1
2#define TEST_NAME "ed25519_convert"
3#include "cmptest.h"
4
5static const unsigned char keypair_seed[crypto_sign_ed25519_SEEDBYTES] = {
6    0x42, 0x11, 0x51, 0xa4, 0x59, 0xfa, 0xea, 0xde, 0x3d, 0x24, 0x71,
7    0x15, 0xf9, 0x4a, 0xed, 0xae, 0x42, 0x31, 0x81, 0x24, 0x09, 0x5a,
8    0xfa, 0xbe, 0x4d, 0x14, 0x51, 0xa5, 0x59, 0xfa, 0xed, 0xee
9};
10
11int
12main(void)
13{
14    unsigned char ed25519_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
15    unsigned char ed25519_skpk[crypto_sign_ed25519_SECRETKEYBYTES];
16    unsigned char curve25519_pk[crypto_scalarmult_curve25519_BYTES];
17    unsigned char curve25519_pk2[crypto_scalarmult_curve25519_BYTES];
18    unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES];
19    char          curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
20    char          curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
21    unsigned char hseed[crypto_hash_sha512_BYTES];
22    unsigned int  i;
23
24    assert(crypto_sign_ed25519_SEEDBYTES <= crypto_hash_sha512_BYTES);
25#ifdef ED25519_NONDETERMINISTIC
26    crypto_hash_sha512(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
27#else
28    memcpy(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
29#endif
30    crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, hseed);
31
32    if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) != 0) {
33        printf("conversion failed\n");
34    }
35    crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
36    sodium_bin2hex(curve25519_pk_hex, sizeof curve25519_pk_hex, curve25519_pk,
37                   sizeof curve25519_pk);
38    sodium_bin2hex(curve25519_sk_hex, sizeof curve25519_sk_hex, curve25519_sk,
39                   sizeof curve25519_sk);
40
41    printf("curve25519 pk: [%s]\n", curve25519_pk_hex);
42    printf("curve25519 sk: [%s]\n", curve25519_sk_hex);
43
44    for (i = 0U; i < 500U; i++) {
45        crypto_sign_ed25519_keypair(ed25519_pk, ed25519_skpk);
46        if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) !=
47            0) {
48            printf("conversion failed\n");
49        }
50        crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
51        crypto_scalarmult_curve25519_base(curve25519_pk2, curve25519_sk);
52        if (memcmp(curve25519_pk, curve25519_pk2, sizeof curve25519_pk) != 0) {
53            printf("conversion failed\n");
54        }
55    }
56
57    sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
58                   "0000000000000000000000000000000000000000000000000000000000000000"
59                   "0000000000000000000000000000000000000000000000000000000000000000",
60                   64, NULL, NULL, NULL);
61    assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
62    sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
63                   "0200000000000000000000000000000000000000000000000000000000000000"
64                   "0000000000000000000000000000000000000000000000000000000000000000",
65                   64, NULL, NULL, NULL);
66    assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
67    sodium_hex2bin(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES,
68                   "0500000000000000000000000000000000000000000000000000000000000000"
69                   "0000000000000000000000000000000000000000000000000000000000000000",
70                   64, NULL, NULL, NULL);
71    assert(crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) == -1);
72
73    printf("ok\n");
74
75    return 0;
76}
77