diff --git a/pkg/integrity/dsse_test.go b/pkg/integrity/dsse_test.go index 6edb7835..7a1853af 100644 --- a/pkg/integrity/dsse_test.go +++ b/pkg/integrity/dsse_test.go @@ -22,8 +22,8 @@ import ( ) func Test_dsseEncoder_signMessage(t *testing.T) { - ed25519 := getTestSignerVerifier(t, "ed25519.pem") - rsa := getTestSignerVerifier(t, "rsa.pem") + ed25519 := getTestSignerVerifier(t, "ed25519-private.pem") + rsa := getTestSignerVerifier(t, "rsa-private.pem") tests := []struct { name string @@ -143,9 +143,9 @@ func corruptSignatures(t *testing.T, _ *dsseEncoder, e *dsse.Envelope) { } func Test_dsseDecoder_verifyMessage(t *testing.T) { - ecdsa := getTestSignerVerifier(t, "ecdsa.pem") - ed25519 := getTestSignerVerifier(t, "ed25519.pem") - rsa := getTestSignerVerifier(t, "rsa.pem") + ecdsa := getTestSignerVerifier(t, "ecdsa-private.pem") + ed25519 := getTestSignerVerifier(t, "ed25519-private.pem") + rsa := getTestSignerVerifier(t, "rsa-private.pem") ecdsaPub, err := ecdsa.PublicKey() if err != nil { diff --git a/pkg/integrity/sign_test.go b/pkg/integrity/sign_test.go index fcb27bb4..ce291468 100644 --- a/pkg/integrity/sign_test.go +++ b/pkg/integrity/sign_test.go @@ -558,7 +558,7 @@ func TestSigner_Sign(t *testing.T) { t.Fatal(err) } - sv := getTestSignerVerifier(t, "ed25519.pem") + sv := getTestSignerVerifier(t, "ed25519-private.pem") tests := []struct { name string diff --git a/pkg/integrity/verify_test.go b/pkg/integrity/verify_test.go index 8aa62ba6..6ffa8cbc 100644 --- a/pkg/integrity/verify_test.go +++ b/pkg/integrity/verify_test.go @@ -454,7 +454,7 @@ func TestNewVerifier(t *testing.T) { //nolint:maintidx oneGroupImage := loadContainer(t, filepath.Join(corpus, "one-group.sif")) twoGroupImage := loadContainer(t, filepath.Join(corpus, "two-groups.sif")) - sv := getTestSignerVerifier(t, "ed25519.pem") + sv := getTestSignerVerifier(t, "ed25519-private.pem") kr := openpgp.EntityList{getTestEntity(t)} @@ -982,7 +982,7 @@ func TestVerifier_Verify(t *testing.T) { t.Fatal(err) } - ed25519 := getTestSignerVerifier(t, "ed25519.pem") + ed25519 := getTestSignerVerifier(t, "ed25519-private.pem") ed25519Pub, err := ed25519.PublicKey() if err != nil { t.Fatal(err) @@ -1030,7 +1030,7 @@ func TestVerifier_Verify(t *testing.T) { name: "SignatureNotValidErrorDSSE", f: oneGroupSignedDSSEImage, opts: []VerifierOpt{ - OptVerifyWithVerifier(getTestSignerVerifier(t, "ecdsa.pem")), // Not signed with ECDSA. + OptVerifyWithVerifier(getTestSignerVerifier(t, "ecdsa-private.pem")), // Not signed with ECDSA. }, wantErr: &SignatureNotValidError{ID: 3}, }, diff --git a/test/images/gen_sifs.go b/test/images/gen_sifs.go index c087ff65..68096ce7 100755 --- a/test/images/gen_sifs.go +++ b/test/images/gen_sifs.go @@ -21,10 +21,10 @@ import ( "github.com/sylabs/sif/v2/pkg/sif" ) -// getSignerVerifier returns a SignerVerifier read from the PEM file at path. -func getSignerVerifier(name string) (signature.SignerVerifier, error) { //nolint:ireturn +// getSigner returns a Signer read from the PEM file at path. +func getSigner(name string) (signature.Signer, error) { //nolint:ireturn path := filepath.Join("..", "keys", name) - return signature.LoadSignerVerifierFromPEMFile(path, crypto.SHA256, cryptoutils.SkipPassword) + return signature.LoadSignerFromPEMFile(path, crypto.SHA256, cryptoutils.SkipPassword) } var errUnexpectedNumEntities = errors.New("unexpected number of entities") @@ -48,12 +48,12 @@ func getEntity() (*openpgp.Entity, error) { } func generateImages() error { - ed25519, err := getSignerVerifier("ed25519.pem") + ed25519, err := getSigner("ed25519-private.pem") if err != nil { return err } - rsa, err := getSignerVerifier("rsa.pem") + rsa, err := getSigner("rsa-private.pem") if err != nil { return err } diff --git a/test/keys/ecdsa.pem b/test/keys/ecdsa-private.pem similarity index 100% rename from test/keys/ecdsa.pem rename