github.com/osdi23p228/fabric@v0.0.0-20221218062954-77808885f5db/bccsp/sw/impl_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package sw 8 9 import ( 10 "bytes" 11 "crypto/ecdsa" 12 "crypto/elliptic" 13 "crypto/rand" 14 "crypto/sha256" 15 "crypto/sha512" 16 "crypto/x509" 17 "crypto/x509/pkix" 18 "encoding/asn1" 19 "fmt" 20 "hash" 21 "io/ioutil" 22 "math/big" 23 "net" 24 "os" 25 "reflect" 26 "testing" 27 "time" 28 29 "github.com/osdi23p228/fabric/bccsp" 30 "github.com/osdi23p228/fabric/bccsp/signer" 31 "github.com/osdi23p228/fabric/bccsp/sw/mocks" 32 "github.com/osdi23p228/fabric/bccsp/utils" 33 "github.com/stretchr/testify/assert" 34 "golang.org/x/crypto/sha3" 35 ) 36 37 var ( 38 currentTestConfig testConfig 39 tempDir string 40 ) 41 42 type testConfig struct { 43 securityLevel int 44 hashFamily string 45 } 46 47 func (tc testConfig) Provider(t *testing.T) (bccsp.BCCSP, bccsp.KeyStore, func()) { 48 td, err := ioutil.TempDir(tempDir, "test") 49 assert.NoError(t, err) 50 ks, err := NewFileBasedKeyStore(nil, td, false) 51 assert.NoError(t, err) 52 p, err := NewWithParams(tc.securityLevel, tc.hashFamily, ks) 53 assert.NoError(t, err) 54 return p, ks, func() { os.RemoveAll(td) } 55 } 56 57 func TestMain(m *testing.M) { 58 code := -1 59 defer func() { 60 os.Exit(code) 61 }() 62 tests := []testConfig{ 63 {256, "SHA2"}, 64 {256, "SHA3"}, 65 {384, "SHA2"}, 66 {384, "SHA3"}, 67 } 68 69 var err error 70 tempDir, err = ioutil.TempDir("", "bccsp-sw") 71 if err != nil { 72 fmt.Printf("Failed to create temporary directory: %s\n\n", err) 73 return 74 } 75 defer os.RemoveAll(tempDir) 76 77 for _, config := range tests { 78 currentTestConfig = config 79 code = m.Run() 80 if code != 0 { 81 fmt.Printf("Failed testing at [%d, %s]", config.securityLevel, config.hashFamily) 82 return 83 } 84 } 85 } 86 87 func TestInvalidNewParameter(t *testing.T) { 88 t.Parallel() 89 _, ks, cleanup := currentTestConfig.Provider(t) 90 defer cleanup() 91 92 r, err := NewWithParams(0, "SHA2", ks) 93 if err == nil { 94 t.Fatal("Error should be different from nil in this case") 95 } 96 if r != nil { 97 t.Fatal("Return value should be equal to nil in this case") 98 } 99 100 r, err = NewWithParams(256, "SHA8", ks) 101 if err == nil { 102 t.Fatal("Error should be different from nil in this case") 103 } 104 if r != nil { 105 t.Fatal("Return value should be equal to nil in this case") 106 } 107 108 r, err = NewWithParams(256, "SHA2", nil) 109 if err == nil { 110 t.Fatal("Error should be different from nil in this case") 111 } 112 if r != nil { 113 t.Fatal("Return value should be equal to nil in this case") 114 } 115 116 r, err = NewWithParams(0, "SHA3", nil) 117 if err == nil { 118 t.Fatal("Error should be different from nil in this case") 119 } 120 if r != nil { 121 t.Fatal("Return value should be equal to nil in this case") 122 } 123 124 r, err = NewDefaultSecurityLevel("") 125 if err == nil { 126 t.Fatal("Error should be different from nil in this case") 127 } 128 if r != nil { 129 t.Fatal("Return value should be equal to nil in this case") 130 } 131 } 132 133 func TestInvalidSKI(t *testing.T) { 134 t.Parallel() 135 provider, _, cleanup := currentTestConfig.Provider(t) 136 defer cleanup() 137 138 k, err := provider.GetKey(nil) 139 if err == nil { 140 t.Fatal("Error should be different from nil in this case") 141 } 142 if k != nil { 143 t.Fatal("Return value should be equal to nil in this case") 144 } 145 146 k, err = provider.GetKey([]byte{0, 1, 2, 3, 4, 5, 6}) 147 if err == nil { 148 t.Fatal("Error should be different from nil in this case") 149 } 150 if k != nil { 151 t.Fatal("Return value should be equal to nil in this case") 152 } 153 } 154 155 func TestKeyGenECDSAOpts(t *testing.T) { 156 t.Parallel() 157 provider, _, cleanup := currentTestConfig.Provider(t) 158 defer cleanup() 159 160 // Curve P256 161 k, err := provider.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: false}) 162 if err != nil { 163 t.Fatalf("Failed generating ECDSA P256 key [%s]", err) 164 } 165 if k == nil { 166 t.Fatal("Failed generating ECDSA P256 key. Key must be different from nil") 167 } 168 if !k.Private() { 169 t.Fatal("Failed generating ECDSA P256 key. Key should be private") 170 } 171 if k.Symmetric() { 172 t.Fatal("Failed generating ECDSA P256 key. Key should be asymmetric") 173 } 174 175 ecdsaKey := k.(*ecdsaPrivateKey).privKey 176 if !elliptic.P256().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 177 t.Fatal("P256 generated key in invalid. The public key must be on the P256 curve.") 178 } 179 if elliptic.P256() != ecdsaKey.Curve { 180 t.Fatal("P256 generated key in invalid. The curve must be P256.") 181 } 182 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 183 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 184 } 185 186 // Curve P384 187 k, err = provider.KeyGen(&bccsp.ECDSAP384KeyGenOpts{Temporary: false}) 188 if err != nil { 189 t.Fatalf("Failed generating ECDSA P384 key [%s]", err) 190 } 191 if k == nil { 192 t.Fatal("Failed generating ECDSA P384 key. Key must be different from nil") 193 } 194 if !k.Private() { 195 t.Fatal("Failed generating ECDSA P384 key. Key should be private") 196 } 197 if k.Symmetric() { 198 t.Fatal("Failed generating ECDSA P384 key. Key should be asymmetric") 199 } 200 201 ecdsaKey = k.