github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/pkcs11/impl_test.go (about) 1 // +build pkcs11 2 3 /* 4 Copyright IBM Corp. All Rights Reserved. 5 6 SPDX-License-Identifier: Apache-2.0 7 */ 8 9 package pkcs11 10 11 import ( 12 "bytes" 13 "crypto" 14 "crypto/elliptic" 15 "crypto/rand" 16 "crypto/sha256" 17 "crypto/sha512" 18 "crypto/x509" 19 "crypto/x509/pkix" 20 "encoding/asn1" 21 "fmt" 22 "hash" 23 "io/ioutil" 24 "math/big" 25 "net" 26 "os" 27 "strings" 28 "testing" 29 "time" 30 31 "github.com/hyperledger/fabric/bccsp" 32 "github.com/hyperledger/fabric/bccsp/signer" 33 "github.com/hyperledger/fabric/bccsp/sw" 34 "github.com/hyperledger/fabric/bccsp/utils" 35 "github.com/stretchr/testify/assert" 36 "golang.org/x/crypto/sha3" 37 ) 38 39 var ( 40 currentKS bccsp.KeyStore 41 currentBCCSP bccsp.BCCSP 42 currentTestConfig testConfig 43 ) 44 45 type testConfig struct { 46 securityLevel int 47 hashFamily string 48 softVerify bool 49 immutable bool 50 } 51 52 func TestMain(m *testing.M) { 53 os.Exit(testMain(m)) 54 } 55 56 func testMain(m *testing.M) int { 57 tmpDir, err := ioutil.TempDir("", "pkcs11_ks") 58 if err != nil { 59 fmt.Printf("Failed to create keystore directory [%s]\n", err) 60 return -1 61 } 62 defer os.RemoveAll(tmpDir) 63 64 keyStore, err := sw.NewFileBasedKeyStore(nil, tmpDir, false) 65 if err != nil { 66 fmt.Printf("Failed initiliazing KeyStore [%s]\n", err) 67 return -1 68 } 69 currentKS = keyStore 70 71 lib, pin, label := FindPKCS11Lib() 72 tests := []testConfig{ 73 {256, "SHA2", true, false}, 74 {256, "SHA3", false, false}, 75 {384, "SHA2", false, false}, 76 {384, "SHA3", false, false}, 77 {384, "SHA3", true, false}, 78 } 79 80 if strings.Contains(lib, "softhsm") { 81 tests = append(tests, []testConfig{ 82 {256, "SHA2", true, false}, 83 {256, "SHA2", true, true}, 84 }...) 85 } 86 87 opts := PKCS11Opts{ 88 Library: lib, 89 Label: label, 90 Pin: pin, 91 } 92 93 for _, config := range tests { 94 currentTestConfig = config 95 96 opts.HashFamily = config.hashFamily 97 opts.SecLevel = config.securityLevel 98 opts.SoftVerify = config.softVerify 99 opts.Immutable = config.immutable 100 fmt.Printf("Immutable = [%v]\n", opts.Immutable) 101 currentBCCSP, err = New(opts, keyStore) 102 if err != nil { 103 fmt.Printf("Failed initiliazing BCCSP at [%+v] \n%s\n", opts, err) 104 return -1 105 } 106 107 ret := m.Run() 108 if ret != 0 { 109 fmt.Printf("Failed testing at [%+v]\n", opts) 110 return -1 111 } 112 } 113 return 0 114 } 115 116 func TestNew(t *testing.T) { 117 opts := PKCS11Opts{ 118 HashFamily: "SHA2", 119 SecLevel: 256, 120 SoftVerify: false, 121 Library: "lib", 122 Label: "ForFabric", 123 Pin: "98765432", 124 } 125 126 // Setup PKCS11 library and provide initial set of values 127 lib, _, _ := FindPKCS11Lib() 128 opts.Library = lib 129 130 // Test for nil keystore 131 _, err := New(opts, nil) 132 assert.Error(t, err) 133 assert.Contains(t, err.Error(), "Invalid bccsp.KeyStore instance. It must be different from nil") 134 135 // Test for invalid PKCS11 loadLib 136 opts.Library = "" 137 _, err = New(opts, currentKS) 138 assert.Error(t, err) 139 assert.Contains(t, err.Error(), "Failed initializing PKCS11 library") 140 } 141 142 func TestFindPKCS11LibEnvVars(t *testing.T) { 143 const ( 144 dummy_PKCS11_LIB = "/usr/lib/pkcs11" 145 dummy_PKCS11_PIN = "98765432" 146 dummy_PKCS11_LABEL = "testing" 147 ) 148 149 // Set environment variables used for test and preserve 150 // original values for restoration after test completion 151 orig_PKCS11_LIB := os.Getenv("PKCS11_LIB") 152 os.Setenv("PKCS11_LIB", dummy_PKCS11_LIB) 153 154 orig_PKCS11_PIN := os.Getenv("PKCS11_PIN") 155 os.Setenv("PKCS11_PIN", dummy_PKCS11_PIN) 156 157 orig_PKCS11_LABEL := os.Getenv("PKCS11_LABEL") 158 os.Setenv("PKCS11_LABEL", dummy_PKCS11_LABEL) 159 160 lib, pin, label := FindPKCS11Lib() 161 assert.EqualValues(t, dummy_PKCS11_LIB, lib, "FindPKCS11Lib did not return expected library") 162 assert.EqualValues(t, dummy_PKCS11_PIN, pin, "FindPKCS11Lib did not return expected pin") 163 assert.EqualValues(t, dummy_PKCS11_LABEL, label, "FindPKCS11Lib did not return expected label") 164 165 os.Setenv("PKCS11_LIB", orig_PKCS11_LIB) 166 os.Setenv("PKCS11_PIN", orig_PKCS11_PIN) 167 os.Setenv("PKCS11_LABEL", orig_PKCS11_LABEL) 168 } 169 170 func TestInvalidNewParameter(t *testing.T) { 171 lib, pin, label := FindPKCS11Lib() 172 opts := PKCS11Opts{ 173 Library: lib, 174 Label: label, 175 Pin: pin, 176 SoftVerify: true, 177 } 178 179 opts.HashFamily = "SHA2" 180 opts.SecLevel = 0 181 r, err := New(opts, currentKS) 182 if err == nil { 183 t.Fatal("Error should be different from nil in this case") 184 } 185 if r != nil { 186 t.Fatal("Return value should be equal to nil in this case") 187 } 188 189 opts.HashFamily = "SHA8" 190 opts.SecLevel = 256 191 r, err = New(opts, currentKS) 192 if err == nil { 193 t.Fatal("Error should be different from nil in this case") 194 } 195 if r != nil { 196 t.Fatal("Return value should be equal to nil in this case") 197 } 198 199 opts.HashFamily = "SHA2" 200 opts.SecLevel = 256 201 r, err = New(opts, nil) 202 if err == nil { 203 t.Fatal("Error should be different from nil in this case") 204 } 205 if r != nil { 206 t.Fatal("Return value should be equal to nil in this case") 207 } 208 209 opts.HashFamily = "SHA3" 210 opts.SecLevel = 0 211 r, err = New(opts, nil) 212 if err == nil { 213 t.Fatal("Error should be different from nil in this case") 214 } 215 if r != nil { 216 t.Fatal("Return value should be equal to nil in this case") 217 } 218 } 219 220 func TestInvalidSKI(t *testing.T) { 221 k, err := currentBCCSP.GetKey(nil) 222 if err == nil { 223 t.Fatal("Error should be different from nil in this case") 224 } 225 if k != nil { 226 t.Fatal("Return value should be equal to nil in this case") 227 } 228 229 k, err = currentBCCSP.GetKey([]byte{0, 1, 2, 3, 4, 5, 6}) 230 if err == nil { 231 t.Fatal("Error should be different from nil in this case") 232 } 233 if k != nil { 234 t.Fatal("Return value should be equal to nil in this case") 235 } 236 } 237 238 func TestKeyGenECDSAOpts(t *testing.T) { 239 if testing.Short() { 240 t.Skip("Skipping TestKeyGenECDSAOpts") 241 } 242 // Curve P256 243 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: false}) 244 if err != nil { 245 t.Fatalf("Failed generating ECDSA P256 key [%s]", err) 246 } 247 if k == nil { 248 t.Fatal("Failed generating ECDSA P256 key. Key must be different from nil") 249 } 250 if !k.Private() { 251 t.Fatal("Failed generating ECDSA P256 key. Key should be private") 252 } 253 if k.Symmetric() { 254 t.Fatal("Failed generating ECDSA P256 key. Key should be asymmetric") 255 } 256 257 ecdsaKey := k.(*ecdsaPrivateKey).pub 258 if elliptic.P256() != ecdsaKey.pub.Curve { 259 t.Fatal("P256 generated key in invalid. The curve must be P256.") 260 } 261 262 // Curve P384 263 k, err = currentBCCSP.KeyGen(&bccsp.ECDSAP384KeyGenOpts{Temporary: false}) 264 if err != nil { 265 t.Fatalf("Failed generating ECDSA P384 key [%s]", err) 266 } 267 if k == nil { 268 t.Fatal("Failed generating ECDSA P384 key. Key must be different from nil") 269 } 270 if !k.Private() { 271 t.Fatal("Failed generating ECDSA P384 key. Key should be private") 272 } 273 if k.Symmetric() { 274 t.Fatal("Failed generating ECDSA P384 key. Key should be asymmetric") 275 } 276 277 ecdsaKey = k.(*ecdsaPrivateKey).pub 278 if elliptic.P384() != ecdsaKey.pub.Curve { 279 t.Fatal("P256 generated key in invalid. The curve must be P384.") 280 } 281 } 282 283 func TestKeyGenAESOpts(t *testing.T) { 284 if testing.Short() { 285 t.Skip("Skipping TestKeyGenAESOpts") 286 } 287 // AES 128 288 k, err := currentBCCSP.KeyGen(&bccsp.AES128KeyGenOpts{Temporary: false}) 289 if err != nil { 290 t.Fatalf("Failed generating AES 128 key [%s]", err) 291 } 292 if k == nil { 293 t.Fatal("Failed generating AES 128 key. Key must be different from nil") 294 } 295 if !k.Private() { 296 t.Fatal("Failed generating AES 128 key. Key should be private") 297 } 298 if !k.Symmetric() { 299 t.Fatal("Failed generating AES 128 key. Key should be symmetric") 300 } 301 302 // AES 192 303 k, err = currentBCCSP.KeyGen(&bccsp.AES192KeyGenOpts{Temporary: false}) 304 if err != nil { 305 t.Fatalf("Failed generating AES 192 key [%s]", err) 306 } 307 if k == nil { 308 t.Fatal("Failed generating AES 192 key. Key must be different from nil") 309 } 310 if !k.Private() { 311 t.Fatal("Failed generating AES 192 key. Key should be private") 312 } 313 if !k.Symmetric() { 314 t.Fatal("Failed generating AES 192 key. Key should be symmetric") 315 } 316 317 // AES 256 318 k, err = currentBCCSP.KeyGen(&bccsp.AES256KeyGenOpts{Temporary: false}) 319 if err != nil { 320 t.Fatalf("Failed generating AES 256 key [%s]", err) 321 } 322 if k == nil { 323 t.Fatal("Failed generating AES 256 key. Key must be different from nil") 324 } 325 if !k.Private() { 326 t.Fatal("Failed generating AES 256 key. Key should be private") 327 } 328 if !k.Symmetric() { 329 t.Fatal("Failed generating AES 256 key. Key should be symmetric") 330 } 331 } 332 333 func TestHashOpts(t *testing.T) { 334 if testing.Short() { 335 t.Skip("Skipping TestHashOpts") 336 } 337 msg := []byte("abcd") 338 339 // SHA256 340 digest1, err := currentBCCSP.Hash(msg, &bccsp.SHA256Opts{}) 341 if err != nil { 342 t.Fatalf("Failed computing SHA256 [%s]", err) 343 } 344 345 h := sha256.New() 346 h.Write(msg) 347 digest2 := h.Sum(nil) 348 349 if !bytes.Equal(digest1, digest2) { 350 t.Fatalf("Different SHA256 computed. [%x][%x]", digest1, digest2) 351 } 352 353 // SHA384 354 digest1, err = currentBCCSP.Hash(msg, &bccsp.SHA384Opts{}) 