Beispiel #1
0
func (s *XLSuite) makeEntryData(c *C, rng *xr.PRNG, whichSHA int) (
	t int64, key, nodeID []byte, src, path string) {

	t = rng.Int63() // timestamp
	var length int
	switch whichSHA {
	case xu.USING_SHA1:
		length = xu.SHA1_BIN_LEN
	case xu.USING_SHA2:
		length = xu.SHA2_BIN_LEN
	case xu.USING_SHA3:
		length = xu.SHA3_BIN_LEN
		// XXX DEFAULT = ERROR
	}
	key = make([]byte, length)
	rng.NextBytes(key)

	nodeID = make([]byte, length)
	rng.NextBytes(nodeID)

	src = rng.NextFileName(32) // 32 is max len
	path = rng.NextFileName(32)
	for strings.Contains(path, ".") { // that crude fix
		path = rng.NextFileName(32)
	}
	return
}
Beispiel #2
0
func (s *XLSuite) doTestMDParser(c *C, rng *xr.PRNG, whichSHA int) {

	var tHash []byte
	switch whichSHA {
	case xu.USING_SHA1:
		tHash = make([]byte, xu.SHA1_BIN_LEN)
	case xu.USING_SHA2:
		tHash = make([]byte, xu.SHA2_BIN_LEN)
	case xu.USING_SHA3:
		tHash = make([]byte, xu.SHA3_BIN_LEN)
		// DEFAULT = ERROR
	}
	rng.NextBytes(tHash)               // not really a hash, of course
	sHash := hex.EncodeToString(tHash) // string form of tHash

	withoutSlash := rng.NextFileName(8)
	dirName := withoutSlash + "/"

	length := rng.Intn(4)
	var rSpaces string
	for i := 0; i < length; i++ {
		rSpaces += " " // on the right
	}

	// TEST FIRST LINE PARSER -----------------------------
	line := sHash + " " + dirName + rSpaces

	treeHash2, dirName2, err := ParseMerkleDocFirstLine(line)
	c.Assert(err, IsNil)
	c.Assert(bytes.Equal(treeHash2, tHash), Equals, true)
	// we retain the terminating slash in MerkleDoc first lines
	c.Assert(dirName2, Equals, dirName)
}
Beispiel #3
0
// Create an AES IV and key and an 8-byte salt, then encrypt these and
// the proposed protocol version using the server's comms public key.
func ClientEncryptHello(version1 uint32, ck *rsa.PublicKey, rng *xr.PRNG) (
	cOneShot *AesSession, ciphertext []byte, err error) {

	if rng == nil {
		rng = xr.MakeSystemRNG()
	}
	vBytes := make([]byte, 4)
	vBytes[0] = byte(version1)
	vBytes[1] = byte(version1 >> 8)
	vBytes[2] = byte(version1 >> 16)
	vBytes[3] = byte(version1 >> 24)

	// Generate 32-byte AES key, and 8-byte salt for the Hello
	salty := make([]byte, 2*aes.BlockSize+8+20)
	rng.NextBytes(salty)

	key1 := salty[:2*aes.BlockSize]
	// salt1 := salty[2*aes.BlockSize : 2*aes.BlockSize+8]
	oaep1 := salty[2*aes.BlockSize+8:]
	oaepSalt := bytes.NewBuffer(oaep1)

	sha := sha1.New()
	data := salty[:2*aes.BlockSize+8] // contains key1,salt1
	data = append(data, vBytes...)    // ... plus preferred protocol version

	ciphertext, err = rsa.EncryptOAEP(sha, oaepSalt, ck, data, nil)
	if err == nil {
		cOneShot, err = NewAesSession(key1, rng)
	}
	return
}
// Make a message (or reply) of up to 16 AES blocks in size and stuff
// it with random bytes.  Return the message with PKCS7-padded appended.
//
func (s *XLSuite) MakeAMsg(c *C, rng *xr.PRNG) (
	msg []byte, msgLen int) {

	msgLen = 2 + rng.Intn(16*aes.BlockSize-2)
	msg = make([]byte, msgLen)
	rng.NextBytes(msg)
	return
}
Beispiel #5
0
func makeNodeID(rng *xr.PRNG) (*xi.NodeID, error) {
	var buffer []byte
	// quasi-random choice, whether to use an SHA1 or SHA3 nodeID
	if rng.NextBoolean() {
		buffer = make([]byte, xu.SHA1_BIN_LEN)
	} else {
		buffer = make([]byte, xu.SHA3_BIN_LEN)
	}
	rng.NextBytes(buffer)
	return xi.NewNodeID(buffer)
}
Beispiel #6
0
func (s *XLSuite) makeANodeID(c *C, rng *xr.PRNG) (id *NodeID) {
	var length int
	if rng.NextBoolean() {
		length = xu.SHA1_BIN_LEN
	} else {
		length = xu.SHA2_BIN_LEN
	}
	data := make([]byte, length)
	rng.NextBytes(data)
	id, err := New(data)
	c.Assert(err, IsNil)
	return id
}
Beispiel #7
0
// Populate the K3 byte slices to be used for testing
func (muc *MockUpaxClient) createData(rng *xr.PRNG, K3, L1, L2 int) (
	err error) {

