crypto/rsa,crypto/ecdsa,crypto/ed25519: implement PrivateKey.Equal

FiloSottile · xujianhai666 · commit 298cf4216b8f · 2020-05-21T09:30:13.000+08:00
Fixes golang#38190 Change-Id: I10766068ee18974e81b3bd78ee0b4d83cc9d1a8c Reviewed-on: https://go-review.googlesource.com/c/go/+/231417 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org>
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
@@ -62,6 +62,9 @@ type PublicKey struct {
 	X, Y *big.Int
 }
 
+// Any methods implemented on PublicKey might need to also be implemented on
+// PrivateKey, as the latter embeds the former and will expose its methods.
+
 // Equal reports whether pub and x have the same value.
 //
 // Two keys are only considered to have the same value if they have the same Curve value.
@@ -91,6 +94,17 @@ func (priv *PrivateKey) Public() crypto.PublicKey {
 	return &priv.PublicKey
 }
 
+// Equal reports whether priv and x have the same value.
+//
+// See PublicKey.Equal for details on how Curve is compared.
+func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool {
+	xx, ok := x.(*PrivateKey)
+	if !ok {
+		return false
+	}
+	return priv.PublicKey.Equal(&xx.PublicKey) && priv.D.Cmp(xx.D) == 0
+}
+
 // Sign signs digest with priv, reading randomness from rand. The opts argument
 // is not currently used but, in keeping with the crypto.Signer interface,
 // should be the hash function used to digest the message.
diff --git a/src/crypto/ecdsa/equal_test.go b/src/crypto/ecdsa/equal_test.go
@@ -23,23 +23,32 @@ func testEqual(t *testing.T, c elliptic.Curve) {
 	if !public.Equal(crypto.Signer(private).Public().(*ecdsa.PublicKey)) {
 		t.Errorf("private.Public() is not Equal to public: %q", public)
 	}
+	if !private.Equal(private) {
+		t.Errorf("private key is not equal to itself: %v", private)
+	}
 
-	enc, err := x509.MarshalPKIXPublicKey(public)
+	enc, err := x509.MarshalPKCS8PrivateKey(private)
 	if err != nil {
 		t.Fatal(err)
 	}
-	decoded, err := x509.ParsePKIXPublicKey(enc)
+	decoded, err := x509.ParsePKCS8PrivateKey(enc)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if !public.Equal(decoded) {
+	if !public.Equal(decoded.(crypto.Signer).Public()) {
 		t.Errorf("public key is not equal to itself after decoding: %v", public)
 	}
+	if !private.Equal(decoded) {
+		t.Errorf("private key is not equal to itself after decoding: %v", private)
+	}
 
 	other, _ := ecdsa.GenerateKey(c, rand.Reader)
-	if public.Equal(other) {
+	if public.Equal(other.Public()) {
 		t.Errorf("different public keys are Equal")
 	}
+	if private.Equal(other) {
+		t.Errorf("different private keys are Equal")
+	}
 
 	// Ensure that keys with the same coordinates but on different curves
 	// aren't considered Equal.
diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go
@@ -40,6 +40,9 @@ const (
 // PublicKey is the type of Ed25519 public keys.
 type PublicKey []byte
 
+// Any methods implemented on PublicKey might need to also be implemented on
+// PrivateKey, as the latter embeds the former and will expose its methods.
+
 // Equal reports whether pub and x have the same value.
 func (pub PublicKey) Equal(x crypto.PublicKey) bool {
 	xx, ok := x.(PublicKey)
@@ -59,6 +62,15 @@ func (priv PrivateKey) Public() crypto.PublicKey {
 	return PublicKey(publicKey)
 }
 
+// Equal reports whether priv and x have the same value.
+func (priv PrivateKey) Equal(x crypto.PrivateKey) bool {
+	xx, ok := x.(PrivateKey)
+	if !ok {
+		return false
+	}
+	return bytes.Equal(priv, xx)
+}
+
 // Seed returns the private key seed corresponding to priv. It is provided for
 // interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
 // in this package.
diff --git a/src/crypto/ed25519/ed25519_test.go b/src/crypto/ed25519/ed25519_test.go
@@ -113,14 +113,20 @@ func TestEqual(t *testing.T) {
 	if !public.Equal(public) {
 		t.Errorf("public key is not equal to itself: %q", public)
 	}
-	if !public.Equal(crypto.Signer(private).Public().(PublicKey)) {
+	if !public.Equal(crypto.Signer(private).Public()) {
 		t.Errorf("private.Public() is not Equal to public: %q", public)
 	}
+	if !private.Equal(private) {
+		t.Errorf("private key is not equal to itself: %q", private)
+	}
 
-	other, _, _ := GenerateKey(rand.Reader)
-	if public.Equal(other) {
+	otherPub, otherPriv, _ := GenerateKey(rand.Reader)
+	if public.Equal(otherPub) {
 		t.Errorf("different public keys are Equal")
 	}
+	if private.Equal(otherPriv) {
+		t.Errorf("different private keys are Equal")
+	}
 }
 
 func TestGolden(t *testing.T) {
diff --git a/src/crypto/rsa/equal_test.go b/src/crypto/rsa/equal_test.go
@@ -22,21 +22,30 @@ func TestEqual(t *testing.T) {
 	if !public.Equal(crypto.Signer(private).Public().(*rsa.PublicKey)) {
 		t.Errorf("private.Public() is not Equal to public: %q", public)
 	}
+	if !private.Equal(private) {
+		t.Errorf("private key is not equal to itself: %v", private)
+	}
 
