search

niv / ed25519.nim

ed25519 key crypto bindings
http://niv.github.io/ed25519.nim/docs/0.1.0/ed25519.html
5 stars 1 forks source link

Weird issue between ed25519 libraries #1

Open jasonrbriggs opened 7 years ago

jasonrbriggs commented 7 years ago

I'm trying to test signing/verifying between this nim library and a javascript implementation (this one: https://tweetnacl.js.org). I'm getting a weird error and hoping you might see if I'm doing something wrong/stupid.

Basically I'm creating a key using ed25519.nim, signing a string, encoding the pub/prv key, decoding them back and then verifying the signature with the result. So far so good:

proc decodeToArray(sig:string): array[64,byte] =
    var arr: array[64, byte]
    var decodedsig = decode(sig)
    var i = 0
    for x in decodedsig:
        arr[i] = ord(x)
        i += 1
    return arr

proc getKeyPair(pub:string, prv:string): KeyPair =
    var pubarray: array[32, byte]
    var decpub = decode(pub)
    var i = 0
    for x in decpub:
        pubarray[i] = ord(x)
        i += 1
    var prvarray = decodeToArray(prv)
    var kp: KeyPair
    kp = (publicKey:pubarray, privateKey:prvarray)
    return kp

var s: Seed = seed()
var kp:KeyPair = createKeypair(s)
var pub = encode(kp.publicKey, 64)
var prv = encode(kp.privateKey, 64)

var sig = sign("this is a test", kp)

kp = getKeyPair(pub, prv)
echo verify("this is a test", sig, kp.publicKey)

That echoes true as you might expect.

Then using this page https://tweetnacl.js.org/#/sign, I create a random key, sign the same string, then add these to my code:

kp = getKeyPair("D4Zy3skqqvEw3HrPMLULKOhx+BcZi3iINh2tIYlwwyY=", "LRrLW6MJk16RFgeMYW4gQ8LaOw7+4ZE5OCvN/3kvScAPhnLeySqq8TDces8wtQso6HH4FxmLeIg2Ha0hiXDDJg==")
sig = decodeToArray("63gXSF5V9zsCwMiMAR4Unl0GAi2Or1b5ipMjC5fQ6vo9XcU8tboLtRJjJLy8PHUJ+tWnCo625i8JcWGtu8W8BA==")
echo verify("this is a test", sig, kp.publicKey)

true again, as expected.

Finally, try signing with this new key:

sig = sign("this is a test", kp)
echo verify("this is a test", sig, kp.publicKey)

And I get false?? Which doesn't make sense to me. Any clues as to what might be wrong here?

jasonrbriggs commented 7 years ago

Am I missing something obvious here? If I take a ed25519.nim generated random key, plug it into https://tweetnacl.js.org/#/sign, it generates a different signature. And the signature it then generates is not even verifiable on that site. But if I then take the ed25519.nim signature, it does verify.

Something funny about private key generation that I'm missing?

niv commented 7 years ago

Hey,

I honestly haven't done much with this library yet, and such your bug is unfamiliar to me. I'd suggest looking at the embedded upstream project here: https://github.com/orlp/ed25519/ - Maybe there's implementation differences?

avpaderno commented 1 year ago

It would be better to check the library with the test vectors given in the RFC 8032. An implementation is correct when it gives the same output.