tailscale/tka/sig_test.go

// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package tka

import (
	"crypto/ed25519"
	"testing"

	"github.com/google/go-cmp/cmp"
)

func TestSigDirect(t *testing.T) {
	nodeKeyPub := []byte{1, 2, 3, 4}

	// Verification key (the key used to sign)
	pub, priv := testingKey25519(t, 1)
	key := Key{Kind: Key25519, Public: pub, Votes: 2}

	sig := NodeKeySignature{
		SigKind: SigDirect,
		KeyID:   key.ID(),
		Pubkey:  nodeKeyPub,
	}
	sigHash := sig.SigHash()
	sig.Signature = ed25519.Sign(priv, sigHash[:])

	if sig.SigHash() != sigHash {
		t.Errorf("sigHash changed after signing: %x != %x", sig.SigHash(), sigHash)
	}

	if err := sig.verifySignature(key); err != nil {
		t.Fatalf("verifySignature() failed: %v", err)
	}
}

func TestSigSerializeUnserialize(t *testing.T) {
	nodeKeyPub := []byte{1, 2, 3, 4}
	pub, priv := testingKey25519(t, 1)
	key := Key{Kind: Key25519, Public: pub, Votes: 2}
	sig := NodeKeySignature{
		SigKind: SigDirect,
		KeyID:   key.ID(),
		Pubkey:  nodeKeyPub,
	}
	sigHash := sig.SigHash()
	sig.Signature = ed25519.Sign(priv, sigHash[:])

	var decoded NodeKeySignature
	if err := decoded.Unserialize(sig.Serialize()); err != nil {
		t.Fatalf("Unserialize() failed: %v", err)
	}
	if diff := cmp.Diff(sig, decoded); diff != "" {
		t.Errorf("unmarshalled version differs (-want, +got):\n%s", diff)
	}
}
tka,types/key: implement direct node-key signatures Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-07-21 22:45:43 +01:00			`// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package tka`

			`import (`
			`"crypto/ed25519"`
			`"testing"`
tka: Use strict decoding settings, implement Unserialize() Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-12 21:13:38 +01:00
			`"github.com/google/go-cmp/cmp"`
tka,types/key: implement direct node-key signatures Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-07-21 22:45:43 +01:00			`)`

			`func TestSigDirect(t *testing.T) {`
			`nodeKeyPub := []byte{1, 2, 3, 4}`

			`// Verification key (the key used to sign)`
			`pub, priv := testingKey25519(t, 1)`
			`key := Key{Kind: Key25519, Public: pub, Votes: 2}`

			`sig := NodeKeySignature{`
			`SigKind: SigDirect,`
			`KeyID: key.ID(),`
			`Pubkey: nodeKeyPub,`
			`}`
client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-11 18:43:09 +01:00			`sigHash := sig.SigHash()`
tka,types/key: implement direct node-key signatures Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-07-21 22:45:43 +01:00			`sig.Signature = ed25519.Sign(priv, sigHash[:])`

client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-11 18:43:09 +01:00			`if sig.SigHash() != sigHash {`
			`t.Errorf("sigHash changed after signing: %x != %x", sig.SigHash(), sigHash)`
tka,types/key: implement direct node-key signatures Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-07-21 22:45:43 +01:00			`}`

			`if err := sig.verifySignature(key); err != nil {`
			`t.Fatalf("verifySignature() failed: %v", err)`
			`}`
			`}`
tka: Use strict decoding settings, implement Unserialize() Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-12 21:13:38 +01:00
			`func TestSigSerializeUnserialize(t *testing.T) {`
			`nodeKeyPub := []byte{1, 2, 3, 4}`
			`pub, priv := testingKey25519(t, 1)`
			`key := Key{Kind: Key25519, Public: pub, Votes: 2}`
			`sig := NodeKeySignature{`
			`SigKind: SigDirect,`
			`KeyID: key.ID(),`
			`Pubkey: nodeKeyPub,`
			`}`
client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-11 18:43:09 +01:00			`sigHash := sig.SigHash()`
tka: Use strict decoding settings, implement Unserialize() Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-12 21:13:38 +01:00			`sig.Signature = ed25519.Sign(priv, sigHash[:])`

			`var decoded NodeKeySignature`
			`if err := decoded.Unserialize(sig.Serialize()); err != nil {`
			`t.Fatalf("Unserialize() failed: %v", err)`
			`}`
			`if diff := cmp.Diff(sig, decoded); diff != "" {`
			`t.Errorf("unmarshalled version differs (-want, +got):\n%s", diff)`
			`}`
			`}`