github.com/kaituanwang/hyperledger@v2.0.1+incompatible/bccsp/sw/impl_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package sw 8 9 import ( 10 "bytes" 11 "crypto" 12 "crypto/ecdsa" 13 "crypto/elliptic" 14 "crypto/rand" 15 "crypto/sha256" 16 "crypto/sha512" 17 "crypto/x509" 18 "crypto/x509/pkix" 19 "encoding/asn1" 20 "fmt" 21 "hash" 22 "io/ioutil" 23 "math/big" 24 "net" 25 "os" 26 "reflect" 27 "testing" 28 "time" 29 30 "github.com/hyperledger/fabric/bccsp" 31 "github.com/hyperledger/fabric/bccsp/signer" 32 "github.com/hyperledger/fabric/bccsp/sw/mocks" 33 "github.com/hyperledger/fabric/bccsp/utils" 34 "github.com/stretchr/testify/assert" 35 "golang.org/x/crypto/sha3" 36 ) 37 38 var ( 39 currentTestConfig testConfig 40 tempDir string 41 ) 42 43 type testConfig struct { 44 securityLevel int 45 hashFamily string 46 } 47 48 func (tc testConfig) Provider(t *testing.T) (bccsp.BCCSP, bccsp.KeyStore, func()) { 49 td, err := ioutil.TempDir(tempDir, "test") 50 assert.NoError(t, err) 51 ks, err := NewFileBasedKeyStore(nil, td, false) 52 assert.NoError(t, err) 53 p, err := NewWithParams(tc.securityLevel, tc.hashFamily, ks) 54 assert.NoError(t, err) 55 return p, ks, func() { os.RemoveAll(td) } 56 } 57 58 func TestMain(m *testing.M) { 59 code := -1 60 defer func() { 61 os.Exit(code) 62 }() 63 tests := []testConfig{ 64 {256, "SHA2"}, 65 {256, "SHA3"}, 66 {384, "SHA2"}, 67 {384, "SHA3"}, 68 } 69 70 var err error 71 tempDir, err = ioutil.TempDir("", "bccsp-sw") 72 if err != nil { 73 fmt.Printf("Failed to create temporary directory: %s\n\n", err) 74 return 75 } 76 defer os.RemoveAll(tempDir) 77 78 for _, config := range tests { 79 currentTestConfig = config 80 code = m.Run() 81 if code != 0 { 82 fmt.Printf("Failed testing at [%d, %s]", config.securityLevel, config.hashFamily) 83 return 84 } 85 } 86 } 87 88 func TestInvalidNewParameter(t *testing.T) { 89 t.Parallel() 90 _, ks, cleanup := currentTestConfig.Provider(t) 91 defer cleanup() 92 93 r, err := NewWithParams(0, "SHA2", ks) 94 if err == nil { 95 t.Fatal("Error should be different from nil in this case") 96 } 97 if r != nil { 98 t.Fatal("Return value should be equal to nil in this case") 99 } 100 101 r, err = NewWithParams(256, "SHA8", ks) 102 if err == nil { 103 t.Fatal("Error should be different from nil in this case") 104 } 105 if r != nil { 106 t.Fatal("Return value should be equal to nil in this case") 107 } 108 109 r, err = NewWithParams(256, "SHA2", nil) 110 if err == nil { 111 t.Fatal("Error should be different from nil in this case") 112 } 113 if r != nil { 114 t.Fatal("Return value should be equal to nil in this case") 115 } 116 117 r, err = NewWithParams(0, "SHA3", nil) 118 if err == nil { 119 t.Fatal("Error should be different from nil in this case") 120 } 121 if r != nil { 122 t.Fatal("Return value should be equal to nil in this case") 123 } 124 125 r, err = NewDefaultSecurityLevel("") 126 if err == nil { 127 t.Fatal("Error should be different from nil in this case") 128 } 129 if r != nil { 130 t.Fatal("Return value should be equal to nil in this case") 131 } 132 } 133 134 func TestInvalidSKI(t *testing.T) { 135 t.Parallel() 136 provider, _, cleanup := currentTestConfig.Provider(t) 137 defer cleanup() 138 139 k, err := provider.GetKey(nil) 140 if err == nil { 141 t.Fatal("Error should be different from nil in this case") 142 } 143 if k != nil { 144 t.Fatal("Return value should be equal to nil in this case") 145 } 146 147 k, err = provider.GetKey([]byte{0, 1, 2, 3, 4, 5, 6}) 148 if err == nil { 149 t.Fatal("Error should be different from nil in this case") 150 } 151 if k != nil { 152 t.Fatal("Return value should be equal to nil in this case") 153 } 154 } 155 156 func TestKeyGenECDSAOpts(t *testing.T) { 157 t.Parallel() 158 provider, _, cleanup := currentTestConfig.Provider(t) 159 defer cleanup() 160 161 // Curve P256 162 k, err := provider.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: false}) 163 if err != nil { 164 t.Fatalf("Failed generating ECDSA P256 key [%s]", err) 165 } 166 if k == nil { 167 t.Fatal("Failed generating ECDSA P256 key. Key must be different from nil") 168 } 169 if !k.Private() { 170 t.Fatal("Failed generating ECDSA P256 key. Key should be private") 171 } 172 if k.Symmetric() { 173 t.Fatal("Failed generating ECDSA P256 key. Key should be asymmetric") 174 } 175 176 ecdsaKey := k.(*ecdsaPrivateKey).privKey 177 if !elliptic.P256().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 178 t.Fatal("P256 generated key in invalid. The public key must be on the P256 curve.") 179 } 180 if elliptic.P256() != ecdsaKey.Curve { 181 t.Fatal("P256 generated key in invalid. The curve must be P256.") 182 } 183 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 184 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 185 } 186 187 // Curve P384 188 k, err = provider.KeyGen(&bccsp.ECDSAP384KeyGenOpts{Temporary: false}) 189 if err != nil { 190 t.Fatalf("Failed generating ECDSA P384 key [%s]", err) 191 } 192 if k == nil { 193 t.Fatal("Failed generating ECDSA P384 key. Key must be different from nil") 194 } 195 if !k.Private() { 196 t.Fatal("Failed generating ECDSA P384 key. Key should be private") 197 } 198 if k.Symmetric() { 199 t.Fatal("Failed generating ECDSA P384 key. Key should be asymmetric") 200 } 201 202 ecdsaKey = k.