Skip to content

Commit

Permalink
Merge #57: fix Ecdsa.generateKey in WebCrypto tests.
Browse files Browse the repository at this point in the history 
While I'm here, fix a bunch of Lint errors.

NOKEYCHECK=True
PiperOrigin-RevId: 286042650
GitOrigin-RevId: d644e50fa0b8246d679f1e5b6daa32a76a130ebf
  • Loading branch information
@thaidn
thaidn authored and Tink Team committed Dec 17, 2019
1 parent e6d7461 commit d8ed1ba
Showing 1 changed file with 111 additions and 112 deletions.
223 changes: 111 additions & 112 deletions javascript/webcryptoapi/testcases/EcdsaTest.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,64 +41,48 @@ var Ecdsa = function() {};
/**
* Verifies the given signature using the given ECDSA public key.
* @param {!CryptoKey} pk The ECDSA public key
* @param {!string} hashAlg The hash algorithm
* @param {string} hashAlg The hash algorithm
* @param {!ArrayBuffer} msg The message to be verified
* @param {!ArrayBuffer} sig The signature to be verified
*
* @return {!Promise}
*/
Ecdsa.verify = function(pk, hashAlg, msg, sig) {
return crypto.subtle.verify(
{
name: 'ECDSA',
hash: {name: hashAlg}
},
pk,
sig,
msg
);
{name: 'ECDSA', hash: {name: hashAlg}}, pk, sig, msg);
};

/**
* Signs a message using the given ECDSA private key and hash algorithm.
* @param {!CryptoKey} sk The ECDSA private key
* @param {!ArrayBuffer} msg The message to be signed
* @param {!string} hashAlg The hash algorithm
* @param {string} hashAlg The hash algorithm
*
* @return {!Promise}
*/
Ecdsa.sign = function(sk, msg, hashAlg) {
return crypto.subtle.sign(
{
{
name: 'ECDSA',
hash: {name: hashAlg},
},
sk,
msg
);
},
sk, msg);
};


/**
* Imports a ECDSA public key.
* @param {!JSONObject} keyData The key data in JWK format
* @param {!string} hashAlg The hash algorithm
* @param {string} hashAlg The hash algorithm
* @param {!Array<string>} usages The usages of the key
*
* @return {!Promise}
*/
Ecdsa.importPublicKey = function(keyData, hashAlg, usages) {
return crypto.subtle.importKey(
'jwk',
keyData,
{
name: 'ECDSA',
namedCurve: keyData['crv'],
hash: {name: hashAlg}
},
true,
usages
);
'jwk', keyData,
{name: 'ECDSA', namedCurve: keyData['crv'], hash: {name: hashAlg}}, true,
usages);
};

/**
Expand All @@ -113,20 +97,18 @@ Ecdsa.exportKey = function(key) {

/**
* Generates an ECDSA key pair using the given hash algorithm and curve name.
* @param {!string} hashAlg The hash algorithm
* @param {!string} curveName The curve name
* @param {string} hashAlg The hash algorithm
* @param {string} curveName The curve name
*
* @return {!Promise}
*/
Ecdsa.generateKey = function(hashAlg, curveName) {
return crypto.subtle.generateKey(
{
{
name: 'ECDSA',
namedCurve: curveName,
},
true,
['sign', 'verify']
);
},
true, ['sign', 'verify']);
};


