github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/bccsp/utils/keys_test.go (about) 1 package utils 2 3 import ( 4 "crypto/ecdsa" 5 "crypto/elliptic" 6 "crypto/rand" 7 "crypto/rsa" 8 "crypto/x509" 9 "encoding/asn1" 10 "encoding/pem" 11 "testing" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestOidFromNamedCurve(t *testing.T) { 17 18 var ( 19 oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33} 20 oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} 21 oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} 22 oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} 23 ) 24 25 type result struct { 26 oid asn1.ObjectIdentifier 27 ok bool 28 } 29 30 var tests = []struct { 31 name string 32 curve elliptic.Curve 33 expected result 34 }{ 35 { 36 name: "P224", 37 curve: elliptic.P224(), 38 expected: result{ 39 oid: oidNamedCurveP224, 40 ok: true, 41 }, 42 }, 43 { 44 name: "P256", 45 curve: elliptic.P256(), 46 expected: result{ 47 oid: oidNamedCurveP256, 48 ok: true, 49 }, 50 }, 51 { 52 name: "P384", 53 curve: elliptic.P384(), 54 expected: result{ 55 oid: oidNamedCurveP384, 56 ok: true, 57 }, 58 }, 59 { 60 name: "P521", 61 curve: elliptic.P521(), 62 expected: result{ 63 oid: oidNamedCurveP521, 64 ok: true, 65 }, 66 }, 67 { 68 name: "T-1000", 69 curve: &elliptic.CurveParams{Name: "T-1000"}, 70 expected: result{ 71 oid: nil, 72 ok: false, 73 }, 74 }, 75 } 76 77 for _, test := range tests { 78 t.Run(test.name, func(t *testing.T) { 79 oid, ok := oidFromNamedCurve(test.curve) 80 assert.Equal(t, oid, test.expected.oid) 81 assert.Equal(t, ok, test.expected.ok) 82 }) 83 } 84 85 } 86 87 func TestECDSAKeys(t *testing.T) { 88 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 89 if err != nil { 90 t.Fatalf("Failed generating ECDSA key [%s]", err) 91 } 92 93 // Private Key DER format 94 der, err := PrivateKeyToDER(key) 95 if err != nil { 96 t.Fatalf("Failed converting private key to DER [%s]", err) 97 } 98 keyFromDER, err := DERToPrivateKey(der) 99 if err != nil { 100 t.Fatalf("Failed converting DER to private key [%s]", err) 101 } 102 ecdsaKeyFromDer := keyFromDER.(*ecdsa.PrivateKey) 103 // TODO: check the curve 104 if key.D.Cmp(ecdsaKeyFromDer.D) != 0 { 105 t.Fatal("Failed converting DER to private key. Invalid D.") 106 } 107 if key.X.Cmp(ecdsaKeyFromDer.X) != 0 { 108 t.Fatal("Failed converting DER to private key. Invalid X coordinate.") 109 } 110 if key.Y.Cmp(ecdsaKeyFromDer.Y) != 0 { 111 t.Fatal("Failed converting DER to private key. Invalid Y coordinate.") 112 } 113 114 // Private Key PEM format 115 rawPEM, err := PrivateKeyToPEM(key, nil) 116 if err != nil { 117 t.Fatalf("Failed converting private key to PEM [%s]", err) 118 } 119 pemBlock, _ := pem.Decode(rawPEM) 120 if pemBlock.Type != "PRIVATE KEY" { 121 t.Fatalf("Expected type 'PRIVATE KEY' but found '%s'", pemBlock.Type) 122 } 123 _, err = x509.ParsePKCS8PrivateKey(pemBlock.Bytes) 124 if err != nil { 125 t.Fatalf("Failed to parse PKCS#8 private key [%s]", err) 126 } 127 keyFromPEM, err := PEMtoPrivateKey(rawPEM, nil) 128 if err != nil { 129 t.Fatalf("Failed converting DER to private key [%s]", err) 130 } 131 ecdsaKeyFromPEM := keyFromPEM.