Commit 39b5dca7 authored by George Kadianakis's avatar George Kadianakis
Browse files

ed25519: Add python code to test our ed25519 validation.

See
https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
parent b081a7ed
......@@ -69,6 +69,11 @@ def signatureWithESK(m,h,pk):
def newSK():
return os.urandom(32)
def random_scalar(entropy_f): # 0..L-1 inclusive
# reduce the bias to a safe level by generating 256 extra bits
oversized = int(binascii.hexlify(entropy_f(32+32)), 16)
return oversized % ell
# ------------------------------------------------------------
MSG = "This is extremely silly. But it is also incredibly serious business!"
......@@ -126,6 +131,31 @@ class SelfTest(unittest.TestCase):
self._testSignatures(besk, bpk)
def testIdentity(self):
# Base point:
# B is the unique point (x, 4/5) \in E for which x is positive
By = 4 * inv(5)
Bx = xrecover(By)
B = [Bx % q,By % q]
# Get identity E by doing: E = l*B, where l is the group order
identity = scalarmult(B, ell)
# Get identity E by doing: E = l*A, where A is a random point
sk = newSK()
pk = decodepoint(publickey(sk))
identity2 = scalarmult(pk, ell)
# Check that identities match
assert(identity == identity2)
# Check that identity is the point (0,1)
assert(identity == [0L,1L])
# Check identity element: a*E = E, where a is a random scalar
scalar = random_scalar(os.urandom)
result = scalarmult(identity, scalar)
assert(result == identity == identity2)
# ------------------------------------------------------------
# From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ])
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment