// TestPGPDecryptSignedOther tests that a user who didn't sign the
// message can verify the signature.
func TestPGPDecryptSignedOther(t *testing.T) {
tcRecipient := SetupEngineTest(t, "PGPDecrypt - Recipient")
defer tcRecipient.Cleanup()
recipient := createFakeUserWithPGPSibkey(tcRecipient)
Logout(tcRecipient)
tcSigner := SetupEngineTest(t, "PGPDecrypt - Signer")
defer tcSigner.Cleanup()
signer := createFakeUserWithPGPSibkey(tcSigner)
// encrypt a message
msg := "We pride ourselves on being meticulous; no issue is too small."
ctx := decengctx(signer, tcSigner)
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{recipient.Username},
Source: strings.NewReader(msg),
Sink: sink,
BinaryOutput: true,
}
enc := NewPGPEncrypt(arg, tcSigner.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
t.Logf("encrypted data: %x", out)
// signer logs out, recipient logs in:
t.Logf("signer (%q) logging out", signer.Username)
Logout(tcSigner)
libkb.G = tcRecipient.G
// G = libkb.G
t.Logf("recipient (%q) logging in", recipient.Username)
recipient.LoginOrBust(tcRecipient)
rtrackUI := &FakeIdentifyUI{}
ctx = &Context{
IdentifyUI: rtrackUI,
SecretUI: recipient.NewSecretUI(),
LogUI: tcRecipient.G.UI.GetLogUI(),
PgpUI: &TestPgpUI{},
}
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
AssertSigned: true,
}
dec := NewPGPDecrypt(decarg, tcRecipient.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := string(decoded.Bytes())
if decmsg != msg {
t.Errorf("decoded: %q, expected: %q", decmsg, msg)
}
}
func TestPGPDecryptArmored(t *testing.T) {
tc := SetupEngineTest(t, "PGPDecrypt")
defer tc.Cleanup()
fu := createFakeUserWithPGPOnly(t, tc)
// encrypt a message
msg := "10 days in Japan"
ctx := decengctx(fu, tc)
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
NoSign: true,
}
enc := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
t.Logf("encrypted data: %x", out)
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
}
dec := NewPGPDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := string(decoded.Bytes())
if decmsg != msg {
t.Errorf("decoded: %q, expected: %q", decmsg, msg)
}
// A saltpack message
saltpack := `BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE.
ZUHRHckf9VJ6ich bKthcf8yieGqdWj H4gqRvnQEBYi4Lw JzZL5NnUd2ssiZ3 hReptn2rUJuGcna uAkp7yQGAaxVQyc oM2o7JykpRwsGbM fmF4r2Mj1aCAKd6 U316QFRCxkC4Uik JszTub0Mt1a1IRi wQNIl3ru791WSMK JRXkD0biElgMSIf Qk9B0j1vRHeLB11 Ig9qX7TBMzg9InW tHfZp0GjYEJWCvZ i0h3SG99wTPL3Ov PSOjc2oGRqI2bya XaGdao8vmfYk8jd auqe5QBgA2RaO7I WYZGyHwsWNg3PSX eEcUtccZeD7ryBP MMDvFZUDUia1Njf ELaaKo932JWKdLg zONmMEinFizgGEg 7MrB4kIjeY3O4Od GEjKV6okfzdmYOP rZCsNzFILna2K1h D53RmTDkoddt81Y mwPFWwaeCA9YR9S EZcu8kWlaFjjDRX SG7MCuwtS3PuUXr EaCfe1ib65Nrq3s IUxGJ7H6JRidavn Ql7Bo9qbZGqkglf 0g1caODxGe4mQfZ ixH7my73DAKw5aL idukKTwb0qPVlvD 2vqskVSukRNra5i 1t1PadrLZSgaJqb WtSVmbgiWm40P1S WlR8nq2I95RIZSx LP3JEvHqBNAb9Ci rzkkSaOBk5FawpE yCVbUDk556V0e7F z8YSYPFqzwf14Yo JEztr4noRMxvME2 OBTt16BAJF4K1NA pTtFpwRbubTggxb 74abisSK1DgPd30 UgdY75zTUKd57pk CHTu2BwPHFGjwgf XxJMTNpYRQiz6uZ lIAmcTKhGoKBy97 7S82DvT1tB0cGjn M5JnyMJkzj2WaVf MFkAonXbkYNOk2n olE7RldZhcyy4Xd edu1Mke8AevVaAc lat6mso7hS2XAuW ZCcrWakNFGPPqkW 40YMZMHqL1mbIIS oooC5lSP2dd2c04 j9yjhpsYjs2izOA HRhQslExQDU6Uio WEJBnQDpMbhQG1y E9jPqsSgmUrfRgD nEuLPYpRLm6UJgW TZFga6U0khClKRX DdTWaLVGrmY8xdB GNy2Dd4HStxQ4PF vwTIyDUee5loag1 ePdbLqPMdkh19zR PcBFK4gtKCdhzIu ea2Ncg69SqseUBi wp45MaNEGlIh9Y7 sU85K0nKEMK5if3 7HOGDDVCL7pwmNj 9A6DKk8MrwpPTeB 2B3uqQpHsKIdPJx qD7S2IJahokxoiY 5UPvodqZY8JRljz In7rV6I5LUyh5SM tSL4t0Z2VfrMDZH En5QqKvVJykQU9S ELH1U2Hxh7ANzCK v2R3xrf102D1zaG 3sO6yLwzpZH2Rq0 q3h9GbWIEndPZHA IsPJC2MFfN0sOwe e6nEuqR2NlsDwBk hMWLszNY7iOICmE RvwFZXFqTwbRlxA qBoAPZYJyPFdKpV MsSRHrFUIwYTE6S ZPQ9bRmb2B1hAu9 rkECh80CmFO04Fc rn1KX392TtgIYu1 PN1LGcrAYdD6UC1 O9Vx2fuBiTIqmo9 XbPsWdRxmX57BjS EZPTZ9wGaxLZVqB cmsDn1mU1Uzbesx 2pXT0mVO7A72mkw wBdlD7QDUeN8Na7 j8W9tUIWUAbAePO 2Z9OSU0M1KIRSuE ePOZBlNonU1dUCz KQWlw.
