Skip to content

Commit

Permalink
put fakehsm lower
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmhodges
jmhodges committed Nov 12, 2024
1 parent f2b58be commit f50efb5
Showing 1 changed file with 37 additions and 37 deletions.
74 changes: 37 additions & 37 deletions signer/contentsignaturepki/contentsignature_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,43 +310,6 @@ func TestReadRandFailureOnSignHash(t *testing.T) {
}
}

type fakeHSM struct {
slotToKeys map[string]crypto.PrivateKey
}

// GetPrivateKey implements signer.HSM.
func (f *fakeHSM) GetPrivateKey(label []byte) (crypto.PrivateKey, error) {
key, ok := f.slotToKeys[string(label)]
if !ok {
return nil, fmt.Errorf("key not found")
}
return key, nil
}

// GetRand implements signer.HSM.
func (f *fakeHSM) GetRand() io.Reader {
return rand.Reader
}

// MakeKey creats a key but currently only makes P256 ecdsa kyes.
func (f *fakeHSM) MakeKey(keyTpl interface{}, keyName string) (crypto.PrivateKey, crypto.PublicKey, error) {
switch keyTpl.(type) {
case *ecdsa.PublicKey:
_, ok := f.slotToKeys[keyName]
if ok {
return nil, nil, fmt.Errorf("fakeHSM: key with name %q already exists", keyName)
}
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, nil, fmt.Errorf("fakeHSM: failed to generate key: %v", err)
}
f.slotToKeys[keyName] = priv
return priv, priv.Public(), nil
default:
return nil, nil, fmt.Errorf("fakeHSM: making key of type %T is not supported", keyTpl)
}
}

// TestExistingEEKeyShouldWork is an attempt to mimic autograph booting up after
// a restart with an existing EE key. That is, the first signer creates the EE
// key in the HSM, and the second one should pick it up successfully.
Expand Down Expand Up @@ -470,3 +433,40 @@ func newTestDBHandler(t *testing.T) *database.Handler {
})
return dbHandler
}

type fakeHSM struct {
slotToKeys map[string]crypto.PrivateKey
}

// GetPrivateKey implements signer.HSM.
func (f *fakeHSM) GetPrivateKey(label []byte) (crypto.PrivateKey, error) {
key, ok := f.slotToKeys[string(label)]
if !ok {
return nil, fmt.Errorf("key not found")
}
return key, nil
}

// GetRand implements signer.HSM.
func (f *fakeHSM) GetRand() io.Reader {
return rand.Reader
}

// MakeKey creats a key but currently only makes P256 ecdsa kyes.
func (f *fakeHSM) MakeKey(keyTpl interface{}, keyName string) (crypto.PrivateKey, crypto.PublicKey, error) {
switch keyTpl.(type) {
case *ecdsa.PublicKey:
_, ok := f.slotToKeys[keyName]
if ok {
return nil, nil, fmt.Errorf("fakeHSM: key with name %q already exists", keyName)
}
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, nil, fmt.Errorf("fakeHSM: failed to generate key: %v", err)
}
f.slotToKeys[keyName] = priv
return priv, priv.Public(), nil
default:
return nil, nil, fmt.Errorf("fakeHSM: making key of type %T is not supported", keyTpl)
}
}

0 comments on commit f50efb5

Please sign in to comment.