github.com/kchristidis/fabric@v1.0.4-0.20171028114726-837acd08cde1/bccsp/utils/keys_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package utils 18 19 import ( 20 "crypto/ecdsa" 21 "crypto/elliptic" 22 "crypto/rand" 23 "crypto/rsa" 24 "crypto/x509" 25 "encoding/asn1" 26 "encoding/pem" 27 "testing" 28 29 "github.com/stretchr/testify/assert" 30 ) 31 32 func TestOidFromNamedCurve(t *testing.T) { 33 34 var ( 35 oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33} 36 oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} 37 oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} 38 oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} 39 ) 40 41 type result struct { 42 oid asn1.ObjectIdentifier 43 ok bool 44 } 45 46 var tests = []struct { 47 name string 48 curve elliptic.Curve 49 expected result 50 }{ 51 { 52 name: "P224", 53 curve: elliptic.P224(), 54 expected: result{ 55 oid: oidNamedCurveP224, 56 ok: true, 57 }, 58 }, 59 { 60 name: "P256", 61 curve: elliptic.P256(), 62 expected: result{ 63 oid: oidNamedCurveP256, 64 ok: true, 65 }, 66 }, 67 { 68 name: "P384", 69 curve: elliptic.P384(), 70 expected: result{ 71 oid: oidNamedCurveP384, 72 ok: true, 73 }, 74 }, 75 { 76 name: "P521", 77 curve: elliptic.P521(), 78 expected: result{ 79 oid: oidNamedCurveP521, 80 ok: true, 81 }, 82 }, 83 { 84 name: "T-1000", 85 curve: &elliptic.CurveParams{Name: "T-1000"}, 86 expected: result{ 87 oid: nil, 88 ok: false, 89 }, 90 }, 91 } 92 93 for _, test := range tests { 94 t.Run(test.name, func(t *testing.T) { 95 oid, ok := oidFromNamedCurve(test.curve) 96 assert.Equal(t, oid, test.expected.oid) 97 assert.Equal(t, ok, test.expected.ok) 98 }) 99 } 100 101 } 102 103 func TestECDSAKeys(t *testing.T) { 104 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 105 if err != nil { 106 t.Fatalf("Failed generating ECDSA key [%s]", err) 107 } 108 109 // Private Key DER format 110 der, err := PrivateKeyToDER(key) 111 if err != nil { 112 t.Fatalf("Failed converting private key to DER [%s]", err) 113 } 114 keyFromDER, err := DERToPrivateKey(der) 115 if err != nil { 116 t.Fatalf("Failed converting DER to private key [%s]", err) 117 } 118 ecdsaKeyFromDer := keyFromDER.(*ecdsa.PrivateKey) 119 // TODO: check the curve 120 if key.D.Cmp(ecdsaKeyFromDer.D) != 0 { 121 t.Fatal("Failed converting DER to private key. Invalid D.") 122 } 123 if key.X.Cmp(ecdsaKeyFromDer.X) != 0 { 124 t.Fatal("Failed converting DER to private key. Invalid X coordinate.") 125 } 126 if key.Y.Cmp(ecdsaKeyFromDer.Y) != 0 { 127 t.Fatal("Failed converting DER to private key. Invalid Y coordinate.") 128 } 129 130 // Private Key PEM format 131 rawPEM, err := PrivateKeyToPEM(key, nil) 132 if err != nil { 133 t.Fatalf("Failed converting private key to PEM [%s]", err) 134 } 135 pemBlock, _ := pem.Decode(rawPEM) 136 if pemBlock.Type != "PRIVATE KEY" { 137 t.Fatalf("Expected type 'PRIVATE KEY' but found '%s'", pemBlock.Type) 138 } 139 _, err = x509.ParsePKCS8PrivateKey(pemBlock.Bytes) 140 if err != nil { 141 t.Fatalf("Failed to parse PKCS#8 private key [%s]", err) 142 } 143 keyFromPEM, err := PEMtoPrivateKey(rawPEM, nil) 144 if err != nil { 145 t.Fatalf("Failed converting DER to private key [%s]", err) 146 } 147 ecdsaKeyFromPEM := keyFromPEM.(*ecdsa.PrivateKey) 148 // TODO: check the curve 149 if key.D.Cmp(ecdsaKeyFromPEM.D) != 0 { 150 t.Fatal("Failed converting PEM to private key. Invalid D.") 151 } 152 if key.X.Cmp(ecdsaKeyFromPEM.X) != 0 { 153 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 154 } 155 if key.Y.Cmp(ecdsaKeyFromPEM.Y) != 0 { 156 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 157 } 158 159 // Nil Private Key <-> PEM 160 _, err = PrivateKeyToPEM(nil, nil) 161 if err == nil { 162 t.Fatal("PublicKeyToPEM should fail on nil") 163 } 164 165 _, err = PrivateKeyToPEM((*ecdsa.PrivateKey)(nil), nil) 166 if err == nil { 167 t.Fatal("PrivateKeyToPEM should fail on nil") 168 } 169 170 _, err = PrivateKeyToPEM((*rsa.PrivateKey)(nil), nil) 171 if err == nil { 172 t.Fatal("PrivateKeyToPEM should fail on nil") 173 } 174 175 _, err = PEMtoPrivateKey(nil, nil) 176 if err == nil { 177 t.Fatal("PEMtoPublicKey should fail on nil") 178 } 179 180 _, err = PEMtoPrivateKey([]byte{0, 1, 3, 4}, nil) 181 if err == nil { 182 t.Fatal("PEMtoPublicKey should fail invalid PEM") 183 } 184 185 _, err = DERToPrivateKey(nil) 186 if err == nil { 187 t.Fatal("DERToPrivateKey should fail on nil") 188 } 189 190 _, err = DERToPrivateKey([]byte{0, 1, 3, 4}) 191 if err == nil { 192 t.Fatal("DERToPrivateKey should fail on invalid DER") 193 } 194 195 _, err = PrivateKeyToDER(nil) 196 if err == nil { 197 t.Fatal("DERToPrivateKey should fail on nil") 198 } 199 200 // Private Key Encrypted PEM format 201 encPEM, err := PrivateKeyToPEM(key, []byte("passwd")) 202 if err != nil { 203 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 204 } 205 _, err = PEMtoPrivateKey(encPEM, nil) 206 assert.Error(t, err) 207 encKeyFromPEM, err := PEMtoPrivateKey(encPEM, []byte("passwd")) 208 if err != nil { 209 t.Fatalf("Failed converting DER to private key [%s]", err) 210 } 211 ecdsaKeyFromEncPEM := encKeyFromPEM.(*ecdsa.PrivateKey) 212 // TODO: check the curve 213 if key.D.Cmp(ecdsaKeyFromEncPEM.D) != 0 { 214 t.Fatal("Failed converting encrypted PEM to private key. Invalid D.") 215 } 216 if key.X.Cmp(ecdsaKeyFromEncPEM.X) != 0 { 217 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 218 } 219 if key.Y.Cmp(ecdsaKeyFromEncPEM.Y) != 0 { 220 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 221 } 222 223 // Public Key PEM format 224 rawPEM, err = PublicKeyToPEM(&key.PublicKey, nil) 225 if err != nil { 226 t.Fatalf("Failed converting public key to PEM [%s]", err) 227 } 228 pemBlock, _ = pem.Decode(rawPEM) 229 if pemBlock.Type != "PUBLIC KEY" { 230 t.Fatalf("Expected type 'PUBLIC KEY' but found '%s'", pemBlock.Type) 231 } 232 keyFromPEM, err = PEMtoPublicKey(rawPEM, nil) 233 if err != nil { 234 t.Fatalf("Failed converting DER to public key [%s]", err) 235 } 236 ecdsaPkFromPEM := keyFromPEM.(*ecdsa.PublicKey) 237 // TODO: check the curve 238 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 239 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 240 } 241 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 242 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 243 } 244 245 // Nil Public Key <-> PEM 246 _, err = PublicKeyToPEM(nil, nil) 247 if err == nil { 248 t.Fatal("PublicKeyToPEM should fail on nil") 249 } 250 251 _, err = PEMtoPublicKey(nil, nil) 252 if err == nil { 253 t.Fatal("PEMtoPublicKey should fail on nil") 254 } 255 256 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, nil) 257 if err == nil { 258 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 259 } 260 261 // Public Key Encrypted PEM format 262 encPEM, err = PublicKeyToPEM(&key.PublicKey, []byte("passwd")) 263 if err != nil { 264 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 265 } 266 _, err = PEMtoPublicKey(encPEM, nil) 267 assert.Error(t, err) 268 pkFromEncPEM, err := PEMtoPublicKey(encPEM, []byte("passwd")) 269 if err != nil { 270 t.Fatalf("Failed converting DER to private key [%s]", err) 271 } 272 ecdsaPkFromEncPEM := pkFromEncPEM.(*ecdsa.PublicKey) 273 // TODO: check the curve 274 if key.X.Cmp(ecdsaPkFromEncPEM.X) != 0 { 275 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 276 } 277 if key.Y.Cmp(ecdsaPkFromEncPEM.Y) != 0 { 278 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 279 } 280 281 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 282 if err == nil { 283 t.Fatal("PEMtoPublicKey should fail on wrong password") 284 } 285 286 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 287 if err == nil { 288 t.Fatal("PEMtoPublicKey should fail on nil password") 289 } 290 291 _, err = PEMtoPublicKey(nil, []byte("passwd")) 292 if err == nil { 293 t.Fatal("PEMtoPublicKey should fail on nil PEM") 294 } 295 296 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, []byte("passwd")) 297 if err == nil { 298 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 299 } 300 301 _, err = PEMtoPublicKey(nil, []byte("passw")) 302 if err == nil { 303 t.Fatal("PEMtoPublicKey should fail on nil PEM and wrong password") 304 } 305 306 // Public Key DER format 307 der, err = PublicKeyToDER(&key.PublicKey) 308 assert.NoError(t, err) 309 keyFromDER, err = DERToPublicKey(der) 310 assert.NoError(t, err) 311 ecdsaPkFromPEM = keyFromDER.