-	enc, err := x509.MarshalPKIXPublicKey(public)
+	enc, err := x509.MarshalPKCS8PrivateKey(private)
 	if err != nil {
 		t.Fatal(err)
 	}
-	decoded, err := x509.ParsePKIXPublicKey(enc)
+	decoded, err := x509.ParsePKCS8PrivateKey(enc)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if !public.Equal(decoded) {
+	if !public.Equal(decoded.(crypto.Signer).Public()) {
 		t.Errorf("public key is not equal to itself after decoding: %v", public)
 	}
+	if !private.Equal(decoded) {
+		t.Errorf("private key is not equal to itself after decoding: %v", private)
+	}
 
 	other, _ := rsa.GenerateKey(rand.Reader, 512)
-	if public.Equal(other) {
+	if public.Equal(other.Public()) {
 		t.Errorf("different public keys are Equal")
 	}
+	if private.Equal(other) {
+		t.Errorf("different private keys are Equal")
+	}
 }
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
@@ -44,6 +44,9 @@ type PublicKey struct {
 	E int      // public exponent
 }
 
+// Any methods implemented on PublicKey might need to also be implemented on
+// PrivateKey, as the latter embeds the former and will expose its methods.
+
 // Size returns the modulus size in bytes. Raw signatures and ciphertexts
 // for or by this public key will have the same size.
 func (pub *PublicKey) Size() int {
@@ -109,6 +112,27 @@ func (priv *PrivateKey) Public() crypto.PublicKey {
 	return &priv.PublicKey
 }
 
+// Equal reports whether priv and x have equivalent values. It ignores
+// Precomputed values.
+func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool {
+	xx, ok := x.(*PrivateKey)
+	if !ok {
+		return false
+	}
+	if !priv.PublicKey.Equal(&xx.PublicKey) || priv.D.Cmp(xx.D) != 0 {
+		return false
+	}
+	if len(priv.Primes) != len(xx.Primes) {
+		return false
+	}
+	for i := range priv.Primes {
+		if priv.Primes[i].Cmp(xx.Primes[i]) != 0 {
+			return false
+		}
+	}
+	return true
+}
+
 // Sign signs digest with priv, reading randomness from rand. If opts is a
 // *PSSOptions then the PSS algorithm will be used, otherwise PKCS#1 v1.5 will
 // be used. digest must be the result of hashing the input message using

Original file line number	Diff line number	Diff line change
`@@ -113,14 +113,20 @@ func TestEqual(t *testing.T) {`
`113`	`113`	`if !public.Equal(public) {`
`114`	`114`	`t.Errorf("public key is not equal to itself: %q", public)`
`115`	`115`	`}`
`116`		`- if !public.Equal(crypto.Signer(private).Public().(PublicKey)) {`
	`116`	`+ if !public.Equal(crypto.Signer(private).Public()) {`
`117`	`117`	`t.Errorf("private.Public() is not Equal to public: %q", public)`
`118`	`118`	`}`
	`119`	`+ if !private.Equal(private) {`
	`120`	`+ t.Errorf("private key is not equal to itself: %q", private)`
	`121`	`+ }`
`119`	`122`
`120`		`- other, _, _ := GenerateKey(rand.Reader)`
`121`		`- if public.Equal(other) {`
	`123`	`+ otherPub, otherPriv, _ := GenerateKey(rand.Reader)`
	`124`	`+ if public.Equal(otherPub) {`
`122`	`125`	`t.Errorf("different public keys are Equal")`
`123`	`126`	`}`
	`127`	`+ if private.Equal(otherPriv) {`
	`128`	`+ t.Errorf("different private keys are Equal")`
	`129`	`+ }`
`124`	`130`	`}`
`125`	`131`
`126`	`132`	`func TestGolden(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -22,21 +22,30 @@ func TestEqual(t *testing.T) {`
`22`	`22`	`if !public.Equal(crypto.Signer(private).Public().(*rsa.PublicKey)) {`
`23`	`23`	`t.Errorf("private.Public() is not Equal to public: %q", public)`
`24`	`24`	`}`
	`25`	`+ if !private.Equal(private) {`
	`26`	`+ t.Errorf("private key is not equal to itself: %v", private)`
	`27`	`+ }`
`25`	`28`
`26`		`- enc, err := x509.MarshalPKIXPublicKey(public)`
	`29`	`+ enc, err := x509.MarshalPKCS8PrivateKey(private)`
`27`	`30`	`if err != nil {`
`28`	`31`	`t.Fatal(err)`
`29`	`32`	`}`
`30`		`- decoded, err := x509.ParsePKIXPublicKey(enc)`
	`33`	`+ decoded, err := x509.ParsePKCS8PrivateKey(enc)`
`31`	`34`	`if err != nil {`
`32`	`35`	`t.Fatal(err)`
`33`	`36`	`}`
`34`		`- if !public.Equal(decoded) {`
	`37`	`+ if !public.Equal(decoded.(crypto.Signer).Public()) {`
`35`	`38`	`t.Errorf("public key is not equal to itself after decoding: %v", public)`
`36`	`39`	`}`
	`40`	`+ if !private.Equal(decoded) {`
	`41`	`+ t.Errorf("private key is not equal to itself after decoding: %v", private)`
	`42`	`+ }`
`37`	`43`
`38`	`44`	`other, _ := rsa.GenerateKey(rand.Reader, 512)`
`39`		`- if public.Equal(other) {`
	`45`	`+ if public.Equal(other.Public()) {`
`40`	`46`	`t.Errorf("different public keys are Equal")`
`41`	`47`	`}`
	`48`	`+ if private.Equal(other) {`
	`49`	`+ t.Errorf("different private keys are Equal")`
	`50`	`+ }`
`42`	`51`	`}`