github.com/true-sqn/fabric@v2.1.1+incompatible/bccsp/utils/keys_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package utils 8 9 import ( 10 "crypto/ecdsa" 11 "crypto/elliptic" 12 "crypto/rand" 13 "crypto/x509" 14 "encoding/asn1" 15 "encoding/pem" 16 "testing" 17 18 "github.com/stretchr/testify/assert" 19 ) 20 21 func TestOidFromNamedCurve(t *testing.T) { 22 var ( 23 oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33} 24 oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} 25 oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} 26 oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} 27 ) 28 29 type result struct { 30 oid asn1.ObjectIdentifier 31 ok bool 32 } 33 34 var tests = []struct { 35 name string 36 curve elliptic.Curve 37 expected result 38 }{ 39 { 40 name: "P224", 41 curve: elliptic.P224(), 42 expected: result{ 43 oid: oidNamedCurveP224, 44 ok: true, 45 }, 46 }, 47 { 48 name: "P256", 49 curve: elliptic.P256(), 50 expected: result{ 51 oid: oidNamedCurveP256, 52 ok: true, 53 }, 54 }, 55 { 56 name: "P384", 57 curve: elliptic.P384(), 58 expected: result{ 59 oid: oidNamedCurveP384, 60 ok: true, 61 }, 62 }, 63 { 64 name: "P521", 65 curve: elliptic.P521(), 66 expected: result{ 67 oid: oidNamedCurveP521, 68 ok: true, 69 }, 70 }, 71 { 72 name: "T-1000", 73 curve: &elliptic.CurveParams{Name: "T-1000"}, 74 expected: result{ 75 oid: nil, 76 ok: false, 77 }, 78 }, 79 } 80 81 for _, test := range tests { 82 t.Run(test.name, func(t *testing.T) { 83 oid, ok := oidFromNamedCurve(test.curve) 84 assert.Equal(t, oid, test.expected.oid) 85 assert.Equal(t, ok, test.expected.ok) 86 }) 87 } 88 89 } 90 91 func TestECDSAKeys(t *testing.T) { 92 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 93 if err != nil { 94 t.Fatalf("Failed generating ECDSA key [%s]", err) 95 } 96 97 // Private Key DER format 98 der, err := PrivateKeyToDER(key) 99 if err != nil { 100 t.Fatalf("Failed converting private key to DER [%s]", err) 101 } 102 keyFromDER, err := DERToPrivateKey(der) 103 if err != nil { 104 t.Fatalf("Failed converting DER to private key [%s]", err) 105 } 106 ecdsaKeyFromDer := keyFromDER.(*ecdsa.PrivateKey) 107 // TODO: check the curve 108 if key.D.Cmp(ecdsaKeyFromDer.D) != 0 { 109 t.Fatal("Failed converting DER to private key. Invalid D.") 110 } 111 if key.X.Cmp(ecdsaKeyFromDer.X) != 0 { 112 t.Fatal("Failed converting DER to private key. Invalid X coordinate.") 113 } 114 if key.Y.Cmp(ecdsaKeyFromDer.Y) != 0 { 115 t.Fatal("Failed converting DER to private key. Invalid Y coordinate.") 116 } 117 118 // Private Key PEM format 119 rawPEM, err := PrivateKeyToPEM(key, nil) 120 if err != nil { 121 t.Fatalf("Failed converting private key to PEM [%s]", err) 122 } 123 pemBlock, _ := pem.Decode(rawPEM) 124 if pemBlock.Type != "PRIVATE KEY" { 125 t.Fatalf("Expected type 'PRIVATE KEY' but found '%s'", pemBlock.Type) 126 } 127 _, err = x509.ParsePKCS8PrivateKey(pemBlock.Bytes) 128 if err != nil { 129 t.Fatalf("Failed to parse PKCS#8 private key [%s]", err) 130 } 131 keyFromPEM, err := PEMtoPrivateKey(rawPEM, nil) 132 if err != nil { 133 t.Fatalf("Failed converting DER to private key [%s]", err) 134 } 135 ecdsaKeyFromPEM := keyFromPEM.