mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/crypto/crypto_test.go

144 lines
4.7 KiB
Go
Raw Blame History

// Copyright 2025 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package crypto_test
import (
"bytes"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"internal/testenv"
"io"
"io/fs"
"os"
"path/filepath"
"regexp"
"strings"
"testing"
)
type messageSignerOnly struct {
k *rsa.PrivateKey
}
func (s *messageSignerOnly) Public() crypto.PublicKey {
return s.k.Public()
}
func (s *messageSignerOnly) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte, error) {
return nil, errors.New("unimplemented")
}
func (s *messageSignerOnly) SignMessage(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
h := opts.HashFunc().New()
h.Write(msg)
digest := h.Sum(nil)
return s.k.Sign(rand, digest, opts)
}
func TestSignMessage(t *testing.T) {
block, _ := pem.Decode([]byte(strings.ReplaceAll(
`-----BEGIN RSA TESTING KEY-----
MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso
tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE
89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU
l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s
B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59
3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+
dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI
FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J
aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2
BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx
IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/
fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u
pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT
Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl
u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD
fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X
Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE
k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo
qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS
CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ
XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw
AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r
UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0
2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5
7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3
-----END RSA TESTING KEY-----`, "TESTING KEY", "PRIVATE KEY")))
k, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
msg := []byte("hello :)")
h := crypto.SHA256.New()
h.Write(msg)
digest := h.Sum(nil)
sig, err := crypto.SignMessage(k, rand.Reader, msg, &rsa.PSSOptions{Hash: crypto.SHA256})
if err != nil {
t.Fatalf("SignMessage failed with Signer: %s", err)
}
if err := rsa.VerifyPSS(&k.PublicKey, crypto.SHA256, digest, sig, nil); err != nil {
t.Errorf("VerifyPSS failed for Signer signature: %s", err)
}
sig, err = crypto.SignMessage(&messageSignerOnly{k}, rand.Reader, msg, &rsa.PSSOptions{Hash: crypto.SHA256})
if err != nil {
t.Fatalf("SignMessage failed with MessageSigner: %s", err)
}
if err := rsa.VerifyPSS(&k.PublicKey, crypto.SHA256, digest, sig, nil); err != nil {
t.Errorf("VerifyPSS failed for MessageSigner signature: %s", err)
}
}
func TestDisallowedAssemblyInstructions(t *testing.T) {
// This test enforces the cryptography assembly policy rule that we do not
// use BYTE or WORD instructions, since these instructions can obscure what
// the assembly is actually doing. If we do not support specific
// instructions in the assembler, we should not be using them until we do.
//
// Instead of using the output of the 'go tool asm' tool, we take the simple
// approach and just search the text of .s files for usage of BYTE and WORD.
// We do this because the assembler itself will sometimes insert WORD
// instructions for things like function preambles etc.
boringSigPath := filepath.Join("internal", "boring", "sig")
matcher, err := regexp.Compile(`(^|;)\s(BYTE|WORD)\s`)
if err != nil {
t.Fatal(err)
}
if err := filepath.WalkDir(filepath.Join(testenv.GOROOT(t), "src/crypto"), func(path string, d fs.DirEntry, err error) error {
if err != nil {
t.Fatal(err)
}
if d.IsDir() || !strings.HasSuffix(path, ".s") {
return nil
}
if strings.Contains(path, boringSigPath) {
return nil
}
f, err := os.ReadFile(path)
if err != nil {
t.Fatal(err)
}
i := 1
for line := range bytes.Lines(f) {
if matcher.Match(line) {
t.Errorf("%s:%d assembly contains BYTE or WORD instruction (%q)", path, i, string(line))
}
i++
}
return nil
}); err != nil {
t.Fatal(err)
}
}
Reference in New Issue View Git Blame Copy Permalink