Commit | Line | Data |
---|---|---|
accdbbc9 MW |
1 | ### Local tests for Ed25519 |
2 | ||
a7aa36f2 MW |
3 | pubkey { |
4 | ## From RFC8032. | |
5 | 0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 | |
6 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292; | |
7 | ab9c2853ce297ddab85c993b3ae14bcad39b2c682beabc27d6d4eb20711d6560 | |
8 | 0f1d1274943b91415889152e893d80e93275a1fc0b65fd71b4b0dda10ad7d772; | |
9 | 833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42 | |
10 | ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf; | |
11 | } | |
12 | ||
accdbbc9 MW |
13 | verify { |
14 | ## Check that noncanonical scalars are rejected. The base test is repeated | |
15 | ## from the main suite; let s be the scalar part of the signature, and ℓ be | |
16 | ## the curve order. The negative test has s' = s + ℓ < 2^254, so the value | |
17 | ## fits. | |
18 | 74d29127f199d86a8676aec33b4ce3f225ccb191f52c191ccd1e8cca65213a6b | |
19 | bd8e05033f3a8bcdcbf4beceb70901c82e31 | |
20 | fbe929d743a03c17910575492f3092ee2a2bf14a60a3fcacec74a58c7334510fc262db582791322d6c8c41f1700adb80027ecabc14270b703444ae3ee7623e0a | |
21 | 0; | |
22 | 74d29127f199d86a8676aec33b4ce3f225ccb191f52c191ccd1e8cca65213a6b | |
23 | bd8e05033f3a8bcdcbf4beceb70901c82e31 | |
24 | fbe929d743a03c17910575492f3092ee2a2bf14a60a3fcacec74a58c7334510faf36d1b541f44485422939944f04ba95027ecabc14270b703444ae3ee7623e1a | |
25 | -1; | |
26 | ||
27 | ## OK, so this is a massive cheat, but otherwise testing that out-of-range | |
28 | ## coordinates are rejected is really hard. Pick A = (0, 1), which is the | |
29 | ## identity in E. Then n A = A for all n; in particular, H(R, A, M) A = A | |
30 | ## for any choice of R and M. Furthermore, R = R + H(R, A, M) A for any R. | |
31 | ## Let's pick R = A = (0, 1), because that seems to be working out for us. | |
32 | ## Then s P = R + H(R, A, M) A exactly when s = 0 (mod ℓ). | |
33 | ## | |
34 | ## This is obviously a really daft choice of public key for security, | |
35 | ## because the following is a completely general-purpose signature for all | |
36 | ## messages. | |
37 | ## | |
38 | ## Why bother, you ask? Well, because (0, 1) is one of the few points | |
39 | ## which has a reduntant representation. So we can use this to check that | |
40 | ## we're correctly rejecting signatures which aren't in normal form. | |
41 | 0100000000000000000000000000000000000000000000000000000000000000 | |
42 | 416c6c2d707572706f7365207369676e6174757265210a | |
43 | 01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |
44 | 0; | |
45 | eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f | |
46 | 416c6c2d707572706f7365207369676e6174757265210a | |
47 | 01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |
48 | -1; | |
49 | 0100000000000000000000000000000000000000000000000000000000000000 | |
50 | 416c6c2d707572706f7365207369676e6174757265210a | |
51 | eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f0000000000000000000000000000000000000000000000000000000000000000 | |
52 | -1; | |
53 | } | |
a7aa36f2 MW |
54 | |
55 | sign-ctx { | |
56 | ## From RFC8032. | |
57 | ||
58 | 0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 | |
59 | 0 666f6f f726936d19c800494e3fdaff20b276a8 | |
60 | 55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a8b36950b95130022907a7fb7c4e9b2d5f6cca685a587b4b21f4b888e4e7edb0d; | |
61 | 0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 | |
62 | 0 626172 f726936d19c800494e3fdaff20b276a8 | |
63 | fc60d5872fc46b3aa69f8b5b4351d5808f92bcc044606db097abab6dbcb1aee3216c48e8b3b66431b5b186d1d28f8ee15a5ca2df6668346291c2043d4eb3e90d; | |
64 | 0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 | |
65 | 0 666f6f 508e9e6882b979fea900f62adceaca35 | |
66 | 8b70c1cc8310e1de20ac53ce28ae6e7207f33c3295e03bb5c0732a1d20dc64908922a8b052cf99b7c4fe107a5abb5b2c4085ae75890d02df26269d8945f84b0b; | |
67 | ab9c2853ce297ddab85c993b3ae14bcad39b2c682beabc27d6d4eb20711d6560 | |
68 | 0 666f6f f726936d19c800494e3fdaff20b276a8 | |
69 | 21655b5f1aa965996b3f97b3c849eafba922a0a62992f73b3d1b73106a84ad85e9b86a7b6005ea868337ff2d20a7f5fbd4cd10b0be49a68da2b2e0dc0ad8960f; | |
70 | ||
71 | 833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42 | |
72 | 1 "" 616263 | |
73 | 98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406; | |
74 | } | |
75 | ||
76 | verify-ctx { | |
77 | ## From RFC8032. | |
78 | ||
79 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 | |
80 | 0 666f6f f726936d19c800494e3fdaff20b276a8 | |
81 | 55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a8b36950b95130022907a7fb7c4e9b2d5f6cca685a587b4b21f4b888e4e7edb0d | |
82 | 0; | |
83 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 | |
84 | 0 626172 f726936d19c800494e3fdaff20b276a8 | |
85 | fc60d5872fc46b3aa69f8b5b4351d5808f92bcc044606db097abab6dbcb1aee3216c48e8b3b66431b5b186d1d28f8ee15a5ca2df6668346291c2043d4eb3e90d | |
86 | 0; | |
87 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 | |
88 | 0 626172 f726936d19c800494e3fdaff20b276a8 | |
89 | 55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a8b36950b95130022907a7fb7c4e9b2d5f6cca685a587b4b21f4b888e4e7edb0d | |
90 | -1; | |
91 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 | |
92 | 0 666f6f f726936d19c800494e3fdaff20b276a8 | |
93 | fc60d5872fc46b3aa69f8b5b4351d5808f92bcc044606db097abab6dbcb1aee3216c48e8b3b66431b5b186d1d28f8ee15a5ca2df6668346291c2043d4eb3e90d | |
94 | -1; | |
95 | dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 | |
96 | 0 666f6f 508e9e6882b979fea900f62adceaca35 | |
97 | 8b70c1cc8310e1de20ac53ce28ae6e7207f33c3295e03bb5c0732a1d20dc64908922a8b052cf99b7c4fe107a5abb5b2c4085ae75890d02df26269d8945f84b0b | |
98 | 0; | |
99 | 0f1d1274943b91415889152e893d80e93275a1fc0b65fd71b4b0dda10ad7d772 | |
100 | 0 666f6f f726936d19c800494e3fdaff20b276a8 | |
101 | 21655b5f1aa965996b3f97b3c849eafba922a0a62992f73b3d1b73106a84ad85e9b86a7b6005ea868337ff2d20a7f5fbd4cd10b0be49a68da2b2e0dc0ad8960f | |
102 | 0; | |
103 | ||
104 | ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf | |
105 | 1 "" 616263 | |
106 | 98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406 | |
107 | 0; | |
108 | ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf | |
109 | 1 "" 626172 | |
110 | 98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406 | |
111 | -1; | |
112 | } |