def test_publickey(self):
sk_bytes = unhexlify("4ba96b0b5303328c7405220598a587c4"
"acb06ed9a9601d149f85400195f1ec3d")
sk = ed25519.SigningKey(sk_bytes)
self.failUnlessRaises(ValueError, ed25519.SigningKey, "wrong length")
vk_bytes = sk.get_verifying_key_bytes()
self.failUnlessEqual(
hexlify(vk_bytes), "a66d161e090652b054740748f059f92a"
"5b731f1c27b05571f6d942e4f8b7b264")
ed25519.VerifyingKey(vk_bytes)
self.failUnlessRaises(ValueError, ed25519.VerifyingKey, "wrong length")
def test_object_identity(self):
sk1_bytes = unhexlify("ef32972ae3f1252a5aa1395347ea008c"
"bd2fed0773a4ea45e2d2d06c8cf8fbd4")
sk2_bytes = unhexlify("3d550c158900b4c2922b6656d2f80572"
"89de4ee65043745179685ae7d29b944d")
sk1a = ed25519.SigningKey(sk1_bytes)
sk1b = ed25519.SigningKey(sk1_bytes)
sk2 = ed25519.SigningKey(sk2_bytes)
self.failUnlessEqual(sk1a, sk1b)
self.failIfEqual(sk1a, sk2)
vk1_bytes = sk1a.get_verifying_key_bytes()
self.failUnlessEqual(vk1_bytes, sk1b.get_verifying_key_bytes())
vk2_bytes = sk2.get_verifying_key_bytes()
vk1a = ed25519.VerifyingKey(vk1_bytes)
vk1b = ed25519.VerifyingKey(vk1_bytes)
vk2 = ed25519.VerifyingKey(vk2_bytes)
self.failUnlessEqual(vk1a, vk1b)
self.failIfEqual(vk1a, vk2)
# exercise compare-against-other-type
self.failIfEqual(sk2, "not a SigningKey")
self.failIfEqual(vk2, "not a VerifyingKey")
def test_OOP(self):
sk_bytes = unhexlify("4ba96b0b5303328c7405220598a587c4"
"acb06ed9a9601d149f85400195f1ec3d")
sk = ed25519.SigningKey(sk_bytes)
self.failUnlessEqual(
hexlify(sk.get_verifying_key_bytes()),
"a66d161e090652b054740748f059f92a"
"5b731f1c27b05571f6d942e4f8b7b264")
vk = ed25519.VerifyingKey(sk.get_verifying_key_bytes())
msg = "hello world"
sig = sk.sign(msg)
self.failUnlessEqual(len(sig), 64)
self.failUnlessEqual(
hexlify(sig), "6eaffe94f2972b35158b6aaa9b69c1da"
"97f0896aca29c41b1dd7b32e6c9e2ff6"
"76fc8d8b034709cdcc37d8aeb86bebfb"
"173ace3c319e211ea1d7e8d8884c1808")
self.failUnlessEqual(vk.verify(sig, msg), None) # also, don't throw
self.failUnlessRaises(ed25519.BadSignatureError, vk.verify, sig,
msg + ".. NOT!")
def test_short(self):
# kat-ed25519.txt comes from "sign.input" on ed25519.cr.yp.to . The
# pure-python ed25519.py in the same distribution uses a very
# different key format than the one used by NaCl.
shortkat = resource_string('pycryptopp',
'testvectors/kat-ed25519-short.txt')
for i, line in enumerate(shortkat.splitlines()):
x = line.split(":")
A, B, C, D = [unhexlify(i) for i in x[:4]]
# A[:32] is the 32 byte seed (the entropy input to H())
# A[32:] == B == the public point (pubkey)
# C is the message
# D is 64 bytes of signature (R+S) prepended to the message
seed = A[:32]
vk_s = B
# the NaCl signature is R+S, which happens to be the same as ours
msg = C
sig = D[:64]
# note that R depends only upon the second half of H(seed). S
# depends upon both the first half (the exponent) and the second
# half
#if len(msg) % 16 == 1:
# print "msg len = %d" % len(msg), time.time()
sk = ed25519.SigningKey(seed)
vkbs = sk.get_verifying_key_bytes()
self.failUnlessEqual(vkbs, vk_s)
vk = ed25519.VerifyingKey(vkbs)
vk2 = ed25519.VerifyingKey(vk_s)
self.failUnlessEqual(vk2, vk) # objects should compare equal
newsig = sk.sign(msg)
sig_R, sig_S = sig[:32], sig[32:]
newsig_R, newsig_S = newsig[:32], newsig[32:]
self.failUnlessEqual(hexlify(newsig),
hexlify(sig)) # deterministic sigs
self.failUnlessEqual(vk.verify(sig, msg), None) # no exception
def ver_init(self, N):
signer = ed25519.SigningKey(self.seed)
self.sig = signer.sign(msg)
self.verifier = ed25519.VerifyingKey(signer.get_verifying_key_bytes())
def sign_init(self, N):
self.signer = ed25519.SigningKey(self.seed)
def gen(self, N):
for i in xrange(N):
ed25519.SigningKey(self.seed)
def parse_privkey(privkey_vs):
sk_bytes = a2b(remove_prefix(privkey_vs, "priv-v0-"))
sk = ed25519.SigningKey(sk_bytes)
vk_bytes = sk.get_verifying_key_bytes()
return (sk, "pub-v0-" + b2a(vk_bytes))
def make_keypair():
sk_bytes = os.urandom(32)
sk = ed25519.SigningKey(sk_bytes)
vk_bytes = sk.get_verifying_key_bytes()
return ("priv-v0-" + b2a(sk_bytes), "pub-v0-" + b2a(vk_bytes))