Expand All @@ -139,20 +121,25 @@ Ecdsa.generateKey = function(hashAlg, curveName) {
Ecdsa.testVerify = function() {
tc = this;
var promise = new Promise((resolve, reject) => {
Ecdsa.importPublicKey(tc.keyData, tc.hashAlg, ['verify']).then(function(pk){
Ecdsa.verify(pk, tc.hashAlg, tc.msg, tc.sig).then(function(isValid){
if ((tc.result == 'valid' && !isValid) ||
(tc.result == 'invalid' && isValid)) {
reject('Failed in test case ' + tc.id);
}
resolve();
}).catch(function(err){
// don't expect any exception in signature verification
reject('Unexpected exception on test case ' + tc.id + ": " + err);
});
}).catch(function(err){
reject('Failed to import key in test case ' + tc.id + ': ' + err);
});
Ecdsa.importPublicKey(tc.keyData, tc.hashAlg, ['verify'])
.then(function(pk) {
Ecdsa.verify(pk, tc.hashAlg, tc.msg, tc.sig)
.then(function(isValid) {
if ((tc.result == 'valid' && !isValid) ||
(tc.result == 'invalid' && isValid)) {
reject('Failed in test case ' + tc.id);
}
resolve();
})
.catch(function(err) {
// don't expect any exception in signature verification
reject(
'Unexpected exception on test case ' + tc.id + ': ' + err);
});
})
.catch(function(err) {
reject('Failed to import key in test case ' + tc.id + ': ' + err);
});
});
return promise;
};
Expand All @@ -162,10 +149,10 @@ Ecdsa.testVerify = function() {
* Parameters of a ECDSA signature verification test.
* @param {!number} id Test case's id
* @param {!JSONObject} keyData The key data in JWK format
* @param {!string} hashAlg The hash algorithm
* @param {string} hashAlg The hash algorithm
* @param {!ArrayBuffer} msg The message that was signed
* @param {!ArrayBuffer} sig The signature to be verified
* @param {!string} result The expected result of the test case
* @param {string} result The expected result of the test case
*/
var EcdsaVerifyTestCase = function(id, keyData, hashAlg, msg, sig, result) {
this.id = id;
Expand All @@ -191,8 +178,8 @@ function testEcdsaVectors() {
var keyData = tg['jwk'];
var curveName = keyData['crv'];
var hashAlg = tg['sha'];
if (SUPPORTED['ecdsa-curve'].indexOf(curveName) == -1
|| SUPPORTED['hash'].indexOf(hashAlg) == -1) {
if (SUPPORTED['ecdsa-curve'].indexOf(curveName) == -1 ||
SUPPORTED['hash'].indexOf(hashAlg) == -1) {
continue;
}
for (var j = 0; j < tg['tests'].length; j++) {
Expand All @@ -201,8 +188,8 @@ function testEcdsaVectors() {
var result = tc['result'];
var msg = TestUtil.hexToArrayBuffer(tc['msg']);
var sig = TestUtil.hexToArrayBuffer(tc['sig']);
var test = new EcdsaVerifyTestCase(
tcId, keyData, hashAlg, msg, sig, result);
var test =
new EcdsaVerifyTestCase(tcId, keyData, hashAlg, msg, sig, result);
testCase.addNewTest('Test ' + tcId, Ecdsa.testVerify, test);
}
}
Expand All @@ -219,9 +206,9 @@ function testEcdsaVectors() {
Ecdsa.extractSig = function(sig) {
var bytes = new Uint8Array(sig);
var byteLen = bytes.length;
var rBytes = bytes.subarray(0, byteLen/2);
var rBytes = bytes.subarray(0, byteLen / 2);
var r = new BigInteger(rBytes);
var sBytes = bytes.subarray(byteLen/2, byteLen);
var sBytes = bytes.subarray(byteLen / 2, byteLen);
var s = new BigInteger(sBytes);
return [r, s];
};
Expand Down Expand Up @@ -250,7 +237,7 @@ Ecdsa.extractNonce = function(h, r, s, d, curveSpec) {
* @param {!wycheproof.BigInteger} s The 's' value of the signature
* @param {!wycheproof.BigInteger} d The private component of the ECDSA key
* @param {!wycheproof.BigInteger} k The nonce that needs to be checked
* @param {!string} curveName The curve name
* @param {string} curveName The curve name
*/
Ecdsa.checkNonceCorrectness = function(msg, r, s, d, k, curveName) {
var e2eCurveMap = {
Expand All @@ -259,14 +246,13 @@ Ecdsa.checkNonceCorrectness = function(msg, r, s, d, k, curveName) {
'P-521': 'P_521',
};
var e2eCurveName = e2eCurveMap[curveName];
var key = new e2e.ecc.Ecdsa(e2eCurveName,
{privKey: d.toByteArray()});
var key = new e2e.ecc.Ecdsa(e2eCurveName, {privKey: d.toByteArray()});
var msgBytes = new Uint8Array(msg);
var calSig = key.signForTestingOnly(msgBytes, k);
var calR = new BigInteger(calSig['r']);
var calS = new BigInteger(calSig['s']);
assertTrue('Nonce calculation was incorrect',
r.isEqual(calR) && s.isEqual(calS));
assertTrue(
'Nonce calculation was incorrect', r.isEqual(calR) && s.isEqual(calS));
};

/**
Expand All @@ -285,61 +271,72 @@ Ecdsa.checkNonceCorrectness = function(msg, r, s, d, k, curveName) {
*/
Ecdsa.testBias = function() {
var tc = this;
var nDone = 0;
var countLsb = 0;
var countMsb = 0;
var promise = new Promise(function(resolve, reject){
for (var i = 0; i < tc.nTests; i++) {
Ecdsa.generateKey(tc.hashAlg, tc.curveName).then(function(key){
Ecdsa.exportKey(key.privateKey).then(function(keyData){
Ecdsa.sign(key.privateKey, tc.msg, tc.hashAlg).then(function(sig){
HashUtil.digest(tc.hashAlg, tc.msg).then(function(digest){
var curveSpec = EcUtil.getCurveSpec(tc.curveName);
var h = new BigInteger(new Uint8Array(digest));
// private key value
var d = BigInteger.fromHex(TestUtil.base64UrlToHex(keyData['d']));
var r, s;
[r, s] = Ecdsa.extractSig(sig);
var k = Ecdsa.extractNonce(h, r, s, d, curveSpec);
// Uncomment this line to check correctness of nonce calculation
// Ecdsa.checkNonceCorrectness(tc.msg, r, s, d, k, tc.curveName);
var halfN = curveSpec.n.shiftRight(1);
if (k.isBitSet(0)) countLsb += 1;
if (k.compare(halfN) == 1) countMsb += 1;

