Source file src/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519_test.go

Documentation: github.com/ProtonMail/go-crypto/openpgp/internal/ecc

     1  // Copyright 2019 ProtonTech AG.
     2  
     3  // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
     4  package ecc
     5  
     6  import (
     7  	"crypto/rand"
     8  	"testing"
     9  )
    10  
    11  // Some OpenPGP implementations, such as gpg 2.2.12, do not accept ECDH private
    12  // keys if they're not masked. This is because they're not of the proper form,
    13  // cryptographically, and they don't mask input keys during crypto operations.
    14  // This test checks if the keys that this library stores or outputs are
    15  // properly masked.
    16  func TestGenerateMaskedPrivateKeyX25519(t *testing.T) {
    17  	c := NewCurve25519()
    18  	_, secret, err := c.GenerateECDH(rand.Reader)
    19  	if err != nil {
    20  		t.Fatal(err)
    21  	}
    22  
    23  	encoded := c.MarshalByteSecret(secret)
    24  	decoded := c.UnmarshalByteSecret(encoded)
    25  	if decoded == nil {
    26  		t.Fatal(err)
    27  	}
    28  
    29  	// Check masking
    30  	// 3 lsb are 0
    31  	if decoded[0]<<5 != 0 {
    32  		t.Fatalf("Priv. key is not masked (3 lsb should be unset): %X", decoded)
    33  	}
    34  	// MSB is 0
    35  	if decoded[31]>>7 != 0 {
    36  		t.Fatalf("Priv. key is not masked (MSB should be unset): %X", decoded)
    37  	}
    38  	// Second-MSB is 1
    39  	if decoded[31]>>6 != 1 {
    40  		t.Fatalf("Priv. key is not masked (second MSB should be set): %X", decoded)
    41  	}
    42  }
    43  

View as plain text