blob: 1ede6a4bff08a77222460efd20c67a252a1927c5 [file] [log] [blame]
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/subtle/ed25519_sign_boringssl.h"
#include <string>
#include "gtest/gtest.h"
#include "absl/strings/str_cat.h"
#include "openssl/curve25519.h"
#include "tink/public_key_sign.h"
#include "tink/public_key_verify.h"
#include "tink/config/tink_fips.h"
#include "tink/subtle/ed25519_verify_boringssl.h"
#include "tink/subtle/random.h"
#include "tink/subtle/subtle_util_boringssl.h"
#include "tink/util/secret_data.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
namespace crypto {
namespace tink {
namespace subtle {
namespace {
using ::crypto::tink::test::StatusIs;
class Ed25519SignBoringSslTest : public ::testing::Test {};
TEST_F(Ed25519SignBoringSslTest, testBasicSign) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
}
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char *>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
util::SecretData private_key =
util::SecretDataFromStringView(absl::string_view(
reinterpret_cast<char *>(out_private_key), ED25519_PRIVATE_KEY_LEN));
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Sign a message.
std::string message = "some data to be signed";
std::string signature = signer->Sign(message).ValueOrDie();
EXPECT_NE(signature, message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
status = verifier->Verify("some bad signature", message);
EXPECT_FALSE(status.ok());
status = verifier->Verify(signature, "some bad message");
EXPECT_FALSE(status.ok());
// Loop 100 times, sign a random message twice using the signer and verify
// that the signatures are the same.
for (size_t i = 0; i < 100; i++) {
message = subtle::Random::GetRandomBytes(i);
std::string signature1 = signer->Sign(message).ValueOrDie();
std::string signature2 = signer->Sign(message).ValueOrDie();
EXPECT_EQ(signature1, signature2);
// Verify that the signatures are valid.
status = verifier->Verify(signature1, message);
EXPECT_TRUE(status.ok()) << status;
}
}
TEST_F(Ed25519SignBoringSslTest, testInvalidPrivateKeys) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
}
for (int keysize = 0; keysize < 128; keysize++) {
if (keysize == ED25519_PRIVATE_KEY_LEN) {
// Valid key size.
continue;
}
util::SecretData key(keysize, 'x');
EXPECT_FALSE(Ed25519SignBoringSsl::New(key).ok());
}
}
TEST_F(Ed25519SignBoringSslTest, testMessageEmptyVersusNullStringView) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
}
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char *>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
util::SecretData private_key =
util::SecretDataFromStringView(absl::string_view(
reinterpret_cast<char *>(out_private_key), ED25519_PRIVATE_KEY_LEN));
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Message is a null string_view.
const absl::string_view empty_message;
auto signature = signer->Sign(empty_message).ValueOrDie();
EXPECT_NE(signature, empty_message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, empty_message);
EXPECT_TRUE(status.ok()) << status;
// Message is an empty string.
const std::string message = "";
signature = signer->Sign(message).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
EXPECT_NE(signature, message);
status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
// Message is a default constructed string_view.
signature = signer->Sign(absl::string_view()).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
status = verifier->Verify(signature, absl::string_view());
EXPECT_TRUE(status.ok()) << status;
}
struct TestVector {
std::string public_key;
std::string private_key;
std::string expected_signature;
std::string message;
};
TEST_F(Ed25519SignBoringSslTest, testWithTestVectors) {
if (IsFipsModeEnabled()) {
GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
}
// These test vectors are taken from:
// https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02#section-6.
TestVector ed25519_vectors[] = {
{
/*TEST 1*/
/*public_key= */ test::HexDecodeOrDie(
"d75a980182b10ab7d54bfed3c964073a"
"0ee172f3daa62325af021a68f707511a"),
/*private_key=*/
test::HexDecodeOrDie("9d61b19deffd5a60ba844af492ec2cc4"
"4449c5697b326919703bac031cae7f60"),
/*signature = */
test::HexDecodeOrDie("e5564300c360ac729086e2cc806e828a"
"84877f1eb8e5d974d873e06522490155"
"5fb8821590a33bacc61e39701cf9b46b"
"d25bf5f0595bbe24655141438e7a100b"),
/*message = */ "",
},
{
/*TEST 2*/
/*public_key= */ test::HexDecodeOrDie(
"3d4017c3e843895a92b70aa74d1b7ebc"
"9c982ccf2ec4968cc0cd55f12af4660c"),
