github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/keys_test.go (about) 1 // Copyright (c) 2014, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package tao 16 17 import ( 18 "bytes" 19 "crypto" 20 "crypto/aes" 21 "crypto/rand" 22 "crypto/rsa" 23 "crypto/sha256" 24 "crypto/sha512" 25 "crypto/x509" 26 "fmt" 27 "testing" 28 29 "github.com/golang/protobuf/proto" 30 "golang.org/x/crypto/pbkdf2" 31 ) 32 33 func TestGenerateKeys(t *testing.T) { 34 var keyName string 35 var keyEpoch int32 36 var keyPurpose string 37 var keyStatus string 38 39 // "aes128-raw" 40 keyName = "keyName1" 41 keyEpoch = 1 42 keyPurpose = "crypting" 43 keyStatus = "active" 44 cryptoKey1 := GenerateCryptoKey("aes128-raw", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 45 if cryptoKey1 == nil { 46 t.Fatal("Can't generate aes128-raw key\n") 47 } 48 fmt.Printf("Testing aes128-raw generation\n") 49 PrintCryptoKey(cryptoKey1) 50 fmt.Printf("\n") 51 m1 := MarshalCryptoKey(*cryptoKey1) 52 if m1 == nil { 53 t.Fatal("Can't MarshalCryptoKey aes128-raw key\n") 54 } 55 cryptoKey1_d, err := UnmarshalCryptoKey(m1) 56 if err != nil { 57 t.Fatal("Can't UnmarshalCryptoKey aes128-raw key\n") 58 } 59 PrintCryptoKey(cryptoKey1_d) 60 fmt.Printf("\n") 61 crypter, err := aes.NewCipher(cryptoKey1_d.KeyComponents[0]) 62 if err != nil { 63 t.Fatal("Can't create aes128 encrypter\n") 64 } 65 plain := []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} 66 fmt.Printf("aes key size %d, key: %x, plain size %d, BlockSize: %d\n", len(cryptoKey1_d.KeyComponents[0]), 67 cryptoKey1_d.KeyComponents[0], len(plain), crypter.BlockSize()) 68 encrypted := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 69 decrypted := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 70 crypter.Encrypt(encrypted, plain) 71 crypter.Decrypt(decrypted, encrypted) 72 if !bytes.Equal(plain, decrypted) { 73 t.Fatal("aes128-raw plain and decrypted dont match\n") 74 } else { 75 fmt.Printf("Encryption works, encrypted: %x\n", encrypted) 76 } 77 fmt.Printf("\n") 78 79 // "aes256-raw" 80 keyName = "keyName2" 81 keyEpoch = 2 82 keyPurpose = "crypting" 83 keyStatus = "active" 84 cryptoKey2 := GenerateCryptoKey("aes256-raw", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 85 if cryptoKey2 == nil { 86 t.Fatal("Can't generate aes256-raw key\n") 87 } 88 fmt.Printf("Testing aes256-raw generation\n") 89 PrintCryptoKey(cryptoKey2) 90 fmt.Printf("\n") 91 m2 := MarshalCryptoKey(*cryptoKey2) 92 if m2 == nil { 93 t.Fatal("Can't MarshalCryptoKey aes256-raw key\n") 94 } 95 cryptoKey2_d, err := UnmarshalCryptoKey(m2) 96 if err != nil { 97 t.Fatal("Can't UnmarshalCryptoKey aes256-raw key\n") 98 } 99 PrintCryptoKey(cryptoKey2_d) 100 fmt.Printf("\n") 101 crypter2, err := aes.NewCipher(cryptoKey2_d.KeyComponents[0]) 102 if err != nil { 103 t.Fatal("Can't create aes256 encrypter\n") 104 } 105 plain2 := []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} 106 fmt.Printf("aes key size %d, key: %x, plain size %d, BlockSize: %d\n", len(cryptoKey2_d.KeyComponents[0]), 107 cryptoKey2_d.KeyComponents[0], len(plain2), crypter2.BlockSize()) 108 encrypted2 := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 109 decrypted2 := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 110 crypter2.Encrypt(encrypted2, plain2) 111 crypter2.Decrypt(decrypted2, encrypted2) 112 if !bytes.Equal(plain2, decrypted2) { 113 t.Fatal("aes256-raw plain and decrypted dont match\n") 114 } else { 115 fmt.Printf("Encryption works, encrypted: %x\n", encrypted2) 116 } 117 fmt.Printf("\n") 118 119 // "aes128-ctr" 120 keyName = "keyName3" 121 keyEpoch = 3 122 keyPurpose = "crypting" 123 keyStatus = "active" 124 cryptoKey3 := GenerateCryptoKey("aes128-ctr", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 125 if cryptoKey1 == nil { 126 t.Fatal("Can't