def test_ed25519_add_and_sub(): # the public component of a ed25519 keypair # is a point on the ed25519 curve p1, _s1 = c.crypto_sign_keypair() p2, _s2 = c.crypto_sign_keypair() p3 = c.crypto_core_ed25519_add(p1, p2) assert c.crypto_core_ed25519_is_valid_point(p3) is True assert c.crypto_core_ed25519_sub(p3, p1) == p2 assert c.crypto_core_ed25519_sub(p3, p2) == p1
def test_sign(): seed = b"\x00" * c.crypto_sign_SEEDBYTES pubkey, secretkey = c.crypto_sign_seed_keypair(seed) assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES pubkey, secretkey = c.crypto_sign_keypair() assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES msg = b"message" sigmsg = c.crypto_sign(msg, secretkey) assert len(sigmsg) == len(msg) + c.crypto_sign_BYTES msg2 = c.crypto_sign_open(sigmsg, pubkey) assert msg2 == msg
def test_scalarmult_ed25519(): SCALARBYTES = c.crypto_scalarmult_ed25519_SCALARBYTES # the minimum ed25519 scalar is represented by a 8 value in the # first octet, a 64 value in the last octet, and all zeros # in between: MINSC = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [64])) # the scalar multiplication formula for ed25519 # "clamps" the scalar by setting the most significant bit # of the last octet to zero, therefore scalar multiplication # by CLMPD is equivalent to scalar multiplication by MINSC CLMPD = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [192])) MIN_P1 = bytes(bytearray([9] + (SCALARBYTES - 2) * [0] + [64])) MIN_P7 = bytes(bytearray([15] + (SCALARBYTES - 2) * [0] + [64])) MIN_P8 = bytes(bytearray([16] + (SCALARBYTES - 2) * [0] + [64])) p, _s = c.crypto_sign_keypair() _p = p for i in range(254): # double _p _p = c.crypto_core_ed25519_add(_p, _p) for i in range(8): _p = c.crypto_core_ed25519_add(_p, p) # at this point _p is (2^254+8) times p assert c.crypto_scalarmult_ed25519(MINSC, p) == _p assert c.crypto_scalarmult_ed25519(CLMPD, p) == _p # ed25519 scalar multiplication sets the least three significant # bits of the first octet to zero; therefore: assert c.crypto_scalarmult_ed25519(MIN_P1, p) == _p assert c.crypto_scalarmult_ed25519(MIN_P7, p) == _p _p8 = _p for i in range(8): _p8 = c.crypto_core_ed25519_add(_p8, p) # at this point _p is (2^254 + 16) times p assert c.crypto_scalarmult_ed25519(MIN_P8, p) == _p8