diff options
author | Moxie Marlinspike <moxie@thoughtcrime.org> | 2014-11-24 12:54:30 -0800 |
---|---|---|
committer | Moxie Marlinspike <moxie@thoughtcrime.org> | 2014-11-24 12:54:30 -0800 |
commit | 60800e155612bea797eed93c67046a23d26054cc (patch) | |
tree | d88368c1c26162e27e790195133ca2b526597afe /src/androidTest/java/org/whispersystems/test/ecc |
Break out into separate repo.
Diffstat (limited to 'src/androidTest/java/org/whispersystems/test/ecc')
-rw-r--r-- | src/androidTest/java/org/whispersystems/test/ecc/Curve25519Test.java | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/src/androidTest/java/org/whispersystems/test/ecc/Curve25519Test.java b/src/androidTest/java/org/whispersystems/test/ecc/Curve25519Test.java new file mode 100644 index 00000000..4b8ce2ea --- /dev/null +++ b/src/androidTest/java/org/whispersystems/test/ecc/Curve25519Test.java @@ -0,0 +1,154 @@ +package org.whispersystems.test.ecc; + +import android.test.AndroidTestCase; + +import org.whispersystems.libaxolotl.InvalidKeyException; +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.ecc.ECPrivateKey; +import org.whispersystems.libaxolotl.ecc.ECPublicKey; + +import java.util.Arrays; + + +public class Curve25519Test extends AndroidTestCase { + + public void testAgreement() throws InvalidKeyException { + + byte[] alicePublic = {(byte) 0x05, (byte) 0x1b, (byte) 0xb7, (byte) 0x59, (byte) 0x66, + (byte) 0xf2, (byte) 0xe9, (byte) 0x3a, (byte) 0x36, (byte) 0x91, + (byte) 0xdf, (byte) 0xff, (byte) 0x94, (byte) 0x2b, (byte) 0xb2, + (byte) 0xa4, (byte) 0x66, (byte) 0xa1, (byte) 0xc0, (byte) 0x8b, + (byte) 0x8d, (byte) 0x78, (byte) 0xca, (byte) 0x3f, (byte) 0x4d, + (byte) 0x6d, (byte) 0xf8, (byte) 0xb8, (byte) 0xbf, (byte) 0xa2, + (byte) 0xe4, (byte) 0xee, (byte) 0x28}; + + byte[] alicePrivate = {(byte) 0xc8, (byte) 0x06, (byte) 0x43, (byte) 0x9d, (byte) 0xc9, + (byte) 0xd2, (byte) 0xc4, (byte) 0x76, (byte) 0xff, (byte) 0xed, + (byte) 0x8f, (byte) 0x25, (byte) 0x80, (byte) 0xc0, (byte) 0x88, + (byte) 0x8d, (byte) 0x58, (byte) 0xab, (byte) 0x40, (byte) 0x6b, + (byte) 0xf7, (byte) 0xae, (byte) 0x36, (byte) 0x98, (byte) 0x87, + (byte) 0x90, (byte) 0x21, (byte) 0xb9, (byte) 0x6b, (byte) 0xb4, + (byte) 0xbf, (byte) 0x59}; + + byte[] bobPublic = {(byte) 0x05, (byte) 0x65, (byte) 0x36, (byte) 0x14, (byte) 0x99, + (byte) 0x3d, (byte) 0x2b, (byte) 0x15, (byte) 0xee, (byte) 0x9e, + (byte) 0x5f, (byte) 0xd3, (byte) 0xd8, (byte) 0x6c, (byte) 0xe7, + (byte) 0x19, (byte) 0xef, (byte) 0x4e, (byte) 0xc1, (byte) 0xda, + (byte) 0xae, (byte) 0x18, (byte) 0x86, (byte) 0xa8, (byte) 0x7b, + (byte) 0x3f, (byte) 0x5f, (byte) 0xa9, (byte) 0x56, (byte) 0x5a, + (byte) 0x27, (byte) 0xa2, (byte) 0x2f}; + + byte[] bobPrivate = {(byte) 0xb0, (byte) 0x3b, (byte) 0x34, (byte) 0xc3, (byte) 0x3a, + (byte) 0x1c, (byte) 0x44, (byte) 0xf2, (byte) 0x25, (byte) 0xb6, + (byte) 0x62, (byte) 0xd2, (byte) 0xbf, (byte) 0x48, (byte) 0x59, + (byte) 0xb8, (byte) 0x13, (byte) 0x54, (byte) 0x11, (byte) 0xfa, + (byte) 0x7b, (byte) 0x03, (byte) 0x86, (byte) 0xd4, (byte) 0x5f, + (byte) 0xb7, (byte) 0x5d, (byte) 0xc5, (byte) 0xb9, (byte) 0x1b, + (byte) 0x44, (byte) 0x66}; + + byte[] shared = {(byte) 0x32, (byte) 0x5f, (byte) 0x23, (byte) 0x93, (byte) 0x28, + (byte) 0x94, (byte) 0x1c, (byte) 0xed, (byte) 0x6e, (byte) 0x67, + (byte) 0x3b, (byte) 0x86, (byte) 0xba, (byte) 0x41, (byte) 0x01, + (byte) 0x74, (byte) 0x48, (byte) 0xe9, (byte) 0x9b, (byte) 0x64, + (byte) 0x9a, (byte) 0x9c, (byte) 0x38, (byte) 0x06, (byte) 0xc1, + (byte) 0xdd, (byte) 0x7c, (byte) 0xa4, (byte) 0xc4, (byte) 0x77, + (byte) 0xe6, (byte) 0x29}; + + ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0); + ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate); + + ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0); + ECPrivateKey bobPrivateKey = Curve.decodePrivatePoint(bobPrivate); + + byte[] sharedOne = Curve.calculateAgreement(alicePublicKey, bobPrivateKey); + byte[] sharedTwo = Curve.calculateAgreement(bobPublicKey, alicePrivateKey); + + assertTrue(Arrays.equals(sharedOne, shared)); + assertTrue(Arrays.equals(sharedTwo, shared)); + } + + public void testRandomAgreements() throws InvalidKeyException { + for (int i=0;i<50;i++) { + ECKeyPair alice = Curve.generateKeyPair(); + ECKeyPair bob = Curve.generateKeyPair(); + + byte[] sharedAlice = Curve.calculateAgreement(bob.getPublicKey(), alice.getPrivateKey()); + byte[] sharedBob = Curve.calculateAgreement(alice.getPublicKey(), bob.getPrivateKey()); + + assertTrue(Arrays.equals(sharedAlice, sharedBob)); + } + } + + public void testSignature() throws InvalidKeyException { + byte[] aliceIdentityPrivate = {(byte)0xc0, (byte)0x97, (byte)0x24, (byte)0x84, (byte)0x12, + (byte)0xe5, (byte)0x8b, (byte)0xf0, (byte)0x5d, (byte)0xf4, + (byte)0x87, (byte)0x96, (byte)0x82, (byte)0x05, (byte)0x13, + (byte)0x27, (byte)0x94, (byte)0x17, (byte)0x8e, (byte)0x36, + (byte)0x76, (byte)0x37, (byte)0xf5, (byte)0x81, (byte)0x8f, + (byte)0x81, (byte)0xe0, (byte)0xe6, (byte)0xce, (byte)0x73, + (byte)0xe8, (byte)0x65}; + + byte[] aliceIdentityPublic = {(byte)0x05, (byte)0xab, (byte)0x7e, (byte)0x71, (byte)0x7d, + (byte)0x4a, (byte)0x16, (byte)0x3b, (byte)0x7d, (byte)0x9a, + (byte)0x1d, (byte)0x80, (byte)0x71, (byte)0xdf, (byte)0xe9, + (byte)0xdc, (byte)0xf8, (byte)0xcd, (byte)0xcd, (byte)0x1c, + (byte)0xea, (byte)0x33, (byte)0x39, (byte)0xb6, (byte)0x35, + (byte)0x6b, (byte)0xe8, (byte)0x4d, (byte)0x88, (byte)0x7e, + (byte)0x32, (byte)0x2c, (byte)0x64}; + + byte[] aliceEphemeralPublic = {(byte)0x05, (byte)0xed, (byte)0xce, (byte)0x9d, (byte)0x9c, + (byte)0x41, (byte)0x5c, (byte)0xa7, (byte)0x8c, (byte)0xb7, + (byte)0x25, (byte)0x2e, (byte)0x72, (byte)0xc2, (byte)0xc4, + (byte)0xa5, (byte)0x54, (byte)0xd3, (byte)0xeb, (byte)0x29, + (byte)0x48, (byte)0x5a, (byte)0x0e, (byte)0x1d, (byte)0x50, + (byte)0x31, (byte)0x18, (byte)0xd1, (byte)0xa8, (byte)0x2d, + (byte)0x99, (byte)0xfb, (byte)0x4a}; + + byte[] aliceSignature = {(byte)0x5d, (byte)0xe8, (byte)0x8c, (byte)0xa9, (byte)0xa8, + (byte)0x9b, (byte)0x4a, (byte)0x11, (byte)0x5d, (byte)0xa7, + (byte)0x91, (byte)0x09, (byte)0xc6, (byte)0x7c, (byte)0x9c, + (byte)0x74, (byte)0x64, (byte)0xa3, (byte)0xe4, (byte)0x18, + (byte)0x02, (byte)0x74, (byte)0xf1, (byte)0xcb, (byte)0x8c, + (byte)0x63, (byte)0xc2, (byte)0x98, (byte)0x4e, (byte)0x28, + (byte)0x6d, (byte)0xfb, (byte)0xed, (byte)0xe8, (byte)0x2d, + (byte)0xeb, (byte)0x9d, (byte)0xcd, (byte)0x9f, (byte)0xae, + (byte)0x0b, (byte)0xfb, (byte)0xb8, (byte)0x21, (byte)0x56, + (byte)0x9b, (byte)0x3d, (byte)0x90, (byte)0x01, (byte)0xbd, + (byte)0x81, (byte)0x30, (byte)0xcd, (byte)0x11, (byte)0xd4, + (byte)0x86, (byte)0xce, (byte)0xf0, (byte)0x47, (byte)0xbd, + (byte)0x60, (byte)0xb8, (byte)0x6e, (byte)0x88}; + + ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate); + ECPublicKey alicePublicKey = Curve.decodePoint(aliceIdentityPublic, 0); + ECPublicKey aliceEphemeral = Curve.decodePoint(aliceEphemeralPublic, 0); + + if (!Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), aliceSignature)) { + throw new AssertionError("Sig verification failed!"); + } + + for (int i=0;i<aliceSignature.length;i++) { + byte[] modifiedSignature = new byte[aliceSignature.length]; + System.arraycopy(aliceSignature, 0, modifiedSignature, 0, modifiedSignature.length); + + modifiedSignature[i] ^= 0x01; + + if (Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), modifiedSignature)) { + throw new AssertionError("Sig verification succeeded!"); + } + } + } + + public void testSignatureOverflow() throws InvalidKeyException { + ECKeyPair keys = Curve.generateKeyPair(); + byte[] message = new byte[4096]; + + try { + byte[] signature = Curve.calculateSignature(keys.getPrivateKey(), message); + throw new InvalidKeyException("Should have asserted!"); + } catch (AssertionError e) { + // Success! + } + } + +} |