Skip to content
Snippets Groups Projects
Commit 8a3030c6 authored by candrian's avatar candrian Committed by Tink Team
Browse files

cc: Add ED25519 signature primitive in subtle. 

PiperOrigin-RevId: 232526481
GitOrigin-RevId: 1c760965083c4df78332634794bb90e241be0f6a
parent d7bbc451
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cc/subtle/BUILD.bazel
+ 79
0
View file @ 8a3030c6
......@@ -103,6 +103,40 @@ cc_library(
],
)
cc_library(
name = "ed25519_sign_boringssl",
srcs = ["ed25519_sign_boringssl.cc"],
hdrs = ["ed25519_sign_boringssl.h"],
include_prefix = "tink",
strip_include_prefix = "/cc",
deps = [
":subtle_util_boringssl",
"//cc:public_key_sign",
"//cc/util:errors",
"//cc/util:statusor",
"@boringssl//:crypto",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:str_format",
],
)
cc_library(
name = "ed25519_verify_boringssl",
srcs = ["ed25519_verify_boringssl.cc"],
hdrs = ["ed25519_verify_boringssl.h"],
include_prefix = "tink",
strip_include_prefix = "/cc",
deps = [
":subtle_util_boringssl",
"//cc:public_key_verify",
"//cc/util:errors",
"//cc/util:statusor",
"@boringssl//:crypto",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/strings:str_format",
],
)
cc_library(
name = "hkdf",
srcs = ["hkdf.cc"],
......@@ -690,6 +724,51 @@ cc_test(
],
)
cc_test(
name = "ed25519_sign_boringssl_test",
size = "small",
srcs = ["ed25519_sign_boringssl_test.cc"],
copts = ["-Iexternal/gtest/include"],
deps = [
":ed25519_sign_boringssl",
":ed25519_verify_boringssl",
":random",
":subtle_util_boringssl",
"//cc:public_key_sign",
"//cc:public_key_verify",
"//cc/util:status",
"//cc/util:statusor",
"//cc/util:test_util",
"@boringssl//:crypto",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "ed25519_verify_boringssl_test",
size = "small",
srcs = ["ed25519_verify_boringssl_test.cc"],
copts = ["-Iexternal/gtest/include"],
data = [
"@wycheproof//testvectors:all",
],
deps = [
":ed25519_sign_boringssl",
":ed25519_verify_boringssl",
":subtle_util_boringssl",
":wycheproof_util",
"//cc:public_key_sign",
"//cc:public_key_verify",
"//cc/util:status",
"//cc/util:statusor",
"//cc/util:test_util",
"@boringssl//:crypto",
"@com_google_absl//absl/strings",
"@com_google_googletest//:gtest_main",
],
)
cc_test(
name = "rsa_ssa_pss_verify_boringssl_test",
size = "small",
......
cc/subtle/ed25519_sign_boringssl.cc 0 → 100644
+ 67
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/subtle/ed25519_sign_boringssl.h"
#include <cstring>
#include "absl/strings/str_format.h"
#include "absl/strings/string_view.h"
#include "openssl/curve25519.h"
#include "tink/public_key_sign.h"
#include "tink/subtle/subtle_util_boringssl.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace subtle {
// static
util::StatusOr<std::unique_ptr<PublicKeySign>> Ed25519SignBoringSsl::New(
absl::string_view private_key) {
if (private_key.length() != ED25519_PRIVATE_KEY_LEN) {
return util::Status(
util::error::INVALID_ARGUMENT,
absl::StrFormat("Invalid ED25519 private key size (%d). "
"The only valid size is %d.",
private_key.length(), ED25519_PRIVATE_KEY_LEN));
}
std::unique_ptr<PublicKeySign> sign(new Ed25519SignBoringSsl(private_key));
return std::move(sign);
}
Ed25519SignBoringSsl::Ed25519SignBoringSsl(absl::string_view private_key)
: private_key_(private_key) {}
util::StatusOr<std::string> Ed25519SignBoringSsl::Sign(
absl::string_view data) const {
data = SubtleUtilBoringSSL::EnsureNonNull(data);
uint8_t out_sig[ED25519_SIGNATURE_LEN];
std::memset(reinterpret_cast<void *>(&out_sig), 0, ED25519_SIGNATURE_LEN);
if (ED25519_sign(
out_sig, reinterpret_cast<const uint8_t *>(data.data()), data.size(),
reinterpret_cast<const uint8_t *>(private_key_.data())) != 1) {
return util::Status(util::error::INTERNAL, "Signing failed.");
}
return std::string(reinterpret_cast<char *>(out_sig), ED25519_SIGNATURE_LEN);
}
} // namespace subtle
} // namespace tink
} // namespace crypto
cc/subtle/ed25519_sign_boringssl.h 0 → 100644
+ 52
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_SUBTLE_ED25519_SIGN_BORINGSSL_H_
#define TINK_SUBTLE_ED25519_SIGN_BORINGSSL_H_
#include <memory>
#include "absl/strings/string_view.h"
#include "openssl/curve25519.h"
#include "tink/public_key_sign.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace subtle {
class Ed25519SignBoringSsl : public PublicKeySign {
public:
static crypto::tink::util::StatusOr<std::unique_ptr<PublicKeySign>> New(
absl::string_view private_key);
// Computes the signature for 'data'.