(*ecdsa.PrivateKey) 132 // TODO: check the curve 133 if key.D.Cmp(ecdsaKeyFromPEM.D) != 0 { 134 t.Fatal("Failed converting PEM to private key. Invalid D.") 135 } 136 if key.X.Cmp(ecdsaKeyFromPEM.X) != 0 { 137 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 138 } 139 if key.Y.Cmp(ecdsaKeyFromPEM.Y) != 0 { 140 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 141 } 142 143 // Nil Private Key <-> PEM 144 _, err = PrivateKeyToPEM(nil, nil) 145 if err == nil { 146 t.Fatal("PublicKeyToPEM should fail on nil") 147 } 148 149 _, err = PEMtoPrivateKey(nil, nil) 150 if err == nil { 151 t.Fatal("PEMtoPublicKey should fail on nil") 152 } 153 154 _, err = PEMtoPrivateKey([]byte{0, 1, 3, 4}, nil) 155 if err == nil { 156 t.Fatal("PEMtoPublicKey should fail invalid PEM") 157 } 158 159 _, err = DERToPrivateKey(nil) 160 if err == nil { 161 t.Fatal("DERToPrivateKey should fail on nil") 162 } 163 164 _, err = DERToPrivateKey([]byte{0, 1, 3, 4}) 165 if err == nil { 166 t.Fatal("DERToPrivateKey should fail on invalid DER") 167 } 168 169 _, err = PrivateKeyToDER(nil) 170 if err == nil { 171 t.Fatal("DERToPrivateKey should fail on nil") 172 } 173 174 // Private Key Encrypted PEM format 175 encPEM, err := PrivateKeyToPEM(key, []byte("passwd")) 176 if err != nil { 177 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 178 } 179 encKeyFromPEM, err := PEMtoPrivateKey(encPEM, []byte("passwd")) 180 if err != nil { 181 t.Fatalf("Failed converting DER to private key [%s]", err) 182 } 183 ecdsaKeyFromEncPEM := encKeyFromPEM.(*ecdsa.PrivateKey) 184 // TODO: check the curve 185 if key.D.Cmp(ecdsaKeyFromEncPEM.D) != 0 { 186 t.Fatal("Failed converting encrypted PEM to private key. Invalid D.") 187 } 188 if key.X.Cmp(ecdsaKeyFromEncPEM.X) != 0 { 189 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 190 } 191 if key.Y.Cmp(ecdsaKeyFromEncPEM.Y) != 0 { 192 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 193 } 194 195 // Public Key PEM format 196 rawPEM, err = PublicKeyToPEM(&key.PublicKey, nil) 197 if err != nil { 198 t.Fatalf("Failed converting public key to PEM [%s]", err) 199 } 200 pemBlock, _ = pem.Decode(rawPEM) 201 if pemBlock.Type != "PUBLIC KEY" { 202 t.Fatalf("Expected type 'PUBLIC KEY' but found '%s'", pemBlock.Type) 203 } 204 keyFromPEM, err = PEMtoPublicKey(rawPEM, nil) 205 if err != nil { 206 t.Fatalf("Failed converting DER to public key [%s]", err) 207 } 208 ecdsaPkFromPEM := keyFromPEM.(*ecdsa.PublicKey) 209 // TODO: check the curve 210 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 211 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 212 } 213 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 214 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 215 } 216 217 // Nil Public Key <-> PEM 218 _, err = PublicKeyToPEM(nil, nil) 219 if err == nil { 220 t.Fatal("PublicKeyToPEM should fail on nil") 221 } 222 223 _, err = PEMtoPublicKey(nil, nil) 224 if err == nil { 225 t.Fatal("PEMtoPublicKey should fail on nil") 226 } 227 228 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, nil) 229 if err == nil { 230 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 231 } 232 233 // Public Key Encrypted PEM format 234 encPEM, err = PublicKeyToPEM(&key.PublicKey, []byte("passwd")) 235 if err != nil { 236 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 237 } 238 pkFromEncPEM, err := PEMtoPublicKey(encPEM, []byte("passwd")) 239 if err != nil { 240 t.Fatalf("Failed converting DER to private key [%s]", err) 241 } 242 ecdsaPkFromEncPEM := pkFromEncPEM.