github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/signature/raw/transformer_test.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package raw 19 20 import ( 21 "context" 22 "encoding/json" 23 "testing" 24 25 "github.com/stretchr/testify/assert" 26 "gopkg.in/square/go-jose.v2" 27 28 "github.com/zntrio/harp/v2/pkg/sdk/value/signature" 29 ) 30 31 // ----------------------------------------------------------------------------- 32 33 var p256PrivateJWK = []byte(`{ 34 "kty": "EC", 35 "d": "sXCIy5HxtyG24MTl3hsgLDqi0dd33WAB_Rae1I_o2Is", 36 "crv": "P-256", 37 "x": "ykS0SN-EaFIVQUBC7norE9yYAN0ZFxSYYP6p0iofMxw", 38 "y": "faQhXipqrhZeHIPFzJEYlxVvCdezZnJs2mKxnraO8_M" 39 }`) 40 41 var p384PrivateJWK = []byte(`{ 42 "kty": "EC", 43 "d": "7YcsmkNxmZdzGyb46ZeDb2I1yr-ja1iw9gspGjq7UDqQ6a61h_ES8c4uU__adkFV", 44 "crv": "P-384", 45 "x": "dWLSo6PTkL1G68bzTwY3zzrL_QX-pwvP9HUPpQGeSFmj20EWOtfvXXKDrCR0jnJD", 46 "y": "lFvTFechH_KmbOEvycryCHy23Cm1qekJYAtn7T_TELpm7zsY290NYlvqDKesGeXx" 47 }`) 48 49 var p521PrivateJWK = []byte(`{ 50 "kty": "EC", 51 "d": "AIqIPpDjCGGwdG1usjkOkzovnv0SMiMgfLTn938E_gp4NBEyQVy4myOilDAEKrxPWw8f1u3FLKhGza-yxevMnfnr", 52 "crv": "P-521", 53 "x": "AVfi6aKylpZU334mETb2lNO5Ckpzp_L06WG4UQpiFxQMdxxKeldRJTxgt3FCYg5rXbUcKB2vm7Yq1Mxl3CHeBGQ8", 54 "y": "AQQurRdp6oLjLbOTosM2cnu91dBL2YShDnqXbaUyFlGYoUJB6LPwwph9Uu0qHKCeK6QxZmHWxST2iky7ObEfM8GC" 55 }`) 56 57 var ed25519PrivateJWK = []byte(`{ 58 "kty": "OKP", 59 "d": "ytOw6kKTTVJUKCnX5HgmhsGguNFQ18ECIS2C-ujJv-s", 60 "crv": "Ed25519", 61 "x": "K5i0d37-eRk8-EPwo2bpcmM-HGmzLiqRtWnk7oR3FCs" 62 }`) 63 64 func mustDecodeJWK(input []byte) *jose.JSONWebKey { 65 var jwk jose.JSONWebKey 66 if err := json.Unmarshal(input, &jwk); err != nil { 67 panic(err) 68 } 69 70 return &jwk 71 } 72 73 // -----------------------------------------------------------------------------. 74 func Test_rawTransformer_Roundtrip(t *testing.T) { 75 testcases := []struct { 76 name string 77 privateKey *jose.JSONWebKey 78 }{ 79 { 80 name: "ed25519", 81 privateKey: mustDecodeJWK(ed25519PrivateJWK), 82 }, 83 { 84 name: "p256", 85 privateKey: mustDecodeJWK(p256PrivateJWK), 86 }, 87 { 88 name: "p384", 89 privateKey: mustDecodeJWK(p384PrivateJWK), 90 }, 91 { 92 name: "p521", 93 privateKey: mustDecodeJWK(p521PrivateJWK), 94 }, 95 } 96 for _, tt := range testcases { 97 t.Run(tt.name, func(t *testing.T) { 98 signer := &rawTransformer{ 99 key: tt.privateKey.Key, 100 } 101 102 verifier := &rawTransformer{ 103 key: tt.privateKey.Public().Key, 104 } 105 106 // Prepare context 107 ctx := context.Background() 108 input := []byte("test") 109 110 signed, err := signer.To(ctx, input) 111 assert.NoError(t, err) 112 113 payload, err := verifier.From(ctx, signed) 114 assert.NoError(t, err) 115 116 assert.Equal(t, input, payload) 117 }) 118 } 119 } 120 121 func Test_rawTransformer_PreHashed(t *testing.T) { 122 testcases := []struct { 123 name string 124 privateKey *jose.JSONWebKey 125 input []byte 126 }{ 127 { 128 name: "p256", 129 privateKey: mustDecodeJWK(p256PrivateJWK), 130 input: []byte("00000000000000000000000000000000"), 131 }, 132 { 133 name: "p384", 134 privateKey: mustDecodeJWK(p384PrivateJWK), 135 input: []byte("000000000000000000000000000000000000000000000000"), 136 }, 137 { 138 name: "p521", 139 privateKey: mustDecodeJWK(p521PrivateJWK), 140 input: []byte("0000000000000000000000000000000000000000000000000000000000000000"), 141 }, 142 } 143 for _, tt := range testcases { 144 t.Run(tt.name, func(t *testing.T) { 145 signer := &rawTransformer{ 146 key: tt.privateKey.Key, 147 } 148 149 verifier := &rawTransformer{ 150 key: tt.privateKey.Public().Key, 151 } 152 153 // Prepare context 154 ctx := signature.WithInputPreHashed(context.Background(), true) 155 156 signed, err := signer.To(ctx, tt.input) 157 assert.NoError(t, err) 158 159 payload, err := verifier.From(ctx, signed) 160 assert.NoError(t, err) 161 162 assert.Equal(t, tt.input, payload) 163 }) 164 } 165 } 166 167 func Test_rawTransformer_Roundtrip_WithDeterministic(t *testing.T) { 168 testcases := []struct { 169 name string 170 privateKey *jose.JSONWebKey 171 }{ 172 { 173 name: "p256", 174 privateKey: mustDecodeJWK(p256PrivateJWK), 175 }, 176 { 177 name: "p384", 178 privateKey: mustDecodeJWK(p384PrivateJWK), 179 }, 180 { 181 name: "p521", 182 privateKey: mustDecodeJWK(p521PrivateJWK), 183 }, 184 } 185 for _, tt := range testcases { 186 t.Run(tt.name, func(t *testing.T) { 187 signer := &rawTransformer{ 188 key: tt.privateKey.Key, 189 } 190 191 verifier := &rawTransformer{ 192 key: tt.privateKey.Public().Key, 193 } 194 195 // Prepare context 196 ctx := signature.WithDetermisticSignature(context.Background(), true) 197 input := []byte("test") 198 199 signed, err := signer.To(ctx, input) 200 assert.NoError(t, err) 201 202 payload, err := verifier.From(ctx, signed) 203 assert.NoError(t, err) 204 205 assert.Equal(t, input, payload) 206 }) 207 } 208 }