test: add public keys to test corpus

Add explicit public/private PEMs to test corpus. Update key and image generation code.
sylabs · Dec 9, 2022 · 148e6a8 · 148e6a8
1 parent b7f5c27
commit 148e6a8
Show file tree

Hide file tree

Showing 11 changed files with 69 additions and 29 deletions.
diff --git a/pkg/integrity/dsse_test.go b/pkg/integrity/dsse_test.go
@@ -22,8 +22,8 @@ import (
 )
 
 func Test_dsseEncoder_signMessage(t *testing.T) {
-	ed25519 := getTestSignerVerifier(t, "ed25519.pem")
-	rsa := getTestSignerVerifier(t, "rsa.pem")
+	ed25519 := getTestSignerVerifier(t, "ed25519-private.pem")
+	rsa := getTestSignerVerifier(t, "rsa-private.pem")
 
 	tests := []struct {
 		name     string
@@ -143,9 +143,9 @@ func corruptSignatures(t *testing.T, _ *dsseEncoder, e *dsse.Envelope) {
 }
 
 func Test_dsseDecoder_verifyMessage(t *testing.T) {
-	ecdsa := getTestSignerVerifier(t, "ecdsa.pem")
-	ed25519 := getTestSignerVerifier(t, "ed25519.pem")
-	rsa := getTestSignerVerifier(t, "rsa.pem")
+	ecdsa := getTestSignerVerifier(t, "ecdsa-private.pem")
+	ed25519 := getTestSignerVerifier(t, "ed25519-private.pem")
+	rsa := getTestSignerVerifier(t, "rsa-private.pem")
 
 	ecdsaPub, err := ecdsa.PublicKey()
 	if err != nil {

diff --git a/pkg/integrity/sign_test.go b/pkg/integrity/sign_test.go
@@ -558,7 +558,7 @@ func TestSigner_Sign(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	sv := getTestSignerVerifier(t, "ed25519.pem")
+	sv := getTestSignerVerifier(t, "ed25519-private.pem")
 
 	tests := []struct {
 		name      string

diff --git a/pkg/integrity/verify_test.go b/pkg/integrity/verify_test.go
@@ -454,7 +454,7 @@ func TestNewVerifier(t *testing.T) { //nolint:maintidx
 	oneGroupImage := loadContainer(t, filepath.Join(corpus, "one-group.sif"))
 	twoGroupImage := loadContainer(t, filepath.Join(corpus, "two-groups.sif"))
 
-	sv := getTestSignerVerifier(t, "ed25519.pem")
+	sv := getTestSignerVerifier(t, "ed25519-private.pem")
 
 	kr := openpgp.EntityList{getTestEntity(t)}
 
@@ -982,7 +982,7 @@ func TestVerifier_Verify(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ed25519 := getTestSignerVerifier(t, "ed25519.pem")
+	ed25519 := getTestSignerVerifier(t, "ed25519-private.pem")
 	ed25519Pub, err := ed25519.PublicKey()
 	if err != nil {
 		t.Fatal(err)
@@ -1030,7 +1030,7 @@ func TestVerifier_Verify(t *testing.T) {
 			name: "SignatureNotValidErrorDSSE",
 			f:    oneGroupSignedDSSEImage,
 			opts: []VerifierOpt{
-				OptVerifyWithVerifier(getTestSignerVerifier(t, "ecdsa.pem")), // Not signed with ECDSA.
+				OptVerifyWithVerifier(getTestSignerVerifier(t, "ecdsa-private.pem")), // Not signed with ECDSA.
 			},
 			wantErr: &SignatureNotValidError{ID: 3},
 		},

diff --git a/test/images/gen_sifs.go b/test/images/gen_sifs.go
@@ -21,10 +21,10 @@ import (
 	"github.com/sylabs/sif/v2/pkg/sif"
 )
 
-// getSignerVerifier returns a SignerVerifier read from the PEM file at path.
-func getSignerVerifier(name string) (signature.SignerVerifier, error) { //nolint:ireturn
+// getSigner returns a Signer read from the PEM file at path.
+func getSigner(name string) (signature.Signer, error) { //nolint:ireturn
 	path := filepath.Join("..", "keys", name)
-	return signature.LoadSignerVerifierFromPEMFile(path, crypto.SHA256, cryptoutils.SkipPassword)
+	return signature.LoadSignerFromPEMFile(path, crypto.SHA256, cryptoutils.SkipPassword)
 }
 
 var errUnexpectedNumEntities = errors.New("unexpected number of entities")
@@ -48,12 +48,12 @@ func getEntity() (*openpgp.Entity, error) {
 }
 
 func generateImages() error {
-	ed25519, err := getSignerVerifier("ed25519.pem")
+	ed25519, err := getSigner("ed25519-private.pem")
 	if err != nil {
 		return err
 	}
 