crypto::tink::util::StatusOr<std::string> Sign(
absl::string_view data) const override;
~Ed25519SignBoringSsl() override = default;
private:
const std::string private_key_;
explicit Ed25519SignBoringSsl(absl::string_view private_key);
};
} // namespace subtle
} // namespace tink
} // namespace crypto
#endif // TINK_SUBTLE_ED25519_SIGN_BORINGSSL_H_
cc/subtle/ed25519_sign_boringssl_test.cc 0 → 100644
+ 312
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/subtle/ed25519_sign_boringssl.h"
#include <string>
#include "gtest/gtest.h"
#include "absl/strings/str_cat.h"
#include "openssl/curve25519.h"
#include "tink/public_key_sign.h"
#include "tink/public_key_verify.h"
#include "tink/subtle/ed25519_verify_boringssl.h"
#include "tink/subtle/random.h"
#include "tink/subtle/subtle_util_boringssl.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_util.h"
namespace crypto {
namespace tink {
namespace subtle {
namespace {
class Ed25519SignBoringSslTest : public ::testing::Test {};
TEST_F(Ed25519SignBoringSslTest, testBasicSign) {
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char *>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
std::string private_key(reinterpret_cast<const char *>(out_private_key),
ED25519_PRIVATE_KEY_LEN);
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Sign a message.
std::string message = "some data to be signed";
std::string signature = signer->Sign(message).ValueOrDie();
EXPECT_NE(signature, message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
status = verifier->Verify("some bad signature", message);
EXPECT_FALSE(status.ok());
status = verifier->Verify(signature, "some bad message");
EXPECT_FALSE(status.ok());
// Loop 100 times, sign a random message twice using the signer and verify
// that the signatures are the same.
for (size_t i = 0; i < 100; i++) {
message = subtle::Random::GetRandomBytes(i);
std::string signature1 = signer->Sign(message).ValueOrDie();
std::string signature2 = signer->Sign(message).ValueOrDie();
EXPECT_EQ(signature1, signature2);
// Verify that the signatures are valid.
status = verifier->Verify(signature1, message);
EXPECT_TRUE(status.ok()) << status;
}
}
TEST_F(Ed25519SignBoringSslTest, testInvalidPrivateKeys) {
// Null private key.
const absl::string_view null_private_key;
EXPECT_FALSE(Ed25519SignBoringSsl::New(null_private_key).ok());
for (int keysize = 0; keysize < 128; keysize++) {
if (keysize == ED25519_PRIVATE_KEY_LEN) {
// Valid key size.
continue;
}
std::string key(keysize, 'x');
EXPECT_FALSE(Ed25519SignBoringSsl::New(key).ok());
}
}
TEST_F(Ed25519SignBoringSslTest, testMessageEmptyVersusNullStringView) {
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char *>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
std::string private_key(reinterpret_cast<const char *>(out_private_key),
ED25519_PRIVATE_KEY_LEN);
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Message is a null string_view.
const absl::string_view empty_message;
auto signature = signer->Sign(empty_message).ValueOrDie();
EXPECT_NE(signature, empty_message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, empty_message);
EXPECT_TRUE(status.ok()) << status;
// Message is an empty std::string.
const std::string message = "";
signature = signer->Sign(message).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
EXPECT_NE(signature, message);
status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
// Message is a null ptr.
