github.com/yacovm/fabric@v2.0.0-alpha.0.20191128145320-c5d4087dc723+incompatible/bccsp/sw/impl_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package sw 8 9 import ( 10 "bytes" 11 "crypto" 12 "crypto/ecdsa" 13 "crypto/elliptic" 14 "crypto/rand" 15 "crypto/sha256" 16 "crypto/sha512" 17 "crypto/x509" 18 "crypto/x509/pkix" 19 "encoding/asn1" 20 "fmt" 21 "hash" 22 "io/ioutil" 23 "math/big" 24 "net" 25 "os" 26 "reflect" 27 "testing" 28 "time" 29 30 "github.com/hyperledger/fabric/bccsp" 31 "github.com/hyperledger/fabric/bccsp/signer" 32 "github.com/hyperledger/fabric/bccsp/sw/mocks" 33 "github.com/hyperledger/fabric/bccsp/utils" 34 "github.com/stretchr/testify/assert" 35 "golang.org/x/crypto/sha3" 36 ) 37 38 var ( 39 currentTestConfig testConfig 40 tempDir string 41 ) 42 43 type testConfig struct { 44 securityLevel int 45 hashFamily string 46 } 47 48 func (tc testConfig) Provider(t *testing.T) (bccsp.BCCSP, bccsp.KeyStore, func()) { 49 td, err := ioutil.TempDir(tempDir, "test") 50 assert.NoError(t, err) 51 ks, err := NewFileBasedKeyStore(nil, td, false) 52 assert.NoError(t, err) 53 p, err := NewWithParams(tc.securityLevel, tc.hashFamily, ks) 54 assert.NoError(t, err) 55 return p, ks, func() { os.RemoveAll(td) } 56 } 57 58 func TestMain(m *testing.M) { 59 tests := []testConfig{ 60 {256, "SHA2"}, 61 {256, "SHA3"}, 62 {384, "SHA2"}, 63 {384, "SHA3"}, 64 } 65 66 var err error 67 tempDir, err = ioutil.TempDir("", "bccsp-sw") 68 if err != nil { 69 fmt.Printf("Failed to create temporary directory: %s\n\n", err) 70 os.Exit(-1) 71 } 72 defer os.RemoveAll(tempDir) 73 74 for _, config := range tests { 75 currentTestConfig = config 76 ret := m.Run() 77 if ret != 0 { 78 fmt.Printf("Failed testing at [%d, %s]", config.securityLevel, config.hashFamily) 79 os.Exit(-1) 80 } 81 } 82 os.Exit(0) 83 } 84 85 func TestInvalidNewParameter(t *testing.T) { 86 t.Parallel() 87 _, ks, cleanup := currentTestConfig.Provider(t) 88 defer cleanup() 89 90 r, err := NewWithParams(0, "SHA2", ks) 91 if err == nil { 92 t.Fatal("Error should be different from nil in this case") 93 } 94 if r != nil { 95 t.Fatal("Return value should be equal to nil in this case") 96 } 97 98 r, err = NewWithParams(256, "SHA8", ks) 99 if err == nil { 100 t.Fatal("Error should be different from nil in this case") 101 } 102 if r != nil { 103 t.Fatal("Return value should be equal to nil in this case") 104 } 105 106 r, err = NewWithParams(256, "SHA2", nil) 107 if err == nil { 108 t.Fatal("Error should be different from nil in this case") 109 } 110 if r != nil { 111 t.Fatal("Return value should be equal to nil in this case") 112 } 113 114 r, err = NewWithParams(0, "SHA3", nil) 115 if err == nil { 116 t.Fatal("Error should be different from nil in this case") 117 } 118 if r != nil { 119 t.Fatal("Return value should be equal to nil in this case") 120 } 121 122 r, err = NewDefaultSecurityLevel("") 123 if err == nil { 124 t.Fatal("Error should be different from nil in this case") 125 } 126 if r != nil { 127 t.Fatal("Return value should be equal to nil in this case") 128 } 129 } 130 131 func TestInvalidSKI(t *testing.T) { 132 t.Parallel() 133 provider, _, cleanup := currentTestConfig.Provider(t) 134 defer cleanup() 135 136 k, err := provider.GetKey(nil) 137 if err == nil { 138 t.Fatal("Error should be different from nil in this case") 139 } 140 if k != nil { 141 t.Fatal("Return value should be equal to nil in this case") 142 } 143 144 k, err = provider.GetKey([]byte{0, 1, 2, 3, 4, 5, 6}) 145 if err == nil { 146 t.Fatal("Error should be different from nil in this case") 147 } 148 if k != nil { 149 t.Fatal("Return value should be equal to nil in this case") 150 } 151 } 152 153 func TestKeyGenECDSAOpts(t *testing.T) { 154 t.Parallel() 155 provider, _, cleanup := currentTestConfig.Provider(t) 156 defer cleanup() 157 158 // Curve P256 159 k, err := provider.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: false}) 160 if err != nil { 161 t.Fatalf("Failed generating ECDSA P256 key [%s]", err) 162 } 163 if k == nil { 164 t.Fatal("Failed generating ECDSA P256 key. Key must be different from nil") 165 } 166 if !k.Private() { 167 t.Fatal("Failed generating ECDSA P256 key. Key should be private") 168 } 169 if k.Symmetric() { 170 t.Fatal("Failed generating ECDSA P256 key. Key should be asymmetric") 171 } 172 173 ecdsaKey := k.(*ecdsaPrivateKey).privKey 174 if !elliptic.P256().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 175 t.Fatal("P256 generated key in invalid. The public key must be on the P256 curve.") 176 } 177 if elliptic.P256() != ecdsaKey.Curve { 178 t.Fatal("P256 generated key in invalid. The curve must be P256.") 179 } 180 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 181 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 182 } 183 184 // Curve P384 185 k, err = provider.KeyGen(&bccsp.ECDSAP384KeyGenOpts{Temporary: false}) 186 if err != nil { 187 t.Fatalf("Failed generating ECDSA P384 key [%s]", err) 188 } 189 if k == nil { 190 t.Fatal("Failed generating ECDSA P384 key. Key must be different from nil") 191 } 192 if !k.Private() { 193 t.Fatal("Failed generating ECDSA P384 key. Key should be private") 194 } 195 if k.Symmetric() { 196 t.Fatal("Failed generating ECDSA P384 key. Key should be asymmetric") 197 } 198 199 ecdsaKey = k.(*ecdsaPrivateKey).privKey 200 if !elliptic.P384().IsOnCurve(ecdsaKey.X, ecdsaKey.Y) { 201 t.Fatal("P256 generated key in invalid. The public key must be on the P384 curve.") 202 } 203 if elliptic.P384() != ecdsaKey.Curve { 204 t.Fatal("P256 generated key in invalid. The curve must be P384.") 205 } 206 if ecdsaKey.D.Cmp(big.NewInt(0)) == 0 { 207 t.Fatal("P256 generated key in invalid. Private key must be different from 0.") 208 } 209 210 } 211 212 func TestKeyGenAESOpts(t *testing.T) { 213 t.Parallel() 214 provider, _, cleanup := currentTestConfig.Provider(t) 215 defer cleanup() 216 217 // AES 128 218 k, err := provider.KeyGen(&bccsp.AES128KeyGenOpts{Temporary: false}) 219 if err != nil { 220 t.Fatalf("Failed generating AES 128 key [%s]", err) 221 } 222 if k == nil { 223 t.Fatal("Failed generating AES 128 key. Key must be different from nil") 224 } 225 if !k.Private() { 226 t.Fatal("Failed generating AES 128 key. Key should be private") 227 } 228 if !k.Symmetric() { 229 t.Fatal("Failed generating AES 128 key. Key should be symmetric") 230 } 231 232 aesKey := k.(*aesPrivateKey).privKey 233 if len(aesKey) != 16 { 234 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 235 } 236 237 // AES 192 238 k, err = provider.KeyGen(&bccsp.AES192KeyGenOpts{Temporary: false}) 239 if err != nil { 240 t.Fatalf("Failed generating AES 192 key [%s]", err) 241 } 242 if k == nil { 243 t.Fatal("Failed generating AES 192 key. Key must be different from nil") 244 } 245 if !k.Private() { 246 t.Fatal("Failed generating AES 192 key. Key should be private") 247 } 248 if !k.Symmetric() { 249 t.Fatal("Failed generating AES 192 key. Key should be symmetric") 250 } 251 252 aesKey = k.(*aesPrivateKey).privKey 253 if len(aesKey) != 24 { 254 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 255 } 256 257 // AES 256 258 k, err = provider.KeyGen(&bccsp.AES256KeyGenOpts{Temporary: false}) 259 if err != nil { 260 t.Fatalf("Failed generating AES 256 key [%s]", err) 261 } 262 if k == nil { 263 t.Fatal("Failed generating AES 256 key. Key must be different from nil") 264 } 265 if !k.Private() { 266 t.Fatal("Failed generating AES 256 key. Key should be private") 267 } 268 if !k.Symmetric() { 269 t.Fatal("Failed generating AES 256 key. Key should be symmetric") 270 } 271 272 aesKey = k.(*aesPrivateKey).privKey 273 if len(aesKey) != 32 { 274 t.Fatal("AES Key generated key in invalid. The key must have length 16.") 275 } 276 } 277 278 func TestECDSAKeyGenEphemeral(t *testing.T) { 279 t.Parallel() 280 provider, _, cleanup := currentTestConfig.Provider(t) 281 defer cleanup() 282 283 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: true}) 284 if err != nil { 285 t.Fatalf("Failed generating ECDSA key [%s]", err) 286 } 287 if k == nil { 288 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 289 } 290 if !k.Private() { 291 t.Fatal("Failed generating ECDSA key. Key should be private") 292 } 293 if k.Symmetric() { 294 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 295 } 296 raw, err := k.Bytes() 297 if err == nil { 298 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 299 } 300 if len(raw) != 0 { 301 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 302 } 303 pk, err := k.PublicKey() 304 if err != nil { 305 t.Fatalf("Failed getting corresponding public key [%s]", err) 306 } 307 if pk == nil { 308 t.Fatal("Public key must be different from nil.") 309 } 310 } 311 312 func TestECDSAPrivateKeySKI(t *testing.T) { 313 t.Parallel() 314 provider, _, cleanup := currentTestConfig.Provider(t) 315 defer cleanup() 316 317 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 318 if err != nil { 319 t.Fatalf("Failed generating ECDSA key [%s]", err) 320 } 321 322 ski := k.SKI() 323 if len(ski) == 0 { 324 t.Fatal("SKI not valid. Zero length.") 325 } 326 } 327 328 func TestECDSAKeyGenNonEphemeral(t *testing.T) { 329 t.Parallel() 330 provider, _, cleanup := currentTestConfig.Provider(t) 331 defer cleanup() 332 333 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 334 if err != nil { 335 t.Fatalf("Failed generating ECDSA key [%s]", err) 336 } 337 if k == nil { 338 t.Fatal("Failed generating ECDSA key. Key must be different from nil") 339 } 340 if !k.Private() { 341 t.Fatal("Failed generating ECDSA key. Key should be private") 342 } 343 if k.Symmetric() { 344 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 345 } 346 } 347 348 func TestECDSAGetKeyBySKI(t *testing.T) { 349 t.Parallel() 350 provider, _, cleanup := currentTestConfig.Provider(t) 351 defer cleanup() 352 353 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 354 if err != nil { 355 t.Fatalf("Failed generating ECDSA key [%s]", err) 356 } 357 358 k2, err := provider.GetKey(k.SKI()) 359 if err != nil { 360 t.Fatalf("Failed getting ECDSA key [%s]", err) 361 } 362 if k2 == nil { 363 t.Fatal("Failed getting ECDSA key. Key must be different from nil") 364 } 365 if !k2.Private() { 366 t.Fatal("Failed getting ECDSA key. Key should be private") 367 } 368 if k2.Symmetric() { 369 t.Fatal("Failed