...

Source file src/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa_test.go

Documentation: github.com/theupdateframework/go-tuf/pkg/keys

     1  package keys
     2  
     3  import (
     4  	"crypto/ecdsa"
     5  	"crypto/elliptic"
     6  	"crypto/rand"
     7  	"encoding/hex"
     8  	"encoding/json"
     9  	"errors"
    10  	"io"
    11  	"strings"
    12  
    13  	fuzz "github.com/google/gofuzz"
    14  	"github.com/theupdateframework/go-tuf/data"
    15  	. "gopkg.in/check.v1"
    16  )
    17  
    18  type ECDSASuite struct{}
    19  
    20  var _ = Suite(ECDSASuite{})
    21  
    22  func (ECDSASuite) TestSignVerify(c *C) {
    23  	signer, err := GenerateEcdsaKey()
    24  	c.Assert(err, IsNil)
    25  	msg := []byte("foo")
    26  	sig, err := signer.SignMessage(msg)
    27  	c.Assert(err, IsNil)
    28  	publicData := signer.PublicData()
    29  	pubKey, err := GetVerifier(publicData)
    30  	c.Assert(err, IsNil)
    31  	c.Assert(pubKey.Verify(msg, sig), IsNil)
    32  }
    33  
    34  func (ECDSASuite) TestECDSAVerifyMismatchMessage(c *C) {
    35  	signer, err := GenerateEcdsaKey()
    36  	c.Assert(err, IsNil)
    37  	msg := []byte("foo")
    38  	sig, err := signer.SignMessage(msg)
    39  	c.Assert(err, IsNil)
    40  	publicData := signer.PublicData()
    41  	pubKey, err := GetVerifier(publicData)
    42  	c.Assert(err, IsNil)
    43  	c.Assert(pubKey.Verify([]byte("notfoo"), sig), ErrorMatches, "tuf: ecdsa signature verification failed")
    44  }
    45  
    46  func (ECDSASuite) TestECDSAVerifyMismatchPubKey(c *C) {
    47  	signer, err := GenerateEcdsaKey()
    48  	c.Assert(err, IsNil)
    49  	msg := []byte("foo")
    50  	sig, err := signer.SignMessage(msg)
    51  	c.Assert(err, IsNil)
    52  
    53  	signerNew, err := GenerateEcdsaKey()
    54  	c.Assert(err, IsNil)
    55  	pubKey, err := GetVerifier(signerNew.PublicData())
    56  	c.Assert(err, IsNil)
    57  	c.Assert(pubKey.Verify([]byte("notfoo"), sig), ErrorMatches, "tuf: ecdsa signature verification failed")
    58  }
    59  
    60  func (ECDSASuite) TestSignVerifyDeprecatedFails(c *C) {
    61  	// Create an ecdsa key with a deprecated format.
    62  	signer, err := GenerateEcdsaKey()
    63  	c.Assert(err, IsNil)
    64  
    65  	type deprecatedP256Verifier struct {
    66  		PublicKey data.HexBytes `json:"public"`
    67  	}
    68  	pub := signer.PublicKey
    69  	keyValBytes, err := json.Marshal(&deprecatedP256Verifier{PublicKey: elliptic.Marshal(pub.Curve, pub.X, pub.Y)})
    70  	c.Assert(err, IsNil)
    71  	publicData := &data.PublicKey{
    72  		Type:       data.KeyTypeECDSA_SHA2_P256,
    73  		Scheme:     data.KeySchemeECDSA_SHA2_P256,
    74  		Algorithms: data.HashAlgorithms,
    75  		Value:      keyValBytes,
    76  	}
    77  
    78  	_, err = GetVerifier(publicData)
    79  	c.Assert(err, ErrorMatches, "tuf: error unmarshalling key: invalid PEM value")
    80  }
    81  
    82  func (ECDSASuite) TestMarshalUnmarshalPublicKey(c *C) {