generate aes128-ctr key\n") 127 } 128 fmt.Printf("Testing aes128-ctr generation\n") 129 PrintCryptoKey(cryptoKey3) 130 fmt.Printf("\n") 131 132 // "aes256-ctr" 133 keyName = "keyName4" 134 keyEpoch = 4 135 keyPurpose = "crypting" 136 keyStatus = "active" 137 cryptoKey4 := GenerateCryptoKey("aes256-ctr", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 138 if cryptoKey1 == nil { 139 t.Fatal("Can't generate aes256-ctr key\n") 140 } 141 fmt.Printf("Testing aes256-ctr generation\n") 142 PrintCryptoKey(cryptoKey4) 143 fmt.Printf("\n") 144 145 // "aes128-ctr-hmacsha256" 146 keyName = "keyName5" 147 keyEpoch = 2 148 keyPurpose = "crypting" 149 keyStatus = "active" 150 cryptoKey5 := GenerateCryptoKey("aes128-ctr-hmacsha256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 151 if cryptoKey5 == nil { 152 t.Fatal("Can't generate aes128-ctr-hmacsha256 key\n") 153 } 154 fmt.Printf("Testing aes128-ctr-hmacsha256 generation\n") 155 PrintCryptoKey(cryptoKey5) 156 fmt.Printf("\n") 157 158 // "aes256-sha384-ctr" 159 keyName = "keyName6" 160 keyEpoch = 2 161 cryptoKey6 := GenerateCryptoKey("aes256-ctr-hmacsha384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 162 if cryptoKey6 == nil { 163 t.Fatal("Can't generate aes256-ctr-hmacsha384 key\n") 164 } 165 fmt.Printf("Testing aes256-ctr-hmacsha384 generation\n") 166 PrintCryptoKey(cryptoKey6) 167 fmt.Printf("\n") 168 169 // "aes256-sha512-ctr" 170 keyName = "keyName6.2" 171 cryptoKey6 = GenerateCryptoKey("aes256-ctr-hmacsha512", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 172 if cryptoKey6 == nil { 173 t.Fatal("Can't generate aes256-ctr-hmacsha512 key\n") 174 } 175 fmt.Printf("Testing aes256-ctr-hmacsha512 generation\n") 176 PrintCryptoKey(cryptoKey6) 177 fmt.Printf("\n") 178 179 // "hmacsha256" 180 keyName = "keyName7" 181 keyEpoch = 2 182 keyPurpose = "crypting" 183 keyStatus = "active" 184 cryptoKey7 := GenerateCryptoKey("hmacsha256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 185 if cryptoKey7 == nil { 186 t.Fatal("Can't hmacsha256 key\n") 187 } 188 fmt.Printf("Testing hmacsha256 generation\n") 189 PrintCryptoKey(cryptoKey7) 190 fmt.Printf("\n") 191 192 // "hmacsha384" 193 keyName = "keyName8" 194 keyEpoch = 2 195 keyPurpose = "crypting" 196 keyStatus = "active" 197 cryptoKey8 := GenerateCryptoKey("hmacsha384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 198 if cryptoKey1 == nil { 199 t.Fatal("Can't generate hmacsha384 key\n") 200 } 201 fmt.Printf("Testing hmacsha384 generation\n") 202 PrintCryptoKey(cryptoKey8) 203 fmt.Printf("\n") 204 205 // "hmacsha512" 206 keyName = "keyName9" 207 keyEpoch = 2 208 keyPurpose = "crypting" 209 keyStatus = "active" 210 cryptoKey9 := GenerateCryptoKey("hmacsha512", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 211 if cryptoKey1 == nil { 212 t.Fatal("Can't generate hmacsha512 key\n") 213 } 214 fmt.Printf("Testing hmacsha512 generation\n") 215 PrintCryptoKey(cryptoKey9) 216 fmt.Printf("\n") 217 218 // "rsa1024" 219 keyName = "keyName10" 220 keyEpoch = 2 221 keyPurpose = "signing" 222 keyStatus = "primary" 223 cryptoKey10 := GenerateCryptoKey("rsa1024", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 224 if cryptoKey1 == nil { 225 t.Fatal("Can't generate rsa1024 key\n") 226 } 227 fmt.Printf("Testing rsa1024 generation\n") 228 PrintCryptoKey(cryptoKey10) 229 fmt.Printf("\n") 230 m10 := MarshalCryptoKey(*cryptoKey10) 231 if m10 == nil { 232 t.Fatal("Can't MarshalCryptoKey rsa1024 key\n") 233 } 234 cryptoKey10_d, err := UnmarshalCryptoKey(m10) 235 if err != nil { 236 t.Fatal("Can't UnmarshalCryptoKey rsa1024 key\n") 237 } 238 PrintCryptoKey(cryptoKey10_d) 239 fmt.Printf("\n") 240 241 // "rsa2048" 242 keyName = "keyName11" 243 keyEpoch = 2 244 keyPurpose = "signing" 245 keyStatus = "primary" 246 cryptoKey11 := GenerateCryptoKey("rsa2048", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 247 if cryptoKey11 == nil { 248 t.Fatal("Can't generate rsa2048 key\n") 249 } 250 fmt.Printf("Testing rsa2048 generation\n") 251 PrintCryptoKey(cryptoKey11) 252 fmt.Printf("\n") 253 254 // "rsa3072" 255 keyName = "keyName12" 256 keyEpoch = 2 257 keyPurpose = "signing" 258 keyStatus = "primary" 259 cryptoKey12 := GenerateCryptoKey("rsa3072", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 260 if cryptoKey12 == nil { 261 t.Fatal("Can't generate rsa3072 key\n") 262 } 263 fmt.Printf("Testing rsa3072 generation\n") 264 PrintCryptoKey(cryptoKey12) 265 fmt.Printf("\n") 266 267 // "ecdsap256" 268 keyName = "keyName13" 269 keyEpoch = 2 270 keyPurpose = "signing" 271 keyStatus = "primary" 272 cryptoKey13 := GenerateCryptoKey("ecdsap256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 273 if cryptoKey13 == nil { 274 t.Fatal("Can't generate ecdsap256 key\n") 275 } 276 fmt.Printf("Testing ecdsap256 generation\n") 277 PrintCryptoKey(cryptoKey13) 278 fmt.Printf("\n") 279 280 // "ecdsap384" 281 keyName = "keyName14" 282 keyEpoch = 2 283 keyPurpose = "signing" 284 keyStatus = "primary" 285 cryptoKey14 := GenerateCryptoKey("ecdsap384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 286 if cryptoKey14 == nil { 287 t.Fatal("Can't generate ecdsap384 key\n") 288 } 289 fmt.Printf("Testing ecdsap384 generation\n") 290 PrintCryptoKey(cryptoKey14) 291 fmt.Printf("\n") 292 293 // "ecdsap521" 294 keyName = "keyName15" 295 keyEpoch = 2 296 keyPurpose = "signing" 297 keyStatus = "primary" 298 cryptoKey15 := GenerateCryptoKey("ecdsap521", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 299 if cryptoKey15 == nil { 300 t.Fatal("Can't generate ecdsap521 key\n") 301 } 302 fmt.Printf("Testing ecdsap521 generation\n") 303 PrintCryptoKey(cryptoKey15) 304 fmt.Printf("\n") 305 } 306 307 func TestKeyTranslate(t *testing.T) { 308 309 // Private keys --- RSA 310 keyType := "rsa1024" 311 keyName := "Rsatestkey" 312 keyEpoch := int32(1) 313 keyPurpose := "signing" 314 keyStatus := "active" 315 ck := GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 316 if ck == nil { 317 t.Fatal("Can't generate rsa key\n") 318 } 319 s := SignerFromCryptoKey(*ck) 320 if s == nil { 321 t.Fatal("Can't get signer from key\n") 322 } 323 ckNew, err := CryptoKeyFromSigner(s) 324 if err != nil { 325 t.Fatal("Can't get key from signer\n") 326 } 327 PrintCryptoKey(ckNew) 328 sNew := SignerFromCryptoKey(*ck) 329 if sNew == nil { 330 t.Fatal("Can't get signer recovered key\n") 331 } 332 keyType = "ecdsap256" 333 keyName = "Ecdsatestkey" 334 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 335 if ck == nil { 336 t.Fatal("Can't generate rsa key\n") 337 } 338 s = SignerFromCryptoKey(*ck) 339 if s == nil { 340 t.Fatal("Can't get signer from key\n") 341 } 342 ckNew, err = CryptoKeyFromSigner(s) 343 if err != nil { 344 t.Fatal("Can't get key from signer\n") 345 } 346 PrintCryptoKey(ckNew) 347 sNew = SignerFromCryptoKey(*ck) 348 if sNew == nil { 349 t.Fatal("Can't get signer recovered key\n") 350 } 351 352 // verifier 353 v := s.GetVerifierFromSigner() 354 if v == nil { 355 t.Fatal("Can't get verifier\n") 356 } 357 ckNew, err = CryptoKeyFromVerifier(v) 358 if err != nil { 359 t.Fatal("Cannot get CryptoKeyFromVerifier\n") 360 } 361 v = VerifierFromCryptoKey(*ckNew) 362 PrintCryptoKey(ckNew) 363 364 // aes128-ctr-hmac256 365 keyType = "aes128-ctr-hmacsha256" 366 keyName = "aes128Crypter" 367 keyEpoch = 2 368 keyPurpose = "crypting" 369 keyStatus = "primary" 370 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 371 if ck == nil { 372 t.Fatal("Can't generate aes key\n") 373 } 374 c := CrypterFromCryptoKey(*ck) 375 if c == nil { 376 t.Fatal("Can't generate aes key\n") 377 } 378 ckNew, err = CryptoKeyFromCrypter(c) 