package libp2pwebtransport import ( "bytes" "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/x509" "crypto/x509/pkix" "fmt" "io" "math/big" mrand "math/rand" "testing" "time" ic "github.com/libp2p/go-libp2p/core/crypto" "github.com/multiformats/go-multihash" "github.com/stretchr/testify/require" ) func sha256Multihash(t *testing.T, b []byte) multihash.DecodedMultihash { t.Helper() hash := sha256.Sum256(b) h, err := multihash.Encode(hash[:], multihash.SHA2_256) require.NoError(t, err) dh, err := multihash.Decode(h) require.NoError(t, err) return *dh } func generateCertWithKey(t *testing.T, key crypto.PrivateKey, start, end time.Time) *x509.Certificate { t.Helper() serial := int64(mrand.Uint64()) if serial < 0 { serial = -serial } certTempl := &x509.Certificate{ SerialNumber: big.NewInt(serial), Subject: pkix.Name{}, NotBefore: start, NotAfter: end, IsCA: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, } caBytes, err := x509.CreateCertificate(rand.Reader, certTempl, certTempl, key.(interface{ Public() crypto.PublicKey }).Public(), key) require.NoError(t, err) ca, err := x509.ParseCertificate(caBytes) require.NoError(t, err) return ca } func TestCertificateVerification(t *testing.T) { now := time.Now() ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) require.NoError(t, err) rsaKey, err := rsa.GenerateKey(rand.Reader, 1024) require.NoError(t, err) t.Run("accepting a valid cert", func(t *testing.T) { validCert := generateCertWithKey(t, ecdsaKey, now, now.Add(14*24*time.Hour)) require.NoError(t, verifyRawCerts([][]byte{validCert.Raw}, []multihash.DecodedMultihash{sha256Multihash(t, validCert.Raw)})) }) for _, tc := range [...]struct { name string cert *x509.Certificate errStr string }{ { name: "validitity period too long", cert: generateCertWithKey(t, ecdsaKey, now, now.Add(15*24*time.Hour)), errStr: "cert must not be valid for longer than 14 days", }, { name: "uses RSA key", cert: generateCertWithKey(t, rsaKey, now, now.Add(14*24*time.Hour)), errStr: "RSA", }, { name: "expired certificate", cert: generateCertWithKey(t, ecdsaKey, now.Add(-14*24*time.Hour), now), errStr: "cert not valid", }, { name: "not yet valid", cert: generateCertWithKey(t, ecdsaKey, now.Add(time.Hour), now.Add(time.Hour+14*24*time.Hour)), errStr: "cert not valid", }, } { tc := tc t.Run(fmt.Sprintf("rejecting invalid certificates: %s", tc.name), func(t *testing.T) { err := verifyRawCerts([][]byte{tc.cert.Raw}, []multihash.DecodedMultihash{sha256Multihash(t, tc.cert.Raw)}) require.Error(t, err) require.Contains(t, err.Error(), tc.errStr) }) } for _, tc := range [...]struct { name string certs [][]byte hashes []multihash.DecodedMultihash errStr string }{ { name: "no certificates", hashes: []multihash.DecodedMultihash{sha256Multihash(t, []byte("foobar"))}, errStr: "no cert", }, { name: "certificate not parseable", certs: [][]byte{[]byte("foobar")}, hashes: []multihash.DecodedMultihash{sha256Multihash(t, []byte("foobar"))}, errStr: "x509: malformed certificate", }, { name: "hash mismatch", certs: [][]byte{generateCertWithKey(t, ecdsaKey, now, now.Add(15*24*time.Hour)).Raw}, hashes: []multihash.DecodedMultihash{sha256Multihash(t, []byte("foobar"))}, errStr: "cert hash not found", }, } { tc := tc t.Run(fmt.Sprintf("rejecting invalid certificates: %s", tc.name), func(t *testing.T) { err := verifyRawCerts(tc.certs, tc.hashes) require.Error(t, err) require.Contains(t, err.Error(), tc.errStr) }) } } func TestDeterministicCertHashes(t *testing.T) { // Run this test 1000 times since we want to make sure the signatures are deterministic runs := 1000 for i := 0; i < runs; i++ { zeroSeed := [32]byte{} priv, _, err := ic.GenerateEd25519Key(bytes.NewReader(zeroSeed[:])) require.NoError(t, err) cert, certPriv, err := generateCert(priv, time.Time{}, time.Time{}.Add(time.Hour*24*14)) require.NoError(t, err) keyBytes, err := x509.MarshalECPrivateKey(certPriv) require.NoError(t, err) cert2, certPriv2, err := generateCert(priv, time.Time{}, time.Time{}.Add(time.Hour*24*14)) require.NoError(t, err) require.Equal(t, cert2.Signature, cert.Signature) require.Equal(t, cert2.Raw, cert.Raw) keyBytes2, err := x509.MarshalECPrivateKey(certPriv2) require.NoError(t, err) require.Equal(t, keyBytes, keyBytes2) } } // TestDeterministicSig tests that our hack around making ECDSA signatures // deterministic works. If this fails, this means we need to try another // strategy to make deterministic signatures or try something else entirely. // See deterministicReader for more context. func TestDeterministicSig(t *testing.T) { // Run this test 1000 times since we want to make sure the signatures are deterministic runs := 1000 for i := 0; i < runs; i++ { zeroSeed := [32]byte{} deterministicHKDFReader := newDeterministicReader(zeroSeed[:], nil, deterministicCertInfo) b := [1024]byte{} io.ReadFull(deterministicHKDFReader, b[:]) caPrivateKey, err := ecdsa.GenerateKey(elliptic.P256(), deterministicHKDFReader) require.NoError(t, err) sig, err := caPrivateKey.Sign(deterministicHKDFReader, b[:], crypto.SHA256) require.NoError(t, err) deterministicHKDFReader = newDeterministicReader(zeroSeed[:], nil, deterministicCertInfo) b2 := [1024]byte{} io.ReadFull(deterministicHKDFReader, b2[:]) caPrivateKey2, err := ecdsa.GenerateKey(elliptic.P256(), deterministicHKDFReader) require.NoError(t, err) sig2, err := caPrivateKey2.Sign(deterministicHKDFReader, b2[:], crypto.SHA256) require.NoError(t, err) keyBytes, err := x509.MarshalECPrivateKey(caPrivateKey) require.NoError(t, err) keyBytes2, err := x509.MarshalECPrivateKey(caPrivateKey2) require.NoError(t, err) require.Equal(t, sig, sig2) require.Equal(t, keyBytes, keyBytes2) } }