| // Copyright 2019 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package note |
| |
| import ( |
| "crypto/rand" |
| "errors" |
| "strings" |
| "testing" |
| "testing/iotest" |
| |
| "golang.org/x/crypto/ed25519" |
| ) |
| |
| func TestNewVerifier(t *testing.T) { |
| vkey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW" |
| _, err := NewVerifier(vkey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check various manglings are not accepted. |
| badKey := func(k string) { |
| _, err := NewVerifier(k) |
| if err == nil { |
| t.Errorf("NewVerifier(%q) succeeded, should have failed", k) |
| } |
| } |
| |
| b := []byte(vkey) |
| for i := 0; i <= len(b); i++ { |
| for j := i + 1; j <= len(b); j++ { |
| if i != 0 || j != len(b) { |
| badKey(string(b[i:j])) |
| } |
| } |
| } |
| for i := 0; i < len(b); i++ { |
| b[i]++ |
| badKey(string(b)) |
| b[i]-- |
| } |
| |
| badKey("PeterNeumann+cc469956+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TWBADKEY==") // wrong length key, with adjusted key hash |
| badKey("PeterNeumann+173116ae+ZRpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW") // unknown algorithm, with adjusted key hash |
| } |
| |
| func TestNewSigner(t *testing.T) { |
| skey := "PRIVATE+KEY+PeterNeumann+c74f20a3+AYEKFALVFGyNhPJEMzD1QIDr+Y7hfZx09iUvxdXHKDFz" |
| _, err := NewSigner(skey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check various manglings are not accepted. |
| b := []byte(skey) |
| for i := 0; i <= len(b); i++ { |
| for j := i + 1; j <= len(b); j++ { |
| if i == 0 && j == len(b) { |
| continue |
| } |
| _, err := NewSigner(string(b[i:j])) |
| if err == nil { |
| t.Errorf("NewSigner(%q) succeeded, should have failed", b[i:j]) |
| } |
| } |
| } |
| for i := 0; i < len(b); i++ { |
| b[i]++ |
| _, err := NewSigner(string(b)) |
| if err == nil { |
| t.Errorf("NewSigner(%q) succeeded, should have failed", b) |
| } |
| b[i]-- |
| } |
| } |
| |
| func testSignerAndVerifier(t *testing.T, Name string, signer Signer, verifier Verifier) { |
| if name := signer.Name(); name != Name { |
| t.Errorf("signer.Name() = %q, want %q", name, Name) |
| } |
| if name := verifier.Name(); name != Name { |
| t.Errorf("verifier.Name() = %q, want %q", name, Name) |
| } |
| shash := signer.KeyHash() |
| vhash := verifier.KeyHash() |
| if shash != vhash { |
| t.Errorf("signer.KeyHash() = %#08x != verifier.KeyHash() = %#08x", shash, vhash) |
| } |
| |
| msg := []byte("hi") |
| sig, err := signer.Sign(msg) |
| if err != nil { |
| t.Fatalf("signer.Sign: %v", err) |
| } |
| if !verifier.Verify(msg, sig) { |
| t.Fatalf("verifier.Verify failed on signature returned by signer.Sign") |
| } |
| sig[0]++ |
| if verifier.Verify(msg, sig) { |
| t.Fatalf("verifier.Verify succceeded on corrupt signature") |
| } |
| sig[0]-- |
| msg[0]++ |
| if verifier.Verify(msg, sig) { |
| t.Fatalf("verifier.Verify succceeded on corrupt message") |
| } |
| } |
| |
| func TestGenerateKey(t *testing.T) { |
| // Generate key pair, make sure it is all self-consistent. |
| const Name = "EnochRoot" |
| |
| skey, vkey, err := GenerateKey(rand.Reader, Name) |
| if err != nil { |
| t.Fatalf("GenerateKey: %v", err) |
| } |
| signer, err := NewSigner(skey) |
| if err != nil { |
| t.Fatalf("NewSigner: %v", err) |
| } |
| verifier, err := NewVerifier(vkey) |
| if err != nil { |
| t.Fatalf("NewVerifier: %v", err) |
| } |
| |
| testSignerAndVerifier(t, Name, signer, verifier) |
| |
| // Check that GenerateKey returns error from rand reader. |
| _, _, err = GenerateKey(iotest.TimeoutReader(iotest.OneByteReader(rand.Reader)), Name) |
| if err == nil { |
| t.Fatalf("GenerateKey succeeded with error-returning rand reader") |
| } |
| } |
| |
| func TestFromEd25519(t *testing.T) { |
| const Name = "EnochRoot" |
| |
| pub, priv, err := ed25519.GenerateKey(rand.Reader) |
| if err != nil { |
| t.Fatalf("GenerateKey: %v", err) |
| } |
| signer, err := newSignerFromEd25519Seed(Name, priv.Seed()) |
| if err != nil { |