END KEYBASE SALTPACK ENCRYPTED MESSAGE.`
decoded = libkb.NewBufferCloser()
decarg = &PGPDecryptArg{
Source: strings.NewReader(saltpack),
Sink: decoded,
}
dec = NewPGPDecrypt(decarg, tc.G)
err := RunEngine(dec, ctx)
if wse, ok := err.(libkb.WrongCryptoFormatError); !ok {
t.Fatalf("Wanted a WrongCryptoFormat error, but got %T (%v)", err, err)
} else if wse.Wanted != libkb.CryptoMessageFormatPGP ||
wse.Received != libkb.CryptoMessageFormatSaltpack ||
wse.Operation != "decrypt" {
t.Fatalf("Bad error: %v", wse)
}
}
func TestPGPDecryptLong(t *testing.T) {
tc := SetupEngineTest(t, "PGPDecrypt")
defer tc.Cleanup()
fu := createFakeUserWithPGPSibkey(tc)
// encrypt a message
msg := make([]byte, 1024*1024)
if _, err := rand.Read(msg); err != nil {
t.Fatal(err)
}
sink := libkb.NewBufferCloser()
ctx := decengctx(fu, tc)
arg := &PGPEncryptArg{
Source: bytes.NewReader(msg),
Sink: sink,
NoSign: true,
BinaryOutput: true,
}
enc := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
}
dec := NewPGPDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.Bytes()
if len(decmsg) != len(msg) {
t.Fatalf("decoded msg size: %d, expected %d", len(decmsg), len(msg))
}
for i, b := range msg {
if decmsg[i] != b {
t.Errorf("decode msg differs at byte %d: %x, expected %x", i, decmsg[i], b)
}
}
owner := dec.Owner()
if owner == nil {
t.Errorf("owner is nil")
}
}
// encrypt for self via NoSelf: false and username in recipients
func TestPGPEncryptSelfTwice(t *testing.T) {
tc := SetupEngineTest(t, "PGPEncrypt")
defer tc.Cleanup()
u := createFakeUserWithPGPSibkey(tc)
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u.NewSecretUI()}
msg := "encrypt for self only once"
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{u.Username},
Source: strings.NewReader(msg),
Sink: sink,
NoSign: true,
TrackOptions: keybase1.TrackOptions{BypassConfirm: true},
}
eng := NewPGPEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if err != nil {
t.Fatal(err)
}
out := sink.Bytes()
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
}
dec := NewPGPDecrypt(decarg, tc.G)
ctx.LogUI = tc.G.UI.GetLogUI()
ctx.PgpUI = &TestPgpUI{}
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := string(decoded.Bytes())
if decmsg != msg {
t.Errorf("decoded: %q, expected: %q", decmsg, msg)
}
recips := dec.signStatus.RecipientKeyIDs
if len(recips) != 1 {
t.Logf("recipient key ids: %v", recips)
t.Errorf("num recipient key ids: %d, expected 1", len(recips))
}
}
func TestPGPEncryptSelfNoKey(t *testing.T) {
tc := SetupEngineTest(t, "PGPEncrypt")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "login")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u.NewSecretUI()}
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{"t_alice", "t_bob+twitter:kbtester1", "t_charlie+twitter:tacovontaco"},
Source: strings.NewReader("track and encrypt, track and encrypt"),
Sink: sink,
NoSign: true,
TrackOptions: keybase1.TrackOptions{BypassConfirm: true},
}
eng := NewPGPEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if err == nil {
t.Fatal("no error encrypting for self without pgp key")
}
if _, ok := err.(libkb.NoKeyError); !ok {
t.Fatalf("expected error type libkb.NoKeyError, got %T (%s)", err, err)
}
}
func TestPGPEncryptNoPGPNaClOnly(t *testing.T) {
tc := SetupEngineTest(t, "TestPGPEncryptNoPGPNaClOnly")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
Logout(tc)
u2 := createFakeUserWithPGPSibkey(tc)
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u2.NewSecretUI()}
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{u1.Username},
Source: strings.NewReader("track and encrypt, track and encrypt"),
Sink: sink,
NoSign: true,
TrackOptions: keybase1.TrackOptions{BypassConfirm: true},
}
eng := NewPGPEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if perr, ok := err.(libkb.NoPGPEncryptionKeyError); !ok {
t.Fatalf("Got wrong error type: %T %v", err, err)
} else if !perr.HasDeviceKey {
t.Fatalf("Should have a PGP key")
} else if perr.User != u1.Username {
t.Fatalf("Wrong username")
}
}
func TestPGPEncrypt(t *testing.T) {