(*ecdsaPrivateKey).privKey 203 if !elliptic.P384().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 204 t.Fatal("P256 generated key in invalid. The public key must be on the P384 curve.") 205 } 206 if elliptic.P384() != ecdsaKey.Curve { 207 t.Fatal("P256 generated key in invalid. The curve must be P384.") 208 } 209 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 210 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 211 } 212 213 } 214 215 func TestKeyGenAESOpts(t *testing.T) { 216 t.Parallel() 217 provider, _, cleanup := currentTestConfig.Provider(t) 218 defer cleanup() 219 220 // AES 128 221 k, err := provider.KeyGen(&bccsp.AES128KeyGenOpts{Temporary: false}) 222 if err != nil { 223 t.Fatalf("Failed generating AES 128 key [%s]", err) 224 } 225 if k == nil { 226 t.Fatal("Failed generating AES 128 key. Key must be different from nil") 227 } 228 if !k.Private() { 229 t.Fatal("Failed generating AES 128 key. Key should be private") 230 } 231 if !k.Symmetric() { 232 t.Fatal("Failed generating AES 128 key. Key should be symmetric") 233 } 234 235 aesKey := k.(*aesPrivateKey).privKey 236 if len(aesKey) != 16 { 237 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 238 } 239 240 // AES 192 241 k, err = provider.KeyGen(&bccsp.AES192KeyGenOpts{Temporary: false}) 242 if err != nil { 243 t.Fatalf("Failed generating AES 192 key [%s]", err) 244 } 245 if k == nil { 246 t.Fatal("Failed generating AES 192 key. Key must be different from nil") 247 } 248 if !k.Private() { 249 t.Fatal("Failed generating AES 192 key. Key should be private") 250 } 251 if !k.Symmetric() { 252 t.Fatal("Failed generating AES 192 key. Key should be symmetric") 253 } 254 255 aesKey = k.(*aesPrivateKey).privKey 256 if len(aesKey) != 24 { 257 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 258 } 259 260 // AES 256 261 k, err = provider.KeyGen(&bccsp.AES256KeyGenOpts{Temporary: false}) 262 if err != nil { 263 t.Fatalf("Failed generating AES 256 key [%s]", err) 264 } 265 if k == nil { 266 t.Fatal("Failed generating AES 256 key. Key must be different from nil") 267 } 268 if !k.Private() { 269 t.Fatal("Failed generating AES 256 key. Key should be private") 270 } 271 if !k.Symmetric() { 272 t.Fatal("Failed generating AES 256 key. Key should be symmetric") 273 } 274 275 aesKey = k.(*aesPrivateKey).privKey 276 if len(aesKey) != 32 { 277 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 278 } 279 } 280 281 func TestECDSAKeyGenEphemeral(t *testing.T) { 282 t.Parallel() 283 provider, _, cleanup := currentTestConfig.Provider(t) 284 defer cleanup() 285 286 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: true}) 287 if err != nil { 288 t.Fatalf("Failed generating ECDSA key [%s]", err) 289 } 290 if k == nil { 291 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 292 } 293 if !k.Private() { 294 t.Fatal("Failed generating ECDSA key. Key should be private") 295 } 296 if k.Symmetric() { 297 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 298 } 299 raw, err := k.Bytes() 300 if err == nil { 301 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 302 } 303 if len(raw) != 0 { 304 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 305 } 306 pk, err := k.PublicKey() 307 if err != nil { 308 t.Fatalf("Failed getting corresponding public key [%s]", err) 309 } 310 if pk == nil { 311 t.Fatal("Public key must be different from nil.") 312 } 313 } 314 315 func TestECDSAPrivateKeySKI(t *testing.T) { 316 t.Parallel() 317 provider, _, cleanup := currentTestConfig.Provider(t) 318 defer cleanup() 319 320 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 321 if err != nil { 322 t.Fatalf("Failed generating ECDSA key [%s]", err) 323 } 324 325 ski := k.SKI() 326 if len(ski) == 0 { 327 t.Fatal("SKI not valid. Zero length.") 328 } 329 } 330 331 func TestECDSAKeyGenNonEphemeral(t *testing.T) { 332 t.Parallel() 333 provider, _, cleanup := currentTestConfig.Provider(t) 334 defer cleanup() 335 336 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 337 if err != nil { 338 t.Fatalf("Failed generating ECDSA key [%s]", err) 339 } 340 if k == nil { 341 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 342 } 343 if !k.Private() { 344 t.Fatal("Failed generating ECDSA key. Key should be private") 345 } 346 if k.Symmetric() { 347 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 348 } 349 } 350 351 func TestECDSAGetKeyBySKI(t *testing.T) { 352 t.Parallel() 353 provider, _, cleanup := currentTestConfig.Provider(t) 354 defer cleanup() 355 356 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 357 if err != nil { 358 t.Fatalf("Failed generating ECDSA key [%s]", err) 359 } 360 361 k2, err := provider.GetKey(k.SKI()) 362 if err != nil { 363 t.Fatalf("Failed getting ECDSA key [%s]", err) 364 } 365 if k2 == nil { 366 t.Fatal("Failed getting ECDSA key. Key must be different from nil") 367 } 368 if !k2.Private() { 