|
| 1 | +//go:build linux && !android |
| 2 | +// +build linux,!android |
| 3 | + |
| 4 | +package openssl_test |
| 5 | + |
| 6 | +import ( |
| 7 | + "crypto" |
| 8 | + "crypto/ecdsa" |
| 9 | + "crypto/elliptic" |
| 10 | + "testing" |
| 11 | + |
| 12 | + "github.com/golang-fips/openssl-fips/openssl" |
| 13 | + "github.com/golang-fips/openssl-fips/openssl/bbig" |
| 14 | +) |
| 15 | + |
| 16 | +func testAllCurves(t *testing.T, f func(*testing.T, elliptic.Curve)) { |
| 17 | + tests := []struct { |
| 18 | + name string |
| 19 | + curve elliptic.Curve |
| 20 | + }{ |
| 21 | + {"P256", elliptic.P256()}, |
| 22 | + {"P384", elliptic.P384()}, |
| 23 | + {"P521", elliptic.P521()}, |
| 24 | + } |
| 25 | + for _, test := range tests { |
| 26 | + curve := test.curve |
| 27 | + t.Run(test.name, func(t *testing.T) { |
| 28 | + t.Parallel() |
| 29 | + f(t, curve) |
| 30 | + }) |
| 31 | + } |
| 32 | +} |
| 33 | + |
| 34 | +func TestECDSAKeyGeneration(t *testing.T) { |
| 35 | + testAllCurves(t, testECDSAKeyGeneration) |
| 36 | +} |
| 37 | + |
| 38 | +func testECDSAKeyGeneration(t *testing.T, c elliptic.Curve) { |
| 39 | + priv, err := generateKeyForCurve(c) |
| 40 | + if err != nil { |
| 41 | + t.Fatal(err) |
| 42 | + } |
| 43 | + if !c.IsOnCurve(priv.PublicKey.X, priv.PublicKey.Y) { |
| 44 | + t.Errorf("public key invalid: %s", err) |
| 45 | + } |
| 46 | +} |
| 47 | + |
| 48 | +func TestECDSASignAndVerify(t *testing.T) { |
| 49 | + testAllCurves(t, testECDSASignAndVerify) |
| 50 | +} |
| 51 | + |
| 52 | +func testECDSASignAndVerify(t *testing.T, c elliptic.Curve) { |
| 53 | + key, err := generateKeyForCurve(c) |
| 54 | + if err != nil { |
| 55 | + t.Fatal(err) |
| 56 | + } |
| 57 | + msg := []byte("hi!") |
| 58 | + hashed := openssl.SHA256(msg) |
| 59 | + |
| 60 | + priv, err := openssl.NewPrivateKeyECDSA(key.Params().Name, bbig.Enc(key.X), bbig.Enc(key.Y), bbig.Enc(key.D)) |
| 61 | + if err != nil { |
| 62 | + t.Fatal(err) |
| 63 | + } |
| 64 | + pub, err := openssl.NewPublicKeyECDSA(key.Params().Name, bbig.Enc(key.X), bbig.Enc(key.Y)) |
| 65 | + if err != nil { |
| 66 | + t.Fatal(err) |
| 67 | + } |
| 68 | + signed, err := openssl.SignMarshalECDSA(priv, hashed[:]) |
| 69 | + if err != nil { |
| 70 | + t.Fatal(err) |
| 71 | + } |
| 72 | + if !openssl.VerifyECDSA(pub, hashed[:], signed) { |
| 73 | + t.Errorf("Verify failed") |
| 74 | + } |
| 75 | + signed[0] ^= 0xff |
| 76 | + if openssl.VerifyECDSA(pub, hashed[:], signed) { |
| 77 | + t.Errorf("Verify succeeded despite intentionally invalid hash!") |
| 78 | + } |
| 79 | + r, s, err := openssl.HashSignECDSA(priv, msg, crypto.SHA256) |
| 80 | + if err != nil { |
| 81 | + t.Fatal(err) |
| 82 | + } |
| 83 | + if !openssl.HashVerifyECDSA(pub, msg, r, s, crypto.SHA256) { |
| 84 | + t.Errorf("Verify failed") |
| 85 | + } |
| 86 | + rb := r.Bytes() |
| 87 | + rb[0] ^= 0xff |
| 88 | + r.SetBytes(rb) |
| 89 | + if openssl.HashVerifyECDSA(pub, msg, r, s, crypto.SHA256) { |
| 90 | + t.Errorf("Verify succeeded on modified signature!") |
| 91 | + } |
| 92 | +} |
| 93 | + |
| 94 | +func generateKeyForCurve(c elliptic.Curve) (*ecdsa.PrivateKey, error) { |
| 95 | + x, y, d, err := openssl.GenerateKeyECDSA(c.Params().Name) |
| 96 | + if err != nil { |
| 97 | + return nil, err |
| 98 | + } |
| 99 | + return &ecdsa.PrivateKey{PublicKey: ecdsa.PublicKey{Curve: c, X: bbig.Dec(x), Y: bbig.Dec(y)}, D: bbig.Dec(d)}, nil |
| 100 | +} |
0 commit comments