github.com/kchristidis/fabric@v1.0.4-0.20171028114726-837acd08cde1/bccsp/sw/rsa_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package sw 18 19 import ( 20 "crypto" 21 "crypto/rand" 22 "crypto/rsa" 23 "crypto/sha256" 24 "crypto/x509" 25 "encoding/asn1" 26 "strings" 27 "testing" 28 29 "github.com/hyperledger/fabric/bccsp/mocks" 30 "github.com/stretchr/testify/assert" 31 ) 32 33 func TestRSAPrivateKey(t *testing.T) { 34 lowLevelKey, err := rsa.GenerateKey(rand.Reader, 512) 35 assert.NoError(t, err) 36 k := &rsaPrivateKey{lowLevelKey} 37 38 assert.False(t, k.Symmetric()) 39 assert.True(t, k.Private()) 40 41 _, err = k.Bytes() 42 assert.Error(t, err) 43 assert.Contains(t, err.Error(), "Not supported.") 44 45 k.privKey = nil 46 ski := k.SKI() 47 assert.Nil(t, ski) 48 49 k.privKey = lowLevelKey 50 ski = k.SKI() 51 raw, _ := asn1.Marshal(rsaPublicKeyASN{N: k.privKey.N, E: k.privKey.E}) 52 hash := sha256.New() 53 hash.Write(raw) 54 ski2 := hash.Sum(nil) 55 assert.Equal(t, ski2, ski, "SKI is not computed in the right way.") 56 57 pk, err := k.PublicKey() 58 assert.NoError(t, err) 59 assert.NotNil(t, pk) 60 ecdsaPK, ok := pk.(*rsaPublicKey) 61 assert.True(t, ok) 62 assert.Equal(t, &lowLevelKey.PublicKey, ecdsaPK.pubKey) 63 } 64 65 func TestRSAPublicKey(t *testing.T) { 66 lowLevelKey, err := rsa.GenerateKey(rand.Reader, 512) 67 assert.NoError(t, err) 68 k := &rsaPublicKey{&lowLevelKey.PublicKey} 69 70 assert.False(t, k.Symmetric()) 71 assert.False(t, k.Private()) 72 73 k.pubKey = nil 74 ski := k.SKI() 75 assert.Nil(t, ski) 76 77 k.pubKey = &lowLevelKey.PublicKey 78 ski = k.SKI() 79 raw, _ := asn1.Marshal(rsaPublicKeyASN{N: k.pubKey.N, E: k.pubKey.E}) 80 hash := sha256.New() 81 hash.Write(raw) 82 ski2 := hash.Sum(nil) 83 assert.Equal(t, ski, ski2, "SKI is not computed in the right way.") 84 85 pk, err := k.PublicKey() 86 assert.NoError(t, err) 87 assert.Equal(t, k, pk) 88 89 bytes, err := k.Bytes() 90 assert.NoError(t, err) 91 bytes2, err := x509.MarshalPKIXPublicKey(k.pubKey) 92 assert.Equal(t, bytes2, bytes, "bytes are not computed in the right way.") 93 } 94 95 func TestRSASignerSign(t *testing.T) { 96 signer := &rsaSigner{} 97 verifierPrivateKey := &rsaPrivateKeyVerifier{} 98 verifierPublicKey := &rsaPublicKeyKeyVerifier{} 99 100 // Generate a key 101 lowLevelKey, err := rsa.GenerateKey(rand.Reader, 1024) 102 assert.NoError(t, err) 103 k := &rsaPrivateKey{lowLevelKey} 104 pk, err := k.PublicKey() 105 assert.NoError(t, err) 106 107 // Sign 108 msg := []byte("Hello World!!!") 109 110 _, err = signer.Sign(k, msg, nil) 111 assert.Error(t, err) 112 assert.Contains(t, err.Error(), "Invalid options. Must be different from nil.") 113 114 _, err = signer.Sign(k, msg, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256}) 115 assert.Error(t, err) 116 117 hf := sha256.New() 118 hf.Write(msg) 119 digest := hf.Sum(nil) 120 sigma, err := signer.Sign(k, digest, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256}) 121 assert.NoError(t, err) 122 123 opts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256} 124 // Verify against msg, must fail 125 err = rsa.VerifyPSS(&lowLevelKey.PublicKey, crypto.SHA256, msg, sigma, opts) 126 assert.Error(t, err) 127 assert.Contains(t, err.Error(), "crypto/rsa: verification error") 128 129 // Verify against digest, must succeed 130 err = rsa.VerifyPSS(&lowLevelKey.PublicKey, crypto.SHA256, digest, sigma, opts) 131 assert.NoError(t, err) 132 133 valid, err := verifierPrivateKey.Verify(k, sigma, msg, opts) 134 assert.Error(t, err) 135 assert.True(t, strings.Contains(err.Error(), "crypto/rsa: verification error")) 136 137 valid, err = verifierPrivateKey.Verify(k, sigma, digest, opts) 138 assert.NoError(t, err) 139 assert.True(t, valid) 140 141 valid, err = verifierPublicKey.Verify(pk, sigma, msg, opts) 142 assert.Error(t, err) 143 assert.True(t, strings.Contains(err.Error(), "crypto/rsa: verification error")) 144 145 valid, err = verifierPublicKey.Verify(pk, sigma, digest, opts) 146 assert.NoError(t, err) 147 assert.True(t, valid) 148 } 149 150 func TestRSAVerifiersInvalidInputs(t *testing.T) { 151 verifierPrivate := &rsaPrivateKeyVerifier{} 152 _, err := verifierPrivate.Verify(nil, nil, nil, nil) 153 assert.Error(t, err) 154 assert.True(t, strings.Contains(err.Error(), "Invalid options. It must not be nil.")) 155 156 _, err = verifierPrivate.Verify(nil, nil, nil, &mocks.SignerOpts{}) 157 assert.Error(t, err) 158 assert.True(t, strings.Contains(err.Error(), "Opts type not recognized [")) 159 160 verifierPublic := &rsaPublicKeyKeyVerifier{} 161 _, err = verifierPublic.Verify(nil, nil, nil, nil) 162 assert.Error(t, err) 163 assert.True(t, strings.Contains(err.Error(), "Invalid options. It must not be nil.")) 164 165 _, err = verifierPublic.Verify(nil, nil, nil, &mocks.SignerOpts{}) 166 assert.Error(t, err) 167 assert.True(t, strings.Contains(err.Error(), "Opts type not recognized [")) 168 }