c52b90885819523f67f8d57be54cc91ef2252891
[strongswan.git] / src / libstrongswan / tests / suites / test_ed25519.c
1 /*
2 * Copyright (C) 2016 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <time.h>
19
20 typedef struct sig_test_t sig_test_t;
21
22 struct sig_test_t {
23 chunk_t key;
24 chunk_t pubkey;
25 chunk_t msg;
26 chunk_t sig;
27 chunk_t fp_pk;
28 chunk_t fp_spki;
29 };
30
31 /**
32 * Ed25519 Test Vectors from RFC 8032
33 */
34 static sig_test_t sig_tests[] = {
35 /* Test 1 */
36 { chunk_from_chars(
37 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
38 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x9d, 0x61, 0xb1, 0x9d,
39 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84, 0x4a, 0xf4, 0x92, 0xec,
40 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b, 0x32, 0x69, 0x19,
41 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60),
42 chunk_from_chars(
43 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
44 0x21, 0x00, 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7,
45 0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1,
46 0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68,
47 0xf7, 0x07, 0x51, 0x1a),
48 { NULL, 0 },
49 chunk_from_chars(
50 0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, 0x90, 0x86,
51 0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, 0x84, 0x87, 0x7f, 0x1e,
52 0xb8, 0xe5, 0xd9, 0x74, 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49,
53 0x01, 0x55, 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac,
54 0xc6, 0x1e, 0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, 0xd2, 0x5b,
55 0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, 0x65, 0x51, 0x41, 0x43,
56 0x8e, 0x7a, 0x10, 0x0b),
57 chunk_from_chars(
58 0x5b, 0x27, 0xaa, 0x55, 0x89, 0x17, 0x97, 0x70, 0xe4, 0x75,
59 0x75, 0xb1, 0x62, 0xa1, 0xde, 0xd9, 0x7b, 0x8b, 0xfc, 0x6d),
60 chunk_from_chars(
61 0xa5, 0x66, 0xbe, 0x19, 0x84, 0x01, 0x73, 0x41, 0x3a, 0x61,
62 0x04, 0x83, 0x50, 0xef, 0xf2, 0x3e, 0x8f, 0xe2, 0x22, 0x66),
63 },
64 /* Test 2 */
65 { chunk_from_chars(
66 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
67 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x4c, 0xcd, 0x08, 0x9b,
68 0x28, 0xff, 0x96, 0xda, 0x9d, 0xb6, 0xc3, 0x46, 0xec, 0x11,
69 0x4e, 0x0f, 0x5b, 0x8a, 0x31, 0x9f, 0x35, 0xab, 0xa6, 0x24,
70 0xda, 0x8c, 0xf6, 0xed, 0x4f, 0xb8, 0xa6, 0xfb),
71 chunk_from_chars(
72 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
73 0x21, 0x00, 0x3d, 0x40, 0x17, 0xc3, 0xe8, 0x43, 0x89, 0x5a,
74 0x92, 0xb7, 0x0a, 0xa7, 0x4d, 0x1b, 0x7e, 0xbc, 0x9c, 0x98,
75 0x2c, 0xcf, 0x2e, 0xc4, 0x96, 0x8c, 0xc0, 0xcd, 0x55, 0xf1,
76 0x2a, 0xf4, 0x66, 0x0c),
77 chunk_from_chars(
78 0x72),
79 chunk_from_chars(
80 0x92, 0xa0, 0x09, 0xa9, 0xf0, 0xd4, 0xca, 0xb8, 0x72, 0x0e,
81 0x82, 0x0b, 0x5f, 0x64, 0x25, 0x40, 0xa2, 0xb2, 0x7b, 0x54,
82 0x16, 0x50, 0x3f, 0x8f, 0xb3, 0x76, 0x22, 0x23, 0xeb, 0xdb,
83 0x69, 0xda, 0x08, 0x5a, 0xc1, 0xe4, 0x3e, 0x15, 0x99, 0x6e,
84 0x45, 0x8f, 0x36, 0x13, 0xd0, 0xf1, 0x1d, 0x8c, 0x38, 0x7b,
85 0x2e, 0xae, 0xb4, 0x30, 0x2a, 0xee, 0xb0, 0x0d, 0x29, 0x16,
