예제 #1
0
def test_sign_ed25519ph_rfc8032():
    # sk, pk, msg, exp_sig
    # taken from RFC 8032 section 7.3.  Test Vectors for Ed25519ph
    sk = unhexlify(b"833fe62409237b9d62ec77587520911e"
                   b"9a759cec1d19755b7da901b96dca3d42")
    pk = unhexlify(b"ec172b93ad5e563bf4932c70e1245034"
                   b"c35467ef2efd4d64ebf819683467e2bf")
    msg = b"abc"
    exp_sig = unhexlify(b"98a70222f0b8121aa9d30f813d683f80"
                        b"9e462b469c7ff87639499bb94e6dae41"
                        b"31f85042463c2a355a2003d062adf5aa"
                        b"a10b8c61e636062aaad11c2a26083406")
    c_sk = sk + pk

    edph = c.crypto_sign_ed25519ph_state()
    c.crypto_sign_ed25519ph_update(edph, msg)
    sig = c.crypto_sign_ed25519ph_final_create(edph, c_sk)

    assert sig == exp_sig

    edph_v = c.crypto_sign_ed25519ph_state()
    c.crypto_sign_ed25519ph_update(edph_v, msg)

    assert c.crypto_sign_ed25519ph_final_verify(edph_v, exp_sig, pk) is True

    c.crypto_sign_ed25519ph_update(edph_v, msg)

    with pytest.raises(BadSignatureError):
        c.crypto_sign_ed25519ph_final_verify(edph_v, exp_sig, pk)
예제 #2
0
def test_sign_ed25519ph_libsodium():
    #
    _hsk, _hpk, hmsg, _hsig, _hsigmsg = ed25519_known_answers()[-1]

    msg = unhexlify(hmsg)

    seed = unhexlify(b"421151a459faeade3d247115f94aedae"
                     b"42318124095afabe4d1451a559faedee")

    pk, sk = c.crypto_sign_seed_keypair(seed)

    exp_sig = unhexlify(b"10c5411e40bd10170fb890d4dfdb6d33"
                        b"8c8cb11d2764a216ee54df10977dcdef"
                        b"d8ff755b1eeb3f16fce80e40e7aafc99"
                        b"083dbff43d5031baf04157b48423960d")

    edph = c.crypto_sign_ed25519ph_state()
    c.crypto_sign_ed25519ph_update(edph, msg)
    sig = c.crypto_sign_ed25519ph_final_create(edph, sk)

    assert sig == exp_sig

    edph_incr = c.crypto_sign_ed25519ph_state()
    c.crypto_sign_ed25519ph_update(edph_incr, b"")
    c.crypto_sign_ed25519ph_update(edph_incr, msg[0:len(msg) // 2])
    c.crypto_sign_ed25519ph_update(edph_incr, msg[len(msg) // 2:])

    assert c.crypto_sign_ed25519ph_final_verify(edph_incr, exp_sig, pk) is True

    with pytest.raises(BadSignatureError):
        wrng_sig = flip_byte(exp_sig, 0)
        c.crypto_sign_ed25519ph_final_verify(edph_incr, wrng_sig, pk)

    with pytest.raises(BadSignatureError):
        wrng_mesg = flip_byte(msg, 1022)
        edph_wrng = c.crypto_sign_ed25519ph_state()
        c.crypto_sign_ed25519ph_update(edph_wrng, wrng_mesg)
        c.crypto_sign_ed25519ph_final_verify(edph_wrng, exp_sig, pk)