github.com/trustbloc/kms-go@v1.1.2/doc/util/kmsdidkey/kmsdidkey_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 Copyright Avast Software. All Rights Reserved. 4 5 SPDX-License-Identifier: Apache-2.0 6 */ 7 8 package kmsdidkey 9 10 import ( 11 "encoding/json" 12 "testing" 13 14 "github.com/stretchr/testify/require" 15 16 mockstorage "github.com/trustbloc/kms-go/internal/mock/storage" 17 18 "github.com/trustbloc/kms-go/kms" 19 "github.com/trustbloc/kms-go/kms/localkms" 20 "github.com/trustbloc/kms-go/secretlock/noop" 21 22 "github.com/trustbloc/kms-go/spi/crypto" 23 kmsapi "github.com/trustbloc/kms-go/spi/kms" 24 "github.com/trustbloc/kms-go/spi/secretlock" 25 "github.com/trustbloc/kms-go/spi/storage" 26 ) 27 28 func TestBuildDIDKeyByKMSKeyType(t *testing.T) { 29 sp := mockstorage.NewMockStoreProvider() 30 k := newKMS(t, sp) 31 32 _, ed25519Key, err := k.CreateAndExportPubKeyBytes(kmsapi.ED25519Type) 33 require.NoError(t, err) 34 35 _, bbsKey, err := k.CreateAndExportPubKeyBytes(kmsapi.BLS12381G2Type) 36 require.NoError(t, err) 37 38 _, p256IEEEKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP256TypeIEEEP1363) 39 require.NoError(t, err) 40 41 _, p256DERKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP256TypeDER) 42 require.NoError(t, err) 43 44 _, p384IEEEKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP384TypeIEEEP1363) 45 require.NoError(t, err) 46 47 _, p384DERKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP384TypeDER) 48 require.NoError(t, err) 49 50 _, p521IEEEKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP521TypeIEEEP1363) 51 require.NoError(t, err) 52 53 _, p521DERKey, err := k.CreateAndExportPubKeyBytes(kmsapi.ECDSAP521TypeDER) 54 require.NoError(t, err) 55 56 _, x25519Key, err := k.CreateAndExportPubKeyBytes(kmsapi.X25519ECDHKWType) 57 require.NoError(t, err) 58 59 _, p256KWKey, err := k.CreateAndExportPubKeyBytes(kmsapi.NISTP256ECDHKW) 60 require.NoError(t, err) 61 62 _, p384KWKey, err := k.CreateAndExportPubKeyBytes(kmsapi.NISTP384ECDHKWType) 63 require.NoError(t, err) 64 65 badP384KWKey := &crypto.PublicKey{} 66 err = json.Unmarshal(p384KWKey, badP384KWKey) 67 require.NoError(t, err) 68 69 badP384KWKey.Curve = "bad_curve" 70 71 badP384KWKeyBytes, err := json.Marshal(badP384KWKey) 72 require.NoError(t, err) 73 74 _, p521KWKey, err := k.CreateAndExportPubKeyBytes(kmsapi.NISTP521ECDHKWType) 75 require.NoError(t, err) 76 77 tests := []struct { 78 name string 79 keyBytes []byte 80 keyType kmsapi.KeyType 81 }{ 82 { 83 name: "test ED25519 key", 84 keyBytes: ed25519Key, 85 keyType: kmsapi.ED25519Type, 86 }, 87 { 88 name: "test BLS12381G2 key", 89 keyBytes: bbsKey, 90 keyType: kmsapi.BLS12381G2Type, 91 }, 92 { 93 name: "test ECDSAP256TypeIEEEP1363 key", 94 keyBytes: p256IEEEKey, 95 keyType: kmsapi.ECDSAP256TypeIEEEP1363, 96 }, 97 { 98 name: "test ECDSAP256TypeDER key", 99 keyBytes: p256DERKey, 100 keyType: kmsapi.ECDSAP256TypeDER, 101 }, 102 { 103 name: "test ECDSAP384TypeIEEEP1363 key", 104 keyBytes: p384IEEEKey, 105 keyType: kmsapi.ECDSAP384TypeIEEEP1363, 106 }, 107 { 108 name: "test ECDSAP384TypeDER key", 109 keyBytes: p384DERKey, 110 keyType: kmsapi.ECDSAP384TypeDER, 111 }, 112 { 113 name: "test ECDSAP521TypeIEEEP1363 key", 114 keyBytes: p521IEEEKey, 115 keyType: kmsapi.ECDSAP521TypeIEEEP1363, 116 }, 117 { 118 name: "test ECDSAP521TypeDER key", 119 keyBytes: p521DERKey, 120 keyType: kmsapi.ECDSAP521TypeDER, 121 }, 122 { 123 name: "test X25519ECDHKWType key", 124 keyBytes: x25519Key, 125 keyType: kmsapi.X25519ECDHKWType, 126 }, 127 { 128 name: "test NISTP256ECDHKW key", 129 keyBytes: p256KWKey, 130 keyType: kmsapi.NISTP256ECDHKW, 131 }, 132 { 133 name: "test NISTP384ECDHKW key", 134 keyBytes: p384KWKey, 135 keyType: kmsapi.NISTP384ECDHKW, 136 }, 137 { 138 name: "test NISTP521ECDHKW key", 139 keyBytes: p521KWKey, 140 keyType: kmsapi.NISTP521ECDHKW, 141 }, 142 { 143 name: "test invalid key", 144 keyBytes: []byte{}, 145 keyType: "undefined", 146 }, 147 { 148 name: "test invalid X25519 key", 149 keyBytes: []byte("wrongKey."), 150 keyType: kmsapi.X25519ECDHKWType, 151 }, 152 { 153 name: "test invalid NISTP256ECDHKW key", 154 keyBytes: []byte("wrongKey."), 155 keyType: kmsapi.NISTP256ECDHKW, 156 }, 157 { 158 name: "test invalid NISTP384ECDHKW marshalled Key", 159 keyBytes: badP384KWKeyBytes, 160 keyType: kmsapi.NISTP384ECDHKWType, 161 }, 162 } 163 164 for _, tt := range tests { 165 tc := tt 166 t.Run(tc.name, func(t *testing.T) { 167 didKey, err := BuildDIDKeyByKeyType(tc.keyBytes, tc.keyType) 168 if tc.name == "test invalid key" { 169 require.EqualError(t, err, "keyType 'undefined' does not have a multi-base codec") 170 171 return 172 } 173 174 if tc.name == "test invalid X25519 key" { 175 require.EqualError(t, err, "buildDIDkeyByKMSKeyType failed to unmarshal key type X25519ECDHKW:"+ 176 " invalid character 'w' looking for beginning of value") 177 178 return 179 } 180 181 if tc.name == "test invalid NISTP256ECDHKW key" { 182 require.EqualError(t, err, "buildDIDkeyByKMSKeyType failed to unmarshal key type NISTP256ECDHKW:"+ 183 " invalid character 'w' looking for beginning of value") 184 185 return 186 } 187 188 if tc.name == "test invalid NISTP384ECDHKW marshalled Key" { 189 require.EqualError(t, err, "buildDIDkeyByKMSKeyType failed to unmarshal key type NISTP384ECDHKW:"+ 190 " invalid curve 'bad_curve'") 191 192 return 193 } 194 195 require.NoError(t, err) 196 require.Contains(t, didKey, "did:key:z") 197 }) 198 } 199 } 200 201 type kmsProvider struct { 202 store kmsapi.Store 203 secretLockService secretlock.Service 204 } 205 206 func (k *kmsProvider) StorageProvider() kmsapi.Store { 207 return k.store 208 } 209 210 func (k *kmsProvider) SecretLock() secretlock.Service { 211 return k.secretLockService 212 } 213 214 func newKMS(t *testing.T, store storage.Provider) kmsapi.KeyManager { 215 t.Helper() 216 217 kmsStore, err := kms.NewAriesProviderWrapper(store) 218 require.NoError(t, err) 219 220 kmsProv := &kmsProvider{ 221 store: kmsStore, 222 secretLockService: &noop.NoLock{}, 223 } 224 225 customKMS, err := localkms.New("local-lock://primary/test/", kmsProv) 226 require.NoError(t, err) 227 228 return customKMS 229 } 230 231 func TestEncryptionPubKeyFromDIDKey(t *testing.T) { 232 didKeyED25519 := "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH" 233 didKeyX25519 := "did:key:z6LSeu9HkTHSfLLeUs2nnzUSNedgDUevfNQgQjQC23ZCit6F" 234 didKeyP256 := "did:key:zDnaerDaTF5BXEavCrfRZEk316dpbLsfPDZ3WJ5hRTPFU2169" 235 didKeyP384 := "did:key:z82Lm1MpAkeJcix9K8TMiLd5NMAhnwkjjCBeWHXyu3U4oT2MVJJKXkcVBgjGhnLBn2Kaau9" 236 didKeyP521 := "did:key:z2J9gaYxrKVpdoG9A4gRnmpnRCcxU6agDtFVVBVdn1JedouoZN7SzcyREXXzWgt3gGiwpoHq7K68X4m32D8HgzG8wv3sY5j7" //nolint:lll 237 didKeyP256Uncompressed := "did:key:zrurwcJZss4ruepVNu1H3xmSirvNbzgBk9qrCktB6kaewXnJAhYWwtP3bxACqBpzjZdN7TyHNzzGGSSH5qvZsSDir9z" //nolint:lll 238 didKeyP384Uncompressed := "did:key:zFwfeyrSyWdksRYykTGGtagWazFB5zS4CjQcxDMQSNmCTQB5QMqokx2VJz4vBB2hN1nUrYDTuYq3kd1BM5cUCfFD4awiNuzEBuoy6rZZTMCsZsdvWkDXY6832qcAnzE7YGw43KU" //nolint:lll 239 didKeyP521Uncmopressed := "did:key:zWGhj2NTyCiehTPioanYSuSrfB7RJKwZj6bBUDNojfGEA21nr5NcBsHme7hcVSbptpWKarJpTcw814J3X8gVU9gZmeKM27JpGA5wNMzt8JZwjDyf8EzCJg5ve5GR2Xfm7d9Djp73V7s35KPeKe7VHMzmL8aPw4XBniNej5sXapPFoBs5R8m195HK" //nolint:lll 240 241 tests := []struct { 242 name string 243 didKey string 244 }{ 245 { 246 name: "test ED25519 key", 247 didKey: didKeyED25519, 248 }, 249 { 250 name: "test P-256 key", 251 didKey: didKeyP256, 252 }, 253 { 254 name: "test P-384 key", 255 didKey: didKeyP384, 256 }, 257 { 258 name: "test P-521 key", 259 didKey: didKeyP521, 260 }, 261 { 262 name: "test P-256 uncompressed key", 263 didKey: didKeyP256Uncompressed, 264 }, 265 { 266 name: "test P-384 uncompressed key", 267 didKey: didKeyP384Uncompressed, 268 }, 269 { 270 name: "test P-521 uncompressed key", 271 didKey: didKeyP521Uncmopressed, 272 }, 273 { 274 name: "test X25519 key", 275 didKey: didKeyX25519, 276 }, 277 { 278 name: "invalid did:key code", 279 didKey: "did:key:zabcd", 280 }, 281 { 282 name: "invalid did:key method", 283 didKey: "did:key:invalid", 284 }, 285 } 286 287 for _, tt := range tests { 288 tc := tt 289 t.Run(tc.name, func(t *testing.T) { 290 pubKey, err := EncryptionPubKeyFromDIDKey(tc.didKey) 291 switch tc.name { 292 case "invalid did:key code": 293 require.EqualError(t, err, "encryptionPubKeyFromDIDKey: unsupported key multicodec code [0x64]") 294 require.Empty(t, pubKey) 295 296 return 297 case "invalid did:key method": 298 require.EqualError(t, err, "encryptionPubKeyFromDIDKey: extractRawKey: MethodIDFromDIDKey "+ 299 "failure: not a valid did:key identifier (not a base58btc multicodec): did:key:invalid") 300 require.Empty(t, pubKey) 301 302 return 303 } 304 305 require.NoError(t, err) 306 require.NotEmpty(t, pubKey) 307 }) 308 } 309 } 310 311 func TestGetBase58PubKeyFromDIDKey(t *testing.T) { 312 didKeyED25519 := "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH" 313 pubKey := "B12NYF8RrR3h41TDCTJojY59usg3mbtbjnFs7Eud1Y6u" 314 315 tests := []struct { 316 name string 317 didKey string 318 }{ 319 { 320 name: "test ED25519 key", 321 didKey: didKeyED25519, 322 }, 323 { 324 name: "invalid did:key code", 325 didKey: "did:key:zabcd", 326 }, 327 { 328 name: "invalid did:key method", 329 didKey: "did:key:invalid", 330 }, 331 } 332 333 for _, tt := range tests { 334 tc := tt 335 t.Run(tc.name, func(t *testing.T) { 336 resultKey, err := GetBase58PubKeyFromDIDKey(tc.didKey) 337 switch tc.name { 338 case "invalid did:key code": 339 require.ErrorContains(t, err, "GetBase58PubKeyFromDIDKey: failed to parse public key bytes") 340 require.Empty(t, resultKey) 341 342 return 343 case "invalid did:key method": 344 require.ErrorContains(t, err, 345 "GetBase58PubKeyFromDIDKey: failed to parse public key bytes from did:key:invalid:") 346 require.Empty(t, resultKey) 347 348 return 349 } 350 351 require.NoError(t, err) 352 require.Equal(t, pubKey, resultKey) 353 }) 354 } 355 }