	muc.K3 = K3
	muc.L1 = L1
	muc.L2 = L2

	muc.data = make([][]byte, K3)
	for i := 0; i < K3; i++ {
		length := L1 + rng.Intn(L2-L1+1) // so L1..L2 inclusive
		muc.data[i] = make([]byte, length)
		rng.NextBytes(muc.data[i])
	}
	return
}
Beispiel #8
0
// PARSER TESTS =====================================================
func (s *XLSuite) doTestParser(c *C, rng *xr.PRNG, whichSHA int) {

	var tHash []byte
	switch whichSHA {
	case xu.USING_SHA1:
		tHash = make([]byte, xu.SHA1_BIN_LEN)
	case xu.USING_SHA2:
		tHash = make([]byte, xu.SHA2_BIN_LEN)
	case xu.USING_SHA3:
		tHash = make([]byte, xu.SHA3_BIN_LEN)
		// XXX DEFAULT = ERROR
	}
	rng.NextBytes(tHash)               // not really a hash, of course
	sHash := hex.EncodeToString(tHash) // string form of tHash

	dirName := rng.NextFileName(8) + "/"
	nameWithoutSlash := dirName[0 : len(dirName)-1]

	indent := rng.Intn(4)
	var lSpaces, rSpaces string
	for i := 0; i < indent; i++ {
		lSpaces += " " // on the left
		rSpaces += " " // on the right
	}

	// TEST FIRST LINE PARSER -----------------------------
	line := lSpaces + sHash + " " + dirName + rSpaces

	indent2, treeHash2, dirName2, err := ParseFirstLine(line, " ")
	c.Assert(err, IsNil)
	c.Assert(indent2, Equals, indent)
	c.Assert(bytes.Equal(treeHash2, tHash), Equals, true)
	c.Assert(dirName2, Equals, nameWithoutSlash)

	// TEST OTHER LINE PARSER -----------------------------
	yesIsDir := rng.NextBoolean()
	if yesIsDir {
		line = lSpaces + sHash + " " + dirName + rSpaces
	} else {
		line = lSpaces + sHash + " " + nameWithoutSlash + rSpaces
	}
	nodeDepth, nodeHash, nodeName, isDir, err := ParseOtherLine(line, " ")
	c.Assert(err, IsNil)
	c.Assert(nodeDepth, Equals, indent)
	c.Assert(bytes.Equal(nodeHash, tHash), Equals, true)
	c.Assert(nodeName, Equals, nameWithoutSlash)
	c.Assert(isDir, Equals, yesIsDir)
}
Beispiel #9
0
func (s *XLSuite) uniqueKeyMaker(c *C, rng *xr.PRNG, w, keyCount, keyLen uint) (
	rawKeys [][]byte, bKeys []BytesKey, hashcodes []uint64, values []interface{}) {

	maxCount := uint(1 << w)
	if keyCount > maxCount {
		msg := fmt.Sprintf(
			"too few bits in %d: cannot guarantee uniqueness of %d keys",
			w, keyCount)
		panic(msg)
	}
	flag := uint64(1 << w)
	mask := flag - 1

	rawKeys = make([][]byte, keyCount)
	bKeys = make([]BytesKey, keyCount)
	hashcodes = make([]uint64, keyCount)
	values = make([]interface{}, keyCount)

	ndxMap := make(map[uint64]bool)

	// Build keyCount rawKeys of length keyLen, using the masked hashcode to
	// guarantee uniqueness.
	for i := uint(0); i < keyCount; i++ {
		var hc uint64
		key := make([]byte, keyLen)
		for {
			rng.NextBytes(key) // fill with quasi-random values
			rawKeys[i] = key

			bKey, err := NewBytesKey(key)
			c.Assert(err, IsNil)
			c.Assert(bKey, NotNil)
			bKeys[i] = bKey

			hc = bKey.Hashcode()
			ndx := hc & mask
			_, ok := ndxMap[ndx]
			if !ok {
				ndxMap[ndx] = true
				break
			}
		}
		values[i] = &key
		hashcodes[i] = hc
	}
	return
}
Beispiel #10
0
func (s *XLSuite) checkOneMessage(c *C, rng *xr.PRNG, size int) {

	msg := make([]byte, size)
	rng.NextBytes(msg)
	iv := s.makeAESIV(rng)
	key := s.makeAESKey(rng)

