Sākums Izpētīt Palīdzība
Pierakstīties
golang
/
nebula
spogulis no https://github.com/slackhq/nebula
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: d97ed57a19
Atzari Tagi
nebula
/
cert
/
crypto_test.go

crypto_test.go 4.1 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. package cert
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 

  6. 	"github.com/stretchr/testify/assert"
    7. 

  7. 	"golang.org/x/crypto/argon2"
    8. 

  8. )
    9. 

  9. 

  10. func TestNewArgon2Parameters(t *testing.T) {
    11. 

  11. 	p := NewArgon2Parameters(64*1024, 4, 3)
    12. 

  12. 	assert.EqualValues(t, &Argon2Parameters{
    13. 

  13. 		version:     argon2.Version,
    14. 

  14. 		Memory:      64 * 1024,
    15. 

  15. 		Parallelism: 4,
    16. 

  16. 		Iterations:  3,
    17. 

  17. 	}, p)
    18. 

  18. 	p = NewArgon2Parameters(2*1024*1024, 2, 1)
    19. 

  19. 	assert.EqualValues(t, &Argon2Parameters{
    20. 

  20. 		version:     argon2.Version,
    21. 

  21. 		Memory:      2 * 1024 * 1024,
    22. 

  22. 		Parallelism: 2,
    23. 

  23. 		Iterations:  1,
    24. 

  24. 	}, p)
    25. 

  25. }
    26. 

  26. 

  27. func TestDecryptAndUnmarshalSigningPrivateKey(t *testing.T) {
    28. 

  28. 	passphrase := []byte("DO NOT USE THIS KEY")
    29. 

  29. 	privKey := []byte(`# A good key
    30. 

  30. -----BEGIN NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    31. 

  31. CjwKC0FFUy0yNTYtR0NNEi0IExCAgIABGAEgBCognnjujd67Vsv99p22wfAjQaDT
    32. 

  32. oCMW1mdjkU3gACKNW4MSXOWR9Sts4C81yk1RUku2gvGKs3TB9LYoklLsIizSYOLl
    33. 

  33. +Vs//O1T0I1Xbml2XBAROsb/VSoDln/6LMqR4B6fn6B3GOsLBBqRI8daDl9lRMPB
    34. 

  34. qrlJ69wer3ZUHFXA
    35. 

  35. -----END NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    36. 

  36. `)
    37. 

  37. 	shortKey := []byte(`# A key which, once decrypted, is too short
    38. 

  38. -----BEGIN NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    39. 

  39. CjwKC0FFUy0yNTYtR0NNEi0IExCAgIABGAEgBCoga5h8owMEBWRSMMJKzuUvWce7
    40. 

  40. k0qlBkQmCxiuLh80MuASW70YcKt8jeEIS2axo2V6zAKA9TSMcCsJW1kDDXEtL/xe
    41. 

  41. GLF5T7sDl5COp4LU3pGxpV+KoeQ/S3gQCAAcnaOtnJQX+aSDnbO3jCHyP7U9CHbs
    42. 

  42. rQr3bdH3Oy/WiYU=
    43. 

  43. -----END NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    44. 

  44. `)
    45. 

  45. 	invalidBanner := []byte(`# Invalid banner (not encrypted)
    46. 

  46. -----BEGIN NEBULA ED25519 PRIVATE KEY-----
    47. 

  47. bWRp2CTVFhW9HD/qCd28ltDgK3w8VXSeaEYczDWos8sMUBqDb9jP3+NYwcS4lURG
    48. 

  48. XgLvodMXZJuaFPssp+WwtA==
    49. 

  49. -----END NEBULA ED25519 PRIVATE KEY-----
    50. 

  50. `)
    51. 

  51. 	invalidPem := []byte(`# Not a valid PEM format
    52. 

  52. -BEGIN NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    53. 

  53. CjwKC0FFUy0yNTYtR0NNEi0IExCAgIABGAEgBCognnjujd67Vsv99p22wfAjQaDT
    54. 

  54. oCMW1mdjkU3gACKNW4MSXOWR9Sts4C81yk1RUku2gvGKs3TB9LYoklLsIizSYOLl
    55. 