(*ecdsa.PrivateKey) 136 // TODO: check the curve 137 if key.D.Cmp(ecdsaKeyFromPEM.D) != 0 { 138 t.Fatal("Failed converting PEM to private key. Invalid D.") 139 } 140 if key.X.Cmp(ecdsaKeyFromPEM.X) != 0 { 141 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 142 } 143 if key.Y.Cmp(ecdsaKeyFromPEM.Y) != 0 { 144 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 145 } 146 147 // Nil Private Key <-> PEM 148 _, err = PrivateKeyToPEM(nil, nil) 149 if err == nil { 150 t.Fatal("PublicKeyToPEM should fail on nil") 151 } 152 153 _, err = PrivateKeyToPEM((*ecdsa.PrivateKey)(nil), nil) 154 if err == nil { 155 t.Fatal("PrivateKeyToPEM should fail on nil") 156 } 157 158 _, err = PEMtoPrivateKey(nil, nil) 159 if err == nil { 160 t.Fatal("PEMtoPublicKey should fail on nil") 161 } 162 163 _, err = PEMtoPrivateKey([]byte{0, 1, 3, 4}, nil) 164 if err == nil { 165 t.Fatal("PEMtoPublicKey should fail invalid PEM") 166 } 167 168 _, err = DERToPrivateKey(nil) 169 if err == nil { 170 t.Fatal("DERToPrivateKey should fail on nil") 171 } 172 173 _, err = DERToPrivateKey([]byte{0, 1, 3, 4}) 174 if err == nil { 175 t.Fatal("DERToPrivateKey should fail on invalid DER") 176 } 177 178 _, err = PrivateKeyToDER(nil) 179 if err == nil { 180 t.Fatal("DERToPrivateKey should fail on nil") 181 } 182 183 // Private Key Encrypted PEM format 184 encPEM, err := PrivateKeyToPEM(key, []byte("passwd")) 185 if err != nil { 186 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 187 } 188 _, err = PEMtoPrivateKey(encPEM, nil) 189 assert.Error(t, err) 190 encKeyFromPEM, err := PEMtoPrivateKey(encPEM, []byte("passwd")) 191 if err != nil { 192 t.Fatalf("Failed converting DER to private key [%s]", err) 193 } 194 ecdsaKeyFromEncPEM := encKeyFromPEM.(*ecdsa.PrivateKey) 195 // TODO: check the curve 196 if key.D.Cmp(ecdsaKeyFromEncPEM.D) != 0 { 197 t.Fatal("Failed converting encrypted PEM to private key. Invalid D.") 198 } 199 if key.X.Cmp(ecdsaKeyFromEncPEM.X) != 0 { 200 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 201 } 202 if key.Y.Cmp(ecdsaKeyFromEncPEM.Y) != 0 { 203 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 204 } 205 206 // Public Key PEM format 207 rawPEM, err = PublicKeyToPEM(&key.PublicKey, nil) 208 if err != nil { 209 t.Fatalf("Failed converting public key to PEM [%s]", err) 210 } 211 pemBlock, _ = pem.Decode(rawPEM) 212 if pemBlock.Type != "PUBLIC KEY" { 213 t.Fatalf("Expected type 'PUBLIC KEY' but found '%s'", pemBlock.Type) 214 } 215 keyFromPEM, err = PEMtoPublicKey(rawPEM, nil) 216 if err != nil { 217 t.Fatalf("Failed converting DER to public key [%s]", err) 218 } 219 ecdsaPkFromPEM := keyFromPEM.(*ecdsa.PublicKey) 220 // TODO: check the curve 221 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 222 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 223 } 224 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 225 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 226 } 227 228 // Nil Public Key <-> PEM 229 _, err = PublicKeyToPEM(nil, nil) 230 if err == nil { 231 t.Fatal("PublicKeyToPEM should fail on nil") 232 } 233 234 _, err = PEMtoPublicKey(nil, nil) 235 if err == nil { 236 t.Fatal("PEMtoPublicKey should fail on nil") 237 } 238 239 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, nil) 240 if err == nil { 241 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 242 } 243 244 // Public Key Encrypted PEM format 245 encPEM, err = PublicKeyToPEM(&key.PublicKey, []byte("passwd")) 246 if err != nil { 247 t.Fatalf("Failed converting private key to encrypted PEM [%s]", err) 248 } 249 _, err = PEMtoPublicKey(encPEM, nil) 250 assert.Error(t, err) 251 pkFromEncPEM, err := PEMtoPublicKey(encPEM, []byte("passwd")) 252 if err != nil { 253 t.Fatalf("Failed converting DER to private key [%s]", err) 254 } 255 ecdsaPkFromEncPEM := pkFromEncPEM.(*ecdsa.PublicKey) 256 // TODO: check the curve 257 if key.X.Cmp(ecdsaPkFromEncPEM.X) != 0 { 258 t.Fatal("Failed converting encrypted PEM to private key. Invalid X coordinate.") 