	// padding ------------------------------------------------------
	padded, err := AddPKCS7Padding(msg, aes.BlockSize)
	c.Assert(err, IsNil)
	paddedLen := len(padded) // it's been padded to block size
	nBlocks := paddedLen / aes.BlockSize
	c.Assert(nBlocks*aes.BlockSize, Equals, paddedLen)

	// encryption ---------------------------------------------------
	cryptoLen := paddedLen
	ciphertext := make([]byte, cryptoLen)

	engineA, err := aes.NewCipher(key) // cipher.Block
	c.Assert(err, IsNil)
	encrypterA := cipher.NewCBCEncrypter(engineA, iv)
	encrypterA.CryptBlocks(ciphertext, padded) // dest <- src

	// decryption ---------------------------------------------------
	plaintext := make([]byte, paddedLen)
	engineB, err := aes.NewCipher(key) // cipher.Block
	c.Assert(err, IsNil)
	decrypterB := cipher.NewCBCDecrypter(engineB, iv)
	decrypterB.CryptBlocks(plaintext, ciphertext)          // dest <- src
	c.Assert(bytes.Equal(plaintext, padded), Equals, true) // FAILS XXX

	// unpadding ----------------------------------------------------
	reply, err := StripPKCS7Padding(plaintext, aes.BlockSize)
	c.Assert(err, IsNil)
	c.Assert(bytes.Equal(reply, msg), Equals, true)
}
func (s *XLSuite) doTestAesSession(c *C, rng *xr.PRNG) {

	// SESSION SETUP ================================================

	// A->B half circuit ----------------------------------
	keyAB := make([]byte, 2*aes.BlockSize)
	rng.NextBytes(keyAB)

	// set up A side of A->B half-circuit
	hAOut, err := NewAesSession(keyAB, rng)
	c.Assert(err, IsNil)
	c.Assert(hAOut.Engine, NotNil)

	// set up B side of A->B half-circuit
	hBIn, err := NewAesSession(keyAB, rng)
	c.Assert(err, IsNil)
	c.Assert(hBIn.Engine, NotNil)

	// B->A half circuit ----------------------------------
	keyBA := make([]byte, 2*aes.BlockSize)
	rng.NextBytes(keyBA)

	// set up B side of B->A half-circuit
	hBOut, err := NewAesSession(keyBA, rng)
	c.Assert(err, IsNil)
	c.Assert(hBOut.Engine, NotNil)

	// set up A side of B->A half-circuit
	hAIn, err := NewAesSession(keyBA, rng)
	c.Assert(err, IsNil)
	c.Assert(hAIn.Engine, NotNil)

	// for N messages initiated by A
	N := 4
	for n := 0; n < N; n++ {
		// A create a random-ish message ----------------------------
		msg, msgSize := s.MakeAMsg(c, rng)

		// encrypt it, yielding abCiphertext, which is prefixed with the IV
		abCiphertext, err := hAOut.Encrypt(msg)
		c.Assert(err, IsNil)
		ivA := abCiphertext[0:aes.BlockSize]

		//   B decrypts msg -----------------------------------------
		unpaddedMsg, err := hBIn.Decrypt(abCiphertext)
		c.Assert(err, IsNil)
		ivAb := abCiphertext[0:aes.BlockSize]
		c.Assert(ivAb, DeepEquals, ivA)

		c.Assert(len(unpaddedMsg), Equals, msgSize)
		c.Assert(unpaddedMsg, DeepEquals, msg)

		// B create a random-ish message ----------------------------
		reply, replySize := s.MakeAMsg(c, rng)

		// encrypt it, yielding baCiphertext, which is prefixed with the IV
		baCiphertext, err := hBOut.Encrypt(reply)
		c.Assert(err, IsNil)
		ivB := baCiphertext[0:aes.BlockSize]

		//   A decrypts reply -----------------------------------------
		unpaddedReply, err := hAIn.Decrypt(baCiphertext)
		c.Assert(err, IsNil)
		ivBb := baCiphertext[0:aes.BlockSize]
		c.Assert(ivBb, DeepEquals, ivB)

		c.Assert(len(unpaddedReply), Equals, replySize)
		c.Assert(unpaddedReply, DeepEquals, reply)
	}
}
Beispiel #12
0
func (s *XLSuite) makeAnID(c *C, rng *xr.PRNG) (id []byte) {
	id = make([]byte, xu.SHA1_BIN_LEN)
	rng.NextBytes(id)
	return
}
Beispiel #13
0
func (s *XLSuite) doTestRegexes(c *C, rng *xr.PRNG, whichSHA int) {
	t := rng.Int63()
	var length int
	switch whichSHA {
	case xu.USING_SHA1:
		length = xu.SHA1_BIN_LEN
	case xu.USING_SHA2:
		length = xu.SHA2_BIN_LEN
	case xu.USING_SHA3:
		length = xu.SHA3_BIN_LEN
		// XXX DEFAULT = ERROR
	}
	key := make([]byte, length)
	rng.NextBytes(key)
	hexKey := hex.EncodeToString(key)

	nodeID := make([]byte, length)
	rng.NextBytes(nodeID)
	hexNodeID := hex.EncodeToString(nodeID)

	src := rng.NextFileName(32) // 32 is max len
	path := rng.NextFileName(32)
	for strings.Contains(path, ".") { // XXX a crude fix
		path = rng.NextFileName(32)
	}

	expected := fmt.Sprintf("%d %s %s \"%s\" %s",
		t, hexKey, hexNodeID, src, path)

	switch whichSHA {
	case xu.USING_SHA1:
		c.Assert(bodyLine1RE.MatchString(expected), Equals, true)
		groups := bodyLine1RE.FindStringSubmatch(expected)
		c.Assert(groups, Not(IsNil))
		c.Assert(len(groups), Equals, 6) // 5 fields + match on all

		c.Assert(bodyLine3RE.MatchString(expected), Equals, false)

	case xu.USING_SHA2:
		c.Assert(bodyLine2RE.MatchString(expected), Equals, true)
		groups := bodyLine2RE.FindStringSubmatch(expected)
		c.Assert(groups, Not(IsNil))
		c.Assert(len(groups), Equals, 6) // 5 fields + match on all

		c.Assert(bodyLine1RE.MatchString(expected), Equals, false)

	case xu.USING_SHA3:
		// DEBUG
		if !bodyLine3RE.MatchString(expected) {
			fmt.Printf("DOESN'T MATCH PATTERN: %s\n", expected)
		}
		// END
		c.Assert(bodyLine3RE.MatchString(expected), Equals, true)
		groups := bodyLine3RE.FindStringSubmatch(expected)
		c.Assert(groups, Not(IsNil))
		c.Assert(len(groups), Equals, 6)

		c.Assert(bodyLine1RE.MatchString(expected), Equals, false)
		// XXX DEFAULT = ERROR
	}
}
Beispiel #14
0
func (s *XLSuite) makeAESKey(rng *xr.PRNG) (iv []byte) {
	iv = make([]byte, 2*aes.BlockSize)
	rng.NextBytes(iv)
	return
}
Beispiel #15
0
func (s *XLSuite) doKeyTests(c *C, node *Node, rng *xr.PRNG) {
	// COMMS KEY
	commsPubKey := node.GetCommsPublicKey()
	c.Assert(commsPubKey, Not(IsNil)) // NOT

	privCommsKey := node.GetCommsPrivateKey()
	c.Assert(privCommsKey.Validate(), IsNil)

	expLen := (*privCommsKey.D).BitLen()
	if VERBOSITY > 1 {
		fmt.Printf("bit length of comms private key exponent is %d\n", expLen)
	}
	// 2037 seen at least once
	c.Assert(true, Equals, (2036 <= expLen) && (expLen <= 2048))

	c.Assert(privCommsKey.PublicKey, Equals, *commsPubKey) // XXX FAILS

	// SIG KEY
	sigPubKey := node.GetSigPublicKey()
	c.Assert(sigPubKey, Not(IsNil)) // NOT

	privSigKey := node.GetSigPrivateKey()
	c.Assert(privSigKey.Validate(), IsNil)

	expLen = (*privSigKey.D).BitLen()
	if VERBOSITY > 1 {
		fmt.Printf("bit length of sig private key exponent is %d\n", expLen)
	}
	// lowest value seen as of 2013-07-16 was 2039
	c.Assert(true, Equals, (2036 <= expLen) && (expLen <= 2048))

	c.Assert(privSigKey.PublicKey, Equals, *sigPubKey) // FOO

	// sign /////////////////////////////////////////////////////////
	msgLen := 128
	msg := make([]byte, msgLen)
	rng.NextBytes(msg)

	d := sha1.New()
	d.Write(msg)
	hash := d.Sum(nil)

	sig, err := rsa.SignPKCS1v15(rand.Reader, node.skPriv, cr.SHA1, hash)
	c.Assert(err, IsNil)

	signer := node.getSigner()
	signer.Update(msg)
	sig2, err := signer.Sign() // XXX change interface to allow arg

	lenSig := len(sig)
	lenSig2 := len(sig2)
	c.Assert(lenSig, Equals, lenSig2)

	for i := 0; i < lenSig; i++ {
		c.Assert(sig[i], Equals, sig2[i])
	}

	// verify ///////////////////////////////////////////////////////
	err = rsa.VerifyPKCS1v15(sigPubKey, cr.SHA1, hash, sig)
	c.Assert(err, IsNil)

	// 2013-06-15, SigVerify now returns error, so nil means OK
	c.Assert(nil, Equals, xc.SigVerify(sigPubKey, msg, sig))

	s.nilArgCheck(c)
}