    83  	signer, err := GenerateEcdsaKey()
    84  	c.Assert(err, IsNil)
    85  	publicData := signer.PublicData()
    86  	pubKey, err := GetVerifier(publicData)
    87  	c.Assert(err, IsNil)
    88  	c.Assert(pubKey.MarshalPublicKey(), DeepEquals, publicData)
    89  }
    90  
    91  func (ECDSASuite) TestMarshalUnmarshalPrivateKey(c *C) {
    92  	signer, err := GenerateEcdsaKey()
    93  	c.Assert(err, IsNil)
    94  	privateData, err := signer.MarshalPrivateKey()
    95  	c.Assert(err, IsNil)
    96  	c.Assert(privateData.Type, Equals, data.KeyTypeECDSA_SHA2_P256)
    97  	c.Assert(privateData.Scheme, Equals, data.KeySchemeECDSA_SHA2_P256)
    98  	c.Assert(privateData.Algorithms, DeepEquals, data.HashAlgorithms)
    99  	s, err := GetSigner(privateData)
   100  	c.Assert(err, IsNil)
   101  	c.Assert(s, DeepEquals, signer)
   102  }
   103  
   104  func (ECDSASuite) TestUnmarshalECDSA(c *C) {
   105  	priv, err := ecdsa.GenerateKey(elliptic.P256(), strings.NewReader("00001-deterministic-buffer-for-key-generation"))
   106  	c.Assert(err, IsNil)
   107  
   108  	signer := &ecdsaSigner{priv}
   109  	goodKey := signer.PublicData()
   110  
   111  	verifier := NewEcdsaVerifier()
   112  	c.Assert(verifier.UnmarshalPublicKey(goodKey), IsNil)
   113  }
   114  
   115  func (ECDSASuite) TestUnmarshalECDSA_Invalid(c *C) {
   116  	badKeyValue, err := json.Marshal(true)
   117  	c.Assert(err, IsNil)
   118  
   119  	badKey := &data.PublicKey{
   120  		Type:       data.KeyTypeECDSA_SHA2_P256,
   121  		Scheme:     data.KeySchemeECDSA_SHA2_P256,
   122  		Algorithms: data.HashAlgorithms,
   123  		Value:      badKeyValue,
   124  	}
   125  	verifier := NewEcdsaVerifier()
   126  	c.Assert(verifier.UnmarshalPublicKey(badKey), ErrorMatches, "json: cannot unmarshal.*")
   127  }
   128  
   129  func (ECDSASuite) TestUnmarshalECDSA_FastFuzz(c *C) {
   130  	verifier := NewEcdsaVerifier()
   131  	for i := 0; i < 50; i++ {
   132  		// Ensure no basic panic
   133  
   134  		f := fuzz.New()
   135  		var publicData data.PublicKey
   136  		f.Fuzz(&publicData)
   137  
   138  		verifier.UnmarshalPublicKey(&publicData)
   139  	}
   140  }
   141  
   142  func (ECDSASuite) TestUnmarshalECDSA_TooLongContent(c *C) {
   143  	randomSeed := make([]byte, MaxJSONKeySize)
   144  	_, err := io.ReadFull(rand.Reader, randomSeed)
   145  	c.Assert(err, IsNil)
   146  
   147  	tooLongPayload, err := json.Marshal(
   148  		&ed25519Verifier{
   149  			PublicKey: data.HexBytes(hex.EncodeToString(randomSeed)),
   150  		},
   151  	)
   152  	c.Assert(err, IsNil)
   153  
   154  	badKey := &data.PublicKey{
   155  		Type:       data.KeyTypeECDSA_SHA2_P256,
   156  		Scheme:     data.KeySchemeECDSA_SHA2_P256,
   157  		Algorithms: data.HashAlgorithms,
   158  		Value:      tooLongPayload,
   159  	}
   160  	verifier := NewEcdsaVerifier()
   161  	err = verifier.UnmarshalPublicKey(badKey)
   162  	c.Assert(errors.Is(err, io.ErrUnexpectedEOF), Equals, true)
   163  }
   164  

View as plain text