Skip to main content

commonware_cryptography/ed25519/
scheme.rs

1use crate::{
2    ed25519::core::{self as ed_core, VerificationKey},
3    BatchVerifier, Secret,
4};
5#[cfg(not(feature = "std"))]
6use alloc::borrow::{Cow, ToOwned};
7use bytes::{Buf, BufMut};
8use commonware_codec::{Error as CodecError, FixedArray, FixedSize, Read, ReadExt, Write};
9use commonware_formatting::Hex;
10use commonware_math::algebra::Random;
11use commonware_parallel::Strategy;
12use commonware_utils::{union_unique, Array, Span};
13use core::{
14    fmt::{Debug, Display},
15    hash::Hash,
16    ops::Deref,
17};
18use rand_core::CryptoRng;
19#[cfg(feature = "std")]
20use std::borrow::{Cow, ToOwned};
21use zeroize::Zeroizing;
22
23const CURVE_NAME: &str = "ed25519";
24const PRIVATE_KEY_LENGTH: usize = 32;
25const PUBLIC_KEY_LENGTH: usize = 32;
26const SIGNATURE_LENGTH: usize = 64;
27
28/// Ed25519 Private Key.
29#[derive(Clone, Debug)]
30pub struct PrivateKey {
31    key: Secret<ed_core::SigningKey>,
32}
33
34impl crate::PrivateKey for PrivateKey {}
35
36impl crate::Signer for PrivateKey {
37    type Signature = Signature;
38    type PublicKey = PublicKey;
39
40    fn sign(&self, namespace: &[u8], msg: &[u8]) -> Self::Signature {
41        self.sign_inner(Some(namespace), msg)
42    }
43
44    fn public_key(&self) -> Self::PublicKey {
45        self.key.expose(|key| Self::PublicKey {
46            key: key.verification_key().to_owned(),
47        })
48    }
49}
50
51impl PrivateKey {
52    #[inline(always)]
53    fn sign_inner(&self, namespace: Option<&[u8]>, msg: &[u8]) -> Signature {
54        let payload = namespace
55            .map(|namespace| Cow::Owned(union_unique(namespace, msg)))
56            .unwrap_or_else(|| Cow::Borrowed(msg));
57        self.key.expose(|key| Signature::from(key.sign(&payload)))
58    }
59}
60
61impl Random for PrivateKey {
62    fn random(rng: impl CryptoRng) -> Self {
63        let key = ed_core::SigningKey::new(rng);
64        Self {
65            key: Secret::new(key),
66        }
67    }
68}
69
70impl Write for PrivateKey {
71    fn write(&self, buf: &mut impl BufMut) {
72        self.key.expose(|key| key.as_bytes().write(buf));
73    }
74}
75
76impl Read for PrivateKey {
77    type Cfg = ();
78
79    fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
80        let raw = Zeroizing::new(<[u8; Self::SIZE]>::read(buf)?);
81        let key = ed_core::SigningKey::from(*raw);
82        Ok(Self {
83            key: Secret::new(key),
84        })
85    }
86}
87
88impl FixedSize for PrivateKey {
89    const SIZE: usize = PRIVATE_KEY_LENGTH;
90}
91
92impl From<ed_core::SigningKey> for PrivateKey {
93    fn from(key: ed_core::SigningKey) -> Self {
94        Self {
95            key: Secret::new(key),
96        }
97    }
98}
99
100impl Display for PrivateKey {
101    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
102        write!(f, "{:?}", self)
103    }
104}
105
106#[cfg(feature = "arbitrary")]
107impl arbitrary::Arbitrary<'_> for PrivateKey {
108    fn arbitrary(u: &mut arbitrary::Unstructured<'_>) -> arbitrary::Result<Self> {
109        use rand::{rngs::StdRng, SeedableRng};
110
111        let mut rand = StdRng::from_seed(u.arbitrary::<[u8; 32]>()?);
112        Ok(Self::random(&mut rand))
113    }
114}
115
116#[cfg(test)]
117impl PartialEq for PrivateKey {
118    fn eq(&self, other: &Self) -> bool {
119        self.key
120            .expose(|key1| other.key.expose(|key2| key1.as_bytes() == key2.as_bytes()))
121    }
122}
123
124/// Ed25519 Public Key.
125#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, Hash, FixedArray)]
126pub struct PublicKey {
127    key: ed_core::VerificationKey,
128}
129
130impl From<PrivateKey> for PublicKey {
131    fn from(value: PrivateKey) -> Self {
132        value.key.expose(|key| Self {
133            key: key.verification_key(),
134        })
135    }
136}
137
138impl crate::PublicKey for PublicKey {}
139
140impl crate::Verifier for PublicKey {
141    type Signature = Signature;
142
143    fn verify(&self, namespace: &[u8], msg: &[u8], sig: &Self::Signature) -> bool {
144        self.verify_inner(Some(namespace), msg, sig)
145    }
146}
147
148impl PublicKey {
149    #[inline(always)]
150    fn verify_inner(&self, namespace: Option<&[u8]>, msg: &[u8], sig: &Signature) -> bool {
151        let payload = namespace
152            .map(|namespace| Cow::Owned(union_unique(namespace, msg)))
153            .unwrap_or_else(|| Cow::Borrowed(msg));
154        self.key
155            .verify(&ed_core::Signature::from(sig.raw), &payload)
156            .is_ok()
157    }
158}
159
160impl Write for PublicKey {
161    fn write(&self, buf: &mut impl BufMut) {
162        self.key.as_bytes().write(buf);
163    }
164}
165
166impl Read for PublicKey {
167    type Cfg = ();
168
169    fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
170        let raw = <[u8; Self::SIZE]>::read(buf)?;
171        let result = VerificationKey::try_from(raw);
172        #[cfg(feature = "std")]
173        let key = result.map_err(|e| CodecError::Wrapped(CURVE_NAME, e.into()))?;
174        #[cfg(not(feature = "std"))]
175        let key = result
176            .map_err(|e| CodecError::Wrapped(CURVE_NAME, alloc::format!("{:?}", e).into()))?;
177
178        Ok(Self { key })
179    }
180}
181
182impl FixedSize for PublicKey {
183    const SIZE: usize = PUBLIC_KEY_LENGTH;
184}
185
186impl Span for PublicKey {}
187
188impl Array for PublicKey {}
189
190impl AsRef<[u8]> for PublicKey {
191    fn as_ref(&self) -> &[u8] {
192        self.key.as_ref()
193    }
194}
195
196impl Deref for PublicKey {
197    type Target = [u8];
198    fn deref(&self) -> &[u8] {
199        self.key.as_ref()
200    }
201}
202
203impl Debug for PublicKey {
204    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
205        write!(f, "{}", Hex(self))
206    }
207}
208
209impl Display for PublicKey {
210    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
211        write!(f, "{}", Hex(self))
212    }
213}
214
215#[cfg(feature = "arbitrary")]
216impl arbitrary::Arbitrary<'_> for PublicKey {
217    fn arbitrary(u: &mut arbitrary::Unstructured<'_>) -> arbitrary::Result<Self> {
218        use crate::Signer;
219        use commonware_math::algebra::Random;
220        use rand::{rngs::StdRng, SeedableRng};
221
222        let mut rand = StdRng::from_seed(u.arbitrary::<[u8; 32]>()?);
223        let private_key = PrivateKey::random(&mut rand);
224        Ok(private_key.public_key())
225    }
226}
227
228/// Ed25519 Signature.
229///
230/// Signatures from honestly generated keys are *non-malleable*: an adversary
231/// with access to many messages and signatures, verifying against an honestly
232/// generated public key, cannot find a new signature which will verify, even by
233/// tampering or modifying the signatures that it has seen previously.
234///
235/// Like any signature, it's also not possible to have a signature that verifies against
236/// one message also verify against another. This property does not hold for maliciously
237/// generated public keys. In particular, it's possible to craft public keys (which would
238/// otherwise not be honestly generatable) for which a signature will verify against any message.
