func TestUnmarshalMarshal(t *testing.T) { pub, _, _ := GenerateKey(rand.Reader) var A edwards25519.ExtendedGroupElement var pubBytes [32]byte copy(pubBytes[:], pub) if !A.FromBytes(&pubBytes) { t.Fatalf("ExtendedGroupElement.FromBytes failed") } var pub2 [32]byte A.ToBytes(&pub2) if pubBytes != pub2 { t.Errorf("FromBytes(%v)->ToBytes does not round-trip, got %x\n", pubBytes, pub2) } }
// Verify reports whether sig is a valid signature of message by publicKey. It // will panic if len(publicKey) is not PublicKeySize. func Verify(publicKey PublicKey, message, sig []byte) bool { if l := len(publicKey); l != PublicKeySize { panic("ed25519: bad public key length: " + strconv.Itoa(l)) } if len(sig) != SignatureSize || sig[63]&224 != 0 { return false } var A edwards25519.ExtendedGroupElement var publicKeyBytes [32]byte copy(publicKeyBytes[:], publicKey) if !A.FromBytes(&publicKeyBytes) { return false } edwards25519.FeNeg(&A.X, &A.X) edwards25519.FeNeg(&A.T, &A.T) h := sha512.New() h.Write(sig[:32]) h.Write(publicKey[:]) h.Write(message) var digest [64]byte h.Sum(digest[:0]) var hReduced [32]byte edwards25519.ScReduce(&hReduced, &digest) var R edwards25519.ProjectiveGroupElement var b [32]byte copy(b[:], sig[32:]) edwards25519.GeDoubleScalarMultVartime(&R, &hReduced, &A, &b) var checkR [32]byte R.ToBytes(&checkR) return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1 }