Gitly


1 // vtest build: present_openssl? && !(openbsd && gcc) && !(sanitize-memory-clang || docker-ubuntu-musl)
2 module ecdsa
3 
4 fn test_ecdsa() {
5     // Generate key pair
6     pub_key, priv_key := generate_key() or { panic(err) }
7 
8     // Sign a message
9     message := 'Hello, ECDSA!'.bytes()
10     signature := priv_key.sign(message) or { panic(err) }
11 
12     // Verify the signature
13     is_valid := pub_key.verify(message, signature) or { panic(err) }
14     println('Signature valid: ${is_valid}')
15     assert is_valid
16 
17     priv_key.free()
18     pub_key.free()
19 }
20 
21 fn test_ecdsa_signing_with_recommended_hash_options() {
22     // Generate key pair
23     pub_key, priv_key := generate_key() or { panic(err) }
24 
25     // Sign a message
26     message := 'Hello, ECDSA!'.bytes()
27     signature := priv_key.sign(message) or { panic(err) }
28 
29     // Verify the signature
30     is_valid := pub_key.verify(message, signature) or { panic(err) }
31     println('Signature valid: ${is_valid}')
32     assert is_valid
33     pub_key.free()
34     priv_key.free()
35 }
36 
37 fn test_generate_key() ! {
38     // Test key generation with high level opaque
39     pub_key, priv_key := generate_key() or { panic(err) }
40     assert pub_key.evpkey != unsafe { nil }
41     assert priv_key.evpkey != unsafe { nil }
42 
43     priv_key.free()
44     pub_key.free()
45 }
46 
47 fn test_new_key_from_seed() ! {
48     // Test generating a key from a seed
49     seed := [u8(1), 2, 3, 4, 5]
50     priv_key := new_key_from_seed(seed) or { panic(err) }
51     retrieved_seed := priv_key.bytes() or { panic(err) }
52     assert seed == retrieved_seed
53     priv_key.free()
54 }
55 
56 fn test_new_key_from_seed_with_leading_zeros_bytes() ! {
57     // Test generating a key from a seed
58     seed := [u8(0), u8(1), 2, 3, 4, 5]
59     priv_key := new_key_from_seed(seed) or { panic(err) }
60     retrieved_seed := priv_key.bytes() or { panic(err) }
61     assert seed == retrieved_seed
62     priv_key.free()
63 }
64 
65 fn test_sign_and_verify() ! {
66     // Test signing and verifying a message
67     pub_key, priv_key := generate_key() or { panic(err) }
68     message := 'Test message'.bytes()
69     signature := priv_key.sign(message) or { panic(err) }
70     is_valid := pub_key.verify(message, signature) or { panic(err) }
71     assert is_valid
72 
73     priv_key.free()
74     pub_key.free()
75 }
76 
77 fn test_seed() ! {
78     // Test retrieving the seed from a private key
79     pub_key, priv_key := generate_key() or { panic(err) }
80     seed := priv_key.bytes() or { panic(err) }
81     assert seed.len > 0
82     priv_key.free()
83     pub_key.free()
84 }
85 
86 fn test_public_key() ! {
87     // Test getting the public key from a private key
88     pubkk, priv_key := generate_key() or { panic(err) }
89     pub_key1 := priv_key.public_key() or { panic(err) }
90     pub_key2, privkk := generate_key() or { panic(err) }
91     assert !pub_key1.equal(pub_key2)
92 
93     pubkk.free()
94     privkk.free()
95     priv_key.free()
96     pub_key1.free()
97     pub_key2.free()
98 }
99 
100 fn test_private_key_equal() ! {
101     // Test private key equality
102     pbk, priv_key1 := generate_key() or { panic(err) }
103     seed := priv_key1.bytes() or { panic(err) }
104     priv_key2 := new_key_from_seed(seed) or { panic(err) }
105     assert priv_key1.equal(priv_key2)
106 
107     pbk.free()
108     priv_key1.free()
109     priv_key2.free()
110 }
111 
112 fn test_private_key_equality_on_different_curve() ! {
113     // default group
114     pbk, priv_key1 := generate_key() or { panic(err) }
115     seed := priv_key1.bytes() or { panic(err) }
116     // using different group
117     priv_key2 := new_key_from_seed(seed, nid: .secp384r1) or { panic(err) }