259 } 260 if key.Y.Cmp(ecdsaPkFromEncPEM.Y) != 0 { 261 t.Fatal("Failed converting encrypted PEM to private key. Invalid Y coordinate.") 262 } 263 264 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 265 if err == nil { 266 t.Fatal("PEMtoPublicKey should fail on wrong password") 267 } 268 269 _, err = PEMtoPublicKey(encPEM, []byte("passw")) 270 if err == nil { 271 t.Fatal("PEMtoPublicKey should fail on nil password") 272 } 273 274 _, err = PEMtoPublicKey(nil, []byte("passwd")) 275 if err == nil { 276 t.Fatal("PEMtoPublicKey should fail on nil PEM") 277 } 278 279 _, err = PEMtoPublicKey([]byte{0, 1, 3, 4}, []byte("passwd")) 280 if err == nil { 281 t.Fatal("PEMtoPublicKey should fail on invalid PEM") 282 } 283 284 _, err = PEMtoPublicKey(nil, []byte("passw")) 285 if err == nil { 286 t.Fatal("PEMtoPublicKey should fail on nil PEM and wrong password") 287 } 288 289 // Public Key DER format 290 der, err = PublicKeyToDER(&key.PublicKey) 291 assert.NoError(t, err) 292 keyFromDER, err = DERToPublicKey(der) 293 assert.NoError(t, err) 294 ecdsaPkFromPEM = keyFromDER.(*ecdsa.PublicKey) 295 // TODO: check the curve 296 if key.X.Cmp(ecdsaPkFromPEM.X) != 0 { 297 t.Fatal("Failed converting PEM to private key. Invalid X coordinate.") 298 } 299 if key.Y.Cmp(ecdsaPkFromPEM.Y) != 0 { 300 t.Fatal("Failed converting PEM to private key. Invalid Y coordinate.") 301 } 302 } 303 304 func TestAESKey(t *testing.T) { 305 k := []byte{0, 1, 2, 3, 4, 5} 306 pem := AEStoPEM(k) 307 308 k2, err := PEMtoAES(pem, nil) 309 assert.NoError(t, err) 310 assert.Equal(t, k, k2) 311 312 pem, err = AEStoEncryptedPEM(k, k) 313 assert.NoError(t, err) 314 315 k2, err = PEMtoAES(pem, k) 316 assert.NoError(t, err) 317 assert.Equal(t, k, k2) 318 319 _, err = PEMtoAES(pem, nil) 320 assert.Error(t, err) 321 322 _, err = AEStoEncryptedPEM(k, nil) 323 assert.NoError(t, err) 324 325 k2, err = PEMtoAES(pem, k) 326 assert.NoError(t, err) 327 assert.Equal(t, k, k2) 328 } 329 330 func TestDERToPublicKey(t *testing.T) { 331 _, err := DERToPublicKey(nil) 332 assert.Error(t, err) 333 } 334 335 func TestNil(t *testing.T) { 336 _, err := PrivateKeyToEncryptedPEM(nil, nil) 337 assert.Error(t, err) 338 339 _, err = PrivateKeyToEncryptedPEM((*ecdsa.PrivateKey)(nil), nil) 340 assert.Error(t, err) 341 342 _, err = PrivateKeyToEncryptedPEM("Hello World", nil) 343 assert.Error(t, err) 344 345 _, err = PEMtoAES(nil, nil) 346 assert.Error(t, err) 347 348 _, err = AEStoEncryptedPEM(nil, nil) 349 assert.Error(t, err) 350 351 _, err = PublicKeyToPEM(nil, nil) 352 assert.Error(t, err) 353 _, err = PublicKeyToPEM((*ecdsa.PublicKey)(nil), nil) 354 assert.Error(t, err) 355 _, err = PublicKeyToPEM(nil, []byte("hello world")) 356 assert.Error(t, err) 357 358 _, err = PublicKeyToPEM("hello world", nil) 359 assert.Error(t, err) 360 _, err = PublicKeyToPEM("hello world", []byte("hello world")) 361 assert.Error(t, err) 362 363 _, err = PublicKeyToDER(nil) 364 assert.Error(t, err) 365 _, err = PublicKeyToDER((*ecdsa.PublicKey)(nil)) 366 assert.Error(t, err) 367 _, err = PublicKeyToDER("hello world") 368 assert.Error(t, err) 369 370 _, err = PublicKeyToEncryptedPEM(nil, nil) 371 assert.Error(t, err) 372 _, err = PublicKeyToEncryptedPEM((*ecdsa.PublicKey)(nil), nil) 373 assert.Error(t, err) 374 _, err = PublicKeyToEncryptedPEM("hello world", nil) 375 assert.Error(t, err) 376 _, err = PublicKeyToEncryptedPEM("hello world", []byte("Hello world")) 377 assert.Error(t, err) 378 }