github.com/kchristidis/fabric@v1.0.4-0.20171028114726-837acd08cde1/bccsp/sw/rsa_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2017 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package sw
    18  
    19  import (
    20  	"crypto"
    21  	"crypto/rand"
    22  	"crypto/rsa"
    23  	"crypto/sha256"
    24  	"crypto/x509"
    25  	"encoding/asn1"
    26  	"strings"
    27  	"testing"
    28  
    29  	"github.com/hyperledger/fabric/bccsp/mocks"
    30  	"github.com/stretchr/testify/assert"
    31  )
    32  
    33  func TestRSAPrivateKey(t *testing.T) {
    34  	lowLevelKey, err := rsa.GenerateKey(rand.Reader, 512)
    35  	assert.NoError(t, err)
    36  	k := &rsaPrivateKey{lowLevelKey}
    37  
    38  	assert.False(t, k.Symmetric())
    39  	assert.True(t, k.Private())
    40  
    41  	_, err = k.Bytes()
    42  	assert.Error(t, err)
    43  	assert.Contains(t, err.Error(), "Not supported.")
    44  
    45  	k.privKey = nil
    46  	ski := k.SKI()
    47  	assert.Nil(t, ski)
    48  
    49  	k.privKey = lowLevelKey
    50  	ski = k.SKI()
    51  	raw, _ := asn1.Marshal(rsaPublicKeyASN{N: k.privKey.N, E: k.privKey.E})
    52  	hash := sha256.New()
    53  	hash.Write(raw)
    54  	ski2 := hash.Sum(nil)
    55  	assert.Equal(t, ski2, ski, "SKI is not computed in the right way.")
    56  
    57  	pk, err := k.PublicKey()
    58  	assert.NoError(t, err)
    59  	assert.NotNil(t, pk)
    60  	ecdsaPK, ok := pk.(*rsaPublicKey)
    61  	assert.True(t, ok)
    62  	assert.Equal(t, &lowLevelKey.PublicKey, ecdsaPK.pubKey)
    63  }
    64  
    65  func TestRSAPublicKey(t *testing.T) {
    66  	lowLevelKey, err := rsa.GenerateKey(rand.Reader, 512)
    67  	assert.NoError(t, err)
    68  	k := &rsaPublicKey{&lowLevelKey.PublicKey}
    69  
    70  	assert.False(t, k.Symmetric())
    71  	assert.False(t, k.Private())
    72  
    73  	k.pubKey = nil
    74  	ski := k.SKI()
    75  	assert.Nil(t, ski)
    76  
    77  	k.pubKey = &lowLevelKey.PublicKey
    78  	ski = k.SKI()
    79  	raw, _ := asn1.Marshal(rsaPublicKeyASN{N: k.pubKey.N, E: k.pubKey.E})
    80  	hash := sha256.New()
    81  	hash.Write(raw)
    82  	ski2 := hash.Sum(nil)
    83  	assert.Equal(t, ski, ski2, "SKI is not computed in the right way.")
    84  
    85  	pk, err := k.PublicKey()
    86  	assert.NoError(t, err)
    87  	assert.Equal(t, k, pk)
    88  
    89  	bytes, err := k.Bytes()
    90  	assert.NoError(t, err)
    91  	bytes2, err := x509.MarshalPKIXPublicKey(k.pubKey)
    92  	assert.Equal(t, bytes2, bytes, "bytes are not computed in the right way.")
    93  }
    94  
    95  func TestRSASignerSign(t *testing.T) {
    96  	signer := &rsaSigner{}
    97  	verifierPrivateKey := &rsaPrivateKeyVerifier{}
    98  	verifierPublicKey := &rsaPublicKeyKeyVerifier{}
    99  
   100  	// Generate a key
   101  	lowLevelKey, err := rsa.GenerateKey(rand.Reader, 1024)
   102  	assert.NoError(t, err)
   103  	k := &rsaPrivateKey{lowLevelKey}
   104  	pk, err := k.PublicKey()
   105  	assert.NoError(t, err)
   106  
   107  	// Sign
   108  	msg := []byte("Hello World!!!")
   109  
   110  	_, err = signer.Sign(k, msg, nil)
   111  	assert.Error(t, err)
   112  	assert.Contains(t, err.Error(), "Invalid options. Must be different from nil.")
   113  
   114  	_, err = signer.Sign(k, msg, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256})
   115  	assert.Error(t, err)
   116  
   117  	hf := sha256.New()
   118  	hf.Write(msg)
   119  	digest := hf.Sum(nil)
   120  	sigma, err := signer.Sign(k, digest, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256})
   121  	assert.NoError(t, err)
   122  
   123  	opts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: crypto.SHA256}
   124  	// Verify against msg, must fail
   125  	err = rsa.VerifyPSS(&lowLevelKey.PublicKey, crypto.SHA256, msg, sigma, opts)
   126  	assert.Error(t, err)
   127  	assert.Contains(t, err.Error(), "crypto/rsa: verification error")
   128  
   129  	// Verify against digest, must succeed
   130  	err = rsa.VerifyPSS(&lowLevelKey.PublicKey, crypto.SHA256, digest, sigma, opts)
   131  	assert.NoError(t, err)
   132  
   133  	valid, err := verifierPrivateKey.Verify(k, sigma, msg, opts)
   134  	assert.Error(t, err)
   135  	assert.True(t, strings.Contains(err.Error(), "crypto/rsa: verification error"))
   136  
   137  	valid, err = verifierPrivateKey.Verify(k, sigma, digest, opts)
   138  	assert.NoError(t, err)
   139  	assert.True(t, valid)
   140  
   141  	valid, err = verifierPublicKey.Verify(pk, sigma, msg, opts)
   142  	assert.Error(t, err)
   143  	assert.True(t, strings.Contains(err.Error(), "crypto/rsa: verification error"))
   144  
   145  	valid, err = verifierPublicKey.Verify(pk, sigma, digest, opts)
   146  	assert.NoError(t, err)
   147  	assert.True(t, valid)
   148  }
   149  
   150  func TestRSAVerifiersInvalidInputs(t *testing.T) {
   151  	verifierPrivate := &rsaPrivateKeyVerifier{}
   152  	_, err := verifierPrivate.Verify(nil, nil, nil, nil)
   153  	assert.Error(t, err)
   154  	assert.True(t, strings.Contains(err.Error(), "Invalid options. It must not be nil."))
   155  
   156  	_, err = verifierPrivate.Verify(nil, nil, nil, &mocks.SignerOpts{})
   157  	assert.Error(t, err)
   158  	assert.True(t, strings.Contains(err.Error(), "Opts type not recognized ["))
   159  
   160  	verifierPublic := &rsaPublicKeyKeyVerifier{}
   161  	_, err = verifierPublic.Verify(nil, nil, nil, nil)
   162  	assert.Error(t, err)
   163  	assert.True(t, strings.Contains(err.Error(), "Invalid options. It must not be nil."))
   164  
   165  	_, err = verifierPublic.Verify(nil, nil, nil, &mocks.SignerOpts{})
   166  	assert.Error(t, err)
   167  	assert.True(t, strings.Contains(err.Error(), "Opts type not recognized ["))
   168  }