diff options
author | George Kadianakis <desnacked@riseup.net> | 2017-04-24 16:22:02 +0300 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2017-04-24 16:34:53 +0300 |
commit | 39b5dca7201bb3f30606be199f4d234c86fcaded (patch) | |
tree | 7782f6f5ca140bdf2f32f10163e50afb8582f548 /src | |
parent | b081a7ed21ae729f6e195715e130edaca3e0b7fe (diff) | |
download | tor-39b5dca7201bb3f30606be199f4d234c86fcaded.tar.gz tor-39b5dca7201bb3f30606be199f4d234c86fcaded.zip |
ed25519: Add python code to test our ed25519 validation.
See
https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
Diffstat (limited to 'src')
-rw-r--r-- | src/test/ed25519_exts_ref.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/test/ed25519_exts_ref.py b/src/test/ed25519_exts_ref.py index af5010415e..1898256540 100644 --- a/src/test/ed25519_exts_ref.py +++ b/src/test/ed25519_exts_ref.py @@ -69,6 +69,11 @@ def signatureWithESK(m,h,pk): def newSK(): return os.urandom(32) +def random_scalar(entropy_f): # 0..L-1 inclusive + # reduce the bias to a safe level by generating 256 extra bits + oversized = int(binascii.hexlify(entropy_f(32+32)), 16) + return oversized % ell + # ------------------------------------------------------------ MSG = "This is extremely silly. But it is also incredibly serious business!" @@ -126,6 +131,31 @@ class SelfTest(unittest.TestCase): self._testSignatures(besk, bpk) + def testIdentity(self): + # Base point: + # B is the unique point (x, 4/5) \in E for which x is positive + By = 4 * inv(5) + Bx = xrecover(By) + B = [Bx % q,By % q] + + # Get identity E by doing: E = l*B, where l is the group order + identity = scalarmult(B, ell) + + # Get identity E by doing: E = l*A, where A is a random point + sk = newSK() + pk = decodepoint(publickey(sk)) + identity2 = scalarmult(pk, ell) + + # Check that identities match + assert(identity == identity2) + # Check that identity is the point (0,1) + assert(identity == [0L,1L]) + + # Check identity element: a*E = E, where a is a random scalar + scalar = random_scalar(os.urandom) + result = scalarmult(identity, scalar) + assert(result == identity == identity2) + # ------------------------------------------------------------ # From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ]) |