nDone += 1;
if (nDone == tc.nTests) {
if (countLsb < tc.minCount || countLsb > tc.nTests-tc.minCount) {
reject("Bias detected in the LSB of k" +
", hash: " + tc.hashAlg + ", curve: " + tc.curveName +
", countLSB: " + countLsb + ", countMSB: " + countMsb);
return Ecdsa.generateKey(tc.hashAlg, tc.curveName)
.then(function(key) {
return Ecdsa.exportKey(key.privateKey)
.then(function(keyData) {
var promises = [];

for (var i = 0; i < tc.nTests; i++) {
promises.push(
Ecdsa.sign(key.privateKey, tc.msg, tc.hashAlg)
.then(function(sig) {
return HashUtil.digest(tc.hashAlg, tc.msg)
.then(function(digest) {
var curveSpec =
EcUtil.getCurveSpec(tc.curveName);
var h = new BigInteger(new Uint8Array(digest));
// private key value
var d = BigInteger.fromHex(
TestUtil.base64UrlToHex(keyData['d']));
var r, s;
[r, s] = Ecdsa.extractSig(sig);
var k =
Ecdsa.extractNonce(h, r, s, d, curveSpec);
// Uncomment this line to check correctness of
// nonce calculation
// Ecdsa.checkNonceCorrectness(tc.msg, r, s, d,
// k, tc.curveName);
var halfN = curveSpec.n.shiftRight(1);
if (k.isBitSet(0)) countLsb += 1;
if (k.compare(halfN) == 1) countMsb += 1;
});
}));
}

return Promise.all(promises).then(function() {
if (countLsb < tc.minCount ||
countLsb > tc.nTests - tc.minCount) {
reject(
'Bias detected in the LSB of k' +
', hash: ' + tc.hashAlg + ', curve: ' + tc.curveName +
', countLSB: ' + countLsb + ', countMSB: ' + countMsb);
}
if (countMsb < tc.minCount || countMsb > tc.nTests-tc.minCount) {
reject("Bias detected in the MSB of k" +
", hash: " + tc.hashAlg + ", curve: " + tc.curveName +
", countLSB: " + countLsb + ", countMSB: " + countMsb);
if (countMsb < tc.minCount ||
countMsb > tc.nTests - tc.minCount) {
reject(
'Bias detected in the MSB of k' +
', hash: ' + tc.hashAlg + ', curve: ' + tc.curveName +
', countLSB: ' + countLsb + ', countMSB: ' + countMsb);
}
resolve();
}
});
})
.catch(function(err) {
throw new Error('Failed to export private key: ' + err);
});
}).catch(function(err){
reject('Failed to sign: ' + err);
});
}).catch(function(err){
reject('Failed to export private key: ' + err);
});
}).catch(function(err){
reject('Failed to generate key: ' + err);
})
.catch(function(err) {
throw new Error('Failed to generate key: ' + err);
});
}
});
return promise;
};

/**
* Parameters of a ECDSA bias test.
* @param {!string} hashAlg The hash algorithm
* @param {!string} curveName The curve name
* @param {string} hashAlg The hash algorithm
* @param {string} curveName The curve name
* @param {!ArrayBuffer} msg The message that was signed
* @param {!number} nTests The number of key to be generated
* @param {!number} minCount
Expand All @@ -362,17 +359,19 @@ var EcdsaBiasTestCase = function(hashAlg, curveName, msg, nTests, minCount) {
*/
function testEcdsaBiasAll() {
var testCase = new goog.testing.TestCase();
testCase.promiseTimeout = 120*1000;
var msg = TestUtil.hexToArrayBuffer('48656c6c6f'); // msg = 'Hello'
testCase.promiseTimeout = 120 * 1000;
var msg = TestUtil.hexToArrayBuffer('48656c6c6f'); // msg = 'Hello'
var nTests = 1024;
var minCount = 410;
var biasTest256 = new EcdsaBiasTestCase('SHA-256', 'P-256', msg, nTests, minCount);
var biasTest256 =
new EcdsaBiasTestCase('SHA-256', 'P-256', msg, nTests, minCount);
testCase.addNewTest('bias256', Ecdsa.testBias, biasTest256);
var biasTest384 = new EcdsaBiasTestCase('SHA-384', 'P-384', msg, nTests, minCount);
var biasTest384 =
new EcdsaBiasTestCase('SHA-384', 'P-384', msg, nTests, minCount);
testCase.addNewTest('bias384', Ecdsa.testBias, biasTest384);
var biasTest521 = new EcdsaBiasTestCase('SHA-512', 'P-521', msg, nTests, minCount);
var biasTest521 =
new EcdsaBiasTestCase('SHA-512', 'P-521', msg, nTests, minCount);
testCase.addNewTest('bias521', Ecdsa.testBias, biasTest521);
return testCase.runTestsReturningPromise()
.then(wycheproof.TestUtil.checkTestCaseResult);
return testCase.runTestsReturningPromise().then(
wycheproof.TestUtil.checkTestCaseResult);
}

0 comments on commit d8ed1ba

Please sign in to comment.