(*ecdsaPrivateKey).privKey 202 if !elliptic.P384().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 203 t.Fatal("P256 generated key in invalid. The public key must be on the P384 curve.") 204 } 205 if elliptic.P384() != ecdsaKey.Curve { 206 t.Fatal("P256 generated key in invalid. The curve must be P384.") 207 } 208 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 209 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 210 } 211 212 } 213 214 func TestKeyGenAESOpts(t *testing.T) { 215 t.Parallel() 216 provider, _, cleanup := currentTestConfig.Provider(t) 217 defer cleanup() 218 219 // AES 128 220 k, err := provider.KeyGen(&bccsp.AES128KeyGenOpts{Temporary: false}) 221 if err != nil { 222 t.Fatalf("Failed generating AES 128 key [%s]", err) 223 } 224 if k == nil { 225 t.Fatal("Failed generating AES 128 key. Key must be different from nil") 226 } 227 if !k.Private() { 228 t.Fatal("Failed generating AES 128 key. Key should be private") 229 } 230 if !k.Symmetric() { 231 t.Fatal("Failed generating AES 128 key. Key should be symmetric") 232 } 233 234 aesKey := k.(*aesPrivateKey).privKey 235 if len(aesKey) != 16 { 236 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 237 } 238 239 // AES 192 240 k, err = provider.KeyGen(&bccsp.AES192KeyGenOpts{Temporary: false}) 241 if err != nil { 242 t.Fatalf("Failed generating AES 192 key [%s]", err) 243 } 244 if k == nil { 245 t.Fatal("Failed generating AES 192 key. Key must be different from nil") 246 } 247 if !k.Private() { 248 t.Fatal("Failed generating AES 192 key. Key should be private") 249 } 250 if !k.Symmetric() { 251 t.Fatal("Failed generating AES 192 key. Key should be symmetric") 252 } 253 254 aesKey = k.(*aesPrivateKey).privKey 255 if len(aesKey) != 24 { 256 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 257 } 258 259 // AES 256 260 k, err = provider.KeyGen(&bccsp.AES256KeyGenOpts{Temporary: false}) 261 if err != nil { 262 t.Fatalf("Failed generating AES 256 key [%s]", err) 263 } 264 if k == nil { 265 t.Fatal("Failed generating AES 256 key. Key must be different from nil") 266 } 267 if !k.Private() { 268 t.Fatal("Failed generating AES 256 key. Key should be private") 269 } 270 if !k.Symmetric() { 271 t.Fatal("Failed generating AES 256 key. Key should be symmetric") 272 } 273 274 aesKey = k.(*aesPrivateKey).privKey 275 if len(aesKey) != 32 { 276 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 277 } 278 } 279 280 func TestECDSAKeyGenEphemeral(t *testing.T) { 281 t.Parallel() 282 provider, _, cleanup := currentTestConfig.Provider(t) 283 defer cleanup() 284 285 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: true}) 286 if err != nil { 287 t.Fatalf("Failed generating ECDSA key [%s]", err) 288 } 289 if k == nil { 290 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 291 } 292 if !k.Private() { 293 t.Fatal("Failed generating ECDSA key. Key should be private") 294 } 295 if k.Symmetric() { 296 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 297 } 298 raw, err := k.Bytes() 299 if err == nil { 300 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 301 } 302 if len(raw) != 0 { 303 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 304 } 305 pk, err := k.PublicKey() 306 if err != nil { 307 t.Fatalf("Failed getting corresponding public key [%s]", err) 308 } 309 if pk == nil { 310 t.Fatal("Public key must be different from nil.") 311 } 312 } 313 314 func TestECDSAPrivateKeySKI(t *testing.T) { 315 t.Parallel() 316 provider, _, cleanup := currentTestConfig.Provider(t) 317 defer cleanup() 318 319 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 320 if err != nil { 321 t.Fatalf("Failed generating ECDSA key [%s]", err) 322 } 323 324 ski := k.SKI() 325 if len(ski) == 0 { 326 t.Fatal("SKI not valid. Zero length.") 327 } 328 } 329 330 func TestECDSAKeyGenNonEphemeral(t *testing.T) { 331 t.Parallel() 332 provider, _, cleanup := currentTestConfig.Provider(t) 333 defer cleanup() 334 335 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 336 if err != nil { 337 t.Fatalf("Failed generating ECDSA key [%s]", err) 338 } 339 if k == nil { 340 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 341 } 342 if !k.Private() { 343 t.Fatal("Failed generating ECDSA key. Key should be private") 344 } 345 if k.Symmetric() { 346 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 347 } 348 } 349 350 func TestECDSAGetKeyBySKI(t *testing.T) { 351 t.Parallel() 352 provider, _, cleanup := currentTestConfig.Provider(t) 353 defer cleanup() 354 355 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 356 if err != nil { 357 t.Fatalf("Failed generating ECDSA key [%s]", err) 358 } 359 360 k2, err := provider.GetKey(k.SKI()) 361 if err != nil { 362 