signature = signer->Sign(nullptr).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
status = verifier->Verify(signature, nullptr);
EXPECT_TRUE(status.ok()) << status;
}
typedef struct testVector {
std::string public_key;
std::string private_key;
std::string expected_signature;
std::string message;
} testVector;
TEST_F(Ed25519SignBoringSslTest, testWithTestVectors) {
// These test vectors are taken from:
// https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02#section-6.
testVector Ed25519Vectors[] = {
{
/*TEST 1*/
/*public_key= */ test::HexDecodeOrDie(
"d75a980182b10ab7d54bfed3c964073a"
"0ee172f3daa62325af021a68f707511a"),
/*private_key=*/
test::HexDecodeOrDie("9d61b19deffd5a60ba844af492ec2cc4"
"4449c5697b326919703bac031cae7f60"),
/*signature = */
test::HexDecodeOrDie("e5564300c360ac729086e2cc806e828a"
"84877f1eb8e5d974d873e06522490155"
"5fb8821590a33bacc61e39701cf9b46b"
"d25bf5f0595bbe24655141438e7a100b"),
/*message = */ "",
},
{
/*TEST 2*/
/*public_key= */ test::HexDecodeOrDie(
"3d4017c3e843895a92b70aa74d1b7ebc"
"9c982ccf2ec4968cc0cd55f12af4660c"),
/*private_key=*/
test::HexDecodeOrDie("4ccd089b28ff96da9db6c346ec114e0f"
"5b8a319f35aba624da8cf6ed4fb8a6fb"),
/*signature = */
test::HexDecodeOrDie("92a009a9f0d4cab8720e820b5f642540"
"a2b27b5416503f8fb3762223ebdb69da"
"085ac1e43e15996e458f3613d0f11d8c"
"387b2eaeb4302aeeb00d291612bb0c00"),
/*message = */ "\x72",
},
{
/*TEST 3*/
/*public_key= */ test::HexDecodeOrDie(
"fc51cd8e6218a1a38da47ed00230f058"
"0816ed13ba3303ac5deb911548908025"),
/*private_key=*/
test::HexDecodeOrDie("c5aa8df43f9f837bedb7442f31dcb7b1"
"66d38535076f094b85ce3a2e0b4458f7"),
/*signature = */
test::HexDecodeOrDie("6291d657deec24024827e69c3abe01a3"
"0ce548a284743a445e3680d7db5ac3ac"
"18ff9b538d16f290ae67f760984dc659"
"4a7c15e9716ed28dc027beceea1ec40a"),
/*message = */ "\xaf\x82",
},
{
/*TEST 1024*/
/*public_key= */ test::HexDecodeOrDie(
"278117fc144c72340f67d0f2316e8386"
"ceffbf2b2428c9c51fef7c597f1d426e"),
/*private_key=*/
test::HexDecodeOrDie("f5e5767cf153319517630f226876b86c"
"8160cc583bc013744c6bf255f5cc0ee5"),
/*signature = */
test::HexDecodeOrDie("0aab4c900501b3e24d7cdf4663326a3a"
"87df5e4843b2cbdb67cbf6e460fec350"
"aa5371b1508f9f4528ecea23c436d94b"
"5e8fcd4f681e30a6ac00a9704a188a03"),
/*message = */
test::HexDecodeOrDie("08b8b2b733424243760fe426a4b54908"
"632110a66c2f6591eabd3345e3e4eb98"
"fa6e264bf09efe12ee50f8f54e9f77b1"
"e355f6c50544e23fb1433ddf73be84d8"
"79de7c0046dc4996d9e773f4bc9efe57"
"38829adb26c81b37c93a1b270b20329d"
"658675fc6ea534e0810a4432826bf58c"
"941efb65d57a338bbd2e26640f89ffbc"
"1a858efcb8550ee3a5e1998bd177e93a"
"7363c344fe6b199ee5d02e82d522c4fe"
"ba15452f80288a821a579116ec6dad2b"
"3b310da903401aa62100ab5d1a36553e"
"06203b33890cc9b832f79ef80560ccb9"
"a39ce767967ed628c6ad573cb116dbef"
"efd75499da96bd68a8a97b928a8bbc10"
"3b6621fcde2beca1231d206be6cd9ec7"
"aff6f6c94fcd7204ed3455c68c83f4a4"
"1da4af2b74ef5c53f1d8ac70bdcb7ed1"
"85ce81bd84359d44254d95629e9855a9"
"4a7c1958d1f8ada5d0532ed8a5aa3fb2"
"d17ba70eb6248e594e1a2297acbbb39d"
"502f1a8c6eb6f1ce22b3de1a1f40cc24"
"554119a831a9aad6079cad88425de6bd"
"e1a9187ebb6092cf67bf2b13fd65f270"
"88d78b7e883c8759d2c4f5c65adb7553"
"878ad575f9fad878e80a0c9ba63bcbcc"
"2732e69485bbc9c90bfbd62481d9089b"
"eccf80cfe2df16a2cf65bd92dd597b07"
"07e0917af48bbb75fed413d238f5555a"
"7a569d80c3414a8d0859dc65a46128ba"
"b27af87a71314f318c782b23ebfe808b"
"82b0ce26401d2e22f04d83d1255dc51a"
"ddd3b75a2b1ae0784504df543af8969b"
"e3ea7082ff7fc9888c144da2af58429e"
"c96031dbcad3dad9af0dcbaaaf268cb8"
"fcffead94f3c7ca495e056a9b47acdb7"
"51fb73e666c6c655ade8297297d07ad1"
"ba5e43f1bca32301651339e22904cc8c"
"42f58c30c04aafdb038dda0847dd988d"
"cda6f3bfd15c4b4c4525004aa06eeff8"
"ca61783aacec57fb3d1f92b0fe2fd1a8"
"5f6724517b65e614ad6808d6f6ee34df"
"f7310fdc82aebfd904b01e1dc54b2927"
"094b2db68d6f903b68401adebf5a7e08"
"d78ff4ef5d63653a65040cf9bfd4aca7"
"984a74d37145986780fc0b16ac451649"
"de6188a7dbdf191f64b5fc5e2ab47b57"
"f7f7276cd419c17a3ca8e1b939ae49e4"
"88acba6b965610b5480109c8b17b80e1"
"b7b750dfc7598d5d5011fd2dcc5600a3"
"2ef5b52a1ecc820e308aa342721aac09"
"43bf6686b64b2579376504ccc493d97e"
"6aed3fb0f9cd71a43dd497f01f17c0e2"
"cb3797aa2a2f256656168e6c496afc5f"
"b93246f6b1116398a346f1a641f3b041"
"e989f7914f90cc2c7fff357876e506b5"
"0d334ba77c225bc307ba537152f3f161"
"0e4eafe595f6d9d90d11faa933a15ef1"
"369546868a7f3a45a96768d40fd9d034"
"12c091c6315cf4fde7cb68606937380d"
"b2eaaa707b4c4185c32eddcdd306705e"
"4dc1ffc872eeee475a64dfac86aba41c"
"0618983f8741c5ef68d3a101e8a3b8ca"
"c60c905c15fc910840b94c00a0b9d0"),
},
};
for (const testVector v : Ed25519Vectors) {
// Add the public as a suffix to the private key. This is needed by the
// boringssl API.
std::string private_key = absl::StrCat(v.private_key, v.public_key);
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(v.public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
std::string signature = signer->Sign(v.message).ValueOrDie();
EXPECT_TRUE(signature == v.expected_signature);
auto status = verifier->Verify(signature, v.message);
EXPECT_TRUE(status.ok()) << status;
}
}
} // namespace
} // namespace subtle
} // namespace tink
} // namespace crypto
cc/subtle/ed25519_verify_boringssl.cc 0 → 100644
+ 76
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#include "tink/subtle/ed25519_verify_boringssl.h"
#include <cstring>
#include "absl/strings/str_format.h"
#include "absl/strings/string_view.h"
#include "openssl/curve25519.h"
#include "tink/public_key_verify.h"
#include "tink/subtle/subtle_util_boringssl.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace subtle {
// static
util::StatusOr<std::unique_ptr<PublicKeyVerify>> Ed25519VerifyBoringSsl::New(
absl::string_view public_key) {
if (public_key.length() != ED25519_PUBLIC_KEY_LEN) {
return util::Status(
util::error::INVALID_ARGUMENT,
absl::StrFormat("Invalid ED25519 public key size (%d). "
"The only valid size is %d.",
public_key.length(), ED25519_PUBLIC_KEY_LEN));
}
std::unique_ptr<PublicKeyVerify> verify(
new Ed25519VerifyBoringSsl(public_key));
return std::move(verify);
}
Ed25519VerifyBoringSsl::Ed25519VerifyBoringSsl(absl::string_view public_key)
: public_key_(public_key) {}
util::Status Ed25519VerifyBoringSsl::Verify(absl::string_view signature,
absl::string_view data) const {
signature = SubtleUtilBoringSSL::EnsureNonNull(signature);
data = SubtleUtilBoringSSL::EnsureNonNull(data);
if (signature.size() != ED25519_SIGNATURE_LEN) {
return util::Status(
util::error::INVALID_ARGUMENT,
absl::StrFormat("Invalid ED25519 signature size (%d). "
"The signature must be %d bytes long.",
signature.size(), ED25519_SIGNATURE_LEN));
}
if (1 != ED25519_verify(
reinterpret_cast<const uint8_t *>(data.data()), data.size(),
reinterpret_cast<const uint8_t *>(signature.data()),
reinterpret_cast<const uint8_t *>(public_key_.data()))) {