86 0x12, 0xbb, 0x0c, 0x00),
87 chunk_from_chars(
88 0x13, 0xf7, 0x72, 0x66, 0x9e, 0x15, 0x2a, 0xe6, 0xa6, 0x2a,
89 0x60, 0xa3, 0x48, 0x8a, 0x6f, 0x29, 0x7d, 0x06, 0x13, 0xdd),
90 chunk_from_chars(
91 0xbd, 0xae, 0x41, 0xeb, 0x5d, 0xbf, 0x88, 0xb9, 0xdf, 0x18,
92 0xda, 0xbb, 0x2d, 0xee, 0xa9, 0x1a, 0x4e, 0x03, 0x38, 0xe4),
93 },
94 /* Test 3 */
95 { chunk_from_chars(
96 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
97 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xc5, 0xaa, 0x8d, 0xf4,
98 0x3f, 0x9f, 0x83, 0x7b, 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc,
99 0xb7, 0xb1, 0x66, 0xd3, 0x85, 0x35,0x07, 0x6f, 0x09, 0x4b,
100 0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7),
101 chunk_from_chars(
102 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
103 0x21, 0x00, 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3,
104 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 0x08, 0x16,
105 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 0x5d, 0xeb, 0x91, 0x15,
106 0x48, 0x90, 0x80, 0x25),
107 chunk_from_chars(
108 0xaf, 0x82),
109 chunk_from_chars(
110 0x62, 0x91, 0xd6, 0x57, 0xde, 0xec, 0x24, 0x02, 0x48, 0x27,
111 0xe6, 0x9c, 0x3a, 0xbe, 0x01, 0xa3, 0x0c, 0xe5, 0x48, 0xa2,
112 0x84, 0x74, 0x3a, 0x44, 0x5e, 0x36, 0x80, 0xd7, 0xdb, 0x5a,
113 0xc3, 0xac, 0x18, 0xff, 0x9b, 0x53, 0x8d, 0x16, 0xf2, 0x90,
114 0xae, 0x67, 0xf7, 0x60, 0x98, 0x4d, 0xc6, 0x59, 0x4a, 0x7c,
115 0x15, 0xe9, 0x71, 0x6e, 0xd2, 0x8d, 0xc0, 0x27, 0xbe, 0xce,
116 0xea, 0x1e, 0xc4, 0x0a),
117 chunk_from_chars(
118 0x88, 0xc7, 0x64, 0xc8, 0xbe, 0x44, 0x37, 0x4a, 0x7d, 0x2f,
119 0x5d, 0x84, 0x72, 0x1f, 0x8e, 0x32, 0x5e, 0x5b, 0xd6, 0x4c),
120 chunk_from_chars(
121 0xad, 0x01, 0x30, 0xb1, 0x2b, 0x48, 0x62, 0x9b, 0xb9, 0xad,
122 0xea, 0x92, 0x1f, 0xfe, 0xd2, 0x9a, 0x42, 0xf0, 0xad, 0xe6),
123 },
124 /* Test 1024 */
125 { chunk_from_chars(
126 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
127 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xf5, 0xe5, 0x76, 0x7c,
128 0xf1, 0x53, 0x31, 0x95, 0x17, 0x63, 0x0f, 0x22, 0x68, 0x76,
129 0xb8, 0x6c, 0x81, 0x60, 0xcc, 0x58, 0x3b, 0xc0, 0x13, 0x74,
130 0x4c, 0x6b, 0xf2, 0x55, 0xf5, 0xcc, 0x0e, 0xe5),
131 chunk_from_chars(
132 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
133 0x21, 0x00, 0x27, 0x81, 0x17, 0xfc, 0x14, 0x4c, 0x72, 0x34,
134 0x0f, 0x67, 0xd0, 0xf2, 0x31, 0x6e, 0x83, 0x86, 0xce, 0xff,
135 0xbf, 0x2b, 0x24, 0x28, 0xc9, 0xc5, 0x1f, 0xef, 0x7c, 0x59,
136 0x7f, 0x1d, 0x42, 0x6e),
137 chunk_from_chars(
138 0x08, 0xb8, 0xb2, 0xb7, 0x33, 0x42, 0x42, 0x43, 0x76, 0x0f,
139 0xe4, 0x26, 0xa4, 0xb5, 0x49, 0x08, 0x63, 0x21, 0x10, 0xa6,
140 0x6c, 0x2f, 0x65, 0x91, 0xea, 0xbd, 0x33, 0x45, 0xe3, 0xe4,
141 0xeb, 0x98, 0xfa, 0x6e, 0x26, 0x4b, 0xf0, 0x9e, 0xfe, 0x12,
142 0xee, 0x50, 0xf8, 0xf5, 0x4e, 0x9f, 0x77, 0xb1, 0xe3, 0x55,
143 0xf6, 0xc5, 0x05, 0x44, 0xe2, 0x3f, 0xb1, 0x43, 0x3d, 0xdf,
144 0x73, 0xbe, 0x84, 0xd8, 0x79, 0xde, 0x7c, 0x00, 0x46, 0xdc,
145 0x49, 0x96, 0xd9, 0xe7, 0x73, 0xf4, 0xbc, 0x9e, 0xfe, 0x57,
