/
testing.go
115 lines (108 loc) · 3.09 KB
/
testing.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package crypto
import (
"context"
"crypto/ed25519"
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"io"
"testing"
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
"github.com/mr-tron/base58"
"github.com/stretchr/testify/require"
"golang.org/x/crypto/blake2b"
"google.golang.org/protobuf/proto"
)
// TestWithEd25519 produces test hmac sha256 using a derived Ed25519 key
func TestWithEd25519(t *testing.T, data []byte, w wrapping.Wrapper, opt ...wrapping.Option) string {
t.Helper()
require := require.New(t)
reader, err := NewDerivedReader(context.Background(), w, 32, opt...)
require.NoError(err)
edKey, _, err := ed25519.GenerateKey(reader)
require.NoError(err)
var key [32]byte
n := copy(key[:], edKey)
require.Equal(n, 32)
return TestHmacSha256(t, key[:], data, opt...)
}
// TestWithBlake2b produces a test hmac sha256 using derived blake2b. Supported
// options: WithPrk, WithBase64Encoding, WithBase58Encoding,
// WithMarshaledSigInfo
func TestWithBlake2b(t *testing.T, data []byte, w wrapping.Wrapper, opt ...wrapping.Option) string {
t.Helper()
require := require.New(t)
require.NotNil(data)
require.NotNil(w)
opts, err := getOpts(opt...)
require.NoError(err)
var key [32]byte
switch {
case opts.withPrk != nil:
key = blake2b.Sum256(opts.withPrk)
default:
reader, err := NewDerivedReader(context.Background(), w, 32, opt...)
require.NoError(err)
readerKey := make([]byte, 32)
n, err := io.ReadFull(reader, readerKey)
require.NoError(err)
require.Equal(n, 32)
key = blake2b.Sum256(readerKey)
}
switch {
case opts.withMarshaledSigInfo:
passedOpts := []wrapping.Option{}
if opts.withPrefix != "" {
passedOpts = append(passedOpts, WithPrefix(opts.withPrefix))
}
hmac := TestHmacSha256(t, key[:], data, passedOpts...)
keyId, err := w.KeyId(context.Background())
require.NoError(err)
si := &wrapping.SigInfo{
Signature: []byte(hmac),
KeyInfo: &wrapping.KeyInfo{
KeyId: keyId,
KeyPurposes: []wrapping.KeyPurpose{wrapping.KeyPurpose_Sign},
},
HmacType: wrapping.HmacType_Sha256.Enum(),
}
enc, err := proto.Marshal(si)
require.NoError(err)
switch {
case opts.withBase64Encoding:
return base64.RawURLEncoding.EncodeToString(enc)
case opts.withBase58Encoding:
return base58.Encode(enc)
default:
return string(enc)
}
default:
return TestHmacSha256(t, key[:], data, opt...)
}
}
// TestHmacSha256 produces a test hmac sha256. Supported options:
// WithBase64Encoding, WithBase58Encoding, WithPrefix
func TestHmacSha256(t *testing.T, key, data []byte, opt ...wrapping.Option) string {
t.Helper()
require := require.New(t)
mac := hmac.New(sha256.New, key)
_, _ = mac.Write(data)
hmac := mac.Sum(nil)
var hmacString string
opts, err := getOpts(opt...)
require.NoError(err)
switch {
case opts.withBase64Encoding:
hmacString = base64.RawURLEncoding.EncodeToString(hmac)
case opts.withBase58Encoding:
hmacString = base58.Encode(hmac)
default:
hmacString = string(hmac)
}
if opts.withPrefix != "" {
return opts.withPrefix + hmacString
}
return hmacString
}