getting ECDSA key. Key should be asymmetric") 370 } 371 372 // Check that the SKIs are the same 373 if !bytes.Equal(k.SKI(), k2.SKI()) { 374 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 375 } 376 } 377 378 func TestECDSAPublicKeyFromPrivateKey(t *testing.T) { 379 t.Parallel() 380 provider, _, cleanup := currentTestConfig.Provider(t) 381 defer cleanup() 382 383 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 384 if err != nil { 385 t.Fatalf("Failed generating ECDSA key [%s]", err) 386 } 387 388 pk, err := k.PublicKey() 389 if err != nil { 390 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 391 } 392 if pk == nil { 393 t.Fatal("Failed getting public key from private ECDSA key. Key must be different from nil") 394 } 395 if pk.Private() { 396 t.Fatal("Failed generating ECDSA key. Key should be public") 397 } 398 if pk.Symmetric() { 399 t.Fatal("Failed generating ECDSA key. Key should be asymmetric") 400 } 401 } 402 403 func TestECDSAPublicKeyBytes(t *testing.T) { 404 t.Parallel() 405 provider, _, cleanup := currentTestConfig.Provider(t) 406 defer cleanup() 407 408 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 409 if err != nil { 410 t.Fatalf("Failed generating ECDSA key [%s]", err) 411 } 412 413 pk, err := k.PublicKey() 414 if err != nil { 415 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 416 } 417 418 raw, err := pk.Bytes() 419 if err != nil { 420 t.Fatalf("Failed marshalling ECDSA public key [%s]", err) 421 } 422 if len(raw) == 0 { 423 t.Fatal("Failed marshalling ECDSA public key. Zero length") 424 } 425 } 426 427 func TestECDSAPublicKeySKI(t *testing.T) { 428 t.Parallel() 429 provider, _, cleanup := currentTestConfig.Provider(t) 430 defer cleanup() 431 432 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 433 if err != nil { 434 t.Fatalf("Failed generating ECDSA key [%s]", err) 435 } 436 437 pk, err := k.PublicKey() 438 if err != nil { 439 t.Fatalf("Failed getting public key from private ECDSA key [%s]", err) 440 } 441 442 ski := pk.SKI() 443 if len(ski) == 0 { 444 t.Fatal("SKI not valid. Zero length.") 445 } 446 } 447 448 func TestECDSAKeyReRand(t *testing.T) { 449 t.Parallel() 450 provider, _, cleanup := currentTestConfig.Provider(t) 451 defer cleanup() 452 453 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 454 if err != nil { 455 t.Fatalf("Failed generating ECDSA key [%s]", err) 456 } 457 if k == nil { 458 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 459 } 460 461 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 462 if err != nil { 463 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 464 } 465 if !reRandomizedKey.Private() { 466 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be private") 467 } 468 if reRandomizedKey.Symmetric() { 469 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key should be asymmetric") 470 } 471 472 k2, err := k.PublicKey() 473 if err != nil { 474 t.Fatalf("Failed getting public ECDSA key from private [%s]", err) 475 } 476 if k2 == nil { 477 t.Fatal("Failed re-randomizing ECDSA key. Re-randomized Key must be different from nil") 478 } 479 480 reRandomizedKey2, err := provider.KeyDeriv(k2, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 481 if err != nil { 482 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 483 } 484 485 if reRandomizedKey2.Private() { 486 t.Fatal("Re-randomized public Key must remain public") 487 } 488 if reRandomizedKey2.Symmetric() { 489 t.Fatal("Re-randomized ECDSA asymmetric key must remain asymmetric") 490 } 491 492 if false == bytes.Equal(reRandomizedKey.SKI(), reRandomizedKey2.SKI()) { 493 t.Fatal("Re-randomized ECDSA Private- or Public-Keys must end up having the same SKI") 494 } 495 } 496 497 func TestECDSASign(t *testing.T) { 498 t.Parallel() 499 provider, _, cleanup := currentTestConfig.Provider(t) 500 defer cleanup() 501 502 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 503 if err != nil { 504 t.Fatalf("Failed generating ECDSA key [%s]", err) 505 } 506 507 msg := []byte("Hello World") 508 509 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 510 if err != nil { 511 t.Fatalf("Failed computing HASH [%s]", err) 512 } 513 514 signature, err := provider.Sign(k, digest, nil) 515 if err != nil { 516 t.Fatalf("Failed generating ECDSA signature [%s]", err) 517 } 518 if len(signature) == 0 { 519 t.Fatal("Failed generating ECDSA key. Signature must be different from nil") 520 } 521 } 522 523 func TestECDSAVerify(t *testing.T) { 524 t.Parallel() 525 provider, ks, cleanup := currentTestConfig.Provider(t) 526 defer cleanup() 527 528 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 529 if err != nil { 530 t.Fatalf("Failed generating ECDSA key [%s]", err) 531 } 532 533 msg := []byte("Hello World") 534 535 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 536 if err != nil { 537 t.Fatalf("Failed computing HASH [%s]", err) 538 } 539 540 signature, err := provider.Sign(k, digest, nil) 541 if err != nil { 542 t.Fatalf("Failed generating ECDSA signature [%s]", err) 543 } 544 545 valid, err := provider.Verify(k, signature, digest, nil) 546 if err != nil { 547 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 