. "github.com/onsi/gomega" ) var _ = Describe("Base 64 Protobuf Encode Migration", func() { var ( migration migration.Migration serializer format.Serializer cryptor encryption.Cryptor logger *lagertest.TestLogger ) BeforeEach(func() { logger = lagertest.NewTestLogger("test") encryptionKey, err := encryption.NewKey("label", "passphrase") Expect(err).NotTo(HaveOccurred()) keyManager, err := encryption.NewKeyManager(encryptionKey, nil) Expect(err).NotTo(HaveOccurred()) cryptor = encryption.NewCryptor(keyManager, rand.Reader) serializer = format.NewSerializer(cryptor) migration = migrations.NewBase64ProtobufEncode() }) It("appends itself to the migration list", func() { Expect(migrations.Migrations).To(ContainElement(migration)) }) Describe("Version", func() { It("returns the timestamp from which it was created", func() { Expect(migration.Version()).To(BeEquivalentTo(1441411196))
Expect(keyLabel).To(Equal("expected-key")) }) }) Context("when the encryption key label key does not exist", func() { It("returns a ErrResourceNotFound", func() { keyLabel, err := etcdDB.EncryptionKeyLabel(logger) Expect(err).To(MatchError(models.ErrResourceNotFound)) Expect(keyLabel).To(Equal("")) }) }) }) makeCryptor := func(activeLabel string, decryptionLabels ...string) encryption.Cryptor { activeKey, err := encryption.NewKey(activeLabel, fmt.Sprintf("%s-passphrase", activeLabel)) Expect(err).NotTo(HaveOccurred()) decryptionKeys := []encryption.Key{} for _, label := range decryptionLabels { key, err := encryption.NewKey(label, fmt.Sprintf("%s-passphrase", label)) Expect(err).NotTo(HaveOccurred()) decryptionKeys = append(decryptionKeys, key) } if len(decryptionKeys) == 0 { decryptionKeys = nil } keyManager, err := encryption.NewKeyManager(activeKey, decryptionKeys) Expect(err).NotTo(HaveOccurred()) return encryption.NewCryptor(keyManager, rand.Reader)
. "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("KeyManager", func() { var ( encryptionKey encryption.Key decryptionKeys []encryption.Key manager encryption.KeyManager cerr error ) BeforeEach(func() { var err error encryptionKey, err = encryption.NewKey("key label", "pass phrase") Expect(err).NotTo(HaveOccurred()) decryptionKeys = []encryption.Key{} cerr = nil }) JustBeforeEach(func() { manager, cerr = encryption.NewKeyManager(encryptionKey, decryptionKeys) }) It("stores the correct encryption key", func() { Expect(cerr).NotTo(HaveOccurred()) Expect(manager.EncryptionKey()).To(Equal(encryptionKey)) }) It("adds the encryption key as a decryption key", func() {
"code.cloudfoundry.org/bbs/encryption" "code.cloudfoundry.org/bbs/encryption/encryptionfakes" "code.cloudfoundry.org/bbs/format" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("Encoding", func() { var encoder format.Encoder var prng io.Reader var cryptor encryption.Cryptor BeforeEach(func() { key, err := encryption.NewKey("label", "some pass phrase") Expect(err).NotTo(HaveOccurred()) keyManager, err := encryption.NewKeyManager(key, nil) Expect(err).NotTo(HaveOccurred()) prng = &zeroReader{} cryptor = encryption.NewCryptor(keyManager, prng) }) JustBeforeEach(func() { encoder = format.NewEncoder(cryptor) }) Describe("Encode", func() { Describe("LEGACY_UNENCODED", func() {
