Skip to content

Commit

Permalink
sec: add more validation tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@pulsejet
pulsejet committed Jan 22, 2025
1 parent f375eb1 commit c9e4ab3
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 21 deletions.
21 changes: 0 additions & 21 deletions std/security/signer/ed25519_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,10 @@ package signer_test
import (
"crypto/ed25519"
"crypto/x509"
"encoding/base64"
"testing"

enc "github.com/named-data/ndnd/std/encoding"
"github.com/named-data/ndnd/std/ndn"
spec "github.com/named-data/ndnd/std/ndn/spec_2022"
sig "github.com/named-data/ndnd/std/security/signer"
"github.com/named-data/ndnd/std/utils"
"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -74,22 +72,3 @@ func TestEd25519Parse(t *testing.T) {
_, err := sig.ParseEd25519(TEST_KEY_NAME, pub2)
require.Error(t, err)
}

// TestEd25519ValidateInterop tests the validator using a given
// certificate for interoperability.
func TestEd25519ValidateInterop(t *testing.T) {
utils.SetTestingT(t)

const TestCert = `
Bv0BCgc1CAxFZDI1NTE5LWRlbW8IA0tFWQgQNWE2MTVkYjdjZjA2MDNiNQgEc2Vs
ZjYIAAABgQD8AY0UCRgBAhkEADbugBUsMCowBQYDK2VwAyEAQxUZBL+3I3D4oDIJ
tJvuCTguHM7AUbhlhA/wu8ZhrkwWVhsBBRwnByUIDEVkMjU1MTktZGVtbwgDS0VZ
CBA1YTYxNWRiN2NmMDYwM2I1/QD9Jv0A/g8xOTcwMDEwMVQwMDAwMDD9AP8PMjAy
MjA1MjZUMTUyODQ0F0DAAWCZzxQSCAV0tluFDry5aT1b+EgoYgT1JKxbKVb/tINx
M43PFy/2hDe8j61PuYD9tCah0TWapPwfXWi3fygA`

certWire := utils.WithoutErr(base64.RawStdEncoding.DecodeString(TestCert))
certData, sigCov, err := spec.Spec{}.ReadData(enc.NewBufferReader(certWire))
require.NoError(t, err)
require.True(t, utils.WithoutErr(sig.ValidateData(certData, sigCov, certData)))
}
79 changes: 79 additions & 0 deletions std/security/signer/validate_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
package signer_test

import (
"encoding/base64"
"testing"

enc "github.com/named-data/ndnd/std/encoding"
spec "github.com/named-data/ndnd/std/ndn/spec_2022"
sig "github.com/named-data/ndnd/std/security/signer"
"github.com/named-data/ndnd/std/utils"
"github.com/stretchr/testify/require"
)

// testValidateSelfSigned tests the self-signed certificate validation.
// These certificates are generated by the ndn-cxx library, and are used for
// checking the interoperability of the validation logic.
func testValidateSelfSigned(t *testing.T, certB64 string) {
certWire := utils.WithoutErr(base64.StdEncoding.DecodeString(certB64))

// Helper to test the signature validation result
test := func(result bool) {
certData, sigCov, err := spec.Spec{}.ReadData(enc.NewBufferReader(certWire))
require.NoError(t, err)
require.Equal(t, result, utils.WithoutErr(sig.ValidateData(certData, sigCov, certData)))
}

// Test with valid signature
test(true)

// Tamper with the signature (guess)
certWire[len(certWire)-10] ^= 0x01
test(false)
}

// TestEd25519ValidateInterop tests the Ed25519 self-signed certificate validation.
func TestEd25519ValidateInterop(t *testing.T) {
utils.SetTestingT(t)
testValidateSelfSigned(t, `
Bv0BCgc1CAxFZDI1NTE5LWRlbW8IA0tFWQgQNWE2MTVkYjdjZjA2MDNiNQgEc2Vs
ZjYIAAABgQD8AY0UCRgBAhkEADbugBUsMCowBQYDK2VwAyEAQxUZBL+3I3D4oDIJ
tJvuCTguHM7AUbhlhA/wu8ZhrkwWVhsBBRwnByUIDEVkMjU1MTktZGVtbwgDS0VZ
CBA1YTYxNWRiN2NmMDYwM2I1/QD9Jv0A/g8xOTcwMDEwMVQwMDAwMDD9AP8PMjAy
MjA1MjZUMTUyODQ0F0DAAWCZzxQSCAV0tluFDry5aT1b+EgoYgT1JKxbKVb/tINx
M43PFy/2hDe8j61PuYD9tCah0TWapPwfXWi3fygA`)
}