379 if err != nil { 380 t.Fatal("Can't generate aes key from crypter\n") 381 } 382 PrintCryptoKey(ckNew) 383 c = CrypterFromCryptoKey(*ckNew) 384 if c == nil { 385 t.Fatal("Can't recover crypter from key\n") 386 } 387 388 // aes256-ctr-hmac384 389 keyType = "aes256-ctr-hmacsha384" 390 keyName = "aes256Crypter384" 391 keyStatus = "primary" 392 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 393 if ck == nil { 394 t.Fatal("Can't generate aes key\n") 395 } 396 c = CrypterFromCryptoKey(*ck) 397 if c == nil { 398 t.Fatal("Can't get crypter from key\n") 399 } 400 ckNew, err = CryptoKeyFromCrypter(c) 401 if c == nil { 402 t.Fatal("Can't recover crypter from key\n") 403 } 404 PrintCryptoKey(ckNew) 405 406 // aes256-ctr-hmac512 407 keyType = "aes256-ctr-hmacsha512" 408 keyName = "aes256Crypter" 409 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 410 if ck == nil { 411 t.Fatal("Can't generate aes key\n") 412 } 413 c = CrypterFromCryptoKey(*ck) 414 if c == nil { 415 t.Fatal("Can't get crypter from key\n") 416 } 417 ckNew, err = CryptoKeyFromCrypter(c) 418 if c == nil { 419 t.Fatal("Can't recover crypter from key\n") 420 } 421 PrintCryptoKey(ckNew) 422 423 // hdkf-sha256 424 keyType = "hdkf-sha256" 425 keyName = "sha256Deriver" 426 keyPurpose = "deriving" 427 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 428 if ck == nil { 429 t.Fatal("Can't generate deriver key\n") 430 } 431 d := DeriverFromCryptoKey(*ck) 432 if d == nil { 433 t.Fatal("Can't get deriver from key\n") 434 } 435 ckNew, err = CryptoKeyFromDeriver(d) 436 if err != nil { 437 t.Fatal("Can't get key from deriver\n") 438 } 439 PrintCryptoKey(ckNew) 440 d = DeriverFromCryptoKey(*ckNew) 441 if d == nil { 442 t.Fatal("Can't get deriver from recovered key\n") 443 } 444 445 // aes256-ctr-hmac384 446 keyType = "aes256-ctr-hmacsha384" 447 keyName = "aes256Crypter" 448 keyStatus = "primary" 449 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 450 if ck == nil { 451 t.Fatal("Can't generate aes key\n") 452 } 453 c = CrypterFromCryptoKey(*ck) 454 if c == nil { 455 t.Fatal("Can't generate rsa key\n") 456 } 457 ckNew, err = CryptoKeyFromCrypter(c) 458 PrintCryptoKey(ckNew) 459 } 460 461 func TestCerts(t *testing.T) { 462 463 // ecdsap256 464 keyName := "keyName1" 465 keyEpoch := int32(1) 466 keyPurpose := "signing" 467 keyStatus := "active" 468 sk := GenerateCryptoKey("ecdsap256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 469 if sk == nil { 470 t.Fatal("Can't generate signing key\n") 471 } 472 PrintCryptoKey(sk) 473 fmt.Printf("\n") 474 475 s := SignerFromCryptoKey(*sk) 476 if s == nil { 477 t.Fatal("Can't get signer from key\n") 478 } 479 480 details := &X509Details{ 481 CommonName: proto.String("test"), 482 Country: proto.String("US"), 483 State: proto.String("WA"), 484 Organization: proto.String("Google"), 485 } 486 der, err := s.CreateSelfSignedDER(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 487 int64(10), NewX509Name(details)) 488 if err != nil { 489 t.Fatal("CreateSelfSignedDER failed, ", err, "\n") 490 } 491 fmt.Printf("Der: %x\n", der) 492 cert, err := s.CreateSelfSignedX509(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 493 int64(10), NewX509Name(details)) 494 if err != nil { 495 t.Fatal("CreateSelfSignedX509 failed, ", err, "\n") 496 } 497 fmt.Printf("Cert: %x\n", cert) 498 499 // ecdsap384 500 keyName = "keyName2" 501 sk = GenerateCryptoKey("ecdsap384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 502 if sk == nil { 503 t.Fatal("Can't generate signing key\n") 504 } 505 PrintCryptoKey(sk) 506 fmt.Printf("\n") 507 508 s = SignerFromCryptoKey(*sk) 509 if s == nil { 510 t.Fatal("Can't get signer from key\n") 511 } 512 513 der, err = s.CreateSelfSignedDER(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 514 int64(10), NewX509Name(details)) 