146 0x38, 0x82, 0x9a, 0xdb, 0x26, 0xc8, 0x1b, 0x37, 0xc9, 0x3a,
147 0x1b, 0x27, 0x0b, 0x20, 0x32, 0x9d, 0x65, 0x86, 0x75, 0xfc,
148
149 0x6e, 0xa5, 0x34, 0xe0, 0x81, 0x0a, 0x44, 0x32, 0x82, 0x6b,
150 0xf5, 0x8c, 0x94, 0x1e, 0xfb, 0x65, 0xd5, 0x7a, 0x33, 0x8b,
151 0xbd, 0x2e, 0x26, 0x64, 0x0f, 0x89, 0xff, 0xbc, 0x1a, 0x85,
152 0x8e, 0xfc, 0xb8, 0x55, 0x0e, 0xe3, 0xa5, 0xe1, 0x99, 0x8b,
153 0xd1, 0x77, 0xe9, 0x3a, 0x73, 0x63, 0xc3, 0x44, 0xfe, 0x6b,
154 0x19, 0x9e, 0xe5, 0xd0, 0x2e, 0x82, 0xd5, 0x22, 0xc4, 0xfe,
155 0xba, 0x15, 0x45, 0x2f, 0x80, 0x28, 0x8a, 0x82, 0x1a, 0x57,
156 0x91, 0x16, 0xec, 0x6d, 0xad, 0x2b, 0x3b, 0x31, 0x0d, 0xa9,
157 0x03, 0x40, 0x1a, 0xa6, 0x21, 0x00, 0xab, 0x5d, 0x1a, 0x36,
158 0x55, 0x3e, 0x06, 0x20, 0x3b, 0x33, 0x89, 0x0c, 0xc9, 0xb8,
159
160 0x32, 0xf7, 0x9e, 0xf8, 0x05, 0x60, 0xcc, 0xb9, 0xa3, 0x9c,
161 0xe7, 0x67, 0x96, 0x7e, 0xd6, 0x28, 0xc6, 0xad, 0x57, 0x3c,
162 0xb1, 0x16, 0xdb, 0xef, 0xef, 0xd7, 0x54, 0x99, 0xda, 0x96,
163 0xbd, 0x68, 0xa8, 0xa9, 0x7b, 0x92, 0x8a, 0x8b, 0xbc, 0x10,
164 0x3b, 0x66, 0x21, 0xfc, 0xde, 0x2b, 0xec, 0xa1, 0x23, 0x1d,
165 0x20, 0x6b, 0xe6, 0xcd, 0x9e, 0xc7, 0xaf, 0xf6, 0xf6, 0xc9,
166 0x4f, 0xcd, 0x72, 0x04, 0xed, 0x34, 0x55, 0xc6, 0x8c, 0x83,
167 0xf4, 0xa4, 0x1d, 0xa4, 0xaf, 0x2b, 0x74, 0xef, 0x5c, 0x53,
168 0xf1, 0xd8, 0xac, 0x70, 0xbd, 0xcb, 0x7e, 0xd1, 0x85, 0xce,
169 0x81, 0xbd, 0x84, 0x35, 0x9d, 0x44, 0x25, 0x4d, 0x95, 0x62,
170
171 0x9e, 0x98, 0x55, 0xa9, 0x4a, 0x7c, 0x19, 0x58, 0xd1, 0xf8,
172 0xad, 0xa5, 0xd0, 0x53, 0x2e, 0xd8, 0xa5, 0xaa, 0x3f, 0xb2,
173 0xd1, 0x7b, 0xa7, 0x0e, 0xb6, 0x24, 0x8e, 0x59, 0x4e, 0x1a,
174 0x22, 0x97, 0xac, 0xbb, 0xb3, 0x9d, 0x50, 0x2f, 0x1a, 0x8c,
175 0x6e, 0xb6, 0xf1, 0xce, 0x22, 0xb3, 0xde, 0x1a, 0x1f, 0x40,
176 0xcc, 0x24, 0x55, 0x41, 0x19, 0xa8, 0x31, 0xa9, 0xaa, 0xd6,
177 0x07, 0x9c, 0xad, 0x88, 0x42, 0x5d, 0xe6, 0xbd, 0xe1, 0xa9,
178 0x18, 0x7e, 0xbb, 0x60, 0x92, 0xcf, 0x67, 0xbf, 0x2b, 0x13,
179 0xfd, 0x65, 0xf2, 0x70, 0x88, 0xd7, 0x8b, 0x7e, 0x88, 0x3c,
180 0x87, 0x59, 0xd2, 0xc4, 0xf5, 0xc6, 0x5a, 0xdb, 0x75, 0x53,
181
182 0x87, 0x8a, 0xd5, 0x75, 0xf9, 0xfa, 0xd8, 0x78, 0xe8, 0x0a,
183 0x0c, 0x9b, 0xa6, 0x3b, 0xcb, 0xcc, 0x27, 0x32, 0xe6, 0x94,
184 0x85, 0xbb, 0xc9, 0xc9, 0x0b, 0xfb, 0xd6, 0x24, 0x81, 0xd9,
185 0x08, 0x9b, 0xec, 0xcf, 0x80, 0xcf, 0xe2, 0xdf, 0x16, 0xa2,
186 0xcf, 0x65, 0xbd, 0x92, 0xdd, 0x59, 0x7b, 0x07, 0x07, 0xe0,
187 0x91, 0x7a, 0xf4, 0x8b, 0xbb, 0x75, 0xfe, 0xd4, 0x13, 0xd2,
188 0x38, 0xf5, 0x55, 0x5a, 0x7a, 0x56, 0x9d, 0x80, 0xc3, 0x41,
189 0x4a, 0x8d, 0x08, 0x59, 0xdc, 0x65, 0xa4, 0x61, 0x28, 0xba,
190 0xb2, 0x7a, 0xf8, 0x7a, 0x71, 0x31, 0x4f, 0x31, 0x8c, 0x78,
191 0x2b, 0x23, 0xeb, 0xfe, 0x80, 0x8b, 0x82, 0xb0, 0xce, 0x26,
192
193 0x40, 0x1d, 0x2e, 0x22, 0xf0, 0x4d, 0x83, 0xd1, 0x25, 0x5d,
194 0xc5, 0x1a, 0xdd, 0xd3, 0xb7, 0x5a, 0x2b, 0x1a, 0xe0, 0x78,
195 0x45, 0x04, 0xdf, 0x54, 0x3a, 0xf8, 0x96, 0x9b, 0xe3, 0xea,
196 0x70, 0x82, 0xff, 0x7f, 0xc9, 0x88, 0x8c, 0x14, 0x4d, 0xa2,
197 0xaf, 0x58, 0x42, 0x9e, 0xc9, 0x60, 0x31, 0xdb, 0xca, 0xd3,
198 0xda, 0xd9, 0xaf, 0x0d, 0xcb, 0xaa, 0xaf, 0x26, 0x8c, 0xb8,
