Skip to content

Commit

Permalink
signature tests: remove skipped failing tests (sigs were bad), and ad…
Browse files Browse the repository at this point in the history
…d some additional checks to interop
  • Loading branch information
bnewbold committed Apr 1, 2023
1 parent 812a34c commit d0ea072
Showing 1 changed file with 20 additions and 100 deletions.
120 changes: 20 additions & 100 deletions testing/sig_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,61 +70,6 @@ func TestVerification(t *testing.T) {
}
}

func TestVerificationTwo(t *testing.T) {
t.Skip("XXX: this test is failing!")
assert := assert.New(t)

// http get http://localhost:2583/xrpc/com.atproto.sync.getCheckout did==did:plc:z5vnbioquyhivxirw3bbljmu commit==bafyreieovfuizojpw3zresz7sx3nk4trm2by23pt5rxbey3jme4uo5ogiu > bafyreieovfuizojpw3zresz7sx3nk4trm2by23pt5rxbey3jme4uo5ogiu.car
// http get http://localhost:2582/did:plc:z5vnbioquyhivxirw3bbljmu > code/indigo/testing/test_files/did_plc_z5vnbioquyhivxirw3bbljmu.didDoc.json

fi, err := os.Open("test_files/bafyreieovfuizojpw3zresz7sx3nk4trm2by23pt5rxbey3jme4uo5ogiu.car")
if err != nil {
t.Fatal(err)
}

bs := blockstore.NewBlockstore(datastore.NewMapDatastore())
ctx := context.TODO()
c, err := repo.IngestRepo(ctx, bs, fi)
if err != nil {
t.Fatal(err)
}

r, err := repo.OpenRepo(ctx, bs, c, true)
if err != nil {
t.Fatal(err)
}

vmstr := `{
"controller": "did:plc:z5vnbioquyhivxirw3bbljmu",
"id": "#atproto",
"publicKeyMultibase": "zPgFC4hKo2MFLkBRQuHewXRDp94MSrd3yuiJ1En87qTeF68T92DPWvWSjxjMuMiB4qz8UzE8wWTNvZq7mgr7BsjW9",
"type": "EcdsaSecp256k1VerificationKey2019"
}`
var vm did.VerificationMethod

if err := json.Unmarshal([]byte(vmstr), &vm); err != nil {
t.Fatal(err)
}

pk, err := did.KeyFromMultibase(vm)
if err != nil {
t.Fatal(err)
}

assert.Equal(pk.Type, "EcdsaSecp256k1VerificationKey2019")

scom := r.SignedCommit()

msg, err := scom.Unsigned().BytesForSigning()
if err != nil {
t.Fatal(err)
}

if err := pk.Verify(msg, scom.Sig); err != nil {
t.Fatal(err)
}
}

func TestVerificationK256(t *testing.T) {
// 2023-03-30T11:18:20.605-0700 WARN indexer indexer/keymgr.go:37 trying to verify sig {"key": {"Raw":"BBKybGcJOMvsIyPaKglHtcocOFN7QrlppYHN3i4fW5PfLmfUFCXNcNKMk/MjT/cnquZS1APwxr6QUR7LE8/bJC8=","Type":"EcdsaSecp256k1VerificationKey2019"}, "sigBytes": "1ZJM8YFVmHJksi+liHFn62GBfUd7zDio0BVej0JTjtJUdYMgmV8Mg4/4RNfL9VFM8bXMhzusJ1qpu2kTyHoliA==", "msgBytes": "pGNkaWR4IGRpZDpwbGM6cHVydnZqNXV0N2hyeGo1ejdtbTZyNGd0ZGRhdGHYKlglAAFxEiAG8t9fbFkSGKBhEXYLZLC5njldpEfHGg2hheTdR9VLi2RwcmV22CpYJQABcRIgtJroXREnp3TZxxf8xZTQC+w4+vnfz1KIkWVitinSPOFndmVyc2lvbgI="}

Expand All @@ -144,48 +89,6 @@ func TestVerificationK256(t *testing.T) {
assert.NoError(key.Verify(msgBytes, sigBytes))
}

func TestVerificationK256Another(t *testing.T) {
t.Skip("XXX: this test is failing!")