t.Fatalf("Failed getting ECDSA key [%s]", err) 363 } 364 if k2 == nil { 365 t.Fatal("Failed getting ECDSA key. Key must be different from nil") 366 } 367 if !k2.Private() { 368 t.Fatal("Failed getting ECDSA key. Key should be private") 369 } 370 if k2.Symmetric() { 371 t.Fatal("Failed getting ECDSA key. Key should be asymmetric") 372 } 373 374 // Check that the SKIs are the same 375 if !bytes.Equal(k.SKI(), k2.SKI()) { 376 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 377 } 378 } 379 380 func TestECDSAPublicKeyFromPrivateKey(t *testing.T) { 381 t.Parallel() 382 provider, _, cleanup := currentTestConfig.Provider(t) 383 defer cleanup() 384 385 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 386 if err != nil { 387 t.Fatalf("Failed generating ECDSA key [%s]", err) 388 } 389 390 pk, err := k.PublicKey() 391 if err != nil { 392 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 393 } 394 if pk == nil { 395 t.Fatal("Failed getting public key from private ECDSA key. Key must be different from nil") 396 } 397 if pk.Private() { 398 t.Fatal("Failed generating ECDSA key. Key should be public") 399 } 400 if pk.Symmetric() { 401 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 402 } 403 } 404 405 func TestECDSAPublicKeyBytes(t *testing.T) { 406 t.Parallel() 407 provider, _, cleanup := currentTestConfig.Provider(t) 408 defer cleanup() 409 410 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 411 if err != nil { 412 t.Fatalf("Failed generating ECDSA key [%s]", err) 413 } 414 415 pk, err := k.PublicKey() 416 if err != nil { 417 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 418 } 419 420 raw, err := pk.Bytes() 421 if err != nil { 422 t.Fatalf("Failed marshalling ECDSA public key [%s]", err) 423 } 424 if len(raw) == 0 { 425 t.Fatal("Failed marshalling ECDSA public key. Zero length") 426 } 427 } 428 429 func TestECDSAPublicKeySKI(t *testing.T) { 430 t.Parallel() 431 provider, _, cleanup := currentTestConfig.Provider(t) 432 defer cleanup() 433 434 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 435 if err != nil { 436 t.Fatalf("Failed generating ECDSA key [%s]", err) 437 } 438 439 pk, err := k.PublicKey() 440 if err != nil { 441 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 442 } 443 444 ski := pk.SKI() 445 if len(ski) == 0 { 446 t.Fatal("SKI not valid. Zero length.") 447 } 448 } 449 450 func TestECDSAKeyReRand(t *testing.T) { 451 t.Parallel() 452 provider, _, cleanup := currentTestConfig.Provider(t) 453 defer cleanup() 454 455 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 456 if err != nil { 457 t.Fatalf("Failed generating ECDSA key [%s]", err) 458 } 459 if k == nil { 460 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 461 } 462 463 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 464 if err != nil { 465 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 466 } 467 if !reRandomizedKey.Private() { 468 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be private") 469 } 470 if reRandomizedKey.Symmetric() { 471 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be asymmetric") 472 } 473 474 k2, err := k.PublicKey() 475 if err != nil { 476 t.Fatalf("Failed getting public ECDSA key from private [%s]", err) 477 } 478 if k2 == nil { 479 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 480 } 481 482 reRandomizedKey2, err := provider.KeyDeriv(k2, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 483 if err != nil { 484 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 485 } 486 487 if reRandomizedKey2.Private() { 488 t.Fatal("Re-randomized public Key must remain public") 489 } 490 if reRandomizedKey2.Symmetric() { 491 t.Fatal("Re-randomized ECDSA asymmetric key must remain asymmetric") 492 } 493 494 if false == bytes.Equal(reRandomizedKey.SKI(), reRandomizedKey2.SKI()) { 495 t.Fatal("Re-randomized ECDSA Private- or Public-Keys must end up having the same SKI") 496 } 497 } 498 499 func TestECDSASign(t *testing.T) { 500 t.Parallel() 501 provider, _, cleanup := currentTestConfig.Provider(t) 502 defer cleanup() 503 504 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 505 if err != nil { 506 t.Fatalf("Failed generating ECDSA key [%s]", err) 507 } 508 509 msg := []byte("Hello World") 510 511 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 512 if err != nil { 513 t.Fatalf("Failed computing HASH [%s]", err) 514 } 515 516 signature, err := provider.Sign(k, digest, nil) 517 if err != nil { 518 t.Fatalf("Failed generating ECDSA signature [%s]", err) 519 } 520 if len(signature) == 0 { 521 t.Fatal("Failed generating ECDSA key. Signature must be different from nil") 522 } 523 } 524 525 func TestECDSAVerify(t *testing.T) { 526 t.Parallel() 527 provider, ks, cleanup := currentTestConfig.Provider(t) 528 defer cleanup() 529 530 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 531 if err != nil { 532 t.Fatalf("Failed generating ECDSA key [%s]", err) 533 } 534 535 msg := []byte("Hello World") 536 537 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 