Beispiel #1
0
func TestReflection(t *testing.T) {
	alice := "*****@*****.**"
	aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bob := "*****@*****.**"
	bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	var encMsg bytes.Buffer
	aliceKeyStore := memstore.New()
	aliceKeyStore.AddPublicKeyEntry(bob, bobUID.PubKey()) // duplicate key
	encryptArgs := &EncryptArgs{
		Writer: &encMsg,
		From:   aliceUID,
		To:     bobUID,
		SenderLastKeychainHash: hashchain.TestEntry,
		Reader:                 bytes.NewBufferString(msgs.Message1),
		Rand:                   cipher.RandReader,
		KeyStore:               aliceKeyStore,
	}
	if _, err = Encrypt(encryptArgs); err != ErrReflection {
		t.Error("should fail with ErrReflection")
	}
}
Beispiel #2
0
func encrypt(sign bool, flipUIDs bool) (
	sender, recipient *uid.Message,
	w bytes.Buffer,
	recipientTemp *uid.KeyEntry,
	privateKey string,
	err error,
) {
	sender, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		return
	}
	recipient, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		return
	}
	if flipUIDs {
		sender, recipient = recipient, sender
	}
	r := bytes.NewBufferString(msgs.Message1)
	now := uint64(times.Now())
	recipientKI, _, privateKey, err := recipient.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		return
	}
	recipientTemp, err = recipientKI.KeyEntryECDHE25519(recipient.SigPubKey())
	if err != nil {
		return
	}
	// encrypt
	var privateSigKey *[64]byte
	if sign {
		privateSigKey = sender.PrivateSigKey64()
	}
	ms := memstore.New()
	ms.AddPublicKeyEntry(recipient.Identity(), recipientTemp)
	args := &EncryptArgs{
		Writer: &w,
		From:   sender,
		To:     recipient,
		SenderLastKeychainHash: hashchain.TestEntry,
		PrivateSigKey:          privateSigKey,
		Reader:                 r,
		Rand:                   cipher.RandReader,
		KeyStore:               ms,
	}
	if _, err = Encrypt(args); err != nil {
		return
	}
	return
}
Beispiel #3
0
func TestPublicKeyInit(t *testing.T) {
	tmpdir, keyDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer keyDB.Close()
	msg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	now := uint64(times.Now())
	ki, _, _, err := msg.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	if err := keyDB.AddPublicKeyInit(ki); err != nil {
		t.Fatal(err)
	}
	rKI, err := keyDB.GetPublicKeyInit(ki.SigKeyHash())
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(rKI.JSON(), ki.JSON()) {
		t.Error("KeyInits differ")
	}
}
Beispiel #4
0
func TestPrivateKeyInit(t *testing.T) {
	tmpdir, keyDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer keyDB.Close()
	msg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	now := uint64(times.Now())
	ki, pubKeyHash, privateKey, err := msg.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	err = keyDB.AddPrivateKeyInit(ki, pubKeyHash, msg.SigPubKey(), privateKey,
		"/63l/c3XB5yimoGKv6GS9TjuiM3PKVH/H/dlhnQixeIRsFRkWRl8fjXmKyQl5bk4N7DjkBPg/1GQVndhG+HWAg==")
	if err != nil {
		t.Fatal(err)
	}
	rKI, rSigPubKey, rPrivKey, err := keyDB.GetPrivateKeyInit(pubKeyHash)
	if !bytes.Equal(rKI.JSON(), ki.JSON()) {
		t.Error("KeyInits differ")
	}
	if rSigPubKey != msg.SigPubKey() {
		t.Error("SigPubKeys differ")
	}
	if rPrivKey != privateKey {
		t.Error("PrivKeys differ")
	}
}
Beispiel #5
0
func TestKeyEntry(t *testing.T) {
	ms := New()
	uidMsg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	now := uint64(times.Now())
	ki, _, _, err := uidMsg.KeyInit(1, now+times.Day, now-times.Day, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	ke, err := ki.KeyEntryECDHE25519(uidMsg.SigPubKey())
	if err != nil {
		t.Fatal(err)
	}
	// private
	ms.AddPrivateKeyEntry(ke)
	entry, err := ms.GetPrivateKeyEntry(ke.HASH)
	if err != nil {
		t.Error(err)