return util::Status(util::error::INVALID_ARGUMENT,
"Signature is not valid.");
}
return util::Status::OK;
}
} // namespace subtle
} // namespace tink
} // namespace crypto
cc/subtle/ed25519_verify_boringssl.h 0 → 100644
+ 52
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_SUBTLE_ED25519_VERIFY_BORINGSSL_H_
#define TINK_SUBTLE_ED25519_VERIFY_BORINGSSL_H_
#include <memory>
#include "absl/strings/string_view.h"
#include "openssl/curve25519.h"
#include "tink/public_key_verify.h"
#include "tink/util/statusor.h"
namespace crypto {
namespace tink {
namespace subtle {
class Ed25519VerifyBoringSsl : public PublicKeyVerify {
public:
static crypto::tink::util::StatusOr<std::unique_ptr<PublicKeyVerify>> New(
absl::string_view public_key);
// Verifies that 'signature' is a digital signature for 'data'.
crypto::tink::util::Status Verify(absl::string_view signature,
absl::string_view data) const override;
~Ed25519VerifyBoringSsl() override = default;
private:
const std::string public_key_;
explicit Ed25519VerifyBoringSsl(absl::string_view public_key);
};
} // namespace subtle
} // namespace tink
} // namespace crypto
#endif // TINK_SUBTLE_ED25519_VERIFY_BORINGSSL_H_
cc/subtle/ed25519_verify_boringssl_test.cc 0 → 100644
+ 223
0
View file @ 8a3030c6
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/subtle/ed25519_verify_boringssl.h"
#include <string>
#include "gtest/gtest.h"
#include "absl/strings/str_cat.h"
#include "openssl/curve25519.h"
#include "tink/public_key_sign.h"
#include "tink/public_key_verify.h"
#include "tink/subtle/ed25519_sign_boringssl.h"
#include "tink/subtle/subtle_util_boringssl.h"
#include "tink/subtle/wycheproof_util.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_util.h"
namespace crypto {
namespace tink {
namespace subtle {
namespace {
class Ed25519VerifyBoringSslTest : public ::testing::Test {};
TEST_F(Ed25519VerifyBoringSslTest, testBasicSign) {
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char*>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
std::string private_key(reinterpret_cast<const char*>(out_private_key),
ED25519_PRIVATE_KEY_LEN);
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Sign a message.
std::string message = "some data to be signed";
std::string signature = signer->Sign(message).ValueOrDie();
EXPECT_NE(signature, message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
status = verifier->Verify("some bad signature", message);
EXPECT_FALSE(status.ok());
status = verifier->Verify(signature, "some bad message");
EXPECT_FALSE(status.ok());
}
TEST_F(Ed25519VerifyBoringSslTest, testInvalidPublicKeys) {
// Null public key.
const absl::string_view null_public_key;
EXPECT_FALSE(Ed25519VerifyBoringSsl::New(null_public_key).ok());
for (int keysize = 0; keysize < 128; keysize++) {
if (keysize == ED25519_PUBLIC_KEY_LEN) {
// Valid key size.
continue;
}
std::string key(keysize, 'x');
EXPECT_FALSE(Ed25519VerifyBoringSsl::New(key).ok());
}
}
TEST_F(Ed25519VerifyBoringSslTest, testMessageEmptyVersusNullStringView) {
// Generate a new key pair.
uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN];
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN];
ED25519_keypair(out_public_key, out_private_key);
std::string public_key(reinterpret_cast<const char*>(out_public_key),
ED25519_PUBLIC_KEY_LEN);
std::string private_key(reinterpret_cast<const char*>(out_private_key),
ED25519_PRIVATE_KEY_LEN);
// Create a new signer.