538 if err != nil { 539 t.Fatalf("Failed computing HASH [%s]", err) 540 } 541 542 signature, err := provider.Sign(k, digest, nil) 543 if err != nil { 544 t.Fatalf("Failed generating ECDSA signature [%s]", err) 545 } 546 547 valid, err := provider.Verify(k, signature, digest, nil) 548 if err != nil { 549 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 550 } 551 if !valid { 552 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 553 } 554 555 pk, err := k.PublicKey() 556 if err != nil { 557 t.Fatalf("Failed getting corresponding public key [%s]", err) 558 } 559 560 valid, err = provider.Verify(pk, signature, digest, nil) 561 if err != nil { 562 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 563 } 564 if !valid { 565 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 566 } 567 568 // Store public key 569 err = ks.StoreKey(pk) 570 if err != nil { 571 t.Fatalf("Failed storing corresponding public key [%s]", err) 572 } 573 574 pk2, err := ks.GetKey(pk.SKI()) 575 if err != nil { 576 t.Fatalf("Failed retrieving corresponding public key [%s]", err) 577 } 578 579 valid, err = provider.Verify(pk2, signature, digest, nil) 580 if err != nil { 581 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 582 } 583 if !valid { 584 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 585 } 586 } 587 588 func TestECDSAKeyDeriv(t *testing.T) { 589 t.Parallel() 590 provider, _, cleanup := currentTestConfig.Provider(t) 591 defer cleanup() 592 593 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 594 if err != nil { 595 t.Fatalf("Failed generating ECDSA key [%s]", err) 596 } 597 598 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 599 if err != nil { 600 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 601 } 602 603 msg := []byte("Hello World") 604 605 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 606 if err != nil { 607 t.Fatalf("Failed computing HASH [%s]", err) 608 } 609 610 signature, err := provider.Sign(reRandomizedKey, digest, nil) 611 if err != nil { 612 t.Fatalf("Failed generating ECDSA signature [%s]", err) 613 } 614 615 valid, err := provider.Verify(reRandomizedKey, signature, digest, nil) 616 if err != nil { 617 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 618 } 619 if !valid { 620 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 621 } 622 } 623 624 func TestECDSAKeyImportFromExportedKey(t *testing.T) { 625 t.Parallel() 626 provider, _, cleanup := currentTestConfig.Provider(t) 627 defer cleanup() 628 629 // Generate an ECDSA key 630 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 631 if err != nil { 632 t.Fatalf("Failed generating ECDSA key [%s]", err) 633 } 634 635 // Export the public key 636 pk, err := k.PublicKey() 637 if err != nil { 638 t.Fatalf("Failed getting ECDSA public key [%s]", err) 639 } 640 641 pkRaw, err := pk.Bytes() 642 if err != nil { 643 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 644 } 645 646 // Import the exported public key 647 pk2, err := provider.KeyImport(pkRaw, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 648 if err != nil { 649 t.Fatalf("Failed importing ECDSA public key [%s]", err) 650 } 651 if pk2 == nil { 652 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 653 } 654 655 // Sign and verify with the imported public key 656 msg := []byte("Hello World") 657 658 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 659 if err != nil { 660 t.Fatalf("Failed computing HASH [%s]", err) 661 } 662 663 signature, err := provider.Sign(k, digest, nil) 664 if err != nil { 665 t.Fatalf("Failed generating ECDSA signature [%s]", err) 666 } 667 668 valid, err := provider.Verify(pk2, signature, digest, nil) 669 if err != nil { 670 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 671 } 672 if !valid { 673 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 674 } 675 } 676 677 func TestECDSAKeyImportFromECDSAPublicKey(t *testing.T) { 678 t.Parallel() 679 provider, _, cleanup := currentTestConfig.Provider(t) 680 defer cleanup() 681 682 // Generate an ECDSA key 683 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 684 if err != nil { 685 t.Fatalf("Failed generating ECDSA key [%s]", err) 686 } 687 688 // Export the public key 689 pk, err := k.PublicKey() 690 if err != nil { 691 t.Fatalf("Failed getting ECDSA public key [%s]", err) 692 } 693 694 pkRaw, err := pk.Bytes() 695 if err != nil { 696 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 697 } 698 699 pub, err := derToPublicKey(pkRaw) 700 if err != nil { 701 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 702 } 703 704 // Import the ecdsa.PublicKey 705 pk2, err := provider.KeyImport(pub, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: false}) 706 if err != nil { 707 t.Fatalf("Failed importing ECDSA public key [%s]", err) 708 } 709 if pk2 == nil { 710 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 711 } 712 713 // Sign and verify with the imported public key 714 msg := []byte("Hello World") 715 716 