add more test vec

Author: deatil

elliptic/ed521/ed521.go

@@ -10,7 +10,7 @@ import (
 // https://eprint.iacr.org/2013/647
 
 var (
-    // Ed-521 curve oid
+    // Ed521 curve oid
     OIDED521 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44588, 2, 1}
 )
 

elliptic/ed521/params.go

@@ -364,18 +364,6 @@ func UnmarshalPoint(curve elliptic.Curve, data []byte) (*big.Int, *big.Int) {
     return nil, nil
 }
 
-func panicIfNotOnCurve(curve elliptic.Curve, x, y *big.Int) {
-    // (0, 0) is the point at infinity by convention. It's ok to operate on it,
-    // although IsOnCurve is documented to return false for it. See Issue 37294.
-    if x.Sign() == 0 && y.Sign() == 0 {
-        return
-    }
-
-    if !curve.IsOnCurve(x, y) {
-        panic("go-cryptobin/ed521: attempted operation on invalid point")
-    }
-}
-
 func GetPrivateScalar(buffer []byte) []byte {
     a := pruningBuffer(buffer)
     s := Reverse(a)
@@ -405,3 +393,15 @@ func Reverse(b []byte) []byte {
 
     return d
 }
+
+func panicIfNotOnCurve(curve elliptic.Curve, x, y *big.Int) {
+    // (0, 0) is the point at infinity by convention. It's ok to operate on it,
+    // although IsOnCurve is documented to return false for it. See Issue 37294.
+    if x.Sign() == 0 && y.Sign() == 0 {
+        return
+    }
+
+    if !curve.IsOnCurve(x, y) {
+        panic("go-cryptobin/ed521: attempted operation on invalid point")
+    }
+}

pubkey/ed521/ed521.go

@@ -262,7 +262,7 @@ func sign(privateKey *PrivateKey, message []byte, domPre, context string) ([]byt
     byteLen := (params.BitSize + 7) / 8
 
     seed := privateKey.Seed()
-    publicKeyBytes := ed521.MarshalPoint(privateKey.Curve, privateKey.X, privateKey.Y)
+    eA := ed521.MarshalPoint(privateKey.Curve, privateKey.X, privateKey.Y)
 
     h := make([]byte, 132)
     sha3.ShakeSum256(h, seed)
@@ -295,7 +295,7 @@ func sign(privateKey *PrivateKey, message []byte, domPre, context string) ([]byt
     kh.Write([]byte{byte(len(context))})
     kh.Write([]byte(context))
     kh.Write(R)
-    kh.Write(publicKeyBytes)
+    kh.Write(eA)
     kh.Write(PHM)
     hramDigest := make([]byte, 132)
     kh.Read(hramDigest)
@@ -388,14 +388,14 @@ func verify(publicKey *PublicKey, message, sig []byte, domPre, context string) b
     SBytes := ed521.Reverse(sig[byteLen:])
     S := new(big.Int).SetBytes(SBytes)
 
-    publicKeyBytes := ed521.MarshalPoint(publicKey.Curve, publicKey.X, publicKey.Y)
+    eA := ed521.MarshalPoint(publicKey.Curve, publicKey.X, publicKey.Y)
 
     kh := sha3.NewShake256()
     kh.Write([]byte(domPre))
     kh.Write([]byte{byte(len(context))})
     kh.Write([]byte(context))
     kh.Write(R)
-    kh.Write(publicKeyBytes)
+    kh.Write(eA)
     kh.Write(PHM)
     hramDigest := make([]byte, 132)
     kh.Read(hramDigest)