verify: Add RSA verifier tests based on ECDSA verifier tests from #98

theupdateframework · Oct 19, 2020 · 66f0610 · 66f0610
1 parent 8790c39
commit 66f0610
Showing 1 changed file with 60 additions and 0 deletions.
diff --git a/verify/verify_test.go b/verify/verify_test.go
@@ -5,7 +5,9 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha256"
+	"crypto/x509"
 	"io"
 	"testing"
 	"time"
@@ -59,6 +61,41 @@ func (ecdsaSigner) Scheme() string {
 	return data.KeySchemeECDSA_SHA2_P256
 }
 
+type rsaSigner struct {
+	*rsa.PrivateKey
+}
+
+func (s rsaSigner) PublicData() *data.Key {
+	pub, _ := x509.MarshalPKIXPublicKey(s.Public().(*rsa.PublicKey))
+	return &data.Key{
+		Type:       data.KeyTypeRSASSA_PSS_SHA256,
+		Scheme:     data.KeySchemeRSASSA_PSS_SHA256,
+		Algorithms: data.KeyAlgorithms,
+		Value:      data.KeyValue{Public: pub},
+	}
+}
+
+func (s rsaSigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
+	hash := sha256.Sum256(msg)
+	return s.PrivateKey.Sign(rand, hash[:], crypto.SHA256)
+}
+
+func (s rsaSigner) IDs() []string {
+	return s.PublicData().IDs()
+}
+
+func (s rsaSigner) ContainsID(id string) bool {
+	return s.PublicData().ContainsID(id)
+}
+
+func (rsaSigner) Type() string {
+	return data.KeyTypeRSASSA_PSS_SHA256
+}
+
+func (rsaSigner) Scheme() string {
+	return data.KeySchemeRSASSA_PSS_SHA256
+}
+
 func (VerifySuite) Test(c *C) {
 	type test struct {
 		name  string
@@ -198,6 +235,29 @@ func (VerifySuite) Test(c *C) {
 			},
 			err: ErrInvalid,
 		},
+		{
+			name: "valid rsa signature",
+			mut: func(t *test) {
+				k, _ := rsa.GenerateKey(rand.Reader, 2048)
+				s := rsaSigner{k}
+				sign.Sign(t.s, s)
+				t.s.Signatures = t.s.Signatures[1:]
+				t.keys = []*data.Key{s.PublicData()}
+				t.roles["root"].KeyIDs = s.PublicData().IDs()
+			},
+		},
+		{
+			name: "invalid rsa signature",
+			mut: func(t *test) {
+				k, _ := rsa.GenerateKey(rand.Reader, 2048)
+				s := rsaSigner{k}
+				sign.Sign(t.s, s)
+				t.s.Signatures[1].Signature[0]++
+				t.keys = append(t.keys, s.PublicData())
+				t.roles["root"].KeyIDs = append(t.roles["root"].KeyIDs, s.PublicData().IDs()...)
+			},
+			err: ErrInvalid,
+		},
 	}
 	for _, t := range tests {
 		if t.role == "" {