to test/keys/ecdsa-private.pem diff --git a/test/keys/ecdsa-public.pem b/test/keys/ecdsa-public.pem new file mode 100644 index 00000000..3f683c00 --- /dev/null +++ b/test/keys/ecdsa-public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmgoUd7znYaJrdt3QMIp9vzWj5ymN +CMmIMhu5jr0vhDJLmfUk5VlYJllDsnP5qmnQSiNUY+qAGICIWd7rkrXDiA== +-----END PUBLIC KEY----- diff --git a/test/keys/ed25519.pem b/test/keys/ed25519-private.pem similarity index 100% rename from test/keys/ed25519.pem rename to test/keys/ed25519-private.pem diff --git a/test/keys/ed25519-public.pem b/test/keys/ed25519-public.pem new file mode 100644 index 00000000..98780811 --- /dev/null +++ b/test/keys/ed25519-public.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEA4LypVa0tjUB5eUQeeGjllrBG7gWCIOSymuMc6fg8GB4= +-----END PUBLIC KEY----- diff --git a/test/keys/gen_keys.go b/test/keys/gen_keys.go index a295a6b4..bf8bc01e 100644 --- a/test/keys/gen_keys.go +++ b/test/keys/gen_keys.go @@ -20,42 +20,61 @@ import ( func writeKeys() error { keys := []struct { - path string - keyFn func() (crypto.PrivateKey, error) + pubPath string + priPath string + keyFn func() (crypto.PublicKey, crypto.PrivateKey, error) }{ { - path: "ecdsa.pem", - keyFn: func() (crypto.PrivateKey, error) { - return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pubPath: "ecdsa-public.pem", + priPath: "ecdsa-private.pem", + keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) { + pri, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, nil, err + } + return pri.Public(), pri, nil }, }, { - path: "ed25519.pem", - keyFn: func() (crypto.PrivateKey, error) { - _, pri, err := ed25519.GenerateKey(rand.Reader) - return pri, err + pubPath: "ecdsa-public.pem", + priPath: "ecdsa-private.pem", + keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) { + return ed25519.GenerateKey(rand.Reader) }, }, { - path: "rsa.pem", - keyFn: func() (crypto.PrivateKey, error) { - return rsa.GenerateKey(rand.Reader, 4096) + pubPath: "rsa-public.pem", + priPath: "rsa-private.pem", + keyFn: func() (crypto.PublicKey, crypto.PrivateKey, error) { + pri, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return nil, nil, err + } + return pri.Public(), pri, nil }, }, } for _, key := range keys { - pri, err := key.keyFn() + pub, pri, err := key.keyFn() if err != nil { return err } - pem, err := cryptoutils.MarshalPrivateKeyToPEM(pri) + pem, err := cryptoutils.MarshalPublicKeyToPEM(pub) if err != nil { return err } - if err := os.WriteFile(key.path, pem, 0o600); err != nil { + if err := os.WriteFile(key.pubPath, pem, 0o600); err != nil { + return err + } + + if pem, err = cryptoutils.MarshalPrivateKeyToPEM(pri); err != nil { + return err + } + + if err := os.WriteFile(key.priPath, pem, 0o600); err != nil { return err } } diff --git a/test/keys/rsa.pem b/test/keys/rsa-private.pem similarity index 100% rename from test/keys/rsa.pem rename to test/keys/rsa-private.pem diff --git a/test/keys/rsa-public.pem b/test/keys/rsa-public.pem new file mode 100644 index 00000000..b406c569 --- /dev/null +++ b/test/keys/rsa-public.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr35fzhYiVBw1d0Qx3fVt +CXOXgtnFccm2+0b0AkMKBI5xd7NPbPdl2SfbwZdTEudP39iHQLNB+qiIKSUZby9V +h4ISayhWZ+VcTXLTGuEozPTOpZUXhfRAbZ8EYynqzJUmP16Epi9iSoVWANDpE4bP +cLn6mb9Bj860VxSJYUnn2DhBjxSl/MDK9JxSPgOKTiBZuPcRj9wlauBhHvDsPRrX +CH+mG+2GNNZuz81RaMDBwodwgdZ5H/ZRF9uJPfaeqsYKWGd+zhU5sCA4pfIO5Dr0 +RKltJjdjSb9xoiZsC2OBC+nC1fvIUXrqMlfLTi7WBR9BG8ZYhZ4aVr2Lv+batdmE +N/nPMZ4Q0VXqKpWtyqR070x0gHDfuuPtEtmvtE4ol6tbrdmZCXXnyfC9MV/SpwlV +GST6py3W7T7CrGL+hRr53iC1AwuMXdzmM2x7z4yW4By8ts7fiQ30IjVcPDYCBcp3 +yrOFFo4uuzrjUibDIkOkR6b/u4ylisiSQZJTFCUyyxhQVMvSwSW2lk5Y5eh5cs6N +XOqRBxoPU9cf0I7Sf5+YIl+AcVZAVgmRIpY7pTY5q+QDyiioNQYv6wL4Pjj09lwj +EGpMF/FrUlqPz3yei+sn3ndl3RBBtXaZXIJBDOjNBQ958tfbMaVAG9k2cDnA2Qxu +Jz97uVU6gJAY6Yv/tlAWq88CAwEAAQ== +-----END PUBLIC KEY-----