	} else if entry != ke {
		t.Error("entry != ke")
	}
	if _, err := ms.GetPrivateKeyEntry("MUTE"); err == nil {
		t.Error("should fail")
	}
	// public
	ms.AddPublicKeyEntry(uidMsg.Identity(), ke)
	entry, _, err = ms.GetPublicKeyEntry(uidMsg)
	if err != nil {
		t.Error(err)
	} else if entry != ke {
		t.Error("entry != ke")
	}
	uidMsg, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	if _, _, err := ms.GetPublicKeyEntry(uidMsg); err != session.ErrNoKeyEntry {
		t.Error("should fail with session.ErrNoKeyEntry")
	}
}
Beispiel #6
0
func TestPublicUID(t *testing.T) {
	tmpdir, keyDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer keyDB.Close()
	a1, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	a2, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	if err := keyDB.AddPublicUID(a1, 10); err != nil {
		t.Fatal(err)
	}
	if err := keyDB.AddPublicUID(a2, 20); err != nil {
		t.Fatal(err)
	}
	var pos uint64
	var rA1 *uid.Message
	rA1, pos, _, err = keyDB.GetPublicUID("*****@*****.**", 10)
	if !bytes.Equal(rA1.JSON(), a1.JSON()) {
		t.Error("UID messages differ")
	}
	if pos != 10 {
		t.Error("a1 position should be 10")
	}
	var rA2 *uid.Message
	rA2, pos, _, err = keyDB.GetPublicUID("*****@*****.**", 30)
	if !bytes.Equal(rA2.JSON(), a2.JSON()) {
		t.Error("UID messages differ")
	}
	if pos != 20 {
		t.Error("a2 position should be 20")
	}
}
Beispiel #7
0
// generate a new nym and store it in keydb.
func (ce *CryptEngine) generate(
	pseudonym string,
	keyserver bool,
	outputfp *os.File,
) error {
	// map pseudonym
	id, domain, err := identity.MapPlus(pseudonym)
	if err != nil {
		return err
	}
	// create new UID
	// TODO: allow different PFS preferences
	var lastEntry string
	if !keyserver {
		// no lastEntry, because this will be the first entry in hashchain
		lastEntry, err = ce.keyDB.GetLastHashChainEntry(domain)
		if err != nil {
			return err
		}
	}
	uid, err := uid.Create(id, false, "", "", uid.Strict, lastEntry,
		cipher.RandReader)
	if err != nil {
		return err
	}
	if !keyserver {
		// store UID in keyDB
		if err := ce.keyDB.AddPrivateUID(uid); err != nil {
			return err
		}
	} else {
		// a private key for the keyserver is not stored in the keyDB
		var out bytes.Buffer
		if err := json.Indent(&out, []byte(uid.JSON()), "", "  "); err != nil {
			return err
		}
		fmt.Fprintln(outputfp, out.String())
		if keyserver {
			fmt.Fprintf(outputfp, "{\"PRIVSIGKEY\": %q}\n", uid.PrivateSigKey())
		}
	}
	log.Infof("nym '%s' generated successfully", id)
	return nil
}
Beispiel #8
0
func TestUIDMessage(t *testing.T) {
	id := strings.Repeat("lp", 32) + "@" + strings.Repeat("x", 185) + ".one"
	uid, err := uid.Create(id, true, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	uid, err = uid.Update(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// in JSON integers have a variable width, set them to maximum value
	uid.UIDContent.MSGCOUNT = 18446744073709551615
	uid.UIDContent.NOTAFTER = 18446744073709551615
	uid.UIDContent.NOTBEFORE = 18446744073709551615
	if len(uid.JSON()) != MaxUIDMessage {
		t.Error("len(uid.JSON()) != MaxUIDMessage")
	}
}
Beispiel #9
0
func TestEncrypteHeaderSizeAndPadding(t *testing.T) {
	t.Parallel()
	// setup UIDs and stuff
	aliceUID, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	now := uint64(times.Now())
	aliceKI, _, _, err := aliceUID.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	aliceKE, err := aliceKI.KeyEntryECDHE25519(aliceUID.SigPubKey())
	if err != nil {
		t.Fatal(err)
	}
	bobUID, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bobKI, _, _, err := bobUID.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bobKE, err := bobKI.KeyEntryECDHE25519(bobUID.SigPubKey())
	if err != nil {
		t.Fatal(err)
	}

