Add additional tests for EC key/cert marshalling.

2024-12-26 23:40:07 +08:00 · 2017-12-15 15:56:01 -05:00 · 2017-12-15 15:56:01 -05:00 · 193b24e768
commit 193b24e768
parent c26b4563dc
2 changed files with 183 additions and 1 deletions
--- a/key_test.go
+++ b/key_test.go
@ -16,6 +16,7 @@ package openssl

 import (
 	"bytes"
+	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
@ -189,3 +190,166 @@ func TestSign(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestSignEC(t *testing.T) {
+	t.Parallel()
+
+	key, err := GenerateECKey(Prime256v1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	data := []byte("the quick brown fox jumps over the lazy dog")
+
+	t.Run("sha1", func(t *testing.T) {
+		t.Parallel()
+		sig, err := key.SignPKCS1v15(SHA1_Method, data)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = key.VerifyPKCS1v15(SHA1_Method, data, sig)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("sha256", func(t *testing.T) {
+		t.Parallel()
+		sig, err := key.SignPKCS1v15(SHA256_Method, data)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = key.VerifyPKCS1v15(SHA256_Method, data, sig)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("sha512", func(t *testing.T) {
+		t.Parallel()
+		sig, err := key.SignPKCS1v15(SHA512_Method, data)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = key.VerifyPKCS1v15(SHA512_Method, data, sig)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+}
+
+func TestMarshalEC(t *testing.T) {
+	key, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	cert, err := LoadCertificateFromPEM(prime256v1CertBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes)
+	key, err = LoadPrivateKeyFromDER(privateBlock.Bytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pem, err := cert.MarshalPEM()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(pem, prime256v1CertBytes) {
+		ioutil.WriteFile("generated", pem, 0644)
+		ioutil.WriteFile("hardcoded", prime256v1CertBytes, 0644)
+		t.Fatal("invalid cert pem bytes")
+	}
+
+	pem, err = key.MarshalPKCS1PrivateKeyPEM()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(pem, prime256v1KeyBytes) {
+		ioutil.WriteFile("generated", pem, 0644)
+		ioutil.WriteFile("hardcoded", prime256v1KeyBytes, 0644)
+		t.Fatal("invalid private key pem bytes")
+	}
+	tls_cert, err := tls.X509KeyPair(prime256v1CertBytes, prime256v1KeyBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tls_key, ok := tls_cert.PrivateKey.(*ecdsa.PrivateKey)
+	if !ok {
+		t.Fatal("FASDFASDF")
+	}
+	_ = tls_key
+
+	der, err := key.MarshalPKCS1PrivateKeyDER()
+	if err != nil {
+		t.Fatal(err)
+	}
+	tls_der, err := x509.MarshalECPrivateKey(tls_key)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(der, tls_der) {
+		t.Fatal("invalid private key der bytes: %s\n v.s. %s\n",
+			hex.Dump(der), hex.Dump(tls_der))
+	}
+
+	der, err = key.MarshalPKIXPublicKeyDER()
+	if err != nil {
+		t.Fatal(err)
+	}
+	tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(der, tls_der) {
+		ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644)
+		ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
+		t.Fatal("invalid public key der bytes")
+	}
+
+	pem, err = key.MarshalPKIXPublicKeyPEM()
+	if err != nil {
+		t.Fatal(err)
+	}
+	tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{
+		Type: "PUBLIC KEY", Bytes: tls_der})
+	if !bytes.Equal(pem, tls_pem) {
+		ioutil.WriteFile("generated", pem, 0644)
+		ioutil.WriteFile("hardcoded", tls_pem, 0644)
+		t.Fatal("invalid public key pem bytes")
+	}
+
+	loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(new_der_from_der, tls_der) {
+		ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644)
+		ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
+		t.Fatal("invalid public key der bytes")
+	}
+
+	if !bytes.Equal(new_der_from_pem, tls_der) {
+		ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644)
+		ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
+		t.Fatal("invalid public key der bytes")
+	}
+}
--- a/ssl_test.go
+++ b/ssl_test.go
@ -85,7 +85,25 @@ qmgvgyRayemfO2zR0CPgC6wSoGBth+xW6g+WA8y0z76ZSaWpFi8lVM4=
 MHcCAQEEIB/XL0zZSsAu+IQF1AI/nRneabb2S126WFlvvhzmYr1KoAoGCCqGSM49
 AwEHoUQDQgAESSFGWwF6W1hoatKGPPorh4+ipyk0FqpiWdiH+4jIiU39qtOeZGSh
 1QgSbzfdHxvoYI0FXM+mqE7wec0kIvrrHw==
-----END EC PRIVATE KEY-----`)
+-----END EC PRIVATE KEY-----
+`)
+	prime256v1CertBytes = []byte(`-----BEGIN CERTIFICATE-----
+MIIChTCCAiqgAwIBAgIJAOQII2LQl4uxMAoGCCqGSM49BAMCMIGcMQswCQYDVQQG
+EwJVUzEPMA0GA1UECAwGS2Fuc2FzMRAwDgYDVQQHDAdOb3doZXJlMR8wHQYDVQQK
+DBZGYWtlIENlcnRpZmljYXRlcywgSW5jMUkwRwYDVQQDDEBhMWJkZDVmZjg5ZjQy
+N2IwZmNiOTdlNDMyZTY5Nzg2NjI2ODJhMWUyNzM4MDhkODE0ZWJiZjY4ODBlYzA3
+NDljMB4XDTE3MTIxNTIwNDU1MVoXDTI3MTIxMzIwNDU1MVowgZwxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIDAZLYW5zYXMxEDAOBgNVBAcMB05vd2hlcmUxHzAdBgNVBAoM
+FkZha2UgQ2VydGlmaWNhdGVzLCBJbmMxSTBHBgNVBAMMQGExYmRkNWZmODlmNDI3
+YjBmY2I5N2U0MzJlNjk3ODY2MjY4MmExZTI3MzgwOGQ4MTRlYmJmNjg4MGVjMDc0
+OWMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARJIUZbAXpbWGhq0oY8+iuHj6Kn
+KTQWqmJZ2If7iMiJTf2q055kZKHVCBJvN90fG+hgjQVcz6aoTvB5zSQi+usfo1Mw
+UTAdBgNVHQ4EFgQUfRYAFhlGM1wzvusyGrm26Vrbqm4wHwYDVR0jBBgwFoAUfRYA
+FhlGM1wzvusyGrm26Vrbqm4wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJ
+ADBGAiEA6PWNjm4B6zs3Wcha9qyDdfo1ILhHfk9rZEAGrnfyc2UCIQD1IDVJUkI4
+J/QVoOtP5DOdRPs/3XFy0Bk0qH+Uj5D7LQ==
+-----END CERTIFICATE-----
+`)
 )

 func NetPipe(t testing.TB) (net.Conn, net.Conn) {