github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/withkms_test.go

github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/withkms_test.go (about)

     1  /*
     2  Copyright SecureKey Technologies Inc. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package tinkcrypto_test
     8  
     9  import (
    10  	"testing"
    11  
    12  	"github.com/stretchr/testify/require"
    13  
    14  	mockstorage "github.com/trustbloc/kms-go/internal/mock/storage"
    15  
    16  	kmsapi "github.com/trustbloc/kms-go/spi/kms"
    17  
    18  	"github.com/trustbloc/kms-go/spi/secretlock"
    19  
    20  	"github.com/trustbloc/kms-go/crypto/tinkcrypto"
    21  	"github.com/trustbloc/kms-go/doc/util/jwkkid"
    22  	"github.com/trustbloc/kms-go/kms"
    23  	"github.com/trustbloc/kms-go/kms/localkms"
    24  	"github.com/trustbloc/kms-go/secretlock/noop"
    25  )
    26  
    27  type kmsProvider struct {
    28  	store             kmsapi.Store
    29  	secretLockService secretlock.Service
    30  }
    31  
    32  func (k *kmsProvider) StorageProvider() kmsapi.Store {
    33  	return k.store
    34  }
    35  
    36  func (k *kmsProvider) SecretLock() secretlock.Service {
    37  	return k.secretLockService
    38  }
    39  
    40  func TestSignVerifyKeyTypes(t *testing.T) {
    41  	testCases := []struct {
    42  		name    string
    43  		keyType kmsapi.KeyType
    44  	}{
    45  		{
    46  			"P-256",
    47  			kmsapi.ECDSAP256TypeIEEEP1363,
    48  		},
    49  		{
    50  			"P-384",
    51  			kmsapi.ECDSAP384TypeIEEEP1363,
    52  		},
    53  		{
    54  			"P-521",
    55  			kmsapi.ECDSAP521TypeIEEEP1363,
    56  		},
    57  	}
    58  
    59  	data := []byte("abcdefg 1234567 1234567 1234567 1234567 1234567 AaAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaAa")
    60  
    61  	for _, tc := range testCases {
    62  		t.Run(tc.name, func(t *testing.T) {
    63  			kmsStore, err := kms.NewAriesProviderWrapper(mockstorage.NewMockStoreProvider())
    64  			require.NoError(t, err)
    65  
    66  			kmsStorage, err := localkms.New("local-lock://test/master/key/", &kmsProvider{
    67  				store:             kmsStore,
    68  				secretLockService: &noop.NoLock{},
    69  			})
    70  			require.NoError(t, err)
    71  
    72  			cr, err := tinkcrypto.New()
    73  			require.NoError(t, err)
    74  
    75  			kid, pkb, err := kmsStorage.CreateAndExportPubKeyBytes(tc.keyType)
    76  			require.NoError(t, err)
    77  
    78  			kh, err := kmsStorage.Get(kid)
    79  			require.NoError(t, err)
    80  
    81  			pkJWK, err := jwkkid.BuildJWK(pkb, tc.keyType)
    82  			require.NoError(t, err)
    83  
    84  			jkBytes, err := pkJWK.PublicKeyBytes()
    85  			require.NoError(t, err)
    86  			require.Equal(t, pkb, jkBytes)
    87  
    88  			kh2, err := kmsStorage.PubKeyBytesToHandle(jkBytes, tc.keyType)
    89  			require.NoError(t, err)
    90  
    91  			sig, err := cr.Sign(data, kh)
    92  			require.NoError(t, err)
    93  
    94  			err = cr.Verify(sig, data, kh2)
    95  			require.NoError(t, err)
    96  		})
    97  	}
    98  }