Beispiel #1
0
func TestKeyInitSuccess(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// success
	ki, _, _, err := msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	if err := ki.Check(); err != nil {
		t.Error(err)
	}
	// getter methods
	if ki.MsgCount() != ki.Contents.MSGCOUNT {
		t.Error("msgCount mismatch")
	}
	if ki.SigKeyHash() != ki.Contents.SIGKEYHASH {
		t.Error("sigKeyHash mismatch")
	}
	// JSON conversion
	jsn := ki.JSON()
	jsnKI, err := NewJSONKeyInit(jsn)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(jsn, jsnKI.JSON()) {
		t.Errorf("KeyInits differ")
	}
	// verify
	uris := make([]string, 1)
	uris[0] = "mute.berlin"
	if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != nil {
		t.Error(err)
	}
	// sign
	sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	sig := ki.Sign(sigKey)
	// verify signature
	pubKey := base64.Encode(sigKey.PublicKey()[:])
	if err := ki.VerifySrvSig(sig, pubKey); err != nil {
		t.Error(err)
	}
}
Beispiel #2
0
func TestVerifySrvSigfailure(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// success
	ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// sign
	sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	sig := ki.Sign(sigKey)
	pubKey := base64.Encode(sigKey.PublicKey()[:])
	// invalid signature
	if err := ki.VerifySrvSig("!", pubKey); err == nil {
		t.Error("should fail")
	}
	// invalid public key
	if err := ki.VerifySrvSig(sig, "!"); err == nil {
		t.Error("should fail")
	}
	// invalid signature
	var signature [ed25519.PrivateKeySize]byte
	if _, err := io.ReadFull(cipher.RandReader, signature[:]); err != nil {
		t.Fatal(err)
	}
	sig = base64.Encode(signature[:])
	if err := ki.VerifySrvSig(sig, pubKey); err == nil {
		t.Error("should fail")
	}
}
Beispiel #3
0
func TestUIDMessageReply(t *testing.T) {
	uid, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	key, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// encrypt
	UIDHash, UIDIndex, UIDMessageEncrypted := uid.Encrypt()
	// create reply
	UIDMessageReply := CreateReply(UIDMessageEncrypted, "", 0, key)
	reply := UIDMessageReply.JSON()
	// JSON encoding/decoding
	jsnReply, err := NewJSONReply(string(reply))
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(reply, jsnReply.JSON()) {
		t.Errorf("replies differ")
	}
	// decrypt
	idx, msg, err := UIDMessageReply.Decrypt(UIDHash)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(idx, UIDIndex) {
		t.Errorf("indices differ")
	}
	if !bytes.Equal(msg.JSON(), uid.JSON()) {
		t.Errorf("UIDs differ")
	}
	// wrong UIDHash
	hash := make([]byte, 32)
	if _, _, err := UIDMessageReply.Decrypt(hash); err == nil {
		t.Error("should fail")
	}
	// verify signature
	sigKey := base64.Encode(key.PublicKey()[:])
	if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err != nil {
		t.Error(err)
	}
	// corrupt encrypte message
	UIDMessageReply.ENTRY.UIDMESSAGEENCRYPTED = "!"
	if _, _, err := UIDMessageReply.Decrypt(UIDHash); err == nil {
		t.Error("should fail")
	}
	// corrupt signature
	sig := UIDMessageReply.SERVERSIGNATURE
	UIDMessageReply.SERVERSIGNATURE = "!"
	if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err == nil {
		t.Error("should fail")
	}
	// corrupt signature key
	UIDMessageReply.SERVERSIGNATURE = sig // restore signature
	if err := UIDMessageReply.VerifySrvSig(uid, "!"); err == nil {
		t.Error("should fail")
	}
	// invalid signature
	UIDMessageReply.SERVERSIGNATURE = ""
	if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err == nil {
		t.Error("should fail")
	}
}
Beispiel #4
0
func TestPrivateUID(t *testing.T) {
	tmpdir, keyDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer keyDB.Close()
	alice, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bob, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}

	if err := keyDB.AddPrivateUID(alice); err != nil {
		t.Fatal(err)
	}
	if err := keyDB.AddPrivateUID(bob); err != nil {
		t.Fatal(err)
	}

	identities, err := keyDB.GetPrivateIdentities()
	if err != nil {
		t.Fatal(err)
	}
	if len(identities) != 2 {
		t.Error("wrong number of identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("alice missing from identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("bob missing from identities")
	}

	identities, err = keyDB.GetPrivateIdentitiesForDomain("mute.berlin")
	if err != nil {
		t.Fatal(err)
	}
	if len(identities) != 1 {
		t.Error("wrong number of identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("alice missing from identities")
	}

	a, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
	if err != nil {
		t.Fatal(err)
	}
	b, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
	if err != nil {
		t.Fatal(err)
	}
	if a.PrivateEncKey() != alice.PrivateEncKey() {
		t.Error("PrivateEncKeys differ")
	}
	if a.PrivateSigKey() != alice.PrivateSigKey() {
		t.Error("PrivateSigKeys differ")
	}
	if b.SigPubKey() != bob.SigPubKey() {
		t.Error("SigPubKeys differ")
	}

	key, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// encrypt
	_, _, UIDMessageEncrypted := alice.Encrypt()
	// create reply
	reply := uid.CreateReply(UIDMessageEncrypted, "", 0, key)
	if err := keyDB.AddPrivateUIDReply(alice, reply); err != nil {
		t.Fatal(err)
	}

	if err := keyDB.DelPrivateUID(alice); err != nil {
		t.Fatal(err)
	}
	_, _, err = keyDB.GetPrivateUID("*****@*****.**", false)
	if err == nil {
		t.Error("should fail")
	}
}