/*private_key=*/
test::HexDecodeOrDie("4ccd089b28ff96da9db6c346ec114e0f"
"5b8a319f35aba624da8cf6ed4fb8a6fb"),
/*signature = */
test::HexDecodeOrDie("92a009a9f0d4cab8720e820b5f642540"
"a2b27b5416503f8fb3762223ebdb69da"
"085ac1e43e15996e458f3613d0f11d8c"
"387b2eaeb4302aeeb00d291612bb0c00"),
/*message = */ "\x72",
},
{
/*TEST 3*/
/*public_key= */ test::HexDecodeOrDie(
"fc51cd8e6218a1a38da47ed00230f058"
"0816ed13ba3303ac5deb911548908025"),
/*private_key=*/
test::HexDecodeOrDie("c5aa8df43f9f837bedb7442f31dcb7b1"
"66d38535076f094b85ce3a2e0b4458f7"),
/*signature = */
test::HexDecodeOrDie("6291d657deec24024827e69c3abe01a3"
"0ce548a284743a445e3680d7db5ac3ac"
"18ff9b538d16f290ae67f760984dc659"
"4a7c15e9716ed28dc027beceea1ec40a"),
/*message = */ "\xaf\x82",
},
{
/*TEST 1024*/
/*public_key= */ test::HexDecodeOrDie(
"278117fc144c72340f67d0f2316e8386"
"ceffbf2b2428c9c51fef7c597f1d426e"),
/*private_key=*/
test::HexDecodeOrDie("f5e5767cf153319517630f226876b86c"
"8160cc583bc013744c6bf255f5cc0ee5"),
/*signature = */
test::HexDecodeOrDie("0aab4c900501b3e24d7cdf4663326a3a"
"87df5e4843b2cbdb67cbf6e460fec350"
"aa5371b1508f9f4528ecea23c436d94b"
"5e8fcd4f681e30a6ac00a9704a188a03"),
/*message = */
test::HexDecodeOrDie("08b8b2b733424243760fe426a4b54908"
"632110a66c2f6591eabd3345e3e4eb98"
"fa6e264bf09efe12ee50f8f54e9f77b1"
"e355f6c50544e23fb1433ddf73be84d8"
"79de7c0046dc4996d9e773f4bc9efe57"
"38829adb26c81b37c93a1b270b20329d"
"658675fc6ea534e0810a4432826bf58c"
"941efb65d57a338bbd2e26640f89ffbc"
"1a858efcb8550ee3a5e1998bd177e93a"
"7363c344fe6b199ee5d02e82d522c4fe"
"ba15452f80288a821a579116ec6dad2b"
"3b310da903401aa62100ab5d1a36553e"
"06203b33890cc9b832f79ef80560ccb9"
"a39ce767967ed628c6ad573cb116dbef"
"efd75499da96bd68a8a97b928a8bbc10"
"3b6621fcde2beca1231d206be6cd9ec7"
"aff6f6c94fcd7204ed3455c68c83f4a4"
"1da4af2b74ef5c53f1d8ac70bdcb7ed1"
"85ce81bd84359d44254d95629e9855a9"
"4a7c1958d1f8ada5d0532ed8a5aa3fb2"
"d17ba70eb6248e594e1a2297acbbb39d"
"502f1a8c6eb6f1ce22b3de1a1f40cc24"
"554119a831a9aad6079cad88425de6bd"
"e1a9187ebb6092cf67bf2b13fd65f270"
"88d78b7e883c8759d2c4f5c65adb7553"
"878ad575f9fad878e80a0c9ba63bcbcc"
"2732e69485bbc9c90bfbd62481d9089b"
"eccf80cfe2df16a2cf65bd92dd597b07"
"07e0917af48bbb75fed413d238f5555a"
"7a569d80c3414a8d0859dc65a46128ba"
"b27af87a71314f318c782b23ebfe808b"
"82b0ce26401d2e22f04d83d1255dc51a"
"ddd3b75a2b1ae0784504df543af8969b"
"e3ea7082ff7fc9888c144da2af58429e"
"c96031dbcad3dad9af0dcbaaaf268cb8"
"fcffead94f3c7ca495e056a9b47acdb7"
"51fb73e666c6c655ade8297297d07ad1"
"ba5e43f1bca32301651339e22904cc8c"
"42f58c30c04aafdb038dda0847dd988d"
"cda6f3bfd15c4b4c4525004aa06eeff8"
"ca61783aacec57fb3d1f92b0fe2fd1a8"
"5f6724517b65e614ad6808d6f6ee34df"
"f7310fdc82aebfd904b01e1dc54b2927"
"094b2db68d6f903b68401adebf5a7e08"
"d78ff4ef5d63653a65040cf9bfd4aca7"
"984a74d37145986780fc0b16ac451649"
"de6188a7dbdf191f64b5fc5e2ab47b57"
"f7f7276cd419c17a3ca8e1b939ae49e4"
"88acba6b965610b5480109c8b17b80e1"
"b7b750dfc7598d5d5011fd2dcc5600a3"
"2ef5b52a1ecc820e308aa342721aac09"
"43bf6686b64b2579376504ccc493d97e"
"6aed3fb0f9cd71a43dd497f01f17c0e2"
"cb3797aa2a2f256656168e6c496afc5f"
"b93246f6b1116398a346f1a641f3b041"
"e989f7914f90cc2c7fff357876e506b5"
"0d334ba77c225bc307ba537152f3f161"
"0e4eafe595f6d9d90d11faa933a15ef1"
"369546868a7f3a45a96768d40fd9d034"
"12c091c6315cf4fde7cb68606937380d"
"b2eaaa707b4c4185c32eddcdd306705e"
"4dc1ffc872eeee475a64dfac86aba41c"
"0618983f8741c5ef68d3a101e8a3b8ca"
"c60c905c15fc910840b94c00a0b9d0"),
},
};
for (const TestVector &v : ed25519_vectors) {
// Add the public as a suffix to the private key. This is needed by the
// boringssl API.
util::SecretData private_key = util::SecretDataFromStringView(
absl::StrCat(v.private_key, v.public_key));
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(v.public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
std::string signature = signer->Sign(v.message).ValueOrDie();
EXPECT_TRUE(signature == v.expected_signature);
auto status = verifier->Verify(signature, v.message);
EXPECT_TRUE(status.ok()) << status;
}
}
TEST_F(Ed25519SignBoringSslTest, testFipsMode) {
if (!IsFipsModeEnabled()) {
GTEST_SKIP() << "Test assumes kOnlyUseFips.";
}
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
util::SecretData private_key(ED25519_PRIVATE_KEY_LEN);
ED25519_keypair(out_public_key, private_key.data());
// Create a new signer.
EXPECT_THAT(Ed25519SignBoringSsl::New(private_key).status(),
StatusIs(util::error::INTERNAL));
}
} // namespace
} // namespace subtle
} // namespace tink
} // namespace crypto