func TestSaltpackEncryptHideRecipients(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
u3 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
ctx := &Context{IdentifyUI: trackUI, SecretUI: u3.NewSecretUI()}
run := func(Recips []string) {
sink := libkb.NewBufferCloser()
arg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: Recips,
HideRecipients: true,
Binary: true,
},
Source: strings.NewReader("id2 and encrypt, id2 and encrypt"),
Sink: sink,
}
eng := NewSaltpackEncrypt(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
out := sink.Bytes()
if len(out) == 0 {
t.Fatal("no output")
}
var header saltpack.EncryptionHeader
dec := codec.NewDecoderBytes(out, &codec.MsgpackHandle{WriteExt: true})
var b []byte
if err := dec.Decode(&b); err != nil {
t.Fatal(err)
}
dec = codec.NewDecoderBytes(b, &codec.MsgpackHandle{WriteExt: true})
if err := dec.Decode(&header); err != nil {
t.Fatal(err)
}
for _, receiver := range header.Receivers {
if receiver.ReceiverKID != nil {
t.Fatal("receiver KID included in anonymous saltpack header")
}
}
}
run([]string{u1.Username, u2.Username})
// If we add ourselves, we should be smart and not error out
// (We are u3 in this case)
run([]string{u1.Username, u2.Username, u3.Username})
}
func (o ObjFactory) UnmarshalState(b []byte) (gregor.State, error) {
var state State
err := codec.NewDecoderBytes(b, &codec.MsgpackHandle{WriteExt: true}).
Decode(&state)
if err != nil {
return nil, err
}
return state, nil
}
func isSaltpackBinary(b []byte, sc *StreamClassification) bool {
if len(b) < 6 {
return false
}
// The encryption header is double-encoded. (And signing will be in the
// future.) For these headers we need to skip the "bin" tag at the front to
// get at the encoded header array.
var binTagBytesToSkip int
if b[0] == 0xc4 {
binTagBytesToSkip = 2
} else if b[0] == 0xc5 {
binTagBytesToSkip = 3
} else if b[0] == 0xc6 {
binTagBytesToSkip = 5
} else {
return false
}
// Verify the type of the array and its minimum length, and copy the array
// bytes to a scratch buffer.
arrayTagByte := b[binTagBytesToSkip]
if arrayTagByte <= 0x93 || arrayTagByte >= 0x9f {
// TODO: We should allow arrays of more than 15 elements here.
return false
}
tmp := make([]byte, len(b))
copy(tmp, b[binTagBytesToSkip:])
// Hack -- make this a 3-value Msgpack Array, since we only care about the
// first 3 fields, and don't want to bother slurping in more than that.
tmp[0] = 0x93
var mh codec.MsgpackHandle
var sphp saltpackHeaderPrefix
if err := codec.NewDecoderBytes(tmp, &mh).Decode(&sphp); err != nil {
return false
}
if sphp.FormatName != saltpack.SaltpackFormatName {
return false
}
switch sphp.Type {
case saltpack.MessageTypeEncryption:
sc.Type = CryptoMessageTypeEncryption
case saltpack.MessageTypeAttachedSignature:
sc.Type = CryptoMessageTypeAttachedSignature
case saltpack.MessageTypeDetachedSignature:
sc.Type = CryptoMessageTypeDetachedSignature
default:
return false
}
sc.Format = CryptoMessageFormatSaltpack
return true
}
func (c *Conn) decryptIncomingMessage(msg []byte) (int, error) {
var err error
mh := codec.MsgpackHandle{WriteExt: true}
dec := codec.NewDecoderBytes(msg, &mh)
var om outerMsg
err = dec.Decode(&om)
if err != nil {
return 0, err
}
var plaintext []byte
var ok bool
plaintext, ok = secretbox.Open(plaintext, om.Payload, &om.Nonce, (*[32]byte)(&c.secret))
