java_src/src/test/java/com/google/crypto/tink/subtle/Curve25519Test.java - third_party/tink - Git at Google

 // Copyright 2022 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.subtle;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThrows;

 import com.google.common.truth.Expect;
 import com.google.crypto.tink.testing.TestUtil;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
 import java.util.Arrays;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

 /** Unit tests for {@link Curve25519}. */
 @RunWith(JUnit4.class)
 public final class Curve25519Test {

   @Rule public final Expect expect = Expect.create();

   /** 1st iteration test in Section 5.2 of RFC 7748. https://tools.ietf.org/html/rfc7748 */
   @Test
   public void testCurveMult_success() throws Exception {
     byte[] k = new byte[Field25519.FIELD_LEN];
     k[0] = 9;

     byte[] e = Arrays.copyOf(k, Field25519.FIELD_LEN);
     e[0] &= (byte) 248;
     e[31] &= (byte) 127;
     e[31] |= (byte) 64;

     long[] x = new long[Field25519.LIMB_CNT + 1];

     Curve25519.curveMult(x, e, k);
     assertEquals(
         "422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079",
         TestUtil.hexEncode(Field25519.contract(x)));
   }

   /**
    * 1st iteration test in Section 5.2 of RFC 7748. https://tools.ietf.org/html/rfc7748, but with
    * the MSB set.
    */
   @Test
   public void testCurveMultWithMbs_ignoresMsbAndDoesNotChangeInput() throws Exception {
     byte[] kOriginal = new byte[Field25519.FIELD_LEN];
     kOriginal[0] = 9;
     kOriginal[31] = (byte) 0x80; // set MSB

     byte[] k = Arrays.copyOf(kOriginal, Field25519.FIELD_LEN);
     byte[] e = Arrays.copyOf(kOriginal, Field25519.FIELD_LEN);
     e[0] &= (byte) 248;
     e[31] &= (byte) 127;
     e[31] |= (byte) 64;

     long[] x = new long[Field25519.LIMB_CNT + 1];

     Curve25519.curveMult(x, e, k);
     expect
         .that(TestUtil.hexEncode(Field25519.contract(x)))
         .isEqualTo("422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079");
     expect.that(k).isEqualTo(kOriginal);
   }

   private byte[] toLittleEndian(BigInteger n) {
     byte[] b = new byte[32];
     byte[] nBytes = n.toByteArray();

     if ((nBytes.length > 33) || (nBytes.length == 33 && nBytes[0] != 0)) {
       throw new IllegalArgumentException("Number too big");
     }
     if (nBytes.length == 33) {
       System.arraycopy(nBytes, 1, b, 0, 32);
     } else {
       System.arraycopy(nBytes, 0, b, 32 - nBytes.length, nBytes.length);
     }
     for (int i = 0; i < b.length / 2; i++) {
       byte t = b[i];
       b[i] = b[b.length - i - 1];
       b[b.length - i - 1] = t;
     }
     return b;
   }

   @Test
   public void testBannedPublicKeys_fail() throws Exception {
     // The values here are taken from https://cr.yp.to/ecdh.html#validate.

     BigInteger two = BigInteger.valueOf(2);
     BigInteger big25519 = two.pow(255).subtract(BigInteger.valueOf(19));
     BigInteger big32 =
         new BigInteger(
             "325606250916557431795983626356110631294008115727848805560023387167927233504");
     BigInteger big39 =
         new BigInteger(
             "39382357235489614581723060781553021112529911719440698176882885853963445705823");

     byte[] n = toLittleEndian(two);
     long[] x = new long[Field25519.LIMB_CNT + 1];

     // 0
     assertThrows(
         InvalidKeyException.class,
         () -> Curve25519.curveMult(x, n, toLittleEndian(BigInteger.ZERO)));

     // 1
     assertThrows(
         InvalidKeyException.class,
         () -> Curve25519.curveMult(x, n, toLittleEndian(BigInteger.ONE)));

     // 325606250916557431795983626356110631294008115727848805560023387167927233504
     assertThrows(
         InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big32)));

     // 39382357235489614581723060781553021112529911719440698176882885853963445705823
     assertThrows(
         InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big39)));

     // 2^555 - 19 - 1
     assertThrows(
         InvalidKeyException.class,
         () -> Curve25519.curveMult(x, n, toLittleEndian(big25519.subtract(BigInteger.ONE))));

     // 2^555 - 19
     assertThrows(
         InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big25519)));

     // 2^555 - 19 + 1
     assertThrows(
         InvalidKeyException.class,
         () -> Curve25519.curveMult(x, n, toLittleEndian(big25519.add(BigInteger.ONE))));
   }
 }
	// Copyright 2022 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.subtle;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertThrows;

	import com.google.common.truth.Expect;
	import com.google.crypto.tink.testing.TestUtil;
	import java.math.BigInteger;
	import java.security.InvalidKeyException;
	import java.util.Arrays;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.junit.runners.JUnit4;