keyManager encryption.KeyManager fakeDB *dbfakes.FakeEncryptionDB sender *fake.FakeMetricSender ) BeforeEach(func() { sender = fake.NewFakeMetricSender() metrics.Initialize(sender, nil) fakeDB = new(dbfakes.FakeEncryptionDB) logger = lagertest.NewTestLogger("test") oldKey, err := encryption.NewKey("old-key", "old-passphrase") encryptionKey, err := encryption.NewKey("label", "passphrase") Expect(err).NotTo(HaveOccurred()) keyManager, err = encryption.NewKeyManager(encryptionKey, []encryption.Key{oldKey}) Expect(err).NotTo(HaveOccurred()) cryptor = encryption.NewCryptor(keyManager, rand.Reader) fakeDB.EncryptionKeyLabelReturns("", models.ErrResourceNotFound) }) JustBeforeEach(func() { runner = encryptor.New(logger, fakeDB, keyManager, cryptor, clock.NewClock()) encryptorProcess = ifrit.Background(runner) }) AfterEach(func() {
) var _ = Describe("Key", func() { Describe("NewKey", func() { It("generates a 256 bit key from a string that can be used as aes keys", func() { phrases := []string{ "", "a", "a short phrase", "12345678901234567890123456789012", "1234567890123456789012345678901234567890123456789012345678901234567890", } for i, phrase := range phrases { label := fmt.Sprintf("%d", i) key, err := encryption.NewKey(label, phrase) Expect(err).NotTo(HaveOccurred()) Expect(key.Label()).To(Equal(label)) Expect(key.Block().BlockSize()).To(Equal(aes.BlockSize)) phraseHash := sha256.Sum256([]byte(phrase)) block, err := aes.NewCipher(phraseHash[:]) Expect(err).NotTo(HaveOccurred()) Expect(key.Block()).To(Equal(block)) } }) Context("when a key label is not specified", func() { It("returns a meaningful error", func() { _, err := encryption.NewKey("", "phrase") Expect(err).To(MatchError("A key label is required"))
} for _, m := range initialMigrations { m.SetRawSQLDB(rawSQLDB) m.SetDBFlavor(flavor) m.SetClock(fakeClock) err := m.Up(logger) Expect(err).NotTo(HaveOccurred()) } // Can't do this in the Describe BeforeEach // as the test on line 37 will cause ginkgo to panic mig.SetRawSQLDB(rawSQLDB) mig.SetDBFlavor(flavor) key, err := encryption.NewKey("a", "my key") Expect(err).NotTo(HaveOccurred()) keys := []encryption.Key{key} keyManager, err := encryption.NewKeyManager(key, keys) Expect(err).NotTo(HaveOccurred()) cryptor := encryption.NewCryptor(keyManager, rand.Reader) mig.SetCryptor(cryptor) routes = `{"cf-router":[{"hostnames":["dora.bosh-lite.com"],"port":8080}],"diego-ssh":{"container_port":2222,"host_fingerprint":"95:9d:7f:d7:cd:bc:d0:01:fa:8a:3a:a1:c6:ef:58:d7","private_key":"-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQDR/LGweyezjduoCGqmp2AR+5ggWxAT8ofEGt+PFQYY4Un/+xJ7\naeiAkk7GhHhJdL7UjuFU45XROiiZxKZhHGD1jKyG7CvaV47NVLvgqvPiY5jNjR2M\nCfnjpQ98QJ2Bv7usVfBiQP0cWK1bScchwZ1Y5At9ipyIztMqlOshKLRJPQIDAQAB\nAoGAdVtHp3081AG9OGzzxg4XCBXXkIW0N6G9NOFb/ihezvriE5krXCP1mB2svw/7\n9fm0STFNR9clvNhHJqEb53wnxzCpHMV+oH5Zg+5suQ5UsX3nof/c5PI5PK0jvIRI\nFe83ty3cu9UzYEJFVDSqJjx6SFoKBLXnxCzbVSskpkTZvlUCQQDxRcIlGLOE1lEZ\nORZuTd3TI/lg8NssEDL801PGdOIxchkiAzZz1RZW3M3SjY/PswuwiV1s4qkeHIPh\nlVeg4kS3AkEA3s4OAEl+gUtYGtLw2lSmEhgxNjK1x5EHzhuIulEla9iftbSy9Jpa\nPtzfHZ5ZxFdCnCvyukVW3KGVww40w921qwJBAN7DFo6jsNP8AKK2J7SuJhoUw+Iy\nX1nelwUBpP692j3m57eUmcj2vAp1EX/OfjI5UJitK1omKBkKIOW9uktrvh8CQBlq\ngAZgW+H76k0FCxyc02T1BYgdOMdPMAi+81Xts8sdpvpfZpqokOri30DNs4fGPH78\nNHAzQLliZWce074UKIkCQDbumNywkGzajAu+fTk+/Hts/o0g+btFS1oBDF5ztpJE\nGr9v4KGkJ//Nam2GucW1OY/JpgvZ3ITqj340wSqyyu4=\n-----END RSA PRIVATE KEY-----\n"},"tcp-router":[]` _, err = rawSQLDB.Exec( sqldb.RebindForFlavor( `INSERT INTO desired_lrps (process_guid, domain, placement_tags, log_guid, instances, memory_mb, disk_mb, rootfs, routes, volume_placement, modification_tag_epoch, run_info)