tc := SetupEngineTest(t, "PGPEncrypt")
defer tc.Cleanup()
u := createFakeUserWithPGPSibkey(tc)
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u.NewSecretUI()}
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{"t_alice", "t_bob+kbtester1@twitter", "t_charlie+tacovontaco@twitter"},
Source: strings.NewReader("track and encrypt, track and encrypt"),
Sink: sink,
NoSign: true,
TrackOptions: keybase1.TrackOptions{BypassConfirm: true},
}
eng := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
if len(out) == 0 {
t.Fatal("no output")
}
}
func TestSaltpackEncryptSelfNoKey(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
_, passphrase := createFakeUserWithNoKeys(tc)
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: &libkb.TestSecretUI{Passphrase: passphrase}}
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: []string{"t_tracy+t_tracy@rooter", "t_george", "t_kb+gbrltest@twitter"},
},
Source: strings.NewReader("track and encrypt, track and encrypt"),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if _, ok := err.(libkb.NoKeyError); !ok {
t.Fatalf("expected error type libkb.NoKeyError, got %T (%s)", err, err)
}
}
func TestSaltpackEncryptHideRecipients(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
u3 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u3.NewSecretUI()}
run := func(Recips []string) {
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: Recips,
HideRecipients: true,
Binary: true,
},
Source: strings.NewReader("id2 and encrypt, id2 and encrypt"),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
if len(out) == 0 {
t.Fatal("no output")
}
var header saltpack.EncryptionHeader
dec := codec.NewDecoderBytes(out, &codec.MsgpackHandle{WriteExt: true})
var b []byte
if err := dec.Decode(&b); err != nil {
t.Fatal(err)
}
dec = codec.NewDecoderBytes(b, &codec.MsgpackHandle{WriteExt: true})
if err := dec.Decode(&header); err != nil {
t.Fatal(err)
}
for _, receiver := range header.Receivers {
if receiver.ReceiverKID != nil {
t.Fatal("receiver KID included in anonymous saltpack header")
}
}
}
run([]string{u1.Username, u2.Username})
// If we add ourselves, we should be smart and not error out
// (We are u3 in this case)
run([]string{u1.Username, u2.Username, u3.Username})
}
func TestSaltpackEncryptBinary(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncryptBinary")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "enc")
// encrypt a message
msg := "10 days in Japan"
sink := libkb.NewBufferCloser()
ctx := &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: fu.NewSecretUI(),
LogUI: tc.G.UI.GetLogUI(),
SaltpackUI: &fakeSaltpackUI{},
}
// Should encrypt for self, too.
arg := &SaltpackEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
Opts: keybase1.SaltpackEncryptOptions{
Binary: true,
},
}
enc := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.String()
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
}
dec := NewSaltpackDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
if decmsg != msg {
t.Errorf("decoded: %s, expected: %s", decmsg, msg)
}
}
func TestPGPDecrypt(t *testing.T) {
tc := SetupEngineTest(t, "PGPDecrypt")
defer tc.Cleanup()
fu := createFakeUserWithPGPOnly(t, tc)
// encrypt a message
msg := "10 days in Japan"
sink := libkb.NewBufferCloser()
ctx := decengctx(fu, tc)
arg := &PGPEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
NoSign: true,
BinaryOutput: true,
}
enc := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
t.Logf("encrypted data: %x", out)
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
}
dec := NewPGPDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := string(decoded.Bytes())
if decmsg != msg {
t.Errorf("decoded: %q, expected: %q", decmsg, msg)
}
owner := dec.Owner()
if owner == nil {
t.Errorf("owner is nil")
}
}
func TestSaltpackDecryptWithPaperKey(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackDecrypt")
defer tc.Cleanup()
// We don't log in as a test user here. This flow should work even if
// you're totally logged out.