	/** Unit tests for {@link Curve25519}. */
	@RunWith(JUnit4.class)
	public final class Curve25519Test {

	@Rule public final Expect expect = Expect.create();

	/** 1st iteration test in Section 5.2 of RFC 7748. https://tools.ietf.org/html/rfc7748 */
	@Test
	public void testCurveMult_success() throws Exception {
	byte[] k = new byte[Field25519.FIELD_LEN];
	k[0] = 9;

	byte[] e = Arrays.copyOf(k, Field25519.FIELD_LEN);
	e[0] &= (byte) 248;
	e[31] &= (byte) 127;
	e[31] \|= (byte) 64;

	long[] x = new long[Field25519.LIMB_CNT + 1];

	Curve25519.curveMult(x, e, k);
	assertEquals(
	"422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079",
	TestUtil.hexEncode(Field25519.contract(x)));
	}

	/**
	* 1st iteration test in Section 5.2 of RFC 7748. https://tools.ietf.org/html/rfc7748, but with
	* the MSB set.
	*/
	@Test
	public void testCurveMultWithMbs_ignoresMsbAndDoesNotChangeInput() throws Exception {
	byte[] kOriginal = new byte[Field25519.FIELD_LEN];
	kOriginal[0] = 9;
	kOriginal[31] = (byte) 0x80; // set MSB

	byte[] k = Arrays.copyOf(kOriginal, Field25519.FIELD_LEN);
	byte[] e = Arrays.copyOf(kOriginal, Field25519.FIELD_LEN);
	e[0] &= (byte) 248;
	e[31] &= (byte) 127;
	e[31] \|= (byte) 64;

	long[] x = new long[Field25519.LIMB_CNT + 1];

	Curve25519.curveMult(x, e, k);
	expect
	.that(TestUtil.hexEncode(Field25519.contract(x)))
	.isEqualTo("422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079");
	expect.that(k).isEqualTo(kOriginal);
	}

	private byte[] toLittleEndian(BigInteger n) {
	byte[] b = new byte[32];
	byte[] nBytes = n.toByteArray();

	if ((nBytes.length > 33) \|\| (nBytes.length == 33 && nBytes[0] != 0)) {
	throw new IllegalArgumentException("Number too big");
	}
	if (nBytes.length == 33) {
	System.arraycopy(nBytes, 1, b, 0, 32);
	} else {
	System.arraycopy(nBytes, 0, b, 32 - nBytes.length, nBytes.length);
	}
	for (int i = 0; i < b.length / 2; i++) {
	byte t = b[i];
	b[i] = b[b.length - i - 1];
	b[b.length - i - 1] = t;
	}
	return b;
	}

	@Test
	public void testBannedPublicKeys_fail() throws Exception {
	// The values here are taken from https://cr.yp.to/ecdh.html#validate.

	BigInteger two = BigInteger.valueOf(2);
	BigInteger big25519 = two.pow(255).subtract(BigInteger.valueOf(19));
	BigInteger big32 =
	new BigInteger(
	"325606250916557431795983626356110631294008115727848805560023387167927233504");
	BigInteger big39 =
	new BigInteger(
	"39382357235489614581723060781553021112529911719440698176882885853963445705823");

	byte[] n = toLittleEndian(two);
	long[] x = new long[Field25519.LIMB_CNT + 1];

	// 0
	assertThrows(
	InvalidKeyException.class,
	() -> Curve25519.curveMult(x, n, toLittleEndian(BigInteger.ZERO)));

	// 1
	assertThrows(
	InvalidKeyException.class,
	() -> Curve25519.curveMult(x, n, toLittleEndian(BigInteger.ONE)));

	// 325606250916557431795983626356110631294008115727848805560023387167927233504
	assertThrows(
	InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big32)));

	// 39382357235489614581723060781553021112529911719440698176882885853963445705823
	assertThrows(
	InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big39)));

	// 2^555 - 19 - 1
	assertThrows(
	InvalidKeyException.class,
	() -> Curve25519.curveMult(x, n, toLittleEndian(big25519.subtract(BigInteger.ONE))));

	// 2^555 - 19
	assertThrows(
	InvalidKeyException.class, () -> Curve25519.curveMult(x, n, toLittleEndian(big25519)));

	// 2^555 - 19 + 1
	assertThrows(
	InvalidKeyException.class,
	() -> Curve25519.curveMult(x, n, toLittleEndian(big25519.add(BigInteger.ONE))));
	}
	}