Multiple changes based on code review

* Add RSA private key encoded as PKCS8 * Refactor tests to use a table, DRY Signed-off-by: Aditya Sirish <[email protected]>
secure-systems-lab · Jan 8, 2024 · 603a3a4 · 603a3a4
1 parent 217bba2
commit 603a3a4
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 64 deletions.
diff --git a/signerverifier/signerverifier.go b/signerverifier/signerverifier.go
@@ -76,7 +76,7 @@ func LoadKey(keyBytes []byte) (*SSLibKey, error) {
 			KeyType:             RSAKeyType,
 			KeyVal: KeyVal{
 				Public:  strings.TrimSpace(string(generatePEMBlock(pubKeyBytes, PublicKeyPEM))),
-				Private: strings.TrimSpace(string(generatePEMBlock(pemBlock.Bytes, RSAPrivateKeyPEM))),
+				Private: strings.TrimSpace(string(generatePEMBlock(pemBlock.Bytes, pemBlock.Type))),
 			},
 			Scheme: RSAKeyScheme,
 		}

diff --git a/signerverifier/signerverifier_test.go b/signerverifier/signerverifier_test.go
@@ -2,6 +2,8 @@ package signerverifier
 
 import (
 	_ "embed"
+	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -10,6 +12,9 @@ import (
 //go:embed test-data/rsa-test-key
 var rsaPrivateKey []byte
 
+//go:embed test-data/rsa-test-key-pkcs8
+var rsaPrivateKeyPKCS8 []byte
+
 //go:embed test-data/rsa-test-key.pub
 var rsaPublicKey []byte
 
@@ -27,8 +32,9 @@ var ecdsaPublicKey []byte
 
 func TestLoadKey(t *testing.T) {
 	// RSA expected values
-	expectedRSAPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----"
-	expectedRSAPublicKey := "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA04egZRic+dZMVtiQc56D\nejU4FF1q3aOkUKnD+Q4lTbj1zp6ODKJTcktupmrad68jqtMiSGG8he6ELFs377q8\nbbgEUMWgAf+06Q8oFvUSfOXzZNFI7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJX\nxxTOVS3UAIk5umO7Y7t7yXr8O/C4u78krGazCnoblcekMLJZV4O/5BloWNAe/B1c\nvZdaZUf3brD4ZZrxEtXw/tefhn1aHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN\n6+hlS6A7rJfiWpKIRHj0vh2SXLDmmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaT\nVQSgMzSxC43/2fINb2fyt8SbUHJ3Ct+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c\n2CmCxMPQG2BwmAWXaaumeJcXVPBlMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwn\nEm53T13mZzYUvbLJ0q3aljZVLIC3IZn3ZwA2yCWchBkVAgMBAAE=\n-----END PUBLIC KEY-----"
+	expectedRSAPrivateKey := strings.TrimSpace(strings.ReplaceAll(string(rsaPrivateKey), "\r\n", "\n"))
+	expectedRSAPrivateKeyPKCS8 := strings.TrimSpace(strings.ReplaceAll(string(rsaPrivateKeyPKCS8), "\r\n", "\n"))
+	expectedRSAPublicKey := strings.TrimSpace(strings.ReplaceAll(string(rsaPublicKey), "\r\n", "\n"))
 	expectedRSAKeyID := "4e8d20af09fcaed6c388a186427f94a5f7ff5591ec295f4aab2cff49ffe39e9b"
 
 	// ED25519 expected values
@@ -37,67 +43,85 @@ func TestLoadKey(t *testing.T) {
 	expectedED25519KeyID := "52e3b8e73279d6ebdd62a5016e2725ff284f569665eb92ccb145d83817a02997"
 
 	// ECDSA expected values
-	expectedECDSAPrivateKey := "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCjoPFeWCpjL5OS+h\nwg7JaWoDcpW2np2VJjuVLeSR4QyhRANCAAS74cSqqlctrjyVcf2uRHKCx+wIqrVc\nzfqhfKYn3DGkzrycKqStkJWdn2WQR4LAPypZhM3EPnJ9ZfAmMWH4ruot\n-----END PRIVATE KEY-----"
-	expectedECDSAPublicKey := "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu+HEqqpXLa48lXH9rkRygsfsCKq1\nXM36oXymJ9wxpM68nCqkrZCVnZ9lkEeCwD8qWYTNxD5yfWXwJjFh+K7qLQ==\n-----END PUBLIC KEY-----"
+	expectedECDSAPrivateKey := strings.TrimSpace(strings.ReplaceAll(string(ecdsaPrivateKey), "\r\n", "\n"))
+	expectedECDSAPublicKey := strings.TrimSpace(strings.ReplaceAll(string(ecdsaPublicKey), "\r\n", "\n"))
 	expectedECDSAKeyID := "98adf38602c48c5479e9a991ee3f8cbf541ee4f985e00f7a5fc4148d9a45b704"
 
