From d1e2bbec1565090f4edef28eeac5742eaf7edf7f Mon Sep 17 00:00:00 2001
From: Michael Hamburg <mike@shiftleft.org>
Date: Tue, 8 Mar 2016 11:27:22 -0800
Subject: [PATCH] fix Ed448-prehash and test against newly-corrected cfrg
 vectors

---
 src/per_curve/eddsa.tmpl.hxx |  2 ++
 test/vectors.inc.cxx         | 54 +++++++++++++++++++++++++++++++-----
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/src/per_curve/eddsa.tmpl.hxx b/src/per_curve/eddsa.tmpl.hxx
index 5ee4cd0..f5743d6 100644
--- a/src/per_curve/eddsa.tmpl.hxx
+++ b/src/per_curve/eddsa.tmpl.hxx
@@ -70,7 +70,9 @@ private:
         }
         
         if (SUPPORTS_CONTEXTS) {
+            const char pfx[] = "$(eddsa_dom)";
             uint8_t dom[2] = {2, (uint8_t)context_.size() };
+            update((const unsigned char*)pfx,strlen(pfx));
             update(dom,2);
             update(context_);
         }
diff --git a/test/vectors.inc.cxx b/test/vectors.inc.cxx
index 1b04aad..6be81ab 100644
--- a/test/vectors.inc.cxx
+++ b/test/vectors.inc.cxx
@@ -113,6 +113,15 @@ const uint8_t ed448_eddsa_sk[][57] = {{
     0xf2,0x9a,0xdf,0x86,0xec,0x99,0x29,0xdc,
     0xcb,0x52,0xc1,0xc5,0xfd,0x2f,0xf7,0xe2,
     0x1b
+}, {
+    0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
+    0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
+    0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
+    0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42,
+    0xef,0x78,0x22,0xe0,0xd5,0x10,0x41,0x27,
+    0xdc,0x05,0xd6,0xdb,0xef,0xde,0x69,0xe3,
+    0xab,0x2c,0xec,0x7c,0x86,0x7c,0x6e,0x2c,
+    0x49
 }};
 const uint8_t ed448_eddsa_pk[][57] = {{
     0x5f,0xd7,0x44,0x9b,0x59,0xb4,0x61,0xfd,
@@ -150,6 +159,15 @@ const uint8_t ed448_eddsa_pk[][57] = {{
     0x94,0xd1,0x9b,0x94,0x53,0x61,0x72,0x6b,
     0xd7,0x5e,0x14,0x9e,0xf0,0x98,0x17,0xf5,
     0x80
+}, {
+    0x25,0x9b,0x71,0xc1,0x9f,0x83,0xef,0x77,
+    0xa7,0xab,0xd2,0x65,0x24,0xcb,0xdb,0x31,
+    0x61,0xb5,0x90,0xa4,0x8f,0x7d,0x17,0xde,
+    0x3e,0xe0,0xba,0x9c,0x52,0xbe,0xb7,0x43,
+    0xc0,0x94,0x28,0xa1,0x31,0xd6,0xb1,0xb5,
+    0x73,0x03,0xd9,0x0d,0x81,0x32,0xc2,0x76,
+    0xd5,0xed,0x3d,0x5d,0x01,0xc0,0xf5,0x38,
+    0x80
 }};
 const uint8_t ed448_eddsa_message[][12] = {{
     0
@@ -161,16 +179,17 @@ const uint8_t ed448_eddsa_message[][12] = {{
 }, {
     0x64,0xa6,0x5f,0x3c,0xde,0xdc,0xdd,0x66,
     0x81,0x1e,0x29,0x15
+}, {
+    0x61,0x62,0x63
 }};
-/* TODO: prehashed test vectors, once spec is fixed */
-
 
 template<> const bool Tests<Ed448Goldilocks>::eddsa_prehashed[] = {
     false,
     false,
     false,
     false,
-    false
+    false,
+    true
 };
 