239#[derive(Clone, Eq, Hash, Ord, PartialEq, PartialOrd, FixedArray)]
240pub struct Signature {
241    raw: [u8; SIGNATURE_LENGTH],
242}
243
244impl crate::Signature for Signature {}
245
246impl Write for Signature {
247    fn write(&self, buf: &mut impl BufMut) {
248        self.raw.write(buf);
249    }
250}
251
252impl Read for Signature {
253    type Cfg = ();
254
255    fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
256        let raw = <[u8; Self::SIZE]>::read(buf)?;
257        Ok(Self { raw })
258    }
259}
260
261impl FixedSize for Signature {
262    const SIZE: usize = SIGNATURE_LENGTH;
263}
264
265impl Span for Signature {}
266
267impl Array for Signature {}
268
269impl AsRef<[u8]> for Signature {
270    fn as_ref(&self) -> &[u8] {
271        &self.raw
272    }
273}
274
275impl Deref for Signature {
276    type Target = [u8];
277    fn deref(&self) -> &[u8] {
278        &self.raw
279    }
280}
281
282impl From<ed_core::Signature> for Signature {
283    fn from(value: ed_core::Signature) -> Self {
284        let raw = value.to_bytes();
285        Self { raw }
286    }
287}
288
289impl Debug for Signature {
290    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
291        write!(f, "{}", Hex(&self.raw))
292    }
293}
294
295impl Display for Signature {
296    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
297        write!(f, "{}", Hex(&self.raw))
298    }
299}
300
301#[cfg(feature = "arbitrary")]
302impl arbitrary::Arbitrary<'_> for Signature {
303    fn arbitrary(u: &mut arbitrary::Unstructured<'_>) -> arbitrary::Result<Self> {
304        use crate::Signer;
305        use commonware_math::algebra::Random;
306        use rand::{rngs::StdRng, SeedableRng};
307
308        let mut rand = StdRng::from_seed(u.arbitrary::<[u8; 32]>()?);
309        let private_key = PrivateKey::random(&mut rand);
310        let len = u.arbitrary::<usize>()? % 256;
311        let message = u
312            .arbitrary_iter()?
313            .take(len)
314            .collect::<Result<Vec<_>, _>>()?;
315
316        Ok(private_key.sign(&[], &message))
317    }
318}
319
320/// Ed25519 Batch Verifier.
321pub struct Batch {
322    verifier: ed_core::batch::Verifier,
323}
324
325impl BatchVerifier for Batch {
326    type PublicKey = PublicKey;
327
328    fn new(capacity: usize) -> Self {
329        Self {
330            verifier: ed_core::batch::Verifier::new(capacity),
331        }
332    }
333
334    fn add(
335        &mut self,
336        namespace: &[u8],
337        message: &[u8],
338        public_key: &PublicKey,
339        signature: &Signature,
340    ) -> bool {
341        self.add_inner(Some(namespace), message, public_key, signature)
342    }
343
344    fn verify<R: CryptoRng>(self, rng: &mut R, strategy: &impl Strategy) -> bool {
345        self.verifier.verify(rng, strategy).is_ok()
346    }
347}
348
349impl Batch {
350    #[inline(always)]
351    fn add_inner(
352        &mut self,
353        namespace: Option<&[u8]>,
354        message: &[u8],
355        public_key: &PublicKey,
356        signature: &Signature,
357    ) -> bool {
358        self.verifier.queue(
359            public_key.key,
360            ed_core::Signature::from(signature.raw),
361            namespace,
362            message,
363        );
364        true
365    }
366}
367
368/// Test vectors sourced from https://datatracker.ietf.org/doc/html/rfc8032#section-7.1.