| t.Fatalf("newSignerFromEd25519Seed: %v", err) |
| } |
| vkey, err := NewEd25519VerifierKey(Name, pub) |
| if err != nil { |
| t.Fatalf("NewEd25519VerifierKey: %v", err) |
| } |
| verifier, err := NewVerifier(vkey) |
| if err != nil { |
| t.Fatalf("NewVerifier: %v", err) |
| } |
| |
| testSignerAndVerifier(t, Name, signer, verifier) |
| |
| // Check that wrong key sizes return errors. |
| _, err = NewEd25519VerifierKey(Name, pub[:len(pub)-1]) |
| if err == nil { |
| t.Errorf("NewEd25519VerifierKey succeeded with a seed of the wrong size") |
| } |
| } |
| |
| // newSignerFromEd25519Seed constructs a new signer from a verifier name and a |
| // golang.org/x/crypto/ed25519 private key seed. |
| func newSignerFromEd25519Seed(name string, seed []byte) (Signer, error) { |
| if len(seed) != ed25519.SeedSize { |
| return nil, errors.New("invalid seed size") |
| } |
| priv := ed25519.NewKeyFromSeed(seed) |
| pub := priv[32:] |
| |
| pubkey := append([]byte{algEd25519}, pub...) |
| hash := keyHash(name, pubkey) |
| |
| s := &signer{ |
| name: name, |
| hash: uint32(hash), |
| sign: func(msg []byte) ([]byte, error) { |
| return ed25519.Sign(priv, msg), nil |
| }, |
| } |
| return s, nil |
| } |
| |
| func TestSign(t *testing.T) { |
| skey := "PRIVATE+KEY+PeterNeumann+c74f20a3+AYEKFALVFGyNhPJEMzD1QIDr+Y7hfZx09iUvxdXHKDFz" |
| text := "If you think cryptography is the answer to your problem,\n" + |
| "then you don't know what your problem is.\n" |
| |
| signer, err := NewSigner(skey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| msg, err := Sign(&Note{Text: text}, signer) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| want := `If you think cryptography is the answer to your problem, |
| then you don't know what your problem is. |
| |
| — PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM= |
| ` |
| if string(msg) != want { |
| t.Errorf("Sign: wrong output\nhave:\n%s\nwant:\n%s", msg, want) |
| } |
| |
| // Check that existing signature is replaced by new one. |
| msg, err = Sign(&Note{Text: text, Sigs: []Signature{{Name: "PeterNeumann", Hash: 0xc74f20a3, Base64: "BADSIGN="}}}, signer) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if string(msg) != want { |
| t.Errorf("Sign replacing signature: wrong output\nhave:\n%s\nwant:\n%s", msg, want) |
| } |
| |
| // Check various bad inputs. |
| _, err = Sign(&Note{Text: "abc"}, signer) |
| if err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Sign with short text: %v, want malformed note error", err) |
| } |
| |
| _, err = Sign(&Note{Text: text, Sigs: []Signature{{Name: "a+b", Base64: "ABCD"}}}) |
| if err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Sign with bad name: %v, want malformed note error", err) |
| } |
| |
| _, err = Sign(&Note{Text: text, Sigs: []Signature{{Name: "PeterNeumann", Hash: 0xc74f20a3, Base64: "BADHASH="}}}) |
| if err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Sign with bad pre-filled signature: %v, want malformed note error", err) |
| } |
| |
| _, err = Sign(&Note{Text: text}, &badSigner{signer}) |
| if err == nil || err.Error() != "invalid signer" { |
| t.Fatalf("Sign with bad signer: %v, want invalid signer error", err) |
| } |
| |
| _, err = Sign(&Note{Text: text}, &errSigner{signer}) |
| if err != errSurprise { |
| t.Fatalf("Sign with failing signer: %v, want errSurprise", err) |
| } |
| } |
| |
| func TestVerifierList(t *testing.T) { |
| peterKey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW" |
| peterVerifier, err := NewVerifier(peterKey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| enochKey := "EnochRoot+af0cfe78+ATtqJ7zOtqQtYqOo0CpvDXNlMhV3HeJDpjrASKGLWdop" |
| enochVerifier, err := NewVerifier(enochKey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| list := VerifierList(peterVerifier, enochVerifier, enochVerifier) |
| v, err := list.Verifier("PeterNeumann", 0xc74f20a3) |
| if v != peterVerifier || err != nil { |
