1 package keys
2
3 import (
4 "crypto"
5 "crypto/ecdsa"
6 "crypto/elliptic"
7 "crypto/rand"
8 "crypto/sha256"
9 "encoding/json"
10 "errors"
11
12 "github.com/theupdateframework/go-tuf/data"
13 . "gopkg.in/check.v1"
14 )
15
16 type DeprecatedECDSASuite struct{}
17
18 var _ = Suite(DeprecatedECDSASuite{})
19
20 type deprecatedEcdsaSigner struct {
21 *ecdsa.PrivateKey
22 }
23
24 type deprecatedEcdsaPublic struct {
25 PublicKey data.HexBytes `json:"public"`
26 }
27
28 func (s deprecatedEcdsaSigner) PublicData() *data.PublicKey {
29 pub := s.Public().(*ecdsa.PublicKey)
30 keyValBytes, _ := json.Marshal(deprecatedEcdsaPublic{
31 PublicKey: elliptic.Marshal(pub.Curve, pub.X, pub.Y)})
32 return &data.PublicKey{
33 Type: data.KeyTypeECDSA_SHA2_P256,
34 Scheme: data.KeySchemeECDSA_SHA2_P256,
35 Algorithms: data.HashAlgorithms,
36 Value: keyValBytes,
37 }
38 }
39
40 func (s deprecatedEcdsaSigner) SignMessage(message []byte) ([]byte, error) {
41 hash := sha256.Sum256(message)
42 return s.PrivateKey.Sign(rand.Reader, hash[:], crypto.SHA256)
43 }
44
45 func (s deprecatedEcdsaSigner) ContainsID(id string) bool {
46 return s.PublicData().ContainsID(id)
47 }
48
49 func (deprecatedEcdsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) {
50 return nil, errors.New("not implemented for test")
51 }
52
53 func (deprecatedEcdsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error {
54 return errors.New("not implemented for test")
55 }
56
57 func generatedDeprecatedSigner() (*deprecatedEcdsaSigner, error) {
58 privkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
59 if err != nil {
60 return nil, err
61 }
62 return &deprecatedEcdsaSigner{privkey}, nil
63 }
64
65 func (DeprecatedECDSASuite) TestSignVerifyDeprecatedFormat(c *C) {
66
67 signer, err := generatedDeprecatedSigner()
68 c.Assert(err, IsNil)
69 msg := []byte("foo")
70 sig, err := signer.SignMessage(msg)
71 c.Assert(err, IsNil)
72
73 pub := signer.PublicKey
74
75 keyValBytes, err := json.Marshal(&deprecatedP256Verifier{PublicKey: elliptic.Marshal(pub.Curve, pub.X, pub.Y)})
76 c.Assert(err, IsNil)
77 publicData := &data.PublicKey{
78 Type: data.KeyTypeECDSA_SHA2_P256,
79 Scheme: data.KeySchemeECDSA_SHA2_P256,
80 Algorithms: data.HashAlgorithms,
81 Value: keyValBytes,
82 }
83
84 deprecatedEcdsa := NewDeprecatedEcdsaVerifier()
85 err = deprecatedEcdsa.UnmarshalPublicKey(publicData)
86 c.Assert(err, IsNil)
87 c.Assert(deprecatedEcdsa.Verify(msg, sig), IsNil)
88 }
89
90 func (DeprecatedECDSASuite) TestECDSAVerifyMismatchMessage(c *C) {
91 signer, err := generatedDeprecatedSigner()
92 c.Assert(err, IsNil)
93 msg := []byte("foo")
94 sig, err := signer.SignMessage(msg)
95 c.Assert(err, IsNil)
96 publicData := signer.PublicData()
97 deprecatedEcdsa := NewDeprecatedEcdsaVerifier()
98 err = deprecatedEcdsa.UnmarshalPublicKey(publicData)
99 c.Assert(err, IsNil)
100 c.Assert(deprecatedEcdsa.Verify([]byte("notfoo"), sig), ErrorMatches, "tuf: deprecated ecdsa signature verification failed")
101 }
102
103 func (DeprecatedECDSASuite) TestECDSAVerifyMismatchPubKey(c *C) {
104 signer, err := generatedDeprecatedSigner()
105 c.Assert(err, IsNil)
106 msg := []byte("foo")
107 sig, err := signer.SignMessage(msg)
108 c.Assert(err, IsNil)
109
110 signerNew, err := generatedDeprecatedSigner()
111 c.Assert(err, IsNil)
112 deprecatedEcdsa := NewDeprecatedEcdsaVerifier()
113 err = deprecatedEcdsa.UnmarshalPublicKey(signerNew.PublicData())
114 c.Assert(err, IsNil)
115 c.Assert(deprecatedEcdsa.Verify([]byte("notfoo"), sig), ErrorMatches, "tuf: deprecated ecdsa signature verification failed")
116 }
117
118 func (DeprecatedECDSASuite) TestMarshalUnmarshalPublicKey(c *C) {
119 signer, err := generatedDeprecatedSigner()
120 c.Assert(err, IsNil)
121
122 pub := signer.PublicData()
123
124 deprecatedEcdsa := NewDeprecatedEcdsaVerifier()
125 err = deprecatedEcdsa.UnmarshalPublicKey(pub)
126 c.Assert(err, IsNil)
127
128 c.Assert(deprecatedEcdsa.MarshalPublicKey(), DeepEquals, pub)
129 }
130
View as plain text