369#[cfg(test)]
370mod tests {
371    use super::*;
372    use crate::{ed25519, Signer as _};
373    use commonware_codec::{DecodeExt, Encode};
374    use commonware_math::algebra::Random;
375    use commonware_parallel::Sequential;
376    use commonware_utils::test_rng;
377
378    fn test_sign_and_verify(
379        private_key: PrivateKey,
380        public_key: PublicKey,
381        message: &[u8],
382        signature: Signature,
383    ) {
384        let computed_signature = private_key.sign_inner(None, message);
385        assert_eq!(computed_signature, signature);
386        assert!(public_key.verify_inner(None, message, &computed_signature));
387    }
388
389    fn parse_private_key(private_key: &str) -> PrivateKey {
390        PrivateKey::decode(
391            commonware_formatting::from_hex(private_key)
392                .unwrap()
393                .as_ref(),
394        )
395        .unwrap()
396    }
397
398    fn parse_public_key(public_key: &str) -> PublicKey {
399        PublicKey::decode(
400            commonware_formatting::from_hex(public_key)
401                .unwrap()
402                .as_ref(),
403        )
404        .unwrap()
405    }
406
407    fn parse_signature(signature: &str) -> Signature {
408        Signature::decode(commonware_formatting::from_hex(signature).unwrap().as_ref()).unwrap()
409    }
410
411    fn vector_1() -> (PrivateKey, PublicKey, Vec<u8>, Signature) {
412        (
413            // secret key
414            parse_private_key(
415                "
416                9d61b19deffd5a60ba844af492ec2cc4
417                4449c5697b326919703bac031cae7f60
418                ",
419            ),
420            // public key
421            parse_public_key(
422                "
423                d75a980182b10ab7d54bfed3c964073a
424                0ee172f3daa62325af021a68f707511a
425                ",
426            ),
427            // message
428            b"".to_vec(),
429            // signature
430            parse_signature(
431                "
432                e5564300c360ac729086e2cc806e828a
433                84877f1eb8e5d974d873e06522490155
434                5fb8821590a33bacc61e39701cf9b46b
435                d25bf5f0595bbe24655141438e7a100b
436                ",
437            ),
438        )
439    }
440
441    fn vector_2() -> (PrivateKey, PublicKey, Vec<u8>, Signature) {
442        (
443            // secret key
444            parse_private_key(
445                "
446                4ccd089b28ff96da9db6c346ec114e0f
447                5b8a319f35aba624da8cf6ed4fb8a6fb
448                ",
449            ),
450            // public key
451            parse_public_key(
452                "
453                3d4017c3e843895a92b70aa74d1b7ebc
454                9c982ccf2ec4968cc0cd55f12af4660c
455                ",
456            ),
457            // message
458            [0x72].to_vec(),
459            // signature
460            parse_signature(
461                "
462                92a009a9f0d4cab8720e820b5f642540
463                a2b27b5416503f8fb3762223ebdb69da
464                085ac1e43e15996e458f3613d0f11d8c
465                387b2eaeb4302aeeb00d291612bb0c00
466                ",
467            ),
468        )
469    }
470
471    #[test]
472    fn test_codec_private_key() {
473        let private_key = parse_private_key(
474            "
475            9d61b19deffd5a60ba844af492ec2cc4
476            4449c5697b326919703bac031cae7f60
477            ",
478        );
479        let encoded = private_key.encode();
480        assert_eq!(encoded.len(), PRIVATE_KEY_LENGTH);
481        let decoded = PrivateKey::decode(encoded).unwrap();
482        assert_eq!(private_key, decoded);
483    }
484
485    #[test]
486    fn test_codec_public_key() {
487        let public_key = parse_public_key(
488            "
489            d75a980182b10ab7d54bfed3c964073a
490            0ee172f3daa62325af021a68f707511a
491            ",
492        );
493        let encoded = public_key.encode();
494        assert_eq!(encoded.len(), PUBLIC_KEY_LENGTH);
