github.com/emmansun/gmsm@v0.29.1/sm2/sm2_keyexchange_test.go (about) 1 package sm2 2 3 import ( 4 "bytes" 5 "crypto/ecdsa" 6 "crypto/elliptic" 7 "crypto/rand" 8 "encoding/hex" 9 "errors" 10 "math/big" 11 "testing" 12 ) 13 14 var vectors = []struct { 15 LocalStaticPriv, LocalEphemeralPriv string 16 RemoteStaticPriv, RemoteEphemeralPriv string 17 SharedSecret, Key string 18 }{ 19 { 20 "e04c3fd77408b56a648ad439f673511a2ae248def3bab26bdfc9cdbd0ae9607e", 21 "6fe0bac5b09d3ab10f724638811c34464790520e4604e71e6cb0e5310623b5b1", 22 "7a1136f60d2c5531447e5a3093078c2a505abf74f33aefed927ac0a5b27e7dd7", 23 "d0233bdbb0b8a7bfe1aab66132ef06fc4efaedd5d5000692bc21185242a31f6f", 24 "046ab5c9709277837cedc515730d04751ef81c71e81e0e52357a98cf41796ab560508da6e858b40c6264f17943037434174284a847f32c4f54104a98af5148d89f", 25 "1ad809ebc56ddda532020c352e1e60b121ebeb7b4e632db4dd90a362cf844f8bba85140e30984ddb581199bf5a9dda22", 26 }, 27 { 28 "cb5ac204b38d0e5c9fc38a467075986754018f7dbb7cbbc5b4c78d56a88a8ad8", 29 "1681a66c02b67fdadfc53cba9b417b9499d0159435c86bb8760c3a03ae157539", 30 "4f54b10e0d8e9e2fe5cc79893e37fd0fd990762d1372197ed92dde464b2773ef", 31 "a2fe43dea141e9acc88226eaba8908ad17e81376c92102cb8186e8fef61a8700", 32 "04677d055355a1dcc9de4df00d3a80b6daa76bdf54ff7e0a3a6359fcd0c6f1e4b4697fffc41bbbcc3a28ea3aa1c6c380d1e92f142233afa4b430d02ab4cebc43b2", 33 "7a103ae61a30ed9df573a5febb35a9609cbed5681bcb98a8545351bf7d6824cc4635df5203712ea506e2e3c4ec9b12e7", 34 }, 35 { 36 "ee690a34a779ab48227a2f68b062a80f92e26d82835608dd01b7452f1e4fb296", 37 "2046c6cee085665e9f3abeba41fd38e17a26c08f2f5e8f0e1007afc0bf6a2a5d", 38 "8ef49ea427b13cc31151e1c96ae8a48cb7919063f2d342560fb7eaaffb93d8fe", 39 "9baf8d602e43fbae83fedb7368f98c969d378b8a647318f8cafb265296ae37de", 40 "04f7e9f1447968b284ff43548fcec3752063ea386b48bfabb9baf2f9c1caa05c2fb12c2cca37326ce27e68f8cc6414c2554895519c28da1ca21e61890d0bc525c4", 41 "b18e78e5072f301399dc1f4baf2956c0ed2d5f52f19abb1705131b0865b079031259ee6c629b4faed528bcfa1c5d2cbc", 42 }, 43 } 44 45 func hexDecode(t *testing.T, s string) []byte { 46 b, err := hex.DecodeString(s) 47 if err != nil { 48 t.Fatal("invalid hex string:", s) 49 } 50 return b 51 } 52 53 func TestKeyExchangeSample(t *testing.T) { 54 initiatorUID := []byte("Alice") 55 responderUID := []byte("Bob") 56 kenLen := 48 57 58 for i, v := range vectors { 59 priv1 := new(PrivateKey) 60 priv1.D, _ = new(big.Int).SetString(v.LocalStaticPriv, 16) 61 priv1.Curve = P256() 62 priv1.X, priv1.Y = priv1.Curve.ScalarBaseMult(priv1.D.Bytes()) 63 64 priv2 := new(PrivateKey) 65 priv2.D, _ = new(big.Int).SetString(v.RemoteStaticPriv, 16) 66 priv2.Curve = P256() 67 priv2.X, priv2.Y = priv1.Curve.ScalarBaseMult(priv2.D.Bytes()) 68 69 initiator, err := NewKeyExchange(priv1, &priv2.PublicKey, initiatorUID, responderUID, kenLen, true) 70 if err != nil { 71 t.Fatal(err) 72 } 73 responder, err := NewKeyExchange(priv2, &priv1.PublicKey, responderUID, initiatorUID, kenLen, true) 74 if err != nil { 75 t.Fatal(err) 76 } 77 defer func() { 78 initiator.Destroy() 79 responder.Destroy() 80 }() 81 rA, _ := new(big.Int).SetString(v.LocalEphemeralPriv, 16) 82 initKeyExchange(initiator, rA) 83 84 rB, _ := new(big.Int).SetString(v.RemoteEphemeralPriv, 16) 85 RB, s2, _ := respondKeyExchange(responder, initiator.secret, rB) 86 87 key1, s1, err := initiator.ConfirmResponder(RB, s2) 