369 t.Fatal("Failed getting ECDSA key. Key should be private") 370 } 371 if k2.Symmetric() { 372 t.Fatal("Failed getting ECDSA key. Key should be asymmetric") 373 } 374 375 // Check that the SKIs are the same 376 if !bytes.Equal(k.SKI(), k2.SKI()) { 377 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 378 } 379 } 380 381 func TestECDSAPublicKeyFromPrivateKey(t *testing.T) { 382 t.Parallel() 383 provider, _, cleanup := currentTestConfig.Provider(t) 384 defer cleanup() 385 386 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 387 if err != nil { 388 t.Fatalf("Failed generating ECDSA key [%s]", err) 389 } 390 391 pk, err := k.PublicKey() 392 if err != nil { 393 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 394 } 395 if pk == nil { 396 t.Fatal("Failed getting public key from private ECDSA key. Key must be different from nil") 397 } 398 if pk.Private() { 399 t.Fatal("Failed generating ECDSA key. Key should be public") 400 } 401 if pk.Symmetric() { 402 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 403 } 404 } 405 406 func TestECDSAPublicKeyBytes(t *testing.T) { 407 t.Parallel() 408 provider, _, cleanup := currentTestConfig.Provider(t) 409 defer cleanup() 410 411 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 412 if err != nil { 413 t.Fatalf("Failed generating ECDSA key [%s]", err) 414 } 415 416 pk, err := k.PublicKey() 417 if err != nil { 418 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 419 } 420 421 raw, err := pk.Bytes() 422 if err != nil { 423 t.Fatalf("Failed marshalling ECDSA public key [%s]", err) 424 } 425 if len(raw) == 0 { 426 t.Fatal("Failed marshalling ECDSA public key. Zero length") 427 } 428 } 429 430 func TestECDSAPublicKeySKI(t *testing.T) { 431 t.Parallel() 432 provider, _, cleanup := currentTestConfig.Provider(t) 433 defer cleanup() 434 435 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 436 if err != nil { 437 t.Fatalf("Failed generating ECDSA key [%s]", err) 438 } 439 440 pk, err := k.PublicKey() 441 if err != nil { 442 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 443 } 444 445 ski := pk.SKI() 446 if len(ski) == 0 { 447 t.Fatal("SKI not valid. Zero length.") 448 } 449 } 450 451 func TestECDSAKeyReRand(t *testing.T) { 452 t.Parallel() 453 provider, _, cleanup := currentTestConfig.Provider(t) 454 defer cleanup() 455 456 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 457 if err != nil { 458 t.Fatalf("Failed generating ECDSA key [%s]", err) 459 } 460 if k == nil { 461 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 462 } 463 464 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 465 if err != nil { 466 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 467 } 468 if !reRandomizedKey.Private() { 469 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be private") 470 } 471 if reRandomizedKey.Symmetric() { 472 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be asymmetric") 473 } 474 475 k2, err := k.PublicKey() 476 if err != nil { 477 t.Fatalf("Failed getting public ECDSA key from private [%s]", err) 478 } 479 if k2 == nil { 480 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 481 } 482 483 reRandomizedKey2, err := provider.KeyDeriv(k2, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 484 if err != nil { 485 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 486 } 487 488 if reRandomizedKey2.Private() { 489 t.Fatal("Re-randomized public Key must remain public") 490 } 491 if reRandomizedKey2.Symmetric() { 492 t.Fatal("Re-randomized ECDSA asymmetric key must remain asymmetric") 493 } 494 495 if false == bytes.Equal(reRandomizedKey.SKI(), reRandomizedKey2.SKI()) { 496 t.Fatal("Re-randomized ECDSA Private- or Public-Keys must end up having the same SKI") 497 } 498 } 499 500 func TestECDSASign(t *testing.T) { 501 t.Parallel() 502 provider, _, cleanup := currentTestConfig.Provider(t) 503 defer cleanup() 504 505 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 506 if err != nil { 507 t.Fatalf("Failed generating ECDSA key [%s]", err) 508 } 509 510 msg := []byte("Hello World") 511 512 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 513 if err != nil { 514 t.Fatalf("Failed computing HASH [%s]", err) 515 } 516 517 signature, err := provider.Sign(k, digest, nil) 518 if err != nil { 519 t.Fatalf("Failed generating ECDSA signature [%s]", err) 520 } 521 if len(signature) == 0 { 522 t.Fatal("Failed generating ECDSA key. Signature must be different from nil") 523 } 524 } 525 526 func TestECDSAVerify(t *testing.T) { 527 t.Parallel() 528 provider, ks, cleanup := currentTestConfig.Provider(t) 529 defer cleanup() 530 531 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 532 if err != nil { 533 t.Fatalf("Failed generating ECDSA key [%s]", err) 534 } 535 536 msg := []byte("Hello World") 537 538 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 539 if err != nil { 540 t.Fatalf("Failed computing HASH [%s]", err) 541 } 542 543 signature, err := provider.Sign(k, digest, nil) 544 if err != nil { 545 t.Fatalf("Failed generating ECDSA signature [%s]", err) 546 } 547 548 valid, err := provider.Verify(k, signature, digest, nil) 549 if err != nil { 550 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 551 } 552 if !valid { 553 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 554 } 555 556 pk, err := k.PublicKey() 557 if err != nil { 558 t.Fatalf("Failed getting corresponding public key [%s]", err) 559 } 560 561 valid, err = provider.Verify(pk, signature, digest, nil) 562 if err != nil { 563 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 564 } 565 if !valid { 566 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 567 } 568 569 // Store public key 570 err = ks.StoreKey(pk) 571 if err != nil { 572 t.Fatalf("Failed storing corresponding public key [%s]", err) 573 } 574 575 pk2, err := ks.GetKey(pk.SKI()) 576 if err != nil { 577 t.Fatalf("Failed retrieving corresponding public key [%s]", err) 578 } 579 580 valid, err = provider.Verify(pk2, signature, digest, nil) 581 if err != nil { 582 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 583 } 584 if !valid { 585 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 586 } 587 } 588 589 func TestECDSAKeyDeriv(t *testing.T) { 590 t.Parallel() 591 provider, _, cleanup := currentTestConfig.Provider(t) 592 defer cleanup() 593 594 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 595 if err != nil { 596 t.Fatalf("Failed generating ECDSA key [%s]", err) 597 } 598 599 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 600 if err != nil { 601 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 602 } 603 604 msg := []byte("Hello World") 605 606 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 607 if err != nil { 608 t.Fatalf("Failed computing HASH [%s]", err) 609 } 610 611 signature, err := provider.Sign(reRandomizedKey, digest, nil) 612 if err != nil { 613 t.Fatalf("Failed generating ECDSA signature [%s]", err) 614 } 615 616 valid, err := provider.Verify(reRandomizedKey, signature, digest, nil) 617 if err != nil { 618 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 619 } 620 if !valid { 621 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 622 } 623 } 624 625 func TestECDSAKeyImportFromExportedKey(t *testing.T) { 626 t.Parallel() 627 provider, _, cleanup := currentTestConfig.Provider(t) 628 defer cleanup() 629 630 // Generate an ECDSA key 631 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 632 if err != nil { 633 t.Fatalf("Failed generating ECDSA key [%s]", err) 634 } 635 636 // Export the public key 637 pk, err := k.PublicKey() 638 if err != nil { 639 t.Fatalf("Failed getting ECDSA public key [%s]", err) 640 } 641 642 pkRaw, err := pk.Bytes() 643 if err != nil { 644 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 645 } 646 647 // Import the exported public key 648 pk2, err := provider.KeyImport(pkRaw, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 649 if err != nil { 650 t.Fatalf("Failed importing ECDSA public key [%s]", err) 651 } 652 if pk2 == nil { 653 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 654 } 655 656 // Sign and verify with the imported public key 657 msg := []byte("Hello World") 658 659 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 660 if err != nil { 661 t.Fatalf("Failed computing HASH [%s]", err) 662 } 663 664 signature, err := provider.Sign(k, digest, nil) 665 if err != nil { 666 t.Fatalf("Failed generating ECDSA signature [%s]", err) 667 } 668 669 valid, err := provider.Verify(pk2, signature, digest, nil) 670 if err != nil { 671 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 672 } 673 if !valid { 674 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 675 } 676 } 677 678 func TestECDSAKeyImportFromECDSAPublicKey(t *testing.T) { 679 t.Parallel() 680 provider, _, cleanup := currentTestConfig.Provider(t) 681 defer cleanup() 682 683 // Generate an ECDSA key 684 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 685 if err != nil { 686 t.Fatalf("Failed generating ECDSA key [%s]", err) 687 } 688 689 // Export the public key 690 pk, err := k.PublicKey() 691 if err != nil { 692 t.Fatalf("Failed getting ECDSA public key [%s]", err) 693 } 694 695 pkRaw, err := pk.Bytes() 696 if err != nil { 697 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 698 } 699 700 pub, err := utils.DERToPublicKey(pkRaw) 701 if err != nil { 702 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 703 } 704 705 // Import the ecdsa.PublicKey 706 pk2, err := provider.KeyImport(pub, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: false}) 707 if err != nil { 708 t.Fatalf("Failed importing ECDSA public key [%s]", err) 709 } 710 if pk2 == nil { 711 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 712 } 713 714 // Sign and verify with the imported public key 715 msg := []byte("Hello World") 716 717 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 718 if err != nil { 719 t.Fatalf("Failed computing HASH [%s]", err) 720 } 721 722 signature, err := provider.Sign(k, digest, nil) 723 if err != nil { 724 t.Fatalf("Failed generating ECDSA signature [%s]", err) 725 } 726 727 valid, err := provider.Verify(pk2, signature, digest, nil) 728 if err != nil { 729 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 730 } 731 if !valid { 732 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 733 } 734 } 735 736 func TestECDSAKeyImportFromECDSAPrivateKey(t *testing.T) { 737 t.Parallel() 738 provider, _, cleanup := currentTestConfig.Provider(t) 739 defer cleanup() 740 741 // Generate an ECDSA key, default is P256 742 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 743 if err != nil { 744 t.Fatalf("Failed generating ECDSA key [%s]", err) 745 } 746 747 // Import the ecdsa.PrivateKey 748 priv, err := utils.PrivateKeyToDER(key) 749 if err != nil { 750 t.Fatalf("Failed converting raw to ecdsa.PrivateKey [%s]", err) 751 } 752 753 sk, err := provider.KeyImport(priv, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: false}) 754 if err != nil { 755 t.Fatalf("Failed importing ECDSA private key [%s]", err) 756 } 757 if sk == nil { 758 t.Fatal("Failed importing ECDSA private key. Return BCCSP key cannot be nil.") 759 } 760 761 // Import the ecdsa.PublicKey 762 pub, err := utils.PublicKeyToDER(&key.PublicKey) 763 if err != nil { 764 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 765 } 766 767 pk, err := provider.KeyImport(pub, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 768 769 if err != nil { 770 t.Fatalf("Failed importing ECDSA public key [%s]", err) 771 } 772 if pk == nil { 773 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 774 } 775 776 // Sign and verify with the imported public key 777 msg := []byte("Hello World") 778 779 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 780 if err != nil { 781 t.Fatalf("Failed computing HASH [%s]", err) 782 } 783 784 signature, err := provider.Sign(sk, digest, nil) 785 if err != nil { 786 t.Fatalf("Failed generating ECDSA signature [%s]", err) 787 } 788 789 valid, err := provider.Verify(pk, signature, digest, nil) 790 if err != nil { 791 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 792 } 793 if !valid { 794 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 795 } 796 } 797 798 func TestKeyImportFromX509ECDSAPublicKey(t *testing.T) { 799 t.Parallel() 800 provider, _, cleanup := currentTestConfig.Provider(t) 801 defer cleanup() 802 803 // Generate an ECDSA key 804 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 805 if err != nil { 806 t.Fatalf("Failed generating ECDSA key [%s]", err) 807 } 808 809 // Generate a self-signed certificate 810 testExtKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} 811 testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}} 812 extraExtensionData := []byte("extra extension") 813 commonName := "test.example.com" 814 template := x509.Certificate{ 815 SerialNumber: big.NewInt(1), 816 Subject: pkix.Name{ 817 CommonName: commonName, 818 Organization: []string{"Σ Acme Co"}, 819 Country: []string{"US"}, 820 ExtraNames: []pkix.AttributeTypeAndValue{ 821 { 822 Type: []int{2, 5, 4, 42}, 823 Value: "Gopher", 824 }, 825 // This should override the Country, above. 826 { 827 Type: []int{2, 5, 4, 6}, 828 Value: "NL", 829 }, 830 }, 831 }, 832 NotBefore: time.Now().Add(-1 * time.Hour), 833 NotAfter: time.Now().Add(1 * time.Hour), 834 835 SignatureAlgorithm: x509.ECDSAWithSHA256, 836 837 SubjectKeyId: []byte{1, 2, 3, 4}, 838 KeyUsage: x509.KeyUsageCertSign, 839 840 ExtKeyUsage: testExtKeyUsage, 841 UnknownExtKeyUsage: testUnknownExtKeyUsage, 842 843 BasicConstraintsValid: true, 844 IsCA: true, 845 846 OCSPServer: []string{"http://ocurrentBCCSP.example.com"}, 847 IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"}, 848 849 DNSNames: []string{"test.example.com"}, 850 EmailAddresses: []string{"gopher@golang.org"}, 851 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, 852 853 PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}}, 854 PermittedDNSDomains: []string{".example.com", "example.com"}, 855 856 CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"}, 857 858 ExtraExtensions: []pkix.Extension{ 859 { 860 Id: []int{1, 2, 3, 4}, 861 Value: extraExtensionData, 862 }, 863 }, 864 } 865 866 cryptoSigner, err := signer.New(provider, k) 867 if err != nil { 868 t.Fatalf("Failed initializing CyrptoSigner [%s]", err) 869 } 870 871 // Export the public key 872 pk, err := k.PublicKey() 873 if err != nil { 874 t.Fatalf("Failed getting ECDSA public key [%s]", err) 875 } 876 877 pkRaw, err := pk.Bytes() 878 if err != nil { 879 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 880 } 881 882 pub, err := utils.DERToPublicKey(pkRaw) 883 if err != nil { 884 t.Fatalf("Failed converting raw to ECDSA.PublicKey [%s]", err) 885 } 886 887 certRaw, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, cryptoSigner) 888 if err != nil { 889 t.Fatalf("Failed generating self-signed certificate [%s]", err) 890 } 891 892 cert, err := utils.DERToX509Certificate(certRaw) 893 if err != nil { 894 t.Fatalf("Failed generating X509 certificate object from raw [%s]", err) 895 } 896 897 // Import the certificate's public key 898 pk2, err := provider.