def test_ed25519_scalar_reduce(): zero = 32 * b'\x00' # 65536 times the order of the main subgroup (which is bigger # than 32 bytes), padded to 64 bytes # 2^252+27742317777372353535851937790883648493 l65536 = bytes(2 * b'\x00') + \ bytes(bytearray([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10] ) ) + bytes(30 * b'\x00') # random scalar modulo l sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES) p = c.crypto_core_ed25519_scalar_add(sclr, zero) # l65536 + p is bigger than 32 bytes big = c.sodium_add(l65536, p + bytes(32 * b'\x00')) r = c.crypto_core_ed25519_scalar_reduce(big) assert r == p
def test_ed25519_scalar_mul(): zero = 32 * b"\x00" three = b"\x03" + 31 * b"\x00" # random scalar modulo l sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES) p = c.crypto_core_ed25519_scalar_add(sclr, zero) p3 = c.crypto_core_ed25519_scalar_mul(p, three) p2 = c.crypto_core_ed25519_scalar_add(p, p) p1 = c.crypto_core_ed25519_scalar_sub(p3, p2) assert p1 == p
def test_ed25519_scalar_reduce(): zero = 32 * b"\x00" # 65536 times the order of the main subgroup (which is bigger # than 32 bytes), padded to 64 bytes # 2^252+27742317777372353535851937790883648493 l65536 = (bytes(2 * b"\x00") + bytes( bytearray([ 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, ])) + bytes(30 * b"\x00")) # random scalar modulo l sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES) p = c.crypto_core_ed25519_scalar_add(sclr, zero) # l65536 + p is bigger than 32 bytes big = c.sodium_add(l65536, p + bytes(32 * b"\x00")) r = c.crypto_core_ed25519_scalar_reduce(big) assert r == p
def __init__(self, user: USER, cid, new=False): if new: self.cid = randombytes(8).hex() self.owner = user.fid self.members = [user.fid] self.hkey = randombytes(16).hex() self.dkeys = [nacl.utils.random(SecretBox.KEY_SIZE).hex()] self.seqno = 0 user.add_channel(self.export()) if not add_alias(cid, self.cid): print("could not create chat alias:", cid) exit(1) else: c = user.get_channel(cid) if c != None: self.cid = c[0] self.owner = c[1] self.members = c[2] self.hkey = c[3] self.dkeys = c[4] self.seqno = c[5] else: print("unknown channel:", cid) exit(1)
def test_scalarmult_ed25519_base(): """ Verify scalarmult_ed25519_base is congruent to scalarmult_ed25519 on the ed25519 base point """ BASEPOINT = bytes( bytearray([ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, ])) sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES) p = c.crypto_scalarmult_ed25519_base(sclr) p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT) assert p2 == p
def test_ed25519_scalar_invert_negate_complement(): zero = 32 * b"\x00" one = b"\x01" + 31 * b"\x00" # random scalar modulo l sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES) sclr = c.crypto_core_ed25519_scalar_add(sclr, zero) i = c.crypto_core_ed25519_scalar_invert(sclr) assert c.crypto_core_ed25519_scalar_mul(sclr, i) == one n = c.crypto_core_ed25519_scalar_negate(sclr) assert c.crypto_core_ed25519_scalar_add(sclr, n) == zero cp = c.crypto_core_ed25519_scalar_complement(sclr) assert c.crypto_core_ed25519_scalar_add(sclr, cp) == one
def test_scalarmult_ed25519_base(): """ Verify scalarmult_ed25519_base is congruent to scalarmult_ed25519 on the ed25519 base point """ BASEPOINT = bytes(bytearray([0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66] ) ) sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES) p = c.crypto_scalarmult_ed25519_base(sclr) p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT) assert p2 == p
def test_box_seed_keypair_short_seed(): seed = c.randombytes(c.crypto_box_SEEDBYTES - 1) with pytest.raises(ValueError): c.crypto_box_seed_keypair(seed) with pytest.raises(CryptoError): c.crypto_box_seed_keypair(seed)
def test_box_seed_keypair_random(): seed = c.randombytes(c.crypto_box_SEEDBYTES) pk, sk = c.crypto_box_seed_keypair(seed) ppk = c.crypto_scalarmult_base(sk) assert pk == ppk
def create_public_key(): return pysodium.randombytes(pysodium.crypto_box_PUBLICKEYBYTES)
def create_nonce(): return pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
def randombytes(self, n): return bindings.randombytes(n)