msg := `BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. kiPgBwdlv6bV9N8
dSkCbjKrku4NADt gV8qC1k8zRA0Bi0 6KvGQoMyf99b2id uGZ3EDTqb5nZVPT
vhMiB49BOHavdzN mySkmzwlSWDsuQA z9RIPfrIX9IJCfi yqlaD1HOqK1lilP
tDrign5LrAB8zLz 4NwPFBwpQJWW8sO N9Jk6yzf6QvdPav GN9SqL6YX7XEbJc
PLrDD7LCj7fHObD O3pTQSLjuUKqAqa 3LDiQEVEDUZzYLy TvKyMJ2U8gCuhcU
SeqDClUNAPKqEEM MRgyTcw0LSwK4A5 YyZhDM065PA5SHb 6ZFPGYnv81HOibR
FHHv5lYEqPqPAZa ETIXLblnxI61F2q 6cH3w60bbxFuQB2 fwLZQSUS4ZzyVSw
UN3OKZMr79vqr6S ap3vMMqGiWm3blG ptjZEmFXI5dQqZG w9AO0Djmy2fWnCB
Z42e7BZteGaRhz8 zVmNLdOvtWiJkRF FUo2KvUgBsk9ecJ 3iZUOhYbdqja2Xx
osdOqu6OUS9V4XC H9vRylZJShvVg2X NLaeeHZ6AHdxkxO NgrG1NqHeIubq8p
0VaDq1iKk78Qj27 4q26yqnt5E9sgnN xJ850oP5DeKWrN3 yaif8ouprlETzY3
CLmDsAN5vVCgVga gx1q3YEjKUmJqD2 EsY5KBKogE1YjvQ eVaoqX5qiKtS6o0
oGE70tbveveK0kV SErmRsOSFBieaCq JzW75TXRCHpLvVB 1ZB8Wih6cyvw1yx
pK5RJNfPOF6lzKm i28FT9EoCw7uvsB kBG2EfA9YRkhXKh RoqAGrkdX3ziGy8
j5eOK91eyIcl7f7 SfUFLzETW5ULZfm 7Z9BIeOJogk7a1B 7IUJQiYpLyG3xAF
p3nmeSIalwfIzhV opNxUB7ltUOn3PX t9abJAZkUodMURG zXw0dKHQKtWXce6
y8jHbaU0zLwxvhO W3bxHNGoQ10t7Gq hSPu7SYLYyD926w 8nv5FqiUtTf7eJq
Ay1c2FAYMPkB4ay 6lB0wxtpNCGt8MO RtrC1Da3aj7rLTL fFNz2kxb78hT2Tu
QNiHyBL. END KEYBASE SALTPACK ENCRYPTED MESSAGE.`
paperkey := "fitness weasel session truly among connect explain found measure smile ask ball shoulder"
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(msg),
Sink: decoded,
Opts: keybase1.SaltpackDecryptOptions{
UsePaperKey: true,
},
}
dec := NewSaltpackDecrypt(decarg, tc.G)
ctx := &Context{
IdentifyUI: &FakeIdentifyUI{},
// Here's where the paper key goes in!
SecretUI: &libkb.TestSecretUI{Passphrase: paperkey},
LogUI: tc.G.UI.GetLogUI(),
SaltpackUI: &fakeSaltpackUI{},
}
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
expected := "message for paper key"
if decmsg != expected {
t.Errorf("decoded: %s, expected: %s", decmsg, expected)
}
}
func (p *pgpPair) doDecrypt(msg string, arg *PGPDecryptArg) (int, int) {
ctx := decengctx(p.recipient, p.tcR)
arg.Source = strings.NewReader(msg)
arg.Sink = libkb.NewBufferCloser()
dec := NewPGPDecrypt(arg, p.tcR.G)
if err := RunEngine(dec, ctx); err != nil {
debug.PrintStack()
p.t.Fatal(err)
}
return p.idc(ctx), p.sigc(ctx)
}
func (p *pgpPair) decryptSelf(msg string) (int, int) {
ctx := decengctx(p.sender, p.tcS)
arg := &PGPDecryptArg{
Source: strings.NewReader(msg),
Sink: libkb.NewBufferCloser(),
}
dec := NewPGPDecrypt(arg, p.tcS.G)
if err := RunEngine(dec, ctx); err != nil {
p.t.Fatal(err)
}
return p.idc(ctx), p.sigc(ctx)
}
func signEnc(ctx *Context, tc libkb.TestContext, msg string) string {
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Sink: sink,
Source: strings.NewReader(msg),
}
eng := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
tc.T.Fatal(err)
}
return sink.String()
}
func sign(ctx *Context, tc libkb.TestContext, msg string, mode keybase1.SignMode) string {
sink := libkb.NewBufferCloser()
arg := &PGPSignArg{
Sink: sink,
Source: ioutil.NopCloser(strings.NewReader(msg)),
Opts: keybase1.PGPSignOptions{Mode: keybase1.SignMode(mode)},
}
eng := NewPGPSignEngine(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
tc.T.Fatal(err)
}
return sink.String()
}
// TestPGPDecryptSignedSelf tests that the user who signed the
// message can decrypt it.
func TestPGPDecryptSignedSelf(t *testing.T) {
tc := SetupEngineTest(t, "PGPDecrypt")
defer tc.Cleanup()
fu := createFakeUserWithPGPOnly(t, tc)
// encrypt a message
msg := "We pride ourselves on being meticulous; no issue is too small."