548 } 549 if !valid { 550 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 551 } 552 553 pk, err := k.PublicKey() 554 if err != nil { 555 t.Fatalf("Failed getting corresponding public key [%s]", err) 556 } 557 558 valid, err = provider.Verify(pk, signature, digest, nil) 559 if err != nil { 560 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 561 } 562 if !valid { 563 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 564 } 565 566 // Store public key 567 err = ks.StoreKey(pk) 568 if err != nil { 569 t.Fatalf("Failed storing corresponding public key [%s]", err) 570 } 571 572 pk2, err := ks.GetKey(pk.SKI()) 573 if err != nil { 574 t.Fatalf("Failed retrieving corresponding public key [%s]", err) 575 } 576 577 valid, err = provider.Verify(pk2, signature, digest, nil) 578 if err != nil { 579 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 580 } 581 if !valid { 582 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 583 } 584 } 585 586 func TestECDSAKeyDeriv(t *testing.T) { 587 t.Parallel() 588 provider, _, cleanup := currentTestConfig.Provider(t) 589 defer cleanup() 590 591 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 592 if err != nil { 593 t.Fatalf("Failed generating ECDSA key [%s]", err) 594 } 595 596 reRandomizedKey, err := provider.KeyDeriv(k, &bccsp.ECDSAReRandKeyOpts{Temporary: false, Expansion: []byte{1}}) 597 if err != nil { 598 t.Fatalf("Failed re-randomizing ECDSA key [%s]", err) 599 } 600 601 msg := []byte("Hello World") 602 603 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 604 if err != nil { 605 t.Fatalf("Failed computing HASH [%s]", err) 606 } 607 608 signature, err := provider.Sign(reRandomizedKey, digest, nil) 609 if err != nil { 610 t.Fatalf("Failed generating ECDSA signature [%s]", err) 611 } 612 613 valid, err := provider.Verify(reRandomizedKey, signature, digest, nil) 614 if err != nil { 615 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 616 } 617 if !valid { 618 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 619 } 620 } 621 622 func TestECDSAKeyImportFromExportedKey(t *testing.T) { 623 t.Parallel() 624 provider, _, cleanup := currentTestConfig.Provider(t) 625 defer cleanup() 626 627 // Generate an ECDSA key 628 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 629 if err != nil { 630 t.Fatalf("Failed generating ECDSA key [%s]", err) 631 } 632 633 // Export the public key 634 pk, err := k.PublicKey() 635 if err != nil { 636 t.Fatalf("Failed getting ECDSA public key [%s]", err) 637 } 638 639 pkRaw, err := pk.Bytes() 640 if err != nil { 641 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 642 } 643 644 // Import the exported public key 645 pk2, err := provider.KeyImport(pkRaw, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 646 if err != nil { 647 t.Fatalf("Failed importing ECDSA public key [%s]", err) 648 } 649 if pk2 == nil { 650 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 651 } 652 653 // Sign and verify with the imported public key 654 msg := []byte("Hello World") 655 656 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 657 if err != nil { 658 t.Fatalf("Failed computing HASH [%s]", err) 659 } 660 661 signature, err := provider.Sign(k, digest, nil) 662 if err != nil { 663 t.Fatalf("Failed generating ECDSA signature [%s]", err) 664 } 665 666 valid, err := provider.Verify(pk2, signature, digest, nil) 667 if err != nil { 668 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 669 } 670 if !valid { 671 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 672 } 673 } 674 675 func TestECDSAKeyImportFromECDSAPublicKey(t *testing.T) { 676 t.Parallel() 677 provider, _, cleanup := currentTestConfig.Provider(t) 678 defer cleanup() 679 680 // Generate an ECDSA key 681 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 682 if err != nil { 683 t.Fatalf("Failed generating ECDSA key [%s]", err) 684 } 685 686 // Export the public key 687 pk, err := k.PublicKey() 688 if err != nil { 689 t.Fatalf("Failed getting ECDSA public key [%s]", err) 690 } 691 692 pkRaw, err := pk.Bytes() 693 if err != nil { 694 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 695 } 696 697 pub, err := utils.DERToPublicKey(pkRaw) 698 if err != nil { 699 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 700 } 701 702 // Import the ecdsa.PublicKey 703 pk2, err := provider.KeyImport(pub, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: false}) 704 if err != nil { 705 t.Fatalf("Failed importing ECDSA public key [%s]", err) 706 } 707 if pk2 == nil { 708 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 709 } 710 711 // Sign and verify with the imported public key 712 msg := []byte("Hello World") 713 714 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 715 if err != nil { 716 t.Fatalf("Failed computing HASH [%s]", err) 717 } 718 719 signature, err := provider.Sign(k, digest, nil) 720 if err != nil { 721 t.Fatalf("Failed generating ECDSA signature [%s]", err) 722 } 723 724 valid, err := provider.Verify(pk2, signature, digest, nil) 725 if err != nil { 726 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 727 } 728 if !valid { 729 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 