/crypto/ecies/ecies_test.go
Go | 543 lines | 415 code | 72 blank | 56 comment | 152 complexity | a13659aea0686d8f7a126d1f1e9a6a70 MD5 | raw file
- // Copyright (c) 2013 Kyle Isom <kyle@tyrfingr.is>
- // Copyright (c) 2012 The Go Authors. All rights reserved.
- //
- // Redistribution and use in source and binary forms, with or without
- // modification, are permitted provided that the following conditions are
- // met:
- //
- // * Redistributions of source code must retain the above copyright
- // notice, this list of conditions and the following disclaimer.
- // * Redistributions in binary form must reproduce the above
- // copyright notice, this list of conditions and the following disclaimer
- // in the documentation and/or other materials provided with the
- // distribution.
- // * Neither the name of Google Inc. nor the names of its
- // contributors may be used to endorse or promote products derived from
- // this software without specific prior written permission.
- //
- // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- package ecies
- import (
- "bytes"
- "crypto/elliptic"
- "crypto/rand"
- "crypto/sha256"
- "flag"
- "fmt"
- "io/ioutil"
- "testing"
- )
- var dumpEnc bool
- func init() {
- flDump := flag.Bool("dump", false, "write encrypted test message to file")
- flag.Parse()
- dumpEnc = *flDump
- }
- // Ensure the KDF generates appropriately sized keys.
- func TestKDF(t *testing.T) {
- msg := []byte("Hello, world")
- h := sha256.New()
- k, err := concatKDF(h, msg, nil, 64)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if len(k) != 64 {
- fmt.Printf("KDF: generated key is the wrong size (%d instead of 64\n",
- len(k))
- t.FailNow()
- }
- }
- var skLen int
- var ErrBadSharedKeys = fmt.Errorf("ecies: shared keys don't match")
- // cmpParams compares a set of ECIES parameters. We assume, as per the
- // docs, that AES is the only supported symmetric encryption algorithm.
- func cmpParams(p1, p2 *ECIESParams) bool {
- if p1.hashAlgo != p2.hashAlgo {
- return false
- } else if p1.KeyLen != p2.KeyLen {
- return false
- } else if p1.BlockSize != p2.BlockSize {
- return false
- }
- return true
- }
- // cmpPublic returns true if the two public keys represent the same pojnt.
- func cmpPublic(pub1, pub2 PublicKey) bool {
- if pub1.X == nil || pub1.Y == nil {
- fmt.Println(ErrInvalidPublicKey.Error())
- return false
- }
- if pub2.X == nil || pub2.Y == nil {
- fmt.Println(ErrInvalidPublicKey.Error())
- return false
- }
- pub1Out := elliptic.Marshal(pub1.Curve, pub1.X, pub1.Y)
- pub2Out := elliptic.Marshal(pub2.Curve, pub2.X, pub2.Y)
- return bytes.Equal(pub1Out, pub2Out)
- }
- // cmpPrivate returns true if the two private keys are the same.
- func cmpPrivate(prv1, prv2 *PrivateKey) bool {
- if prv1 == nil || prv1.D == nil {
- return false
- } else if prv2 == nil || prv2.D == nil {
- return false
- } else if prv1.D.Cmp(prv2.D) != 0 {
- return false
- } else {
- return cmpPublic(prv1.PublicKey, prv2.PublicKey)
- }
- }
- // Validate the ECDH component.
- func TestSharedKey(t *testing.T) {
- prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- skLen = MaxSharedKeyLength(&prv1.PublicKey) / 2
- prv2, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- sk1, err := prv1.GenerateShared(&prv2.PublicKey, skLen, skLen)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- sk2, err := prv2.GenerateShared(&prv1.PublicKey, skLen, skLen)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if !bytes.Equal(sk1, sk2) {
- fmt.Println(ErrBadSharedKeys.Error())
- t.FailNow()
- }
- }
- // Verify that the key generation code fails when too much key data is
- // requested.