ctx := decengctx(fu, tc)
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
BinaryOutput: true,
}
enc := NewPGPEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
t.Logf("encrypted data: %x", out)
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
AssertSigned: true,
}
dec := NewPGPDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := string(decoded.Bytes())
if decmsg != msg {
t.Errorf("decoded: %q, expected: %q", decmsg, msg)
}
}
func (p *pgpPair) encrypt(sign bool) (string, int) {
ctx := &Context{IdentifyUI: &FakeIdentifyUI{}, SecretUI: p.sender.NewSecretUI()}
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{p.recipient.Username},
Source: strings.NewReader("thank you for your order"),
Sink: sink,
NoSign: !sign,
}
eng := NewPGPEncrypt(arg, p.tcS.G)
if err := RunEngine(eng, ctx); err != nil {
p.t.Fatal(err)
}
out := sink.Bytes()
return string(out), p.idc(ctx)
}
func TestPGPDecryptClearsign(t *testing.T) {
tc := SetupEngineTest(t, "PGPDecrypt")
defer tc.Cleanup()
fu := createFakeUserWithPGPSibkey(tc)
ctx := decengctx(fu, tc)
for _, test := range cstests {
signedMsg := sign(ctx, tc, test.msg, keybase1.SignMode_CLEAR)
t.Logf("%s: signed message:\n\n%s\n", test.name, signedMsg)
decoded := libkb.NewBufferCloser()
arg := &PGPDecryptArg{
Source: strings.NewReader(signedMsg),
Sink: decoded,
}
eng := NewPGPDecrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Errorf("%s: decrypt error: %q", test.name, err)
continue
}
msg := decoded.Bytes()
trimmed := strings.TrimSpace(string(msg))
t.Logf("clearsign test %q decoded message: %s\n", test.name, trimmed)
if trimmed != test.msg {
t.Errorf("%s: expected msg %q, got %q", test.name, test.msg, trimmed)
}
status := eng.SignatureStatus()
if !status.IsSigned {
t.Errorf("%s: expected IsSigned", test.name)
}
if !status.Verified {
t.Errorf("%s: expected Verified", test.name)
}
if status.Entity == nil {
t.Errorf("%s: signature status entity is nil", test.name)
}
}
}
func TestSaltpackEncryptNoNaclOnlyPGP(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u2 := createFakeUserWithPGPOnly(t, tc)
Logout(tc)
u1 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{
IdentifyUI: trackUI,
SecretUI: u1.NewSecretUI(),
SaltpackUI: &fakeSaltpackUI{},
}
msg := "this will never work"
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: []string{u2.Username},
NoSelfEncrypt: true,
},
Source: strings.NewReader(msg),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if perr, ok := err.(libkb.NoNaClEncryptionKeyError); !ok {
t.Fatalf("Got wrong error type: %T %v", err, err)
} else if !perr.HasPGPKey {
t.Fatalf("Should have a PGP key")
} else if perr.User != u2.Username {
t.Fatalf("Wrong username")
}
}
func TestSaltpackEncrypt(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
u3 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u3.NewSecretUI()}
run := func(Recips []string) {
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{Recipients: Recips},
Source: strings.NewReader("id2 and encrypt, id2 and encrypt"),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
if len(out) == 0 {
t.Fatal("no output")
}
}
run([]string{u1.Username, u2.Username})
// If we add ourselves, we should be smart and not error out
// (We are u3 in this case)
run([]string{u1.Username, u2.Username, u3.Username})
}
func TestSaltpackEncryptLoggedOut(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: &libkb.TestSecretUI{}}
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: []string{"t_tracy+t_tracy@rooter", "t_george", "t_kb+gbrltest@twitter"},
},
Source: strings.NewReader("track and encrypt, track and encrypt"),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
err := RunEngine(eng, ctx)
if err != nil {
t.Fatalf("Got unexpected error: %s", err)
}
}
func TestSaltpackDecryptBrokenTrack(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackDecrypt")
defer tc.Cleanup()
// create a user to track the proofUser
trackUser := CreateAndSignupFakeUser(tc, "naclp")
Logout(tc)
// create a user with a rooter proof
proofUser := CreateAndSignupFakeUser(tc, "naclp")
ui, _, err := proveRooter(tc.G, proofUser)
if err != nil {
t.Fatal(err)
}
spui := testDecryptSaltpackUI{}
// encrypt a message
msg := "10 days in Japan"
sink := libkb.NewBufferCloser()
ctx := &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: proofUser.NewSecretUI(),
LogUI: tc.G.UI.GetLogUI(),
SaltpackUI: &spui,
}
arg := &SaltpackEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
Opts: keybase1.SaltpackEncryptOptions{
NoSelfEncrypt: true,
Recipients: []string{
trackUser.Username,
},
},
}
enc := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.String()
// Also output a hidden-sender message
arg.Opts.HideSelf = true
sink = libkb.NewBufferCloser()
arg.Source = strings.NewReader(msg)
arg.Sink = sink
enc = NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
outHidden := sink.String()
Logout(tc)
// Now login as the track user and track the proofUser
trackUser.LoginOrBust(tc)
rbl := sb{
social: true,
id: proofUser.Username + "@rooter",
proofState: keybase1.ProofState_OK,
}
outcome := keybase1.IdentifyOutcome{
NumProofSuccesses: 1,
TrackStatus: keybase1.TrackStatus_NEW_OK,
}
err = checkTrack(tc, trackUser, proofUser.Username, []sb{rbl}, &outcome)
if err != nil {
t.Fatal(err)
}
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
}
dec := NewSaltpackDecrypt(decarg, tc.G)
spui.f = func(arg keybase1.SaltpackPromptForDecryptArg) error {
if arg.Sender.SenderType != keybase1.SaltpackSenderType_TRACKING_OK {
t.Fatalf("Bad sender type: %v", arg.Sender.SenderType)
}
return nil
}
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
// Should work!
