github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/signer_test.go

github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/signer_test.go (about)

     1  // Copyright 2016 Google Inc. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package crypto
    16  
    17  import (
    18  	"crypto"
    19  	"errors"
    20  	"testing"
    21  
    22  	"github.com/golang/mock/gomock"
    23  	"github.com/google/trillian/crypto/keys/pem"
    24  	"github.com/google/trillian/testonly"
    25  	"github.com/google/trillian/types"
    26  )
    27  
    28  const message string = "testing"
    29  
    30  func TestSign(t *testing.T) {
    31  	key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass)
    32  	if err != nil {
    33  		t.Fatalf("Failed to open test key, err=%v", err)
    34  	}
    35  	signer := NewSigner(0, key, crypto.SHA256)
    36  
    37  	for _, test := range []struct {
    38  		message []byte
    39  	}{
    40  		{message: []byte("message")},
    41  	} {
    42  		sig, err := signer.Sign(test.message)
    43  		if err != nil {
    44  			t.Errorf("Failed to sign message: %v", err)
    45  			continue
    46  		}
    47  		if got := len(sig); got == 0 {
    48  			t.Errorf("len(sig): %v, want > 0", got)
    49  		}
    50  		// Check that the signature is correct
    51  		if err := Verify(key.Public(), crypto.SHA256, test.message, sig); err != nil {
    52  			t.Errorf("Verify(%v) failed: %v", test.message, err)
    53  		}
    54  	}
    55  }
    56  
    57  func TestSign_SignerFails(t *testing.T) {
    58  	ctrl := gomock.NewController(t)
    59  	defer ctrl.Finish()
    60  
    61  	key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass)
    62  	if err != nil {
    63  		t.Fatalf("Failed to load private key: %v", err)
    64  	}
    65  
    66  	_, err = NewSigner(0, testonly.NewSignerWithErr(key, errors.New("sign")), crypto.SHA256).Sign([]byte(message))
    67  	if err == nil {
    68  		t.Fatalf("Ignored a signing error: %v", err)
    69  	}
    70  
    71  	testonly.EnsureErrorContains(t, err, "sign")
    72  }
    73  
    74  func TestSignWithSignedLogRoot_SignerFails(t *testing.T) {
    75  	ctrl := gomock.NewController(t)
    76  	defer ctrl.Finish()
    77  
    78  	key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass)
    79  	if err != nil {
    80  		t.Fatalf("Failed to load public key: %v", err)
    81  	}
    82  
    83  	s := testonly.NewSignerWithErr(key, errors.New("signfail"))
    84  	root := &types.LogRootV1{TimestampNanos: 2267709, RootHash: []byte("Islington"), TreeSize: 2}
    85  	_, err = NewSigner(0, s, crypto.SHA256).SignLogRoot(root)
    86  	testonly.EnsureErrorContains(t, err, "signfail")
    87  }
    88  
    89  func TestSignLogRoot(t *testing.T) {
    90  	key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass)
    91  	if err != nil {
    92  		t.Fatalf("Failed to open test key, err=%v", err)
    93  	}
    94  	signer := NewSigner(0, key, crypto.SHA256)
    95  
    96  	for _, test := range []struct {
    97  		root *types.LogRootV1
    98  	}{
    99  		{root: &types.LogRootV1{TimestampNanos: 2267709, RootHash: []byte("Islington"), TreeSize: 2}},
   100  	} {
   101  		slr, err := signer.SignLogRoot(test.root)
   102  		if err != nil {
   103  			t.Errorf("Failed to sign log root: %v", err)
   104  			continue
   105  		}
   106  		if got := len(slr.LogRootSignature); got == 0 {
   107  			t.Errorf("len(sig): %v, want > 0", got)
   108  		}
   109  		// Check that the signature is correct
   110  		if _, err := VerifySignedLogRoot(key.Public(), crypto.SHA256, slr); err != nil {
   111  			t.Errorf("Verify(%v) failed: %v", test.root, err)
   112  		}
   113  	}
   114  }
   115  
   116  func TestSignMapRoot(t *testing.T) {
   117  	key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass)
   118  	if err != nil {
   119  		t.Fatalf("Failed to open test key, err=%v", err)
   120  	}
   121  	signer := NewSigner(0, key, crypto.SHA256)
   122  
   123  	for _, root := range []types.MapRootV1{
   124  		{TimestampNanos: 2267709, RootHash: []byte("Islington"), Revision: 3},
   125  	} {
   126  		smr, err := signer.SignMapRoot(&root)
   127  		if err != nil {
   128  			t.Errorf("Failed to sign map root: %v", err)
   129  			continue
   130  		}
   131  		if got := len(smr.Signature); got == 0 {
   132  			t.Errorf("len(sig): %v, want > 0", got)
   133  		}
   134  
   135  		if _, err := VerifySignedMapRoot(key.Public(), crypto.SHA256, smr); err != nil {
   136  			t.Errorf("Verify(%v) failed: %v", root, err)
   137  		}
   138  	}
   139  }