730 } 731 } 732 733 func TestECDSAKeyImportFromECDSAPrivateKey(t *testing.T) { 734 t.Parallel() 735 provider, _, cleanup := currentTestConfig.Provider(t) 736 defer cleanup() 737 738 // Generate an ECDSA key, default is P256 739 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 740 if err != nil { 741 t.Fatalf("Failed generating ECDSA key [%s]", err) 742 } 743 744 // Import the ecdsa.PrivateKey 745 priv, err := utils.PrivateKeyToDER(key) 746 if err != nil { 747 t.Fatalf("Failed converting raw to ecdsa.PrivateKey [%s]", err) 748 } 749 750 sk, err := provider.KeyImport(priv, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: false}) 751 if err != nil { 752 t.Fatalf("Failed importing ECDSA private key [%s]", err) 753 } 754 if sk == nil { 755 t.Fatal("Failed importing ECDSA private key. Return BCCSP key cannot be nil.") 756 } 757 758 // Import the ecdsa.PublicKey 759 pub, err := utils.PublicKeyToDER(&key.PublicKey) 760 if err != nil { 761 t.Fatalf("Failed converting raw to ecdsa.PublicKey [%s]", err) 762 } 763 764 pk, err := provider.KeyImport(pub, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: false}) 765 766 if err != nil { 767 t.Fatalf("Failed importing ECDSA public key [%s]", err) 768 } 769 if pk == nil { 770 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 771 } 772 773 // Sign and verify with the imported public key 774 msg := []byte("Hello World") 775 776 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 777 if err != nil { 778 t.Fatalf("Failed computing HASH [%s]", err) 779 } 780 781 signature, err := provider.Sign(sk, digest, nil) 782 if err != nil { 783 t.Fatalf("Failed generating ECDSA signature [%s]", err) 784 } 785 786 valid, err := provider.Verify(pk, signature, digest, nil) 787 if err != nil { 788 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 789 } 790 if !valid { 791 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 792 } 793 } 794 795 func TestKeyImportFromX509ECDSAPublicKey(t *testing.T) { 796 t.Parallel() 797 provider, _, cleanup := currentTestConfig.Provider(t) 798 defer cleanup() 799 800 // Generate an ECDSA key 801 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 802 if err != nil { 803 t.Fatalf("Failed generating ECDSA key [%s]", err) 804 } 805 806 // Generate a self-signed certificate 807 testExtKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} 808 testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}} 809 extraExtensionData := []byte("extra extension") 810 commonName := "test.example.com" 811 template := x509.Certificate{ 812 SerialNumber: big.NewInt(1), 813 Subject: pkix.Name{ 814 CommonName: commonName, 815 Organization: []string{"Σ Acme Co"}, 816 Country: []string{"US"}, 817 ExtraNames: []pkix.AttributeTypeAndValue{ 818 { 819 Type: []int{2, 5, 4, 42}, 820 Value: "Gopher", 821 }, 822 // This should override the Country, above. 823 { 824 Type: []int{2, 5, 4, 6}, 825 Value: "NL", 826 }, 827 }, 828 }, 829 NotBefore: time.Now().Add(-1 * time.Hour), 830 NotAfter: time.Now().Add(1 * time.Hour), 831 832 SignatureAlgorithm: x509.ECDSAWithSHA256, 833 834 SubjectKeyId: []byte{1, 2, 3, 4}, 835 KeyUsage: x509.KeyUsageCertSign, 836 837 ExtKeyUsage: testExtKeyUsage, 838 UnknownExtKeyUsage: testUnknownExtKeyUsage, 839 840 BasicConstraintsValid: true, 841 IsCA: true, 842 843 OCSPServer: []string{"http://ocurrentBCCSP.example.com"}, 844 IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"}, 845 846 DNSNames: []string{"test.example.com"}, 847 EmailAddresses: []string{"gopher@golang.org"}, 848 IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, 849 850 PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}}, 851 PermittedDNSDomains: []string{".example.com", "example.com"}, 852 853 CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"}, 854 855 ExtraExtensions: []pkix.Extension{ 856 { 857 Id: []int{1, 2, 3, 4}, 858 Value: extraExtensionData, 859 }, 860 }, 861 } 862 863 cryptoSigner, err := signer.New(provider, k) 864 if err != nil { 865 t.Fatalf("Failed initializing CyrptoSigner [%s]", err) 866 } 867 868 // Export the public key 869 pk, err := k.PublicKey() 870 if err != nil { 871 t.Fatalf("Failed getting ECDSA public key [%s]", err) 872 } 873 874 pkRaw, err := pk.Bytes() 875 if err != nil { 876 t.Fatalf("Failed getting ECDSA raw public key [%s]", err) 877 } 878 879 pub, err := utils.DERToPublicKey(pkRaw) 880 if err != nil { 881 t.Fatalf("Failed converting raw to ECDSA.PublicKey [%s]", err) 882 } 883 884 certRaw, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, cryptoSigner) 885 if err != nil { 886 t.Fatalf("Failed generating self-signed certificate [%s]", err) 887 } 888 889 cert, err := utils.DERToX509Certificate(certRaw) 890 if err != nil { 891 t.Fatalf("Failed generating X509 certificate object from raw [%s]", err) 892 } 893 894 // Import the certificate's public key 895 pk2, err := provider.