-	t.Run("RSA private key", func(t *testing.T) {
-		key, err := LoadKey(rsaPrivateKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedRSAKeyID, key.KeyID)
-		assert.Equal(t, expectedRSAPublicKey, key.KeyVal.Public)
-		assert.Equal(t, expectedRSAPrivateKey, key.KeyVal.Private)
-		assert.Equal(t, RSAKeyScheme, key.Scheme)
-		assert.Equal(t, RSAKeyType, key.KeyType)
-	})
-
-	t.Run("RSA public key", func(t *testing.T) {
-		key, err := LoadKey(rsaPublicKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedRSAKeyID, key.KeyID)
-		assert.Equal(t, expectedRSAPublicKey, key.KeyVal.Public)
-		assert.Equal(t, "", key.KeyVal.Private)
-		assert.Equal(t, RSAKeyScheme, key.Scheme)
-		assert.Equal(t, RSAKeyType, key.KeyType)
-	})
-
-	t.Run("ED25519 private key", func(t *testing.T) {
-		key, err := LoadKey(ed25519PrivateKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedED25519KeyID, key.KeyID)
-		assert.Equal(t, expectedED25519PublicKey, key.KeyVal.Public)
-		assert.Equal(t, expectedED25519PrivateKey, key.KeyVal.Private)
-		assert.Equal(t, ED25519KeyType, key.Scheme)
-		assert.Equal(t, ED25519KeyType, key.KeyType)
-	})
-
-	t.Run("ED25519 public key", func(t *testing.T) {
-		key, err := LoadKey(ed25519PublicKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedED25519KeyID, key.KeyID)
-		assert.Equal(t, expectedED25519PublicKey, key.KeyVal.Public)
-		assert.Equal(t, "", key.KeyVal.Private)
-		assert.Equal(t, ED25519KeyType, key.Scheme)
-		assert.Equal(t, ED25519KeyType, key.KeyType)
-	})
-
-	t.Run("ECDSA private key", func(t *testing.T) {
-		key, err := LoadKey(ecdsaPrivateKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedECDSAKeyID, key.KeyID)
-		assert.Equal(t, expectedECDSAPublicKey, key.KeyVal.Public)
-		assert.Equal(t, expectedECDSAPrivateKey, key.KeyVal.Private)
-		assert.Equal(t, ECDSAKeyScheme, key.Scheme)
-		assert.Equal(t, ECDSAKeyType, key.KeyType)
-	})
-
-	t.Run("ECDSA public key", func(t *testing.T) {
-		key, err := LoadKey(ecdsaPublicKey)
-		assert.Nil(t, err)
-		assert.Equal(t, expectedECDSAKeyID, key.KeyID)
-		assert.Equal(t, expectedECDSAPublicKey, key.KeyVal.Public)
-		assert.Equal(t, "", key.KeyVal.Private)
-		assert.Equal(t, ECDSAKeyScheme, key.Scheme)
-		assert.Equal(t, ECDSAKeyType, key.KeyType)
-	})
+	tests := map[string]struct {
+		keyBytes           []byte
+		expectedPrivateKey string
+		expectedPublicKey  string
+		expectedKeyID      string
+		expectedKeyType    string
+		expectedScheme     string
+	}{
+		"RSA private key": {
