-
Notifications
You must be signed in to change notification settings - Fork 3
/
signature_test.go
84 lines (67 loc) · 2.82 KB
/
signature_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package http_signature_auth
import (
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"testing"
. "github.com/onsi/gomega"
)
func TestVerifySignatureWithExistingMaterial(t *testing.T) {
RegisterTestingT(t)
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
Expect(err).ToNot(HaveOccurred())
rsaKeyID := "testKeyIDrsa"
keys := NewKeysDatabase()
keys.AddKey(KeyID(rsaKeyID), &rsaKey.PublicKey)
ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
Expect(err).ToNot(HaveOccurred())
ecdsaKeyID := "testKeyIDEcdsa"
keys.AddKey(KeyID(ecdsaKeyID), &ecdsaKey.PublicKey)
ed25519PubKey, ed25519PrivKey, err := ed25519.GenerateKey(rand.Reader)
Expect(err).ToNot(HaveOccurred())
ed25519KeyID := "testKeyIDed25519"
keys.AddKey(KeyID(ed25519KeyID), ed25519PubKey)
material := &TLSExporterMaterial{}
copy(material.signatureInput[:], []byte("testSignatureInput"))
copy(material.verification[:], []byte("testVerification"))
// rsa
signature, err := NewSignatureWithMaterial(material, KeyID(rsaKeyID), rsaKey, tls.PSSWithSHA256)
Expect(err).ToNot(HaveOccurred())
ok, err := VerifySignatureWithMaterial(keys, signature, material)
Expect(err).ToNot(HaveOccurred())
Expect(ok).To(BeTrue())
// ecdsa
signature, err = NewSignatureWithMaterial(material, KeyID(ecdsaKeyID), ecdsaKey, tls.ECDSAWithP256AndSHA256)
Expect(err).ToNot(HaveOccurred())
ok, err = VerifySignatureWithMaterial(keys, signature, material)
Expect(err).ToNot(HaveOccurred())
Expect(ok).To(BeTrue())
// ed25519
signature, err = NewSignatureWithMaterial(material, KeyID(ed25519KeyID), ed25519PrivKey, tls.Ed25519)
Expect(err).ToNot(HaveOccurred())
ok, err = VerifySignatureWithMaterial(keys, signature, material)
Expect(err).ToNot(HaveOccurred())
Expect(ok).To(BeTrue())
}
func TestParseSignatureAuthorizationPayload(t *testing.T) {
RegisterTestingT(t)
// these values come from the example in https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-05.html
/*
*/
stringVal := "Signature k=YmFzZW1lbnQ, a=VGhpcyBpcyBh-HB1YmxpYyBrZXkgaW4gdXNl_GhlcmU, " +
"s=2055, v=dmVyaWZpY2F0aW9u_zE2Qg, p=SW5zZXJ0_HNpZ25hdHVyZSBvZiBub25jZSBoZXJlIHdo" +
"aWNoIHRha2VzIDUxMiBiaXRz-GZvciBFZDI1NTE5IQ"
decodedKeyId := "basement"
decodedPubKey := "This is a\xF8public key in use\xFChere"
decodedVerification := "verification\xFF16B"
decodedSignature := "Insert\xFCsignature of nonce here which takes 512 bits\xF8for Ed25519!"
signature, err := ParseSignatureAuthorizationContent(stringVal)
Expect(err).ToNot(HaveOccurred())
Expect(signature.keyID).To(Equal(KeyID(decodedKeyId)))
Expect([]byte(signature.pubkey.(ed25519.PublicKey))).To(BeEquivalentTo([]uint8(decodedPubKey)))
Expect(signature.exporterVerification).To(BeEquivalentTo(decodedVerification))
Expect(signature.proof).To(BeEquivalentTo(decodedSignature))
}