def test_scalarmult_ed25519_noclamp():
# An arbitrary scalar which is known to differ once clamped
scalar = 32 * b'\x01'
BASEPOINT = bytes(bytearray([0x58, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66]
)
)
p = c.crypto_scalarmult_ed25519_noclamp(scalar, BASEPOINT)
pb = c.crypto_scalarmult_ed25519_base_noclamp(scalar)
pc = c.crypto_scalarmult_ed25519_base(scalar)
assert p == pb
assert pb != pc
# clamp manually
ba = bytearray(scalar)
ba0 = bytes(bytearray([ba[0] & 248]))
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
scalar_clamped = ba0 + bytes(ba[1:31]) + ba31
p1 = c.crypto_scalarmult_ed25519_noclamp(scalar_clamped, BASEPOINT)
p2 = c.crypto_scalarmult_ed25519(scalar, BASEPOINT)
assert p1 == p2
def test_scalarmult_ed25519_unavailable():
zero = 32 * b"\x00"
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_base(zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_base_noclamp(zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519(zero, zero)
with pytest.raises(UnavailableError):
c.crypto_scalarmult_ed25519_noclamp(zero, zero)
def point_mul(scalar: Union[bytes, int],
point: bytes) -> bytes:
"""
Multiply a point on the ed25519 curve with a scalar.
Args:
scalar (int) : Scalar
point (bytes): Point bytes
Returns:
bytes: New point resulting from the multiplication
"""
return bindings.crypto_scalarmult_ed25519_noclamp(
scalar if isinstance(scalar, bytes) else encode_int(scalar),
point if point_is_encoded(point) else point_encode(point)
)