(*ecdsa.PublicKey) 243 // TODO: check the curve 244 if key.X.Cmp(ecdsaPkFromEncPEM.X) != 0 { 245 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 246 } 247 if key.Y.Cmp(ecdsaPkFromEncPEM.Y) != 0 { 248 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 249 } 250 251 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 252 if err == nil { 253 t.Fatal("PEMtoPublicKey should fail on wrong password") 254 } 255 256 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 257 if err == nil { 258 t.Fatal("PEMtoPublicKey should fail on nil password") 259 } 260 261 _, err = PEMtoPublicKey(nil, []byte("passwd")) 262 if err == nil { 263 t.Fatal("PEMtoPublicKey should fail on nil PEM") 264 } 265 266 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, []byte("passwd")) 267 if err == nil { 268 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 269 } 270 271 _, err = PEMtoPublicKey(nil, []byte("passw")) 272 if err == nil { 273 t.Fatal("PEMtoPublicKey should fail on nil PEM and wrong password") 274 } 275 276 // Public Key DER format 277 der, err = PublicKeyToDER(&key.PublicKey) 278 assert.NoError(t, err) 279 keyFromDER, err = DERToPublicKey(der) 280 assert.NoError(t, err) 281 ecdsaPkFromPEM = keyFromDER.(*ecdsa.PublicKey) 282 // TODO: check the curve 283 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 284 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 285 } 286 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 287 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 288 } 289 } 290 291 func TestAESKey(t *testing.T) { 292 k := []byte{0, 1, 2, 3, 4, 5} 293 pem := AEStoPEM(k) 294 295 k2, err := PEMtoAES(pem, nil) 296 assert.NoError(t, err) 297 assert.Equal(t, k, k2) 298 299 pem, err = AEStoEncryptedPEM(k, k) 300 assert.NoError(t, err) 301 302 k2, err = PEMtoAES(pem, k) 303 assert.NoError(t, err) 304 assert.Equal(t, k, k2) 305 } 306 307 func TestDERToPublicKey(t *testing.T) { 308 _, err := DERToPublicKey(nil) 309 assert.Error(t, err) 310 } 311 312 func TestNil(t *testing.T) { 313 _, err := PrivateKeyToEncryptedPEM(nil, nil) 314 assert.Error(t, err) 315 316 _, err = PEMtoAES(nil, nil) 317 assert.Error(t, err) 318 319 _, err = AEStoEncryptedPEM(nil, nil) 320 assert.Error(t, err) 321 322 _, err = PublicKeyToPEM(nil, nil) 323 assert.Error(t, err) 324 _, err = PublicKeyToPEM(nil, []byte("hello world")) 325 assert.Error(t, err) 326 327 _, err = PublicKeyToPEM("hello world", nil) 328 assert.Error(t, err) 329 _, err = PublicKeyToPEM("hello world", []byte("hello world")) 330 assert.Error(t, err) 331 332 _, err = PublicKeyToDER(nil) 333 assert.Error(t, err) 334 _, err = PublicKeyToDER("hello world") 335 assert.Error(t, err) 336 337 _, err = PublicKeyToEncryptedPEM(nil, nil) 338 assert.Error(t, err) 339 _, err = PublicKeyToEncryptedPEM("hello world", nil) 340 assert.Error(t, err) 341 _, err = PublicKeyToEncryptedPEM("hello world", []byte("Hello world")) 342 assert.Error(t, err) 343 344 } 345 346 func TestPrivateKeyToPEM(t *testing.T) { 347 _, err := PrivateKeyToPEM(nil, nil) 348 assert.Error(t, err) 349 350 _, err = PrivateKeyToPEM("hello world", nil) 351 assert.Error(t, err) 352 353 key, err := rsa.GenerateKey(rand.Reader, 1024) 354 assert.NoError(t, err) 355 pem, err := PrivateKeyToPEM(key, nil) 356 assert.NoError(t, err) 357 assert.NotNil(t, pem) 358 key2, err := PEMtoPrivateKey(pem, nil) 359 assert.NoError(t, err) 360 assert.NotNil(t, key2) 361 assert.Equal(t, key.D, key2.(*rsa.PrivateKey).D) 362 363 pem, err = PublicKeyToPEM(&key.PublicKey, nil) 364 assert.NoError(t, err) 365 assert.NotNil(t, pem) 366 key3, err := PEMtoPublicKey(pem, nil) 367 assert.NoError(t, err) 368 assert.NotNil(t, key2) 369 assert.Equal(t, key.PublicKey.E, key3.(*rsa.PublicKey).E) 370 assert.Equal(t, key.PublicKey.N, key3.(*rsa.PublicKey).N) 371 }