-
Notifications
You must be signed in to change notification settings - Fork 55
/
testpkifilter.nim
250 lines (242 loc) · 11 KB
/
testpkifilter.nim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
# Nim-Libp2p
# Copyright (c) 2023 Status Research & Development GmbH
# Licensed under either of
# * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
# * MIT license ([LICENSE-MIT](LICENSE-MIT))
# at your option.
# This file may not be copied, modified, or distributed except according to
# those terms.
when defined(nimHasUsed):
{.used.}
import unittest2
import ../libp2p/crypto/crypto
import nimcrypto/utils
let rng = newRng()
const ECDSA_PrivateKey =
"""
080312793077020101042070896381749FF6B30381C045F627C68C3062749BB53CB13
11FA07A7AEAB0A225A00A06082A8648CE3D030107A14403420004B17DAFF40C3221A5
0889A3FA9BB9DA4996AA1FE80D37358FBC6C88D89CD65738B4738C07CFD42F55293EB
3A56DB224EDCD36E51076F43A63203F8936D868EF18
"""
const ECDSA_PublicKey =
"""
0803125B3059301306072A8648CE3D020106082A8648CE3D03010703420004B17DAFF
40C3221A50889A3FA9BB9DA4996AA1FE80D37358FBC6C88D89CD65738B4738C07CFD4
2F55293EB3A56DB224EDCD36E51076F43A63203F8936D868EF18
"""
const SECP256k1_PrivateKey =
"""
080212209A0F994F5022D9D7B67ACEB26AA4D9F29B2628DBDCC28597469CB0049B6AB
348
"""
const SECP256k1_PublicKey =
"""
08021221039111FA29B374FE94B885408C45DF4647D09438C6E1F91F9B277A96CADD0
8A2B8
"""
const ED25519_PrivateKey =
"""
08011240E1BFE38E35F9669CE77F6BE1A551560896B59A3F510537205F3AC1EDAD421
601C9D5C25AA2FC61B950976D6E5EC26425F8D4BFFE17169A4DE5A246B7154CB2B5
"""
const ED25519_PublicKey =
"""
08011220C9D5C25AA2FC61B950976D6E5EC26425F8D4BFFE17169A4DE5A246B7154CB
2B5
"""
const RSA_PrivateKey =
"""
080012E80D308206E40201000282018100B5F2CABD05BE70474B262A2715B8C4FE74C
6F628757FADB3F4815881CD9F8D3D2583757DF178B9BDCB207EB183A260934E6580C9
3B75789ACADAC13C9DD5A21A6BEDC4845A76D32F61F37C69B2C0E9D1161459FB1C93C
E13E3EA0436B82086DF4EC95860D910D32B134610C20E84834A4B9A40C5B4D6FB0732
FF5332D8050221DA5101639044B6E2B18659E242FEEE58F4FF90BC9BEFF740E22C1A5
02774E4A0B103F750B829D6B1034908DB8338374EE2EF972A0E760DA9CC42F7D160CB
33C4918308389CD7EF98D58378BB8CF8F8314131C6654903C704EE6BC069B223A39DE
1CF1D5B0E34CE02522CFADF24AAF526445F7673CDE19F62C6D70266D1F7D03F98F9BD
69C1BC78662BB9F52D90C2D1841680A9E6528E52BF2F83B84EC73D819240029A677F5
AD8EF963843D36DB556B214E09A72B589FA139AFAED0EE5409AFFCAAEFC06329E2945
A727E1AED64C1935F17F6F1E8FDD1B4AE69CACC3DAD8153059B5775A0A3B0EF38E3A1
8CFE3DB4338F53F03B6CA30E729A5EC510C68CE662902030100010282018012759C7E
0AEC24460768CAD4064F25A54F41B44DAC8614A07249012AC22AD2D08652CD03C710E
17F50F16E09227AC1E3900B9A425046FDC26E9C3D08A256BF4880F4B18060113821D1
853B7519CE9AAA3CDC39B8D1506992F9078FFFE134639A9A4AB12DBA380BC48E0308C
63764D8511C547D07D1EE11AFCC4BBD2C266073B3ED8B5461BE8C4A25BBAF0EC576D8
9863EC0F55A6DD073E8595ACB5CAB60614FFFC95936CDC125A96C0E792FF7A53A4C0D
B2345A9DDA7BA81249912BD6A5D9355CD41A73B0E2A8D76ED7BB4D5B9AD98E5DD72CC
0C01D55CF89ADC4DE4D7457BFFC88F7DBE0E0C77725920DFF7B37B05E47BF7E930584
D8E3FD054189282EF5EF1882135FCEF02A709E4596C58D47B0A18AFD6C5ACE1C8074D
CEAE1693628623A98122D711DEF1D0BEC0E8FFD9D7BA3E3A0D9BF2E38FF240D255408
2D47E4D5120693CDF62D4C0A55BE170183FC6B363471FB04431BB0D4C00FD4A5B9D70
F26CDE6842A1895C6E166289FFA2BDC81DF4FC32DC1C4E95C5AE9064E841C7C8F5BDB
50281C100DE58C728695043A22FB9893CD659FDE3DFD9919BA70A758E2432E6043E35
49E7EF335D39D8A7DEF0FA9485B616C71758226E4003F6760E1A7975222E79C28BAD0
D550D5750D0CE2B07ED90672BE130AA161D527F1012CED2013F7556E1B03BA0335501
