10 // Testing basic InnerSign+Verify and the invariants:
11 // 1) Expand(PrivateKey).Sign() == PrivateKey.Sign()
12 // 2) InnerSign(Expand(PrivateKey)) == Sign(PrivateKey)
14 type zeroReader struct{}
16 func (zeroReader) Read(buf []byte) (int, error) {
23 func TestInnerSignVerify(t *testing.T) {
25 public, private, _ := ed25519.GenerateKey(zero)
26 expprivate := expandEd25519PrivateKey(private)
28 message := []byte("test message")
29 sig := Ed25519InnerSign(expprivate, message)
30 if !ed25519.Verify(public, message, sig) {
31 t.Errorf("valid signature rejected")
34 wrongMessage := []byte("wrong message")
35 if ed25519.Verify(public, wrongMessage, sig) {
36 t.Errorf("signature of different message accepted")
40 func TestExpandedKeySignerInterfaceInvariant(t *testing.T) {
42 public, private, _ := ed25519.GenerateKey(zero)
43 expprivate := expandEd25519PrivateKey(private)
45 signer1 := crypto.Signer(private)
46 signer2 := crypto.Signer(expprivate)
48 publicInterface1 := signer1.Public()
49 publicInterface2 := signer2.Public()
50 public1, ok := publicInterface1.(ed25519.PublicKey)
52 t.Fatalf("expected PublicKey from Public() but got %T", publicInterface1)
54 public2, ok := publicInterface2.(ed25519.PublicKey)
56 t.Fatalf("expected PublicKey from Public() but got %T", publicInterface2)
59 if !bytes.Equal(public, public1) {
60 t.Errorf("public keys do not match: original:%x vs Public():%x", public, public1)
62 if !bytes.Equal(public, public2) {
63 t.Errorf("public keys do not match: original:%x vs Public():%x", public, public2)
66 message := []byte("message")
67 var noHash crypto.Hash
68 signature1, err := signer1.Sign(zero, message, noHash)
70 t.Fatalf("error from Sign(): %s", err)
72 signature2, err := signer2.Sign(zero, message, noHash)
74 t.Fatalf("error from Sign(): %s", err)
76 if !bytes.Equal(signature1[:], signature2[:]) {
77 t.Errorf(".Sign() should return identical signatures for Signer(privkey) and Signer(Expand(privkey))")
79 if !ed25519.Verify(public, message, signature1) {
80 t.Errorf("Verify failed on signature from Sign()")
84 func TestInnerSignInvariant(t *testing.T) {
86 _, private, _ := ed25519.GenerateKey(zero)
87 expprivate := expandEd25519PrivateKey(private)
89 message := []byte("test message")
90 sig1 := ed25519.Sign(private, message)
91 sig2 := Ed25519InnerSign(expprivate, message)
93 if !bytes.Equal(sig1[:], sig2[:]) {
94 t.Errorf("InnerSign(Expand(privkey)) must return the same as Sign(privkey)")