88 if err != nil { 89 t.Fatal(err) 90 } 91 key2, err := responder.ConfirmInitiator(s1) 92 if err != nil { 93 t.Fatal(err) 94 } 95 96 if !bytes.Equal(key1, key2) { 97 t.Errorf("got different key") 98 } 99 if !bytes.Equal(key1, hexDecode(t, v.Key)) { 100 t.Errorf("case %v got unexpected keying data", i) 101 } 102 if !bytes.Equal(elliptic.Marshal(initiator.v.Curve, initiator.v.X, initiator.v.Y), hexDecode(t, v.SharedSecret)) { 103 t.Errorf("case %v got unexpected shared key", i) 104 } 105 } 106 } 107 108 func TestKeyExchange(t *testing.T) { 109 priv1, _ := GenerateKey(rand.Reader) 110 priv2, _ := GenerateKey(rand.Reader) 111 initiator, err := NewKeyExchange(priv1, &priv2.PublicKey, []byte("Alice"), []byte("Bob"), 48, true) 112 if err != nil { 113 t.Fatal(err) 114 } 115 responder, err := NewKeyExchange(priv2, &priv1.PublicKey, []byte("Bob"), []byte("Alice"), 48, true) 116 if err != nil { 117 t.Fatal(err) 118 } 119 defer func() { 120 initiator.Destroy() 121 responder.Destroy() 122 }() 123 rA, err := initiator.InitKeyExchange(rand.Reader) 124 if err != nil { 125 t.Fatal(err) 126 } 127 128 rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) 129 if err != nil { 130 t.Fatal(err) 131 } 132 133 key1, s1, err := initiator.ConfirmResponder(rB, s2) 134 if err != nil { 135 t.Fatal(err) 136 } 137 138 key2, err := responder.ConfirmInitiator(s1) 139 if err != nil { 140 t.Fatal(err) 141 } 142 143 if hex.EncodeToString(key1) != hex.EncodeToString(key2) { 144 t.Errorf("got different key") 145 } 146 } 147 148 func TestKeyExchangeSimplest(t *testing.T) { 149 priv1, _ := GenerateKey(rand.Reader) 150 priv2, _ := GenerateKey(rand.Reader) 151 initiator, err := NewKeyExchange(priv1, &priv2.PublicKey, nil, nil, 32, false) 152 if err != nil { 153 t.Fatal(err) 154 } 155 responder, err := NewKeyExchange(priv2, &priv1.PublicKey, nil, nil, 32, false) 156 if err != nil { 157 t.Fatal(err) 158 } 159 defer func() { 160 initiator.Destroy() 161 responder.Destroy() 162 }() 163 rA, err := initiator.InitKeyExchange(rand.Reader) 164 if err != nil { 165 t.Fatal(err) 166 } 167 168 rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) 169 if err != nil { 170 t.Fatal(err) 171 } 172 if len(s2) != 0 { 173 t.Errorf("should be no siganature") 174 } 175 176 key1, s1, err := initiator.ConfirmResponder(rB, nil) 177 if err != nil { 178 t.Fatal(err) 179 } 180 if len(s1) != 0 { 181 t.Errorf("should be no siganature") 182 } 183 184 key2, err := responder.ConfirmInitiator(nil) 185 if err != nil { 186 t.Fatal(err) 187 } 188 189 if hex.EncodeToString(key1) != hex.EncodeToString(key2) { 190 t.Errorf("got different key") 191 } 192 } 193 194 func TestSetPeerParameters(t *testing.T) { 195 priv1, _ := GenerateKey(rand.Reader) 196 priv2, _ := GenerateKey(rand.Reader) 197 priv3, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 198 uidA := []byte("Alice") 199 uidB := []byte("Bob") 200 201 initiator, err := NewKeyExchange(priv1, nil, uidA, uidB, 32, true) 202 if err != nil { 203 t.Fatal(err) 204 } 205 responder, err := NewKeyExchange(priv2, nil, uidB, uidA, 32, true) 206 if err != nil { 207 t.Fatal(err) 208 } 209 defer func() { 210 initiator.Destroy() 211 responder.Destroy() 212 }() 213 rA, err := initiator.InitKeyExchange(rand.Reader) 214 if err != nil { 215 t.Fatal(err) 216 } 217 218 // 设置对端参数 219 err = initiator.SetPeerParameters(&priv3.PublicKey, uidB) 220 if err == nil { 221 t.Errorf("should be failed") 222 } 223 224 err = initiator.SetPeerParameters(&priv2.PublicKey, uidB) 225 if err != nil { 226 t.Fatal(err) 227 } 228 229 err = responder.SetPeerParameters(&priv1.PublicKey, uidA) 230 if err != nil { 231 t.Fatal(err) 232 } 233 234 rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) 235 if err != nil { 236 t.Fatal(err) 237 } 238 239 key1, s1, err := initiator.ConfirmResponder(rB, s2) 240 if err != nil { 241 t.Fatal(err) 242 } 243 244 key2, err := responder.ConfirmInitiator(s1) 245 if err != nil { 246 t.Fatal(err) 247 } 248 249 if hex.EncodeToString(key1) != hex.EncodeToString(key2) { 250 t.Errorf("got different key") 251 } 252 } 253 254 func TestKeyExchange_SetPeerParameters(t *testing.T) { 255 priv1, _ := GenerateKey(rand.Reader) 256 priv2, _ := GenerateKey(rand.Reader) 257 uidA := []byte("Alice") 258 uidB := []byte("Bob") 259 260 initiator, err := NewKeyExchange(priv1, nil, uidA, nil, 32, true) 261 if err != nil { 262 t.Fatal(err) 263 } 264 responder, err := NewKeyExchange(priv2, nil, uidB, nil, 32, true) 265 if err != nil { 266 t.Fatal(err) 267 } 268 defer func() { 269 initiator.Destroy() 270 responder.Destroy() 271 }() 272 rA, err := initiator.InitKeyExchange(rand.Reader) 273 if err != nil { 274 t.Fatal(err) 275 } 276 277 // 设置对端参数 278 err = initiator.SetPeerParameters(&priv2.PublicKey, uidB) 279 if err != nil { 280 t.Fatal(err) 281 } 282 err = responder.SetPeerParameters(&priv1.PublicKey, uidA) 283 if err != nil { 284 t.Fatal(err) 285 } 286 287 rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) 288 if err != nil { 289 t.Fatal(err) 290 } 291 292 key1, s1, err := initiator.ConfirmResponder(rB, s2) 293 if err != nil { 294 t.Fatal(err) 295 } 296 297 key2, err := responder.ConfirmInitiator(s1) 298 if err != nil { 299 t.Fatal(err) 300 } 301 302 if hex.EncodeToString(key1) != hex.EncodeToString(key2) { 303 t.Errorf("got different key") 304 } 305 } 306 307 func TestKeyExchange_SetPeerParameters_ErrCase(t *testing.T) { 308 priv1, _ := GenerateKey(rand.Reader) 309 priv2, _ := GenerateKey(rand.Reader) 310 uidA := []byte("Alice") 311 uidB := []byte("Bob") 312 313 initiator, err := NewKeyExchange(priv1, nil, uidA, nil, 32, true) 314 if err != nil { 315 t.Fatal(err) 316 } 317 responder, err := NewKeyExchange(priv2, &priv1.PublicKey, uidB, uidA, 32, true) 318 if err != nil { 319 t.Fatal(err) 320 } 321 defer func() { 322 initiator.Destroy() 323 responder.Destroy() 324 }() 325 rA, err := initiator.InitKeyExchange(rand.Reader) 326 if err != nil { 327 t.Fatal(err) 328 } 329 rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) 330 if err != nil { 331 t.Fatal(err) 332 } 333 334 _, _, err = initiator.ConfirmResponder(rB, s2) 335 if err == nil { 336 t.Fatal(errors.New("expect call ConfirmResponder got a error, but not")) 337 } 338 339 err = initiator.SetPeerParameters(&priv2.PublicKey, uidB) 340 if err != nil { 341 t.Fatal(err) 342 } 343 344 err = initiator.SetPeerParameters(&priv2.PublicKey, uidB) 345 if err == nil { 346 t.Fatal(errors.New("expect call SetPeerParameters repeat got a error, but not")) 347 } 348 349 err = responder.SetPeerParameters(&priv1.PublicKey, uidA) 350 if err == nil { 351 t.Fatal(errors.New("expect responder call SetPeerParameters got a error, but not")) 352 } 353 }