495        let decoded = PublicKey::decode(encoded).unwrap();
496        assert_eq!(public_key, decoded);
497    }
498
499    #[test]
500    fn test_codec_signature() {
501        let signature = parse_signature(
502            "
503            e5564300c360ac729086e2cc806e828a
504            84877f1eb8e5d974d873e06522490155
505            5fb8821590a33bacc61e39701cf9b46b
506            d25bf5f0595bbe24655141438e7a100b
507            ",
508        );
509        let encoded = signature.encode();
510        assert_eq!(encoded.len(), SIGNATURE_LENGTH);
511        let decoded = Signature::decode(encoded).unwrap();
512        assert_eq!(signature, decoded);
513    }
514
515    #[test]
516    fn rfc8032_test_vector_1() {
517        let (private_key, public_key, message, signature) = vector_1();
518        test_sign_and_verify(private_key, public_key, &message, signature)
519    }
520
521    // sanity check the test infra rejects bad signatures
522    #[test]
523    #[should_panic]
524    fn bad_signature() {
525        let (private_key, public_key, message, _) = vector_1();
526        let private_key_2 = PrivateKey::random(test_rng());
527        let bad_signature = private_key_2.sign_inner(None, &message);
528        test_sign_and_verify(private_key, public_key, &message, bad_signature);
529    }
530
531    // sanity check the test infra rejects non-matching messages
532    #[test]
533    #[should_panic]
534    fn different_message() {
535        let (private_key, public_key, _, signature) = vector_1();
536        let different_message = b"this is a different message".to_vec();
537        test_sign_and_verify(private_key, public_key, &different_message, signature);
538    }
539
540    #[test]
541    fn rfc8032_test_vector_2() {
542        let (private_key, public_key, message, signature) = vector_2();
543        test_sign_and_verify(private_key, public_key, &message, signature)
544    }
545
546    #[test]
547    fn rfc8032_test_vector_3() {
548        let private_key = parse_private_key(
549            "
550            c5aa8df43f9f837bedb7442f31dcb7b1
551            66d38535076f094b85ce3a2e0b4458f7
552            ",
553        );
554        let public_key = parse_public_key(
555            "
556            fc51cd8e6218a1a38da47ed00230f058
557            0816ed13ba3303ac5deb911548908025
558            ",
559        );
560        let message = commonware_formatting::hex!("0xaf82");
561        let signature = parse_signature(
562            "
563            6291d657deec24024827e69c3abe01a3
564            0ce548a284743a445e3680d7db5ac3ac
565            18ff9b538d16f290ae67f760984dc659
566            4a7c15e9716ed28dc027beceea1ec40a
567            ",
568        );
569        test_sign_and_verify(private_key, public_key, &message, signature)
570    }
571
572    #[test]
573    fn rfc8032_test_vector_1024() {
574        let private_key = parse_private_key(
575            "
576            f5e5767cf153319517630f226876b86c
577            8160cc583bc013744c6bf255f5cc0ee5
578            ",
579        );
580        let public_key = parse_public_key(
581            "
582            278117fc144c72340f67d0f2316e8386
583            ceffbf2b2428c9c51fef7c597f1d426e
584            ",
585        );
586        let message = commonware_formatting::from_hex(
587            "
588            08b8b2b733424243760fe426a4b54908
589            632110a66c2f6591eabd3345e3e4eb98
590            fa6e264bf09efe12ee50f8f54e9f77b1
591            e355f6c50544e23fb1433ddf73be84d8
592            79de7c0046dc4996d9e773f4bc9efe57
593            38829adb26c81b37c93a1b270b20329d
594            658675fc6ea534e0810a4432826bf58c
595            941efb65d57a338bbd2e26640f89ffbc
596            1a858efcb8550ee3a5e1998bd177e93a
597            7363c344fe6b199ee5d02e82d522c4fe
598            ba15452f80288a821a579116ec6dad2b
599            3b310da903401aa62100ab5d1a36553e
600            06203b33890cc9b832f79ef80560ccb9
601            a39ce767967ed628c6ad573cb116dbef
602            efd75499da96bd68a8a97b928a8bbc10