199 0xfc, 0xff, 0xea, 0xd9, 0x4f, 0x3c, 0x7c, 0xa4, 0x95, 0xe0,
200 0x56, 0xa9, 0xb4, 0x7a, 0xcd, 0xb7, 0x51, 0xfb, 0x73, 0xe6,
201 0x66, 0xc6, 0xc6, 0x55, 0xad, 0xe8, 0x29, 0x72, 0x97, 0xd0,
202 0x7a, 0xd1, 0xba, 0x5e, 0x43, 0xf1, 0xbc, 0xa3, 0x23, 0x01,
203
204 0x65, 0x13, 0x39, 0xe2, 0x29, 0x04, 0xcc, 0x8c, 0x42, 0xf5,
205 0x8c, 0x30, 0xc0, 0x4a, 0xaf, 0xdb, 0x03, 0x8d, 0xda, 0x08,
206 0x47, 0xdd, 0x98, 0x8d, 0xcd, 0xa6, 0xf3, 0xbf, 0xd1, 0x5c,
207 0x4b, 0x4c, 0x45, 0x25, 0x00, 0x4a, 0xa0, 0x6e, 0xef, 0xf8,
208 0xca, 0x61, 0x78, 0x3a, 0xac, 0xec, 0x57, 0xfb, 0x3d, 0x1f,
209 0x92, 0xb0, 0xfe, 0x2f, 0xd1, 0xa8, 0x5f, 0x67, 0x24, 0x51,
210 0x7b, 0x65, 0xe6, 0x14, 0xad, 0x68, 0x08, 0xd6, 0xf6, 0xee,
211 0x34, 0xdf, 0xf7, 0x31, 0x0f, 0xdc, 0x82, 0xae, 0xbf, 0xd9,
212 0x04, 0xb0, 0x1e, 0x1d, 0xc5, 0x4b, 0x29, 0x27, 0x09, 0x4b,
213 0x2d, 0xb6, 0x8d, 0x6f, 0x90, 0x3b, 0x68, 0x40, 0x1a, 0xde,
214
215 0xbf, 0x5a, 0x7e, 0x08, 0xd7, 0x8f, 0xf4, 0xef, 0x5d, 0x63,
216 0x65, 0x3a, 0x65, 0x04, 0x0c, 0xf9, 0xbf, 0xd4, 0xac, 0xa7,
217 0x98, 0x4a, 0x74, 0xd3, 0x71, 0x45, 0x98, 0x67, 0x80, 0xfc,
218 0x0b, 0x16, 0xac, 0x45, 0x16, 0x49, 0xde, 0x61, 0x88, 0xa7,
219 0xdb, 0xdf, 0x19, 0x1f, 0x64, 0xb5, 0xfc, 0x5e, 0x2a, 0xb4,
220 0x7b, 0x57, 0xf7, 0xf7, 0x27, 0x6c, 0xd4, 0x19, 0xc1, 0x7a,
221 0x3c, 0xa8, 0xe1, 0xb9, 0x39, 0xae, 0x49, 0xe4, 0x88, 0xac,
222 0xba, 0x6b, 0x96, 0x56, 0x10, 0xb5, 0x48, 0x01, 0x09, 0xc8,
223 0xb1, 0x7b, 0x80, 0xe1, 0xb7, 0xb7, 0x50, 0xdf, 0xc7, 0x59,
224 0x8d, 0x5d, 0x50, 0x11, 0xfd, 0x2d, 0xcc, 0x56, 0x00, 0xa3,
225
226 0x2e, 0xf5, 0xb5, 0x2a, 0x1e, 0xcc, 0x82, 0x0e, 0x30, 0x8a,
227 0xa3, 0x42, 0x72, 0x1a, 0xac, 0x09, 0x43, 0xbf, 0x66, 0x86,
228 0xb6, 0x4b, 0x25, 0x79, 0x37, 0x65, 0x04, 0xcc, 0xc4, 0x93,
229 0xd9, 0x7e, 0x6a, 0xed, 0x3f, 0xb0, 0xf9, 0xcd, 0x71, 0xa4,
230 0x3d, 0xd4, 0x97, 0xf0, 0x1f, 0x17, 0xc0, 0xe2, 0xcb, 0x37,
231 0x97, 0xaa, 0x2a, 0x2f, 0x25, 0x66, 0x56, 0x16, 0x8e, 0x6c,
232 0x49, 0x6a, 0xfc, 0x5f, 0xb9, 0x32, 0x46, 0xf6, 0xb1, 0x11,
233 0x63, 0x98, 0xa3, 0x46, 0xf1, 0xa6, 0x41, 0xf3, 0xb0, 0x41,
234 0xe9, 0x89, 0xf7, 0x91, 0x4f, 0x90, 0xcc, 0x2c, 0x7f, 0xff,
235 0x35, 0x78, 0x76, 0xe5, 0x06, 0xb5, 0x0d, 0x33, 0x4b, 0xa7,
236
237 0x7c, 0x22, 0x5b, 0xc3, 0x07, 0xba, 0x53, 0x71, 0x52, 0xf3,
238 0xf1, 0x61, 0x0e, 0x4e, 0xaf, 0xe5, 0x95, 0xf6, 0xd9, 0xd9,
239 0x0d, 0x11, 0xfa, 0xa9, 0x33, 0xa1, 0x5e, 0xf1, 0x36, 0x95,
240 0x46, 0x86, 0x8a, 0x7f, 0x3a, 0x45, 0xa9, 0x67, 0x68, 0xd4,
241 0x0f, 0xd9, 0xd0, 0x34, 0x12, 0xc0, 0x91, 0xc6, 0x31, 0x5c,
242 0xf4, 0xfd, 0xe7, 0xcb, 0x68, 0x60, 0x69, 0x37, 0x38, 0x0d,
243 0xb2, 0xea, 0xaa, 0x70, 0x7b, 0x4c, 0x41, 0x85, 0xc3, 0x2e,
244 0xdd, 0xcd, 0xd3, 0x06, 0x70, 0x5e, 0x4d, 0xc1, 0xff, 0xc8,
245 0x72, 0xee, 0xee, 0x47, 0x5a, 0x64, 0xdf, 0xac, 0x86, 0xab,
246 0xa4, 0x1c, 0x06, 0x18, 0x98, 0x3f, 0x87, 0x41, 0xc5, 0xef,
247
248 0x68, 0xd3, 0xa1, 0x01, 0xe8, 0xa3, 0xb8, 0xca, 0xc6, 0x0c,
249 0x90, 0x5c, 0x15, 0xfc, 0x91, 0x08, 0x40, 0xb9, 0x4c, 0x00,
250 0xa0, 0xb9, 0xd0),
251 chunk_from_chars(
252 0x0a, 0xab, 0x4c, 0x90, 0x05, 0x01, 0xb3, 0xe2, 0x4d, 0x7c,