355 if err != nil { 356 t.Fatalf("Failed computing SHA384 [%s]", err) 357 } 358 359 h = sha512.New384() 360 h.Write(msg) 361 digest2 = h.Sum(nil) 362 363 if !bytes.Equal(digest1, digest2) { 364 t.Fatalf("Different SHA384 computed. [%x][%x]", digest1, digest2) 365 } 366 367 // SHA3_256O 368 digest1, err = currentBCCSP.Hash(msg, &bccsp.SHA3_256Opts{}) 369 if err != nil { 370 t.Fatalf("Failed computing SHA3_256 [%s]", err) 371 } 372 373 h = sha3.New256() 374 h.Write(msg) 375 digest2 = h.Sum(nil) 376 377 if !bytes.Equal(digest1, digest2) { 378 t.Fatalf("Different SHA3_256 computed. [%x][%x]", digest1, digest2) 379 } 380 381 // SHA3_384 382 digest1, err = currentBCCSP.Hash(msg, &bccsp.SHA3_384Opts{}) 383 if err != nil { 384 t.Fatalf("Failed computing SHA3_384 [%s]", err) 385 } 386 387 h = sha3.New384() 388 h.Write(msg) 389 digest2 = h.Sum(nil) 390 391 if !bytes.Equal(digest1, digest2) { 392 t.Fatalf("Different SHA3_384 computed. [%x][%x]", digest1, digest2) 393 } 394 } 395 396 func TestECDSAKeyGenEphemeral(t *testing.T) { 397 if testing.Short() { 398 t.Skip("Skipping TestECDSAKeyGenEphemeral") 399 } 400 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: true}) 401 if err != nil { 402 t.Fatalf("Failed generating ECDSA key [%s]", err) 403 } 404 if k == nil { 405 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 406 } 407 if !k.Private() { 408 t.Fatal("Failed generating ECDSA key. Key should be private") 409 } 410 if k.Symmetric() { 411 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 412 } 413 raw, err := k.Bytes() 414 if err == nil { 415 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 416 } 417 if len(raw) != 0 { 418 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 419 } 420 pk, err := k.PublicKey() 421 if err != nil { 422 t.Fatalf("Failed getting corresponding public key [%s]", err) 423 } 424 if pk == nil { 425 t.Fatal("Public key must be different from nil.") 426 } 427 } 428 429 func TestECDSAPrivateKeySKI(t *testing.T) { 430 if testing.Short() { 431 t.Skip("Skipping TestECDSAPrivateKeySKI") 432 } 433 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 434 if err != nil { 435 t.Fatalf("Failed generating ECDSA key [%s]", err) 436 } 437 438 ski := k.SKI() 439 if len(ski) == 0 { 440 t.Fatal("SKI not valid. Zero length.") 441 } 442 } 443 444 func TestECDSAKeyGenNonEphemeral(t *testing.T) { 445 if testing.Short() { 446 t.Skip("Skipping TestECDSAKeyGenNonEphemeral") 447 } 448 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 449 if err != nil { 450 t.Fatalf("Failed generating ECDSA key [%s]", err) 451 } 452 if k == nil { 453 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 454 } 455 if !k.Private() { 456 t.Fatal("Failed generating ECDSA key. Key should be private") 457 } 458 if k.Symmetric() { 459 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 460 } 461 } 462 463 func TestECDSAGetKeyBySKI(t *testing.T) { 464 if testing.Short() { 465 t.Skip("Skipping TestECDSAGetKeyBySKI") 466 } 467 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 468 if err != nil { 469 t.Fatalf("Failed generating ECDSA key [%s]", err) 470 } 471 472 k2, err := currentBCCSP.GetKey(k.SKI()) 473 if err != nil { 474 t.Fatalf("Failed getting ECDSA key [%s]", err) 475 } 476 if k2 == nil { 477 t.Fatal("Failed getting ECDSA key. Key must be different from nil") 478 } 479 if !k2.Private() { 480 t.Fatal("Failed getting ECDSA key. Key should be private") 481 } 482 if k2.Symmetric() { 483 t.Fatal("Failed getting ECDSA key. Key should be asymmetric") 484 } 485 486 // Check that the SKIs are the same 487 if !bytes.Equal(k.SKI(), k2.SKI()) { 488 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 489 } 490 } 491 492 func TestECDSAPublicKeyFromPrivateKey(t *testing.T) { 493 if testing.Short() { 494 t.Skip("Skipping TestECDSAPublicKeyFromPrivateKey") 495 } 496 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 497 if err != nil { 498 t.Fatalf("Failed generating ECDSA key [%s]", err) 499 } 500 501 pk, err := k.PublicKey() 502 if err != nil { 503 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 504 } 505 if pk == nil { 506 t.Fatal("Failed getting public key from private ECDSA key. Key must be different from nil") 507 } 508 if pk.Private() { 509 t.Fatal("Failed generating ECDSA key. Key should be public") 510 } 511 if pk.Symmetric() { 512 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 513 } 514 } 515 516 func TestECDSAPublicKeyBytes(t *testing.T) { 517 if testing.Short() { 518 t.Skip("Skipping TestECDSAPublicKeyBytes") 519 } 520 521 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 522 if err != nil { 523 t.Fatalf("Failed generating ECDSA key [%s]", err) 524 } 525 526 pk, err := k.PublicKey() 527 if err != nil { 528 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 529 } 530 531 raw, err := pk.Bytes() 532 if err != nil { 533 t.Fatalf("Failed marshalling ECDSA public key [%s]", err) 534 } 535 if len(raw) == 0 { 536 t.Fatal("Failed marshalling ECDSA public key. Zero length") 537 } 538 } 539 540 func TestECDSAPublicKeySKI(t *testing.T) { 541 if testing.Short() { 542 t.Skip("Skipping TestECDSAPublicKeySKI") 543 } 544 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 545 if err != nil { 546 t.Fatalf("Failed generating ECDSA key [%s]", err) 547 } 548 549 pk, err := k.PublicKey() 550 if err != nil { 551 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 552 } 553 554 ski := pk.SKI() 555 if len(ski) == 0 { 556 t.Fatal("SKI not valid. Zero length.") 