Add tests for eddsa signing and verification

rpm-rs · May 27, 2023 · 1310cde · 1310cde
1 parent bc8b6bf
commit 1310cde
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 52 deletions.
diff --git a/src/rpm/headers/signature_builder.rs b/src/rpm/headers/signature_builder.rs
@@ -191,7 +191,6 @@ mod test {
         let builder = SignatureHeaderBuilder::<Empty>::new();
 
         let sig_header_only = [0u8; 32];
-        let sig_header_and_archive = [0u8; 32];
 
         let digest_header_sha1 = hex::encode(&[0u8; 64]);
         let digest_header_sha256: String = hex::encode(&[0u8; 64]);

diff --git a/tests/common.rs b/tests/common.rs
@@ -37,3 +37,31 @@ pub fn load_asc_keys() -> (Vec<u8>, Vec<u8>) {
     let verification_key = include_bytes!("../test_assets/public_key.asc");
     (signing_key.to_vec(), verification_key.to_vec())
 }
+
+pub fn load_rsa_keys() -> (Vec<u8>, Vec<u8>) {
+    let signing_key_path =
+        cargo_manifest_dir().join("test_assets/fixture_packages/signing_keys/secret_rsa4096.asc");
+    let signing_key = std::fs::read(signing_key_path).unwrap();
+
+    let verification_key_path =
+        cargo_manifest_dir().join("test_assets/fixture_packages/signing_keys/public_rsa4096.asc");
+    let verification_key = std::fs::read(verification_key_path).unwrap();
+
+    (signing_key.to_vec(), verification_key.to_vec())
+}
+
+pub fn eddsa_private_key() -> Vec<u8> {
+    let private_key =
+        cargo_manifest_dir().join("test_assets/fixture_packages/signing_keys/secret_ed25519.asc");
+    std::fs::read(private_key).unwrap()
+}
+
+pub fn eddsa_public_key() -> Vec<u8> {
+    let public_key =
+        cargo_manifest_dir().join("test_assets/fixture_packages/signing_keys/public_ed25519.asc");
+    std::fs::read(public_key).unwrap()
+}
+
+pub fn load_eddsa_keys() -> (Vec<u8>, Vec<u8>) {
+    (eddsa_private_key(), eddsa_public_key())
+}
diff --git a/tests/signatures.rs b/tests/signatures.rs
@@ -1,78 +1,105 @@
+use std::path::Path;
+
 use rpm::chrono::TimeZone;
 use rpm::signature::pgp::{Signer, Verifier};
 use rpm::*;
 
 mod common;
 
 #[test]
-fn test_rpm_file_signatures_resign() -> Result<(), Box<dyn std::error::Error>> {
-    let rpm_file_path = common::rpm_ima_signed_file_path();
-    let mut package = RPMPackage::open(rpm_file_path)?;
+fn test_rpm_file_signatures_resign_rsa() -> Result<(), Box<dyn std::error::Error>> {
+    let pkg_path = common::rpm_ima_signed_file_path();
+    let (signing_key, verification_key) = common::load_rsa_keys();
+    resign_and_verify_with_keys(pkg_path.as_ref(), &signing_key, &verification_key)
+}
 
-    let private_key_content = std::fs::read(common::test_private_key_path())?;
-    let signer = Signer::load_from_asc_bytes(&private_key_content)?;
+#[test]
+fn test_rpm_file_signatures_resign_eddsa() -> Result<(), Box<dyn std::error::Error>> {
+    let pkg_path = common::rpm_ima_signed_file_path();
+    let (signing_key, verification_key) = common::load_eddsa_keys();
+    resign_and_verify_with_keys(pkg_path.as_ref(), &signing_key, &verification_key)
+}
 
+#[track_caller]
+fn resign_and_verify_with_keys(
+    pkg_path: &Path,
+    signing_key: &[u8],
+    verification_key: &[u8],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let mut package = RPMPackage::open(pkg_path)?;
+    let signer = Signer::load_from_asc_bytes(signing_key)?;
     package.sign(&signer)?;
 
-    let public_key_content = std::fs::read(common::test_public_key_path())?;
-    let verifier = Verifier::load_from_asc_bytes(&public_key_content).unwrap();
+    let verifier = Verifier::load_from_asc_bytes(verification_key).unwrap();
     package
         .verify_signature(&verifier)
         .expect("failed to verify signature");
     Ok(())
 }
 
