1// Copyright 2011 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package ecdsa 6 7import ( 8 "bufio" 9 "compress/bzip2" 10 "crypto/elliptic" 11 "crypto/rand" 12 "crypto/sha1" 13 "crypto/sha256" 14 "crypto/sha512" 15 "encoding/hex" 16 "hash" 17 "io" 18 "math/big" 19 "os" 20 "strings" 21 "testing" 22) 23 24func testKeyGeneration(t *testing.T, c elliptic.Curve, tag string) { 25 priv, err := GenerateKey(c, rand.Reader) 26 if err != nil { 27 t.Errorf("%s: error: %s", tag, err) 28 return 29 } 30 if !c.IsOnCurve(priv.PublicKey.X, priv.PublicKey.Y) { 31 t.Errorf("%s: public key invalid: %s", tag, err) 32 } 33} 34 35func TestKeyGeneration(t *testing.T) { 36 testKeyGeneration(t, elliptic.P224(), "p224") 37 if testing.Short() { 38 return 39 } 40 testKeyGeneration(t, elliptic.P256(), "p256") 41 testKeyGeneration(t, elliptic.P384(), "p384") 42 testKeyGeneration(t, elliptic.P521(), "p521") 43} 44 45func testSignAndVerify(t *testing.T, c elliptic.Curve, tag string) { 46 priv, _ := GenerateKey(c, rand.Reader) 47 48 hashed := []byte("testing") 49 r, s, err := Sign(rand.Reader, priv, hashed) 50 if err != nil { 51 t.Errorf("%s: error signing: %s", tag, err) 52 return 53 } 54 55 if !Verify(&priv.PublicKey, hashed, r, s) { 56 t.Errorf("%s: Verify failed", tag) 57 } 58 59 hashed[0] ^= 0xff 60 if Verify(&priv.PublicKey, hashed, r, s) { 61 t.Errorf("%s: Verify always works!", tag) 62 } 63} 64 65func TestSignAndVerify(t *testing.T) { 66 testSignAndVerify(t, elliptic.P224(), "p224") 67 if testing.Short() { 68 return 69 } 70 testSignAndVerify(t, elliptic.P256(), "p256") 71 testSignAndVerify(t, elliptic.P384(), "p384") 72 testSignAndVerify(t, elliptic.P521(), "p521") 73} 74 75func fromHex(s string) *big.Int { 76 r, ok := new(big.Int).SetString(s, 16) 77 if !ok { 78 panic("bad hex") 79 } 80 return r 81} 82 83func TestVectors(t *testing.T) { 84 // This test runs the full set of NIST test vectors from 85 // http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip 86 // 87 // The SigVer.rsp file has been edited to remove test vectors for 88 // unsupported algorithms and has been compressed. 89 90 if testing.Short() { 91 return 92 } 93 94 f, err := os.Open("testdata/SigVer.rsp.bz2") 95 if err != nil { 96 t.Fatal(err) 97 } 98 99 buf := bufio.NewReader(bzip2.NewReader(f)) 100 101 lineNo := 1 102 var h hash.Hash 103 var msg []byte 104 var hashed []byte 105 var r, s *big.Int 106 pub := new(PublicKey) 107 108 for { 109 line, err := buf.ReadString('\n') 110 if len(line) == 0 { 111 if err == io.EOF { 112 break 113 } 114 t.Fatalf("error reading from input: %s", err) 115 } 116 lineNo++ 117 // Need to remove \r\n from the end of the line. 118 if !strings.HasSuffix(line, "\r\n") { 119 t.Fatalf("bad line ending (expected \\r\\n) on line %d", lineNo) 120 } 121 line = line[:len(line)-2] 122 123 if len(line) == 0 || line[0] == '#' { 124 continue 125 } 126 127 if line[0] == '[' { 128 line = line[1 : len(line)-1] 129 parts := strings.SplitN(line, ",", 2) 130 131 switch parts[0] { 132 case "P-224": 133 pub.Curve = elliptic.P224() 134 case "P-256": 135 pub.Curve = elliptic.P256() 136 case "P-384": 137 pub.Curve = elliptic.P384() 138 case "P-521": 139 pub.Curve = elliptic.P521() 140 default: 141 pub.Curve = nil 142 } 143 144 switch parts[1] { 145 case "SHA-1": 146 h = sha1.New() 147 case "SHA-224": 148 h = sha256.New224() 149 case "SHA-256": 150 h = sha256.New() 151 case "SHA-384": 152 h = sha512.New384() 153 case "SHA-512": 154 h = sha512.New() 155 default: 156 h = nil 157 } 158 159 continue 160 } 161 162 if h == nil || pub.Curve == nil { 163 continue 164 } 165 166 switch { 167 case strings.HasPrefix(line, "Msg = "): 168 if msg, err = hex.DecodeString(line[6:]); err != nil { 169 t.Fatalf("failed to decode message on line %d: %s", lineNo, err) 170 } 171 case strings.HasPrefix(line, "Qx = "): 172 pub.X = fromHex(line[5:]) 173 case strings.HasPrefix(line, "Qy = "): 174 pub.Y = fromHex(line[5:]) 175 case strings.HasPrefix(line, "R = "): 176 r = fromHex(line[4:]) 177 case strings.HasPrefix(line, "S = "): 178 s = fromHex(line[4:]) 179 case strings.HasPrefix(line, "Result = "): 180 expected := line[9] == 'P' 181 h.Reset() 182 h.Write(msg) 183 hashed := h.Sum(hashed[:0]) 184 if Verify(pub, hashed, r, s) != expected { 185 t.Fatalf("incorrect result on line %d", lineNo) 186 } 187 default: 188 t.Fatalf("unknown variable on line %d: %s", lineNo, line) 189 } 190 } 191} 192