github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/bccsp/pkcs11/pkcs11_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2017 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  package pkcs11
    17  
    18  import (
    19  	"crypto/ecdsa"
    20  	"crypto/elliptic"
    21  	"crypto/rand"
    22  	"encoding/asn1"
    23  	"encoding/hex"
    24  	"testing"
    25  
    26  	"github.com/hyperledger/fabric/bccsp"
    27  )
    28  
    29  func TestPKCS11GetSession(t *testing.T) {
    30  	if !enablePKCS11tests {
    31  		t.SkipNow()
    32  	}
    33  
    34  	session := getSession()
    35  	defer returnSession(session)
    36  }
    37  
    38  func TestPKCS11ECKeySignVerify(t *testing.T) {
    39  	if !enablePKCS11tests {
    40  		t.SkipNow()
    41  	}
    42  
    43  	msg1 := []byte("This is my very authentic message")
    44  	msg2 := []byte("This is my very unauthentic message")
    45  	hash1, _ := currentBCCSP.Hash(msg1, &bccsp.SHAOpts{})
    46  	hash2, _ := currentBCCSP.Hash(msg2, &bccsp.SHAOpts{})
    47  
    48  	var oid asn1.ObjectIdentifier
    49  	if currentTestConfig.securityLevel == 256 {
    50  		oid = oidNamedCurveP256
    51  	} else if currentTestConfig.securityLevel == 384 {
    52  		oid = oidNamedCurveP384
    53  	}
    54  
    55  	key, pubKey, err := generateECKey(oid, true)
    56  	if err != nil {
    57  		t.Fatalf("Failed generating Key [%s]", err)
    58  	}
    59  
    60  	R, S, err := signECDSA(key, hash1)
    61  
    62  	if err != nil {
    63  		t.Fatalf("Failed signing message [%s]", err)
    64  	}
    65  
    66  	pass, err := verifyECDSA(key, hash1, R, S, currentTestConfig.securityLevel/8)
    67  	if err != nil {
    68  		t.Fatalf("Error verifying message 1 [%s]", err)
    69  	}
    70  	if pass == false {
    71  		t.Fatal("Signature should match!")
    72  	}
    73  
    74  	pass = ecdsa.Verify(pubKey, hash1, R, S)
    75  	if pass == false {
    76  		t.Fatal("Signature should match with software verification!")
    77  	}
    78  
    79  	pass, err = verifyECDSA(key, hash2, R, S, currentTestConfig.securityLevel/8)
    80  	if err != nil {
    81  		t.Fatalf("Error verifying message 2 [%s]", err)
    82  	}
    83  
    84  	if pass != false {
    85  		t.Fatal("Signature should not match!")
    86  	}
    87  
    88  	pass = ecdsa.Verify(pubKey, hash2, R, S)
    89  	if pass != false {
    90  		t.Fatal("Signature should not match with software verification!")
    91  	}
    92  }
    93  
    94  func TestPKCS11ECKeyImportSignVerify(t *testing.T) {
    95  	if !enablePKCS11tests {
    96  		t.SkipNow()
    97  	}
    98  
    99  	msg1 := []byte("This is my very authentic message")
   100  	msg2 := []byte("This is my very unauthentic message")
   101  	hash1, _ := currentBCCSP.Hash(msg1, &bccsp.SHAOpts{})
   102  	hash2, err := currentBCCSP.Hash(msg2, &bccsp.SHAOpts{})
   103  
   104  	var oid asn1.ObjectIdentifier
   105  	var key *ecdsa.PrivateKey
   106  	if currentTestConfig.securityLevel == 256 {
   107  		oid = oidNamedCurveP256
   108  		key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
   109  		if err != nil {
   110  			t.Fatalf("Failed generating ECDSA key [%s]", err)
   111  		}
   112  	} else if currentTestConfig.securityLevel == 384 {
   113  		oid = oidNamedCurveP384
   114  		key, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
   115  		if err != nil {
   116  			t.Fatalf("Failed generating ECDSA key [%s]", err)
   117  		}
   118  	}
   119  
   120  	ecPt := elliptic.Marshal(key.Curve, key.X, key.Y)
   121  	ski, err := importECKey(oid, key.D.Bytes(), ecPt, false, isPrivateKey)
   122  	if err != nil {
   123  		t.Fatalf("Failed getting importing EC Public Key [%s]", err)
   124  	}
   125  
   126  	R, S, err := signECDSA(ski, hash1)
   127  
   128  	if err != nil {
   129  		t.Fatalf("Failed signing message [%s]", err)
   130  	}
   131  
   132  	pass, err := verifyECDSA(ski, hash1, R, S, currentTestConfig.securityLevel/8)
   133  	if err != nil {
   134  		t.Fatalf("Error verifying message 1 [%s]\n%s\n\n%s", err, hex.Dump(R.Bytes()), hex.Dump(S.Bytes()))
   135  	}
   136  	if pass == false {
   137  		t.Fatalf("Signature should match!\n%s\n\n%s", hex.Dump(R.Bytes()), hex.Dump(S.Bytes()))
   138  	}
   139  
   140  	pass = ecdsa.Verify(&key.PublicKey, hash1, R, S)
   141  	if pass == false {
   142  		t.Fatal("Signature should match with software verification!")