  55. +Vs//O1T0I1Xbml2XBAROsb/VSoDln/6LMqR4B6fn6B3GOsLBBqRI8daDl9lRMPB
    56. 

  56. qrlJ69wer3ZUHFXA
    57. 

  57. -END NEBULA ED25519 ENCRYPTED PRIVATE KEY-----
    58. 

  58. `)
    59. 

  59. 

  60. 	keyBundle := appendByteSlices(privKey, shortKey, invalidBanner, invalidPem)
    61. 

  61. 

  62. 	// Success test case
    63. 

  63. 	curve, k, rest, err := DecryptAndUnmarshalSigningPrivateKey(passphrase, keyBundle)
    64. 

  64. 	assert.Nil(t, err)
    65. 

  65. 	assert.Equal(t, Curve_CURVE25519, curve)
    66. 

  66. 	assert.Len(t, k, 64)
    67. 

  67. 	assert.Equal(t, rest, appendByteSlices(shortKey, invalidBanner, invalidPem))
    68. 

  68. 

  69. 	// Fail due to short key
    70. 

  70. 	curve, k, rest, err = DecryptAndUnmarshalSigningPrivateKey(passphrase, rest)
    71. 

  71. 	assert.EqualError(t, err, "key was not 64 bytes, is invalid ed25519 private key")
    72. 

  72. 	assert.Nil(t, k)
    73. 

  73. 	assert.Equal(t, rest, appendByteSlices(invalidBanner, invalidPem))
    74. 

  74. 

  75. 	// Fail due to invalid banner
    76. 

  76. 	curve, k, rest, err = DecryptAndUnmarshalSigningPrivateKey(passphrase, rest)
    77. 

  77. 	assert.EqualError(t, err, "bytes did not contain a proper nebula encrypted Ed25519/ECDSA private key banner")
    78. 

  78. 	assert.Nil(t, k)
    79. 

  79. 	assert.Equal(t, rest, invalidPem)
    80. 

  80. 

  81. 	// Fail due to ivalid PEM format, because
    82. 

  82. 	// it's missing the requisite pre-encapsulation boundary.
    83. 

  83. 	curve, k, rest, err = DecryptAndUnmarshalSigningPrivateKey(passphrase, rest)
    84. 

  84. 	assert.EqualError(t, err, "input did not contain a valid PEM encoded block")
    85. 

  85. 	assert.Nil(t, k)
    86. 

  86. 	assert.Equal(t, rest, invalidPem)
    87. 

  87. 

  88. 	// Fail due to invalid passphrase
    89. 

  89. 	curve, k, rest, err = DecryptAndUnmarshalSigningPrivateKey([]byte("invalid passphrase"), privKey)
    90. 

  90. 	assert.EqualError(t, err, "invalid passphrase or corrupt private key")
    91. 

  91. 	assert.Nil(t, k)
    92. 

  92. 	assert.Equal(t, rest, []byte{})
    93. 

  93. }
    94. 

  94. 

  95. func TestEncryptAndMarshalSigningPrivateKey(t *testing.T) {
    96. 

  96. 	// Having proved that decryption works correctly above, we can test the
    97. 

  97. 	// encryption function produces a value which can be decrypted
    98. 

  98. 	passphrase := []byte("passphrase")
    99. 

  99. 	bytes := []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
    100. 

  100. 	kdfParams := NewArgon2Parameters(64*1024, 4, 3)
    101. 

  101. 	key, err := EncryptAndMarshalSigningPrivateKey(Curve_CURVE25519, bytes, passphrase, kdfParams)
    102. 

  102. 	assert.Nil(t, err)
    103. 

  103. 

  104. 	// Verify the "key" can be decrypted successfully
    105. 

  105. 	curve, k, rest, err := DecryptAndUnmarshalSigningPrivateKey(passphrase, key)
    106. 

  106. 	assert.Len(t, k, 64)
    107. 

  107. 	assert.Equal(t, Curve_CURVE25519, curve)
    108. 

  108. 	assert.Equal(t, rest, []byte{})
    109. 

  109. 	assert.Nil(t, err)
    110. 

  110. 

  111. 	// EncryptAndMarshalEd25519PrivateKey does not create any errors itself
    112. 

  112. }
    113.