Left: | ||
Right: |
OLD | NEW |
---|---|
1 package ssh | 1 package ssh |
2 | 2 |
3 import ( | 3 import ( |
4 "bytes" | |
5 "crypto/dsa" | 4 "crypto/dsa" |
6 "crypto/ecdsa" | 5 "crypto/ecdsa" |
7 "crypto/elliptic" | 6 "crypto/elliptic" |
8 "crypto/rand" | 7 "crypto/rand" |
9 "crypto/rsa" | 8 "crypto/rsa" |
10 » "encoding/base64" | 9 » "io" |
11 "reflect" | 10 "reflect" |
12 "strings" | 11 "strings" |
13 "testing" | 12 "testing" |
13 "time" | |
14 ) | 14 ) |
15 | 15 |
16 var ecdsaKey Signer | 16 var ( |
17 » ecdsaKey Signer | |
18 » ecdsa384Key Signer | |
19 » ecdsa521Key Signer | |
20 » testCertKey Signer | |
21 ) | |
22 | |
23 type testSigner struct { | |
24 » priv Signer | |
dfc
2013/10/19 11:24:24
Signer
jmpittman
2013/10/20 05:17:21
Done.
| |
25 » pub PublicKey | |
26 } | |
27 | |
28 func (ts *testSigner) PublicKey() PublicKey { | |
29 » if ts.pub != nil { | |
30 » » return ts.pub | |
31 » } | |
32 » return ts.priv.PublicKey() | |
dfc
2013/10/19 11:24:24
return ts.Signer.PublicKey()
jmpittman
2013/10/20 05:17:21
Done.
| |
33 } | |
34 | |
35 func (ts *testSigner) Sign(rand io.Reader, data []byte) ([]byte, error) { | |
36 » return ts.priv.Sign(rand, data) | |
dfc
2013/10/19 11:24:24
then you can delete this forwarding method
jmpittman
2013/10/20 05:17:21
Done.
| |
37 } | |
17 | 38 |
18 func rawKey(pub PublicKey) interface{} { | 39 func rawKey(pub PublicKey) interface{} { |
19 switch k := pub.(type) { | 40 switch k := pub.(type) { |
20 case *rsaPublicKey: | 41 case *rsaPublicKey: |
21 return (*rsa.PublicKey)(k) | 42 return (*rsa.PublicKey)(k) |
22 case *dsaPublicKey: | 43 case *dsaPublicKey: |
23 return (*dsa.PublicKey)(k) | 44 return (*dsa.PublicKey)(k) |
24 case *ecdsaPublicKey: | 45 case *ecdsaPublicKey: |
25 return (*ecdsa.PublicKey)(k) | 46 return (*ecdsa.PublicKey)(k) |
47 case *OpenSSHCertV01: | |
48 return k | |
26 } | 49 } |
27 panic("unknown key type") | 50 panic("unknown key type") |
28 } | 51 } |
29 | 52 |
30 func TestKeyMarshalParse(t *testing.T) { | 53 func TestKeyMarshalParse(t *testing.T) { |
31 » keys := []Signer{rsaKey, dsaKey, ecdsaKey} | 54 » keys := []Signer{rsaKey, dsaKey, ecdsaKey, ecdsa384Key, ecdsa521Key, tes tCertKey} |
32 for _, priv := range keys { | 55 for _, priv := range keys { |
33 pub := priv.PublicKey() | 56 pub := priv.PublicKey() |
34 roundtrip, rest, ok := ParsePublicKey(MarshalPublicKey(pub)) | 57 roundtrip, rest, ok := ParsePublicKey(MarshalPublicKey(pub)) |
35 if !ok { | 58 if !ok { |
36 t.Errorf("ParsePublicKey(%T) failed", pub) | 59 t.Errorf("ParsePublicKey(%T) failed", pub) |
37 } | 60 } |
38 | 61 |
39 if len(rest) > 0 { | 62 if len(rest) > 0 { |
40 t.Errorf("ParsePublicKey(%T): trailing junk", pub) | 63 t.Errorf("ParsePublicKey(%T): trailing junk", pub) |
41 } | 64 } |
(...skipping 30 matching lines...) Expand all Loading... | |
72 if err != nil { | 95 if err != nil { |
73 t.Errorf("NewPublicKey(%#v): %v", raw, err) | 96 t.Errorf("NewPublicKey(%#v): %v", raw, err) |
74 } | 97 } |
75 if !reflect.DeepEqual(k.PublicKey(), pub) { | 98 if !reflect.DeepEqual(k.PublicKey(), pub) { |
76 t.Errorf("NewPublicKey(%#v) = %#v, want %#v", raw, pub, k.PublicKey()) | 99 t.Errorf("NewPublicKey(%#v) = %#v, want %#v", raw, pub, k.PublicKey()) |
77 } | 100 } |
78 } | 101 } |
79 } | 102 } |
80 | 103 |
81 func TestKeySignVerify(t *testing.T) { | 104 func TestKeySignVerify(t *testing.T) { |
82 » keys := []Signer{rsaKey, dsaKey, ecdsaKey} | 105 » keys := []Signer{rsaKey, dsaKey, ecdsaKey, testCertKey} |
83 for _, priv := range keys { | 106 for _, priv := range keys { |
84 pub := priv.PublicKey() | 107 pub := priv.PublicKey() |
85 | 108 |
86 data := []byte("sign me") | 109 data := []byte("sign me") |
87 sig, err := priv.Sign(rand.Reader, data) | 110 sig, err := priv.Sign(rand.Reader, data) |