(*ecdsa.PublicKey) 312 // TODO: check the curve 313 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 314 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 315 } 316 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 317 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 318 } 319 } 320 321 func TestAESKey(t *testing.T) { 322 k := []byte{0, 1, 2, 3, 4, 5} 323 pem := AEStoPEM(k) 324 325 k2, err := PEMtoAES(pem, nil) 326 assert.NoError(t, err) 327 assert.Equal(t, k, k2) 328 329 pem, err = AEStoEncryptedPEM(k, k) 330 assert.NoError(t, err) 331 332 k2, err = PEMtoAES(pem, k) 333 assert.NoError(t, err) 334 assert.Equal(t, k, k2) 335 336 _, err = PEMtoAES(pem, nil) 337 assert.Error(t, err) 338 339 _, err = AEStoEncryptedPEM(k, nil) 340 assert.NoError(t, err) 341 342 k2, err = PEMtoAES(pem, k) 343 assert.NoError(t, err) 344 assert.Equal(t, k, k2) 345 } 346 347 func TestDERToPublicKey(t *testing.T) { 348 _, err := DERToPublicKey(nil) 349 assert.Error(t, err) 350 } 351 352 func TestNil(t *testing.T) { 353 _, err := PrivateKeyToEncryptedPEM(nil, nil) 354 assert.Error(t, err) 355 356 _, err = PrivateKeyToEncryptedPEM((*ecdsa.PrivateKey)(nil), nil) 357 assert.Error(t, err) 358 359 _, err = PrivateKeyToEncryptedPEM("Hello World", nil) 360 assert.Error(t, err) 361 362 _, err = PEMtoAES(nil, nil) 363 assert.Error(t, err) 364 365 _, err = AEStoEncryptedPEM(nil, nil) 366 assert.Error(t, err) 367 368 _, err = PublicKeyToPEM(nil, nil) 369 assert.Error(t, err) 370 _, err = PublicKeyToPEM((*ecdsa.PublicKey)(nil), nil) 371 assert.Error(t, err) 372 _, err = PublicKeyToPEM((*rsa.PublicKey)(nil), nil) 373 assert.Error(t, err) 374 _, err = PublicKeyToPEM(nil, []byte("hello world")) 375 assert.Error(t, err) 376 377 _, err = PublicKeyToPEM("hello world", nil) 378 assert.Error(t, err) 379 _, err = PublicKeyToPEM("hello world", []byte("hello world")) 380 assert.Error(t, err) 381 382 _, err = PublicKeyToDER(nil) 383 assert.Error(t, err) 384 _, err = PublicKeyToDER((*ecdsa.PublicKey)(nil)) 385 assert.Error(t, err) 386 _, err = PublicKeyToDER((*rsa.PublicKey)(nil)) 387 assert.Error(t, err) 388 _, err = PublicKeyToDER("hello world") 389 assert.Error(t, err) 390 391 _, err = PublicKeyToEncryptedPEM(nil, nil) 392 assert.Error(t, err) 393 _, err = PublicKeyToEncryptedPEM((*ecdsa.PublicKey)(nil), nil) 394 assert.Error(t, err) 395 _, err = PublicKeyToEncryptedPEM("hello world", nil) 396 assert.Error(t, err) 397 _, err = PublicKeyToEncryptedPEM("hello world", []byte("Hello world")) 398 assert.Error(t, err) 399 400 } 401 402 func TestPrivateKeyToPEM(t *testing.T) { 403 _, err := PrivateKeyToPEM(nil, nil) 404 assert.Error(t, err) 405 406 _, err = PrivateKeyToPEM("hello world", nil) 407 assert.Error(t, err) 408 409 key, err := rsa.GenerateKey(rand.Reader, 1024) 410 assert.NoError(t, err) 411 pem, err := PrivateKeyToPEM(key, nil) 412 assert.NoError(t, err) 413 assert.NotNil(t, pem) 414 key2, err := PEMtoPrivateKey(pem, nil) 415 assert.NoError(t, err) 416 assert.NotNil(t, key2) 417 assert.Equal(t, key.D, key2.(*rsa.PrivateKey).D) 418 419 pem, err = PublicKeyToPEM(&key.PublicKey, nil) 420 assert.NoError(t, err) 421 assert.NotNil(t, pem) 422 key3, err := PEMtoPublicKey(pem, nil) 423 assert.NoError(t, err) 424 assert.NotNil(t, key2) 425 assert.Equal(t, key.PublicKey.E, key3.(*rsa.PublicKey).E) 426 assert.Equal(t, key.PublicKey.N, key3.(*rsa.PublicKey).N) 427 }