Home | History | Annotate | Download | only in ed25519 
      1 // Copyright 2016 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package ed25519
      6 
      7 import (
      8 	"bufio"
      9 	"bytes"
     10 	"compress/gzip"
     11 	"crypto"
     12 	"crypto/rand"
     13 	"encoding/hex"
     14 	"os"
     15 	"strings"
     16 	"testing"
     17 
     18 	"./internal/edwards25519"
     19 )
     20 
     21 type zeroReader struct{}
     22 
     23 func (zeroReader) Read(buf []byte) (int, error) {
     24 	for i := range buf {
     25 		buf[i] = 0
     26 	}
     27 	return len(buf), nil
     28 }
     29 
     30 func TestUnmarshalMarshal(t *testing.T) {
     31 	pub, _, _ := GenerateKey(rand.Reader)
     32 
     33 	var A edwards25519.ExtendedGroupElement
     34 	var pubBytes [32]byte
     35 	copy(pubBytes[:], pub)
     36 	if !A.FromBytes(&pubBytes) {
     37 		t.Fatalf("ExtendedGroupElement.FromBytes failed")
     38 	}
     39 
     40 	var pub2 [32]byte
     41 	A.ToBytes(&pub2)
     42 
     43 	if pubBytes != pub2 {
     44 		t.Errorf("FromBytes(%v)->ToBytes does not round-trip, got %x\n", pubBytes, pub2)
     45 	}
     46 }
     47 
     48 func TestSignVerify(t *testing.T) {
     49 	var zero zeroReader
     50 	public, private, _ := GenerateKey(zero)
     51 
     52 	message := []byte("test message")
     53 	sig := Sign(private, message)
     54 	if !Verify(public, message, sig) {
     55 		t.Errorf("valid signature rejected")
     56 	}
     57 
     58 	wrongMessage := []byte("wrong message")
     59 	if Verify(public, wrongMessage, sig) {
     60 		t.Errorf("signature of different message accepted")
     61 	}
     62 }
     63 
     64 func TestCryptoSigner(t *testing.T) {
     65 	var zero zeroReader
     66 	public, private, _ := GenerateKey(zero)
     67 
     68 	signer := crypto.Signer(private)
     69 
     70 	publicInterface := signer.Public()
     71 	public2, ok := publicInterface.(PublicKey)
     72 	if !ok {
     73 		t.Fatalf("expected PublicKey from Public() but got %T", publicInterface)
     74 	}
     75 
     76 	if !bytes.Equal(public, public2) {
     77 		t.Errorf("public keys do not match: original:%x vs Public():%x", public, public2)
     78 	}
     79 
     80 	message := []byte("message")
     81 	var noHash crypto.Hash
     82 	signature, err := signer.Sign(zero, message, noHash)
     83 	if err != nil {
     84 		t.Fatalf("error from Sign(): %s", err)
     85 	}
     86 
     87 	if !Verify(public, message, signature) {
     88 		t.Errorf("Verify failed on signature from Sign()")
     89 	}
     90 }
     91 
     92 func TestGolden(t *testing.T) {
     93 	// sign.input.gz is a selection of test cases from
     94 	// http://ed25519.cr.yp.to/python/sign.input
     95 	testDataZ, err := os.Open("testdata/sign.input.gz")
     96 	if err != nil {
     97 		t.Fatal(err)
     98 	}
     99 	defer testDataZ.Close()
    100 	testData, err := gzip.NewReader(testDataZ)
    101 	if err != nil {
    102 		t.Fatal(err)
    103 	}
    104 	defer testData.Close()
    105 
    106 	scanner := bufio.NewScanner(testData)
    107 	lineNo := 0
    108 
    109 	for scanner.Scan() {
    110 		lineNo++
    111 
    112 		line := scanner.Text()
    113 		parts := strings.Split(line, ":")
    114 		if len(parts) != 5 {
    115 			t.Fatalf("bad number of parts on line %d", lineNo)
    116 		}
    117 
    118 		privBytes, _ := hex.DecodeString(parts[0])
    119 		pubKey, _ := hex.DecodeString(parts[1])
    120 		msg, _ := hex.DecodeString(parts[2])
    121 		sig, _ := hex.DecodeString(parts[3])
    122 		// The signatures in the test vectors also include the message
    123 		// at the end, but we just want R and S.
    124 		sig = sig[:SignatureSize]
    125 
    126 		if l := len(pubKey); l != PublicKeySize {
    127 			t.Fatalf("bad public key length on line %d: got %d bytes", lineNo, l)
    128 		}
    129 
    130 		var priv [PrivateKeySize]byte
    131 		copy(priv[:], privBytes)
    132 		copy(priv[32:], pubKey)
    133 
    134 		sig2 := Sign(priv[:], msg)
    135 		if !bytes.Equal(sig, sig2[:]) {
    136 			t.Errorf("different signature result on line %d: %x vs %x", lineNo, sig, sig2)
    137 		}
    138 
    139 		if !Verify(pubKey, msg, sig2) {
    140 			t.Errorf("signature failed to verify on line %d", lineNo)
    141 		}
    142 	}
    143 
    144 	if err := scanner.Err(); err != nil {
    145 		t.Fatalf("error reading test data: %s", err)
    146 	}
    147 }
    148 
    149 func BenchmarkKeyGeneration(b *testing.B) {
    150 	var zero zeroReader
    151 	for i := 0; i < b.N; i++ {
    152 		if _, _, err := GenerateKey(zero); err != nil {
    153 			b.Fatal(err)
    154 		}
    155 	}
    156 }
    157 
    158 func BenchmarkSigning(b *testing.B) {
    159 	var zero zeroReader
    160 	_, priv, err := GenerateKey(zero)
    161 	if err != nil {
    162 		b.Fatal(err)
    163 	}
    164 	message := []byte("Hello, world!")
    165 	b.ResetTimer()
    166 	for i := 0; i < b.N; i++ {
    167 		Sign(priv, message)
    168 	}
    169 }
    170 
    171 func BenchmarkVerification(b *testing.B) {
    172 	var zero zeroReader
    173 	pub, priv, err := GenerateKey(zero)
    174 	if err != nil {
    175 		b.Fatal(err)
    176 	}
    177 	message := []byte("Hello, world!")
    178 	signature := Sign(priv, message)
    179 	b.ResetTimer()
    180 	for i := 0; i < b.N; i++ {
    181 		Verify(pub, message, signature)
    182 	}
    183 }
    184