File: ecdsa_test.go

package info (click to toggle)
golang-go.crypto 1%3A0.36.0-1~exp1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 7,352 kB
  • sloc: asm: 27,990; ansic: 258; sh: 25; makefile: 6
file content (105 lines) | stat: -rw-r--r-- 3,013 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package wycheproof

import (
	"crypto/ecdsa"
	"math/big"
	"testing"

	"golang.org/x/crypto/cryptobyte"
	"golang.org/x/crypto/cryptobyte/asn1"
)

func TestECDSA(t *testing.T) {
	type ASNSignatureTestVector struct {
		// A brief description of the test case
		Comment string `json:"comment"`
		// A list of flags
		Flags []string `json:"flags"`
		// The message to sign
		Msg string `json:"msg"`
		// Test result
		Result string `json:"result"`
		// An ASN.1 encoded signature for msg
		Sig string `json:"sig"`
		// Identifier of the test case
		TcID int `json:"tcId"`
	}

	type ECPublicKey struct {
		// The EC group used by this public key
		Curve interface{} `json:"curve"`
	}

	type ECDSATestGroup struct {
		// Unencoded EC public key
		Key *ECPublicKey `json:"key"`
		// DER encoded public key
		KeyDER string `json:"keyDer"`
		// the hash function used for ECDSA
		SHA   string                    `json:"sha"`
		Tests []*ASNSignatureTestVector `json:"tests"`
	}

	type Root struct {
		TestGroups []*ECDSATestGroup `json:"testGroups"`
	}

	flagsShouldPass := map[string]bool{
		// An encoded ASN.1 integer missing a leading zero is invalid, but
		// accepted by some implementations.
		"MissingZero": false,
		// A signature using a weaker hash than the EC params is not a security
		// risk, as long as the hash is secure.
		// https://www.imperialviolet.org/2014/05/25/strengthmatching.html
		"WeakHash": true,
	}

	// supportedCurves is a map of all elliptic curves supported
	// by crypto/elliptic, which can subsequently be parsed and tested.
	supportedCurves := map[string]bool{
		"secp224r1": true,
		"secp256r1": true,
		"secp384r1": true,
		"secp521r1": true,
	}

	var root Root
	readTestVector(t, "ecdsa_test.json", &root)
	for _, tg := range root.TestGroups {
		curve := tg.Key.Curve.(string)
		if !supportedCurves[curve] {
			continue
		}
		pub := decodePublicKey(tg.KeyDER).(*ecdsa.PublicKey)
		h := parseHash(tg.SHA).New()
		for _, sig := range tg.Tests {
			h.Reset()
			h.Write(decodeHex(sig.Msg))
			hashed := h.Sum(nil)
			sigBytes := decodeHex(sig.Sig)
			got := ecdsa.VerifyASN1(pub, hashed, sigBytes)
			if want := shouldPass(sig.Result, sig.Flags, flagsShouldPass); got != want {
				t.Errorf("tcid: %d, type: %s, comment: %q, VerifyASN1 wanted success: %t", sig.TcID, sig.Result, sig.Comment, want)
			}

			var r, s big.Int
			var inner cryptobyte.String
			input := cryptobyte.String(sigBytes)
			if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
				!input.Empty() ||
				!inner.ReadASN1Integer(&r) ||
				!inner.ReadASN1Integer(&s) ||
				!inner.Empty() {
				continue
			}
			got = ecdsa.Verify(pub, hashed, &r, &s)
			if want := shouldPass(sig.Result, sig.Flags, flagsShouldPass); got != want {
				t.Errorf("tcid: %d, type: %s, comment: %q, Verify wanted success: %t", sig.TcID, sig.Result, sig.Comment, want)
			}
		}
	}
}