557 } 558 } 559 560 func TestECDSASign(t *testing.T) { 561 if testing.Short() { 562 t.Skip("Skipping TestECDSASign") 563 } 564 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 565 if err != nil { 566 t.Fatalf("Failed generating ECDSA key [%s]", err) 567 } 568 569 msg := []byte("Hello World") 570 571 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 572 if err != nil { 573 t.Fatalf("Failed computing HASH [%s]", err) 574 } 575 576 signature, err := currentBCCSP.Sign(k, digest, nil) 577 if err != nil { 578 t.Fatalf("Failed generating ECDSA signature [%s]", err) 579 } 580 if len(signature) == 0 { 581 t.Fatal("Failed generating ECDSA key. Signature must be different from nil") 582 } 583 584 _, err = currentBCCSP.Sign(nil, digest, nil) 585 assert.Error(t, err) 586 assert.Contains(t, err.Error(), "Invalid Key. It must not be nil") 587 588 _, err = currentBCCSP.Sign(k, nil, nil) 589 assert.Error(t, err) 590 assert.Contains(t, err.Error(), "Invalid digest. Cannot be empty") 591 } 592 593 func TestECDSAVerify(t *testing.T) { 594 if testing.Short() { 595 t.Skip("Skipping TestECDSAVerify") 596 } 597 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 598 if err != nil { 599 t.Fatalf("Failed generating ECDSA key [%s]", err) 600 } 601 602 msg := []byte("Hello World") 603 604 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 605 if err != nil { 606 t.Fatalf("Failed computing HASH [%s]", err) 607 } 608 609 signature, err := currentBCCSP.Sign(k, digest, nil) 610 if err != nil { 611 t.Fatalf("Failed generating ECDSA signature [%s]", err) 612 } 613 614 valid, err := currentBCCSP.Verify(k, signature, digest, nil) 615 if err != nil { 616 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 617 } 618 if !valid { 619 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 620 } 621 622 pk, err := k.PublicKey() 623 if err != nil { 624 t.Fatalf("Failed getting corresponding public key [%s]", err) 625 } 626 627 valid, err = currentBCCSP.Verify(pk, signature, digest, nil) 628 if err != nil { 629 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 630 } 631 if !valid { 632 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 633 } 634 635 _, err = currentBCCSP.Verify(nil, signature, digest, nil) 636 assert.Error(t, err) 637 assert.Contains(t, err.Error(), "Invalid Key. It must not be nil") 638 639 _, err = currentBCCSP.Verify(pk, nil, digest, nil) 640 assert.Error(t, err) 641 assert.Contains(t, err.Error(), "Invalid signature. Cannot be empty") 642 643 _, err = currentBCCSP.Verify(pk, signature, nil, nil) 644 assert.Error(t, err) 645 assert.Contains(t, err.Error(), "Invalid digest. Cannot be empty") 646 647 // Import the exported public key 648 pkRaw, err := pk.Bytes() 649 if err != nil { 650 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 651 } 652 653 // Store public key 654 _, err = currentBCCSP.KeyImport(pkRaw, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 655 if err != nil { 656 t.Fatalf("Failed storing corresponding public key [%s]", err) 657 } 658 659 pk2, err := currentBCCSP.GetKey(pk.SKI()) 660 if err != nil { 661 t.Fatalf("Failed retrieving corresponding public key [%s]", err) 662 } 663 664 valid, err = currentBCCSP.Verify(pk2, signature, digest, nil) 665 if err != nil { 666 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 667 } 668 if !valid { 669 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 670 } 671 } 672 673 func TestECDSAKeyImportFromExportedKey(t *testing.T) { 674 if testing.Short() { 675 t.Skip("Skipping TestECDSAKeyImportFromExportedKey") 676 } 677 // Generate an ECDSA key 678 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 679 if err != nil { 680 t.Fatalf("Failed generating ECDSA key [%s]", err) 681 } 682 683 // Export the public key 684 pk, err := k.PublicKey() 685 if err != nil { 686 t.Fatalf("Failed getting ECDSA public key [%s]", err) 687 } 688 689 pkRaw, err := pk.Bytes() 690 if err != nil { 691 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 692 } 693 694 // Import the exported public key 695 pk2, err := currentBCCSP.KeyImport(pkRaw, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 