ed25519_test.go 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. // Copyright 2016 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package ed25519
  5. import (
  6. "bufio"
  7. "bytes"
  8. "compress/gzip"
  9. "crypto"
  10. "crypto/rand"
  11. "encoding/hex"
  12. "os"
  13. "strings"
  14. "testing"
  15. "golang.org/x/crypto/ed25519/internal/edwards25519"
  16. )
  17. type zeroReader struct{}
  18. func (zeroReader) Read(buf []byte) (int, error) {
  19. for i := range buf {
  20. buf[i] = 0
  21. }
  22. return len(buf), nil
  23. }
  24. func TestUnmarshalMarshal(t *testing.T) {
  25. pub, _, _ := GenerateKey(rand.Reader)
  26. var A edwards25519.ExtendedGroupElement
  27. var pubBytes [32]byte
  28. copy(pubBytes[:], pub)
  29. if !A.FromBytes(&pubBytes) {
  30. t.Fatalf("ExtendedGroupElement.FromBytes failed")
  31. }
  32. var pub2 [32]byte
  33. A.ToBytes(&pub2)
  34. if pubBytes != pub2 {
  35. t.Errorf("FromBytes(%v)->ToBytes does not round-trip, got %x\n", pubBytes, pub2)
  36. }
  37. }
  38. func TestSignVerify(t *testing.T) {
  39. var zero zeroReader
  40. public, private, _ := GenerateKey(zero)
  41. message := []byte("test message")
  42. sig := Sign(private, message)
  43. if !Verify(public, message, sig) {
  44. t.Errorf("valid signature rejected")
  45. }
  46. wrongMessage := []byte("wrong message")
  47. if Verify(public, wrongMessage, sig) {
  48. t.Errorf("signature of different message accepted")
  49. }
  50. }
  51. func TestCryptoSigner(t *testing.T) {
  52. var zero zeroReader
  53. public, private, _ := GenerateKey(zero)
  54. signer := crypto.Signer(private)
  55. publicInterface := signer.Public()
  56. public2, ok := publicInterface.(PublicKey)
  57. if !ok {
  58. t.Fatalf("expected PublicKey from Public() but got %T", publicInterface)
  59. }
  60. if !bytes.Equal(public, public2) {
  61. t.Errorf("public keys do not match: original:%x vs Public():%x", public, public2)
  62. }
  63. message := []byte("message")
  64. var noHash crypto.Hash
  65. signature, err := signer.Sign(zero, message, noHash)
  66. if err != nil {
  67. t.Fatalf("error from Sign(): %s", err)
  68. }
  69. if !Verify(public, message, signature) {
  70. t.Errorf("Verify failed on signature from Sign()")
  71. }
  72. }
  73. func TestGolden(t *testing.T) {
  74. // sign.input.gz is a selection of test cases from
  75. // http://ed25519.cr.yp.to/python/sign.input
  76. testDataZ, err := os.Open("testdata/sign.input.gz")
  77. if err != nil {
  78. t.Fatal(err)
  79. }
  80. defer testDataZ.Close()
  81. testData, err := gzip.NewReader(testDataZ)
  82. if err != nil {
  83. t.Fatal(err)
  84. }
  85. defer testData.Close()
  86. scanner := bufio.NewScanner(testData)
  87. lineNo := 0
  88. for scanner.Scan() {
  89. lineNo++
  90. line := scanner.Text()
  91. parts := strings.Split(line, ":")
  92. if len(parts) != 5 {
  93. t.Fatalf("bad number of parts on line %d", lineNo)
  94. }
  95. privBytes, _ := hex.DecodeString(parts[0])
  96. pubKey, _ := hex.DecodeString(parts[1])
  97. msg, _ := hex.DecodeString(parts[2])
  98. sig, _ := hex.DecodeString(parts[3])
  99. // The signatures in the test vectors also include the message
  100. // at the end, but we just want R and S.
  101. sig = sig[:SignatureSize]
  102. if l := len(pubKey); l != PublicKeySize {
  103. t.Fatalf("bad public key length on line %d: got %d bytes", lineNo, l)
  104. }
  105. var priv [PrivateKeySize]byte
  106. copy(priv[:], privBytes)
  107. copy(priv[32:], pubKey)
  108. sig2 := Sign(priv[:], msg)
  109. if !bytes.Equal(sig, sig2[:]) {
  110. t.Errorf("different signature result on line %d: %x vs %x", lineNo, sig, sig2)
  111. }
  112. if !Verify(pubKey, msg, sig2) {
  113. t.Errorf("signature failed to verify on line %d", lineNo)
  114. }
  115. }
  116. if err := scanner.Err(); err != nil {
  117. t.Fatalf("error reading test data: %s", err)
  118. }
  119. }
  120. func BenchmarkKeyGeneration(b *testing.B) {
  121. var zero zeroReader
  122. for i := 0; i < b.N; i++ {
  123. if _, _, err := GenerateKey(zero); err != nil {
  124. b.Fatal(err)
  125. }
  126. }
  127. }
  128. func BenchmarkSigning(b *testing.B) {
  129. var zero zeroReader
  130. _, priv, err := GenerateKey(zero)
  131. if err != nil {
  132. b.Fatal(err)
  133. }
  134. message := []byte("Hello, world!")
  135. b.ResetTimer()
  136. for i := 0; i < b.N; i++ {
  137. Sign(priv, message)
  138. }
  139. }
  140. func BenchmarkVerification(b *testing.B) {
  141. var zero zeroReader
  142. pub, priv, err := GenerateKey(zero)
  143. if err != nil {
  144. b.Fatal(err)
  145. }
  146. message := []byte("Hello, world!")
  147. signature := Sign(priv, message)
  148. b.ResetTimer()
  149. for i := 0; i < b.N; i++ {
  150. Verify(pub, message, signature)
  151. }
  152. }