253 0xdf, 0x46, 0x63, 0x32, 0x6a, 0x3a, 0x87, 0xdf, 0x5e, 0x48,
254 0x43, 0xb2, 0xcb, 0xdb, 0x67, 0xcb, 0xf6, 0xe4, 0x60, 0xfe,
255 0xc3, 0x50, 0xaa, 0x53, 0x71, 0xb1, 0x50, 0x8f, 0x9f, 0x45,
256 0x28, 0xec, 0xea, 0x23, 0xc4, 0x36, 0xd9, 0x4b, 0x5e, 0x8f,
257 0xcd, 0x4f, 0x68, 0x1e, 0x30, 0xa6, 0xac, 0x00, 0xa9, 0x70,
258 0x4a, 0x18, 0x8a, 0x03),
259 chunk_from_chars(
260 0x11, 0x2d, 0xb3, 0x08, 0x97, 0x6e, 0x38, 0x8f, 0x5f, 0x5e,
261 0xb0, 0xae, 0x8f, 0x5f, 0x59, 0x1d, 0xff, 0x74, 0xf4, 0x44),
262 chunk_from_chars(
263 0xcb, 0x36, 0xcc, 0x6a, 0x82, 0x2c, 0x49, 0x40, 0xfb, 0x08,
264 0x04, 0xf6, 0x3a, 0x4f, 0x20, 0x2b, 0xe5, 0x73, 0x43, 0x2f),
265 },
266 /* Test SHA(abc) */
267 { chunk_from_chars(
268 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
269 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x83, 0x3f, 0xe6, 0x24,
270 0x09, 0x23, 0x7b, 0x9d, 0x62, 0xec, 0x77, 0x58, 0x75, 0x20,
271 0x91, 0x1e, 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
272 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42),
273 chunk_from_chars(
274 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
275 0x21, 0x00, 0xec, 0x17, 0x2b, 0x93, 0xad, 0x5e, 0x56, 0x3b,
276 0xf4, 0x93, 0x2c, 0x70, 0xe1, 0x24, 0x50, 0x34, 0xc3, 0x54,
277 0x67, 0xef, 0x2e, 0xfd, 0x4d, 0x64, 0xeb, 0xf8, 0x19, 0x68,
278 0x34, 0x67, 0xe2, 0xbf),
279 chunk_from_chars(
280 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41,
281 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e,
282 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55,
283 0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
284 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, 0x45, 0x4d,
285 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
286 0xa5, 0x4c, 0xa4, 0x9f),
287 chunk_from_chars(
288 0xdc, 0x2a, 0x44, 0x59, 0xe7, 0x36, 0x96, 0x33, 0xa5, 0x2b,
289 0x1b, 0xf2, 0x77, 0x83, 0x9a, 0x00, 0x20, 0x10, 0x09, 0xa3,
290 0xef, 0xbf, 0x3e, 0xcb, 0x69, 0xbe, 0xa2, 0x18, 0x6c, 0x26,
291 0xb5, 0x89, 0x09, 0x35, 0x1f, 0xc9, 0xac, 0x90, 0xb3, 0xec,
292 0xfd, 0xfb, 0xc7, 0xc6, 0x64, 0x31, 0xe0, 0x30, 0x3d, 0xca,
293 0x17, 0x9c, 0x13, 0x8a, 0xc1, 0x7a, 0xd9, 0xbe, 0xf1, 0x17,
294 0x73, 0x31, 0xa7, 0x04),
295 chunk_from_chars(
296 0x26, 0x4c, 0xa5, 0x7f, 0x89, 0x6d, 0x64, 0x81, 0xd1, 0x87,
297 0xe9, 0x89, 0x47, 0x29, 0x5a, 0xfe, 0xe3, 0x6d, 0x82, 0x44),
298 chunk_from_chars(
299 0x27, 0x88, 0xfc, 0x14, 0xb1, 0xcd, 0xd0, 0x24, 0xd5, 0x9d,
300 0x31, 0x65, 0x59, 0x63, 0x69, 0xcf, 0xaf, 0x50, 0x10, 0xe7),
301 }
302 };
303
304 START_TEST(test_ed25519_sign)
305 {
306 private_key_t *key;
307 public_key_t *pubkey, *public;
308 chunk_t sig, encoding, fp;
309
310 /* load private key */
311 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
312 BUILD_BLOB_ASN1_DER, sig_tests[_i].key, BUILD_END);
313 ck_assert(key != NULL);
314 ck_assert(key->get_encoding(key, PRIVKEY_ASN1_DER, &encoding));
315 ck_assert_chunk_eq(encoding, sig_tests[_i].key);
316 chunk_free(&encoding);
317
318 ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp));