603            3b6621fcde2beca1231d206be6cd9ec7
604            aff6f6c94fcd7204ed3455c68c83f4a4
605            1da4af2b74ef5c53f1d8ac70bdcb7ed1
606            85ce81bd84359d44254d95629e9855a9
607            4a7c1958d1f8ada5d0532ed8a5aa3fb2
608            d17ba70eb6248e594e1a2297acbbb39d
609            502f1a8c6eb6f1ce22b3de1a1f40cc24
610            554119a831a9aad6079cad88425de6bd
611            e1a9187ebb6092cf67bf2b13fd65f270
612            88d78b7e883c8759d2c4f5c65adb7553
613            878ad575f9fad878e80a0c9ba63bcbcc
614            2732e69485bbc9c90bfbd62481d9089b
615            eccf80cfe2df16a2cf65bd92dd597b07
616            07e0917af48bbb75fed413d238f5555a
617            7a569d80c3414a8d0859dc65a46128ba
618            b27af87a71314f318c782b23ebfe808b
619            82b0ce26401d2e22f04d83d1255dc51a
620            ddd3b75a2b1ae0784504df543af8969b
621            e3ea7082ff7fc9888c144da2af58429e
622            c96031dbcad3dad9af0dcbaaaf268cb8
623            fcffead94f3c7ca495e056a9b47acdb7
624            51fb73e666c6c655ade8297297d07ad1
625            ba5e43f1bca32301651339e22904cc8c
626            42f58c30c04aafdb038dda0847dd988d
627            cda6f3bfd15c4b4c4525004aa06eeff8
628            ca61783aacec57fb3d1f92b0fe2fd1a8
629            5f6724517b65e614ad6808d6f6ee34df
630            f7310fdc82aebfd904b01e1dc54b2927
631            094b2db68d6f903b68401adebf5a7e08
632            d78ff4ef5d63653a65040cf9bfd4aca7
633            984a74d37145986780fc0b16ac451649
634            de6188a7dbdf191f64b5fc5e2ab47b57
635            f7f7276cd419c17a3ca8e1b939ae49e4
636            88acba6b965610b5480109c8b17b80e1
637            b7b750dfc7598d5d5011fd2dcc5600a3
638            2ef5b52a1ecc820e308aa342721aac09
639            43bf6686b64b2579376504ccc493d97e
640            6aed3fb0f9cd71a43dd497f01f17c0e2
641            cb3797aa2a2f256656168e6c496afc5f
642            b93246f6b1116398a346f1a641f3b041
643            e989f7914f90cc2c7fff357876e506b5
644            0d334ba77c225bc307ba537152f3f161
645            0e4eafe595f6d9d90d11faa933a15ef1
646            369546868a7f3a45a96768d40fd9d034
647            12c091c6315cf4fde7cb68606937380d
648            b2eaaa707b4c4185c32eddcdd306705e
649            4dc1ffc872eeee475a64dfac86aba41c
650            0618983f8741c5ef68d3a101e8a3b8ca
651            c60c905c15fc910840b94c00a0b9d0
652            ",
653        )
654        .unwrap();
655        let signature = parse_signature(
656            "
657            0aab4c900501b3e24d7cdf4663326a3a
658            87df5e4843b2cbdb67cbf6e460fec350
659            aa5371b1508f9f4528ecea23c436d94b
660            5e8fcd4f681e30a6ac00a9704a188a03
661            ",
662        );
663        test_sign_and_verify(private_key, public_key, &message, signature)
664    }
665
666    #[test]
667    fn rfc8032_test_vector_sha() {
668        let private_key = commonware_formatting::from_hex(
669            "
670            833fe62409237b9d62ec77587520911e
671            9a759cec1d19755b7da901b96dca3d42
672            ",
673        )
674        .unwrap();
675        let public_key = commonware_formatting::from_hex(
676            "
677            ec172b93ad5e563bf4932c70e1245034
678            c35467ef2efd4d64ebf819683467e2bf
679            ",
680        )
681        .unwrap();
682        let message = commonware_formatting::from_hex(
683            "
684            ddaf35a193617abacc417349ae204131
685            12e6fa4e89a97ea20a9eeee64b55d39a
686            2192992a274fc1a836ba3c23a3feebbd
687            454d4423643ce80e2a9ac94fa54ca49f
688            ",
689        )
690        .unwrap();
691        let signature = commonware_formatting::from_hex(
692            "
693            dc2a4459e7369633a52b1bf277839a00
694            201009a3efbf3ecb69bea2186c26b589
695            09351fc9ac90b3ecfdfbc7c66431e030
696            3dca179c138ac17ad9bef1177331a704
697            ",
698        )
699        .unwrap();
700        test_sign_and_verify(
701            PrivateKey::decode(private_key.as_ref()).unwrap(),
702            PublicKey::decode(public_key.as_ref()).unwrap(),
