1 package keys
2
3 import (
4 "crypto/rand"
5 "encoding/hex"
6 "encoding/json"
7 "errors"
8 "io"
9
10 "github.com/theupdateframework/go-tuf/data"
11 . "gopkg.in/check.v1"
12 )
13
14 type RsaSuite struct{}
15
16 var _ = Suite(&RsaSuite{})
17
18 func (RsaSuite) TestSignVerify(c *C) {
19 signer, err := GenerateRsaKey()
20 c.Assert(err, IsNil)
21 msg := []byte("foo")
22 sig, err := signer.SignMessage(msg)
23 c.Assert(err, IsNil)
24 publicData := signer.PublicData()
25 pubKey, err := GetVerifier(publicData)
26 c.Assert(err, IsNil)
27 c.Assert(pubKey.Verify(msg, sig), IsNil)
28 }
29
30 func (RsaSuite) TestRSAVerifyMismatchMessage(c *C) {
31 signer, err := GenerateRsaKey()
32 c.Assert(err, IsNil)
33 msg := []byte("foo")
34 sig, err := signer.SignMessage(msg)
35 c.Assert(err, IsNil)
36 publicData := signer.PublicData()
37 pubKey, err := GetVerifier(publicData)
38 c.Assert(err, IsNil)
39 c.Assert(pubKey.Verify([]byte("notfoo"), sig), ErrorMatches, "crypto/rsa: verification error")
40 }
41
42 func (RsaSuite) TestRSAVerifyMismatchPubKey(c *C) {
43 signer, err := GenerateRsaKey()
44 c.Assert(err, IsNil)
45 msg := []byte("foo")
46 sig, err := signer.SignMessage(msg)
47 c.Assert(err, IsNil)
48
49 signerNew, err := GenerateRsaKey()
50 c.Assert(err, IsNil)
51
52 pubKey, err := GetVerifier(signerNew.PublicData())
53 c.Assert(err, IsNil)
54 c.Assert(pubKey.Verify([]byte("notfoo"), sig), ErrorMatches, "crypto/rsa: verification error")
55 }
56
57 func (RsaSuite) TestMarshalUnmarshalPublicKey(c *C) {
58 signer, err := GenerateRsaKey()
59 c.Assert(err, IsNil)
60 publicData := signer.PublicData()
61 pubKey, err := GetVerifier(publicData)
62 c.Assert(err, IsNil)
63 c.Assert(pubKey.MarshalPublicKey(), DeepEquals, publicData)
64 }
65
66 func (RsaSuite) TestMarshalUnmarshalPrivateKey(c *C) {
67 signer, err := GenerateRsaKey()
68 c.Assert(err, IsNil)
69 privateData, err := signer.MarshalPrivateKey()
70 c.Assert(err, IsNil)
71 c.Assert(privateData.Type, Equals, data.KeyTypeRSASSA_PSS_SHA256)
72 c.Assert(privateData.Scheme, Equals, data.KeySchemeRSASSA_PSS_SHA256)
73 c.Assert(privateData.Algorithms, DeepEquals, data.HashAlgorithms)
74 s, err := GetSigner(privateData)
75 c.Assert(err, IsNil)
76 c.Assert(s, DeepEquals, signer)
77 }
78
79 func (ECDSASuite) TestUnmarshalRSA_Invalid(c *C) {
80 badKeyValue, err := json.Marshal(true)
81 c.Assert(err, IsNil)
82
83 badKey := &data.PublicKey{
84 Type: data.KeyTypeECDSA_SHA2_P256,
85 Scheme: data.KeySchemeECDSA_SHA2_P256,
86 Algorithms: data.HashAlgorithms,
87 Value: badKeyValue,
88 }
89 verifier := NewEcdsaVerifier()
90 c.Assert(verifier.UnmarshalPublicKey(badKey), ErrorMatches, "json: cannot unmarshal.*")
91 }
92
93 func (ECDSASuite) TestUnmarshalRSAPublicKey(c *C) {
94 priv, err := GenerateRsaKey()
95 c.Assert(err, IsNil)
96
97 signer := &rsaSigner{priv.PrivateKey}
98 goodKey := signer.PublicData()
99
100 verifier := NewRsaVerifier()
101 c.Assert(verifier.UnmarshalPublicKey(goodKey), IsNil)
102 }
103
104 func (ECDSASuite) TestUnmarshalRSA_TooLongContent(c *C) {
105 randomSeed := make([]byte, MaxJSONKeySize)
106 _, err := io.ReadFull(rand.Reader, randomSeed)
107 c.Assert(err, IsNil)
108
109 tooLongPayload, err := json.Marshal(
110 &ed25519Verifier{
111 PublicKey: data.HexBytes(hex.EncodeToString(randomSeed)),
112 },
113 )
114 c.Assert(err, IsNil)
115
116 badKey := &data.PublicKey{
117 Type: data.KeyTypeECDSA_SHA2_P256,
118 Scheme: data.KeySchemeECDSA_SHA2_P256,
119 Algorithms: data.HashAlgorithms,
120 Value: tooLongPayload,
121 }
122 verifier := NewRsaVerifier()
123 err = verifier.UnmarshalPublicKey(badKey)
124 c.Assert(errors.Is(err, io.ErrUnexpectedEOF), Equals, true)
125 }
126
View as plain text