88 if err != nil { | 111 if err != nil { |
89 t.Fatalf("Sign(%T): %v", priv, err) | 112 t.Fatalf("Sign(%T): %v", priv, err) |
90 } | 113 } |
91 | 114 |
92 if !pub.Verify(data, sig) { | 115 if !pub.Verify(data, sig) { |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
158 sig, err := s.Sign(rand.Reader, data) | 181 sig, err := s.Sign(rand.Reader, data) |
159 if err != nil { | 182 if err != nil { |
160 t.Fatalf("dsa.Sign: %v", err) | 183 t.Fatalf("dsa.Sign: %v", err) |
161 } | 184 } |
162 | 185 |
163 if !s.PublicKey().Verify(data, sig) { | 186 if !s.PublicKey().Verify(data, sig) { |
164 t.Error("Verify failed.") | 187 t.Error("Verify failed.") |
165 } | 188 } |
166 } | 189 } |
167 | 190 |
168 func TestParseCert(t *testing.T) { | |
169 // Cert generated by ssh-keygen 6.0p1 Debian-4. | |
170 // % ssh-keygen -s ca-key -I test user-key | |
171 b64data := "AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjY AO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdC O0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4Q uYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIA AAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAA AAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVz ZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4n ZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUb BQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo 4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP 4O1/9P7e6gp0gw8=" | |
172 | |
173 data, err := base64.StdEncoding.DecodeString(b64data) | |
174 if err != nil { | |
175 t.Fatal("base64.StdEncoding.DecodeString: ", err) | |
176 } | |
177 key, rest, ok := ParsePublicKey(data) | |
178 if !ok { | |
179 t.Fatalf("could not parse certificate") | |
180 } | |
181 if len(rest) > 0 { | |
182 t.Errorf("rest: got %q, want empty", rest) | |
183 } | |
184 _, ok = key.(*OpenSSHCertV01) | |
185 if !ok { | |
186 t.Fatalf("got %#v, want *OpenSSHCertV01", key) | |
187 } | |
188 | |
189 marshaled := MarshalPublicKey(key) | |
190 if !bytes.Equal(data, marshaled) { | |
191 t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, data) | |
192 } | |
193 } | |
194 | |
195 func init() { | 191 func init() { |
dfc
2013/10/19 11:24:24
please move the init to the top of the file
jmpittman
2013/10/20 05:17:21
Done.
| |
196 » raw, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) | 192 » raw256, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
197 » ecdsaKey, _ = NewSignerFromKey(raw) | 193 » ecdsaKey, _ = NewSignerFromKey(raw256) |
194 | |
195 » raw384, _ := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) | |
196 » ecdsa384Key, _ = NewSignerFromKey(raw384) | |
197 | |
198 » raw521, _ := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) | |
199 » ecdsa521Key, _ = NewSignerFromKey(raw521) | |
200 | |
201 » // Create a cert and sign it for use in tests. | |
202 » testCert := &OpenSSHCertV01{ | |
203 » » Nonce: []byte{}, // To pass reflect.DeepEqual after ma rshal & parse, this must be non-nil | |
204 » » Key: ecdsaKey.PublicKey(), | |
205 » » ValidPrincipals: []string{"gopher1", "gopher2"}, // increases te st coverage | |
206 » » ValidAfter: time.Now().Truncate(time.Second), | |
207 » » ValidBefore: time.Now().Truncate(time.Second).Add(time.Hour) , | |
208 » » Reserved: []byte{}, // To pass reflect.DeepEqual after ma rshal & parse, this must be non-nil | |
209 » » SignatureKey: rsaKey.PublicKey(), | |
210 » } | |
211 » sigBytes, _ := rsaKey.Sign(rand.Reader, testCert.BytesForSigning()) | |
212 » testCert.Signature = &signature{ | |
213 » » Format: testCert.SignatureKey.PublicKeyAlgo(), | |
214 » » Blob: sigBytes, | |
215 » } | |
216 » testCertKey = &testSigner{ | |
217 » » priv: ecdsaKey, | |
218 » » pub: testCert, | |
219 » } | |
198 } | 220 } |
OLD | NEW |