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: false}) 899 900 if err != nil { 901 t.Fatalf("Failed importing ECDSA public key [%s]", err) 902 } 903 if pk2 == nil { 904 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 905 } 906 907 // Sign and verify with the imported public key 908 msg := []byte("Hello World") 909 910 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 911 if err != nil { 912 t.Fatalf("Failed computing HASH [%s]", err) 913 } 914 915 signature, err := provider.Sign(k, digest, nil) 916 if err != nil { 917 t.Fatalf("Failed generating ECDSA signature [%s]", err) 918 } 919 920 valid, err := provider.Verify(pk2, signature, digest, nil) 921 if err != nil { 922 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 923 } 924 if !valid { 925 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 926 } 927 } 928 929 func TestECDSASignatureEncoding(t *testing.T) { 930 t.Parallel() 931 932 v := []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0xff, 0xf1} 933 _, err := asn1.Unmarshal(v, &utils.ECDSASignature{}) 934 if err == nil { 935 t.Fatalf("Unmarshalling should fail for [% x]", v) 936 } 937 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 938 939 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0x00, 0x01} 940 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 941 if err == nil { 942 t.Fatalf("Unmarshalling should fail for [% x]", v) 943 } 944 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 945 946 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x01} 947 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 948 if err == nil { 949 t.Fatalf("Unmarshalling should fail for [% x]", v) 950 } 951 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 952 953 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x8F} 954 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 955 if err == nil { 956 t.Fatalf("Unmarshalling should fail for [% x]", v) 957 } 958 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 959 960 v = []byte{0x30, 0x0A, 0x02, 0x01, 0x8F, 0x02, 0x05, 0x00, 0x00, 0x00, 0x00, 0x8F} 961 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 962 if err == nil { 963 t.Fatalf("Unmarshalling should fail for [% x]", v) 964 } 965 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 966 967 } 968 969 func TestECDSALowS(t *testing.T) { 970 t.Parallel() 971 provider, _, cleanup := currentTestConfig.Provider(t) 972 defer cleanup() 973 974 // Ensure that signature with low-S are generated 975 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 976 if err != nil { 977 t.Fatalf("Failed generating ECDSA key [%s]", err) 978 } 979 980 msg := []byte("Hello World") 981 982 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 983 if err != nil { 984 t.Fatalf("Failed computing HASH [%s]", err) 985 } 986 987 signature, err := provider.Sign(k, digest, nil) 988 if err != nil { 989 t.Fatalf("Failed generating ECDSA signature [%s]", err) 990 } 991 992 _, S, err := utils.UnmarshalECDSASignature(signature) 993 if err != nil { 994 t.Fatalf("Failed unmarshalling signature [%s]", err) 995 } 996 997 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) >= 0 { 998 t.Fatal("Invalid signature. It must have low-S") 999 } 1000 1001 valid, err := provider.Verify(k, signature, digest, nil) 1002 if err != nil { 1003 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 1004 } 1005 if !valid { 1006 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 1007 } 1008 1009 // Ensure that signature with high-S are rejected. 1010 var R *big.Int 1011 for { 1012 R, S, err = ecdsa.Sign(rand.Reader, k.(*ecdsaPrivateKey).privKey, digest) 1013 if err != nil { 1014 t.Fatalf("Failed generating signature [%s]", err) 1015 } 1016 1017 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) > 0 { 1018 break 1019 } 1020 } 1021 1022 sig, err := utils.MarshalECDSASignature(R, S) 1023 if err != nil { 1024 t.Fatalf("Failing unmarshalling signature [%s]", err) 1025 } 1026 1027 valid, err = provider.Verify(k, sig, digest, nil) 1028 if err == nil { 1029 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1030 } 1031 if valid { 1032 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1033 } 1034 } 1035 1036 func TestAESKeyGen(t *testing.T) { 1037 t.Parallel() 1038 provider, _, cleanup := currentTestConfig.Provider(t) 1039 defer cleanup() 1040 1041 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1042 if err != nil { 1043 t.Fatalf("Failed generating AES_256 key [%s]", err) 1044 } 1045 if k == nil { 1046 t.Fatal("Failed generating AES_256 key. Key must be different from nil") 1047 } 1048 if !k.Private() { 1049 t.Fatal("Failed generating AES_256 key. Key should be private") 1050 } 1051 if !k.Symmetric() { 1052 t.Fatal("Failed generating AES_256 key. Key should be symmetric") 1053 } 1054 1055 pk, err := k.PublicKey() 1056 if err == nil { 1057 t.Fatal("Error should be different from nil in this case") 1058 } 1059 if pk != nil { 1060 t.Fatal("Return value should be equal to nil in this case") 1061 } 1062 } 1063 1064 func TestAESEncrypt(t *testing.T) { 1065 t.Parallel() 1066 provider, _, cleanup := currentTestConfig.Provider(t) 1067 defer cleanup() 1068 1069 