github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/sw/ecdsa_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package sw 18 19 import ( 20 "crypto/ecdsa" 21 "crypto/elliptic" 22 "crypto/rand" 23 "crypto/sha256" 24 "crypto/x509" 25 "math/big" 26 "testing" 27 28 "github.com/hyperledger/fabric/bccsp/utils" 29 "github.com/stretchr/testify/assert" 30 ) 31 32 func TestSignECDSABadParameter(t *testing.T) { 33 // Generate a key 34 lowLevelKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 35 assert.NoError(t, err) 36 37 // Induce an error on the underlying ecdsa algorithm 38 msg := []byte("hello world") 39 oldN := lowLevelKey.Params().N 40 defer func() { lowLevelKey.Params().N = oldN }() 41 lowLevelKey.Params().N = big.NewInt(0) 42 _, err = signECDSA(lowLevelKey, msg, nil) 43 assert.Error(t, err) 44 assert.Contains(t, err.Error(), "zero parameter") 45 lowLevelKey.Params().N = oldN 46 } 47 48 func TestVerifyECDSA(t *testing.T) { 49 t.Parallel() 50 51 // Generate a key 52 lowLevelKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 53 assert.NoError(t, err) 54 55 msg := []byte("hello world") 56 sigma, err := signECDSA(lowLevelKey, msg, nil) 57 assert.NoError(t, err) 58 59 valid, err := verifyECDSA(&lowLevelKey.PublicKey, sigma, msg, nil) 60 assert.NoError(t, err) 61 assert.True(t, valid) 62 63 _, err = verifyECDSA(&lowLevelKey.PublicKey, nil, msg, nil) 64 assert.Error(t, err) 65 assert.Contains(t, err.Error(), "Failed unmashalling signature [") 66 67 _, err = verifyECDSA(&lowLevelKey.PublicKey, nil, msg, nil) 68 assert.Error(t, err) 69 assert.Contains(t, err.Error(), "Failed unmashalling signature [") 70 71 R, S, err := utils.UnmarshalECDSASignature(sigma) 72 assert.NoError(t, err) 73 S.Add(utils.GetCurveHalfOrdersAt(elliptic.P256()), big.NewInt(1)) 74 sigmaWrongS, err := utils.MarshalECDSASignature(R, S) 75 assert.NoError(t, err) 76 _, err = verifyECDSA(&lowLevelKey.PublicKey, sigmaWrongS, msg, nil) 77 assert.Error(t, err) 78 assert.Contains(t, err.Error(), "Invalid S. Must be smaller than half the order [") 79 } 80 81 func TestEcdsaSignerSign(t *testing.T) { 82 t.Parallel() 83 84 signer := &ecdsaSigner{} 85 verifierPrivateKey := &ecdsaPrivateKeyVerifier{} 86 verifierPublicKey := &ecdsaPublicKeyKeyVerifier{} 87 88 // Generate a key 89 lowLevelKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 90 assert.NoError(t, err) 91 k := &ecdsaPrivateKey{lowLevelKey} 92 pk, err := k.PublicKey() 93 assert.NoError(t, err) 94 95 // Sign 96 msg := []byte("Hello World") 97 sigma, err := signer.Sign(k, msg, nil) 98 assert.NoError(t, err) 99 assert.NotNil(t, sigma) 100 101 // Verify 102 valid, err := verifyECDSA(&lowLevelKey.PublicKey, sigma, msg, nil) 103 assert.NoError(t, err) 104 assert.True(t, valid) 105 106 valid, err = verifierPrivateKey.Verify(k, sigma, msg, nil) 107 assert.NoError(t, err) 108 assert.True(t, valid) 109 110 valid, err = verifierPublicKey.Verify(pk, sigma, msg, nil) 111 assert.NoError(t, err) 112 assert.True(t, valid) 113 } 114 115 func TestEcdsaPrivateKey(t *testing.T) { 116 t.Parallel() 117 118 lowLevelKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 119 assert.NoError(t, err) 120 k := &ecdsaPrivateKey{lowLevelKey} 121 122 assert.False(t, k.Symmetric()) 123 assert.True(t, k.Private()) 124 125 _, err = k.Bytes() 126 assert.Error(t, err) 127 assert.Contains(t, err.Error(), "Not supported.") 128 129 k.privKey = nil 130 ski := k.SKI() 131 assert.Nil(t, ski) 132 133 k.privKey = lowLevelKey 134 ski = k.SKI() 135 raw := elliptic.Marshal(k.privKey.Curve, k.privKey.PublicKey.X, k.privKey.PublicKey.Y) 136 hash := sha256.New() 137 hash.Write(raw) 138 ski2 := hash.Sum(nil) 139 assert.Equal(t, ski2, ski, "SKI is not computed in the right way.") 140 141 pk, err := k.PublicKey() 142 assert.NoError(t, err) 143 assert.NotNil(t, pk) 144 ecdsaPK, ok := pk.(*ecdsaPublicKey) 145 assert.True(t, ok) 146 assert.Equal(t, &lowLevelKey.PublicKey, ecdsaPK.pubKey) 147 } 148 149 func TestEcdsaPublicKey(t *testing.T) { 150 t.Parallel() 151 152 lowLevelKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 153 assert.NoError(t, err) 154 k := &ecdsaPublicKey{&lowLevelKey.PublicKey} 155 156 assert.False(t, k.Symmetric()) 157 assert.False(t, k.Private()) 158 159 k.pubKey = nil 160 ski := k.SKI() 161 assert.Nil(t, ski) 162 163 k.pubKey = &lowLevelKey.PublicKey 164 ski = k.SKI() 165 raw := elliptic.Marshal(k.pubKey.Curve, k.pubKey.X, k.pubKey.Y) 166 hash := sha256.New() 167 hash.Write(raw) 168 ski2 := hash.Sum(nil) 169 assert.Equal(t, ski, ski2, "SKI is not computed in the right way.") 170 171 pk, err := k.PublicKey() 172 assert.NoError(t, err) 173 assert.Equal(t, k, pk) 174 175 bytes, err := k.Bytes() 176 assert.NoError(t, err) 177 bytes2, err := x509.MarshalPKIXPublicKey(k.pubKey) 178 assert.NoError(t, err) 179 assert.Equal(t, bytes2, bytes, "bytes are not computed in the right way.") 180 181 invalidCurve := &elliptic.CurveParams{Name: "P-Invalid"} 182 invalidCurve.BitSize = 1024 183 k.pubKey = &ecdsa.PublicKey{Curve: invalidCurve, X: big.NewInt(1), Y: big.NewInt(1)} 184 _, err = k.Bytes() 185 assert.Error(t, err) 186 assert.Contains(t, err.Error(), "Failed marshalling key [") 187 }