def test_ed25519_scalar_reduce():
zero = 32 * b'\x00'
# 65536 times the order of the main subgroup (which is bigger
# than 32 bytes), padded to 64 bytes
# 2^252+27742317777372353535851937790883648493
l65536 = bytes(2 * b'\x00') + \
bytes(bytearray([0xed, 0xd3, 0xf5, 0x5c,
0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2,
0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x10]
)
) + bytes(30 * b'\x00')
# random scalar modulo l
sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES)
p = c.crypto_core_ed25519_scalar_add(sclr, zero)
# l65536 + p is bigger than 32 bytes
big = c.sodium_add(l65536, p + bytes(32 * b'\x00'))
r = c.crypto_core_ed25519_scalar_reduce(big)
assert r == p
def test_ed25519_scalar_mul():
zero = 32 * b"\x00"
three = b"\x03" + 31 * b"\x00"
# random scalar modulo l
sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES)
p = c.crypto_core_ed25519_scalar_add(sclr, zero)
p3 = c.crypto_core_ed25519_scalar_mul(p, three)
p2 = c.crypto_core_ed25519_scalar_add(p, p)
p1 = c.crypto_core_ed25519_scalar_sub(p3, p2)
assert p1 == p
def test_ed25519_scalar_reduce():
zero = 32 * b"\x00"
# 65536 times the order of the main subgroup (which is bigger
# than 32 bytes), padded to 64 bytes
# 2^252+27742317777372353535851937790883648493
l65536 = (bytes(2 * b"\x00") + bytes(
bytearray([
0xED,
0xD3,
0xF5,
0x5C,
0x1A,
0x63,
0x12,
0x58,
0xD6,
0x9C,
0xF7,
0xA2,
0xDE,
0xF9,
0xDE,
0x14,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x10,
])) + bytes(30 * b"\x00"))
# random scalar modulo l
sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES)
p = c.crypto_core_ed25519_scalar_add(sclr, zero)
# l65536 + p is bigger than 32 bytes
big = c.sodium_add(l65536, p + bytes(32 * b"\x00"))
r = c.crypto_core_ed25519_scalar_reduce(big)
assert r == p
def __init__(self, user: USER, cid, new=False):
if new:
self.cid = randombytes(8).hex()
self.owner = user.fid
self.members = [user.fid]
self.hkey = randombytes(16).hex()
self.dkeys = [nacl.utils.random(SecretBox.KEY_SIZE).hex()]
self.seqno = 0
user.add_channel(self.export())
if not add_alias(cid, self.cid):
print("could not create chat alias:", cid)
exit(1)
else:
c = user.get_channel(cid)
if c != None:
self.cid = c[0]
self.owner = c[1]
self.members = c[2]
self.hkey = c[3]
self.dkeys = c[4]
self.seqno = c[5]
else:
print("unknown channel:", cid)
exit(1)
def test_scalarmult_ed25519_base():
"""
Verify scalarmult_ed25519_base is congruent to
scalarmult_ed25519 on the ed25519 base point
"""
BASEPOINT = bytes(
bytearray([
0x58,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
0x66,
]))
sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES)
p = c.crypto_scalarmult_ed25519_base(sclr)
p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT)
assert p2 == p
def test_ed25519_scalar_invert_negate_complement():
zero = 32 * b"\x00"
one = b"\x01" + 31 * b"\x00"
# random scalar modulo l
sclr = c.randombytes(c.crypto_core_ed25519_SCALARBYTES)
sclr = c.crypto_core_ed25519_scalar_add(sclr, zero)
i = c.crypto_core_ed25519_scalar_invert(sclr)
assert c.crypto_core_ed25519_scalar_mul(sclr, i) == one
n = c.crypto_core_ed25519_scalar_negate(sclr)
assert c.crypto_core_ed25519_scalar_add(sclr, n) == zero
cp = c.crypto_core_ed25519_scalar_complement(sclr)
assert c.crypto_core_ed25519_scalar_add(sclr, cp) == one
def test_scalarmult_ed25519_base():
"""
Verify scalarmult_ed25519_base is congruent to
scalarmult_ed25519 on the ed25519 base point
"""
BASEPOINT = bytes(bytearray([0x58, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66]
)
)
sclr = c.randombytes(c.crypto_scalarmult_ed25519_SCALARBYTES)
p = c.crypto_scalarmult_ed25519_base(sclr)
p2 = c.crypto_scalarmult_ed25519(sclr, BASEPOINT)
assert p2 == p
def test_box_seed_keypair_short_seed():
seed = c.randombytes(c.crypto_box_SEEDBYTES - 1)
with pytest.raises(ValueError):
c.crypto_box_seed_keypair(seed)
with pytest.raises(CryptoError):
c.crypto_box_seed_keypair(seed)
def test_box_seed_keypair_random():
seed = c.randombytes(c.crypto_box_SEEDBYTES)
pk, sk = c.crypto_box_seed_keypair(seed)
ppk = c.crypto_scalarmult_base(sk)
assert pk == ppk
def test_box_seed_keypair_short_seed():
seed = c.randombytes(c.crypto_box_SEEDBYTES - 1)
with pytest.raises(ValueError):
c.crypto_box_seed_keypair(seed)
with pytest.raises(CryptoError):
c.crypto_box_seed_keypair(seed)
def test_box_seed_keypair_random():
seed = c.randombytes(c.crypto_box_SEEDBYTES)
pk, sk = c.crypto_box_seed_keypair(seed)
ppk = c.crypto_scalarmult_base(sk)
assert pk == ppk
def create_public_key():
return pysodium.randombytes(pysodium.crypto_box_PUBLICKEYBYTES)
def create_nonce():
return pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
def randombytes(self, n):
return bindings.randombytes(n)
