-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests for eddsa signing and verification
- Loading branch information
Showing
3 changed files
with
106 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,78 +1,105 @@ | ||
use std::path::Path; | ||
|
||
use rpm::chrono::TimeZone; | ||
use rpm::signature::pgp::{Signer, Verifier}; | ||
use rpm::*; | ||
|
||
mod common; | ||
|
||
#[test] | ||
fn test_rpm_file_signatures_resign() -> Result<(), Box<dyn std::error::Error>> { | ||
let rpm_file_path = common::rpm_ima_signed_file_path(); | ||
let mut package = RPMPackage::open(rpm_file_path)?; | ||
fn test_rpm_file_signatures_resign_rsa() -> Result<(), Box<dyn std::error::Error>> { | ||
let pkg_path = common::rpm_ima_signed_file_path(); | ||
let (signing_key, verification_key) = common::load_rsa_keys(); | ||
resign_and_verify_with_keys(pkg_path.as_ref(), &signing_key, &verification_key) | ||
} | ||
|
||
let private_key_content = std::fs::read(common::test_private_key_path())?; | ||
let signer = Signer::load_from_asc_bytes(&private_key_content)?; | ||
#[test] | ||
fn test_rpm_file_signatures_resign_eddsa() -> Result<(), Box<dyn std::error::Error>> { | ||
let pkg_path = common::rpm_ima_signed_file_path(); | ||
let (signing_key, verification_key) = common::load_eddsa_keys(); | ||
resign_and_verify_with_keys(pkg_path.as_ref(), &signing_key, &verification_key) | ||
} | ||
|
||
#[track_caller] | ||
fn resign_and_verify_with_keys( | ||
pkg_path: &Path, | ||
signing_key: &[u8], | ||
verification_key: &[u8], | ||
) -> Result<(), Box<dyn std::error::Error>> { | ||
let mut package = RPMPackage::open(pkg_path)?; | ||
let signer = Signer::load_from_asc_bytes(signing_key)?; | ||
package.sign(&signer)?; | ||
|
||
let public_key_content = std::fs::read(common::test_public_key_path())?; | ||
let verifier = Verifier::load_from_asc_bytes(&public_key_content).unwrap(); | ||
let verifier = Verifier::load_from_asc_bytes(verification_key).unwrap(); | ||
package | ||
.verify_signature(&verifier) | ||
.expect("failed to verify signature"); | ||
Ok(()) | ||
} | ||
|
||
#[test] | ||
fn parse_externally_signed_rpm_and_verify() -> Result<(), Box<dyn std::error::Error>> { | ||
#[track_caller] | ||
fn build_parse_sign_and_verify( | ||
signing_key: &[u8], | ||
verification_key: &[u8], | ||
) -> Result<(), Box<dyn std::error::Error>> { | ||
let _ = env_logger::try_init(); | ||
let (signing_key, verification_key) = common::load_asc_keys(); | ||
|
||
let cargo_file = common::cargo_manifest_dir().join("Cargo.toml"); | ||
let out_file = common::cargo_out_dir().join("roundtrip.rpm"); | ||
|
||
{ | ||
let signer = Signer::load_from_asc_bytes(signing_key.as_ref())?; | ||
|
||
let mut f = std::fs::File::create(&out_file)?; | ||
let pkg = RPMBuilder::new( | ||
"roundtrip", | ||
"1.0.0", | ||
"MIT", | ||
"x86_64", | ||
"spins round and round", | ||
) | ||
.compression(CompressionType::Gzip) | ||
.with_file( | ||
cargo_file.to_str().unwrap(), | ||
RPMFileOptions::new("/etc/foobar/hugo/bazz.toml") | ||
.mode(FileMode::regular(0o777)) | ||
.is_config(), | ||
)? | ||
.with_file( | ||
cargo_file.to_str().unwrap(), | ||
RPMFileOptions::new("/etc/Cargo.toml"), | ||
)? | ||
.epoch(3) | ||
.pre_install_script("echo preinst") | ||
.add_changelog_entry("you", "yada yada", chrono::Utc.timestamp_opt(1, 0).unwrap()) | ||
.requires(Dependency::any("rpm-sign".to_string())) | ||
.build_and_sign(&signer)?; | ||
|
||
pkg.write(&mut f)?; | ||
let epoch = pkg.metadata.get_epoch()?; | ||
assert_eq!(3, epoch); | ||
} | ||
let mut pkg = RPMBuilder::new( | ||
"roundtrip", | ||
"1.0.0", | ||
"MIT", | ||
"x86_64", | ||
"spins round and round", | ||
) | ||
.compression(CompressionType::Gzip) | ||
.with_file( | ||
cargo_file.to_str().unwrap(), | ||
RPMFileOptions::new("/etc/foobar/hugo/bazz.toml") | ||
.mode(FileMode::regular(0o777)) | ||
.is_config(), | ||
)? | ||
.with_file( | ||
cargo_file.to_str().unwrap(), | ||
RPMFileOptions::new("/etc/Cargo.toml"), | ||
)? | ||
.epoch(3) | ||
.pre_install_script("echo preinst") | ||
.add_changelog_entry("you", "yada yada", chrono::Utc.timestamp_opt(1, 0).unwrap()) | ||
.requires(Dependency::any("rpm-sign".to_string())) | ||
.build()?; | ||
|
||
// verify | ||
{ | ||
let out_file = std::fs::File::open(&out_file).expect("should be able to open rpm file"); | ||
let mut buf_reader = std::io::BufReader::new(out_file); | ||
let package = RPMPackage::parse(&mut buf_reader)?; | ||
let epoch = pkg.metadata.get_epoch()?; | ||
assert_eq!(3, epoch); | ||
|
||
let verifier = Verifier::load_from_asc_bytes(verification_key.as_ref())?; | ||
// sign | ||
let signer = Signer::load_from_asc_bytes(signing_key.as_ref())?; | ||
pkg.sign(signer)?; | ||
|
||
package.verify_signature(verifier)?; | ||
} | ||
let out_file = common::cargo_out_dir().join("roundtrip.rpm"); | ||
pkg.write_file(&out_file)?; | ||
|
||
// verify | ||
let package = RPMPackage::open(&out_file)?; | ||
let verifier = Verifier::load_from_asc_bytes(verification_key.as_ref())?; | ||
package.verify_signature(verifier)?; | ||
|
||
Ok(()) | ||
} | ||
|
||
#[test] | ||
fn parse_externally_signed_rpm_and_verify_rsa() -> Result<(), Box<dyn std::error::Error>> { | ||
let _ = env_logger::try_init(); | ||
let (signing_key, verification_key) = common::load_rsa_keys(); | ||
|
||
build_parse_sign_and_verify(&signing_key, &verification_key) | ||
} | ||
|
||
#[test] | ||
fn parse_externally_signed_rpm_and_verify_eddsa() -> Result<(), Box<dyn std::error::Error>> { | ||
let _ = env_logger::try_init(); | ||
let (signing_key, verification_key) = common::load_eddsa_keys(); | ||
|
||
build_parse_sign_and_verify(&signing_key, &verification_key) | ||
} |