mirror of
https://github.com/libp2p/go-openssl.git
synced 2025-01-13 02:20:10 +08:00
467 lines
10 KiB
Go
467 lines
10 KiB
Go
// Copyright (C) 2017. See AUTHORS.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package openssl
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"crypto/rsa"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"encoding/hex"
|
|
pem_pkg "encoding/pem"
|
|
"io/ioutil"
|
|
"testing"
|
|
)
|
|
|
|
func TestMarshal(t *testing.T) {
|
|
key, err := LoadPrivateKeyFromPEM(keyBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cert, err := LoadCertificateFromPEM(certBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if !key.Equal(key) {
|
|
t.Fatal("key not equal to itself")
|
|
}
|
|
|
|
privateBlock, _ := pem_pkg.Decode(keyBytes)
|
|
key, err = LoadPrivateKeyFromDER(privateBlock.Bytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
pem, err := cert.MarshalPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(pem, certBytes) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", certBytes, 0644)
|
|
t.Fatal("invalid cert pem bytes")
|
|
}
|
|
|
|
pem, err = key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(pem, keyBytes) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", keyBytes, 0644)
|
|
t.Fatal("invalid private key pem bytes")
|
|
}
|
|
tls_cert, err := tls.X509KeyPair(certBytes, keyBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_key, ok := tls_cert.PrivateKey.(*rsa.PrivateKey)
|
|
if !ok {
|
|
t.Fatal("FASDFASDF")
|
|
}
|
|
_ = tls_key
|
|
|
|
der, err := key.MarshalPKCS1PrivateKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_der := x509.MarshalPKCS1PrivateKey(tls_key)
|
|
if !bytes.Equal(der, tls_der) {
|
|
t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n",
|
|
hex.Dump(der), hex.Dump(tls_der))
|
|
}
|
|
|
|
der, err = key.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(der, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
|
|
pem, err = key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{
|
|
Type: "PUBLIC KEY", Bytes: tls_der})
|
|
if !bytes.Equal(pem, tls_pem) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", tls_pem, 0644)
|
|
t.Fatal("invalid public key pem bytes")
|
|
}
|
|
|
|
loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if !bytes.Equal(new_der_from_der, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
|
|
if !bytes.Equal(new_der_from_pem, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
}
|
|
|
|
func TestGenerate(t *testing.T) {
|
|
key, err := GenerateRSAKey(2048)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = GenerateRSAKeyWithExponent(1024, 65537)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestGenerateEC(t *testing.T) {
|
|
key, err := GenerateECKey(Prime256v1)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestGenerateEd25519(t *testing.T) {
|
|
if !ed25519_support {
|
|
t.SkipNow()
|
|
}
|
|
|
|
key, err := GenerateED25519Key()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if _, err = key.MarshalPKIXPublicKeyPEM(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestSign(t *testing.T) {
|
|
key, _ := GenerateRSAKey(1024)
|
|
data := []byte("the quick brown fox jumps over the lazy dog")
|
|
_, err := key.SignPKCS1v15(SHA1_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.SignPKCS1v15(SHA256_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = key.SignPKCS1v15(SHA512_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestSignEC(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key, err := GenerateECKey(Prime256v1)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
data := []byte("the quick brown fox jumps over the lazy dog")
|
|
|
|
t.Run("sha1", func(t *testing.T) {
|
|
t.Parallel()
|
|
sig, err := key.SignPKCS1v15(SHA1_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = key.VerifyPKCS1v15(SHA1_Method, data, sig)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
|
|
t.Run("sha256", func(t *testing.T) {
|
|
t.Parallel()
|
|
sig, err := key.SignPKCS1v15(SHA256_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = key.VerifyPKCS1v15(SHA256_Method, data, sig)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
|
|
t.Run("sha512", func(t *testing.T) {
|
|
t.Parallel()
|
|
sig, err := key.SignPKCS1v15(SHA512_Method, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = key.VerifyPKCS1v15(SHA512_Method, data, sig)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestSignED25519(t *testing.T) {
|
|
if !ed25519_support {
|
|
t.SkipNow()
|
|
}
|
|
|
|
t.Parallel()
|
|
|
|
key, err := GenerateED25519Key()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
data := []byte("the quick brown fox jumps over the lazy dog")
|
|
|
|
t.Run("new", func(t *testing.T) {
|
|
t.Parallel()
|
|
sig, err := key.SignPKCS1v15(nil, data)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
err = key.VerifyPKCS1v15(nil, data, sig)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
})
|
|
}
|
|
|
|
func TestMarshalEC(t *testing.T) {
|
|
if _, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cert, err := LoadCertificateFromPEM(prime256v1CertBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes)
|
|
key, err := LoadPrivateKeyFromDER(privateBlock.Bytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
pem, err := cert.MarshalPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(pem, prime256v1CertBytes) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", prime256v1CertBytes, 0644)
|
|
t.Fatal("invalid cert pem bytes")
|
|
}
|
|
|
|
pem, err = key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(pem, prime256v1KeyBytes) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", prime256v1KeyBytes, 0644)
|
|
t.Fatal("invalid private key pem bytes")
|
|
}
|
|
tls_cert, err := tls.X509KeyPair(prime256v1CertBytes, prime256v1KeyBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_key, ok := tls_cert.PrivateKey.(*ecdsa.PrivateKey)
|
|
if !ok {
|
|
t.Fatal("FASDFASDF")
|
|
}
|
|
_ = tls_key
|
|
|
|
der, err := key.MarshalPKCS1PrivateKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_der, err := x509.MarshalECPrivateKey(tls_key)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(der, tls_der) {
|
|
t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n",
|
|
hex.Dump(der), hex.Dump(tls_der))
|
|
}
|
|
|
|
der, err = key.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(der, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
|
|
pem, err = key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{
|
|
Type: "PUBLIC KEY", Bytes: tls_der})
|
|
if !bytes.Equal(pem, tls_pem) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", tls_pem, 0644)
|
|
t.Fatal("invalid public key pem bytes")
|
|
}
|
|
|
|
loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if !bytes.Equal(new_der_from_der, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
|
|
if !bytes.Equal(new_der_from_pem, tls_der) {
|
|
ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644)
|
|
ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644)
|
|
t.Fatal("invalid public key der bytes")
|
|
}
|
|
}
|
|
|
|
func TestMarshalEd25519(t *testing.T) {
|
|
if !ed25519_support {
|
|
t.SkipNow()
|
|
}
|
|
|
|
if _, err := LoadPrivateKeyFromPEM(ed25519KeyBytes); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cert, err := LoadCertificateFromPEM(ed25519CertBytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
privateBlock, _ := pem_pkg.Decode(ed25519KeyBytes)
|
|
key, err := LoadPrivateKeyFromDER(privateBlock.Bytes)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
pem, err := cert.MarshalPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !bytes.Equal(pem, ed25519CertBytes) {
|
|
ioutil.WriteFile("generated", pem, 0644)
|
|
ioutil.WriteFile("hardcoded", ed25519CertBytes, 0644)
|
|
t.Fatal("invalid cert pem bytes")
|
|
}
|
|
|
|
// NOTE: Ed25519 cannot be marshalled to PEM.
|
|
|
|
if _, err := key.MarshalPKCS1PrivateKeyDER(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
der, err := key.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
pem, err = key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedPubkeyFromPem, err := LoadPublicKeyFromPEM(pem)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedPubkeyFromDer, err := LoadPublicKeyFromDER(der)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
_, err = loadedPubkeyFromPem.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
_, err = loadedPubkeyFromDer.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|