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 717 if err != nil { 718 t.Fatalf("Failed computing HASH [%s]", err) 719 } 720 721 signature, err := provider.Sign(k, digest, nil) 722 if err != nil { 723 t.Fatalf("Failed generating ECDSA signature [%s]", err) 724 } 725 726 valid, err := provider.Verify(pk2, signature, digest, nil) 727 if err != nil { 728 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 729 } 730 if !valid { 731 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 732 } 733 } 734 735 func TestECDSAKeyImportFromECDSAPrivateKey(t *testing.T) { 736 t.Parallel() 737 provider, _, cleanup := currentTestConfig.Provider(t) 738 defer cleanup() 739 740 // Generate an ECDSA key, default is P256 741 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 742 if err != nil { 743 t.Fatalf("Failed generating ECDSA key [%s]", err) 744 } 745 746 // Import the ecdsa.PrivateKey 747 priv, err := privateKeyToDER(key) 748 if err != nil { 749 t.Fatalf("Failed converting raw to ecdsa.PrivateKey [%s]", err) 750 } 751 752 sk, err := provider.KeyImport(priv, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: false}) 753 if err != nil { 754 t.Fatalf("Failed importing ECDSA private key [%s]", err) 755 } 756 if sk == nil { 757 t.Fatal("Failed importing ECDSA private key. Return BCCSP key cannot be nil.") 758 } 759 760 // Import the ecdsa.PublicKey 761 pub, err := x509.MarshalPKIXPublicKey(&key.PublicKey) 762 if err != nil { 763 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 764 } 765 766 pk, err := provider.KeyImport(pub, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 767 768 if err != nil { 769 t.Fatalf("Failed importing ECDSA public key [%s]", err) 770 } 771 if pk == nil { 772 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 773 } 774 775 // Sign and verify with the imported public key 776 msg := []byte("Hello World") 777 778 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 779 if err != nil { 780 t.Fatalf("Failed computing HASH [%s]", err) 781 } 782 783 signature, err := provider.Sign(sk, digest, nil) 784 if err != nil { 785 t.Fatalf("Failed generating ECDSA signature [%s]", err) 786 } 787 788 valid, err := provider.Verify(pk, signature, digest, nil) 789 if err != nil { 790 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 791 } 792 if !valid { 793 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 794 } 795 } 796 797 func TestKeyImportFromX509ECDSAPublicKey(t *testing.T) { 798 t.Parallel() 799 provider, _, cleanup := currentTestConfig.Provider(t) 800 defer cleanup() 801 802 // Generate an ECDSA key 803 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 804 if err != nil { 805 t.Fatalf("Failed generating ECDSA key [%s]", err) 806 } 807 808 // Generate a self-signed certificate 809 testExtKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} 810 testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}} 811 extraExtensionData := []byte("extra extension") 812 commonName := "test.example.com" 813 template := x509.Certificate{ 814 SerialNumber: big.NewInt(1), 815 Subject: pkix.Name{ 816 CommonName: commonName, 817 Organization: []string{"Σ Acme Co"}, 818 Country: []string{"US"}, 819 ExtraNames: []pkix.AttributeTypeAndValue{ 820 { 821 Type: []int{2, 5, 4, 42}, 822 Value: "Gopher", 823 }, 824 // This should override the Country, above. 825 { 826 Type: []int{2, 5, 4, 6}, 827 Value: "NL", 828 }, 829 }, 830 }, 831 NotBefore: time.Now().Add(-1 * time.Hour), 832 NotAfter: time.Now().Add(1 * time.Hour), 833 834 SignatureAlgorithm: x509.ECDSAWithSHA256, 835 836 SubjectKeyId: []byte{1, 2, 3, 4}, 837 KeyUsage: x509.KeyUsageCertSign, 838 839 ExtKeyUsage: testExtKeyUsage, 840 UnknownExtKeyUsage: testUnknownExtKeyUsage, 841 842 BasicConstraintsValid: true, 843 IsCA: true, 844 845 OCSPServer: []string{"http://ocurrentBCCSP.example.com"}, 846 IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"}, 847 848 DNSNames: []string{"test.example.com"}, 849 EmailAddresses: []string{"gopher@golang.org"}, 850 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, 851 852 PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}}, 853 PermittedDNSDomains: []string{".example.com", "example.com"}, 854 855 CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"}, 856 857 ExtraExtensions: []pkix.Extension{ 858 { 859 Id: []int{1, 2, 3, 4}, 860 Value: extraExtensionData, 861 }, 862 }, 863 } 864 865 cryptoSigner, err := signer.New(provider, k) 866 if err != nil { 867 t.Fatalf("Failed initializing CyrptoSigner [%s]", err) 868 } 869 870 // Export the public key 871 pk, err := k.PublicKey() 872 if err != nil { 873 t.Fatalf("Failed getting ECDSA public key [%s]", err) 874 } 875 876 pkRaw, err := pk.Bytes() 877 if err != nil { 878 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 879 } 880 881 pub, err := derToPublicKey(pkRaw) 882 if err != nil { 883 t.Fatalf("Failed converting raw to ECDSA.PublicKey [%s]", err) 884 } 885 886 certRaw, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, cryptoSigner) 887 if err != nil { 888 t.Fatalf("Failed generating self-signed certificate [%s]", err) 889 } 890 891 cert, err := x509.ParseCertificate(certRaw) 892 if err != nil { 893 t.Fatalf("Failed generating X509 certificate object from raw [%s]", err) 894 } 895 896 // Import the certificate's public key 897 pk2, err := provider.