if !ok {
return 0, ErrDecryption
}
dec = codec.NewDecoderBytes(plaintext, &mh)
var im innerMsg
err = dec.Decode(&im)
if err != nil {
return 0, err
}
if !om.SenderID.Eq(im.SenderID) || !om.SessionID.Eq(im.SessionID) || om.Seqno != im.Seqno {
return 0, ErrBadMetadata
}
if !im.SessionID.Eq(c.sessionID) {
return 0, ErrWrongSession
}
if im.SenderID.Eq(c.deviceID) {
return 0, ErrSelfRecieve
}
if im.Seqno != c.readSeqno+1 {
return 0, ErrBadPacketSequence
}
c.readSeqno = im.Seqno
c.bufferedMsgs = append(c.bufferedMsgs, im.Payload)
return len(im.Payload), nil
}
func TestSaltpackEncryptAnonymous(t *testing.T) {
tc := SetupEngineTest(t, "SaltpackEncrypt")
defer tc.Cleanup()
u1 := CreateAndSignupFakeUser(tc, "nalcp")
u2 := CreateAndSignupFakeUser(tc, "nalcp")
u3 := CreateAndSignupFakeUser(tc, "nalcp")
trackUI := &FakeIdentifyUI{
Proofs: make(map[string]string),
}
saltpackUI := &fakeSaltpackUI2{}
ctx := &Context{
IdentifyUI: trackUI,
SecretUI: u3.NewSecretUI(),
SaltpackUI: saltpackUI,
}
run := func(Recips []string) {
encsink := libkb.NewBufferCloser()
encarg := &SaltpackEncryptArg{
Opts: keybase1.SaltpackEncryptOptions{
Recipients: Recips,
HideSelf: true,
HideRecipients: true,
Binary: true,
},
Source: strings.NewReader("id2 and encrypt, id2 and encrypt"),
Sink: encsink,
}
enceng := NewSaltpackEncrypt(encarg, tc.G)
if err := RunEngine(enceng, ctx); err != nil {
t.Fatal(err)
}
encout := encsink.Bytes()
if len(encout) == 0 {
t.Fatal("no output")
}
// Decode the header.
var header saltpack.EncryptionHeader
hdec := codec.NewDecoderBytes(encout, &codec.MsgpackHandle{WriteExt: true})
var hbytes []byte
if err := hdec.Decode(&hbytes); err != nil {
t.Fatal(err)
}
hdec = codec.NewDecoderBytes(hbytes, &codec.MsgpackHandle{WriteExt: true})
if err := hdec.Decode(&header); err != nil {
t.Fatal(err)
}
// Hidden recipients is enabled as well, so receiver keys should be omitted.
for _, receiver := range header.Receivers {
if receiver.ReceiverKID != nil {
t.Fatal("receiver KID included in anonymous saltpack header")
}
}
decsink := libkb.NewBufferCloser()
decarg := &SaltpackDecryptArg{
Source: strings.NewReader(encsink.String()),
Sink: decsink,
}
deceng := NewSaltpackDecrypt(decarg, tc.G)
if err := RunEngine(deceng, ctx); err != nil {
t.Fatal(err)
}
if !saltpackUI.DidDecrypt {
t.Fatal("fake saltpackUI not called")
}
// The message should not contain the sender's public key (in the sender secretbox).
// Instead, the sender key should be the ephemeral key.
// This tests that the sender type is anonymous.
if saltpackUI.LastSender.SenderType != keybase1.SaltpackSenderType_ANONYMOUS {
t.Fatal("sender type not anonymous")
}
}
run([]string{u1.Username, u2.Username})
// If we add ourselves, we should be smart and not error out
// (We are u3 in this case)
run([]string{u1.Username, u2.Username, u3.Username})
}
// Decode implements the Codec interface for CodecMsgpack
func (c *CodecMsgpack) Decode(buf []byte, obj interface{}) (err error) {
err = codec.NewDecoderBytes(buf, c.h).Decode(obj)
return
}
func newDecoderWrapper() *decoderWrapper {
return &decoderWrapper{
Decoder: codec.NewDecoderBytes([]byte{}, newCodecMsgpackHandle()),
fieldNumber: 0,
}
}
func decodeFromBytes(p interface{}, b []byte) error {
return codec.NewDecoderBytes(b, codecHandle()).Decode(p)
}