- func TestTooBigSharedKey(t *testing.T) {
- prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- prv2, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- _, err = prv1.GenerateShared(&prv2.PublicKey, skLen*2, skLen*2)
- if err != ErrSharedKeyTooBig {
- fmt.Println("ecdh: shared key should be too large for curve")
- t.FailNow()
- }
- _, err = prv2.GenerateShared(&prv1.PublicKey, skLen*2, skLen*2)
- if err != ErrSharedKeyTooBig {
- fmt.Println("ecdh: shared key should be too large for curve")
- t.FailNow()
- }
- }
- // Ensure a public key can be successfully marshalled and unmarshalled, and
- // that the decoded key is the same as the original.
- func TestMarshalPublic(t *testing.T) {
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- out, err := MarshalPublic(&prv.PublicKey)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- pub, err := UnmarshalPublic(out)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if !cmpPublic(prv.PublicKey, *pub) {
- fmt.Println("ecies: failed to unmarshal public key")
- t.FailNow()
- }
- }
- // Ensure that a private key can be encoded into DER format, and that
- // the resulting key is properly parsed back into a public key.
- func TestMarshalPrivate(t *testing.T) {
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- out, err := MarshalPrivate(prv)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if dumpEnc {
- ioutil.WriteFile("test.out", out, 0644)
- }
- prv2, err := UnmarshalPrivate(out)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if !cmpPrivate(prv, prv2) {
- fmt.Println("ecdh: private key import failed")
- t.FailNow()
- }
- }
- // Ensure that a private key can be successfully encoded to PEM format, and
- // the resulting key is properly parsed back in.
- func TestPrivatePEM(t *testing.T) {
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- out, err := ExportPrivatePEM(prv)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if dumpEnc {
- ioutil.WriteFile("test.key", out, 0644)
- }
- prv2, err := ImportPrivatePEM(out)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- } else if !cmpPrivate(prv, prv2) {
- fmt.Println("ecdh: import from PEM failed")
- t.FailNow()
- }
- }
- // Ensure that a public key can be successfully encoded to PEM format, and
- // the resulting key is properly parsed back in.
- func TestPublicPEM(t *testing.T) {
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- out, err := ExportPublicPEM(&prv.PublicKey)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if dumpEnc {
- ioutil.WriteFile("test.pem", out, 0644)
- }
- pub2, err := ImportPublicPEM(out)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- } else if !cmpPublic(prv.PublicKey, *pub2) {
- fmt.Println("ecdh: import from PEM failed")
- t.FailNow()
- }
- }
- // Benchmark the generation of P256 keys.
- func BenchmarkGenerateKeyP256(b *testing.B) {
- for i := 0; i < b.N; i++ {
- if _, err := GenerateKey(rand.Reader, elliptic.P256(), nil); err != nil {
- fmt.Println(err.Error())
- b.FailNow()
- }
- }
- }
- // Benchmark the generation of P256 shared keys.
- func BenchmarkGenSharedKeyP256(b *testing.B) {
- prv, err := GenerateKey(rand.Reader, elliptic.P256(), nil)
- if err != nil {
- fmt.Println(err.Error())
- b.FailNow()
- }
- for i := 0; i < b.N; i++ {
- _, err := prv.GenerateShared(&prv.PublicKey, skLen, skLen)
- if err != nil {
- fmt.Println(err.Error())
- b.FailNow()
- }
- }
- }
- // Verify that an encrypted message can be successfully decrypted.
- func TestEncryptDecrypt(t *testing.T) {
- prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- prv2, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- message := []byte("Hello, world.")
- ct, err := Encrypt(rand.Reader, &prv2.PublicKey, message, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- pt, err := prv2.Decrypt(rand.Reader, ct, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if !bytes.Equal(pt, message) {
- fmt.Println("ecies: plaintext doesn't match message")
- t.FailNow()
- }
- _, err = prv1.Decrypt(rand.Reader, ct, nil, nil)
- if err == nil {
- fmt.Println("ecies: encryption should not have succeeded")
- t.FailNow()
- }
- }
- func TestDecryptShared2(t *testing.T) {
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- t.Fatal(err)
- }
- message := []byte("Hello, world.")
- shared2 := []byte("shared data 2")
- ct, err := Encrypt(rand.Reader, &prv.PublicKey, message, nil, shared2)
- if err != nil {
- t.Fatal(err)
- }
- // Check that decrypting with correct shared data works.