if decmsg != msg {
t.Fatalf("decoded: %s, expected: %s", decmsg, msg)
}
// now decrypt the hidden-self message
decoded = libkb.NewBufferCloser()
decarg = &SaltpackDecryptArg{
Source: strings.NewReader(outHidden),
Sink: decoded,
}
dec = NewSaltpackDecrypt(decarg, tc.G)
spui.f = func(arg keybase1.SaltpackPromptForDecryptArg) error {
if arg.Sender.SenderType != keybase1.SaltpackSenderType_ANONYMOUS {
t.Fatalf("Bad sender type: %v", arg.Sender.SenderType)
}
return nil
}
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg = decoded.String()
// Should work!
if decmsg != msg {
t.Fatalf("decoded: %s, expected: %s", decmsg, msg)
}
// remove the rooter proof to break the tracking statement
Logout(tc)
proofUser.LoginOrBust(tc)
if err := proveRooterRemove(tc.G, ui.postID); err != nil {
t.Fatal(err)
}
Logout(tc)
// Decrypt the message and fail, since our tracking statement is now
// broken.
trackUser.LoginOrBust(tc)
decoded = libkb.NewBufferCloser()
decarg = &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
Opts: keybase1.SaltpackDecryptOptions{
ForceRemoteCheck: true,
},
}
dec = NewSaltpackDecrypt(decarg, tc.G)
errTrackingBroke := errors.New("tracking broke")
spui.f = func(arg keybase1.SaltpackPromptForDecryptArg) error {
if arg.Sender.SenderType != keybase1.SaltpackSenderType_TRACKING_BROKE {
t.Fatalf("Bad sender type: %v", arg.Sender.SenderType)
}
return errTrackingBroke
}
if err = RunEngine(dec, ctx); err != errTrackingBroke {
t.Fatalf("Expected an error %v; but got %v", errTrackingBroke, err)
}
}
func TestSaltpackNoEncryptionForDevice(t *testing.T) {
// device X (provisioner) context:
tcX := SetupEngineTest(t, "kex2provision")
defer tcX.Cleanup()
// device Y (provisionee) context:
tcY := SetupEngineTest(t, "kex2provionee")
defer tcY.Cleanup()
// device Z is the encryptor's device
tcZ := SetupEngineTest(t, "encryptor")
defer tcZ.Cleanup()
// provisioner needs to be logged in
userX := CreateAndSignupFakeUser(tcX, "naclp")
var secretX kex2.Secret
if _, err := rand.Read(secretX[:]); err != nil {
t.Fatal(err)
}
encryptor := CreateAndSignupFakeUser(tcZ, "naclp")
spui := testDecryptSaltpackUI{}
// encrypt a message with encryption / tcZ
msg := "10 days in Japan"
sink := libkb.NewBufferCloser()
ctx := &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: encryptor.NewSecretUI(),
LogUI: tcZ.G.UI.GetLogUI(),
SaltpackUI: &spui,
}
arg := &SaltpackEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
Opts: keybase1.SaltpackEncryptOptions{
Recipients: []string{
userX.Username,
},
},
}
enc := NewSaltpackEncrypt(arg, tcZ.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.String()
// decrypt it with userX / tcX
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
}
dec := NewSaltpackDecrypt(decarg, tcX.G)
spui.f = func(arg keybase1.SaltpackPromptForDecryptArg) error {
if arg.Sender.SenderType != keybase1.SaltpackSenderType_NOT_TRACKED {
t.Fatalf("Bad sender type: %v", arg.Sender.SenderType)
}
return nil
}
ctx = &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: userX.NewSecretUI(),
LogUI: tcX.G.UI.GetLogUI(),
SaltpackUI: &spui,
}
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
// Should work!
