LEFT | RIGHT |
1 package ssh | 1 package ssh |
2 | 2 |
3 import ( | 3 import ( |
| 4 "crypto/dsa" |
4 "crypto/ecdsa" | 5 "crypto/ecdsa" |
5 "crypto/elliptic" | 6 "crypto/elliptic" |
6 "crypto/rand" | 7 "crypto/rand" |
7 "crypto/rsa" | 8 "crypto/rsa" |
8 "reflect" | 9 "reflect" |
| 10 "strings" |
9 "testing" | 11 "testing" |
10 ) | 12 ) |
11 | 13 |
12 var ecdsaKey PrivateKey | 14 var ecdsaKey Signer |
| 15 |
| 16 func rawKey(pub PublicKey) interface{} { |
| 17 » switch k := pub.(type) { |
| 18 » case *rsaPublicKey: |
| 19 » » return (*rsa.PublicKey)(k) |
| 20 » case *dsaPublicKey: |
| 21 » » return (*dsa.PublicKey)(k) |
| 22 » case *ecdsaPublicKey: |
| 23 » » return (*ecdsa.PublicKey)(k) |
| 24 » } |
| 25 » panic("unknown key type") |
| 26 } |
13 | 27 |
14 func TestKeyMarshalParse(t *testing.T) { | 28 func TestKeyMarshalParse(t *testing.T) { |
15 » keys := []PrivateKey{rsaKey, dsaKey, ecdsaKey} | 29 » keys := []Signer{rsaKey, dsaKey, ecdsaKey} |
16 for _, priv := range keys { | 30 for _, priv := range keys { |
17 pub := priv.PublicKey() | 31 pub := priv.PublicKey() |
18 roundtrip, rest, ok := ParsePublicKey(MarshalPublicKey(pub)) | 32 roundtrip, rest, ok := ParsePublicKey(MarshalPublicKey(pub)) |
19 if !ok { | 33 if !ok { |
20 t.Errorf("ParsePublicKey(%T) failed", pub) | 34 t.Errorf("ParsePublicKey(%T) failed", pub) |
21 } | 35 } |
22 | 36 |
23 if len(rest) > 0 { | 37 if len(rest) > 0 { |
24 t.Errorf("ParsePublicKey(%T): trailing junk", pub) | 38 t.Errorf("ParsePublicKey(%T): trailing junk", pub) |
25 } | 39 } |
26 | 40 |
27 » » k1 := priv.PublicKey().RawKey() | 41 » » k1 := rawKey(pub) |
28 » » k2 := roundtrip.RawKey() | 42 » » k2 := rawKey(roundtrip) |
29 | 43 |
30 if !reflect.DeepEqual(k1, k2) { | 44 if !reflect.DeepEqual(k1, k2) { |
31 t.Errorf("got %#v in roundtrip, want %#v", k2, k1) | 45 t.Errorf("got %#v in roundtrip, want %#v", k2, k1) |
32 } | 46 } |
33 } | 47 } |
34 } | 48 } |
35 | 49 |
| 50 func TestUnsupportedCurves(t *testing.T) { |
| 51 raw, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) |
| 52 if err != nil { |
| 53 t.Fatalf("GenerateKey: %v", err) |
| 54 } |
| 55 |
| 56 if _, err = NewSignerFromKey(raw); err == nil || !strings.Contains(err.E
rror(), "only P256") { |
| 57 t.Fatalf("NewPrivateKey should not succeed with P224, got: %v",
err) |
| 58 } |
| 59 |
| 60 if _, err = NewPublicKey(&raw.PublicKey); err == nil || !strings.Contain
s(err.Error(), "only P256") { |
| 61 t.Fatalf("NewPublicKey should not succeed with P224, got: %v", e
rr) |
| 62 } |
| 63 } |
| 64 |
| 65 func TestNewPublicKey(t *testing.T) { |
| 66 keys := []Signer{rsaKey, dsaKey, ecdsaKey} |
| 67 for _, k := range keys { |
| 68 raw := rawKey(k.PublicKey()) |
| 69 pub, err := NewPublicKey(raw) |
| 70 if err != nil { |
| 71 t.Errorf("NewPublicKey(%#v): %v", raw, err) |
| 72 } |
| 73 if !reflect.DeepEqual(k.PublicKey(), pub) { |
| 74 t.Errorf("NewPublicKey(%#v) = %#v, want %#v", raw, pub,
k.PublicKey()) |
| 75 } |
| 76 } |
| 77 } |
| 78 |
36 func TestKeySignVerify(t *testing.T) { | 79 func TestKeySignVerify(t *testing.T) { |
37 » keys := []PrivateKey{rsaKey, dsaKey, ecdsaKey} | 80 » keys := []Signer{rsaKey, dsaKey, ecdsaKey} |
38 for _, priv := range keys { | 81 for _, priv := range keys { |
39 pub := priv.PublicKey() | 82 pub := priv.PublicKey() |