118     assert !priv_key1.equal(priv_key2)
119     pbk.free()
120     priv_key1.free()
121     priv_key2.free()
122 }
123 
124 fn test_public_key_equal() ! {
125     // Test public key equality
126     pbk, priv_key := generate_key() or { panic(err) }
127     pub_key1 := priv_key.public_key() or { panic(err) }
128     pub_key2 := priv_key.public_key() or { panic(err) }
129     assert pub_key1.equal(pub_key2)
130     pbk.free()
131     priv_key.free()
132     pub_key1.free()
133     pub_key2.free()
134 }
135 
136 fn test_sign_with_new_key_from_seed() ! {
137     // Test signing with a key generated from a seed
138     seed := [u8(10), 20, 30, 40, 50]
139     priv_key := new_key_from_seed(seed) or { panic(err) }
140     message := 'Another test message'.bytes()
141     signature := priv_key.sign(message) or { panic(err) }
142     pub_key := priv_key.public_key() or { panic(err) }
143     is_valid := pub_key.verify(message, signature) or { panic(err) }
144     assert is_valid
145     priv_key.free()
146     pub_key.free()
147 }
148 
149 fn test_invalid_signature() ! {
150     // Test verifying an invalid signature
151     pub_key, pvk := generate_key() or { panic(err) }
152     message := 'Test message'.bytes()
153     invalid_signature := [u8(1), 2, 3] // Deliberately invalid
154     result := pub_key.verify(message, invalid_signature) or {
155         // Expecting verification to fail
156         assert err.msg() == 'Failed to verify signature'
157         pub_key.free()
158         pvk.free()
159         return
160     }
161     assert !result
162     pub_key.free()
163     pvk.free()
164 }
165 
166 fn test_different_keys_not_equal() ! {
167     // Test that different keys are not equal
168     pbk1, priv_key1 := generate_key() or { panic(err) }
169     pbk2, priv_key2 := generate_key() or { panic(err) }
170     assert !priv_key1.equal(priv_key2)
171     pbk1.free()
172     pbk2.free()
173     priv_key1.free()
174     priv_key2.free()
175 }
176 
177 fn test_private_key_new() ! {
178     priv_key := PrivateKey.new()!
179     assert priv_key.ks_flag == .fixed
180     size := evp_key_size(priv_key.evpkey)!
181     assert size == 32
182     pubkey := priv_key.public_key()!
183 
184     message := 'Another test message'.bytes()
185     signature := priv_key.sign(message)!
186     is_valid := pubkey.verify(message, signature)!
187     assert is_valid
188 
189     // new private key
190     seed := priv_key.bytes()!
191     priv_key2 := new_key_from_seed(seed)!
192     pubkey2 := priv_key2.public_key()!
193     assert priv_key.equal(priv_key2)
194     assert pubkey.equal(pubkey2)
195     is_valid2 := pubkey2.verify(message, signature)!
196     assert is_valid2
197 
198     // generates new key with different curve
199     priv_key3 := new_key_from_seed(seed, nid: .secp384r1)!
200     pubkey3 := priv_key3.public_key()!
201     assert !priv_key3.equal(priv_key2)
202     assert !pubkey3.equal(pubkey2)
203     is_valid3 := pubkey3.verify(message, signature)!
204     assert !is_valid3
205 
206     priv_key.free()
207     priv_key2.free()
208     priv_key3.free()
209     pubkey.free()
210     pubkey2.free()
211     pubkey3.free()
212 }
213 
214 // See https://discord.com/channels/592103645835821068/592114487759470596/1334319744098107423
215 fn test_key_with_msg_exceed_key_size() ! {
216     pv := PrivateKey.new()!
217     msg := 'a'.repeat(200).bytes()
218     opt := SignerOpts{
219         hash_config: .with_no_hash
220     }
221     signed := pv.sign(msg, opt)!
222     pb := pv.public_key()!
223 
224     // should be verified
225     st := pb.verify(msg, signed, opt)!
226     assert st
227 
228     // different msg should not be verified
229     other_msg := 'a'.repeat(392).bytes()
230     ds := pb.verify(other_msg, signed, opt)!
231     // This should assert to false.