696 if err != nil { 697 t.Fatalf("Failed importing ECDSA public key [%s]", err) 698 } 699 if pk2 == nil { 700 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 701 } 702 703 // Sign and verify with the imported public key 704 msg := []byte("Hello World") 705 706 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 707 if err != nil { 708 t.Fatalf("Failed computing HASH [%s]", err) 709 } 710 711 signature, err := currentBCCSP.Sign(k, digest, nil) 712 if err != nil { 713 t.Fatalf("Failed generating ECDSA signature [%s]", err) 714 } 715 716 valid, err := currentBCCSP.Verify(pk2, signature, digest, nil) 717 if err != nil { 718 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 719 } 720 if !valid { 721 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 722 } 723 } 724 725 func TestECDSAKeyImportFromECDSAPublicKey(t *testing.T) { 726 if testing.Short() { 727 t.Skip("Skipping TestECDSAKeyImportFromECDSAPublicKey") 728 } 729 // Generate an ECDSA key 730 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 731 if err != nil { 732 t.Fatalf("Failed generating ECDSA key [%s]", err) 733 } 734 735 // Export the public key 736 pk, err := k.PublicKey() 737 if err != nil { 738 t.Fatalf("Failed getting ECDSA public key [%s]", err) 739 } 740 741 pkRaw, err := pk.Bytes() 742 if err != nil { 743 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 744 } 745 746 pub, err := utils.DERToPublicKey(pkRaw) 747 if err != nil { 748 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 749 } 750 751 // Import the ecdsa.PublicKey 752 pk2, err := currentBCCSP.KeyImport(pub, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: false}) 753 if err != nil { 754 t.Fatalf("Failed importing ECDSA public key [%s]", err) 755 } 756 if pk2 == nil { 757 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 758 } 759 760 // Sign and verify with the imported public key 761 msg := []byte("Hello World") 762 763 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 764 if err != nil { 765 t.Fatalf("Failed computing HASH [%s]", err) 766 } 767 768 signature, err := currentBCCSP.Sign(k, digest, nil) 769 if err != nil { 770 t.Fatalf("Failed generating ECDSA signature [%s]", err) 771 } 772 773 valid, err := currentBCCSP.Verify(pk2, signature, digest, nil) 774 if err != nil { 775 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 776 } 777 if !valid { 778 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 779 } 780 } 781 782 func TestKeyImportFromX509ECDSAPublicKey(t *testing.T) { 783 if testing.Short() { 784 t.Skip("Skipping TestKeyImportFromX509ECDSAPublicKey") 785 } 786 // Generate an ECDSA key 787 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 788 if err != nil { 789 t.Fatalf("Failed generating ECDSA key [%s]", err) 790 } 791 792 // Generate a self-signed certificate 793 testExtKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} 794 testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}} 795 extraExtensionData := []byte("extra extension") 796 commonName := "test.example.com" 797 template := x509.Certificate{ 798 SerialNumber: big.NewInt(1), 799 Subject: pkix.Name{ 800 CommonName: commonName, 801 Organization: []string{"Σ Acme Co"}, 802 Country: []string{"US"}, 803 ExtraNames: []pkix.AttributeTypeAndValue{ 804 { 805 Type: []int{2, 5, 4, 42}, 806 Value: "Gopher", 807 }, 808 // This should override the Country, above. 809 { 810 Type: []int{2, 5, 4, 6}, 811 Value: "NL", 812 }, 813 }, 814 }, 815 NotBefore: time.Now().Add(-1 * time.Hour), 816 NotAfter: time.Now().Add(1 * time.Hour), 817 818 SignatureAlgorithm: x509.ECDSAWithSHA256, 819 820 SubjectKeyId: []byte{1, 2, 3, 4}, 821 KeyUsage: x509.KeyUsageCertSign, 822 823 ExtKeyUsage: testExtKeyUsage, 824 UnknownExtKeyUsage: testUnknownExtKeyUsage, 825 826 BasicConstraintsValid: true, 827 IsCA: true, 828 829 OCSPServer: []string{"http://ocurrentBCCSP.example.com"}, 830 IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"}, 831 832 DNSNames: []string{"test.example.com"}, 833 EmailAddresses: []string{"gopher@golang.org"}, 834 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, 835 836 PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}}, 837 PermittedDNSDomains: []string{".example.com", "example.com"}, 838 839 CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"}, 840 841 ExtraExtensions: []pkix.Extension{ 842 { 843 Id: []int{1, 2, 3, 4}, 844 Value: extraExtensionData, 845 }, 846 }, 847 } 848 849 cryptoSigner, err := signer.New(currentBCCSP, k) 850 if err != nil { 851 t.Fatalf("Failed initializing CyrptoSigner [%s]", err) 852 } 853 854 // Export the public key 855 pk, err := k.PublicKey() 856 if err != nil { 857 t.Fatalf("Failed getting ECDSA public key [%s]", err) 858 } 859 860 pkRaw, err := pk.Bytes() 861 if err != nil { 862 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 863 } 864 865 pub, err := utils.DERToPublicKey(pkRaw) 866 if err != nil { 867 t.Fatalf("Failed converting raw to ECDSA.PublicKey [%s]", err) 868 } 869 870 certRaw, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, cryptoSigner) 871 if err != nil { 872 t.Fatalf("Failed generating self-signed certificate [%s]", err) 873 } 874 875 cert, err := x509.ParseCertificate(certRaw) 876 if err != nil { 877 t.Fatalf("Failed generating X509 certificate object from raw [%s]", err) 878 } 879 880 // Import the certificate's public key 881 pk2, err := currentBCCSP.