// TestEccValidateInterop tests the ECC self-signed certificate validation.
func TestEccValidateInterop(t *testing.T) {
utils.SetTestingT(t)
testValidateSelfSigned(t, `
Bv0BLAcrCANuZG4IBWFsaWNlCANLRVkICH+xyxHFjoVZCARzZWxmNggAAAGUjIqk
mBQJGAECGQQANu6AFVswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATMnLNLJ+sy
AuZ0XYKJskUyVDxBLl5SzljivyaUVizG+yKLePyrmDE+VE8rXNhzENqTxuJNXB7X
RRLCzfAwjsxOFkwbAQMcHQcbCANuZG4IBWFsaWNlCANLRVkICH+xyxHFjoVZ/QD9
Jv0A/g8yMDI1MDEyMlQwNTQ0NDP9AP8PMjA0NTAxMTdUMDU0NDQzF0cwRQIgPBz3
hoMiTZzX/cSamxah0qaXNkveGkZqqao2nLQnC/sCIQCGf7akPnoYFMq40sRV4nHF
deWX6c79riyoiuURUu0Vhw==`)
}

// TestRsaValidateInterop tests the RSA self-signed certificate validation.
func TestRsaValidateInterop(t *testing.T) {
utils.SetTestingT(t)
testValidateSelfSigned(t, `
Bv0CsAcpCANuZG4IA3JzYQgDS0VZCAgPSfvRdJCkjggEc2VsZjYIAAABlIyNmh0U
CRgBAhkEADbugBX9ASYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP
EGpk1NbeNeoLjL3JtKXa5MKAix82Qq58QXo2Y+a5NDCr0bFoATcg/KxvAWErZ6oc
q85D5RLE2TmtMH4H3gctBTKlKTwwG/JHyKGXPSs8UbQ31HxSlSQEqL9JNLL9oPwp
dsR1YfBK89nTMVg7w/e3T1wGCehWImr4JH1X8tjUa6DqCMWsMolVcf7E2XkocTdJ
WtmuxkBullqWvvIBAKHuNQSwamMoSlX9WFeWgPUbRRaxTZ5RNVdLHbsgR1CrZWDH
q3ewb1+AkwQbFdRTjuGlgpdpxqQDvWXAicwDlSW8PbodaKbeoXg9extvsS8n+/nx
IeNM2BDE2B3JsMBeMXsDAgMBAAEWShsBARwbBxkIA25kbggDcnNhCANLRVkICA9J
+9F0kKSO/QD9Jv0A/g8yMDI1MDEyMlQwNTQ3NTf9AP8PMjA0NTAxMTdUMDU0NzU3
F/0BAJ565DvyxAztpdnSCKTYMrhvwzN7+kuUmQMJzTPKloVIeFFbEwXmZkrrUbSQ
iSGvWiyNMYdJ9daUnmr2MqKfY0T9X0Qso/Ri1A/veO1l3dy+9X2Bwpz+pbrmrRXH
RAxCSnqQCN7b5rBVzWxcAG1JA/FUmOPMhaOdVjuMjK08a5Q5kJJU+AtIWLn2ljvL
pg0fJD/j1RB5KfGnu0dPDoGVwd2Tt1ODUvheg49LPwcTH/XoWJLJ0qhC6xfFT3ph
1Nto5tUCxLGwU5N9jlah96YNRy6f+1tZX+6v6SOOj9tVQZBXX+/3baK/U7Z0uFg/
kkmngSpSseV5W0LXjiRx+4BUOFE=`)
}

0 comments on commit c9e4ab3

Please sign in to comment.