def test_scalarmult_ed25519_unavailable():
zero = 32 * b"\x00"
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_base(zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_base_noclamp(zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519(zero, zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_noclamp(zero, zero)
def test_scalarmult_ed25519_noclamp():
# An arbitrary scalar which is known to differ once clamped
scalar = 32 * b'\x01'
BASEPOINT = bytes(bytearray([0x58, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66]
)
)
p = c.crypto_scalarmult_ed25519_noclamp(scalar, BASEPOINT)
pb = c.crypto_scalarmult_ed25519_base_noclamp(scalar)
pc = c.crypto_scalarmult_ed25519_base(scalar)
assert p == pb
assert pb != pc
# clamp manually
ba = bytearray(scalar)
ba0 = bytes(bytearray([ba[0] & 248]))
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
scalar_clamped = ba0 + bytes(ba[1:31]) + ba31
p1 = c.crypto_scalarmult_ed25519_noclamp(scalar_clamped, BASEPOINT)
p2 = c.crypto_scalarmult_ed25519(scalar, BASEPOINT)
assert p1 == p2
def __init__(self) -> None:
"""
Initialises the Sender.
"""
self.__senderOTSecret = nacl.utils.random(
#bytes(random.getrandbits(8) for _ in range(
crypto_scalarmult_ed25519_SCALARBYTES)
#)
self.__senderOTKey = crypto_scalarmult_ed25519_base(
self.__senderOTSecret)
self.__senderOTU = crypto_scalarmult_ed25519(self.__senderOTSecret,
self.__senderOTKey)
def test_scalarmult_ed25519_base():
"""
Verify scalarmult_ed25519_base is congruent to
scalarmult_ed25519 on the ed25519 base point
"""
BASEPOINT = bytes(
bytearray([
0x58,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
]))
sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES)
p = c.crypto_scalarmult_ed25519_base(sclr)
p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT)
assert p2 == p
def getRequestOTKey(self, entryIndex: str) -> bytes:
"""
Given the index of an entry of interest to the Receiver, returns the
tailored public Oblivious Transfer key of the Receiver. Further, the
Oblivious Transfer secret key is stored internally, which later is used
to decrypt the entry of interest to the Receiver.
:param entryIndex: The index of an entry of interest to the Receiver. It
must be provided as a string.
"""
entryIndexBytes = entryIndex.encode('utf8')
sk = nacl.utils.random(crypto_scalarmult_ed25519_SCALARBYTES)
pk = crypto_scalarmult_ed25519_base(sk)
self.__otSecrets[entryIndex] = crypto_scalarmult_ed25519(
sk, self.__senderOTKey)
return crypto_core_ed25519_add(
crypto_scalarmult_ed25519(
b'\0' * (32 - len(entryIndexBytes)) + entryIndexBytes,
self.__senderOTKey), pk)
def test_scalarmult_ed25519_base():
"""
Verify scalarmult_ed25519_base is congruent to
scalarmult_ed25519 on the ed25519 base point
"""
BASEPOINT = bytes(bytearray([0x58, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66]
)
)
sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES)
p = c.crypto_scalarmult_ed25519_base(sclr)
p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT)
assert p2 == p