github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/bccsp/utils/keys_test.go (about)

     1  package utils
     2  
     3  import (
     4  	"crypto/ecdsa"
     5  	"crypto/elliptic"
     6  	"crypto/rand"
     7  	"crypto/rsa"
     8  	"crypto/x509"
     9  	"encoding/asn1"
    10  	"encoding/pem"
    11  	"testing"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestOidFromNamedCurve(t *testing.T) {
    17  
    18  	var (
    19  		oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33}
    20  		oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
    21  		oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
    22  		oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
    23  	)
    24  
    25  	type result struct {
    26  		oid asn1.ObjectIdentifier
    27  		ok  bool
    28  	}
    29  
    30  	var tests = []struct {
    31  		name     string
    32  		curve    elliptic.Curve
    33  		expected result
    34  	}{
    35  		{
    36  			name:  "P224",
    37  			curve: elliptic.P224(),
    38  			expected: result{
    39  				oid: oidNamedCurveP224,
    40  				ok:  true,
    41  			},
    42  		},
    43  		{
    44  			name:  "P256",
    45  			curve: elliptic.P256(),
    46  			expected: result{
    47  				oid: oidNamedCurveP256,
    48  				ok:  true,
    49  			},
    50  		},
    51  		{
    52  			name:  "P384",
    53  			curve: elliptic.P384(),
    54  			expected: result{
    55  				oid: oidNamedCurveP384,
    56  				ok:  true,
    57  			},
    58  		},
    59  		{
    60  			name:  "P521",
    61  			curve: elliptic.P521(),
    62  			expected: result{
    63  				oid: oidNamedCurveP521,
    64  				ok:  true,
    65  			},
    66  		},
    67  		{
    68  			name:  "T-1000",
    69  			curve: &elliptic.CurveParams{Name: "T-1000"},
    70  			expected: result{
    71  				oid: nil,
    72  				ok:  false,
    73  			},
    74  		},
    75  	}
    76  
    77  	for _, test := range tests {
    78  		t.Run(test.name, func(t *testing.T) {
    79  			oid, ok := oidFromNamedCurve(test.curve)
    80  			assert.Equal(t, oid, test.expected.oid)
    81  			assert.Equal(t, ok, test.expected.ok)
    82  		})
    83  	}
    84  
    85  }
    86  
    87  func TestECDSAKeys(t *testing.T) {
    88  	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    89  	if err != nil {
    90  		t.Fatalf("Failed generating ECDSA key [%s]", err)
    91  	}
    92  
    93  	// Private Key DER format
    94  	der, err := PrivateKeyToDER(key)
    95  	if err != nil {
    96  		t.Fatalf("Failed converting private key to DER [%s]", err)
    97  	}
    98  	keyFromDER, err := DERToPrivateKey(der)
    99  	if err != nil {
   100  		t.Fatalf("Failed converting DER to private key [%s]", err)
   101  	}
   102  	ecdsaKeyFromDer := keyFromDER.(*ecdsa.PrivateKey)
   103  	// TODO: check the curve
   104  	if key.D.Cmp(ecdsaKeyFromDer.D) != 0 {
   105  		t.Fatal("Failed converting DER to private key. Invalid D.")
   106  	}
   107  	if key.X.Cmp(ecdsaKeyFromDer.X) != 0 {
   108  		t.Fatal("Failed converting DER to private key. Invalid X coordinate.")
   109  	}
   110  	if key.Y.Cmp(ecdsaKeyFromDer.Y) != 0 {
   111  		t.Fatal("Failed converting DER to private key. Invalid Y coordinate.")
   112  	}
   113  
   114  	// Private Key PEM format
   115  	rawPEM, err := PrivateKeyToPEM(key, nil)
   116  	if err != nil {
   117  		t.Fatalf("Failed converting private key to PEM [%s]", err)
   118  	}
   119  	pemBlock, _ := pem.Decode(rawPEM)
   120  	if pemBlock.Type != "PRIVATE KEY" {
   121  		t.Fatalf("Expected type 'PRIVATE KEY' but found '%s'", pemBlock.Type)
   122  	}
   123  	_, err = x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
   124  	if err != nil {
   125  		t.Fatalf("Failed to parse PKCS#8 private key [%s]", err)
   126  	}
   127  	keyFromPEM, err := PEMtoPrivateKey(rawPEM, nil)
   128  	if err != nil {
   129  		t.Fatalf("Failed converting DER to private key [%s]", err)
   130  	}
   131  	ecdsaKeyFromPEM := keyFromPEM.(*ecdsa.PrivateKey)
   132  	// TODO: check the curve
   133  	if key.D.Cmp(ecdsaKeyFromPEM.D) != 0 {
   134  		t.Fatal("Failed converting PEM to private key. Invalid D.")
   135  	}
   136  	if key.X.Cmp(ecdsaKeyFromPEM.X) != 0 {
   137  		t.Fatal("Failed converting PEM to private key. Invalid X coordinate.")
   138  	}
   139  	if key.Y.Cmp(ecdsaKeyFromPEM.Y) != 0 {
   140  		t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.")
