Beispiel #1
0
				Expect(keyLabel).To(Equal("expected-key"))
			})
		})

		Context("when the encryption key label key does not exist", func() {
			It("returns a ErrResourceNotFound", func() {
				keyLabel, err := etcdDB.EncryptionKeyLabel(logger)
				Expect(err).To(MatchError(models.ErrResourceNotFound))
				Expect(keyLabel).To(Equal(""))
			})
		})
	})

	makeCryptor := func(activeLabel string, decryptionLabels ...string) encryption.Cryptor {
		activeKey, err := encryption.NewKey(activeLabel, fmt.Sprintf("%s-passphrase", activeLabel))
		Expect(err).NotTo(HaveOccurred())

		decryptionKeys := []encryption.Key{}
		for _, label := range decryptionLabels {
			key, err := encryption.NewKey(label, fmt.Sprintf("%s-passphrase", label))
			Expect(err).NotTo(HaveOccurred())
			decryptionKeys = append(decryptionKeys, key)
		}
		if len(decryptionKeys) == 0 {
			decryptionKeys = nil
		}

		keyManager, err := encryption.NewKeyManager(activeKey, decryptionKeys)
		Expect(err).NotTo(HaveOccurred())
		return encryption.NewCryptor(keyManager, rand.Reader)
Beispiel #2
0
	etcdRunner = etcdstorerunner.NewETCDClusterRunner(etcdPort, 1, nil)

	consulRunner = consulrunner.NewClusterRunner(
		9001+config.GinkgoConfig.ParallelNode*consulrunner.PortOffsetLength,
		1,
		"http",
	)

	consulRunner.Start()
	consulRunner.WaitUntilReady()

	etcdRunner.Start()

	Expect(workPoolCreateError).ToNot(HaveOccurred())

	encryptionKey, err := encryption.NewKey("label", "passphrase")
	Expect(err).NotTo(HaveOccurred())
	keyManager, err := encryption.NewKeyManager(encryptionKey, nil)
	Expect(err).NotTo(HaveOccurred())
	cryptor = encryption.NewCryptor(keyManager, rand.Reader)
})

var _ = AfterSuite(func() {
	etcdRunner.Stop()
	consulRunner.Stop()
})

var _ = BeforeEach(func() {
	logger = lagertest.NewTestLogger("test")

	fakeAuctioneerClient = new(auctioneerfakes.FakeClient)
Beispiel #3
0
)

var _ = Describe("Key", func() {
	Describe("NewKey", func() {
		It("generates a 256 bit key from a string that can be used as aes keys", func() {
			phrases := []string{
				"",
				"a",
				"a short phrase",
				"12345678901234567890123456789012",
				"1234567890123456789012345678901234567890123456789012345678901234567890",
			}

			for i, phrase := range phrases {
				label := fmt.Sprintf("%d", i)
				key, err := encryption.NewKey(label, phrase)
				Expect(err).NotTo(HaveOccurred())
				Expect(key.Label()).To(Equal(label))
				Expect(key.Block().BlockSize()).To(Equal(aes.BlockSize))

				phraseHash := sha256.Sum256([]byte(phrase))
				block, err := aes.NewCipher(phraseHash[:])
				Expect(err).NotTo(HaveOccurred())
				Expect(key.Block()).To(Equal(block))
			}
		})

		Context("when a key label is not specified", func() {
			It("returns a meaningful error", func() {
				_, err := encryption.NewKey("", "phrase")
				Expect(err).To(MatchError("A key label is required"))
Beispiel #4
0
		sender *fake.FakeMetricSender
	)