-	rsa, err := getSignerVerifier("rsa.pem")
+	rsa, err := getSigner("rsa-private.pem")
 	if err != nil {
 		return err
 	}

diff --git a/test/keys/ecdsa.pem → test/keys/ecdsa-private.pem b/test/keys/ecdsa.pem → test/keys/ecdsa-private.pem
diff --git a/test/keys/ecdsa-public.pem b/test/keys/ecdsa-public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmgoUd7znYaJrdt3QMIp9vzWj5ymN
+CMmIMhu5jr0vhDJLmfUk5VlYJllDsnP5qmnQSiNUY+qAGICIWd7rkrXDiA==
+-----END PUBLIC KEY-----
diff --git a/test/keys/ed25519.pem → test/keys/ed25519-private.pem b/test/keys/ed25519.pem → test/keys/ed25519-private.pem
diff --git a/test/keys/ed25519-public.pem b/test/keys/ed25519-public.pem
@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA4LypVa0tjUB5eUQeeGjllrBG7gWCIOSymuMc6fg8GB4=
+-----END PUBLIC KEY-----
diff --git a/test/keys/gen_keys.go b/test/keys/gen_keys.go
@@ -20,42 +20,61 @@ import (
 
 func writeKeys() error {
 	keys := []struct {
-		path  string
-		keyFn func() (crypto.PrivateKey, error)
+		pubPath string
+		priPath string
+		keyFn   func() (crypto.PublicKey, crypto.PrivateKey, error)
 	}{
 		{
-			path: "ecdsa.pem",
-			keyFn: func() (crypto.PrivateKey, error) {
-				return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+			pubPath: "ecdsa-public.pem",
+			priPath: "ecdsa-private.pem",
+			keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) {
+				pri, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+				if err != nil {
+					return nil, nil, err
+				}
+				return pri.Public(), pri, nil
 			},
 		},
 		{
-			path: "ed25519.pem",
-			keyFn: func() (crypto.PrivateKey, error) {
-				_, pri, err := ed25519.GenerateKey(rand.Reader)
-				return pri, err
+			pubPath: "ecdsa-public.pem",
+			priPath: "ecdsa-private.pem",
+			keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) {
+				return ed25519.GenerateKey(rand.Reader)
 			},
 		},
 		{
-			path: "rsa.pem",
-			keyFn: func() (crypto.PrivateKey, error) {
-				return rsa.GenerateKey(rand.Reader, 4096)
+			pubPath: "rsa-public.pem",
+			priPath: "rsa-private.pem",
+			keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) {
+				pri, err := rsa.GenerateKey(rand.Reader, 4096)
+				if err != nil {
+					return nil, nil, err
+				}
+				return pri.Public(), pri, nil
 			},
 		},
 	}
 
 	for _, key := range keys {
-		pri, err := key.keyFn()
+		pub, pri, err := key.keyFn()
 		if err != nil {
 			return err
 		}
 
-		pem, err := cryptoutils.MarshalPrivateKeyToPEM(pri)
+		pem, err := cryptoutils.MarshalPublicKeyToPEM(pub)
 		if err != nil {
 			return err
 		}
 
-		if err := os.WriteFile(key.path, pem, 0o600); err != nil {
+		if err := os.WriteFile(key.pubPath, pem, 0o600); err != nil {
+			return err
+		}
+
+		if pem, err = cryptoutils.MarshalPrivateKeyToPEM(pri); err != nil {
+			return err
+		}
+
+		if err := os.WriteFile(key.priPath, pem, 0o600); err != nil {
 			return err
 		}
 	}

diff --git a/test/keys/rsa.pem → test/keys/rsa-private.pem b/test/keys/rsa.pem → test/keys/rsa-private.pem
diff --git a/test/keys/rsa-public.pem b/test/keys/rsa-public.pem
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr35fzhYiVBw1d0Qx3fVt
+CXOXgtnFccm2+0b0AkMKBI5xd7NPbPdl2SfbwZdTEudP39iHQLNB+qiIKSUZby9V
+h4ISayhWZ+VcTXLTGuEozPTOpZUXhfRAbZ8EYynqzJUmP16Epi9iSoVWANDpE4bP
+cLn6mb9Bj860VxSJYUnn2DhBjxSl/MDK9JxSPgOKTiBZuPcRj9wlauBhHvDsPRrX
+CH+mG+2GNNZuz81RaMDBwodwgdZ5H/ZRF9uJPfaeqsYKWGd+zhU5sCA4pfIO5Dr0
+RKltJjdjSb9xoiZsC2OBC+nC1fvIUXrqMlfLTi7WBR9BG8ZYhZ4aVr2Lv+batdmE
+N/nPMZ4Q0VXqKpWtyqR070x0gHDfuuPtEtmvtE4ol6tbrdmZCXXnyfC9MV/SpwlV
+GST6py3W7T7CrGL+hRr53iC1AwuMXdzmM2x7z4yW4By8ts7fiQ30IjVcPDYCBcp3
+yrOFFo4uuzrjUibDIkOkR6b/u4ylisiSQZJTFCUyyxhQVMvSwSW2lk5Y5eh5cs6N
+XOqRBxoPU9cf0I7Sf5+YIl+AcVZAVgmRIpY7pTY5q+QDyiioNQYv6wL4Pjj09lwj
+EGpMF/FrUlqPz3yei+sn3ndl3RBBtXaZXIJBDOjNBQ958tfbMaVAG9k2cDnA2Qxu
+Jz97uVU6gJAY6Yv/tlAWq88CAwEAAQ==
+-----END PUBLIC KEY-----