   141  	}
   142  
   143  	// Nil Private Key <-> PEM
   144  	_, err = PrivateKeyToPEM(nil, nil)
   145  	if err == nil {
   146  		t.Fatal("PublicKeyToPEM should fail on nil")
   147  	}
   148  
   149  	_, err = PEMtoPrivateKey(nil, nil)
   150  	if err == nil {
   151  		t.Fatal("PEMtoPublicKey should fail on nil")
   152  	}
   153  
   154  	_, err = PEMtoPrivateKey([]byte{0, 1, 3, 4}, nil)
   155  	if err == nil {
   156  		t.Fatal("PEMtoPublicKey should fail invalid PEM")
   157  	}
   158  
   159  	_, err = DERToPrivateKey(nil)
   160  	if err == nil {
   161  		t.Fatal("DERToPrivateKey should fail on nil")
   162  	}
   163  
   164  	_, err = DERToPrivateKey([]byte{0, 1, 3, 4})
   165  	if err == nil {
   166  		t.Fatal("DERToPrivateKey should fail on invalid DER")
   167  	}
   168  
   169  	_, err = PrivateKeyToDER(nil)
   170  	if err == nil {
   171  		t.Fatal("DERToPrivateKey should fail on nil")
   172  	}
   173  
   174  	// Private Key Encrypted PEM format
   175  	encPEM, err := PrivateKeyToPEM(key, []byte("passwd"))
   176  	if err != nil {
   177  		t.Fatalf("Failed converting private key to encrypted PEM [%s]", err)
   178  	}
   179  	encKeyFromPEM, err := PEMtoPrivateKey(encPEM, []byte("passwd"))
   180  	if err != nil {
   181  		t.Fatalf("Failed converting DER to private key [%s]", err)
   182  	}
   183  	ecdsaKeyFromEncPEM := encKeyFromPEM.(*ecdsa.PrivateKey)
   184  	// TODO: check the curve
   185  	if key.D.Cmp(ecdsaKeyFromEncPEM.D) != 0 {
   186  		t.Fatal("Failed converting encrypted PEM to private key. Invalid D.")
   187  	}
   188  	if key.X.Cmp(ecdsaKeyFromEncPEM.X) != 0 {
   189  		t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.")
   190  	}
   191  	if key.Y.Cmp(ecdsaKeyFromEncPEM.Y) != 0 {
   192  		t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.")
   193  	}
   194  
   195  	// Public Key PEM format
   196  	rawPEM, err = PublicKeyToPEM(&key.PublicKey, nil)
   197  	if err != nil {
   198  		t.Fatalf("Failed converting public key to PEM [%s]", err)
   199  	}
   200  	pemBlock, _ = pem.Decode(rawPEM)
   201  	if pemBlock.Type != "PUBLIC KEY" {
   202  		t.Fatalf("Expected type 'PUBLIC KEY' but found '%s'", pemBlock.Type)
   203  	}
   204  	keyFromPEM, err = PEMtoPublicKey(rawPEM, nil)
   205  	if err != nil {
   206  		t.Fatalf("Failed converting DER to public key [%s]", err)
   207  	}
   208  	ecdsaPkFromPEM := keyFromPEM.(*ecdsa.PublicKey)
   209  	// TODO: check the curve
   210  	if key.X.Cmp(ecdsaPkFromPEM.X) != 0 {
   211  		t.Fatal("Failed converting PEM to private key. Invalid X coordinate.")
   212  	}
   213  	if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 {
   214  		t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.")
   215  	}
   216  
   217  	// Nil Public Key <-> PEM
   218  	_, err = PublicKeyToPEM(nil, nil)
   219  	if err == nil {
   220  		t.Fatal("PublicKeyToPEM should fail on nil")
   221  	}
   222  
   223  	_, err = PEMtoPublicKey(nil, nil)
   224  	if err == nil {
   225  		t.Fatal("PEMtoPublicKey should fail on nil")
   226  	}
   227  
   228  	_, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, nil)
   229  	if err == nil {
   230  		t.Fatal("PEMtoPublicKey should fail on invalid PEM")
   231  	}
   232  
   233  	// Public Key Encrypted PEM format
   234  	encPEM, err = PublicKeyToPEM(&key.PublicKey, []byte("passwd"))
   235  	if err != nil {
   236  		t.Fatalf("Failed converting private key to encrypted PEM [%s]", err)
   237  	}
   238  	pkFromEncPEM, err := PEMtoPublicKey(encPEM, []byte("passwd"))
   239  	if err != nil {
   240  		t.Fatalf("Failed converting DER to private key [%s]", err)
   241  	}
   242  	ecdsaPkFromEncPEM := pkFromEncPEM.(*ecdsa.PublicKey)
   243  	// TODO: check the curve
   244  	if key.X.Cmp(ecdsaPkFromEncPEM.X) != 0 {
   245  		t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.")
   246  	}
   247  	if key.Y.Cmp(ecdsaPkFromEncPEM.Y) != 0 {
   248  		t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.")
   249  	}
   250  
   251  	_, err = PEMtoPublicKey(encPEM, []byte("passw"))
   252  	if err == nil {
   253  		t.Fatal("PEMtoPublicKey should fail on wrong password")
   254  	}
   255  
   256  	_, err = PEMtoPublicKey(encPEM, []byte("passw"))
   257  	if err == nil {
   258  		t.Fatal("PEMtoPublicKey should fail on nil password")
   259  	}
   260  
   261  	_, err = PEMtoPublicKey(nil, []byte("passwd"))
   262  	if err == nil {
   263  		t.Fatal("PEMtoPublicKey should fail on nil PEM")
   264  	}
   265  
   266  	_, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, []byte("passwd"))
   267  	if err == nil {
   268  		t.Fatal("PEMtoPublicKey should fail on invalid PEM")
   269  	}
   270  
   271  	_, err = PEMtoPublicKey(nil, []byte("passw"))
   272  	if err == nil {
   273  		t.Fatal("PEMtoPublicKey should fail on nil PEM and wrong password")
   274  	}
   275  
   276  	// Public Key DER format
   277  	der, err = PublicKeyToDER(&key.PublicKey)
   278  	assert.NoError(t, err)
   279  	keyFromDER, err = DERToPublicKey(der)
   280  	assert.NoError(t, err)
   281  	ecdsaPkFromPEM = keyFromDER.(*ecdsa.PublicKey)
   282  	// TODO: check the curve
   283  	if key.X.Cmp(ecdsaPkFromPEM.X) != 0 {
   284  		t.Fatal("Failed converting PEM to private key. Invalid X coordinate.")
   285  	}
   286  	if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 {
   287  		t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.")
   288  	}
   289  }
   290  
   291  func TestAESKey(t *testing.T) {
   292  	k := []byte{0, 1, 2, 3, 4, 5}
   293  	pem := AEStoPEM(k)
   294  
   295  	k2, err := PEMtoAES(pem, nil)
   296  	assert.NoError(t, err)
   297  	assert.Equal(t, k, k2)
   298  
   299  	pem, err = AEStoEncryptedPEM(k, k)
   300  	assert.NoError(t, err)
   301  
   302  	k2, err = PEMtoAES(pem, k)
   303  	assert.NoError(t, err)
   304  	assert.Equal(t, k, k2)
   305  }
   306  
   307  func TestDERToPublicKey(t *testing.T) {
   308  	_, err := DERToPublicKey(nil)
   309  	assert.Error(t, err)
   310  }
   311  
   312  func TestNil(t *testing.T) {
   313  	_, err := PrivateKeyToEncryptedPEM(nil, nil)
   314  	assert.Error(t, err)
   315  
   316  	_, err = PEMtoAES(nil, nil)
   317  	assert.Error(t, err)
   318  
   319  	_, err = AEStoEncryptedPEM(nil, nil)
   320  	assert.Error(t, err)
   321  
   322  	_, err = PublicKeyToPEM(nil, nil)
   323  	assert.Error(t, err)
   324  	_, err = PublicKeyToPEM(nil, []byte("hello world"))
   325  	assert.Error(t, err)
   326  
   327  	_, err = PublicKeyToPEM("hello world", nil)
   328  	assert.Error(t, err)
   329  	_, err = PublicKeyToPEM("hello world", []byte("hello world"))
   330  	assert.Error(t, err)
   331  
   332  	_, err = PublicKeyToDER(nil)
   333  	assert.Error(t, err)
   334  	_, err = PublicKeyToDER("hello world")
   335  	assert.Error(t, err)
   336  
   337  	_, err = PublicKeyToEncryptedPEM(nil, nil)
   338  	assert.Error(t, err)
   339  	_, err = PublicKeyToEncryptedPEM("hello world", nil)
   340  	assert.Error(t, err)
   341  	_, err = PublicKeyToEncryptedPEM("hello world", []byte("Hello world"))
   342  	assert.Error(t, err)
   343  
   344  }
   345  
   346  func TestPrivateKeyToPEM(t *testing.T) {
   347  	_, err := PrivateKeyToPEM(nil, nil)
   348  	assert.Error(t, err)
   349  
   350  	_, err = PrivateKeyToPEM("hello world", nil)
   351  	assert.Error(t, err)
   352  
   353  	key, err := rsa.GenerateKey(rand.Reader, 1024)
   354  	assert.NoError(t, err)
   355  	pem, err := PrivateKeyToPEM(key, nil)
   356  	assert.NoError(t, err)
   357  	assert.NotNil(t, pem)
   358  	key2, err := PEMtoPrivateKey(pem, nil)
   359  	assert.NoError(t, err)
   360  	assert.NotNil(t, key2)
   361  	assert.Equal(t, key.D, key2.(*rsa.PrivateKey).D)
   362  
   363  	pem, err = PublicKeyToPEM(&key.PublicKey, nil)
   364  	assert.NoError(t, err)
   365  	assert.NotNil(t, pem)
   366  	key3, err := PEMtoPublicKey(pem, nil)
   367  	assert.NoError(t, err)
   368  	assert.NotNil(t, key2)
   369  	assert.Equal(t, key.PublicKey.E, key3.(*rsa.PublicKey).E)
   370  	assert.Equal(t, key.PublicKey.N, key3.(*rsa.PublicKey).N)
   371  }