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: false}) 896 897 if err != nil { 898 t.Fatalf("Failed importing ECDSA public key [%s]", err) 899 } 900 if pk2 == nil { 901 t.Fatal("Failed importing ECDSA public key. Return BCCSP key cannot be nil.") 902 } 903 904 // Sign and verify with the imported public key 905 msg := []byte("Hello World") 906 907 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 908 if err != nil { 909 t.Fatalf("Failed computing HASH [%s]", err) 910 } 911 912 signature, err := provider.Sign(k, digest, nil) 913 if err != nil { 914 t.Fatalf("Failed generating ECDSA signature [%s]", err) 915 } 916 917 valid, err := provider.Verify(pk2, signature, digest, nil) 918 if err != nil { 919 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 920 } 921 if !valid { 922 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 923 } 924 } 925 926 func TestECDSASignatureEncoding(t *testing.T) { 927 t.Parallel() 928 929 v := []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0xff, 0xf1} 930 _, err := asn1.Unmarshal(v, &utils.ECDSASignature{}) 931 if err == nil { 932 t.Fatalf("Unmarshalling should fail for [% x]", v) 933 } 934 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 935 936 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x02, 0x00, 0x01} 937 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 938 if err == nil { 939 t.Fatalf("Unmarshalling should fail for [% x]", v) 940 } 941 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 942 943 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x01} 944 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 945 if err == nil { 946 t.Fatalf("Unmarshalling should fail for [% x]", v) 947 } 948 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 949 950 v = []byte{0x30, 0x07, 0x02, 0x01, 0x8F, 0x02, 0x81, 0x01, 0x8F} 951 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 952 if err == nil { 953 t.Fatalf("Unmarshalling should fail for [% x]", v) 954 } 955 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 956 957 v = []byte{0x30, 0x0A, 0x02, 0x01, 0x8F, 0x02, 0x05, 0x00, 0x00, 0x00, 0x00, 0x8F} 958 _, err = asn1.Unmarshal(v, &utils.ECDSASignature{}) 959 if err == nil { 960 t.Fatalf("Unmarshalling should fail for [% x]", v) 961 } 962 t.Logf("Unmarshalling correctly failed for [% x] [%s]", v, err) 963 964 } 965 966 func TestECDSALowS(t *testing.T) { 967 t.Parallel() 968 provider, _, cleanup := currentTestConfig.Provider(t) 969 defer cleanup() 970 971 // Ensure that signature with low-S are generated 972 k, err := provider.KeyGen(&bccsp.ECDSAKeyGenOpts{Temporary: false}) 973 if err != nil { 974 t.Fatalf("Failed generating ECDSA key [%s]", err) 975 } 976 977 msg := []byte("Hello World") 978 979 digest, err := provider.Hash(msg, &bccsp.SHAOpts{}) 980 if err != nil { 981 t.Fatalf("Failed computing HASH [%s]", err) 982 } 983 984 signature, err := provider.Sign(k, digest, nil) 985 if err != nil { 986 t.Fatalf("Failed generating ECDSA signature [%s]", err) 987 } 988 989 _, S, err := utils.UnmarshalECDSASignature(signature) 990 if err != nil { 991 t.Fatalf("Failed unmarshalling signature [%s]", err) 992 } 993 994 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) >= 0 { 995 t.Fatal("Invalid signature. It must have low-S") 996 } 997 998 valid, err := provider.Verify(k, signature, digest, nil) 999 if err != nil { 1000 t.Fatalf("Failed verifying ECDSA signature [%s]", err) 1001 } 1002 if !valid { 1003 t.Fatal("Failed verifying ECDSA signature. Signature not valid.") 1004 } 1005 1006 // Ensure that signature with high-S are rejected. 1007 var R *big.Int 1008 for { 1009 R, S, err = ecdsa.Sign(rand.Reader, k.(*ecdsaPrivateKey).privKey, digest) 1010 if err != nil { 1011 t.Fatalf("Failed generating signature [%s]", err) 1012 } 1013 1014 if S.Cmp(utils.GetCurveHalfOrdersAt(k.(*ecdsaPrivateKey).privKey.Curve)) > 0 { 1015 break 1016 } 1017 } 1018 1019 sig, err := utils.MarshalECDSASignature(R, S) 1020 if err != nil { 1021 t.Fatalf("Failing unmarshalling signature [%s]", err) 1022 } 1023 1024 valid, err = provider.Verify(k, sig, digest, nil) 1025 if err == nil { 1026 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1027 } 1028 if valid { 1029 t.Fatal("Failed verifying ECDSA signature. It must fail for a signature with high-S") 1030 } 1031 } 1032 1033 func TestAESKeyGen(t *testing.T) { 1034 t.Parallel() 1035 provider, _, cleanup := currentTestConfig.Provider(t) 1036 defer cleanup() 1037 1038 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1039 if err != nil { 1040 t.Fatalf("Failed generating AES_256 key [%s]", err) 1041 } 1042 if k == nil { 1043 t.Fatal("Failed generating AES_256 key. Key must be different from nil") 1044 } 1045 if !k.Private() { 1046 t.Fatal("Failed generating AES_256 key. Key should be private") 1047 } 1048 if !k.Symmetric() { 1049 t.Fatal("Failed generating AES_256 key. Key should be symmetric") 1050 } 1051 1052 pk, err := k.PublicKey() 1053 if err == nil { 1054 t.Fatal("Error should be different from nil in this case") 1055 } 1056 if pk != nil { 1057 t.Fatal("Return value should be equal to nil in this case") 1058 } 1059 } 1060 1061 func TestAESEncrypt(t *testing.T) { 1062 t.Parallel() 1063 provider, _, cleanup := currentTestConfig.Provider(t) 1064 defer cleanup() 1065 1066 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1067 if err != nil { 1068 t.Fatalf("Failed generating AES_256 key [%s]", err) 1069 } 1070 1071 