3EDA0B3AE086D0A7825CBEB229C61999446042CC732F59DCB5E2502DF439AED0E77C4
218994FE78FAC6BD5E72AEFFECB29C7854D8CA0D39D7E68D0E78806413D0033E6AD20
CFD36819EFFD53B7720BD3E938A1DEC9ADB4CF6CADD2BF7F0281C100D17CB4ED5777A
B4A5A609EC731643D6E981B8207BDB83803F1E1F6A6B51A3B79F0A25C77275C9840B7
4D91487E3FE91117CD0D9D68B13248A0656BFF616A22C57B18EBBE9F4AFE7DB1E5B38
07B23FBCDCC8215B196EBBED746109EDABF2F0359C82198D2C92145DE0598A2056333
52DBB59DBFF059E7C7754B99F9F0792FAB1519D3718D353498A460F468099E20075CF
08211CD7668DBA1A77D7BDACFC91EC380E28B4851F13F1BD826FABBED060CFE1291D1
7C1861EF137C85F26EEB79AE570281C100C56F2B9974BA72F40750C6CE20C054340E4
791861773B023017DB8C5B7BF75DADF8A4A93DD106364B3FD4226085FCD18D3A9F66A
0E6591EC6C415892D047B1E37E5D31B580EB88C6A909881A34DA876DE0A934E1E311F
058860725587A9B14B7121DBF3762426A8B88EAAA73958B3784E485429576AC9A0305
DED39F2650701DD742A5F9875AE1A0F154FB3CED9C48E2D5ACF8162736F53F9467940
7F566DAD0EC4CEDAFCA6661012BC9DB3C7CE0038077628D4F209C8BC9A5D752007CF1
105D0281C100C174F2F8C3EFC585B294CBCC943647ED1C173B2BBEEEA2FC31A2454F8
AABA105694DE72A3A756E3D458A2282D9E4576DEB96F7DDC7D2EBE6DA090F85160717
F95B46965EC1685640E9CA80CC43EBE51C16A2833A2F6FA21BD79E7DB4F11D8F70983
B3E905A219A0E0109058708275B7B7EEB2157EB0EFAC9BD7982B1AA9874DBD5AFC88B
68F91B85A1EBD3301E90E17BD8B7A58D22AE8F356821A0016026117CE6474FED078F4
C828048EF002151972A03281A570985576D9D6F6D85357C779D0281C01065CEABF166
FC360FB79BA436F2F6674BD641C0B502B1B071CD8D92BE582EE67FEB632306A2B94F4
FC31F2D29CC57C9C422DA1A567C413100921E6B12C9D61E307F1364A021BCF323F6E5
0833D565FA1E886FC05370F2AAFC61256B98CA6D68B7F89C5FE90C026B53CC6E53826
9FE3350723F6205D9B1B8A6E5BFBEADD7B543FD7F0269E9CCFD00FE888D7012F53828
E2DA931CBB692CAB71F5E14513451614A108F940DABFCD9BEAC4557EE503BD5196A21
522C61508521D7DB77A384BA696
"""
const RSA_PublicKey =
"""
080012A603308201A2300D06092A864886F70D01010105000382018F003082018A028
2018100B5F2CABD05BE70474B262A2715B8C4FE74C6F628757FADB3F4815881CD9F8D
3D2583757DF178B9BDCB207EB183A260934E6580C93B75789ACADAC13C9DD5A21A6BE
DC4845A76D32F61F37C69B2C0E9D1161459FB1C93CE13E3EA0436B82086DF4EC95860
D910D32B134610C20E84834A4B9A40C5B4D6FB0732FF5332D8050221DA5101639044B
6E2B18659E242FEEE58F4FF90BC9BEFF740E22C1A502774E4A0B103F750B829D6B103
4908DB8338374EE2EF972A0E760DA9CC42F7D160CB33C4918308389CD7EF98D58378B
B8CF8F8314131C6654903C704EE6BC069B223A39DE1CF1D5B0E34CE02522CFADF24AA
F526445F7673CDE19F62C6D70266D1F7D03F98F9BD69C1BC78662BB9F52D90C2D1841
680A9E6528E52BF2F83B84EC73D819240029A677F5AD8EF963843D36DB556B214E09A
72B589FA139AFAED0EE5409AFFCAAEFC06329E2945A727E1AED64C1935F17F6F1E8FD
D1B4AE69CACC3DAD8153059B5775A0A3B0EF38E3A18CFE3DB4338F53F03B6CA30E729
A5EC510C68CE66290203010001
"""
const
RSATestMessage =
"RSA " & (when supported(PKScheme.RSA): "(enabled)" else: "(disabled)") & " test"
EcdsaTestMessage =
"ECDSA " & (when supported(PKScheme.ECDSA): "(enabled)" else: "(disabled)") & " test"
EdTestMessage =
"ED25519 " & (when supported(PKScheme.Ed25519): "(enabled)" else: "(disabled)") &
" test"
SecpTestMessage =
"SECP256k1 " & (when supported(PKScheme.Secp256k1): "(enabled)" else: "(disabled)") &
" test"
suite "Public key infrastructure filtering test suite":
test RSATestMessage:
when not (supported(PKScheme.RSA)):
let sk2048 = PrivateKey.random(PKScheme.RSA, rng[], 2048)
let sk3072 = PrivateKey.random(PKScheme.RSA, rng[], 3072)
let sk4096 = PrivateKey.random(PKScheme.RSA, rng[], 4096)
let kp2048 = KeyPair.random(PKScheme.RSA, rng[], 2048)
let kp3072 = KeyPair.random(PKScheme.RSA, rng[], 3072)