40 | 83 |
41 data := []byte("sign me") | 84 data := []byte("sign me") |
42 sig, err := priv.Sign(rand.Reader, data) | 85 sig, err := priv.Sign(rand.Reader, data) |
43 if err != nil { | 86 if err != nil { |
44 t.Fatalf("Sign(%T): %v", priv, err) | 87 t.Fatalf("Sign(%T): %v", priv, err) |
45 } | 88 } |
46 | 89 |
47 if !pub.Verify(data, sig) { | 90 if !pub.Verify(data, sig) { |
48 t.Errorf("publicKey.Verify(%T) failed", priv) | 91 t.Errorf("publicKey.Verify(%T) failed", priv) |
49 } | 92 } |
50 } | 93 } |
51 } | 94 } |
52 | 95 |
53 func TestParseRSAPrivateKey(t *testing.T) { | 96 func TestParseRSAPrivateKey(t *testing.T) { |
54 key, err := ParsePrivateKey([]byte(testServerPrivateKey)) | 97 key, err := ParsePrivateKey([]byte(testServerPrivateKey)) |
55 if err != nil { | 98 if err != nil { |
56 t.Fatalf("ParsePrivateKey: %v", err) | 99 t.Fatalf("ParsePrivateKey: %v", err) |
57 } | 100 } |
58 | 101 |
59 » rsa, ok := key.RawKey().(*rsa.PrivateKey) | 102 » rsa, ok := key.(*rsaPrivateKey) |
60 if !ok { | 103 if !ok { |
61 » » t.Fatalf("got %T, want rsa.PrivateKey", rsa) | 104 » » t.Fatalf("got %T, want *rsa.PrivateKey", rsa) |
62 } | 105 } |
63 | 106 |
64 if err := rsa.Validate(); err != nil { | 107 if err := rsa.Validate(); err != nil { |
65 t.Errorf("Validate: %v", err) | 108 t.Errorf("Validate: %v", err) |
66 } | 109 } |
67 } | 110 } |
68 | 111 |
69 func TestParseECPrivateKey(t *testing.T) { | 112 func TestParseECPrivateKey(t *testing.T) { |
| 113 // Taken from the data in test/ . |
70 pem := []byte(`-----BEGIN EC PRIVATE KEY----- | 114 pem := []byte(`-----BEGIN EC PRIVATE KEY----- |
71 MHcCAQEEINGWx0zo6fhJ/0EAfrPzVFyFC9s18lBt3cRoEDhS3ARooAoGCCqGSM49 | 115 MHcCAQEEINGWx0zo6fhJ/0EAfrPzVFyFC9s18lBt3cRoEDhS3ARooAoGCCqGSM49 |
72 AwEHoUQDQgAEi9Hdw6KvZcWxfg2IDhA7UkpDtzzt6ZqJXSsFdLd+Kx4S3Sx4cVO+ | 116 AwEHoUQDQgAEi9Hdw6KvZcWxfg2IDhA7UkpDtzzt6ZqJXSsFdLd+Kx4S3Sx4cVO+ |
73 6/ZOXRnPmNAlLUqjShUsUBBngG0u2fqEqA== | 117 6/ZOXRnPmNAlLUqjShUsUBBngG0u2fqEqA== |
74 -----END EC PRIVATE KEY-----`) | 118 -----END EC PRIVATE KEY-----`) |
75 | 119 |
76 key, err := ParsePrivateKey(pem) | 120 key, err := ParsePrivateKey(pem) |
77 if err != nil { | 121 if err != nil { |
78 t.Fatalf("ParsePrivateKey: %v", err) | 122 t.Fatalf("ParsePrivateKey: %v", err) |
79 } | 123 } |
80 | 124 |
81 » ecKey, ok := key.RawKey().(*ecdsa.PrivateKey) | 125 » ecKey, ok := key.(*ecdsaPrivateKey) |
82 if !ok { | 126 if !ok { |
83 » » t.Fatalf("got %T, want ecdsa.PrivateKey", ecKey) | 127 » » t.Fatalf("got %T, want *ecdsaPrivateKey", ecKey) |
84 } | 128 } |
85 | 129 |
86 if !validateECPublicKey(ecKey.Curve, ecKey.X, ecKey.Y) { | 130 if !validateECPublicKey(ecKey.Curve, ecKey.X, ecKey.Y) { |
87 t.Fatalf("public key does not validate.") | 131 t.Fatalf("public key does not validate.") |
88 } | 132 } |
89 } | 133 } |
90 | 134 |
91 func init() { | 135 func init() { |
92 » raw, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) | 136 » raw, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
93 » if err != nil { | 137 » ecdsaKey, _ = NewSignerFromKey(raw) |
94 » » panic("GenerateKey: " + err.Error()) | |
95 » } | |
96 | |
97 » ecdsaKey, err = NewPrivateKey(raw) | |
98 » if err != nil { | |
99 » » panic("NewPrivateKey: " + err.Error()) | |
100 » } | |
101 } | 138 } |
LEFT | RIGHT |