if decmsg != msg {
t.Fatalf("decoded: %s, expected: %s", decmsg, msg)
}
// Now make a new device
secretCh := make(chan kex2.Secret)
// provisionee calls login:
ctx = &Context{
ProvisionUI: newTestProvisionUISecretCh(secretCh),
LoginUI: &libkb.TestLoginUI{},
LogUI: tcY.G.UI.GetLogUI(),
SecretUI: &libkb.TestSecretUI{},
GPGUI: &gpgtestui{},
}
eng := NewLogin(tcY.G, libkb.DeviceTypeDesktop, "", keybase1.ClientType_CLI)
var wg sync.WaitGroup
// start provisionee
wg.Add(1)
go func() {
defer wg.Done()
if err := RunEngine(eng, ctx); err != nil {
t.Errorf("login error: %s", err)
return
}
}()
// start provisioner
provisioner := NewKex2Provisioner(tcX.G, secretX, nil)
wg.Add(1)
go func() {
defer wg.Done()
ctx := &Context{
SecretUI: userX.NewSecretUI(),
ProvisionUI: newTestProvisionUI(),
}
if err := RunEngine(provisioner, ctx); err != nil {
t.Errorf("provisioner error: %s", err)
return
}
}()
secretFromY := <-secretCh
provisioner.AddSecret(secretFromY)
wg.Wait()
if err := AssertProvisioned(tcY); err != nil {
t.Fatal(err)
}
// Now try and fail to decrypt with device Y (via tcY)
decoded = libkb.NewBufferCloser()
decarg = &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
}
dec = NewSaltpackDecrypt(decarg, tcY.G)
spui.f = func(arg keybase1.SaltpackPromptForDecryptArg) error {
t.Fatal("should not be prompted for decryption")
return nil
}
ctx = &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: userX.NewSecretUI(),
LogUI: tcY.G.UI.GetLogUI(),
SaltpackUI: &spui,
}
if err := RunEngine(dec, ctx); err == nil {
t.Fatal("Should have seen a decryption error")
}
// Make sure we get the right helpful debug message back
me := dec.MessageInfo()
if len(me.Devices) != 2 {
t.Fatalf("expected 2 valid devices; got %d", len(me.Devices))
}
backup := 0
desktops := 0
for _, d := range me.Devices {
switch d.Type {
case "backup":
backup++
case "desktop":
desktops++
if !userX.EncryptionKey.GetKID().Equal(d.EncryptKey) {
t.Fatal("got wrong encryption key for good possibilities")
}
default:
t.Fatalf("wrong kind of device: %s\n", d.Type)
}
}
if backup != 1 {
t.Fatal("Only wanted 1 backup key")
}
if desktops != 1 {
t.Fatal("only wanted 1 desktop key")
}
}
func TestSaltpackDecrypt(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackDecrypt")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "naclp")
// encrypt a message
msg := "10 days in Japan"
sink := libkb.NewBufferCloser()
ctx := &Context{
IdentifyUI: &FakeIdentifyUI{},
SecretUI: fu.NewSecretUI(),
LogUI: tc.G.UI.GetLogUI(),
SaltpackUI: &fakeSaltpackUI{},
}
// Should encrypt for self, too.
arg := &SaltpackEncryptArg{
Source: strings.NewReader(msg),
Sink: sink,
}
enc := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.String()
t.Logf("encrypted data: %s", out)
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(out),
Sink: decoded,
}
dec := NewSaltpackDecrypt(decarg, tc.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
if decmsg != msg {
t.Errorf("decoded: %s, expected: %s", decmsg, msg)
}
pgpMsg := `-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQEMA5gKPw0B/gTfAQf+JacZcP+4d1cdmRV5qlrDUhK3qm5dtzAh8KE3z6OMSOmE
fUAdMZweHZMkWA5C1OZbvZ6SKaFLFHjmiD0DWlcdiXsvgPH9RpTHOSrxdjRlBuwK
JBz5OrDM/OStIam6jKcxBcrI43JkWOG64AOwJ4Rx3OjAnzbKJKeUCAaopbXc2M5O
iyTPzEsexRFjSfPGRk9cQD5zfar3Qjk2cRWElgABiQczWtfNAQ3NyQLzmRU6mw+i
ZLoViAwQm2BMYa2i6MYOJCQtxHLwZCtAbRXTGFZ2nP0gVVX50KIeL/rnzrQ4I05M
CljEVk3BBSQBl3jqecfT2Ooh+rwgf3VSQ684HIEt5dI/Aama8l7S3ypwVyt8gWhN
HTngZWUk8Tjn6Q8zrnnoB92G1G+rZHAiChgBFQCaYDBsWa0Pia6Vm+10OAIulGGj
=pNG+
-----END PGP MESSAGE-----
`
decoded = libkb.NewBufferCloser()
decarg = &SaltpackDecryptArg{
Source: strings.NewReader(pgpMsg),
Sink: decoded,
}
dec = NewSaltpackDecrypt(decarg, tc.G)
err := RunEngine(dec, ctx)
if wse, ok := err.(libkb.WrongCryptoFormatError); !ok {
t.Fatalf("Wanted a WrongCryptoFormat error, but got %T (%v)", err, err)
} else if wse.Wanted != libkb.CryptoMessageFormatSaltpack ||
wse.Received != libkb.CryptoMessageFormatPGP ||
wse.Operation != "decrypt" {
t.Fatalf("Bad error: %v", wse)
}
}
func TestSaltpackEncryptNoSelf(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
msg := "for your eyes only (not even mine!)"