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1070 if err != nil { 1071 t.Fatalf("Failed generating AES_256 key [%s]", err) 1072 } 1073 1074 ct, err := provider.Encrypt(k, []byte("Hello World"), &bccsp.AESCBCPKCS7ModeOpts{}) 1075 if err != nil { 1076 t.Fatalf("Failed encrypting [%s]", err) 1077 } 1078 if len(ct) == 0 { 1079 t.Fatal("Failed encrypting. Nil ciphertext") 1080 } 1081 } 1082 1083 func TestAESDecrypt(t *testing.T) { 1084 t.Parallel() 1085 provider, _, cleanup := currentTestConfig.Provider(t) 1086 defer cleanup() 1087 1088 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1089 if err != nil { 1090 t.Fatalf("Failed generating AES_256 key [%s]", err) 1091 } 1092 1093 msg := []byte("Hello World") 1094 1095 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1096 if err != nil { 1097 t.Fatalf("Failed encrypting [%s]", err) 1098 } 1099 1100 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1101 if err != nil { 1102 t.Fatalf("Failed decrypting [%s]", err) 1103 } 1104 if len(ct) == 0 { 1105 t.Fatal("Failed decrypting. Nil plaintext") 1106 } 1107 1108 if !bytes.Equal(msg, pt) { 1109 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1110 } 1111 } 1112 1113 func TestHMACTruncated256KeyDerivOverAES256Key(t *testing.T) { 1114 t.Parallel() 1115 provider, _, cleanup := currentTestConfig.Provider(t) 1116 defer cleanup() 1117 1118 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1119 if err != nil { 1120 t.Fatalf("Failed generating AES_256 key [%s]", err) 1121 } 1122 1123 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACTruncated256AESDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1124 if err != nil { 1125 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1126 } 1127 if k == nil { 1128 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1129 } 1130 if !hmcaedKey.Private() { 1131 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1132 } 1133 if !hmcaedKey.Symmetric() { 1134 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1135 } 1136 raw, err := hmcaedKey.Bytes() 1137 if err == nil { 1138 t.Fatal("Failed marshalling to bytes. Operation must be forbidden") 1139 } 1140 if len(raw) != 0 { 1141 t.Fatal("Failed marshalling to bytes. Operation must return 0 bytes") 1142 } 1143 1144 msg := []byte("Hello World") 1145 1146 ct, err := provider.Encrypt(hmcaedKey, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1147 if err != nil { 1148 t.Fatalf("Failed encrypting [%s]", err) 1149 } 1150 1151 pt, err := provider.Decrypt(hmcaedKey, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1152 if err != nil { 1153 t.Fatalf("Failed decrypting [%s]", err) 1154 } 1155 if len(ct) == 0 { 1156 t.Fatal("Failed decrypting. Nil plaintext") 1157 } 1158 1159 if !bytes.Equal(msg, pt) { 1160 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1161 } 1162 } 1163 1164 func TestHMACKeyDerivOverAES256Key(t *testing.T) { 1165 t.Parallel() 1166 provider, _, cleanup := currentTestConfig.Provider(t) 1167 defer cleanup() 1168 1169 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1170 if err != nil { 1171 t.Fatalf("Failed generating AES_256 key [%s]", err) 1172 } 1173 1174 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1175 1176 if err != nil { 1177 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1178 } 1179 if k == nil { 1180 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1181 } 1182 if !hmcaedKey.Private() { 1183 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1184 } 1185 if !hmcaedKey.Symmetric() { 1186 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1187 } 1188 raw, err := hmcaedKey.Bytes() 1189 if err != nil { 1190 t.Fatalf("Failed marshalling to bytes [%s]", err) 1191 } 1192 if len(raw) == 0 { 1193 t.Fatal("Failed marshalling to bytes. 0 bytes") 1194 } 1195 } 1196 1197 func TestAES256KeyImport(t *testing.T) { 1198 t.Parallel() 1199 provider, _, cleanup := currentTestConfig.Provider(t) 1200 defer cleanup() 1201 1202 raw, err := GetRandomBytes(32) 1203 if err != nil { 1204 t.Fatalf("Failed generating AES key [%s]", err) 1205 } 1206 1207 k, err := provider.KeyImport(raw, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1208 if err != nil { 1209 t.Fatalf("Failed importing AES_256 key [%s]", err) 1210 } 1211 if k == nil { 1212 t.Fatal("Failed importing AES_256 key. Imported Key must be different from nil") 1213 } 1214 if !k.Private() { 1215 t.Fatal("Failed HMACing AES_256 key. Imported Key should be private") 1216 } 1217 if !k.Symmetric() { 1218 t.Fatal("Failed HMACing AES_256 key. Imported Key should be asymmetric") 1219 } 1220 raw, err = k.Bytes() 1221 if err == nil { 1222 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 1223 } 1224 if len(raw) != 0 { 1225 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 1226 } 1227 1228 msg := []byte("Hello World") 1229 1230 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1231 if err != nil { 1232 t.Fatalf("Failed encrypting [%s]", err) 1233 } 1234 1235 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1236 if err != nil { 1237 t.Fatalf("Failed decrypting [%s]", err) 1238 } 1239 if len(ct) == 0 { 1240 t.Fatal("Failed