- pt, err := prv.Decrypt(rand.Reader, ct, nil, shared2)
- if err != nil {
- t.Fatal(err)
- }
- if !bytes.Equal(pt, message) {
- t.Fatal("ecies: plaintext doesn't match message")
- }
- // Decrypting without shared data or incorrect shared data fails.
- if _, err = prv.Decrypt(rand.Reader, ct, nil, nil); err == nil {
- t.Fatal("ecies: decrypting without shared data didn't fail")
- }
- if _, err = prv.Decrypt(rand.Reader, ct, nil, []byte("garbage")); err == nil {
- t.Fatal("ecies: decrypting with incorrect shared data didn't fail")
- }
- }
- // TestMarshalEncryption validates the encode/decode produces a valid
- // ECIES encryption key.
- func TestMarshalEncryption(t *testing.T) {
- prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- out, err := MarshalPrivate(prv1)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- prv2, err := UnmarshalPrivate(out)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- message := []byte("Hello, world.")
- ct, err := Encrypt(rand.Reader, &prv2.PublicKey, message, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- pt, err := prv2.Decrypt(rand.Reader, ct, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- if !bytes.Equal(pt, message) {
- fmt.Println("ecies: plaintext doesn't match message")
- t.FailNow()
- }
- _, err = prv1.Decrypt(rand.Reader, ct, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- }
- type testCase struct {
- Curve elliptic.Curve
- Name string
- Expected bool
- }
- var testCases = []testCase{
- testCase{
- Curve: elliptic.P256(),
- Name: "P256",
- Expected: true,
- },
- testCase{
- Curve: elliptic.P384(),
- Name: "P384",
- Expected: true,
- },
- testCase{
- Curve: elliptic.P521(),
- Name: "P521",
- Expected: true,
- },
- }
- // Test parameter selection for each curve, and that P224 fails automatic
- // parameter selection (see README for a discussion of P224). Ensures that
- // selecting a set of parameters automatically for the given curve works.
- func TestParamSelection(t *testing.T) {
- for _, c := range testCases {
- testParamSelection(t, c)
- }
- }
- func testParamSelection(t *testing.T, c testCase) {
- params := ParamsFromCurve(c.Curve)
- if params == nil && c.Expected {
- fmt.Printf("%s (%s)\n", ErrInvalidParams.Error(), c.Name)
- t.FailNow()
- } else if params != nil && !c.Expected {
- fmt.Printf("ecies: parameters should be invalid (%s)\n",
- c.Name)
- t.FailNow()
- }
- prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Printf("%s (%s)\n", err.Error(), c.Name)
- t.FailNow()
- }
- prv2, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Printf("%s (%s)\n", err.Error(), c.Name)
- t.FailNow()
- }
- message := []byte("Hello, world.")
- ct, err := Encrypt(rand.Reader, &prv2.PublicKey, message, nil, nil)
- if err != nil {
- fmt.Printf("%s (%s)\n", err.Error(), c.Name)
- t.FailNow()
- }
- pt, err := prv2.Decrypt(rand.Reader, ct, nil, nil)
- if err != nil {
- fmt.Printf("%s (%s)\n", err.Error(), c.Name)
- t.FailNow()
- }
- if !bytes.Equal(pt, message) {
- fmt.Printf("ecies: plaintext doesn't match message (%s)\n",
- c.Name)
- t.FailNow()
- }
- _, err = prv1.Decrypt(rand.Reader, ct, nil, nil)
- if err == nil {
- fmt.Printf("ecies: encryption should not have succeeded (%s)\n",
- c.Name)
- t.FailNow()
- }
- }
- // Ensure that the basic public key validation in the decryption operation
- // works.
- func TestBasicKeyValidation(t *testing.T) {
- badBytes := []byte{0, 1, 5, 6, 7, 8, 9}
- prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- message := []byte("Hello, world.")
- ct, err := Encrypt(rand.Reader, &prv.PublicKey, message, nil, nil)
- if err != nil {
- fmt.Println(err.Error())
- t.FailNow()
- }
- for _, b := range badBytes {
- ct[0] = b
- _, err := prv.Decrypt(rand.Reader, ct, nil, nil)
- if err != ErrInvalidPublicKey {
- fmt.Println("ecies: validated an invalid key")
- t.FailNow()
- }
- }
- }