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: false}) 898 899 if err != nil { 900 t.Fatalf("Failed importing ECDSA public key [%s]", err) 901 } 902 if pk2 == nil { 903 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 904 } 905 906 // Sign and verify with the imported public key 907 msg := []byte("Hello World") 908 909 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 910 if err != nil { 911 t.Fatalf("Failed computing HASH [%s]", err) 912 } 913 914 signature, err := provider.Sign(k, digest, nil) 915 if err != nil { 916 t.Fatalf("Failed generating ECDSA signature [%s]", err) 917 } 918 919 valid, err := provider.Verify(pk2, signature, digest, nil) 920 if err != nil { 921 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 922 } 923 if !valid { 924 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 925 } 926 } 927 928 func TestECDSASignatureEncoding(t *testing.T) { 929 t.Parallel() 930 931 v := []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0xff, 0xf1} 932 _, err := asn1.Unmarshal(v, &utils.ECDSASignature{}) 933 if err == nil { 934 t.Fatalf("Unmarshalling should fail for [% x]", v) 935 } 936 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 937 938 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0x00, 0x01} 939 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 940 if err == nil { 941 t.Fatalf("Unmarshalling should fail for [% x]", v) 942 } 943 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 944 945 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x01} 946 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 947 if err == nil { 948 t.Fatalf("Unmarshalling should fail for [% x]", v) 949 } 950 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 951 952 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x8F} 953 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 954 if err == nil { 955 t.Fatalf("Unmarshalling should fail for [% x]", v) 956 } 957 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 958 959 v = []byte{0x30, 0x0A, 0x02, 0x01, 0x8F, 0x02, 0x05, 0x00, 0x00, 0x00, 0x00, 0x8F} 960 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 961 if err == nil { 962 t.Fatalf("Unmarshalling should fail for [% x]", v) 963 } 964 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 965 966 } 967 968 func TestECDSALowS(t *testing.T) { 969 t.Parallel() 970 provider, _, cleanup := currentTestConfig.Provider(t) 971 defer cleanup() 972 973 // Ensure that signature with low-S are generated 974 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 975 if err != nil { 976 t.Fatalf("Failed generating ECDSA key [%s]", err) 977 } 978 979 msg := []byte("Hello World") 980 981 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 982 if err != nil { 983 t.Fatalf("Failed computing HASH [%s]", err) 984 } 985 986 signature, err := provider.Sign(k, digest, nil) 987 if err != nil { 988 t.Fatalf("Failed generating ECDSA signature [%s]", err) 989 } 990 991 _, S, err := utils.UnmarshalECDSASignature(signature) 992 if err != nil { 993 t.Fatalf("Failed unmarshalling signature [%s]", err) 994 } 995 996 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) >= 0 { 997 t.Fatal("Invalid signature. It must have low-S") 998 } 999 1000 valid, err := provider.Verify(k, signature, digest, nil) 1001 if err != nil { 1002 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 1003 } 1004 if !valid { 1005 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 1006 } 1007 1008 // Ensure that signature with high-S are rejected. 1009 var R *big.Int 1010 for { 1011 R, S, err = ecdsa.Sign(rand.Reader, k.(*ecdsaPrivateKey).privKey, digest) 1012 if err != nil { 1013 t.Fatalf("Failed generating signature [%s]", err) 1014 } 1015 1016 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) > 0 { 1017 break 1018 } 1019 } 1020 1021 sig, err := utils.MarshalECDSASignature(R, S) 1022 if err != nil { 1023 t.Fatalf("Failing unmarshalling signature [%s]", err) 1024 } 1025 1026 valid, err = provider.Verify(k, sig, digest, nil) 1027 if err == nil { 1028 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1029 } 1030 if valid { 1031 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1032 } 1033 } 1034 1035 func TestAESKeyGen(t *testing.T) { 1036 t.Parallel() 1037 provider, _, cleanup := currentTestConfig.Provider(t) 1038 defer cleanup() 1039 1040 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1041 if err != nil { 1042 t.Fatalf("Failed generating AES_256 key [%s]", err) 1043 } 1044 if k == nil { 1045 t.Fatal("Failed generating AES_256 key. Key must be different from nil") 1046 } 1047 if !k.Private() { 1048 t.Fatal("Failed generating AES_256 key. Key should be private") 1049 } 1050 if !k.Symmetric() { 1051 t.Fatal("Failed generating AES_256 key. Key should be symmetric") 1052 } 1053 1054 pk, err := k.PublicKey() 1055 if err == nil { 1056 t.Fatal("Error should be different from nil in this case") 1057 } 1058 if pk != nil { 1059 t.Fatal("Return value should be equal to nil in this case") 1060 } 1061 } 1062 1063 func TestAESEncrypt(t *testing.T) { 1064 t.Parallel() 1065 provider, _, cleanup := currentTestConfig.Provider(t) 1066 defer cleanup() 1067 1068 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1069 if err != nil { 1070 t.Fatalf("Failed generating AES_256 key [%s]", err) 1071 } 1072 1073 ct, err := provider.Encrypt(k, []byte("Hello World"), &bccsp.AESCBCPKCS7ModeOpts{}) 1074 if err != nil { 1075 t.Fatalf("Failed encrypting [%s]", err) 1076 } 1077 if len(ct) == 0 { 1078 t.Fatal("Failed encrypting. Nil ciphertext") 1079 } 1080 } 1081 1082 func TestAESDecrypt(t *testing.T) { 1083 t.Parallel() 1084 provider, _, cleanup := currentTestConfig.Provider(t) 1085 defer cleanup() 1086 1087 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1088 if err != nil { 1089 t.Fatalf("Failed generating AES_256 key [%s]", err) 1090 } 1091 1092 msg := []byte("Hello World") 1093 1094 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1095 if err != nil { 1096 t.Fatalf("Failed encrypting [%s]", err) 1097 } 1098 1099 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1100 if err != nil { 1101 t.Fatalf("Failed decrypting [%s]", err) 1102 } 1103 if len(ct) == 0 { 1104 t.Fatal("Failed decrypting. Nil plaintext") 1105 } 1106 1107 if !bytes.Equal(msg, pt) { 1108 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1109 } 1110 } 1111 1112 func TestHMACTruncated256KeyDerivOverAES256Key(t *testing.T) { 1113 t.Parallel() 1114 provider, _, cleanup := currentTestConfig.Provider(t) 1115 defer cleanup() 1116 1117 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1118 if err != nil { 1119 t.Fatalf("Failed generating AES_256 key [%s]", err) 1120 } 1121 1122 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACTruncated256AESDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1123 if err != nil { 1124 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1125 } 1126 if k == nil { 1127 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1128 } 1129 if !hmcaedKey.Private() { 1130 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1131 } 1132 if !hmcaedKey.Symmetric() { 1133 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1134 } 1135 raw, err := hmcaedKey.Bytes() 1136 if err == nil { 1137 t.Fatal("Failed marshalling to bytes. Operation must be forbidden") 1138 } 1139 if len(raw) != 0 { 1140 t.Fatal("Failed marshalling to bytes. Operation must return 0 bytes") 1141 } 1142 1143 msg := []byte("Hello World") 1144 1145 ct, err := provider.Encrypt(hmcaedKey, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1146 if err != nil { 1147 t.Fatalf("Failed encrypting [%s]", err) 1148 } 1149 1150 pt, err := provider.Decrypt(hmcaedKey, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1151 if err != nil { 1152 t.Fatalf("Failed decrypting [%s]", err) 1153 } 1154 if len(ct) == 0 { 1155 t.Fatal("Failed decrypting. Nil plaintext") 1156 } 1157 1158 if !bytes.Equal(msg, pt) { 1159 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1160 } 1161 } 1162 1163 func TestHMACKeyDerivOverAES256Key(t *testing.T) { 1164 t.Parallel() 1165 provider, _, cleanup := currentTestConfig.Provider(t) 1166 defer cleanup() 1167 1168 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1169 if err != nil { 1170 t.Fatalf("Failed generating AES_256 key [%s]", err) 1171 } 1172 1173 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1174 1175 if err != nil { 1176 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1177 } 1178 if k == nil { 1179 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1180 } 1181 if !hmcaedKey.Private() { 1182 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1183 } 1184 if !hmcaedKey.Symmetric() { 1185 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1186 } 1187 raw, err := hmcaedKey.Bytes() 1188 if err != nil { 1189 t.Fatalf("Failed marshalling to bytes [%s]", err) 1190 } 1191 if len(raw) == 0 { 1192 t.Fatal("Failed marshalling to bytes. 0 bytes") 1193 } 1194 } 1195 1196 func TestAES256KeyImport(t *testing.T) { 1197 t.Parallel() 1198 provider, _, cleanup := currentTestConfig.Provider(t) 1199 defer cleanup() 1200 1201 raw, err := GetRandomBytes(32) 1202 if err != nil { 1203 t.Fatalf("Failed generating AES key [%s]", err) 1204 } 1205 1206 k, err := provider.KeyImport(raw, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1207 if err != nil { 1208 t.Fatalf("Failed importing AES_256 key [%s]", err) 1209 } 1210 if k == nil { 1211 t.Fatal("Failed importing AES_256 key. Imported Key must be different from nil") 1212 } 1213 if !k.Private() { 1214 t.Fatal("Failed HMACing AES_256 key. Imported Key should be private") 1215 } 1216 if !k.Symmetric() { 1217 t.Fatal("Failed HMACing AES_256 key. Imported