crypto/ecdsa: add SignASN1, VerifyASN1

Update the Example in the crypto/ecdsa package for signing and verifying signatures to use these new functions. This also changes (*PrivateKey).Sign to use x/crypto/cryptobyte/asn1 instead of encoding/asn1 to marshal the signature. Fixes #20544 Change-Id: I3423cfc4d7f9e1748fbed5a631438c8a3b280df4 Reviewed-on: https://go-review.googlesource.com/c/go/+/217940 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-12-08 06:10:04 +00:00 · 2020-02-05 15:19:41 -05:00 · 2020-02-05 15:19:41 -05:00 · 8c09e8af36
commit 8c09e8af36
parent f5ff00583f
4 changed files with 75 additions and 12 deletions
--- a/src/crypto/ecdsa/ecdsa_test.go
+++ b/src/crypto/ecdsa/ecdsa_test.go
@ -131,6 +131,36 @@ func TestSignAndVerify(t *testing.T) {
 	testSignAndVerify(t, elliptic.P521(), "p521")
 }

+func testSignAndVerifyASN1(t *testing.T, c elliptic.Curve, tag string) {
+	priv, _ := GenerateKey(c, rand.Reader)
+
+	hashed := []byte("testing")
+	sig, err := SignASN1(rand.Reader, priv, hashed)
+	if err != nil {
+		t.Errorf("%s: error signing: %s", tag, err)
+		return
+	}
+
+	if !VerifyASN1(&priv.PublicKey, hashed, sig) {
+		t.Errorf("%s: VerifyASN1 failed", tag)
+	}
+
+	hashed[0] ^= 0xff
+	if VerifyASN1(&priv.PublicKey, hashed, sig) {
+		t.Errorf("%s: VerifyASN1 always works!", tag)
+	}
+}
+
+func TestSignAndVerifyASN1(t *testing.T) {
+	testSignAndVerifyASN1(t, elliptic.P224(), "p224")
+	if testing.Short() {
+		return
+	}
+	testSignAndVerifyASN1(t, elliptic.P256(), "p256")
+	testSignAndVerifyASN1(t, elliptic.P384(), "p384")
+	testSignAndVerifyASN1(t, elliptic.P521(), "p521")
+}
+
 func testNonceSafety(t *testing.T, c elliptic.Curve, tag string) {
 	priv, _ := GenerateKey(c, rand.Reader)