// 2023-03-30T14:45:38.564-0700 WARN indexer indexer/keymgr.go:39 signature failed to verify {"err": "invalid signature", "did": "did:plc:5wy3mk2y6hr5hfjd27t25mwq", "pubKey": {"Raw":"BG43klS5n0pGwV4pbSDZus9gEpAv9y9ixMw5g+BTXejAefzTvGuS0wXUtd+4gNynDKnJI8Ql5HZgd31wUOcuEnI=","Type":"EcdsaSecp256k1VerificationKey2019"}, "sigBytes": "/RqP+2UeQxEotDobElhPIqMUfLuP6NAqWH1DFYz4uBIzG9m2rq+AOv+7ByTs1Iz3W2Pb/ArU6h4u9b32TcOA8w==", "msgBytes": "pGNkaWR4IGRpZDpwbGM6NXd5M21rMnk2aHI1aGZqZDI3dDI1bXdxZGRhdGHYKlglAAFxEiAmLxtdfzvOecsKYGpQcJoKe/sez3Azipj+ruH8+Oeb2mRwcmV22CpYJQABcRIgaaoi6eUxIHB/n6QucX3fjxP/43pLhAd2NEo8wIpc1I1ndmVyc2lvbgI="}

assert := assert.New(t)
keyBytes, err := base64.StdEncoding.DecodeString("BG43klS5n0pGwV4pbSDZus9gEpAv9y9ixMw5g+BTXejAefzTvGuS0wXUtd+4gNynDKnJI8Ql5HZgd31wUOcuEnI=")
assert.NoError(err)
msgBytes, err := base64.StdEncoding.DecodeString("pGNkaWR4IGRpZDpwbGM6NXd5M21rMnk2aHI1aGZqZDI3dDI1bXdxZGRhdGHYKlglAAFxEiAmLxtdfzvOecsKYGpQcJoKe/sez3Azipj+ruH8+Oeb2mRwcmV22CpYJQABcRIgaaoi6eUxIHB/n6QucX3fjxP/43pLhAd2NEo8wIpc1I1ndmVyc2lvbgI=")
assert.NoError(err)
sigBytes, err := base64.StdEncoding.DecodeString("/RqP+2UeQxEotDobElhPIqMUfLuP6NAqWH1DFYz4uBIzG9m2rq+AOv+7ByTs1Iz3W2Pb/ArU6h4u9b32TcOA8w==")
assert.NoError(err)

key := did.PubKey{
Type: "EcdsaSecp256k1VerificationKey2019", // k1 -> K256
Raw: keyBytes,
}

assert.NoError(key.Verify(msgBytes, sigBytes))
}

func TestVerificationP256(t *testing.T) {
t.Skip("XXX: this test is failing!")

// 2023-03-30T10:48:24.163-0700 WARN indexer indexer/keymgr.go:37 trying to verify sig {"key": {"Raw":"BHNFqXf9epzecIlKScjkhbG40FfJ77Cc3klxkozXuQ+UzzxyVwIQMmwrd8hW+BtF1GHLv7bt3D6feMvsnOgoxTI=","Type":"EcdsaSecp256r1VerificationKey2019"}, "sigBytes": "Utv2SWqgajkPF0MdMAEEK4JY1eF6DQEqPZgYEXAFlus4zRcdoK/5ttKRG1Nn4yaqbxJ/ezpW2d2dbZoxhhTe1A==", "msgBytes": "pGNkaWR4IGRpZDpwbGM6emtva2JrZ3g3a3B6bGF0Y2ZxeXVkZ2ttZGRhdGHYKlglAAFxEiC9iE2tv7bvgaTPHg7Z+ay8hQK+7QY+OM7OO8IYI0X/sWRwcmV22CpYJQABcRIgG5obqev4a3cjqY6juXsSUgcV4Vad5id+1nE1/GPqfuBndmVyc2lvbgI="}