232     assert !ds
233 
234     pv.free()
235     pb.free()
236 }
237

1	// vtest build: present_openssl? && !(openbsd && gcc) && !(sanitize-memory-clang \|\| docker-ubuntu-musl)
2	module ecdsa
3
4	fn test_ecdsa() {
5	// Generate key pair
6	pub_key, priv_key := generate_key() or { panic(err) }
7
8	// Sign a message
9	message := 'Hello, ECDSA!'.bytes()
10	signature := priv_key.sign(message) or { panic(err) }
11
12	// Verify the signature
13	is_valid := pub_key.verify(message, signature) or { panic(err) }
14	println('Signature valid: ${is_valid}')
15	assert is_valid
16
17	priv_key.free()
18	pub_key.free()
19	}
20
21	fn test_ecdsa_signing_with_recommended_hash_options() {
22	// Generate key pair
23	pub_key, priv_key := generate_key() or { panic(err) }
24
25	// Sign a message
26	message := 'Hello, ECDSA!'.bytes()
27	signature := priv_key.sign(message) or { panic(err) }
28
29	// Verify the signature
30	is_valid := pub_key.verify(message, signature) or { panic(err) }
31	println('Signature valid: ${is_valid}')
32	assert is_valid
33	pub_key.free()
34	priv_key.free()
35	}
36
37	fn test_generate_key() ! {
38	// Test key generation with high level opaque
39	pub_key, priv_key := generate_key() or { panic(err) }
40	assert pub_key.evpkey != unsafe { nil }
41	assert priv_key.evpkey != unsafe { nil }
42
43	priv_key.free()
44	pub_key.free()
45	}
46
47	fn test_new_key_from_seed() ! {
48	// Test generating a key from a seed
49	seed := [u8(1), 2, 3, 4, 5]
50	priv_key := new_key_from_seed(seed) or { panic(err) }
51	retrieved_seed := priv_key.bytes() or { panic(err) }
52	assert seed == retrieved_seed
53	priv_key.free()
54	}
55
56	fn test_new_key_from_seed_with_leading_zeros_bytes() ! {
57	// Test generating a key from a seed
58	seed := [u8(0), u8(1), 2, 3, 4, 5]
59	priv_key := new_key_from_seed(seed) or { panic(err) }
60	retrieved_seed := priv_key.bytes() or { panic(err) }
61	assert seed == retrieved_seed
62	priv_key.free()
63	}
64
65	fn test_sign_and_verify() ! {
66	// Test signing and verifying a message
67	pub_key, priv_key := generate_key() or { panic(err) }
68	message := 'Test message'.bytes()
69	signature := priv_key.sign(message) or { panic(err) }
70	is_valid := pub_key.verify(message, signature) or { panic(err) }
71	assert is_valid
72
73	priv_key.free()
74	pub_key.free()
75	}
76
77	fn test_seed() ! {
78	// Test retrieving the seed from a private key
79	pub_key, priv_key := generate_key() or { panic(err) }
80	seed := priv_key.bytes() or { panic(err) }
81	assert seed.len > 0
82	priv_key.free()
83	pub_key.free()
84	}
85
86	fn test_public_key() ! {
87	// Test getting the public key from a private key
88	pubkk, priv_key := generate_key() or { panic(err) }
89	pub_key1 := priv_key.public_key() or { panic(err) }
90	pub_key2, privkk := generate_key() or { panic(err) }
91	assert !pub_key1.equal(pub_key2)
92
93	pubkk.free()
94	privkk.free()
95	priv_key.free()
96	pub_key1.free()
97	pub_key2.free()
98	}
99
100	fn test_private_key_equal() ! {
101	// Test private key equality
102	pbk, priv_key1 := generate_key() or { panic(err) }
103	seed := priv_key1.bytes() or { panic(err) }
104	priv_key2 := new_key_from_seed(seed) or { panic(err) }
105	assert priv_key1.equal(priv_key2)
106
107	pbk.free()
108	priv_key1.free()
109	priv_key2.free()
110	}
111
112	fn test_private_key_equality_on_different_curve() ! {
113	// default group
114	pbk, priv_key1 := generate_key() or { panic(err) }
115	seed := priv_key1.bytes() or { panic(err) }
116	// using different group
117	priv_key2 := new_key_from_seed(seed, nid: .secp384r1) or { panic(err) }