let kp4096 = KeyPair.random(PKScheme.RSA, rng[], 4096)
let sk = PrivateKey.init(fromHex(stripSpaces(RSA_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(RSA_PublicKey)))
check:
sk2048.isErr() == true
sk3072.isErr() == true
sk4096.isErr() == true
kp2048.isErr() == true
kp3072.isErr() == true
kp4096.isErr() == true
sk2048.error == CryptoError.SchemeError
sk3072.error == CryptoError.SchemeError
sk4096.error == CryptoError.SchemeError
kp2048.error == CryptoError.SchemeError
kp3072.error == CryptoError.SchemeError
kp4096.error == CryptoError.SchemeError
sk.isErr() == true
pk.isErr() == true
sk.error == CryptoError.KeyError
pk.error == CryptoError.KeyError
else:
let sk2048 = PrivateKey.random(PKScheme.RSA, rng[], 2048)
let kp2048 = KeyPair.random(PKScheme.RSA, rng[], 2048)
let sk = PrivateKey.init(fromHex(stripSpaces(RSA_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(RSA_PublicKey)))
check:
sk2048.isOk() == true
kp2048.isOk() == true
sk.isOk() == true
pk.isOk() == true
test EcdsaTestMessage:
when not (supported(PKScheme.ECDSA)):
let rsk = PrivateKey.random(PKScheme.ECDSA, rng[])
let rkp = KeyPair.random(PKScheme.ECDSA, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(ECDSA_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(ECDSA_PublicKey)))
check:
rsk.isErr() == true
rkp.isErr() == true
rsk.error == CryptoError.SchemeError
rkp.error == CryptoError.SchemeError
sk.isErr() == true
pk.isErr() == true
sk.error == CryptoError.KeyError
pk.error == CryptoError.KeyError
else:
let rsk = PrivateKey.random(PKScheme.ECDSA, rng[])
let rkp = KeyPair.random(PKScheme.ECDSA, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(ECDSA_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(ECDSA_PublicKey)))
check:
rsk.isOk() == true
rkp.isOk() == true
sk.isOk() == true
pk.isOk() == true
test EdTestMessage:
when not (supported(PKScheme.Ed25519)):
let rsk = PrivateKey.random(PKScheme.Ed25519, rng[])
let rkp = KeyPair.random(PKScheme.Ed25519, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(ED25519_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(ED25519_PublicKey)))
check:
rsk.isErr() == true
rkp.isErr() == true
rsk.error == CryptoError.SchemeError
rkp.error == CryptoError.SchemeError
sk.isErr() == true
pk.isErr() == true
sk.error == CryptoError.KeyError
pk.error == CryptoError.KeyError
else:
let rsk = PrivateKey.random(PKScheme.Ed25519, rng[])
let rkp = KeyPair.random(PKScheme.Ed25519, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(ED25519_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(ED25519_PublicKey)))
check:
rsk.isOk() == true
rkp.isOk() == true
sk.isOk() == true
pk.isOk() == true
test SecpTestMessage:
when not (supported(PKScheme.Secp256k1)):
let rsk = PrivateKey.random(PKScheme.Secp256k1, rng[])
let rkp = KeyPair.random(PKScheme.Secp256k1, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(SECP256k1_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(SECP256k1_PublicKey)))
check:
rsk.isErr() == true
rkp.isErr() == true
rsk.error == CryptoError.SchemeError
rkp.error == CryptoError.SchemeError
sk.isErr() == true
pk.isErr() == true
sk.error == CryptoError.KeyError
pk.error == CryptoError.KeyError
else:
let rsk = PrivateKey.random(PKScheme.Secp256k1, rng[])
let rkp = KeyPair.random(PKScheme.Secp256k1, rng[])
let sk = PrivateKey.init(fromHex(stripSpaces(SECP256k1_PrivateKey)))
let pk = PublicKey.init(fromHex(stripSpaces(SECP256k1_PublicKey)))
check:
rsk.isOk() == true
rkp.isOk() == true
sk.isOk() == true
pk.isOk() == true