From 995484b1e08adfca025121e2226154e883bdc0fc Mon Sep 17 00:00:00 2001
From: jeffro256 <jeffro256@tutanota.com>
Date: Mon, 2 Dec 2024 11:32:55 -0600
Subject: [PATCH] test catch ECDH small order points

---
 tests/unit_tests/carrot_core.cpp | 46 ++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/tests/unit_tests/carrot_core.cpp b/tests/unit_tests/carrot_core.cpp
index 0313fe5e4..af2eb541c 100644
--- a/tests/unit_tests/carrot_core.cpp
+++ b/tests/unit_tests/carrot_core.cpp
@@ -40,6 +40,41 @@
 
 using namespace carrot;
 
+//----------------------------------------------------------------------------------------------------------------------
+//----------------------------------------------------------------------------------------------------------------------
+// https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c#L17
+  static const crypto::x25519_pubkey x25519_small_order_points[7] = {
+      /* 0 (order 4) */
+      {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }},
+      /* 1 (order 1) */
+      {{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }},
+      /* 325606250916557431795983626356110631294008115727848805560023387167927233504
+          (order 8) */
+      {{ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
+        0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
+        0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 }},
+      /* 39382357235489614581723060781553021112529911719440698176882885853963445705823
+          (order 8) */
+      {{ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1,
+        0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c,
+        0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 }},
+      /* p-1 (order 2) */
+      {{ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }},
+      /* p (=0, order 4) */
+      {{ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }},
+      /* p+1 (=1, order 1) */
+      {{ 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }}
+  };
 //----------------------------------------------------------------------------------------------------------------------
 //----------------------------------------------------------------------------------------------------------------------
 struct mock_carrot_keys
@@ -167,6 +202,17 @@ TEST(carrot_core, ECDH_mx25519_convergence)
     EXPECT_EQ(Q_mx25519, Q_carrot);
 }
 //----------------------------------------------------------------------------------------------------------------------
+TEST(carrot_core, ECDH_catch_small_order_points)
+{
+    const crypto::secret_key sk = rct::rct2sk(rct::skGen());
+
+    for (const crypto::x25519_pubkey &P : x25519_small_order_points)
+    {
+        crypto::x25519_pubkey Q;
+        EXPECT_FALSE(make_carrot_uncontextualized_shared_key_receiver(sk, P, Q));
+    }
+}
+//----------------------------------------------------------------------------------------------------------------------
 TEST(carrot_core, main_address_normal_scan_completeness)
 {
     const mock_carrot_keys keys = mock_carrot_keys::generate();