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: false}) 882 883 if err != nil { 884 t.Fatalf("Failed importing ECDSA public key [%s]", err) 885 } 886 if pk2 == nil { 887 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 888 } 889 890 // Sign and verify with the imported public key 891 msg := []byte("Hello World") 892 893 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 894 if err != nil { 895 t.Fatalf("Failed computing HASH [%s]", err) 896 } 897 898 signature, err := currentBCCSP.Sign(k, digest, nil) 899 if err != nil { 900 t.Fatalf("Failed generating ECDSA signature [%s]", err) 901 } 902 903 valid, err := currentBCCSP.Verify(pk2, signature, digest, nil) 904 if err != nil { 905 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 906 } 907 if !valid { 908 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 909 } 910 } 911 912 func TestECDSASignatureEncoding(t *testing.T) { 913 if testing.Short() { 914 t.Skip("Skipping TestECDSASignatureEncoding") 915 } 916 v := []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0xff, 0xf1} 917 _, err := asn1.Unmarshal(v, &utils.ECDSASignature{}) 918 if err == nil { 919 t.Fatalf("Unmarshalling should fail for [% x]", v) 920 } 921 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 922 923 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0x00, 0x01} 924 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 925 if err == nil { 926 t.Fatalf("Unmarshalling should fail for [% x]", v) 927 } 928 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 929 930 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x01} 931 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 932 if err == nil { 933 t.Fatalf("Unmarshalling should fail for [% x]", v) 934 } 935 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 936 937 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x8F} 938 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 939 if err == nil { 940 t.Fatalf("Unmarshalling should fail for [% x]", v) 941 } 942 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 943 944 v = []byte{0x30, 0x0A, 0x02, 0x01, 0x8F, 0x02, 0x05, 0x00, 0x00, 0x00, 0x00, 0x8F} 945 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 946 if err == nil { 947 t.Fatalf("Unmarshalling should fail for [% x]", v) 948 } 949 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 950 951 } 952 953 func TestECDSALowS(t *testing.T) { 954 if testing.Short() { 955 t.Skip("Skipping TestECDSALowS") 956 } 957 // Ensure that signature with low-S are generated 958 k, err := currentBCCSP.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 959 if err != nil { 960 t.Fatalf("Failed generating ECDSA key [%s]", err) 961 } 962 963 msg := []byte("Hello World") 964 965 digest, err := currentBCCSP.Hash(msg, &bccsp.SHAOpts{}) 966 if err != nil { 967 t.Fatalf("Failed computing HASH [%s]", err) 968 } 969 970 signature, err := currentBCCSP.Sign(k, digest, nil) 971 if err != nil { 972 t.Fatalf("Failed generating ECDSA signature [%s]", err) 973 } 974 975 R, S, err := utils.UnmarshalECDSASignature(signature) 976 if err != nil { 977 t.Fatalf("Failed unmarshalling signature [%s]", err) 978 } 979 980 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).pub.pub.Curve)) >= 0 { 981 t.Fatal("Invalid signature. It must have low-S") 982 } 983 984 valid, err := currentBCCSP.Verify(k, signature, digest, nil) 985 if err != nil { 986 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 987 } 988 if !valid { 989 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 990 } 991 992 // Ensure that signature with high-S are rejected. 993 for { 994 R, S, err = currentBCCSP.