ct, err := provider.Encrypt(k, []byte("Hello World"), &bccsp.AESCBCPKCS7ModeOpts{}) 1072 if err != nil { 1073 t.Fatalf("Failed encrypting [%s]", err) 1074 } 1075 if len(ct) == 0 { 1076 t.Fatal("Failed encrypting. Nil ciphertext") 1077 } 1078 } 1079 1080 func TestAESDecrypt(t *testing.T) { 1081 t.Parallel() 1082 provider, _, cleanup := currentTestConfig.Provider(t) 1083 defer cleanup() 1084 1085 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1086 if err != nil { 1087 t.Fatalf("Failed generating AES_256 key [%s]", err) 1088 } 1089 1090 msg := []byte("Hello World") 1091 1092 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1093 if err != nil { 1094 t.Fatalf("Failed encrypting [%s]", err) 1095 } 1096 1097 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1098 if err != nil { 1099 t.Fatalf("Failed decrypting [%s]", err) 1100 } 1101 if len(ct) == 0 { 1102 t.Fatal("Failed decrypting. Nil plaintext") 1103 } 1104 1105 if !bytes.Equal(msg, pt) { 1106 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1107 } 1108 } 1109 1110 func TestHMACTruncated256KeyDerivOverAES256Key(t *testing.T) { 1111 t.Parallel() 1112 provider, _, cleanup := currentTestConfig.Provider(t) 1113 defer cleanup() 1114 1115 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1116 if err != nil { 1117 t.Fatalf("Failed generating AES_256 key [%s]", err) 1118 } 1119 1120 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACTruncated256AESDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1121 if err != nil { 1122 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1123 } 1124 if k == nil { 1125 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1126 } 1127 if !hmcaedKey.Private() { 1128 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1129 } 1130 if !hmcaedKey.Symmetric() { 1131 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1132 } 1133 raw, err := hmcaedKey.Bytes() 1134 if err == nil { 1135 t.Fatal("Failed marshalling to bytes. Operation must be forbidden") 1136 } 1137 if len(raw) != 0 { 1138 t.Fatal("Failed marshalling to bytes. Operation must return 0 bytes") 1139 } 1140 1141 msg := []byte("Hello World") 1142 1143 ct, err := provider.Encrypt(hmcaedKey, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1144 if err != nil { 1145 t.Fatalf("Failed encrypting [%s]", err) 1146 } 1147 1148 pt, err := provider.Decrypt(hmcaedKey, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1149 if err != nil { 1150 t.Fatalf("Failed decrypting [%s]", err) 1151 } 1152 if len(ct) == 0 { 1153 t.Fatal("Failed decrypting. Nil plaintext") 1154 } 1155 1156 if !bytes.Equal(msg, pt) { 1157 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1158 } 1159 } 1160 1161 func TestHMACKeyDerivOverAES256Key(t *testing.T) { 1162 t.Parallel() 1163 provider, _, cleanup := currentTestConfig.Provider(t) 1164 defer cleanup() 1165 1166 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1167 if err != nil { 1168 t.Fatalf("Failed generating AES_256 key [%s]", err) 1169 } 1170 1171 hmcaedKey, err := provider.KeyDeriv(k, &bccsp.HMACDeriveKeyOpts{Temporary: false, Arg: []byte{1}}) 1172 1173 if err != nil { 1174 t.Fatalf("Failed HMACing AES_256 key [%s]", err) 1175 } 1176 if k == nil { 1177 t.Fatal("Failed HMACing AES_256 key. HMACed Key must be different from nil") 1178 } 1179 if !hmcaedKey.Private() { 1180 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be private") 1181 } 1182 if !hmcaedKey.Symmetric() { 1183 t.Fatal("Failed HMACing AES_256 key. HMACed Key should be asymmetric") 1184 } 1185 raw, err := hmcaedKey.Bytes() 1186 if err != nil { 1187 t.Fatalf("Failed marshalling to bytes [%s]", err) 1188 } 1189 if len(raw) == 0 { 1190 t.Fatal("Failed marshalling to bytes. 0 bytes") 1191 } 1192 } 1193 1194 func TestAES256KeyImport(t *testing.T) { 1195 t.Parallel() 1196 provider, _, cleanup := currentTestConfig.Provider(t) 1197 defer cleanup() 1198 1199 raw, err := GetRandomBytes(32) 1200 if err != nil { 1201 t.Fatalf("Failed generating AES key [%s]", err) 1202 } 1203 1204 k, err := provider.KeyImport(raw, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1205 if err != nil { 1206 t.Fatalf("Failed importing AES_256 key [%s]", err) 1207 } 1208 if k == nil { 1209 t.Fatal("Failed importing AES_256 key. Imported Key must be different from nil") 1210 } 1211 if !k.Private() { 1212 t.Fatal("Failed HMACing AES_256 key. Imported Key should be private") 1213 } 1214 if !k.Symmetric() { 1215 t.Fatal("Failed HMACing AES_256 key. Imported Key should be asymmetric") 1216 } 1217 raw, err = k.Bytes() 1218 if err == nil { 1219 t.Fatal("Failed marshalling to bytes. Marshalling must fail.") 1220 } 1221 if len(raw) != 0 { 1222 t.Fatal("Failed marshalling to bytes. Output should be 0 bytes") 1223 } 1224 1225 msg := []byte("Hello World") 1226 1227 ct, err := provider.