func (s *XLSuite) doKeyTests(c *C, node *Node, rng *xr.PRNG) { // COMMS KEY commsPubKey := node.GetCommsPublicKey() c.Assert(commsPubKey, Not(IsNil)) // NOT privCommsKey := node.GetCommsPrivateKey() c.Assert(privCommsKey.Validate(), IsNil) expLen := (*privCommsKey.D).BitLen() if VERBOSITY > 1 { fmt.Printf("bit length of comms private key exponent is %d\n", expLen) } // 2037 seen at least once c.Assert(true, Equals, (2036 <= expLen) && (expLen <= 2048)) c.Assert(privCommsKey.PublicKey, Equals, *commsPubKey) // XXX FAILS // SIG KEY sigPubKey := node.GetSigPublicKey() c.Assert(sigPubKey, Not(IsNil)) // NOT privSigKey := node.GetSigPrivateKey() c.Assert(privSigKey.Validate(), IsNil) expLen = (*privSigKey.D).BitLen() if VERBOSITY > 1 { fmt.Printf("bit length of sig private key exponent is %d\n", expLen) } // lowest value seen as of 2013-07-16 was 2039 c.Assert(true, Equals, (2036 <= expLen) && (expLen <= 2048)) c.Assert(privSigKey.PublicKey, Equals, *sigPubKey) // FOO // sign ///////////////////////////////////////////////////////// msgLen := 128 msg := make([]byte, msgLen) rng.NextBytes(msg) d := sha1.New() d.Write(msg) hash := d.Sum(nil) sig, err := rsa.SignPKCS1v15(rand.Reader, node.skPriv, cr.SHA1, hash) c.Assert(err, IsNil) signer := node.getSigner() signer.Update(msg) sig2, err := signer.Sign() // XXX change interface to allow arg lenSig := len(sig) lenSig2 := len(sig2) c.Assert(lenSig, Equals, lenSig2) for i := 0; i < lenSig; i++ { c.Assert(sig[i], Equals, sig2[i]) } // verify /////////////////////////////////////////////////////// err = rsa.VerifyPKCS1v15(sigPubKey, cr.SHA1, hash, sig) c.Assert(err, IsNil) // 2013-06-15, SigVerify now returns error, so nil means OK c.Assert(nil, Equals, xc.SigVerify(sigPubKey, msg, sig)) s.nilArgCheck(c) }
// XXX TODO: move these tests into crypto/sig_test.go // func nilArgCheck(t *testing.T) { func (s *XLSuite) nilArgCheck(c *C) { // the next statement should always return an error err := xc.SigVerify(nil, nil, nil) c.Assert(nil, Not(Equals), err) }