	// create unencrypted header
	h, err := newHeader(aliceUID, bobUID, bobKE.HASH, aliceKE, nil, nil, "", 0, 0,
		hashchain.TestEntry, cipher.RandReader, StatusOK)
	if err != nil {
		t.Fatal(err)
	}

	// create sender key
	senderHeaderKey, err := cipher.Curve25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}

	// create (encrypted) header packet
	recipientIdentityPub, err := bobUID.PublicKey()
	if err != nil {
		t.Fatal(err)
	}
	hp, err := newHeaderPacket(h, recipientIdentityPub,
		senderHeaderKey.PrivateKey(), cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}

	// write (encrypted) header packet
	var buf bytes.Buffer
	if err := hp.write(&buf); err != nil {
		t.Fatal(err)
	}
	oh := newOuterHeader(encryptedHeader, 1, buf.Bytes())
	if oh.size() != encryptedHeaderSize {
		t.Errorf("oh.size() = %d != %d", oh.size(), encryptedHeaderSize)
	}
}
Beispiel #10
0
func TestMaxMessageLength(t *testing.T) {
	alice := "*****@*****.**"
	aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bob := "*****@*****.**"
	bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	now := uint64(times.Now())
	bobKI, _, privateKey, err := bobUID.KeyInit(1, now+times.Day, now-times.Day,
		false, "mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bobKE, err := bobKI.KeyEntryECDHE25519(bobUID.SigPubKey())
	if err != nil {
		t.Fatal(err)
	}
	// create large message
	message, err := padding.Generate(MaxContentLength, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// encrypt message from Alice to Bob
	var encMsg bytes.Buffer
	aliceKeyStore := memstore.New()
	aliceKeyStore.AddPublicKeyEntry(bob, bobKE)
	encryptArgs := &EncryptArgs{
		Writer: &encMsg,
		From:   aliceUID,
		To:     bobUID,
		SenderLastKeychainHash: hashchain.TestEntry,
		PrivateSigKey:          aliceUID.PrivateSigKey64(),
		Reader:                 bytes.NewBuffer(message),
		Rand:                   cipher.RandReader,
		KeyStore:               aliceKeyStore,
	}
	if _, err = Encrypt(encryptArgs); err != nil {
		t.Fatal(err)
	}
	// decrypt message from Alice to Bob
	var res bytes.Buffer
	bobIdentities := []*uid.Message{bobUID}
	input := base64.NewDecoder(&encMsg)
	version, preHeader, err := ReadFirstOuterHeader(input)
	if err != nil {
		t.Fatal(err)
	}
	if version != Version {
		t.Fatal("wrong version")
	}
	bobKeyStore := memstore.New()
	if err := bobKE.SetPrivateKey(privateKey); err != nil {
		t.Fatal(err)
	}
	bobKeyStore.AddPrivateKeyEntry(bobKE)
	decryptArgs := &DecryptArgs{
		Writer:     &res,
		Identities: bobIdentities,
		PreHeader:  preHeader,
		Reader:     input,
		Rand:       cipher.RandReader,
		KeyStore:   bobKeyStore,
	}
	_, _, err = Decrypt(decryptArgs)
	if err != nil {
		t.Fatal(err)
	}
	if res.String() != string(message) {
		t.Fatal("messages differ")
	}
}
Beispiel #11
0
func TestPrivateUID(t *testing.T) {
	tmpdir, keyDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer keyDB.Close()
	alice, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	bob, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}

	if err := keyDB.AddPrivateUID(alice); err != nil {
		t.Fatal(err)
	}
	if err := keyDB.AddPrivateUID(bob); err != nil {
		t.Fatal(err)
	}

	identities, err := keyDB.GetPrivateIdentities()
	if err != nil {
		t.Fatal(err)
	}
	if len(identities) != 2 {
		t.Error("wrong number of identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("alice missing from identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("bob missing from identities")
	}

	identities, err = keyDB.GetPrivateIdentitiesForDomain("mute.berlin")
	if err != nil {
		t.Fatal(err)
	}
	if len(identities) != 1 {
		t.Error("wrong number of identities")
	}
	if !util.ContainsString(identities, "*****@*****.**") {
		t.Error("alice missing from identities")
	}

	a, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
	if err != nil {
		t.Fatal(err)
	}
	b, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
	if err != nil {
		t.Fatal(err)
	}
	if a.PrivateEncKey() != alice.PrivateEncKey() {
		t.Error("PrivateEncKeys differ")
	}
	if a.PrivateSigKey() != alice.PrivateSigKey() {
		t.Error("PrivateSigKeys differ")
	}
	if b.SigPubKey() != bob.SigPubKey() {
		t.Error("SigPubKeys differ")
	}

	key, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// encrypt
	_, _, UIDMessageEncrypted := alice.Encrypt()
	// create reply
	reply := uid.CreateReply(UIDMessageEncrypted, "", 0, key)
	if err := keyDB.AddPrivateUIDReply(alice, reply); err != nil {
		t.Fatal(err)
	}

	if err := keyDB.DelPrivateUID(alice); err != nil {
		t.Fatal(err)
	}
	_, _, err = keyDB.GetPrivateUID("*****@*****.**", false)
	if err == nil {
		t.Error("should fail")
	}
}