Key should be asymmetric") 1218 } 1219 raw, err = k.Bytes() 1220 if err == nil { 1221 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 1222 } 1223 if len(raw) != 0 { 1224 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 1225 } 1226 1227 msg := []byte("Hello World") 1228 1229 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1230 if err != nil { 1231 t.Fatalf("Failed encrypting [%s]", err) 1232 } 1233 1234 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1235 if err != nil { 1236 t.Fatalf("Failed decrypting [%s]", err) 1237 } 1238 if len(ct) == 0 { 1239 t.Fatal("Failed decrypting. Nil plaintext") 1240 } 1241 1242 if !bytes.Equal(msg, pt) { 1243 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1244 } 1245 } 1246 1247 func TestAES256KeyImportBadPaths(t *testing.T) { 1248 t.Parallel() 1249 provider, _, cleanup := currentTestConfig.Provider(t) 1250 defer cleanup() 1251 1252 _, err := provider.KeyImport(nil, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1253 if err == nil { 1254 t.Fatal("Failed importing key. Must fail on importing nil key") 1255 } 1256 1257 _, err = provider.KeyImport([]byte{1}, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1258 if err == nil { 1259 t.Fatal("Failed importing key. Must fail on importing a key with an invalid length") 1260 } 1261 } 1262 1263 func TestAES256KeyGenSKI(t *testing.T) { 1264 t.Parallel() 1265 provider, _, cleanup := currentTestConfig.Provider(t) 1266 defer cleanup() 1267 1268 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1269 if err != nil { 1270 t.Fatalf("Failed generating AES_256 key [%s]", err) 1271 } 1272 1273 k2, err := provider.GetKey(k.SKI()) 1274 if err != nil { 1275 t.Fatalf("Failed getting AES_256 key [%s]", err) 1276 } 1277 if k2 == nil { 1278 t.Fatal("Failed getting AES_256 key. Key must be different from nil") 1279 } 1280 if !k2.Private() { 1281 t.Fatal("Failed getting AES_256 key. Key should be private") 1282 } 1283 if !k2.Symmetric() { 1284 t.Fatal("Failed getting AES_256 key. Key should be symmetric") 1285 } 1286 1287 // Check that the SKIs are the same 1288 if !bytes.Equal(k.SKI(), k2.SKI()) { 1289 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 1290 } 1291 } 1292 1293 func TestSHA(t *testing.T) { 1294 t.Parallel() 1295 provider, _, cleanup := currentTestConfig.Provider(t) 1296 defer cleanup() 1297 1298 for i := 0; i < 100; i++ { 1299 b, err := GetRandomBytes(i) 1300 if err != nil { 1301 t.Fatalf("Failed getting random bytes [%s]", err) 1302 } 1303 1304 h1, err := provider.Hash(b, &bccsp.SHAOpts{}) 1305 if err != nil { 1306 t.Fatalf("Failed computing SHA [%s]", err) 1307 } 1308 1309 var h hash.Hash 1310 switch currentTestConfig.hashFamily { 1311 case "SHA2": 1312 switch currentTestConfig.securityLevel { 1313 case 256: 1314 h = sha256.New() 1315 case 384: 1316 h = sha512.New384() 1317 default: 1318 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1319 } 1320 case "SHA3": 1321 switch currentTestConfig.securityLevel { 1322 case 256: 1323 h = sha3.New256() 1324 case 384: 1325 h = sha3.New384() 1326 default: 1327 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1328 } 1329 default: 1330 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1331 } 1332 1333 h.Write(b) 1334 h2 := h.Sum(nil) 1335 if !bytes.Equal(h1, h2) { 1336 t.Fatalf("Discrempancy found in HASH result [%x], [%x]!=[%x]", b, h1, h2) 1337 } 1338 } 1339 } 1340 1341 func TestAddWrapper(t *testing.T) { 1342 t.Parallel() 1343 p, _, cleanup := currentTestConfig.Provider(t) 1344 defer cleanup() 1345 1346 sw, ok := p.(*CSP) 1347 assert.True(t, ok) 1348 1349 tester := func(o interface{}, getter func(t reflect.Type) (interface{}, bool)) { 1350 tt := reflect.TypeOf(o) 1351 err := sw.AddWrapper(tt, o) 1352 assert.NoError(t, err) 1353 o2, ok := getter(tt) 1354 assert.True(t, ok) 1355 assert.Equal(t, o, o2) 1356 } 1357 1358 tester(&mocks.KeyGenerator{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyGenerators[t]; return o, ok }) 1359 tester(&mocks.KeyDeriver{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyDerivers[t]; return o, ok }) 1360 tester(&mocks.KeyImporter{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyImporters[t]; return o, ok }) 1361 tester(&mocks.Encryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Encryptors[t]; return o, ok }) 1362 tester(&mocks.Decryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Decryptors[t]; return o, ok }) 1363 tester(&mocks.Signer{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Signers[t]; return o, ok }) 1364 tester(&mocks.Verifier{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Verifiers[t]; return o, ok }) 1365 tester(&mocks.Hasher{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Hashers[t]; return o, ok }) 1366 1367 // Add invalid wrapper 1368 err := sw.AddWrapper(reflect.TypeOf(cleanup), cleanup) 1369 assert.Error(t, err) 1370 assert.Equal(t, err.Error(), "wrapper type not valid, must be on of: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher") 1371 }