// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package openssl import ( "bytes" "crypto/ecdsa" "crypto/rsa" "crypto/tls" "crypto/x509" "encoding/hex" pem_pkg "encoding/pem" "io/ioutil" "testing" ) func TestMarshal(t *testing.T) { key, err := LoadPrivateKeyFromPEM(keyBytes) if err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(certBytes) if err != nil { t.Fatal(err) } if !key.Equal(key) { t.Fatal("key not equal to itself") } privateBlock, _ := pem_pkg.Decode(keyBytes) key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } pem, err := cert.MarshalPEM() if err != nil { t.Fatal(err) } if !bytes.Equal(pem, certBytes) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", certBytes, 0644) t.Fatal("invalid cert pem bytes") } pem, err = key.MarshalPKCS1PrivateKeyPEM() if err != nil { t.Fatal(err) } if !bytes.Equal(pem, keyBytes) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", keyBytes, 0644) t.Fatal("invalid private key pem bytes") } tls_cert, err := tls.X509KeyPair(certBytes, keyBytes) if err != nil { t.Fatal(err) } tls_key, ok := tls_cert.PrivateKey.(*rsa.PrivateKey) if !ok { t.Fatal("FASDFASDF") } _ = tls_key der, err := key.MarshalPKCS1PrivateKeyDER() if err != nil { t.Fatal(err) } tls_der := x509.MarshalPKCS1PrivateKey(tls_key) if !bytes.Equal(der, tls_der) { t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n", hex.Dump(der), hex.Dump(tls_der)) } der, err = key.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey) if err != nil { t.Fatal(err) } if !bytes.Equal(der, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } pem, err = key.MarshalPKIXPublicKeyPEM() if err != nil { t.Fatal(err) } tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{ Type: "PUBLIC KEY", Bytes: tls_der}) if !bytes.Equal(pem, tls_pem) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", tls_pem, 0644) t.Fatal("invalid public key pem bytes") } loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem) if err != nil { t.Fatal(err) } loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der) if err != nil { t.Fatal(err) } new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } if !bytes.Equal(new_der_from_der, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } if !bytes.Equal(new_der_from_pem, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } } func TestGenerate(t *testing.T) { key, err := GenerateRSAKey(2048) if err != nil { t.Fatal(err) } _, err = key.MarshalPKIXPublicKeyPEM() if err != nil { t.Fatal(err) } _, err = key.MarshalPKCS1PrivateKeyPEM() if err != nil { t.Fatal(err) } _, err = GenerateRSAKeyWithExponent(1024, 65537) if err != nil { t.Fatal(err) } } func TestGenerateEC(t *testing.T) { key, err := GenerateECKey(Prime256v1) if err != nil { t.Fatal(err) } _, err = key.MarshalPKIXPublicKeyPEM() if err != nil { t.Fatal(err) } _, err = key.MarshalPKCS1PrivateKeyPEM() if err != nil { t.Fatal(err) } } func TestGenerateEd25519(t *testing.T) { if !ed25519_support { t.SkipNow() } key, err := GenerateED25519Key() if err != nil { t.Fatal(err) } if _, err = key.MarshalPKIXPublicKeyPEM(); err != nil { t.Fatal(err) } } func TestSign(t *testing.T) { key, _ := GenerateRSAKey(1024) data := []byte("the quick brown fox jumps over the lazy dog") _, err := key.SignPKCS1v15(SHA1_Method, data) if err != nil { t.Fatal(err) } _, err = key.SignPKCS1v15(SHA256_Method, data) if err != nil { t.Fatal(err) } _, err = key.SignPKCS1v15(SHA512_Method, data) if err != nil { t.Fatal(err) } } func TestSignEC(t *testing.T) { t.Parallel() key, err := GenerateECKey(Prime256v1) if err != nil { t.Fatal(err) } data := []byte("the quick brown fox jumps over the lazy dog") t.Run("sha1", func(t *testing.T) { t.Parallel() sig, err := key.SignPKCS1v15(SHA1_Method, data) if err != nil { t.Fatal(err) } err = key.VerifyPKCS1v15(SHA1_Method, data, sig) if err != nil { t.Fatal(err) } }) t.Run("sha256", func(t *testing.T) { t.Parallel() sig, err := key.SignPKCS1v15(SHA256_Method, data) if err != nil { t.Fatal(err) } err = key.VerifyPKCS1v15(SHA256_Method, data, sig) if err != nil { t.Fatal(err) } }) t.Run("sha512", func(t *testing.T) { t.Parallel() sig, err := key.SignPKCS1v15(SHA512_Method, data) if err != nil { t.Fatal(err) } err = key.VerifyPKCS1v15(SHA512_Method, data, sig) if err != nil { t.Fatal(err) } }) } func TestSignED25519(t *testing.T) { if !ed25519_support { t.SkipNow() } t.Parallel() key, err := GenerateED25519Key() if err != nil { t.Fatal(err) } data := []byte("the quick brown fox jumps over the lazy dog") t.Run("new", func(t *testing.T) { t.Parallel() sig, err := key.SignPKCS1v15(nil, data) if err != nil { t.Fatal(err) } err = key.VerifyPKCS1v15(nil, data, sig) if err != nil { t.Fatal(err) } }) } func TestMarshalEC(t *testing.T) { if _, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(prime256v1CertBytes) if err != nil { t.Fatal(err) } privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes) key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } pem, err := cert.MarshalPEM() if err != nil { t.Fatal(err) } if !bytes.Equal(pem, prime256v1CertBytes) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", prime256v1CertBytes, 0644) t.Fatal("invalid cert pem bytes") } pem, err = key.MarshalPKCS1PrivateKeyPEM() if err != nil { t.Fatal(err) } if !bytes.Equal(pem, prime256v1KeyBytes) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", prime256v1KeyBytes, 0644) t.Fatal("invalid private key pem bytes") } tls_cert, err := tls.X509KeyPair(prime256v1CertBytes, prime256v1KeyBytes) if err != nil { t.Fatal(err) } tls_key, ok := tls_cert.PrivateKey.(*ecdsa.PrivateKey) if !ok { t.Fatal("FASDFASDF") } _ = tls_key der, err := key.MarshalPKCS1PrivateKeyDER() if err != nil { t.Fatal(err) } tls_der, err := x509.MarshalECPrivateKey(tls_key) if err != nil { t.Fatal(err) } if !bytes.Equal(der, tls_der) { t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n", hex.Dump(der), hex.Dump(tls_der)) } der, err = key.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey) if err != nil { t.Fatal(err) } if !bytes.Equal(der, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } pem, err = key.MarshalPKIXPublicKeyPEM() if err != nil { t.Fatal(err) } tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{ Type: "PUBLIC KEY", Bytes: tls_der}) if !bytes.Equal(pem, tls_pem) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", tls_pem, 0644) t.Fatal("invalid public key pem bytes") } loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem) if err != nil { t.Fatal(err) } loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der) if err != nil { t.Fatal(err) } new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } if !bytes.Equal(new_der_from_der, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } if !bytes.Equal(new_der_from_pem, tls_der) { ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644) ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) t.Fatal("invalid public key der bytes") } } func TestMarshalEd25519(t *testing.T) { if !ed25519_support { t.SkipNow() } if _, err := LoadPrivateKeyFromPEM(ed25519KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(ed25519CertBytes) if err != nil { t.Fatal(err) } privateBlock, _ := pem_pkg.Decode(ed25519KeyBytes) key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } pem, err := cert.MarshalPEM() if err != nil { t.Fatal(err) } if !bytes.Equal(pem, ed25519CertBytes) { ioutil.WriteFile("generated", pem, 0644) ioutil.WriteFile("hardcoded", ed25519CertBytes, 0644) t.Fatal("invalid cert pem bytes") } // NOTE: Ed25519 cannot be marshalled to PEM. if _, err := key.MarshalPKCS1PrivateKeyDER(); err != nil { t.Fatal(err) } der, err := key.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } pem, err = key.MarshalPKIXPublicKeyPEM() if err != nil { t.Fatal(err) } loadedPubkeyFromPem, err := LoadPublicKeyFromPEM(pem) if err != nil { t.Fatal(err) } loadedPubkeyFromDer, err := LoadPublicKeyFromDER(der) if err != nil { t.Fatal(err) } _, err = loadedPubkeyFromPem.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } _, err = loadedPubkeyFromDer.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } }