Fix ecdsa signature verification test.

2021-01-28 11:38:21 -08:00 · 2021-01-28 11:38:21 -08:00 · 6c113542c8
commit 6c113542c8
parent 35bf9b787e
1 changed files with 19 additions and 19 deletions
--- a/kms/pkcs11/pkcs11_test.go
+++ b/kms/pkcs11/pkcs11_test.go
@ -392,6 +392,24 @@ func TestPKCS11_CreateSigner(t *testing.T) {
 	data := []byte("buggy-coheir-RUBRIC-rabbet-liberal-eaglet-khartoum-stagger")
 	setupSoftHSM2, setupYubiHSM2 := setupFuncs(t)

+	// VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
+	// public key, pub. Its return value records whether the signature is valid.
+	verifyASN1 := func(pub *ecdsa.PublicKey, hash, sig []byte) bool {
+		var (
+			r, s  = &big.Int{}, &big.Int{}
+			inner cryptobyte.String
+		)
+		input := cryptobyte.String(sig)
+		if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
+			!input.Empty() ||
+			!inner.ReadASN1Integer(r) ||
+			!inner.ReadASN1Integer(s) ||
+			!inner.Empty() {
+			return false
+		}
+		return ecdsa.Verify(pub, hash, r, s)
+	}
+
 	type args struct {
 		req *apiv1.CreateSignerRequest
 	}
@ -481,7 +499,7 @@ func TestPKCS11_CreateSigner(t *testing.T) {
 					}
 				case apiv1.ECDSAWithSHA256, apiv1.ECDSAWithSHA384, apiv1.ECDSAWithSHA512:
 					pub := got.Public().(*ecdsa.PublicKey)
-					if !VerifyASN1(pub, digest, sig) {
+					if !verifyASN1(pub, digest, sig) {
 						t.Error("ecdsa.VerifyASN1() failed")
 					}
 				default:
@ -645,21 +663,3 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
 		})
 	}
 }
-
-// VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
-// public key, pub. Its return value records whether the signature is valid.
-func VerifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
-	var (
-		r, s  = &big.Int{}, &big.Int{}
-		inner cryptobyte.String
-	)
-	input := cryptobyte.String(sig)
-	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
-		input.Empty() ||
-		inner.ReadASN1Integer(r) ||
-		inner.ReadASN1Integer(s) ||
-		inner.Empty() {
-		return false
-	}
-	return ecdsa.Verify(pub, hash, r, s)
-}