+			keyBytes:           rsaPrivateKey,
+			expectedPrivateKey: expectedRSAPrivateKey,
+			expectedPublicKey:  expectedRSAPublicKey,
+			expectedKeyID:      expectedRSAKeyID,
+			expectedKeyType:    RSAKeyType,
+			expectedScheme:     RSAKeyScheme,
+		},
+		"RSA private key (PKCS8)": {
+			keyBytes:           rsaPrivateKeyPKCS8,
+			expectedPrivateKey: expectedRSAPrivateKeyPKCS8,
+			expectedPublicKey:  expectedRSAPublicKey,
+			expectedKeyID:      expectedRSAKeyID,
+			expectedKeyType:    RSAKeyType,
+			expectedScheme:     RSAKeyScheme,
+		},
+		"RSA public key": {
+			keyBytes:           rsaPublicKey,
+			expectedPrivateKey: "",
+			expectedPublicKey:  expectedRSAPublicKey,
+			expectedKeyID:      expectedRSAKeyID,
+			expectedKeyType:    RSAKeyType,
+			expectedScheme:     RSAKeyScheme,
+		},
+		"ED25519 private key": {
+			keyBytes:           ed25519PrivateKey,
+			expectedPrivateKey: expectedED25519PrivateKey,
+			expectedPublicKey:  expectedED25519PublicKey,
+			expectedKeyID:      expectedED25519KeyID,
+			expectedKeyType:    ED25519KeyType,
+			expectedScheme:     ED25519KeyType,
+		},
+		"ED25519 public key": {
+			keyBytes:           ed25519PublicKey,
+			expectedPrivateKey: "",
+			expectedPublicKey:  expectedED25519PublicKey,
+			expectedKeyID:      expectedED25519KeyID,
+			expectedKeyType:    ED25519KeyType,
+			expectedScheme:     ED25519KeyType,
+		},
+		"ECDSA private key": {
+			keyBytes:           ecdsaPrivateKey,
+			expectedPrivateKey: expectedECDSAPrivateKey,
+			expectedPublicKey:  expectedECDSAPublicKey,
+			expectedKeyID:      expectedECDSAKeyID,
+			expectedKeyType:    ECDSAKeyType,
+			expectedScheme:     ECDSAKeyScheme,
+		},
+		"ECDSA public key": {
+			keyBytes:           ecdsaPublicKey,
+			expectedPrivateKey: "",
+			expectedPublicKey:  expectedECDSAPublicKey,
+			expectedKeyID:      expectedECDSAKeyID,
+			expectedKeyType:    ECDSAKeyType,
+			expectedScheme:     ECDSAKeyScheme,
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			key, err := LoadKey(test.keyBytes)
+			assert.Nil(t, err, fmt.Sprintf("unexpected error in test '%s'", name))
+			assert.Equal(t, test.expectedKeyID, key.KeyID)
+			assert.Equal(t, test.expectedPublicKey, key.KeyVal.Public)
+			assert.Equal(t, test.expectedPrivateKey, key.KeyVal.Private)
+			assert.Equal(t, test.expectedScheme, key.Scheme)
+			assert.Equal(t, test.expectedKeyType, key.KeyType)
+		})
+	}
 }
diff --git a/signerverifier/test-data/rsa-test-key-pkcs8 b/signerverifier/test-data/rsa-test-key-pkcs8