515 if err != nil { 516 t.Fatal("CreateSelfSignedDER failed, ", err, "\n") 517 } 518 fmt.Printf("Der: %x\n", der) 519 cert, err = s.CreateSelfSignedX509(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 520 int64(10), NewX509Name(details)) 521 if err != nil { 522 t.Fatal("CreateSelfSignedX509 failed, ", err, "\n") 523 } 524 fmt.Printf("Cert: %x\n", cert) 525 526 // ecdsap521 527 keyName = "keyName3" 528 sk = GenerateCryptoKey("ecdsap521", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 529 if sk == nil { 530 t.Fatal("Can't generate signing key\n") 531 } 532 PrintCryptoKey(sk) 533 fmt.Printf("\n") 534 535 s = SignerFromCryptoKey(*sk) 536 if s == nil { 537 t.Fatal("Can't get signer from key\n") 538 } 539 540 der, err = s.CreateSelfSignedDER(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 541 int64(10), NewX509Name(details)) 542 if err != nil { 543 t.Fatal("CreateSelfSignedDER failed, ", err, "\n") 544 } 545 fmt.Printf("Der: %x\n", der) 546 cert, err = s.CreateSelfSignedX509(int(x509.ECDSA), int(x509.ECDSAWithSHA256), 547 int64(10), NewX509Name(details)) 548 if err != nil { 549 t.Fatal("CreateSelfSignedX509 failed, ", err, "\n") 550 } 551 fmt.Printf("Cert: %x\n", cert) 552 553 // RSA 554 sk = GenerateCryptoKey("rsa2048", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 555 if sk == nil { 556 t.Fatal("Can't generate signing key\n") 557 } 558 PrintCryptoKey(sk) 559 fmt.Printf("\n") 560 s = SignerFromCryptoKey(*sk) 561 if s == nil { 562 t.Fatal("Can't get signer from signing key\n") 563 } 564 565 /* 566 FIX TEST 567 der, err = s.CreateSelfSignedDER(int(x509.RSA), int(x509.SHA256WithRSA), 568 int64(10), NewX509Name(details)) 569 if err != nil { 570 t.Fatal("CreateSelfSignedDER failed, ", err, "\n") 571 } 572 fmt.Printf("Der: %x\n", der) 573 cert, err = s.CreateSelfSignedX509(int(x509.RSA), int(x509.SHA256WithRSA), 574 int64(10), NewX509Name(details)) 575 if err != nil { 576 t.Fatal("CreateSelfSignedX509 failed, ", err, "\n") 577 } 578 */ 579 580 // (s *Signer) CreateCRL(cert *x509.Certificate, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) ([]byte, error) 581 // (s *Signer) CreateSignedX509(caCert *x509.Certificate, certSerial int, subjectKey *Verifier, 582 } 583 584 func TestCanonicalBytes(t *testing.T) { 585 586 // ecdsa256 587 keyName := "keyName1" 588 keyEpoch := int32(1) 589 keyPurpose := "signing" 590 keyStatus := "active" 591 signingKey := GenerateCryptoKey("ecdsap256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 592 if signingKey == nil { 593 t.Fatal("Can't generate signing key\n") 594 } 595 PrintCryptoKey(signingKey) 596 fmt.Printf("\n") 597 598 s := SignerFromCryptoKey(*signingKey) 599 if s == nil { 600 t.Fatal("Can't get signer from key\n") 601 } 602 603 cb, err := s.CanonicalKeyBytesFromSigner() 604 if err != nil { 605 t.Fatal("CanonicalKeyBytesFromSigner fails\n") 606 } 607 fmt.Printf("Canonical bytes: %x\n", cb) 608 609 // ecdsa384 610 signingKey = GenerateCryptoKey("ecdsap384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 611 if signingKey == nil { 612 t.Fatal("Can't generate signing key\n") 613 } 614 PrintCryptoKey(signingKey) 615 fmt.Printf("\n") 616 617 s = SignerFromCryptoKey(*signingKey) 618 if s == nil { 619 t.Fatal("Can't get signer from key\n") 620 } 621 622 cb, err = s.CanonicalKeyBytesFromSigner() 623 if err != nil { 624 t.Fatal("CanonicalKeyBytesFromSigner fails\n") 625 } 626 fmt.Printf("Canonical bytes: %x\n", cb) 627 628 // ecdsa521 629 signingKey = GenerateCryptoKey("ecdsap521", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 630 if signingKey == nil { 631 t.Fatal("Can't generate signing key\n") 632 } 633 PrintCryptoKey(signingKey) 634 fmt.Printf("\n") 635 636 s = SignerFromCryptoKey(*signingKey) 637 if s == nil { 638 t.Fatal("Can't get signer from key\n") 