From a7afee7530449cfb6ef5f91d273a089de92f82a1 Mon Sep 17 00:00:00 2001 From: Aydin Mercan Date: Sun, 5 Dec 2021 12:38:31 +0300 Subject: [PATCH] internal/publickey: add eddsa tests Added tests for EdDSA keys. Subsequently, some fixes were introduced. Also, ECDSA's test names were fixed to avoid collusions. As a bonus some unused code were removed. --- go.sum | 2 + internal/publickey/ecdsa_test.go | 30 ++++++------- internal/publickey/eddsa.go | 11 +++++ internal/publickey/eddsa_test.go | 75 ++++++++++++++++++++++++++++++++ internal/publickey/jwk.go | 3 -- jwk/jwk.go | 2 - 6 files changed, 103 insertions(+), 20 deletions(-) create mode 100644 internal/publickey/eddsa_test.go delete mode 100644 internal/publickey/jwk.go diff --git a/go.sum b/go.sum index 814b1a3..61e9f97 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211202192323-5770296d904e h1:MUP6MR3rJ7Gk9LEia0LP2ytiH6MuCfs7qYz+47jGdD8= +golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/internal/publickey/ecdsa_test.go b/internal/publickey/ecdsa_test.go index 11f8665..d398116 100644 --- a/internal/publickey/ecdsa_test.go +++ b/internal/publickey/ecdsa_test.go @@ -13,13 +13,13 @@ const ( "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }` - InvalidCurveType = `{ + InvalidECDSACurveType = `{ "crv": "p-256", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }` - InvalidCurvePoint = `{ + InvalidECDSACurvePoint = `{ "crv": "P-521", "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0" @@ -28,18 +28,18 @@ const ( var ( IncompleteECDSAPublicKeyPermutation = []string{ - `{"crv": "P-256", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4"}`, - `{"crv": "P-256", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM"}`, - `{"x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"}`, + `{ "crv": "P-256", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4" }`, + `{ "crv": "P-256", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }`, + `{ "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0" }`, } - MalformedKeyJSON = []string{ + MalformedECDSAPublicKey = []string{ `Wait this isn't even JSON!`, - `{"crv": "P-521", "x": 1234567890, "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM}"`, + `{ "crv": "P-521", "x": 1234567890, "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }`, } ) -func TestValidCurvePoint(t *testing.T) { +func TestECDSAValidCurvePoint(t *testing.T) { key, err := publickey.ParseECDSAPublicKey([]byte(ValidECDSAPublicKey)) if err != nil { t.Fatalf("Expected pass while parsing, found %v", err) @@ -50,21 +50,21 @@ func TestValidCurvePoint(t *testing.T) { } } -func TestInvalidCurveTypeDenial(t *testing.T) { - _, err := publickey.ParseECDSAPublicKey([]byte(InvalidCurveType)) +func TestECDSAInvalidCurveTypeDenial(t *testing.T) { + _, err := publickey.ParseECDSAPublicKey([]byte(InvalidECDSACurveType)) if err == nil { t.Errorf("Expected failure for curve type but passed") } } -func TestInvalidCurvePointDenial(t *testing.T) { - _, err := publickey.ParseECDSAPublicKey([]byte(InvalidCurvePoint)) +func TestECDSAInvalidCurvePointDenial(t *testing.T) { + _, err := publickey.ParseECDSAPublicKey([]byte(InvalidECDSACurvePoint)) if err != publickey.ErrInvalidCurvePoint { t.Errorf("Expected invalid curve point failure, found: %v", err) } } -func TestIncompleteHeaderDenial(t *testing.T) { +func TestECDSAIncompletePublicKeyDenial(t *testing.T) { for _, key := range IncompleteECDSAPublicKeyPermutation { _, err := publickey.ParseECDSAPublicKey([]byte(key)) if err == nil { @@ -73,8 +73,8 @@ func TestIncompleteHeaderDenial(t *testing.T) { } } -func TestMalformedHeaderDenial(t *testing.T) { - for _, key := range MalformedKeyJSON { +func TestECDSAMalformedPublicKeyDenial(t *testing.T) { + for _, key := range MalformedECDSAPublicKey { _, err := publickey.ParseECDSAPublicKey([]byte(key)) if err == nil { t.Errorf("Expected to fail but didn't") diff --git a/internal/publickey/eddsa.go b/internal/publickey/eddsa.go index 87c3530..0b5eb25 100644 --- a/internal/publickey/eddsa.go +++ b/internal/publickey/eddsa.go @@ -28,7 +28,18 @@ func ParseEdDSAPublicKey(data json.RawMessage) (*ed25519.PublicKey, error) { return nil, fmt.Errorf("Invalid/Unsupported curve type %s", header.Curve) } + if header.X == "" { + return nil, fmt.Errorf("Non-existent curve point") + } + rawKey, err := base64.RawURLEncoding.DecodeString(header.X) + if err != nil { + return nil, err + } + + if len(rawKey) != ed25519.PublicKeySize { + return nil, fmt.Errorf("Invalid public key") + } key := ed25519.PublicKey(rawKey) diff --git a/internal/publickey/eddsa_test.go b/internal/publickey/eddsa_test.go new file mode 100644 index 0000000..cb4c98e --- /dev/null +++ b/internal/publickey/eddsa_test.go @@ -0,0 +1,75 @@ +package publickey_test + +import ( + "mercan.dev/dumb-jose/internal/publickey" + "testing" +) + +const ( + ValidEdDSAPublicKey = `{ + "crv": "Ed25519", + "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" + }` + + InvalidEdDSACurveType = `{ + "crv": "Ed448", + "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" + }` + + InvalidEdDSACurvePoint = `{ + "crv": "Ed25519", + "x": "AQAB" + }` +) + +var ( + IncompleteEdDSAPublicKeyPermutation = []string{ + `{ "crv": "Ed25519" }`, + `{ "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" }`, + } + + MalformedEdDSAPublicKey = []string{ + `Wait this isn't even JSON!`, + `{ "crv": "Ed25519", "x": 123456790 }`, + `{ "crv": Ed25519, "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" }`, + } +) + +func TestEdDSAValidCurvePoint(t *testing.T) { + _, err := publickey.ParseEdDSAPublicKey([]byte(ValidEdDSAPublicKey)) + if err != nil { + t.Fatalf("Expected pass while parsing, found error %v", err) + } +} + +func TestEdDSAInvalidCurveTypeDenial(t *testing.T) { + _, err := publickey.ParseEdDSAPublicKey([]byte(InvalidEdDSACurveType)) + if err == nil { + t.Fatalf("Expected to fail for but didn't") + } +} + +func TestEdDSAInvalidCurvePointDenial(t *testing.T) { + _, err := publickey.ParseEdDSAPublicKey([]byte(InvalidEdDSACurvePoint)) + if err == nil { + t.Fatalf("Expected to fail for but didn't") + } +} + +func TestEdDSAIncompletePublicKeyDenial(t *testing.T) { + for _, key := range IncompleteEdDSAPublicKeyPermutation { + _, err := publickey.ParseEdDSAPublicKey([]byte(key)) + if err == nil { + t.Fatalf("Expected to fail for %s but didn't", key) + } + } +} + +func TestEdDSAMalformedPublicKeyDenial(t *testing.T) { + for _, key := range MalformedEdDSAPublicKey { + _, err := publickey.ParseEdDSAPublicKey([]byte(key)) + if err == nil { + t.Fatalf("Expected to fail for %s but didn't", key) + } + } +} diff --git a/internal/publickey/jwk.go b/internal/publickey/jwk.go deleted file mode 100644 index 7650b68..0000000 --- a/internal/publickey/jwk.go +++ /dev/null @@ -1,3 +0,0 @@ -package publickey - -type JWKPublicKeyHeader interface{} diff --git a/jwk/jwk.go b/jwk/jwk.go index 41fca6c..f18adb6 100644 --- a/jwk/jwk.go +++ b/jwk/jwk.go @@ -8,8 +8,6 @@ import ( "mercan.dev/dumb-jose/internal/publickey" ) -type PublicKeyHeader interface{} - type JWK struct { KeyID string `json:"kid"` KeyType string `json:"kty"`