 const uint8_t ed448_eddsa_context[][3] = {{
@@ -256,6 +275,22 @@ const uint8_t ed448_eddsa_sig[][114] = {{
     0x54,0x28,0x40,0x7e,0x85,0xdc,0xbc,0x98,
     0xa4,0x91,0x55,0xc1,0x37,0x64,0xe6,0x6c,
     0x3c,0x00
+}, {
+    0x86,0xa6,0xbf,0x52,0xf9,0xe8,0xf8,0x4f,
+    0x45,0x1b,0x2f,0x39,0x2a,0x8d,0x1c,0x3a,
+    0x41,0x44,0x25,0xfa,0xc0,0x06,0x8f,0x74,
+    0xae,0xea,0xd5,0x3b,0x0e,0x6b,0x53,0xd4,
+    0x55,0x5c,0xea,0x17,0x26,0xda,0x4a,0x65,
+    0x20,0x28,0x80,0xd4,0x07,0x26,0x70,0x87,
+    0x9e,0x8e,0x6f,0xa4,0xd9,0x69,0x4c,0x06,
+    0x00,0x54,0xf2,0x06,0x5d,0xc2,0x06,0xa6,
+    0xe6,0x15,0xd0,0xd8,0xc9,0x9b,0x95,0x20,
+    0x9b,0x69,0x6c,0x81,0x25,0xc5,0xfb,0xb9,
+    0xbc,0x82,0xa0,0xf7,0xed,0x3d,0x99,0xc4,
+    0xc1,0x1c,0x47,0x79,0x8e,0xf0,0xf7,0xeb,
+    0x97,0xb3,0xb7,0x2a,0xb4,0xac,0x86,0xea,
+    0xf8,0xb4,0x34,0x49,0xe8,0xac,0x30,0xff,
+    0x3f,0x00
 }};
 template<> const Block Tests<Ed448Goldilocks>::eddsa_sk[] = {
     Block(ed448_eddsa_sk[0],57),
@@ -263,6 +298,7 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_sk[] = {
     Block(ed448_eddsa_sk[1],57),
     Block(ed448_eddsa_sk[2],57),
     Block(ed448_eddsa_sk[3],57),
+    Block(ed448_eddsa_sk[4],57),
     Block(NULL,0)
 };
 template<> const Block Tests<Ed448Goldilocks>::eddsa_pk[] = {
@@ -270,28 +306,32 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_pk[] = {
     Block(ed448_eddsa_pk[1],57),
     Block(ed448_eddsa_pk[1],57),
     Block(ed448_eddsa_pk[2],57),
-    Block(ed448_eddsa_pk[3],57)
+    Block(ed448_eddsa_pk[3],57),
+    Block(ed448_eddsa_pk[4],57)
 };
 template<> const Block Tests<Ed448Goldilocks>::eddsa_message[] = {
     Block(ed448_eddsa_message[0],0),
     Block(ed448_eddsa_message[1],1),
     Block(ed448_eddsa_message[1],1),
     Block(ed448_eddsa_message[2],11),
-    Block(ed448_eddsa_message[3],12)
+    Block(ed448_eddsa_message[3],12),
+    Block(ed448_eddsa_message[4],3)
 };
 template<> const Block Tests<Ed448Goldilocks>::eddsa_context[] = {
     Block(NULL,0),
     Block(NULL,0),
     Block(ed448_eddsa_context[0],3),
     Block(NULL,0),
-    Block(NULL,0)
+    Block(NULL,0),
+    Block(ed448_eddsa_context[0],3)
 };
 template<> const Block Tests<Ed448Goldilocks>::eddsa_sig[] = {
     Block(ed448_eddsa_sig[0],114),
     Block(ed448_eddsa_sig[1],114),
     Block(ed448_eddsa_sig[4],114),
     Block(ed448_eddsa_sig[2],114),
-    Block(ed448_eddsa_sig[3],114)
+    Block(ed448_eddsa_sig[3],114),
+    Block(ed448_eddsa_sig[5],114)
 };
 
 const uint8_t ed25519_eddsa_sk[][32] = {{