From 81deef270ded7dabcc623d9522ae593ed02160af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 31 Mar 2014 23:34:20 +0200
Subject: pki: Add 'signature-case' macro.

* guix/pki.scm (%signature-status): New procedure.
  (signature-case): New macro.
* tests/pki.scm (%secret-key, %alternate-secret-key): New variables.
  ("signature-case valid-signature", "signature-case invalid-signature",
  "signature-case hash-mismatch", "signature-case unauthorized-key",
  "signature-case corrupt-signature"): New tests.
---
 tests/pki.scm | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 76 insertions(+), 3 deletions(-)

(limited to 'tests/pki.scm')

diff --git a/tests/pki.scm b/tests/pki.scm
index 04d5a5311b..51f2119466 100644
--- a/tests/pki.scm
+++ b/tests/pki.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,6 +19,7 @@
 (define-module (test-pki)
   #:use-module (guix pki)
   #:use-module (guix pk-crypto)
+  #:use-module (guix hash)
   #:use-module (rnrs io ports)
   #:use-module (srfi srfi-64))
 
@@ -26,8 +27,28 @@
 
 (define %public-key
   (call-with-input-file %public-key-file
-    (compose string->canonical-sexp
-             get-string-all)))
+    (compose string->canonical-sexp get-string-all)))
+
+(define %secret-key
+  (call-with-input-file %private-key-file
+    (compose string->canonical-sexp get-string-all)))
+
+(define %alternate-secret-key
+  (string->canonical-sexp
+   "
+  (key-data
+   (public-key
+    (rsa
+     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
+     (e #010001#)))
+   (private-key
+    (rsa
+     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
+     (e #010001#)
+     (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#)
+     (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#)
+     (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#)
+     (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))"))
 
 (test-begin "pki")
 
@@ -45,6 +66,58 @@
 (test-assert "authorized-key? public-key singleton"
   (authorized-key? %public-key (public-keys->acl (list %public-key))))
 
+(test-assert "signature-case valid-signature"
+  (let* ((hash (sha256 #vu8(1 2 3)))
+         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
+         (sig  (signature-sexp data %secret-key %public-key)))
+   (signature-case (sig hash (public-keys->acl (list %public-key)))
+     (valid-signature #t)
+     (else #f))))
+
+(test-eq "signature-case invalid-signature" 'i
+  (let* ((hash (sha256 #vu8(1 2 3)))
+         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
+         (sig  (signature-sexp data %alternate-secret-key %public-key)))
+    (signature-case (sig hash (public-keys->acl (list %public-key)))
+      (valid-signature 'v)
+      (invalid-signature 'i)
+      (hash-mismatch 'm)
+      (unauthorized-key 'u)
+      (corrupt-signature 'c))))
+
+(test-eq "signature-case hash-mismatch" 'm
+  (let* ((hash (sha256 #vu8(1 2 3)))
+         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
+         (sig  (signature-sexp data %secret-key %public-key)))
+    (signature-case (sig (sha256 #vu8())
+                         (public-keys->acl (list %public-key)))
+      (valid-signature 'v)
+      (invalid-signature 'i)
+      (hash-mismatch 'm)
+      (unauthorized-key 'u)
+      (corrupt-signature 'c))))
+
+(test-eq "signature-case unauthorized-key" 'u
+  (let* ((hash (sha256 #vu8(1 2 3)))
+         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
+         (sig  (signature-sexp data %secret-key %public-key)))
+    (signature-case (sig hash (public-keys->acl '()))
+      (valid-signature 'v)
+      (invalid-signature 'i)
+      (hash-mismatch 'm)
+      (unauthorized-key 'u)
+      (corrupt-signature 'c))))
+
+(test-eq "signature-case corrupt-signature" 'c
+  (let* ((hash (sha256 #vu8(1 2 3)))
+         (sig  (string->canonical-sexp "(w tf)")))
+    (signature-case (sig hash (public-keys->acl (list %public-key)))
+      (valid-signature 'v)
+      (invalid-signature 'i)
+      (hash-mismatch 'm)
+      (unauthorized-key 'u)
+      (corrupt-signature 'c))))
+
 (test-end)
 
 
-- 
cgit v1.2.3