Source file src/github.com/google/certificate-transparency-go/tls/signature_test.go

Documentation: github.com/google/certificate-transparency-go/tls

     1  // Copyright 2016 Google LLC. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tls_test
    16  
    17  import (
    18  	"crypto"
    19  	"encoding/pem"
    20  	mathrand "math/rand"
    21  	"reflect"
    22  	"strings"
    23  	"testing"
    24  	"time"
    25  
    26  	"github.com/google/certificate-transparency-go/testdata"
    27  	"github.com/google/certificate-transparency-go/tls"
    28  	"github.com/google/certificate-transparency-go/x509"
    29  )
    30  
    31  func TestVerifySignature(t *testing.T) {
    32  	var tests = []struct {
    33  		pubKey   crypto.PublicKey
    34  		in       string // hex encoded
    35  		hashAlgo tls.HashAlgorithm
    36  		sigAlgo  tls.SignatureAlgorithm
    37  		errstr   string
    38  		sig      string // hex encoded
    39  	}{
    40  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", 99, tls.ECDSA, "unsupported Algorithm.Hash", "1234"},
    41  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, 99, "unsupported Algorithm.Signature", "1234"},
    42  
    43  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, tls.DSA, "cannot verify DSA", "1234"},
    44  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "cannot verify ECDSA", "1234"},
    45  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, tls.RSA, "verification error", "1234"},
    46  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "cannot verify ECDSA", "1234"},
    47  
    48  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.RSA, "cannot verify RSA", "1234"},
    49  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.ECDSA, "cannot verify ECDSA", "1234"},
    50  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.DSA, "failed to unmarshal DSA signature", "1234"},
    51  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.DSA, "failed to verify DSA signature", "3006020101020101eeff"},
    52  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.DSA, "zero or negative values", "3006020100020181"},
    53  
    54  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.RSA, "cannot verify RSA", "1234"},
    55  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.DSA, "cannot verify DSA", "1234"},
    56  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "failed to unmarshal ECDSA signature", "1234"},
    57  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "failed to verify ECDSA signature", "3006020101020101eeff"},
    58  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "zero or negative values", "3006020100020181"},
    59  
    60  		{PEM2PK(testdata.RsaPublicKeyPEM), "61626364", tls.SHA256, tls.RSA, "", testdata.RsaSignedAbcdHex},
    61  		{PEM2PK(testdata.DsaPublicKeyPEM), "61626364", tls.SHA1, tls.DSA, "", testdata.DsaSignedAbcdHex},
    62  		{PEM2PK(testdata.EcdsaPublicKeyPEM), "61626364", tls.SHA256, tls.ECDSA, "", testdata.EcdsaSignedAbcdHex},
    63  	}
    64  	for _, test := range tests {
    65  		algo := tls.SignatureAndHashAlgorithm{Hash: test.hashAlgo, Signature: test.sigAlgo}
    66  		signed := tls.DigitallySigned{Algorithm: algo, Signature: testdata.FromHex(test.sig)}
    67  
    68  		err := tls.VerifySignature(test.pubKey, testdata.FromHex(test.in), signed)
    69  		if test.errstr != "" {
    70  			if err == nil {
    71  				t.Errorf("VerifySignature(%s)=nil; want %q", test.in, test.errstr)
    72  			} else if !strings.Contains(err.Error(), test.errstr) {
    73  				t.Errorf("VerifySignature(%s)=%q; want %q", test.in, err.Error(), test.errstr)
    74  			}
    75  			continue
    76  		}
    77  		if err != nil {
    78  			t.Errorf("VerifySignature(%s)=%q; want nil", test.in, err)
    79  		}
    80  	}
    81  }
    82  
    83  func TestCreateSignatureVerifySignatureRoundTrip(t *testing.T) {
    84  	var tests = []struct {
    85  		privKey  crypto.PrivateKey
    86  		pubKey   crypto.PublicKey
    87  		hashAlgo tls.HashAlgorithm
    88  	}{
    89  		{PEM2PrivKey(testdata.RsaPrivateKeyPEM), PEM2PK(testdata.RsaPublicKeyPEM), tls.SHA256},
    90  		{PEM2PrivKey(testdata.EcdsaPrivateKeyPKCS8PEM), PEM2PK(testdata.EcdsaPublicKeyPEM), tls.SHA256},
    91  	}
    92  	seed := time.Now().UnixNano()
    93  	r := mathrand.New(mathrand.NewSource(seed))
    94  	for _, test := range tests {
    95  		for j := 0; j < 1; j++ {
    96  			dataLen := 10 + r.Intn(100)
    97  			data := make([]byte, dataLen)
    98  			_, _ = r.Read(data)
    99  			sig, err := tls.CreateSignature(test.privKey, test.hashAlgo, data)
   100  			if err != nil {
   101  				t.Errorf("CreateSignature(%T, %v) failed with: %q", test.privKey, test.hashAlgo, err.Error())
   102  				continue
   103  			}
   104  
   105  			if err := tls.VerifySignature(test.pubKey, data, sig); err != nil {
   106  				t.Errorf("VerifySignature(%T, %v) failed with: %q", test.pubKey, test.hashAlgo, err)
   107  			}
   108  		}
   109  	}
   110  }
   111  
   112  func TestCreateSignatureFailures(t *testing.T) {
   113  	var tests = []struct {
   114  		privKey  crypto.PrivateKey
   115  		hashAlgo tls.HashAlgorithm
   116  		in       string // hex encoded
   117  		errstr   string
   118  	}{
   119  		{PEM2PrivKey(testdata.EcdsaPrivateKeyPKCS8PEM), 99, "abcd", "unsupported Algorithm.Hash"},
   120  		{nil, tls.SHA256, "abcd", "unsupported private key type"},
   121  	}
   122  	for _, test := range tests {
   123  		if sig, err := tls.CreateSignature(test.privKey, test.hashAlgo, testdata.FromHex(test.in)); err == nil {
   124  			t.Errorf("CreateSignature(%T, %v)=%v,nil; want error %q", test.privKey, test.hashAlgo, sig, test.errstr)
   125  		} else if !strings.Contains(err.Error(), test.errstr) {
   126  			t.Errorf("CreateSignature(%T, %v)=nil,%q; want error %q", test.privKey, test.hashAlgo, err.Error(), test.errstr)
   127  		}
   128  	}
   129  }
   130  
   131  func PEM2PK(s string) crypto.PublicKey {
   132  	p, _ := pem.Decode([]byte(s))
   133  	if p == nil {
   134  		panic("no PEM block found in " + s)
   135  	}
   136  	pubKey, _ := x509.ParsePKIXPublicKey(p.Bytes)
   137  	if pubKey == nil {
   138  		panic("public key not parsed from " + s)
   139  	}
   140  	return pubKey
   141  }
   142  func PEM2PrivKey(s string) crypto.PrivateKey {
   143  	p, _ := pem.Decode([]byte(s))
   144  	if p == nil {
   145  		panic("no PEM block found in " + s)
   146  	}
   147  
   148  	// Try various different private key formats one after another.
   149  	if rsaPrivKey, err := x509.ParsePKCS1PrivateKey(p.Bytes); err == nil {
   150  		return *rsaPrivKey
   151  	}
   152  	if pkcs8Key, err := x509.ParsePKCS8PrivateKey(p.Bytes); err == nil {
   153  		if reflect.TypeOf(pkcs8Key).Kind() == reflect.Ptr {
   154  			pkcs8Key = reflect.ValueOf(pkcs8Key).Elem().Interface()
   155  		}
   156  		return pkcs8Key
   157  	}
   158  
   159  	return nil
   160  }
   161  

View as plain text