639 } 640 641 cb, err = s.CanonicalKeyBytesFromSigner() 642 if err != nil { 643 t.Fatal("CanonicalKeyBytesFromSigner fails\n") 644 } 645 fmt.Printf("Canonical bytes: %x\n", cb) 646 647 // rsa 648 keyName = "keyName1" 649 signingKey = GenerateCryptoKey("rsa2048", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 650 if signingKey == nil { 651 t.Fatal("Can't generate signing key\n") 652 } 653 PrintCryptoKey(signingKey) 654 fmt.Printf("\n") 655 656 s = SignerFromCryptoKey(*signingKey) 657 if s == nil { 658 t.Fatal("Can't get signer from key\n") 659 } 660 661 cb, err = s.CanonicalKeyBytesFromSigner() 662 if err != nil { 663 t.Fatal("CanonicalKeyBytesFromSigner fails\n") 664 } 665 fmt.Printf("Canonical bytes: %x\n", cb) 666 } 667 668 func TestNewCrypter(t *testing.T) { 669 670 keyName := "keyName1" 671 keyEpoch := int32(1) 672 keyPurpose := "crypting" 673 keyStatus := "active" 674 cryptingKey := GenerateCryptoKey("aes128-ctr-hmacsha256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 675 if cryptingKey == nil { 676 t.Fatal("Can't generate crypting key\n") 677 } 678 PrintCryptoKey(cryptingKey) 679 fmt.Printf("\n") 680 c := CrypterFromCryptoKey(*cryptingKey) 681 if c == nil { 682 t.Fatal("CrypterFromCryptoKey fails\n") 683 } 684 plain := []byte{0, 1, 2, 3, 4, 5, 6, 7} 685 crypted, err := c.Encrypt(plain) 686 if err != nil { 687 t.Fatal("Crypter failed to encrypt\n") 688 } 689 fmt.Printf("Encrypted: %x\n", crypted) 690 decrypted, err := c.Decrypt(crypted) 691 if err != nil { 692 t.Fatal("Crypter failed to decrypt\n") 693 } 694 fmt.Printf("Decrypted: %x\n", decrypted) 695 if !bytes.Equal(plain, decrypted) { 696 t.Fatal("plain an decrypted bytes don't match\n") 697 } 698 } 699 700 func TestDeriveSecret(t *testing.T) { 701 702 ver := CryptoVersion_CRYPTO_VERSION_2 703 keyName := "keyName1" 704 keyType := "hdkf-sha256" 705 keyEpoch := int32(1) 706 keyPurpose := "deriving" 707 keyStatus := "active" 708 ch := &CryptoHeader{ 709 Version: &ver, 710 KeyName: &keyName, 711 KeyEpoch: &keyEpoch, 712 KeyType: &keyType, 713 KeyPurpose: &keyPurpose, 714 KeyStatus: &keyStatus, 715 } 716 // derivingKey := GenerateCryptoKey("hdfk-sha256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 717 // derivingKey.KeyComponents = append(derivingKey.KeyComponents, buf) 718 // if derivingKey == nil { 719 // t.Fatal("Can't generate deriving key\n") 720 // } 721 // PrintCryptoKey(derivingKey) 722 // d := DeriverFromCryptoKey(*derivingKey) 723 // if d == nil { 724 // t.Fatal("DeriveFromCryptoKey fails\n") 725 // } 726 buf := make([]byte, 32) 727 _, err := rand.Read(buf) 728 d := &Deriver{ 729 Header: ch, 730 Secret: buf, 731 } 732 fmt.Printf("\n") 733 734 salt := []byte{1, 2, 3, 4} 735 context := []byte{1, 2} 736 material := make([]byte, 32) 737 material[0] = 1 738 err = d.Derive(salt, context, material) 739 if err != nil { 740 } 741 fmt.Printf("Derived: %x\n", material) 742 } 743 744 func TestSignAndVerify(t *testing.T) { 745 746 var keyName string 747 var keyEpoch int32 748 var keyPurpose string 749 var keyStatus string 750 751 // Rsa Tests 752 fmt.Printf("\n") 753 keyName = "TestRsa2048SignandVerify" 754 keyEpoch = 2 755 keyPurpose = "signing" 756 keyStatus = "primary" 757 cryptoKey1 := GenerateCryptoKey("rsa2048", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 758 if cryptoKey1 == nil { 759 t.Fatal("Can't generate rsa2048 key\n") 760 } 761 PrintCryptoKey(cryptoKey1) 762 763 // save 764 privateKey, err := PrivateKeyFromCryptoKey(*cryptoKey1) 765 if err != nil { 766 t.Fatal("PrivateKeyFromCryptoKey fails, ", err, "\n") 767 } 768 769 mesg := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9} 770 hash := crypto.SHA256 771 blk := hash.New() 772 blk.Write(mesg) 773 hashed := blk.Sum(nil) 774 fmt.Printf("Hashed: %x\n", hashed) 775 776 sig, err := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.SHA256, hashed[:]) 777 if err != nil { 778 t.Fatal("privateKey signing fails\n") 779 } 780 fmt.Printf("Signature: %x\n", sig) 781 782 publicKey := privateKey.