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{
IdentifyUI: trackUI,
SecretUI: u2.NewSecretUI(),
SaltpackUI: &fakeSaltpackUI{},
}
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: []string{u1.Username},
NoSelfEncrypt: true,
},
Source: strings.NewReader(msg),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
if len(out) == 0 {
t.Fatal("no output")
}
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(string(out)),
Sink: decoded,
}
dec := NewSaltpackDecrypt(decarg, tc.G)
err := RunEngine(dec, ctx)
if _, ok := err.(libkb.NoDecryptionKeyError); !ok {
t.Fatalf("Expected err type %T, but got %T", libkb.NoDecryptionKeyError{}, err)
}
Logout(tc)
u1.Login(tc.G)
ctx.SecretUI = u1.NewSecretUI()
decarg.Source = strings.NewReader(string(out))
dec = NewSaltpackDecrypt(decarg, tc.G)
err = RunEngine(dec, ctx)
if err != nil {
t.Fatal(err)
}
decmsg := decoded.String()
if decmsg != msg {
t.Errorf("decoded: %s, expected: %s", decmsg, msg)
}
}
// TestPGPDecryptSignedIdentify tests that the signer is
// identified regardless of AssertSigned, SignedBy args.
func TestPGPDecryptSignedIdentify(t *testing.T) {
tcRecipient := SetupEngineTest(t, "PGPDecrypt - Recipient")
defer tcRecipient.Cleanup()
recipient := createFakeUserWithPGPSibkey(tcRecipient)
Logout(tcRecipient)
tcSigner := SetupEngineTest(t, "PGPDecrypt - Signer")
defer tcSigner.Cleanup()
signer := createFakeUserWithPGPSibkey(tcSigner)
// encrypt a message
msg := "We pride ourselves on being meticulous; no issue is too small."
ctx := decengctx(signer, tcSigner)
sink := libkb.NewBufferCloser()
arg := &PGPEncryptArg{
Recips: []string{recipient.Username},
Source: strings.NewReader(msg),
Sink: sink,
BinaryOutput: true,
TrackOptions: keybase1.TrackOptions{BypassConfirm: true},
}
enc := NewPGPEncrypt(arg, tcSigner.G)
if err := RunEngine(enc, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
t.Logf("encrypted data: %x", out)
// signer logs out, recipient logs in:
t.Logf("signer (%q) logging out", signer.Username)
Logout(tcSigner)
libkb.G = tcRecipient.G
t.Logf("recipient (%q) logging in", recipient.Username)
recipient.LoginOrBust(tcRecipient)
idUI := &FakeIdentifyUI{}
pgpUI := &TestPgpUI{}
ctx = &Context{
IdentifyUI: idUI,
SecretUI: recipient.NewSecretUI(),
LogUI: tcRecipient.G.UI.GetLogUI(),
PgpUI: pgpUI,
}
// decrypt it
decoded := libkb.NewBufferCloser()
decarg := &PGPDecryptArg{
Source: bytes.NewReader(out),
Sink: decoded,
AssertSigned: false,
}
dec := NewPGPDecrypt(decarg, tcRecipient.G)
if err := RunEngine(dec, ctx); err != nil {
t.Fatal(err)
}
if idUI.User == nil {
t.Fatal("identify ui user is nil")
}
if idUI.User.Username != signer.Username {
t.Errorf("idUI username: %q, expected %q", idUI.User.Username, signer.Username)
}
if pgpUI.OutputCount != 1 {
t.Errorf("PgpUI output called %d times, expected 1", pgpUI.OutputCount)
}
}
func TestSaltpackEncryptAnonymous(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
u3 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
saltpackUI := &fakeSaltpackUI2{}
ctx := &Context{
IdentifyUI: trackUI,
SecretUI: u3.NewSecretUI(),
SaltpackUI: saltpackUI,
}
run := func(Recips []string) {
encsink := libkb.NewBufferCloser()
encarg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: Recips,
HideSelf: true,
HideRecipients: true,
Binary: true,
},
Source: strings.NewReader("id2 and encrypt, id2 and encrypt"),
Sink: encsink,
}
enceng := NewSaltpackEncrypt(encarg, tc.G)
if err := RunEngine(enceng, ctx); err != nil {
t.Fatal(err)
}
encout := encsink.Bytes()
if len(encout) == 0 {
t.Fatal("no output")
}
// Decode the header.
var header saltpack.EncryptionHeader
hdec := codec.NewDecoderBytes(encout, &codec.MsgpackHandle{WriteExt: true})
var hbytes []byte
if err := hdec.Decode(&hbytes); err != nil {
t.Fatal(err)
}
hdec = codec.NewDecoderBytes(hbytes, &codec.MsgpackHandle{WriteExt: true})
if err := hdec.Decode(&header); err != nil {
t.Fatal(err)
}
// Hidden recipients is enabled as well, so receiver keys should be omitted.
for _, receiver := range header.Receivers {
if receiver.ReceiverKID != nil {
t.Fatal("receiver KID included in anonymous saltpack header")
}
}
decsink := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(encsink.String()),
Sink: decsink,
}
deceng := NewSaltpackDecrypt(decarg, tc.G)
if err := RunEngine(deceng, ctx); err != nil {
t.Fatal(err)
}
if !saltpackUI.DidDecrypt {
t.Fatal("fake saltpackUI not called")
}
// The message should not contain the sender's public key (in the sender secretbox).
// Instead, the sender key should be the ephemeral key.
// This tests that the sender type is anonymous.
if saltpackUI.LastSender.SenderType != keybase1.SaltpackSenderType_ANONYMOUS {
t.Fatal("sender type not anonymous")
}
}
run([]string{u1.Username, u2.Username})
// If we add ourselves, we should be smart and not error out
// (We are u3 in this case)
run([]string{u1.Username, u2.Username, u3.Username})
}
