def test_ed25519_add_and_sub():
# the public component of a ed25519 keypair
# is a point on the ed25519 curve
p1, _s1 = c.crypto_sign_keypair()
p2, _s2 = c.crypto_sign_keypair()
p3 = c.crypto_core_ed25519_add(p1, p2)
assert c.crypto_core_ed25519_is_valid_point(p3) is True
assert c.crypto_core_ed25519_sub(p3, p1) == p2
assert c.crypto_core_ed25519_sub(p3, p2) == p1
def test_ed25519_add_and_sub():
# the public component of a ed25519 keypair
# is a point on the ed25519 curve
p1, _s1 = c.crypto_sign_keypair()
p2, _s2 = c.crypto_sign_keypair()
p3 = c.crypto_core_ed25519_add(p1, p2)
assert c.crypto_core_ed25519_is_valid_point(p3) is True
assert c.crypto_core_ed25519_sub(p3, p1) == p2
assert c.crypto_core_ed25519_sub(p3, p2) == p1
def test_sign():
seed = b"\x00" * c.crypto_sign_SEEDBYTES
pubkey, secretkey = c.crypto_sign_seed_keypair(seed)
assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES
pubkey, secretkey = c.crypto_sign_keypair()
assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES
msg = b"message"
sigmsg = c.crypto_sign(msg, secretkey)
assert len(sigmsg) == len(msg) + c.crypto_sign_BYTES
msg2 = c.crypto_sign_open(sigmsg, pubkey)
assert msg2 == msg
def test_sign():
seed = b"\x00" * c.crypto_sign_SEEDBYTES
pubkey, secretkey = c.crypto_sign_seed_keypair(seed)
assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES
pubkey, secretkey = c.crypto_sign_keypair()
assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES
msg = b"message"
sigmsg = c.crypto_sign(msg, secretkey)
assert len(sigmsg) == len(msg) + c.crypto_sign_BYTES
msg2 = c.crypto_sign_open(sigmsg, pubkey)
assert msg2 == msg
def test_scalarmult_ed25519():
SCALARBYTES = c.crypto_scalarmult_ed25519_SCALARBYTES
# the minimum ed25519 scalar is represented by a 8 value in the
# first octet, a 64 value in the last octet, and all zeros
# in between:
MINSC = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [64]))
# the scalar multiplication formula for ed25519
# "clamps" the scalar by setting the most significant bit
# of the last octet to zero, therefore scalar multiplication
# by CLMPD is equivalent to scalar multiplication by MINSC
CLMPD = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [192]))
MIN_P1 = bytes(bytearray([9] + (SCALARBYTES - 2) * [0] + [64]))
MIN_P7 = bytes(bytearray([15] + (SCALARBYTES - 2) * [0] + [64]))
MIN_P8 = bytes(bytearray([16] + (SCALARBYTES - 2) * [0] + [64]))
p, _s = c.crypto_sign_keypair()
_p = p
for i in range(254):
# double _p
_p = c.crypto_core_ed25519_add(_p, _p)
for i in range(8):
_p = c.crypto_core_ed25519_add(_p, p)
# at this point _p is (2^254+8) times p
assert c.crypto_scalarmult_ed25519(MINSC, p) == _p
assert c.crypto_scalarmult_ed25519(CLMPD, p) == _p
# ed25519 scalar multiplication sets the least three significant
# bits of the first octet to zero; therefore:
assert c.crypto_scalarmult_ed25519(MIN_P1, p) == _p
assert c.crypto_scalarmult_ed25519(MIN_P7, p) == _p
_p8 = _p
for i in range(8):
_p8 = c.crypto_core_ed25519_add(_p8, p)
# at this point _p is (2^254 + 16) times p
assert c.crypto_scalarmult_ed25519(MIN_P8, p) == _p8
def test_scalarmult_ed25519():
SCALARBYTES = c.crypto_scalarmult_ed25519_SCALARBYTES
# the minimum ed25519 scalar is represented by a 8 value in the
# first octet, a 64 value in the last octet, and all zeros
# in between:
MINSC = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [64]))
# the scalar multiplication formula for ed25519
# "clamps" the scalar by setting the most significant bit
# of the last octet to zero, therefore scalar multiplication
# by CLMPD is equivalent to scalar multiplication by MINSC
CLMPD = bytes(bytearray([8] + (SCALARBYTES - 2) * [0] + [192]))
MIN_P1 = bytes(bytearray([9] + (SCALARBYTES - 2) * [0] + [64]))
MIN_P7 = bytes(bytearray([15] + (SCALARBYTES - 2) * [0] + [64]))
MIN_P8 = bytes(bytearray([16] + (SCALARBYTES - 2) * [0] + [64]))
p, _s = c.crypto_sign_keypair()
_p = p
for i in range(254):
# double _p
_p = c.crypto_core_ed25519_add(_p, _p)
for i in range(8):
_p = c.crypto_core_ed25519_add(_p, p)
# at this point _p is (2^254+8) times p
assert c.crypto_scalarmult_ed25519(MINSC, p) == _p
assert c.crypto_scalarmult_ed25519(CLMPD, p) == _p
# ed25519 scalar multiplication sets the least three significant
# bits of the first octet to zero; therefore:
assert c.crypto_scalarmult_ed25519(MIN_P1, p) == _p
assert c.crypto_scalarmult_ed25519(MIN_P7, p) == _p
_p8 = _p
for i in range(8):
_p8 = c.crypto_core_ed25519_add(_p8, p)
# at this point _p is (2^254 + 16) times p
assert c.crypto_scalarmult_ed25519(MIN_P8, p) == _p8
