diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-08-27 00:18:26 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-09-25 15:08:31 -0400 |
| commit | 4caa6fad4c71391ab41e92a32aa58b10b6febe7f (patch) | |
| tree | 5a4a92ea93940837470b28c52cbecb780687fd27 /src/test/test_crypto.c | |
| parent | ed48b0fe56df2f719cd7cd274c664f7037f98b75 (diff) | |
| download | tor-4caa6fad4c71391ab41e92a32aa58b10b6febe7f.tar.gz tor-4caa6fad4c71391ab41e92a32aa58b10b6febe7f.zip | |
Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key. But how can we sign something with a key that
is only for doing Diffie-Hellman? By converting it to the
corresponding ed25519 point.
See the ALL-CAPS warning in the documentation. According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.
(Unit tests included. What kind of a monster do you take me for?)
Diffstat (limited to 'src/test/test_crypto.c')
| -rw-r--r-- | src/test/test_crypto.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 5b2ce4508d..0ef5e42a15 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -1370,6 +1370,45 @@ test_crypto_ed25519_encode(void *arg) } static void +test_crypto_ed25519_convert(void *arg) +{ + const uint8_t msg[] = + "The eyes are not here / There are no eyes here."; + const int N = 30; + int i; + (void)arg; + + for (i = 0; i < N; ++i) { + curve25519_keypair_t curve25519_keypair; + ed25519_keypair_t ed25519_keypair; + ed25519_public_key_t ed25519_pubkey; + + int bit=0; + ed25519_signature_t sig; + + tt_int_op(0,==,curve25519_keypair_generate(&curve25519_keypair, i&1)); + tt_int_op(0,==,ed25519_keypair_from_curve25519_keypair( + &ed25519_keypair, &bit, &curve25519_keypair)); + tt_int_op(0,==,ed25519_public_key_from_curve25519_public_key( + &ed25519_pubkey, &curve25519_keypair.pubkey, bit)); + tt_mem_op(ed25519_pubkey.pubkey, ==, ed25519_keypair.pubkey.pubkey, 32); + + tt_int_op(0,==,ed25519_sign(&sig, msg, sizeof(msg), &ed25519_keypair)); + tt_int_op(0,==,ed25519_checksig(&sig, msg, sizeof(msg), + &ed25519_pubkey)); + + tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg)-1, + &ed25519_pubkey)); + sig.sig[0] ^= 15; + tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg), + &ed25519_pubkey)); + } + + done: + ; +} + +static void test_crypto_siphash(void *arg) { /* From the reference implementation, taking @@ -1509,6 +1548,7 @@ struct testcase_t crypto_tests[] = { { "ed25519_simple", test_crypto_ed25519_simple, 0, NULL, NULL }, { "ed25519_test_vectors", test_crypto_ed25519_test_vectors, 0, NULL, NULL }, { "ed25519_encode", test_crypto_ed25519_encode, 0, NULL, NULL }, + { "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL }, #endif { "siphash", test_crypto_siphash, 0, NULL, NULL }, END_OF_TESTCASES |