(*impl).signP11ECDSA(k.SKI(), digest) 995 if err != nil { 996 t.Fatalf("Failed generating signature [%s]", err) 997 } 998 999 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).pub.pub.Curve)) > 0 { 1000 break 1001 } 1002 } 1003 1004 sig, err := utils.MarshalECDSASignature(R, S) 1005 if err != nil { 1006 t.Fatalf("Failing unmarshalling signature [%s]", err) 1007 } 1008 1009 valid, err = currentBCCSP.Verify(k, sig, digest, nil) 1010 if err == nil { 1011 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1012 } 1013 if valid { 1014 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1015 } 1016 } 1017 1018 func TestAESKeyGen(t *testing.T) { 1019 if testing.Short() { 1020 t.Skip("Skipping TestAESKeyGen") 1021 } 1022 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1023 if err != nil { 1024 t.Fatalf("Failed generating AES_256 key [%s]", err) 1025 } 1026 if k == nil { 1027 t.Fatal("Failed generating AES_256 key. Key must be different from nil") 1028 } 1029 if !k.Private() { 1030 t.Fatal("Failed generating AES_256 key. Key should be private") 1031 } 1032 if !k.Symmetric() { 1033 t.Fatal("Failed generating AES_256 key. Key should be symmetric") 1034 } 1035 1036 pk, err := k.PublicKey() 1037 if err == nil { 1038 t.Fatal("Error should be different from nil in this case") 1039 } 1040 if pk != nil { 1041 t.Fatal("Return value should be equal to nil in this case") 1042 } 1043 } 1044 1045 func TestAESEncrypt(t *testing.T) { 1046 if testing.Short() { 1047 t.Skip("Skipping TestAESEncrypt") 1048 } 1049 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1050 if err != nil { 1051 t.Fatalf("Failed generating AES_256 key [%s]", err) 1052 } 1053 1054 ct, err := currentBCCSP.Encrypt(k, []byte("Hello World"), &bccsp.AESCBCPKCS7ModeOpts{}) 1055 if err != nil { 1056 t.Fatalf("Failed encrypting [%s]", err) 1057 } 1058 if len(ct) == 0 { 1059 t.Fatal("Failed encrypting. Nil ciphertext") 1060 } 1061 } 1062 1063 func TestAESDecrypt(t *testing.T) { 1064 if testing.Short() { 1065 t.Skip("Skipping TestAESDecrypt") 1066 } 1067 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1068 if err != nil { 1069 t.Fatalf("Failed generating AES_256 key [%s]", err) 1070 } 1071 1072 msg := []byte("Hello World") 1073 1074 ct, err := currentBCCSP.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1075 if err != nil { 1076 t.Fatalf("Failed encrypting [%s]", err) 1077 } 1078 1079 pt, err := currentBCCSP.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1080 if err != nil { 1081 t.Fatalf("Failed decrypting [%s]", err) 1082 } 1083 if len(ct) == 0 { 1084 t.Fatal("Failed decrypting. Nil plaintext") 1085 } 1086 1087 if !bytes.Equal(msg, pt) { 1088 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1089 } 1090 } 1091 1092 func TestHMACTruncated256KeyDerivOverAES256Key(t *testing.T) { 1093 if testing.Short() { 1094 t.Skip("Skipping TestHMACTruncated256KeyDerivOverAES256Key") 1095 } 1096 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1097 if err != nil { 1098 t.Fatalf("Failed generating AES_256 key [%s]", err) 1099 } 1100 1101 hmcaedKey, err := currentBCCSP.KeyDeriv(k, &bccsp.HMACTruncated256AESDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1102 if err != nil { 1103 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1104 } 1105 if k == nil { 1106 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1107 } 1108 if !hmcaedKey.Private() { 1109 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1110 } 1111 if !hmcaedKey.Symmetric() { 1112 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1113 } 1114 raw, err := hmcaedKey.Bytes() 1115 if err == nil { 1116 t.Fatal("Failed marshalling to bytes. Operation must be forbidden") 1117 } 1118 if len(raw) != 0 { 1119 t.Fatal("Failed marshalling to bytes. Operation must return 0 bytes") 1120 } 1121 1122 msg := []byte("Hello World") 1123 1124 ct, err := currentBCCSP.Encrypt(hmcaedKey, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1125 if err != nil { 1126 t.Fatalf("Failed encrypting [%s]", err) 1127 } 1128 1129 pt, err := currentBCCSP.Decrypt(hmcaedKey, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1130 if err != nil { 1131 t.Fatalf("Failed decrypting [%s]", err) 1132 } 1133 if len(ct) == 0 { 1134 t.Fatal("Failed decrypting. Nil plaintext") 1135 } 1136 1137 if !bytes.Equal(msg, pt) { 1138 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1139 } 1140 1141 } 1142 1143 func TestHMACKeyDerivOverAES256Key(t *testing.T) { 1144 if testing.Short() { 1145 t.Skip("Skipping TestHMACKeyDerivOverAES256Key") 1146 } 1147 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1148 if err != nil { 1149 t.Fatalf("Failed generating AES_256 key [%s]", err) 1150 } 1151 1152 hmcaedKey, err := currentBCCSP.KeyDeriv(k, &bccsp.HMACDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1153 1154 if err != nil { 1155 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1156 } 1157 if k == nil { 1158 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1159 } 1160 if !hmcaedKey.Private() { 1161 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1162 } 1163 if !hmcaedKey.Symmetric() { 1164 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1165 } 1166 raw, err := hmcaedKey.Bytes() 1167 if err != nil { 1168 t.Fatalf("Failed marshalling to bytes [%s]", err) 1169 } 1170 if len(raw) == 0 { 1171 t.Fatal("Failed marshalling to bytes. 