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 1228 if err != nil { 1229 t.Fatalf("Failed encrypting [%s]", err) 1230 } 1231 1232 pt, err := provider.Decrypt(k, ct, bccsp.AESCBCPKCS7ModeOpts{}) 1233 if err != nil { 1234 t.Fatalf("Failed decrypting [%s]", err) 1235 } 1236 if len(ct) == 0 { 1237 t.Fatal("Failed decrypting. Nil plaintext") 1238 } 1239 1240 if !bytes.Equal(msg, pt) { 1241 t.Fatalf("Failed decrypting. Decrypted plaintext is different from the original. [%x][%x]", msg, pt) 1242 } 1243 } 1244 1245 func TestAES256KeyImportBadPaths(t *testing.T) { 1246 t.Parallel() 1247 provider, _, cleanup := currentTestConfig.Provider(t) 1248 defer cleanup() 1249 1250 _, err := provider.KeyImport(nil, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1251 if err == nil { 1252 t.Fatal("Failed importing key. Must fail on importing nil key") 1253 } 1254 1255 _, err = provider.KeyImport([]byte{1}, &bccsp.AES256ImportKeyOpts{Temporary: false}) 1256 if err == nil { 1257 t.Fatal("Failed importing key. Must fail on importing a key with an invalid length") 1258 } 1259 } 1260 1261 func TestAES256KeyGenSKI(t *testing.T) { 1262 t.Parallel() 1263 provider, _, cleanup := currentTestConfig.Provider(t) 1264 defer cleanup() 1265 1266 k, err := provider.KeyGen(&bccsp.AESKeyGenOpts{Temporary: false}) 1267 if err != nil { 1268 t.Fatalf("Failed generating AES_256 key [%s]", err) 1269 } 1270 1271 k2, err := provider.GetKey(k.SKI()) 1272 if err != nil { 1273 t.Fatalf("Failed getting AES_256 key [%s]", err) 1274 } 1275 if k2 == nil { 1276 t.Fatal("Failed getting AES_256 key. Key must be different from nil") 1277 } 1278 if !k2.Private() { 1279 t.Fatal("Failed getting AES_256 key. Key should be private") 1280 } 1281 if !k2.Symmetric() { 1282 t.Fatal("Failed getting AES_256 key. Key should be symmetric") 1283 } 1284 1285 // Check that the SKIs are the same 1286 if !bytes.Equal(k.SKI(), k2.SKI()) { 1287 t.Fatalf("SKIs are different [%x]!=[%x]", k.SKI(), k2.SKI()) 1288 } 1289 } 1290 1291 func TestSHA(t *testing.T) { 1292 t.Parallel() 1293 provider, _, cleanup := currentTestConfig.Provider(t) 1294 defer cleanup() 1295 1296 for i := 0; i < 100; i++ { 1297 b, err := GetRandomBytes(i) 1298 if err != nil { 1299 t.Fatalf("Failed getting random bytes [%s]", err) 1300 } 1301 1302 h1, err := provider.Hash(b, &bccsp.SHAOpts{}) 1303 if err != nil { 1304 t.Fatalf("Failed computing SHA [%s]", err) 1305 } 1306 1307 var h hash.Hash 1308 switch currentTestConfig.hashFamily { 1309 case "SHA2": 1310 switch currentTestConfig.securityLevel { 1311 case 256: 1312 h = sha256.New() 1313 case 384: 1314 h = sha512.New384() 1315 default: 1316 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1317 } 1318 case "SHA3": 1319 switch currentTestConfig.securityLevel { 1320 case 256: 1321 h = sha3.New256() 1322 case 384: 1323 h = sha3.New384() 1324 default: 1325 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1326 } 1327 default: 1328 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1329 } 1330 1331 h.Write(b) 1332 h2 := h.Sum(nil) 1333 if !bytes.Equal(h1, h2) { 1334 t.Fatalf("Discrempancy found in HASH result [%x], [%x]!=[%x]", b, h1, h2) 1335 } 1336 } 1337 } 1338 1339 func TestAddWrapper(t *testing.T) { 1340 t.Parallel() 1341 p, _, cleanup := currentTestConfig.Provider(t) 1342 defer cleanup() 1343 1344 sw, ok := p.(*CSP) 1345 assert.True(t, ok) 1346 1347 tester := func(o interface{}, getter func(t reflect.Type) (interface{}, bool)) { 1348 tt := reflect.TypeOf(o) 1349 err := sw.AddWrapper(tt, o) 1350 assert.NoError(t, err) 1351 o2, ok := getter(tt) 1352 assert.True(t, ok) 1353 assert.Equal(t, o, o2) 1354 } 1355 1356 tester(&mocks.KeyGenerator{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyGenerators[t]; return o, ok }) 1357 tester(&mocks.KeyDeriver{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyDerivers[t]; return o, ok }) 1358 tester(&mocks.KeyImporter{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.KeyImporters[t]; return o, ok }) 1359 tester(&mocks.Encryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Encryptors[t]; return o, ok }) 1360 tester(&mocks.Decryptor{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Decryptors[t]; return o, ok }) 1361 tester(&mocks.Signer{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Signers[t]; return o, ok }) 1362 tester(&mocks.Verifier{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Verifiers[t]; return o, ok }) 1363 tester(&mocks.Hasher{}, func(t reflect.Type) (interface{}, bool) { o, ok := sw.Hashers[t]; return o, ok }) 1364 1365 // Add invalid wrapper 1366 err := sw.AddWrapper(reflect.TypeOf(cleanup), cleanup) 1367 assert.Error(t, err) 1368 assert.Equal(t, err.Error(), "wrapper type not valid, must be on of: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher") 1369 } 1370 1371 func getCryptoHashIndex(t *testing.T) crypto.Hash { 1372 switch currentTestConfig.hashFamily { 1373 case "SHA2": 1374 switch currentTestConfig.securityLevel { 1375 case 256: 1376 return crypto.SHA256 1377 case 384: 1378 return crypto.SHA384 1379 default: 1380 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1381 } 1382 case "SHA3": 1383 switch currentTestConfig.securityLevel { 1384 case 256: 1385 return crypto.SHA3_256 1386 case 384: 1387 return crypto.SHA3_384 1388 default: 1389 t.Fatalf("Invalid security level [%d]", currentTestConfig.securityLevel) 1390 } 1391 default: 1392 t.Fatalf("Invalid hash family [%s]", currentTestConfig.hashFamily) 1393 } 1394 1395 return crypto.SHA3_256 1396 }