| t.Fatalf("list.Verifier(peter) = %v, %v, want %v, nil", v, err, peterVerifier) |
| } |
| v, err = list.Verifier("PeterNeumann", 0xc74f20a4) |
| if v != nil || err == nil || err.Error() != "unknown key PeterNeumann+c74f20a4" { |
| t.Fatalf("list.Verifier(peter bad hash) = %v, %v, want nil, unknown key error", v, err) |
| } |
| |
| v, err = list.Verifier("PeterNeuman", 0xc74f20a3) |
| if v != nil || err == nil || err.Error() != "unknown key PeterNeuman+c74f20a3" { |
| t.Fatalf("list.Verifier(peter bad name) = %v, %v, want nil, unknown key error", v, err) |
| } |
| v, err = list.Verifier("EnochRoot", 0xaf0cfe78) |
| if v != nil || err == nil || err.Error() != "ambiguous key EnochRoot+af0cfe78" { |
| t.Fatalf("list.Verifier(enoch) = %v, %v, want nil, ambiguous key error", v, err) |
| } |
| } |
| |
| type badSigner struct { |
| Signer |
| } |
| |
| func (b *badSigner) Name() string { |
| return "bad name" |
| } |
| |
| var errSurprise = errors.New("surprise!") |
| |
| type errSigner struct { |
| Signer |
| } |
| |
| func (e *errSigner) Sign([]byte) ([]byte, error) { |
| return nil, errSurprise |
| } |
| |
| func TestOpen(t *testing.T) { |
| peterKey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW" |
| peterVerifier, err := NewVerifier(peterKey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| enochKey := "EnochRoot+af0cfe78+ATtqJ7zOtqQtYqOo0CpvDXNlMhV3HeJDpjrASKGLWdop" |
| enochVerifier, err := NewVerifier(enochKey) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| text := `If you think cryptography is the answer to your problem, |
| then you don't know what your problem is. |
| ` |
| peterSig := "— PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=\n" |
| enochSig := "— EnochRoot rwz+eBzmZa0SO3NbfRGzPCpDckykFXSdeX+MNtCOXm2/5n2tiOHp+vAF1aGrQ5ovTG01oOTGwnWLox33WWd1RvMc+QQ=\n" |
| |
| peter := Signature{"PeterNeumann", 0xc74f20a3, "x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM="} |
| enoch := Signature{"EnochRoot", 0xaf0cfe78, "rwz+eBzmZa0SO3NbfRGzPCpDckykFXSdeX+MNtCOXm2/5n2tiOHp+vAF1aGrQ5ovTG01oOTGwnWLox33WWd1RvMc+QQ="} |
| |
| // Check one signature verified, one not. |
| n, err := Open([]byte(text+"\n"+peterSig+enochSig), VerifierList(peterVerifier)) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if n.Text != text { |
| t.Errorf("n.Text = %q, want %q", n.Text, text) |
| } |
| if len(n.Sigs) != 1 || n.Sigs[0] != peter { |
| t.Errorf("n.Sigs:\nhave %v\nwant %v", n.Sigs, []Signature{peter}) |
| } |
| if len(n.UnverifiedSigs) != 1 || n.UnverifiedSigs[0] != enoch { |
| t.Errorf("n.UnverifiedSigs:\nhave %v\nwant %v", n.Sigs, []Signature{peter}) |
| } |
| |
| // Check both verified. |
| n, err = Open([]byte(text+"\n"+peterSig+enochSig), VerifierList(peterVerifier, enochVerifier)) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if len(n.Sigs) != 2 || n.Sigs[0] != peter || n.Sigs[1] != enoch { |
| t.Errorf("n.Sigs:\nhave %v\nwant %v", n.Sigs, []Signature{peter, enoch}) |
| } |
| if len(n.UnverifiedSigs) != 0 { |
| t.Errorf("n.UnverifiedSigs:\nhave %v\nwant %v", n.Sigs, []Signature{}) |
| } |
| |
| // Check both unverified. |
| n, err = Open([]byte(text+"\n"+peterSig+enochSig), VerifierList()) |
| if n != nil || err == nil { |
| t.Fatalf("Open unverified = %v, %v, want nil, error", n, err) |
| } |
| e, ok := err.(*UnverifiedNoteError) |
| if !ok { |
| t.Fatalf("Open unverified: err is %T, want *UnverifiedNoteError", err) |
| } |
| if err.Error() != "note has no verifiable signatures" { |
| t.Fatalf("Open unverified: err.Error() = %q, want %q", err.Error(), "note has no verifiable signatures") |
| } |
| |
| n = e.Note |
| if n == nil { |
| t.Fatalf("Open unverified: missing note in UnverifiedNoteError") |
| } |
| if len(n.Sigs) != 0 { |
| t.Errorf("n.Sigs:\nhave %v\nwant %v", n.Sigs, []Signature{}) |
| } |
| if len(n.UnverifiedSigs) != 2 || n.UnverifiedSigs[0] != peter || n.UnverifiedSigs[1] != enoch { |
| t.Errorf("n.UnverifiedSigs:\nhave %v\nwant %v", n.Sigs, []Signature{peter, enoch}) |