118	assert !priv_key1.equal(priv_key2)
119	pbk.free()
120	priv_key1.free()
121	priv_key2.free()
122	}
123
124	fn test_public_key_equal() ! {
125	// Test public key equality
126	pbk, priv_key := generate_key() or { panic(err) }
127	pub_key1 := priv_key.public_key() or { panic(err) }
128	pub_key2 := priv_key.public_key() or { panic(err) }
129	assert pub_key1.equal(pub_key2)
130	pbk.free()
131	priv_key.free()
132	pub_key1.free()
133	pub_key2.free()
134	}
135
136	fn test_sign_with_new_key_from_seed() ! {
137	// Test signing with a key generated from a seed
138	seed := [u8(10), 20, 30, 40, 50]
139	priv_key := new_key_from_seed(seed) or { panic(err) }
140	message := 'Another test message'.bytes()
141	signature := priv_key.sign(message) or { panic(err) }
142	pub_key := priv_key.public_key() or { panic(err) }
143	is_valid := pub_key.verify(message, signature) or { panic(err) }
144	assert is_valid
145	priv_key.free()
146	pub_key.free()
147	}
148
149	fn test_invalid_signature() ! {
150	// Test verifying an invalid signature
151	pub_key, pvk := generate_key() or { panic(err) }
152	message := 'Test message'.bytes()
153	invalid_signature := [u8(1), 2, 3] // Deliberately invalid
154	result := pub_key.verify(message, invalid_signature) or {
155	// Expecting verification to fail
156	assert err.msg() == 'Failed to verify signature'
157	pub_key.free()
158	pvk.free()
159	return
160	}
161	assert !result
162	pub_key.free()
163	pvk.free()
164	}
165
166	fn test_different_keys_not_equal() ! {
167	// Test that different keys are not equal
168	pbk1, priv_key1 := generate_key() or { panic(err) }
169	pbk2, priv_key2 := generate_key() or { panic(err) }
170	assert !priv_key1.equal(priv_key2)
171	pbk1.free()
172	pbk2.free()
173	priv_key1.free()
174	priv_key2.free()
175	}
176
177	fn test_private_key_new() ! {
178	priv_key := PrivateKey.new()!
179	assert priv_key.ks_flag == .fixed
180	size := evp_key_size(priv_key.evpkey)!
181	assert size == 32
182	pubkey := priv_key.public_key()!
183
184	message := 'Another test message'.bytes()
185	signature := priv_key.sign(message)!
186	is_valid := pubkey.verify(message, signature)!
187	assert is_valid
188
189	// new private key
190	seed := priv_key.bytes()!
191	priv_key2 := new_key_from_seed(seed)!
192	pubkey2 := priv_key2.public_key()!
193	assert priv_key.equal(priv_key2)
194	assert pubkey.equal(pubkey2)
195	is_valid2 := pubkey2.verify(message, signature)!
196	assert is_valid2
197
198	// generates new key with different curve
199	priv_key3 := new_key_from_seed(seed, nid: .secp384r1)!
200	pubkey3 := priv_key3.public_key()!
201	assert !priv_key3.equal(priv_key2)
202	assert !pubkey3.equal(pubkey2)
203	is_valid3 := pubkey3.verify(message, signature)!
204	assert !is_valid3
205
206	priv_key.free()
207	priv_key2.free()
208	priv_key3.free()
209	pubkey.free()
210	pubkey2.free()
211	pubkey3.free()
212	}
213
214	// See https://discord.com/channels/592103645835821068/592114487759470596/1334319744098107423
215	fn test_key_with_msg_exceed_key_size() ! {
216	pv := PrivateKey.new()!
217	msg := 'a'.repeat(200).bytes()
218	opt := SignerOpts{
219	hash_config: .with_no_hash
220	}
221	signed := pv.sign(msg, opt)!
222	pb := pv.public_key()!
223
224	// should be verified
225	st := pb.verify(msg, signed, opt)!
226	assert st
227
228	// different msg should not be verified
229	other_msg := 'a'.repeat(392).bytes()
230	ds := pb.verify(other_msg, signed, opt)!
231	// This should assert to false.
232	assert !ds
233
234	pv.free()
235	pb.free()
236	}
237