319 ck_assert_chunk_eq(sig_tests[_i].fp_pk, fp);
320 ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fp));
321 ck_assert_chunk_eq(sig_tests[_i].fp_spki, fp);
322
323 /* load public key */
324 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
325 BUILD_BLOB_ASN1_DER, sig_tests[_i].pubkey, BUILD_END);
326 ck_assert(pubkey != NULL);
327 ck_assert(pubkey->get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &encoding));
328 ck_assert_chunk_eq(encoding, sig_tests[_i].pubkey);
329 chunk_free(&encoding);
330
331 ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp));
332 ck_assert_chunk_eq(sig_tests[_i].fp_pk, fp);
333 ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_INFO_SHA1, &fp));
334 ck_assert_chunk_eq(sig_tests[_i].fp_spki, fp);
335
336 /* compare public keys */
337 public = key->get_public_key(key);
338 ck_assert(public != NULL);
339 ck_assert(public->equals(public, pubkey));
340
341 /* sign */
342 ck_assert(key->sign(key, SIGN_ED25519, NULL, sig_tests[_i].msg, &sig));
343 ck_assert(sig.len == 64);
344 ck_assert_chunk_eq(sig, sig_tests[_i].sig);
345
346 /* verify */
347 ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[_i].msg,
348 sig_tests[_i].sig));
349
350 /* cleanup */
351 key->destroy(key);
352 pubkey->destroy(pubkey);
353 public->destroy(public);
354 chunk_free(&sig);
355 }
356 END_TEST
357
358 START_TEST(test_ed25519_gen)
359 {
360 private_key_t *key, *key2;
361 public_key_t *pubkey, *pubkey2;
362 chunk_t msg = chunk_from_str("Ed25519"), sig, encoding, fp_priv, fp_pub;
363
364 /* generate private key */
365 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
366 BUILD_KEY_SIZE, 256, BUILD_END);
367 ck_assert(key != NULL);
368 ck_assert(key->get_type(key) == KEY_ED25519);
369 ck_assert(key->get_keysize(key) == 256);
370 ck_assert(!key->get_encoding(key, PRIVKEY_PGP, &encoding));
371 ck_assert(key->get_encoding(key, PRIVKEY_PEM, &encoding));
372 ck_assert(encoding.ptr != NULL);
373 ck_assert(strstr(encoding.ptr, "PRIVATE KEY"));
374 chunk_free(&encoding);
375
376 /* clone private key */
377 key2 = key->get_ref(key);
378 ck_assert(key2);
379 key2->destroy(key2);
380
381 /* decryption not supported */
382 ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
383
384 /* wrong signature scheme */
385 ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig));
386
387 /* correct signature scheme*/
388 ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
389
390 /* export public key */
391 pubkey = key->get_public_key(key);
392 ck_assert(pubkey != NULL);
393 ck_assert(pubkey->get_type(pubkey) == KEY_ED25519);
394 ck_assert(pubkey->get_keysize(pubkey) == 256);
395 ck_assert(pubkey->get_encoding(pubkey, PUBKEY_PEM, &encoding));
396 ck_assert(encoding.ptr != NULL);
397 ck_assert(strstr(encoding.ptr, "PUBLIC KEY"));
398 chunk_free(&encoding);
399
400 /* generate and compare public and private key fingerprints */
401 ck_assert(!key->get_fingerprint(key, KEYID_PGPV4, &fp_priv));
402 ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
403 ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