-#[test]
-fn parse_externally_signed_rpm_and_verify() -> Result<(), Box<dyn std::error::Error>> {
+#[track_caller]
+fn build_parse_sign_and_verify(
+    signing_key: &[u8],
+    verification_key: &[u8],
+) -> Result<(), Box<dyn std::error::Error>> {
     let _ = env_logger::try_init();
-    let (signing_key, verification_key) = common::load_asc_keys();
 
     let cargo_file = common::cargo_manifest_dir().join("Cargo.toml");
-    let out_file = common::cargo_out_dir().join("roundtrip.rpm");
 
-    {
-        let signer = Signer::load_from_asc_bytes(signing_key.as_ref())?;
-
-        let mut f = std::fs::File::create(&out_file)?;
-        let pkg = RPMBuilder::new(
-            "roundtrip",
-            "1.0.0",
-            "MIT",
-            "x86_64",
-            "spins round and round",
-        )
-        .compression(CompressionType::Gzip)
-        .with_file(
-            cargo_file.to_str().unwrap(),
-            RPMFileOptions::new("/etc/foobar/hugo/bazz.toml")
-                .mode(FileMode::regular(0o777))
-                .is_config(),
-        )?
-        .with_file(
-            cargo_file.to_str().unwrap(),
-            RPMFileOptions::new("/etc/Cargo.toml"),
-        )?
-        .epoch(3)
-        .pre_install_script("echo preinst")
-        .add_changelog_entry("you", "yada yada", chrono::Utc.timestamp_opt(1, 0).unwrap())
-        .requires(Dependency::any("rpm-sign".to_string()))
-        .build_and_sign(&signer)?;
-
-        pkg.write(&mut f)?;
-        let epoch = pkg.metadata.get_epoch()?;
-        assert_eq!(3, epoch);
-    }
+    let mut pkg = RPMBuilder::new(
+        "roundtrip",
+        "1.0.0",
+        "MIT",
+        "x86_64",
+        "spins round and round",
+    )
+    .compression(CompressionType::Gzip)
+    .with_file(
+        cargo_file.to_str().unwrap(),
+        RPMFileOptions::new("/etc/foobar/hugo/bazz.toml")
+            .mode(FileMode::regular(0o777))
+            .is_config(),
+    )?
+    .with_file(
+        cargo_file.to_str().unwrap(),
+        RPMFileOptions::new("/etc/Cargo.toml"),
+    )?
+    .epoch(3)
+    .pre_install_script("echo preinst")
+    .add_changelog_entry("you", "yada yada", chrono::Utc.timestamp_opt(1, 0).unwrap())
+    .requires(Dependency::any("rpm-sign".to_string()))
+    .build()?;
 
-    // verify
-    {
-        let out_file = std::fs::File::open(&out_file).expect("should be able to open rpm file");
-        let mut buf_reader = std::io::BufReader::new(out_file);
-        let package = RPMPackage::parse(&mut buf_reader)?;
+    let epoch = pkg.metadata.get_epoch()?;
+    assert_eq!(3, epoch);
 
-        let verifier = Verifier::load_from_asc_bytes(verification_key.as_ref())?;
+    // sign
+    let signer = Signer::load_from_asc_bytes(signing_key.as_ref())?;
+    pkg.sign(signer)?;
 
-        package.verify_signature(verifier)?;
-    }
+    let out_file = common::cargo_out_dir().join("roundtrip.rpm");
+    pkg.write_file(&out_file)?;
+
+    // verify
+    let package = RPMPackage::open(&out_file)?;
+    let verifier = Verifier::load_from_asc_bytes(verification_key.as_ref())?;
+    package.verify_signature(verifier)?;
 
     Ok(())
 }
+
+#[test]
+fn parse_externally_signed_rpm_and_verify_rsa() -> Result<(), Box<dyn std::error::Error>> {
+    let _ = env_logger::try_init();
+    let (signing_key, verification_key) = common::load_rsa_keys();
+
+    build_parse_sign_and_verify(&signing_key, &verification_key)
+}
+
+#[test]
+fn parse_externally_signed_rpm_and_verify_eddsa() -> Result<(), Box<dyn std::error::Error>> {
+    let _ = env_logger::try_init();
+    let (signing_key, verification_key) = common::load_eddsa_keys();
+
+    build_parse_sign_and_verify(&signing_key, &verification_key)
+}