diff --git a/ed25519/Cargo.toml b/ed25519/Cargo.toml index 3eaae4193..9d9e02b39 100644 --- a/ed25519/Cargo.toml +++ b/ed25519/Cargo.toml @@ -16,3 +16,4 @@ libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2", features = [ "expose-hacl", ] } libcrux-macros = { version = "=0.0.2-beta.2", path = "../macros" } +wycheproof = "0.6.0" diff --git a/ed25519/tests/ed25519.rs b/ed25519/tests/ed25519.rs new file mode 100644 index 000000000..12143040f --- /dev/null +++ b/ed25519/tests/ed25519.rs @@ -0,0 +1,51 @@ +#[test] +fn run_wycheproof() { + for test_name in wycheproof::eddsa::TestName::all() { + if !matches!(test_name, wycheproof::eddsa::TestName::Ed25519) { + continue; + } + + let test_set = wycheproof::eddsa::TestSet::load(test_name) + .expect("error loading wycheproof test for name {test_name}"); + + println!("Test Set {test_name:?}"); + for (k, test_group) in test_set.test_groups.into_iter().enumerate() { + let pk = &test_group.key.pk; + if pk.len() != 32 { + println!( + "Skipping test group {k}: public key length {} != 32", + pk.len() + ); + for test in test_group.tests.into_iter() { + assert_eq!(test.result, wycheproof::TestResult::Invalid); + } + continue; + } + let pk_buf: [u8; 32] = pk.as_slice().try_into().unwrap(); + + for (i, test) in test_group.tests.into_iter().enumerate() { + let comment = &test.comment; + println!("Test {i}: {comment}"); + + let sig_len = test.sig.len(); + if sig_len != 64 { + println!("Skipping test {i}: signature length {} != 64", sig_len); + assert_eq!(test.result, wycheproof::TestResult::Invalid); + continue; + } + let sig_buf: [u8; 64] = test.sig.as_slice().try_into().unwrap(); + + match test.result { + wycheproof::TestResult::Valid => { + libcrux_ed25519::verify(&test.msg, &pk_buf, &sig_buf).unwrap(); + } + wycheproof::TestResult::Invalid => { + libcrux_ed25519::verify(&test.msg, &pk_buf, &sig_buf) + .expect_err("expected error"); + } + _ => unreachable!(), + } + } + } + } +}