BCCSP improved test coverage

This change-set improves the test coverage of the BCCSP package
and fix a few bugs found during the process.

This change-set comes in the context of:
https://jira.hyperledger.org/browse/FAB-354

Change-Id: I78ed4a36ca32166c6271b98935569eb3d997475e
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

core/crypto/bccsp/sw/aeskey.go

@@ -24,15 +24,15 @@ import (
 )
 
 type aesPrivateKey struct {
-	k          []byte
+	privKey    []byte
 	exportable bool
 }
 
 // Bytes converts this key to its byte representation,
 // if this operation is allowed.
 func (k *aesPrivateKey) Bytes() (raw []byte, err error) {
 	if k.exportable {
-		return k.k, nil
+		return k.privKey, nil
 	}
 
 	return nil, errors.New("Not supported.")
@@ -41,7 +41,7 @@ func (k *aesPrivateKey) Bytes() (raw []byte, err error) {
 // SKI returns the subject key identifier of this key.
 func (k *aesPrivateKey) SKI() (ski []byte) {
 	hash := sha256.New()
-	hash.Write(k.k)
+	hash.Write(k.privKey)
 	return hash.Sum(nil)
 }
 

core/crypto/bccsp/sw/ecdsakey.go

@@ -22,28 +22,30 @@ import (
 
 	"crypto/sha256"
 
+	"errors"
+
 	"github.com/hyperledger/fabric/core/crypto/bccsp"
 	"github.com/hyperledger/fabric/core/crypto/primitives"
 )
 
 type ecdsaPrivateKey struct {
-	k *ecdsa.PrivateKey
+	privKey *ecdsa.PrivateKey
 }
 
 // FIXME: remove as soon as there's a way to import the key more properly
 func NewEcdsaPrivateKey(k *ecdsa.PrivateKey) bccsp.Key {
-	return &ecdsaPrivateKey{k: k}
+	return &ecdsaPrivateKey{privKey: k}
 }
 
 // Bytes converts this key to its byte representation,
 // if this operation is allowed.
 func (k *ecdsaPrivateKey) Bytes() (raw []byte, err error) {
-	return
+	return nil, errors.New("Not supported.")
 }
 
 // SKI returns the subject key identifier of this key.
 func (k *ecdsaPrivateKey) SKI() (ski []byte) {
-	raw, _ := primitives.PrivateKeyToDER(k.k)
+	raw, _ := primitives.PrivateKeyToDER(k.privKey)
 	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
 
 	hash := sha256.New()
@@ -66,22 +68,22 @@ func (k *ecdsaPrivateKey) Private() bool {
 // PublicKey returns the corresponding public key part of an asymmetric public/private key pair.
 // This method returns an error in symmetric key schemes.
 func (k *ecdsaPrivateKey) PublicKey() (bccsp.Key, error) {
-	return &ecdsaPublicKey{&k.k.PublicKey}, nil
+	return &ecdsaPublicKey{&k.privKey.PublicKey}, nil
 }
 
 type ecdsaPublicKey struct {
-	k *ecdsa.PublicKey
+	pubKey *ecdsa.PublicKey
 }
 
 // FIXME: remove as soon as there's a way to import the key more properly
 func NewEcdsaPublicKey(k *ecdsa.PublicKey) bccsp.Key {
-	return &ecdsaPublicKey{k: k}
+	return &ecdsaPublicKey{pubKey: k}
 }
 
 // Bytes converts this key to its byte representation,
 // if this operation is allowed.
 func (k *ecdsaPublicKey) Bytes() (raw []byte, err error) {
-	raw, err = x509.MarshalPKIXPublicKey(k.k)
+	raw, err = x509.MarshalPKIXPublicKey(k.pubKey)
 	if err != nil {
 		return nil, fmt.Errorf("Failed marshalling key [%s]", err)
 	}
@@ -90,7 +92,7 @@ func (k *ecdsaPublicKey) Bytes() (raw []byte, err error) {
 
 // SKI returns the subject key identifier of this key.
 func (k *ecdsaPublicKey) SKI() (ski []byte) {
-	raw, _ := primitives.PublicKeyToPEM(k.k, nil)
+	raw, _ := primitives.PublicKeyToPEM(k.pubKey, nil)
 	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
 
 	hash := sha256.New()

core/crypto/bccsp/sw/fileks.go

@@ -125,7 +125,7 @@ func (ks *FileBasedKeyStore) GetKey(ski []byte) (k bccsp.Key, err error) {
 		// Load the private key
 		key, err := ks.loadPrivateKey(hex.EncodeToString(ski))
 		if err != nil {
-			return nil, fmt.Errorf("Failed loading key [%x] [%s]", ski, err)
+			return nil, fmt.Errorf("Failed loading secret key [%x] [%s]", ski, err)
 		}
 