703            &message,
704            Signature::decode(signature.as_ref()).unwrap(),
705        )
706    }
707
708    #[test]
709    fn batch_verify_valid() {
710        let v1 = vector_1();
711        let v2 = vector_2();
712        let mut batch = ed25519::Batch::new(2);
713        assert!(batch.add_inner(None, &v1.2, &v1.1, &v1.3));
714        assert!(batch.add_inner(None, &v2.2, &v2.1, &v2.3));
715        assert!(batch.verify(&mut test_rng(), &Sequential));
716    }
717
718    #[test]
719    fn batch_verify_invalid() {
720        let v1 = vector_1();
721        let v2 = vector_2();
722        let mut bad_signature = v2.3.to_vec();
723        bad_signature[3] = 0xff;
724
725        let mut batch = Batch::new(2);
726        assert!(batch.add_inner(None, &v1.2, &v1.1, &v1.3));
727        assert!(batch.add_inner(
728            None,
729            &v2.2,
730            &v2.1,
731            &Signature::decode(bad_signature.as_ref()).unwrap()
732        ));
733        assert!(!batch.verify(&mut test_rng(), &Sequential));
734    }
735
736    #[test]
737    fn batch_verify_empty() {
738        let batch = Batch::new(0);
739        assert!(batch.verify(&mut test_rng(), &Sequential));
740    }
741
742    #[test]
743    fn batch_verify_capacity_hint() {
744        let v1 = vector_1();
745        let v2 = vector_2();
746        // The capacity is a hint: adding more items must still verify.
747        let mut batch = Batch::new(1);
748        assert!(batch.add_inner(None, &v1.2, &v1.1, &v1.3));
749        assert!(batch.add_inner(None, &v2.2, &v2.1, &v2.3));
750        assert!(batch.verify(&mut test_rng(), &Sequential));
751    }
752
753    #[test]
754    fn test_zero_signature_fails() {
755        let (_, public_key, message, _) = vector_1();
756        let zero_sig = Signature::decode(vec![0u8; Signature::SIZE].as_ref()).unwrap();
757        assert!(!public_key.verify_inner(None, &message, &zero_sig));
758    }
759
760    #[test]
761    fn test_high_s_fails() {
762        let (_, public_key, message, signature) = vector_1();
763        let mut bad_signature = signature.to_vec();
764        bad_signature[63] |= 0x80; // make S non-canonical
765        let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
766        assert!(!public_key.verify_inner(None, &message, &bad_signature));
767    }
768
769    #[test]
770    fn test_invalid_r_fails() {
771        let (_, public_key, message, signature) = vector_1();
772        let mut bad_signature = signature.to_vec();
773        for b in bad_signature.iter_mut().take(32) {
774            *b = 0xff; // invalid R component
775        }
776        let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
777        assert!(!public_key.verify_inner(None, &message, &bad_signature));
778    }
779
780    #[test]
781    fn test_from_signing_key() {
782        let signing_key = ed_core::SigningKey::new(test_rng());
783        let expected_public = signing_key.verification_key();
784        let private_key = PrivateKey::from(signing_key);
785        assert_eq!(private_key.public_key().key, expected_public);
786    }
787
788    #[test]
789    fn test_private_key_redacted() {
790        let private_key = PrivateKey::random(test_rng());
791        let debug = format!("{:?}", private_key);
792        let display = format!("{}", private_key);
793        assert!(debug.contains("REDACTED"));
794        assert!(display.contains("REDACTED"));
795    }
796
797    #[test]
798    fn test_from_private_key_to_public_key() {
799        let private_key = PrivateKey::random(test_rng());
800        assert_eq!(private_key.public_key(), PublicKey::from(private_key));
801    }
802
803    #[cfg(feature = "arbitrary")]
804    mod conformance {
805        use super::*;
806        use commonware_codec::conformance::CodecConformance;
807
808        commonware_conformance::conformance_tests! {
809            CodecConformance<PrivateKey>,
810            CodecConformance<PublicKey>,
811            CodecConformance<Signature>,
812        }
813    }
814}