assert := assert.New(t)
keyBytes, err := base64.StdEncoding.DecodeString("BHNFqXf9epzecIlKScjkhbG40FfJ77Cc3klxkozXuQ+UzzxyVwIQMmwrd8hW+BtF1GHLv7bt3D6feMvsnOgoxTI=")
assert.NoError(err)
msgBytes, err := base64.StdEncoding.DecodeString("pGNkaWR4IGRpZDpwbGM6emtva2JrZ3g3a3B6bGF0Y2ZxeXVkZ2ttZGRhdGHYKlglAAFxEiC9iE2tv7bvgaTPHg7Z+ay8hQK+7QY+OM7OO8IYI0X/sWRwcmV22CpYJQABcRIgG5obqev4a3cjqY6juXsSUgcV4Vad5id+1nE1/GPqfuBndmVyc2lvbgI=")
assert.NoError(err)
sigBytes, err := base64.StdEncoding.DecodeString("Utv2SWqgajkPF0MdMAEEK4JY1eF6DQEqPZgYEXAFlus4zRcdoK/5ttKRG1Nn4yaqbxJ/ezpW2d2dbZoxhhTe1A==")
assert.NoError(err)

key := did.PubKey{
Type: "EcdsaSecp256r1VerificationKey2019", // r1 -> P256
Raw: keyBytes,
}

assert.NoError(key.Verify(msgBytes, sigBytes))
}

func parseKeyFromMultibase(t *testing.T, s, keyType string) did.PubKey {
_, data, err := multibase.Decode(s)
if err != nil {
Expand All @@ -205,16 +108,15 @@ func parseDidKey(t *testing.T, s string) did.PubKey {
}
switch {
case data[0] == 0x80 && data[1] == 0x24:
// p256
// need to "uncompress"
// p256; need to "uncompress"
curve := elliptic.P256()
x, y := elliptic.UnmarshalCompressed(curve, data[2:])
return did.PubKey{
Type: "EcdsaSecp256r1VerificationKey2019",
Raw: elliptic.Marshal(curve, x, y),
}
case data[0] == 0xE7 && data[1] == 0x01:
// k256
// k256; apparently don't need to uncompress
return did.PubKey{
Type: "EcdsaSecp256k1VerificationKey2019",
Raw: data[2:],
Expand Down Expand Up @@ -267,5 +169,23 @@ func TestInteropSignatures(t *testing.T) {

assert.NoError(pkDid.Verify(msgBytes, sigBytes), "keyType=%v format=%v", row.description, "did:key")
assert.NoError(pkMultibase.Verify(msgBytes, sigBytes), "keyType=%v format=%v", row.description, "multibase")
assert.Error(pkMultibase.Verify(msgBytes, []byte{1, 2, 3}), "keyType=%v format=%v", row.description, "multibase")
assert.Error(pkMultibase.Verify([]byte{1, 2, 3}, sigBytes), "keyType=%v format=%v", row.description, "multibase")

// TODO: investigate these additional tests, which partially fail, instead of "continue"
/*
assert.Equal(pkDid, pkMultibase, row.description)
assert.NotEqual(pkDid.MultibaseString(), "<invalid key>", "keyType=%v format=%v", row.description, "did:key")
assert.NotEqual(pkMultibase.MultibaseString(), "<invalid key>", "keyType=%v format=%v", row.description, "multibase")
// check that keys round-trip ok
assert.Equal(row.didKey, pkDid.DID(), "export keyType=%v format=%v", row.description, "did:key")
assert.Equal(row.multibaseKey, pkDid.MultibaseString(), "export keyType=%v format=%v", row.description, "multibase")
pkDid = parseDidKey(t, pkDid.DID())
pkMultibase = parseKeyFromMultibase(t, pkMultibase.MultibaseString(), row.docType)
assert.NoError(pkDid.Verify(msgBytes, sigBytes), "round-trip keyType=%v format=%v", row.description, "did:key")
assert.NoError(pkMultibase.Verify(msgBytes, sigBytes), "round-trip keyType=%v format=%v", row.description, "multibase")
*/
}
}

0 comments on commit d0ea072

Please sign in to comment.