(*rsa.PrivateKey).PublicKey 783 if err != nil { 784 t.Fatal("PrivateKeyFromCryptoKey fails, ", err, "\n") 785 } 786 err = rsa.VerifyPKCS1v15(&publicKey, crypto.SHA256, hashed, sig) 787 if err != nil { 788 t.Fatal("Verify fails, ", err, "\n") 789 } else { 790 fmt.Printf("Rsa Verify succeeds\n") 791 } 792 793 s := SignerFromCryptoKey(*cryptoKey1) 794 if s == nil { 795 t.Fatal("SignerFromCryptoKey fails, ", err, "\n") 796 } 797 sig1, err := s.Sign(hashed, "Signing context") 798 if err != nil { 799 t.Fatal("Signer Sign failed, ", err, "\n") 800 } 801 fmt.Printf("Signer sign: %x\n", sig1) 802 803 v := s.GetVerifierFromSigner() 804 if v == nil { 805 t.Fatal("Can't get verifier from signer\n") 806 } 807 verified, err := v.Verify(hashed, "Signing context", sig1) 808 if verified { 809 fmt.Printf("Pkcs verified succeeds\n") 810 } else { 811 t.Fatal("Pkcs verified failed, ", err, "\n") 812 } 813 814 // ecdsa test 815 fmt.Printf("\n") 816 keyName = "TestEcdsaP256SignandVerify" 817 keyEpoch = 2 818 keyPurpose = "signing" 819 keyStatus = "primary" 820 cryptoKey2 := GenerateCryptoKey("ecdsap256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 821 if cryptoKey2 == nil { 822 t.Fatal("Can't generate ecdsap256key\n") 823 } 824 PrintCryptoKey(cryptoKey2) 825 826 // save 827 privateKey, err = PrivateKeyFromCryptoKey(*cryptoKey2) 828 if err != nil { 829 t.Fatal("PrivateKeyFromCryptoKey fails, ", err, "\n") 830 } 831 832 hash = crypto.SHA256 833 blk = hash.New() 834 blk.Write(mesg) 835 hashed = blk.Sum(nil) 836 fmt.Printf("Hashed: %x\n", hashed) 837 838 s = SignerFromCryptoKey(*cryptoKey2) 839 if s == nil { 840 t.Fatal("SignerFromCryptoKey fails, ", err, "\n") 841 } 842 843 sig2, err := s.Sign(hashed, "Signing context") 844 if err != nil { 845 t.Fatal("Signer Sign failed, ", err, "\n") 846 } 847 fmt.Printf("Signer sign: %x\n", sig2) 848 849 v = s.GetVerifierFromSigner() 850 if v == nil { 851 t.Fatal("Can't get verifier from signer\n") 852 } 853 verified, err = v.Verify(hashed, "Signing context", sig2) 854 if verified { 855 fmt.Printf("Ecdsa verified succeeds\n") 856 } else { 857 t.Fatal("Ecdsa verified failed, ", err, "\n") 858 } 859 } 860 861 func TestEncryptAndDecrypt(t *testing.T) { 862 863 var keyName string 864 var keyEpoch int32 865 var keyPurpose string 866 var keyStatus string 867 868 fmt.Printf("\n") 869 keyName = "TestAes128-ctr-hmac256-key" 870 keyEpoch = 2 871 keyPurpose = "signing" 872 keyStatus = "primary" 873 cryptoKey1 := GenerateCryptoKey("aes128-ctr-hmacsha256", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 874 if cryptoKey1 == nil { 875 t.Fatal("Can't generate aes128-ctr-hmacsha256 key\n") 876 } 877 PrintCryptoKey(cryptoKey1) 878 879 c := CrypterFromCryptoKey(*cryptoKey1) 880 if c == nil { 881 t.Fatal("Can't get crypter from cryptokey\n") 882 } 883 plain := []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} 884 ciphertext, err := c.Encrypt(plain) 885 if err != nil { 886 t.Fatal("Can't encrypt, ", err, "\n") 887 } 888 fmt.Printf("Ciphertext: %x\n", ciphertext) 889 decrypted, err := c.Decrypt(ciphertext) 890 if err != nil { 891 t.Fatal("Can't decrypt, ", err, "\n") 892 } 893 fmt.Printf("Decrypted: %x\n", decrypted) 894 if !bytes.Equal(plain, decrypted) { 895 t.Fatal("plain and decrypted don't match") 896 } 897 898 // Aes 256-hmacsha384 899 fmt.Printf("\n") 900 keyName = "TestAes256-ctr-hmac384-key" 901 keyEpoch = 2 902 cryptoKey2 := GenerateCryptoKey("aes256-ctr-hmacsha384", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 903 if cryptoKey2 == nil { 904 t.Fatal("Can't generate aes256-ctr-hmacsha384 key\n") 905 } 906 