404 ck_assert(fp_priv.ptr != NULL);
405 ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp_pub));
406 ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
407 ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
408 ck_assert(fp_pub.ptr != NULL);
409 ck_assert_chunk_eq(fp_pub, fp_priv);
410
411 /* clone public key */
412 pubkey2 = pubkey->get_ref(pubkey);
413 ck_assert(pubkey2 != NULL);
414 pubkey2->destroy(pubkey2);
415
416 /* encryption not supported */
417 ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
418
419 /* verify with wrong signature scheme */
420 ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig));
421
422 /* verify with correct signature scheme */
423 ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
424
425 /* cleanup */
426 key->destroy(key);
427 pubkey->destroy(pubkey);
428 chunk_free(&sig);
429 }
430 END_TEST
431
432 START_TEST(test_ed25519_speed)
433 {
434 private_key_t *key;
435 public_key_t *pubkey;
436 chunk_t msg = chunk_from_str("Hello Ed25519"), sig;
437 int i, count = 1000;
438
439 #ifdef HAVE_CLOCK_GETTIME
440 struct timespec start, stop;
441 clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
442 #endif
443
444 for (i = 0; i < count; i++)
445 {
446 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
447 BUILD_KEY_SIZE, 256, BUILD_END);
448 ck_assert(key != NULL);
449 ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
450 pubkey = key->get_public_key(key);
451 ck_assert(pubkey != NULL);
452 ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
453 key->destroy(key);
454 pubkey->destroy(pubkey);
455 chunk_free(&sig);
456 }
457
458 #ifdef HAVE_CLOCK_GETTIME
459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
460 DBG0(DBG_LIB, "%d Ed25519 keys and signatures in %d ms\n", count,
461 (stop.tv_nsec - start.tv_nsec) / 1000000 +
462 (stop.tv_sec - start.tv_sec) * 1000);
463 #endif
464 }
465 END_TEST
466
467 static chunk_t zero_pk = chunk_from_chars(
468 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
469 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
472 0x00, 0x00, 0x00, 0x00);
473
474 /* sig_tests[0].sig with s+L */
475 static chunk_t malleable_sig = chunk_from_chars(
476 0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, 0x90, 0x86,
477 0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, 0x84, 0x87, 0x7f, 0x1e,
478 0xb8, 0xe5, 0xd9, 0x74, 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49,
479 0x01, 0x55, 0x4c, 0x8c, 0x78, 0x72, 0xaa, 0x06, 0x4e, 0x04,
480 0x9d, 0xbb, 0x30, 0x13, 0xfb, 0xf2, 0x93, 0x80, 0xd2, 0x5b,
481 0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, 0x65, 0x51, 0x41, 0x43,
482 0x8e, 0x7a, 0x10, 0x1b);
483
484 START_TEST(test_ed25519_fail)
485 {
486 private_key_t *key;
487 public_key_t *pubkey;
488 chunk_t blob, sig;
489 uint8_t sig1[64];
490
491 /* Invalid private key format */
492 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
493 BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
494 ck_assert(key == NULL);
495
496 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
497 BUILD_EDDSA_PRIV_ASN1_DER, chunk_empty, BUILD_END);
