forked from mozilla-services/go-cose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sign_verify_cose_rust_cli_test.go
102 lines (81 loc) · 2.78 KB
/
sign_verify_cose_rust_cli_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package cose
import (
"crypto/rand"
"crypto/x509"
"encoding/hex"
"fmt"
"os"
"os/exec"
"testing"
"github.com/stretchr/testify/assert"
)
// signing tests for Firefox Addon COSE Signatures
//
func RustCoseVerifiesGoCoseSignatures(t *testing.T, testCase RustTestCase) {
fmt.Println(fmt.Sprintf("%s", testCase.Title))
assert := assert.New(t)
assert.True(len(testCase.Params) > 0, "No signature params!")
signers := []Signer{}
verifiers := []Verifier{}
message := NewSignMessage()
msgHeaders := &Headers{
Protected: map[interface{}]interface{}{},
Unprotected: map[interface{}]interface{}{},
}
msgHeaders.Protected[kidTag] = testCase.Certs
message.Headers = msgHeaders
message.Payload = []byte(testCase.SignPayload)
for _, param := range testCase.Params {
key, err := x509.ParsePKCS8PrivateKey(param.pkcs8)
assert.Nil(err)
signer, err := NewSignerFromKey(param.algorithm, key)
assert.Nil(err, fmt.Sprintf("%s: Error creating signer %s", testCase.Title, err))
signers = append(signers, *signer)
verifiers = append(verifiers, *signer.Verifier())
sig := NewSignature()
sig.Headers.Protected[algTag] = param.algorithm.Value
sig.Headers.Protected[kidTag] = param.certificate
message.AddSignature(sig)
}
assert.True(len(message.Signatures) > 0)
assert.Equal(len(message.Signatures), len(signers))
var external []byte
err := message.Sign(rand.Reader, external, signers)
assert.Nil(err, fmt.Sprintf("%s: signing failed with err %s", testCase.Title, err))
if testCase.ModifySignature {
// tamper with the COSE signature.
sig1 := message.Signatures[0].SignatureBytes
sig1[len(sig1)-5] ^= 1
}
if testCase.ModifyPayload {
message.Payload[0] ^= 1
}
message.Payload = nil
// Verify our signature with cose-rust
// encode message and signature
msgBytes, err := Marshal(message)
assert.Nil(err, fmt.Sprintf("%s: Error marshaling signed message to bytes %s", testCase.Title, err))
// Make sure cose-rust can verify our signature too
cmd := exec.Command("cargo", "run", "--quiet", "--color", "never", "--example", "sign_verify",
"--",
"verify",
hex.EncodeToString([]byte(testCase.SignPayload)),
hex.EncodeToString(msgBytes))
cmd.Dir = "./test/cose-rust"
cmd.Env = append(os.Environ(), "RUSTFLAGS=-A dead_code -A unused_imports")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if testCase.ModifySignature || testCase.ModifyPayload {
assert.NotNil(err, fmt.Sprintf("%s: verifying signature with cose-rust did not fail %s", testCase.Title, err))
} else {
assert.Nil(err, fmt.Sprintf("%s: error verifying signature with cose-rust %s", testCase.Title, err))
}
}
func TestRustCoseCli(t *testing.T) {
for _, testCase := range RustTestCases {
t.Run(testCase.Title, func(t *testing.T) {
RustCoseVerifiesGoCoseSignatures(t, testCase)
})
}
}