 		switch key.(type) {
@@ -134,10 +134,25 @@ func (ks *FileBasedKeyStore) GetKey(ski []byte) (k bccsp.Key, err error) {
 		case *rsa.PrivateKey:
 			return &rsaPrivateKey{key.(*rsa.PrivateKey)}, nil
 		default:
-			return nil, errors.New("Key type not recognized")
+			return nil, errors.New("Secret key type not recognized")
+		}
+	case "pk":
+		// Load the public key
+		key, err := ks.loadPublicKey(hex.EncodeToString(ski))
+		if err != nil {
+			return nil, fmt.Errorf("Failed loading public key [%x] [%s]", ski, err)
+		}
+
+		switch key.(type) {
+		case *ecdsa.PublicKey:
+			return &ecdsaPublicKey{key.(*ecdsa.PublicKey)}, nil
+		case *rsa.PublicKey:
+			return &rsaPublicKey{key.(*rsa.PublicKey)}, nil
+		default:
+			return nil, errors.New("Public key type not recognized")
 		}
 	default:
-		return nil, errors.New("Key not recognized")
+		return nil, errors.New("Key type not recognized")
 	}
 }
 
@@ -155,39 +170,39 @@ func (ks *FileBasedKeyStore) StoreKey(k bccsp.Key) (err error) {
 	case *ecdsaPrivateKey:
 		kk := k.(*ecdsaPrivateKey)
 
-		err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.k)
+		err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.privKey)
 		if err != nil {
 			return fmt.Errorf("Failed storing ECDSA private key [%s]", err)
 		}
 
 	case *ecdsaPublicKey:
 		kk := k.(*ecdsaPublicKey)
 
-		err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.k)
+		err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.pubKey)
 		if err != nil {
 			return fmt.Errorf("Failed storing ECDSA public key [%s]", err)
 		}
 
 	case *rsaPrivateKey:
 		kk := k.(*rsaPrivateKey)
 
-		err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.k)
+		err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.privKey)
 		if err != nil {
 			return fmt.Errorf("Failed storing RSA private key [%s]", err)
 		}
 
 	case *rsaPublicKey:
 		kk := k.(*rsaPublicKey)
 
-		err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.k)
+		err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.pubKey)
 		if err != nil {
 			return fmt.Errorf("Failed storing RSA public key [%s]", err)
 		}
 
 	case *aesPrivateKey:
 		kk := k.(*aesPrivateKey)
 
-		err = ks.storeKey(hex.EncodeToString(k.SKI()), kk.k)
+		err = ks.storeKey(hex.EncodeToString(k.SKI()), kk.privKey)
 		if err != nil {
 			return fmt.Errorf("Failed storing AES key [%s]", err)
 		}
@@ -219,10 +234,6 @@ func (ks *FileBasedKeyStore) getSuffix(alias string) string {
 }
 
 func (ks *FileBasedKeyStore) storePrivateKey(alias string, privateKey interface{}) error {
-	if ks.readOnly {
-		return errors.New("Read only KeyStore.")
-	}
-
 	rawKey, err := primitives.PrivateKeyToPEM(privateKey, ks.pwd)
 	if err != nil {
 		logger.Errorf("Failed converting private key to PEM [%s]: [%s]", alias, err)
@@ -239,10 +250,6 @@ func (ks *FileBasedKeyStore) storePrivateKey(alias string, privateKey interface{
 }
 
 func (ks *FileBasedKeyStore) storePublicKey(alias string, publicKey interface{}) error {
-	if ks.readOnly {
-		return errors.New("Read only KeyStore.")
-	}
-
 	rawKey, err := primitives.PublicKeyToPEM(publicKey, ks.pwd)
 	if err != nil {
 		logger.Errorf("Failed converting public key to PEM [%s]: [%s]", alias, err)
@@ -259,10 +266,6 @@ func (ks *FileBasedKeyStore) storePublicKey(alias string, publicKey interface{})
 }
 
 func (ks *FileBasedKeyStore) storeKey(alias string, key []byte) error {
-	if ks.readOnly {
-		return errors.New("Read only KeyStore.")
-	}
-
 	pem, err := primitives.AEStoEncryptedPEM(key, ks.pwd)
 	if err != nil {
 		logger.Errorf("Failed converting key to PEM [%s]: [%s]", alias, err)

core/crypto/bccsp/sw/fileks_test.go

@@ -0,0 +1,66 @@
+/*
+Copyright IBM Corp. 2016 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package sw
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestInvalidStoreKey(t *testing.T) {
+	ks := &FileBasedKeyStore{}
+	if err := ks.Init(nil, filepath.Join(os.TempDir(), "bccspks"), false); err != nil {
+		fmt.Printf("Failed initiliazing KeyStore [%s]", err)
+		os.Exit(-1)
+	}
+
+	err := ks.StoreKey(nil)
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&ecdsaPrivateKey{nil})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&ecdsaPublicKey{nil})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&rsaPublicKey{nil})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&rsaPrivateKey{nil})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&aesPrivateKey{nil, false})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+
+	err = ks.StoreKey(&aesPrivateKey{nil, true})
+	if err == nil {
+		t.Fatal("Error should be different from nil in this case")
+	}
+}