	BeforeEach(func() {
		sender = fake.NewFakeMetricSender()
		metrics.Initialize(sender, nil)

		runErrChan = make(chan error, 1)
		ready = make(chan struct{})
		signals = make(chan os.Signal)

		fakeDB = new(dbfakes.FakeEncryptionDB)

		logger = lagertest.NewTestLogger("test")

		oldKey, err := encryption.NewKey("old-key", "old-passphrase")
		encryptionKey, err := encryption.NewKey("label", "passphrase")
		Expect(err).NotTo(HaveOccurred())
		keyManager, err = encryption.NewKeyManager(encryptionKey, []encryption.Key{oldKey})
		Expect(err).NotTo(HaveOccurred())
		cryptor = encryption.NewCryptor(keyManager, rand.Reader)

		fakeDB.EncryptionKeyLabelReturns("", models.ErrResourceNotFound)
	})

	JustBeforeEach(func() {
		runner = encryptor.New(logger, fakeDB, keyManager, cryptor, clock.NewClock())
		encryptorProcess = ifrit.Background(runner)
	})

	AfterEach(func() {
Beispiel #5
0
			Expect(err).NotTo(HaveOccurred())
		})

		Context("when provided a single encryption key", func() {
			BeforeEach(func() {
				bbsArgs.ActiveKeyLabel = "label"
				bbsArgs.EncryptionKeys = []string{"label:some phrase"}
			})

			It("writes the value as base64 encoded encrypted protobufs with metadata", func() {
				res, err := etcdClient.Get(etcddb.TaskSchemaPathByGuid(task.TaskGuid), false, false)
				Expect(err).NotTo(HaveOccurred())

				var decodedTask models.Task

				encryptionKey, err := encryption.NewKey("label", "some phrase")
				Expect(err).NotTo(HaveOccurred())
				keyManager, err := encryption.NewKeyManager(encryptionKey, nil)
				Expect(err).NotTo(HaveOccurred())
				cryptor := encryption.NewCryptor(keyManager, rand.Reader)
				serializer := format.NewSerializer(cryptor)

				encoding := res.Node.Value[:format.EnvelopeOffset]
				Expect(format.Encoding{encoding[0], encoding[1]}).To(Equal(format.BASE64_ENCRYPTED))
				err = serializer.Unmarshal(logger, []byte(res.Node.Value), &decodedTask)
				Expect(err).NotTo(HaveOccurred())

				Expect(task.TaskGuid).To(Equal(decodedTask.TaskGuid))
			})

		})
Beispiel #6
0
	"github.com/cloudfoundry-incubator/bbs/encryption"
	encryption_fakes "github.com/cloudfoundry-incubator/bbs/encryption/fakes"
	"github.com/cloudfoundry-incubator/bbs/format"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

var _ = Describe("Encoding", func() {
	var encoder format.Encoder
	var prng io.Reader
	var cryptor encryption.Cryptor

	BeforeEach(func() {
		key, err := encryption.NewKey("label", "some pass phrase")
		Expect(err).NotTo(HaveOccurred())

		keyManager, err := encryption.NewKeyManager(key, nil)
		Expect(err).NotTo(HaveOccurred())

		prng = &zeroReader{}
		cryptor = encryption.NewCryptor(keyManager, prng)
	})

	JustBeforeEach(func() {
		encoder = format.NewEncoder(cryptor)
	})

	Describe("Encode", func() {
		Describe("LEGACY_UNENCODED", func() {
Beispiel #7
0
	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

var _ = Describe("KeyManager", func() {
	var (
		encryptionKey  encryption.Key
		decryptionKeys []encryption.Key
		manager        encryption.KeyManager
		cerr           error
	)

	BeforeEach(func() {
		var err error
		encryptionKey, err = encryption.NewKey("key label", "pass phrase")
		Expect(err).NotTo(HaveOccurred())
		decryptionKeys = []encryption.Key{}
		cerr = nil
	})

	JustBeforeEach(func() {
		manager, cerr = encryption.NewKeyManager(encryptionKey, decryptionKeys)
	})

	It("stores the correct encryption key", func() {
		Expect(cerr).NotTo(HaveOccurred())
		Expect(manager.EncryptionKey()).To(Equal(encryptionKey))
	})

	It("adds the encryption key as a decryption key", func() {