| } |
| |
| // Check duplicated verifier. |
| _, err = Open([]byte(text+"\n"+enochSig), VerifierList(enochVerifier, peterVerifier, enochVerifier)) |
| if err == nil || err.Error() != "ambiguous key EnochRoot+af0cfe78" { |
| t.Fatalf("Open with duplicated verifier: err=%v, want ambiguous key", err) |
| } |
| |
| // Check unused duplicated verifier. |
| _, err = Open([]byte(text+"\n"+peterSig), VerifierList(enochVerifier, peterVerifier, enochVerifier)) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| // Check too many signatures. |
| n, err = Open([]byte(text+"\n"+strings.Repeat(peterSig, 101)), VerifierList(peterVerifier)) |
| if n != nil || err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Open too many verified signatures = %v, %v, want nil, malformed note error", n, err) |
| } |
| n, err = Open([]byte(text+"\n"+strings.Repeat(peterSig, 101)), VerifierList()) |
| if n != nil || err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Open too many verified signatures = %v, %v, want nil, malformed note error", n, err) |
| } |
| |
| // Invalid signature. |
| n, err = Open([]byte(text+"\n"+peterSig[:60]+"ABCD"+peterSig[60:]), VerifierList(peterVerifier)) |
| if n != nil || err == nil || err.Error() != "invalid signature for key PeterNeumann+c74f20a3" { |
| t.Fatalf("Open too many verified signatures = %v, %v, want nil, invalid signature error", n, err) |
| } |
| |
| // Duplicated verified and unverified signatures. |
| enochABCD := Signature{"EnochRoot", 0xaf0cfe78, "rwz+eBzmZa0SO3NbfRGzPCpDckykFXSdeX+MNtCOXm2/5n" + "ABCD" + "2tiOHp+vAF1aGrQ5ovTG01oOTGwnWLox33WWd1RvMc+QQ="} |
| n, err = Open([]byte(text+"\n"+peterSig+peterSig+enochSig+enochSig+enochSig[:60]+"ABCD"+enochSig[60:]), VerifierList(peterVerifier)) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if len(n.Sigs) != 1 || n.Sigs[0] != peter { |
| t.Errorf("n.Sigs:\nhave %v\nwant %v", n.Sigs, []Signature{peter}) |
| } |
| if len(n.UnverifiedSigs) != 2 || n.UnverifiedSigs[0] != enoch || n.UnverifiedSigs[1] != enochABCD { |
| t.Errorf("n.UnverifiedSigs:\nhave %v\nwant %v", n.UnverifiedSigs, []Signature{enoch, enochABCD}) |
| } |
| |
| // Invalid encoded message syntax. |
| badMsgs := []string{ |
| text, |
| text + "\n", |
| text + "\n" + peterSig[:len(peterSig)-1], |
| "\x01" + text + "\n" + peterSig, |
| "\xff" + text + "\n" + peterSig, |
| text + "\n" + "— Bad Name x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=", |
| text + "\n" + peterSig + "Unexpected line.\n", |
| } |
| for _, msg := range badMsgs { |
| n, err := Open([]byte(msg), VerifierList(peterVerifier)) |
| if n != nil || err == nil || err.Error() != "malformed note" { |
| t.Fatalf("Open bad msg = %v, %v, want nil, malformed note error\nmsg:\n%s", n, err, msg) |
| } |
| } |
| } |
| |
| func BenchmarkOpen(b *testing.B) { |
| vkey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW" |
| msg := []byte("If you think cryptography is the answer to your problem,\n" + |
| "then you don't know what your problem is.\n" + |
| "\n" + |
| "— PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=\n") |
| |
| verifier, err := NewVerifier(vkey) |
| if err != nil { |
| b.Fatal(err) |
| } |
| verifiers := VerifierList(verifier) |
| verifiers0 := VerifierList() |
| |
| // Try with 0 signatures and 1 signature so we can tell how much each signature adds. |
| |
| b.Run("Sig0", func(b *testing.B) { |
| for i := 0; i < b.N; i++ { |
| _, err := Open(msg, verifiers0) |
| e, ok := err.(*UnverifiedNoteError) |
| if !ok { |
| b.Fatal("expected UnverifiedNoteError") |
| } |
| n := e.Note |
| if len(n.Sigs) != 0 || len(n.UnverifiedSigs) != 1 { |
| b.Fatal("wrong signature count") |
| } |
| } |
| }) |
| |
| b.Run("Sig1", func(b *testing.B) { |
| for i := 0; i < b.N; i++ { |
| n, err := Open(msg, verifiers) |
| if err != nil { |
| b.Fatal(err) |
| } |
| if len(n.Sigs) != 1 || len(n.UnverifiedSigs) != 0 { |
| b.Fatal("wrong signature count") |
| } |
| } |
| }) |
| } |
