github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/keys/der/der_test.go (about) 1 // Copyright 2017 Google Inc. All Rights Reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package der_test 16 17 import ( 18 "bytes" 19 "encoding/base64" 20 "testing" 21 22 . "github.com/google/trillian/crypto/keys/der" 23 "github.com/google/trillian/crypto/keys/testonly" 24 "github.com/google/trillian/crypto/keyspb" 25 ) 26 27 const ( 28 // ECDSA private key in DER format, base64-encoded. 29 privKeyBase64 = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgS81mfpvtTmaINn+gtrYXn4XpxxgE655GLSKsA3hhjHmhRANCAASwBWDdgHS04V/cN0LZgc8vZaK4I1HWLLCoaOO27Z0B1aS1aqBE7g1Oo8ldSCBJAvee866kcHhZkVniPdCG2ZZG" 30 // ECDSA public key in DER format, base64-encoded. 31 pubKeyBase64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsAVg3YB0tOFf3DdC2YHPL2WiuCNR1iywqGjjtu2dAdWktWqgRO4NTqPJXUggSQL3nvOupHB4WZFZ4j3QhtmWRg==" 32 ) 33 34 func TestFromProto(t *testing.T) { 35 keyDER, err := base64.StdEncoding.DecodeString(privKeyBase64) 36 if err != nil { 37 t.Fatalf("Could not decode test key: %v", err) 38 } 39 40 for _, test := range []struct { 41 desc string 42 keyProto *keyspb.PrivateKey 43 wantErr bool 44 }{ 45 { 46 desc: "PrivateKey", 47 keyProto: &keyspb.PrivateKey{ 48 Der: keyDER, 49 }, 50 }, 51 { 52 desc: "PrivateKey with invalid DER", 53 keyProto: &keyspb.PrivateKey{ 54 Der: []byte("foobar"), 55 }, 56 wantErr: true, 57 }, 58 { 59 desc: "PrivateKey with missing DER", 60 keyProto: &keyspb.PrivateKey{}, 61 wantErr: true, 62 }, 63 } { 64 signer, err := FromProto(test.keyProto) 65 if gotErr := err != nil; gotErr != test.wantErr { 66 t.Errorf("%v: FromProto(%#v) = (_, %q), want (_, nil)", test.desc, test.keyProto, err) 67 continue 68 } else if gotErr { 69 continue 70 } 71 72 // Check that the returned signer can produce signatures successfully. 73 if err := testonly.SignAndVerify(signer, signer.Public()); err != nil { 74 t.Errorf("%v: SignAndVerify() = %q, want nil", test.desc, err) 75 } 76 } 77 } 78 79 func TestNewProtoFromSpec(t *testing.T) { 80 for _, test := range []struct { 81 desc string 82 keySpec *keyspb.Specification 83 wantErr bool 84 }{ 85 { 86 desc: "ECDSA", 87 keySpec: &keyspb.Specification{ 88 Params: &keyspb.Specification_EcdsaParams{}, 89 }, 90 }, 91 { 92 desc: "RSA", 93 keySpec: &keyspb.Specification{ 94 Params: &keyspb.Specification_RsaParams{}, 95 }, 96 }, 97 { 98 desc: "No params", 99 keySpec: &keyspb.Specification{}, 100 wantErr: true, 101 }, 102 { 103 desc: "Nil KeySpec", 104 wantErr: true, 105 }, 106 } { 107 pb, err := NewProtoFromSpec(test.keySpec) 108 if gotErr := err != nil; gotErr != test.wantErr { 109 t.Errorf("%v: NewProtoFromSpec() = (_, %q), want err? %v", test.desc, err, test.wantErr) 110 continue 111 } else if gotErr { 112 continue 113 } 114 115 // Get the key out of the proto, check that it matches the spec and test that it works. 116 key, err := FromProto(pb) 117 if err != nil { 118 t.Errorf("%v: FromProto(%#v) = (_, %q), want (_, nil)", test.desc, pb, err) 119 } 120 121 if err := testonly.CheckKeyMatchesSpec(key, test.keySpec); err != nil { 122 t.Errorf("%v: CheckKeyMatchesSpec() => %v", test.desc, err) 123 } 124 125 if err := testonly.SignAndVerify(key, key.Public()); err != nil { 126 t.Errorf("%v: SignAndVerify() = %q, want nil", test.desc, err) 127 } 128 } 129 } 130 131 func TestMarshalUnmarshalPublicKey(t *testing.T) { 132 keyDER, err := base64.StdEncoding.DecodeString(pubKeyBase64) 133 if err != nil { 134 t.Fatalf("Could not decode test key: %v", err) 135 } 136 137 key, err := UnmarshalPublicKey(keyDER) 138 if err != nil { 139 t.Fatalf("UnmarshalPublicKey(%v): %v", keyDER, err) 140 } 141 142 keyDER2, err := MarshalPublicKey(key) 143 if err != nil { 144 t.Fatalf("MarshalPublicKey(%v): %v", key, err) 145 } 146 147 if got, want := keyDER2, keyDER; !bytes.Equal(got, want) { 148 t.Errorf("MarshalPublicKey(): %x, want %x", got, want) 149 } 150 } 151 152 func TestFromToPublicProto(t *testing.T) { 153 keyDER, err := base64.StdEncoding.DecodeString(pubKeyBase64) 154 if err != nil { 155 t.Fatalf("Could not decode test key: %v", err) 156 } 157 158 key, err := UnmarshalPublicKey(keyDER) 159 if err != nil { 160 t.Fatalf("UnmarshalPublicKey(%v): %v", keyDER, err) 161 } 162 163 keyProto, err := ToPublicProto(key) 164 if err != nil { 165 t.Fatalf("ToPublicProto(%v): %v", key, err) 166 } 167 168 key2, err := FromPublicProto(keyProto) 169 if err != nil { 170 t.Fatalf("FromPublicProto(%v): %v", keyProto, err) 171 } 172 173 keyDER2, err := MarshalPublicKey(key2) 174 if err != nil { 175 t.Fatalf("MarshalPublicKey(%v): %v", key2, err) 176 } 177 178 if got, want := keyDER2, keyDER; !bytes.Equal(got, want) { 179 t.Errorf("MarshalPublicKey(): %x, want %x", got, want) 180 } 181 }