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDTh6BlGJz51kxW
+2JBznoN6NTgUXWrdo6RQqcP5DiVNuPXOno4MolNyS26matp3ryOq0yJIYbyF7oQs
+WzfvurxtuARQxaAB/7TpDygW9RJ85fNk0UjsflIw84ljloNYgwgRnwOVw7tN+QDs
+PeIAQlfHFM5VLdQAiTm6Y7tju3vJevw78Li7vySsZrMKehuVx6QwsllXg7/kGWhY
+0B78HVy9l1plR/dusPhlmvES1fD+15+GfVoexJRqNVbbDCNKkqGqPtnRdLdsNLdP
+3n/fGw3r6GVLoDusl+JakohEePS+HZJcsOaaFCXUifxMP9qLJxNTJZwFEdU+VgWB
+g+3pJpNVBKAzNLELjf/Z8g1vZ/K3xJtQcncK36bNHN3/UBCKRaEF2y0kvEid7DON
+gT+xv5zYKYLEw9AbYHCYBZdpq6Z4lxdU8GUyAByMxq0zxs8HJNtekoOdCyU4TuD+
+CzAMjCcSbndPXeZnNhS9ssnSrdqWNlUsgLchmfdnADbIJZyEGRUCAwEAAQKCAYAq
+zAB4I8wywhhM4+EJ+3K3aYgQmrvx3tdyWH6lZ6bFfFwDM1IjHT6L29Ylxm2wFFe/
+ipsfkOKvKExGmygMkTfpbPc2jl1quh0UoDPovSnB6lZdufgqnP4tGEDeTMgDQvOB
+eS4lAWZmhrAYnAabLdELntqGIlEH0LvEycPSkE6hu4fH6tK9bZVSai7kOkNVgQBn
+t9XannXXBQr3GRiDwr8OPs6TukVF+HkxOXF38aAiN2b3s2nl2rj6ahNKG0ESp+q+
+K/U58NrfYMhIA5wQqILaODQ73qSEPPZiMrjQcBtasaNUHW/7+RYpNYnr910tv4OT
+vsop5nilI8ph5QzuNeXJWKSe2YVPDgJcW+TZCo58nIHEDFzHh4H+fqPWaoi+ovpO
+OWhef8GFz/rkWvl56feEttGeG03FcFRHBWhhgnAvDu1k4wqq3nWpspTZepogjuJU
+cY9p4NRizg9oFJJb8TUUUBlsh3UZJ7j6YOImKnGzgzpL030U+BOZmWBD/SPpUyEC
+gcEA2vKCrYiyBGNzNU74WE4CaY/rGNtyggjnzYlO6fBvxh/golHwMzb3ktFxp+T0
+2ziXdAX+sRIryZkBsxSyMqUPhZwTZBM4ShBAFX6UksPJh4CGarbrzh2pogYDmMRb
+QZx8OmPjYeHL+qLLU9ZN787VoVotphXRtcs83UJMalz4N1GHmVft+2hNL8OjRT05
+/fSzTQGb0BXQsujIflaZekZZq05gEcfCiaLTy8yxsl6WAXMNA9GMd+mPv4RmHXB2
+p7xxAoHBAPdTxA/tlq0HnKYwux5+b8jpSivDPlKozKLP678Vz7giLxLAuxVDD4ih
+nLGh+QpNswRKuBCEtvMLn15FtRwXsZn6VlDDqAb/5gu/H0xhwRUZ6u7I+aVgWnqD
+683+oSI+zWhl6PyvVeM2Pbbxd1MwAnapNtkZXKEQwxsGB3kUXESq54Pn8QgtPrGP
+0HG9DWbYgVtUiRd86uF3AST5FxtcMDSf6tKSEFqNZDd5VAZjaFadgH7V+a6ZgWzy
+EBowAmUI5QKBwEK+LovL4chosJQNkLMKhL29O4OGUe/F2zPSqZWyz7/rs8SHidty
+5CGDa0wtBV9WbwTVVwCPc32vAM+gfXnmy0aFf3vASCZ7sa1butrKiEKgMVmSjWt1
+q2JSxwHoyZDErTH3hTcvZ8jtm2HhMDzsJj9biBLbD+SFIfao4TaDRL9IQTfDkC5V
+a0ImNz1CHs2FrKrK1L6oB8iiIYwxxfN6Qpdv+uUwqeLfGgVETt766mtisRL67AEZ
+19IgACj1QZZ8YQKBwQDykInioT68lpGRAIwUPSa/IeXng8YU5Y5FQ6xPLUIashP+
+zVzuXmXWt8HpCRUpgMjItctOEAsp1UVI/Q7B7Y72l+mdrjaWHtVswdYdYGYwnsml
+xR/qjNRQAh/7WPaJkpR8Bi7527Bdda4TRUClKpnP7OdpBpGtObZQQ5qCqnBPvFnx
+KUJgpZcuKADj++kv67j6bK9DhPULiV5q940s/T4d7pUsTaqSVMdsDKdW2JnVEQWb
+35nQHqcrxT/7nwhKNO0CgcEAuCoyikUg4zACGFqyesvc/PF/RYrMqaP/LbIQ/RVy
+2bSa6rEWcXA/DI4B3oc4Mk5KIU8PlU3iO8L5jD3pCfb2QcZdMqAvUn1xIvzPpDOV
+z5RgJ1LCZpkrmvfr40FMmC8pj0qumRcKRJpzliAhi1cyK2ar02Y29xIlaa66J6m3
+ccWXCRTel+bDMo0R6qLaOa4g6ojbMI6pfrsj5hCwmCscTROZjHFGSB5hTLuzkOgc
+Tbmt+93LkvH7EA4fxmAPVIY7
+-----END PRIVATE KEY-----