498 ck_assert(key == NULL);
499
500 blob = chunk_from_chars(0x04, 0x01, 0x9d);
501 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
502 BUILD_EDDSA_PRIV_ASN1_DER, blob, BUILD_END);
503 ck_assert(key == NULL);
504
505 /* Invalid public key format */
506 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
507 BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
508 ck_assert(pubkey == NULL);
509
510 blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
511 0x70, 0x03, 0x02, 0x00, 0xd7);
512 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
513 BUILD_BLOB_ASN1_DER, blob, BUILD_END);
514 ck_assert(pubkey == NULL);
515
516 blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x00,
517 0x70, 0x03, 0x02, 0x00, 0xd7);
518 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
519 BUILD_BLOB_ASN1_DER, blob, BUILD_END);
520 ck_assert(pubkey == NULL);
521
522 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
523 BUILD_KEY_SIZE, 256, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
524 ck_assert(pubkey == NULL);
525
526 /* Invalid signature format */
527 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
528 BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END);
529 ck_assert(pubkey != NULL);
530
531 ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, chunk_empty,
532 chunk_empty));
533
534 /* RFC 8032, section 5.1.7 requires that 0 <= s < L to prevent signature
535 * malleability. Only a warning because Botan and OpenSSL are both
536 * vulnerable to this. */
537 if (pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
538 malleable_sig))
539 {
540 warn("Ed25519 signature verification is vulnerable to malleable "
541 "signatures");
542 }
543
544 /* malformed signature */
545 sig = chunk_create(sig1, 64);
546 memcpy(sig1, sig_tests[0].sig.ptr, 64);
547 sig1[63] |= 0xe0;
548 ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
549 sig));
550
551 /* wrong signature */
552 memcpy(sig1, sig_tests[0].sig.ptr, 64);
553 sig1[0] = 0xe4;
554 ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
555 sig));
556
557 /* detect all-zeroes public key */
558 pubkey->destroy(pubkey);
559 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
560 BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
561 ck_assert(pubkey != NULL);
562 ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
563 sig));
564 pubkey->destroy(pubkey);
565 }
566 END_TEST
567
568 Suite *ed25519_suite_create()
569 {
570 Suite *s;
571 TCase *tc;
572
573 s = suite_create("ed25519");
574
575 tc = tcase_create("ed25519_sign");
576 tcase_add_loop_test(tc, test_ed25519_sign, 0, countof(sig_tests));
577 suite_add_tcase(s, tc);
578
579 tc = tcase_create("ed25519_gen");
580 tcase_add_test(tc, test_ed25519_gen);
581 suite_add_tcase(s, tc);
582
583 tc = tcase_create("ed25519_fail");
584 tcase_add_test(tc, test_ed25519_fail);
585 suite_add_tcase(s, tc);
586
587 tc = tcase_create("ed25519_speed");
588 test_case_set_timeout(tc, 10);
589 tcase_add_test(tc, test_ed25519_speed);
590 suite_add_tcase(s, tc);
591
592 return s;
593 }