PrintCryptoKey(cryptoKey2) 907 908 c = CrypterFromCryptoKey(*cryptoKey2) 909 if c == nil { 910 t.Fatal("Can't get crypter from cryptokey\n") 911 } 912 ciphertext, err = c.Encrypt(plain) 913 if err != nil { 914 t.Fatal("Can't encrypt, ", err, "\n") 915 } 916 fmt.Printf("Ciphertext: %x\n", ciphertext) 917 decrypted, err = c.Decrypt(ciphertext) 918 if err != nil { 919 t.Fatal("Can't decrypt, ", err, "\n") 920 } 921 fmt.Printf("Decrypted: %x\n", decrypted) 922 if !bytes.Equal(plain, decrypted) { 923 t.Fatal("plain and decrypted don't match") 924 } 925 926 // Aes 256-hmacsha512 927 fmt.Printf("\n") 928 keyName = "TestAes256-ctr-hmac512-key" 929 cryptoKey3 := GenerateCryptoKey("aes256-ctr-hmacsha512", &keyName, &keyEpoch, &keyPurpose, &keyStatus) 930 if cryptoKey3 == nil { 931 t.Fatal("Can't generate aes256-ctr-hmacsha512 key\n") 932 } 933 PrintCryptoKey(cryptoKey3) 934 935 c = CrypterFromCryptoKey(*cryptoKey3) 936 if c == nil { 937 t.Fatal("Can't get crypter from cryptokey\n") 938 } 939 ciphertext, err = c.Encrypt(plain) 940 if err != nil { 941 t.Fatal("Can't encrypt, ", err, "\n") 942 } 943 fmt.Printf("Ciphertext: %x\n", ciphertext) 944 decrypted, err = c.Decrypt(ciphertext) 945 if err != nil { 946 t.Fatal("Can't decrypt, ", err, "\n") 947 } 948 fmt.Printf("Decrypted: %x\n", decrypted) 949 if !bytes.Equal(plain, decrypted) { 950 t.Fatal("plain and decrypted don't match") 951 } 952 } 953 954 func TestPdkfGeneration(t *testing.T) { 955 salt := []byte{0,1,2,3,4,5,6,7} 956 iterations := 1000 957 password := []byte("Stupid password") 958 key1 := pbkdf2.Key(password, salt, iterations, 16, sha256.New) 959 key2 := pbkdf2.Key(password, salt, iterations, 32, sha256.New) 960 key3 := pbkdf2.Key(password, salt, iterations, 32, sha512.New384) 961 key4 := pbkdf2.Key(password, salt, iterations, 32, sha512.New) 962 key5 := pbkdf2.Key(password, salt, iterations, 48, sha512.New384) 963 key6 := pbkdf2.Key(password, salt, iterations, 64, sha512.New) 964 fmt.Printf("key 1 (16, sha256): %x\n", key1) 965 fmt.Printf("key 2 (32, sha256): %x\n", key2) 966 fmt.Printf("key 3 (32, sha384): %x\n", key3) 967 fmt.Printf("key 4 (32, sha512): %x\n", key4) 968 fmt.Printf("key 5 (48, sha384): %x\n", key5) 969 fmt.Printf("key 6 (64, sha512): %x\n", key6) 970 971 keyType := "hdkf-sha256" 972 keyName := "sha256Deriver" 973 keyPurpose := "deriving" 974 keyEpoch := int32(1) 975 keyStatus := "primary" 976 context := []byte("I am a context") 977 ck := GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 978 if ck == nil { 979 t.Fatal("Can't generate deriver key\n") 980 } 981 d := DeriverFromCryptoKey(*ck) 982 if d == nil { 983 t.Fatal("Can't get deriver from key\n") 984 } 985 var material []byte 986 material = password 987 err := d.Derive(salt, context, material) 988 if err != nil { 989 t.Fatal("Can't get derive from material\n") 990 } 991 fmt.Printf("Derived (sha256): %x\n", material) 992 993 keyType = "hdkf-sha384" 994 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 995 if ck == nil { 996 t.Fatal("Can't generate deriver key\n") 997 } 998 d = DeriverFromCryptoKey(*ck) 999 if d == nil { 1000 t.Fatal("Can't get deriver from key\n") 1001 } 1002 err = d.Derive(salt, context, material) 1003 if err != nil { 1004 t.Fatal("Can't get derive from material\n") 1005 } 1006 fmt.Printf("Derived (sha384): %x\n", material) 1007 1008 keyType = "hdkf-sha512" 1009 ck = GenerateCryptoKey(keyType, &keyName, &keyEpoch, &keyPurpose, &keyStatus) 1010 if ck == nil { 1011 t.Fatal("Can't generate deriver key\n") 1012 } 1013 d = DeriverFromCryptoKey(*ck) 1014 if d == nil { 1015 t.Fatal("Can't get deriver from key\n") 1016 } 1017 err = d.Derive(salt, context, material) 1018 if err != nil { 1019 t.Fatal("Can't get derive from material\n") 1020 } 1021 fmt.Printf("Derived (sha512): %x\n", material) 1022 }