   143  	}
   144  
   145  	pass, err = verifyECDSA(ski, hash2, R, S, currentTestConfig.securityLevel/8)
   146  	if err != nil {
   147  		t.Fatalf("Error verifying message 2 [%s]", err)
   148  	}
   149  
   150  	if pass != false {
   151  		t.Fatal("Signature should not match!")
   152  	}
   153  
   154  	pass = ecdsa.Verify(&key.PublicKey, hash2, R, S)
   155  	if pass != false {
   156  		t.Fatal("Signature should not match with software verification!")
   157  	}
   158  }
   159  
   160  func TestPKCS11ECKeyExport(t *testing.T) {
   161  	if !enablePKCS11tests {
   162  		t.SkipNow()
   163  	}
   164  
   165  	msg1 := []byte("This is my very authentic message")
   166  	msg2 := []byte("This is my very unauthentic message")
   167  	hash1, _ := currentBCCSP.Hash(msg1, &bccsp.SHAOpts{})
   168  	hash2, err := currentBCCSP.Hash(msg2, &bccsp.SHAOpts{})
   169  
   170  	var oid asn1.ObjectIdentifier
   171  	if currentTestConfig.securityLevel == 256 {
   172  		oid = oidNamedCurveP256
   173  	} else if currentTestConfig.securityLevel == 384 {
   174  		oid = oidNamedCurveP384
   175  	}
   176  
   177  	key, pubKey, err := generateECKey(oid, false)
   178  	if err != nil {
   179  		t.Fatalf("Failed generating Key [%s]", err)
   180  	}
   181  
   182  	secret := getSecretValue(key)
   183  	x, y := pubKey.ScalarBaseMult(secret)
   184  
   185  	if 0 != x.Cmp(pubKey.X) {
   186  		t.Fatal("X does not match")
   187  	}
   188  
   189  	if 0 != y.Cmp(pubKey.Y) {
   190  		t.Fatal("Y does not match")
   191  	}
   192  
   193  	ecPt := elliptic.Marshal(pubKey.Curve, x, y)
   194  	key2, err := importECKey(oid, secret, ecPt, false, isPrivateKey)
   195  
   196  	R, S, err := signECDSA(key2, hash1)
   197  	if err != nil {
   198  		t.Fatalf("Failed signing message [%s]", err)
   199  	}
   200  
   201  	pass, err := verifyECDSA(key2, hash1, R, S, currentTestConfig.securityLevel/8)
   202  	if err != nil {
   203  		t.Fatalf("Error verifying message 1 [%s]", err)
   204  	}
   205  	if pass == false {
   206  		t.Fatal("Signature should match! [1]")
   207  	}
   208  
   209  	pass, err = verifyECDSA(key, hash1, R, S, currentTestConfig.securityLevel/8)
   210  	if err != nil {
   211  		t.Fatalf("Error verifying message 2 [%s]", err)
   212  	}
   213  	if pass == false {
   214  		t.Fatal("Signature should match! [2]")
   215  	}
   216  
   217  	pass = ecdsa.Verify(pubKey, hash1, R, S)
   218  	if pass == false {
   219  		t.Fatal("Signature should match with software verification!")
   220  	}
   221  
   222  	pass, err = verifyECDSA(key, hash2, R, S, currentTestConfig.securityLevel/8)
   223  	if err != nil {
   224  		t.Fatalf("Error verifying message 3 [%s]", err)
   225  	}
   226  
   227  	if pass != false {
   228  		t.Fatal("Signature should not match! [3]")
   229  	}
   230  
   231  	pass = ecdsa.Verify(pubKey, hash2, R, S)
   232  	if pass != false {
   233  		t.Fatal("Signature should not match with software verification!")
   234  	}
   235  }