0 bytes") 1172 } 1173 } 1174 1175 func TestAES256KeyImport(t *testing.T) { 1176 if testing.Short() { 1177 t.Skip("Skipping TestAES256KeyImport") 1178 } 1179 raw, err := sw.GetRandomBytes(32) 1180 if err != nil { 1181 t.Fatalf("Failed generating AES key [%s]", err) 1182 } 1183 1184 k, err := currentBCCSP.KeyImport(raw, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1185 if err != nil { 1186 t.Fatalf("Failed importing AES_256 key [%s]", err) 1187 } 1188 if k == nil { 1189 t.Fatal("Failed importing AES_256 key. Imported Key must be different from nil") 1190 } 1191 if !k.Private() { 1192 t.Fatal("Failed HMACing AES_256 key. Imported Key should be private") 1193 } 1194 if !k.Symmetric() { 1195 t.Fatal("Failed HMACing AES_256 key. Imported Key should be asymmetric") 1196 } 1197 raw, err = k.Bytes() 1198 if err == nil { 1199 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 1200 } 1201 if len(raw) != 0 { 1202 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 1203 } 1204 1205 msg := []byte("Hello World") 1206 1207 ct, err := currentBCCSP.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1208 if err != nil { 1209 t.Fatalf("Failed encrypting [%s]", err) 1210 } 1211 1212 pt, err := currentBCCSP.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1213 if err != nil { 1214 t.Fatalf("Failed decrypting [%s]", err) 1215 } 1216 if len(ct) == 0 { 1217 t.Fatal("Failed decrypting. Nil plaintext") 1218 } 1219 1220 if !bytes.Equal(msg, pt) { 1221 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1222 } 1223 } 1224 1225 func TestAES256KeyImportBadPaths(t *testing.T) { 1226 if testing.Short() { 1227 t.Skip("Skipping TestAES256KeyImportBadPaths") 1228 } 1229 _, err := currentBCCSP.KeyImport(nil, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1230 if err == nil { 1231 t.Fatal("Failed importing key. Must fail on importing nil key") 1232 } 1233 1234 _, err = currentBCCSP.KeyImport([]byte{1}, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1235 if err == nil { 1236 t.Fatal("Failed importing key. Must fail on importing a key with an invalid length") 1237 } 1238 } 1239 1240 func TestAES256KeyGenSKI(t *testing.T) { 1241 if testing.Short() { 1242 t.Skip("Skipping TestAES256KeyGenSKI") 1243 } 1244 k, err := currentBCCSP.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1245 if err != nil { 1246 t.Fatalf("Failed generating AES_256 key [%s]", err) 1247 } 1248 1249 k2, err := currentBCCSP.GetKey(k.SKI()) 1250 if err != nil { 1251 t.Fatalf("Failed getting AES_256 key [%s]", err) 1252 } 1253 if k2 == nil { 1254 t.Fatal("Failed getting AES_256 key. Key must be different from nil") 1255 } 1256 if !k2.Private() { 1257 t.Fatal("Failed getting AES_256 key. Key should be private") 1258 } 1259 if !k2.Symmetric() { 1260 t.Fatal("Failed getting AES_256 key. Key should be symmetric") 1261 } 1262 1263 // Check that the SKIs are the same 1264 if !bytes.Equal(k.SKI(), k2.SKI()) { 1265 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 1266 } 1267 1268 } 1269 1270 func TestSHA(t *testing.T) { 1271 if testing.Short() { 1272 t.Skip("Skipping TestSHA") 1273 } 1274 for i := 0; i < 100; i++ { 1275 b, err := sw.GetRandomBytes(i) 1276 if err != nil { 1277 t.Fatalf("Failed getting random bytes [%s]", err) 1278 } 1279 1280 h1, err := currentBCCSP.Hash(b, &bccsp.SHAOpts{}) 1281 if err != nil { 1282 t.Fatalf("Failed computing SHA [%s]", err) 1283 } 1284 1285 var h hash.Hash 1286 switch currentTestConfig.hashFamily { 1287 case "SHA2": 1288 switch currentTestConfig.securityLevel { 1289 case 256: 1290 h = sha256.New() 1291 case 384: 1292 h = sha512.New384() 1293 default: 1294 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1295 } 1296 case "SHA3": 1297 switch currentTestConfig.securityLevel { 1298 case 256: 1299 h = sha3.New256() 1300 case 384: 1301 h = sha3.New384() 1302 default: 1303 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1304 } 1305 default: 1306 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1307 } 1308 1309 h.Write(b) 1310 h2 := h.Sum(nil) 1311 if !bytes.Equal(h1, h2) { 1312 t.Fatalf("Discrempancy found in HASH result [%x], [%x]!=[%x]", b, h1, h2) 1313 } 1314 } 1315 } 1316 1317 func getCryptoHashIndex(t *testing.T) crypto.Hash { 1318 switch currentTestConfig.hashFamily { 1319 case "SHA2": 1320 switch currentTestConfig.securityLevel { 1321 case 256: 1322 return crypto.SHA256 1323 case 384: 1324 return crypto.SHA384 1325 default: 1326 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1327 } 1328 case "SHA3": 1329 switch currentTestConfig.securityLevel { 1330 case 256: 1331 return crypto.SHA3_256 1332 case 384: 1333 return crypto.SHA3_384 1334 default: 1335 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1336 } 1337 default: 1338 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1339 } 1340 1341 return crypto.SHA3_256 1342 }