sm we prevent having to allocate CRYPTO_BYTES
+        // twice
+        r = crypto_sign_open(sm, &mlen, sm, smlen, pk);
+
+        if (r) {
+            printf("ERROR: signature verification failed\n");
+            return -1;
+        }
+        for (k = 0; k < i; k++) {
+            if (sm[k] != mi[k]) {
+                printf("ERROR: message recovery failed\n");
+                return -1;
+            }
+        }
+    }
+    return 0;
+}