decrypting. Nil plaintext") 1241 } 1242 1243 if !bytes.Equal(msg, pt) { 1244 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1245 } 1246 } 1247 1248 func TestAES256KeyImportBadPaths(t *testing.T) { 1249 t.Parallel() 1250 provider, _, cleanup := currentTestConfig.Provider(t) 1251 defer cleanup() 1252 1253 _, err := provider.KeyImport(nil, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1254 if err == nil { 1255 t.Fatal("Failed importing key. Must fail on importing nil key") 1256 } 1257 1258 _, err = provider.KeyImport([]byte{1}, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1259 if err == nil { 1260 t.Fatal("Failed importing key. Must fail on importing a key with an invalid length") 1261 } 1262 } 1263 1264 func TestAES256KeyGenSKI(t *testing.T) { 1265 t.Parallel() 1266 provider, _, cleanup := currentTestConfig.Provider(t) 1267 defer cleanup() 1268 1269 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1270 if err != nil { 1271 t.Fatalf("Failed generating AES_256 key [%s]", err) 1272 } 1273 1274 k2, err := provider.GetKey(k.SKI()) 1275 if err != nil { 1276 t.Fatalf("Failed getting AES_256 key [%s]", err) 1277 } 1278 if k2 == nil { 1279 t.Fatal("Failed getting AES_256 key. Key must be different from nil") 1280 } 1281 if !k2.Private() { 1282 t.Fatal("Failed getting AES_256 key. Key should be private") 1283 } 1284 if !k2.Symmetric() { 1285 t.Fatal("Failed getting AES_256 key. Key should be symmetric") 1286 } 1287 1288 // Check that the SKIs are the same 1289 if !bytes.Equal(k.SKI(), k2.SKI()) { 1290 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 1291 } 1292 } 1293 1294 func TestSHA(t *testing.T) { 1295 t.Parallel() 1296 provider, _, cleanup := currentTestConfig.Provider(t) 1297 defer cleanup() 1298 1299 for i := 0; i < 100; i++ { 1300 b, err := GetRandomBytes(i) 1301 if err != nil { 1302 t.Fatalf("Failed getting random bytes [%s]", err) 1303 } 1304 1305 h1, err := provider.Hash(b, &bccsp.SHAOpts{}) 1306 if err != nil { 1307 t.Fatalf("Failed computing SHA [%s]", err) 1308 } 1309 1310 var h hash.Hash 1311 switch currentTestConfig.hashFamily { 1312 case "SHA2": 1313 switch currentTestConfig.securityLevel { 1314 case 256: 1315 h = sha256.New() 1316 case 384: 1317 h = sha512.New384() 1318 default: 1319 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1320 } 1321 case "SHA3": 1322 switch currentTestConfig.securityLevel { 1323 case 256: 1324 h = sha3.New256() 1325 case 384: 1326 h = sha3.New384() 1327 default: 1328 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1329 } 1330 default: 1331 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1332 } 1333 1334 h.Write(b) 1335 h2 := h.Sum(nil) 1336 if !bytes.Equal(h1, h2) { 1337 t.Fatalf("Discrempancy found in HASH result [%x], [%x]!=[%x]", b, h1, h2) 1338 } 1339 } 1340 } 1341 1342 func TestAddWrapper(t *testing.T) { 1343 t.Parallel() 1344 p, _, cleanup := currentTestConfig.Provider(t) 1345 defer cleanup() 1346 1347 sw, ok := p.(*CSP) 1348 assert.True(t, ok) 1349 1350 tester := func(o interface{}, getter func(t reflect.Type) (interface{}, bool)) { 1351 tt := reflect.TypeOf(o) 1352 err := sw.AddWrapper(tt, o) 1353 assert.NoError(t, err) 1354 o2, ok := getter(tt) 1355 assert.True(t, ok) 1356 assert.Equal(t, o, o2) 1357 } 1358 1359 tester(&mocks.KeyGenerator{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyGenerators[t]; return o, ok }) 1360 tester(&mocks.KeyDeriver{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyDerivers[t]; return o, ok }) 1361 tester(&mocks.KeyImporter{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyImporters[t]; return o, ok }) 1362 tester(&mocks.Encryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Encryptors[t]; return o, ok }) 1363 tester(&mocks.Decryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Decryptors[t]; return o, ok }) 1364 tester(&mocks.Signer{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Signers[t]; return o, ok }) 1365 tester(&mocks.Verifier{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Verifiers[t]; return o, ok }) 1366 tester(&mocks.Hasher{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Hashers[t]; return o, ok }) 1367 1368 // Add invalid wrapper 1369 err := sw.AddWrapper(reflect.TypeOf(cleanup), cleanup) 1370 assert.Error(t, err) 1371 assert.Equal(t, err.Error(), "wrapper type not valid, must be on of: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher") 1372 } 1373 1374 func getCryptoHashIndex(t *testing.T) crypto.Hash { 1375 switch currentTestConfig.hashFamily { 1376 case "SHA2": 1377 switch currentTestConfig.securityLevel { 1378 case 256: 1379 return crypto.SHA256 1380 case 384: 1381 return crypto.SHA384 1382 default: 1383 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1384 } 1385 case "SHA3": 1386 switch currentTestConfig.securityLevel { 1387 case 256: 1388 return crypto.SHA3_256 1389 case 384: 1390 return crypto.SHA3_384 1391 default: 1392 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1393 } 1394 default: 1395 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1396 } 1397 1398 return crypto.SHA3_256 1399 }