auto signer_result = Ed25519SignBoringSsl::New(private_key);
ASSERT_TRUE(signer_result.ok()) << signer_result.status();
auto signer = std::move(signer_result.ValueOrDie());
// Create a new verifier.
auto verifier_result = Ed25519VerifyBoringSsl::New(public_key);
ASSERT_TRUE(verifier_result.ok()) << verifier_result.status();
auto verifier = std::move(verifier_result.ValueOrDie());
// Message is a null string_view.
const absl::string_view empty_message;
auto signature = signer->Sign(empty_message).ValueOrDie();
EXPECT_NE(signature, empty_message);
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
auto status = verifier->Verify(signature, empty_message);
EXPECT_TRUE(status.ok()) << status;
// Message is an empty std::string.
const std::string message = "";
signature = signer->Sign(message).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
EXPECT_NE(signature, message);
status = verifier->Verify(signature, message);
EXPECT_TRUE(status.ok()) << status;
// Message is a null ptr.
signature = signer->Sign(nullptr).ValueOrDie();
EXPECT_EQ(signature.size(), ED25519_SIGNATURE_LEN);
status = verifier->Verify(signature, nullptr);
EXPECT_TRUE(status.ok()) << status;
}
static util::StatusOr<std::unique_ptr<PublicKeyVerify>> GetVerifier(
const rapidjson::Value& test_group) {
std::string public_key = WycheproofUtil::GetBytes(test_group["key"]["pk"]);
auto result = Ed25519VerifyBoringSsl::New(public_key);
if (!result.ok()) {
std::cout << "Failed: " << result.status() << "\n";
}
return result;
}
// Tests signature verification using the test vectors in the specified file.
// allow_skipping determines whether it is OK to skip a test because
// a verfier cannot be constructed. This option can be used for
// if a file contains test vectors that are not necessarily supported
// by tink.
bool TestSignatures(const std::string& filename, bool allow_skipping) {
std::unique_ptr<rapidjson::Document> root =
WycheproofUtil::ReadTestVectors(filename);
std::cout << (*root)["algorithm"].GetString();
std::cout << "generator version " << (*root)["generatorVersion"].GetString();
int passed_tests = 0;
int failed_tests = 0;
for (const rapidjson::Value& test_group : (*root)["testGroups"].GetArray()) {
auto verifier_result = GetVerifier(test_group);
if (!verifier_result.ok()) {
std::string curve = test_group["key"]["curve"].GetString();
if (allow_skipping) {
std::cout << "Could not construct verifier for curve " << curve
<< verifier_result.status();
} else {
ADD_FAILURE() << "Could not construct verifier for curve " << curve
<< verifier_result.status();
failed_tests += test_group["tests"].GetArray().Size();
}
continue;
}
auto verifier = std::move(verifier_result.ValueOrDie());
for (const rapidjson::Value& test : test_group["tests"].GetArray()) {
std::string expected = test["result"].GetString();
std::string msg = WycheproofUtil::GetBytes(test["msg"]);
std::string sig = WycheproofUtil::GetBytes(test["sig"]);
std::string id =
absl::StrCat(test["tcId"].GetInt(), " ", test["comment"].GetString());
auto status = verifier->Verify(sig, msg);
if (expected == "valid") {
if (status.ok()) {
++passed_tests;
} else {
++failed_tests;
ADD_FAILURE() << "Valid signature not verified:" << id
<< " status:" << status;
}
} else if (expected == "invalid") {
if (!status.ok()) {
++passed_tests;
} else {
++failed_tests;
ADD_FAILURE() << "Invalid signature verified:" << id;
}
} else if (expected == "acceptable") {
// The validity of the signature is undefined. Hence the test passes
// but we log the result since we might still want to know if the
// library is strict or forgiving.
++passed_tests;
std::cout << "Acceptable signature:" << id << ":" << status;
} else {
++failed_tests;
ADD_FAILURE() << "Invalid field result:" << expected;
}
}
}
int num_tests = (*root)["numberOfTests"].GetInt();
std::cout << "total number of tests: " << num_tests;
std::cout << "number of tests passed:" << passed_tests;
std::cout << "number of tests failed:" << failed_tests;
return failed_tests == 0;
}
TEST_F(Ed25519VerifyBoringSslTest, WycheproofCurve25519) {
ASSERT_TRUE(TestSignatures("eddsa_test.json", false));
}
} // namespace
} // namespace subtle
} // namespace tink
} // namespace crypto
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment