Example #1
0
// TestNewSessionFailures validates some of the failure modes for NewSession.
func TestNewSessionFailures(t *testing.T) {
	r := util.PRNG()
	b := &bytes.Buffer{}
	util.SetPRNG(b)

	if _, _, err := NewSession(peer); err == nil {
		util.SetPRNG(r)
		t.Fatal("auth: expected new session failure with PRNG failure")
	}

	tmp := make([]byte, sessionLength)
	b.Write(tmp)

	if _, _, err := NewSession(peer); err == nil {
		util.SetPRNG(r)
		t.Fatal("auth: expected new session failure with PRNG failure")
	}
	util.SetPRNG(r)

	tmp = make([]byte, 16)
	if _, _, err := NewSession(tmp); err == nil {
		t.Fatal("auth: expected new session failure with invalid public key")
	}

}
Example #2
0
func TestEncrypt(t *testing.T) {
	k := GenerateKey()
	ct, ok := Encrypt(k, message)
	if !ok {
		t.Fatal("secret: encrypt fails")
	}

	pt, ok := Decrypt(k, ct)
	if !ok {
		t.Fatal("secret: decrypt fails")
	}

	if !bytes.Equal(pt, message) {
		t.Fatal("secret: decrypted plaintext doesn't match original")
	}

	util.SetPRNG(&bytes.Buffer{})
	if _, ok = Encrypt(k, message); ok {
		t.Fatal("secret: encrypt should fail with bad PRNG")
	}
	util.SetPRNG(rand.Reader)

	if _, ok = Decrypt(k, message[:nonceSize-1]); ok {
		t.Fatal("secret: encrypt should fail with bad ciphertext")
	}
}
Example #3
0
func TestEncryptFailure(t *testing.T) {
	pub := &PublicKey{}
	message := []byte("do not go gentle into that good night")

	if _, ok := Encrypt(pub, message); ok {
		t.Fatal("public: encrypt should fail with invalid public key")
	}

	util.SetPRNG(&bytes.Buffer{})
	if _, ok := Encrypt(testKey.PublicKey, message); ok {
		t.Fatal("public: encrypt should fail with PRNG failure")
	}

	util.SetPRNG(rand.Reader)
	out, ok := Encrypt(testKey.PublicKey, message)
	if !ok {
		t.Fatal("public: encrypt failed")
	}

	priv := &PrivateKey{}
	if _, ok = Decrypt(priv, out); ok {
		t.Fatal("public: decrypt should fail with invalid private key")
	}

	if _, ok = Decrypt(testKey, out[:32]); ok {
		t.Fatal("public: decrypt should fail with invalid ciphertext")
	}
}
Example #4
0
func TestExportKeyFails(t *testing.T) {
	util.SetPRNG(&bytes.Buffer{})
	if _, err := ExportPrivate(testKey, []byte("hello, world")); err == nil {
		t.Fatalf("public: expect exporting private key to fail with PRNG failure")
	}

	util.SetPRNG(rand.Reader)
}
Example #5
0
// TestTOTPPRNGFailure validates failures when the PRNG fails.
func TestTOTPPRNGFailure(t *testing.T) {
	oldPRNG := util.PRNG()
	util.SetPRNG(&bytes.Buffer{})

	_, _, err := NewGoogleTOTP("")
	if err == nil {
		t.Fatal("auth: expect TOTP generation failure in the face of a PRNG failure")
	}

	util.SetPRNG(oldPRNG)
}
Example #6
0
func TestGenerateKey(t *testing.T) {
	if k := GenerateKey(); k == nil {
		t.Fatal("secret: failed to generate new key")
	}

	var buf = new(bytes.Buffer)
	util.SetPRNG(buf)
	if k := GenerateKey(); k != nil {
		log.Printf("key: %x", k)
		t.Fatal("secret: should fail to generate new key with bad PRNG")
	}
	util.SetPRNG(rand.Reader)
}
Example #7
0
func TestGenerateFailure(t *testing.T) {
	b := &bytes.Buffer{}
	util.SetPRNG(b)
	_, err := GenerateKey()
	if err == nil {
		t.Fatalf("%v", err)
	}

	seed := make([]byte, 32)
	b.Write(seed)
	_, err = GenerateKey()
	if err == nil {
		t.Fatalf("%v", err)
	}

	util.SetPRNG(rand.Reader)
}
Example #8
0
func TestLockKey(t *testing.T) {
	key, err := GenerateKey()
	if err != nil {
		t.Fatalf("Failed to generate test key: %v", err)
	}

	out, ok := EncryptAndSign(testKey, key.PublicKey, message)
	if !ok {
		t.Fatal("Failed to encrypt and sign message.")
	}

	locked, ok := LockKey(key, []byte("this is my password"))
	if !ok {
		t.Fatal("Failed to lock key.")
	}

	_, ok = UnlockKey(locked, []byte("this is my password."))
	if ok {
		t.Fatal("Unlocked with wrong passphrase.")
	}

	priv, ok := UnlockKey(locked, []byte("this is my password"))
	if !ok {
		t.Fatal("Unlocking key failed.")
	}

	recovered, ok := DecryptAndVerify(priv, testKey.PublicKey, out)
	if !ok {
		t.Fatal("Failed to decrypt and verify message.")
	}

	if !bytes.Equal(message, recovered) {
		t.Fatalf("Corrupt message.\nRecovered: %x\nMessage: %x\n",
			recovered, message)
	}

	salt := util.RandBytes(saltSize)
	buf := bytes.NewBuffer(salt)
	util.SetPRNG(buf)
	_, ok = LockKey(priv, []byte("password"))
	if ok {
		t.Fatal("public: expect locking to fail with bad PRNG")
	}
	util.SetPRNG(rand.Reader)
}
Example #9
0
// TestSessionValidationFailures validates some of the failure modes
// for validating sessions.
func TestSessionValidationFailures(t *testing.T) {
	next, err := hex.DecodeString(sessionAuth.Last)
	if err != nil {
		t.Fatalf("%v", err)
	}

	otp := testSession.OTP(next)

	last := sessionAuth.Last
	sessionAuth.Last = "Z" + otp[1:]
	if _, err = ValidateSession(sessionAuth, otp); err == nil {
		t.Fatalf("auth: expect session validation failure with invalid last value")
	}
	sessionAuth.Last = last

	var tmpOTP string
	if otp[0] == 'a' {
		tmpOTP = "b" + otp[1:]
	} else {
		tmpOTP = "a" + otp[1:]
	}

	if _, err = ValidateSession(sessionAuth, tmpOTP); err == nil {
		t.Fatalf("auth: expect session validation failure with invalid last value")
	}

	offset := 3*sessionLength + 1
	if otp[sessionLength+1] == 'a' {
		tmpOTP = otp[:offset] + "b" + otp[offset+1:]
	} else {
		tmpOTP = otp[:offset] + "a" + otp[offset+1:]
	}

	if _, err = ValidateSession(sessionAuth, tmpOTP); err == nil {
		t.Fatal("auth: expect session validation failure with invalid HMAC")
	}

	b := &bytes.Buffer{}
	util.SetPRNG(b)
	_, err = ValidateSession(sessionAuth, otp)
	util.SetPRNG(rand.Reader)
	if err == nil {
		t.Fatal("auth: expect session validation failure with PRNG failure")
	}
}
Example #10
0
func TestEncryptFile(t *testing.T) {
	defer os.Remove(testEncryptedFile)
	err := EncryptFile(testEncryptedFile, password, dup(message))
	if err != nil {
		t.Fatalf("%v", err)
	}

	out, err := DecryptFile(testEncryptedFile, password)
	if err != nil {
		t.Fatalf("%v", err)
	}

	if !bytes.Equal(out, message) {
		t.Fatal("secret: decrypted file doesn't match original message")
	}

	if _, err = DecryptFile(testNoSuchFile, password); err == nil {
		t.Fatal("secret: decrypt file should fail with IO error")
	}

	if _, err = DecryptFile(testUnencryptedFile, password); err == nil {
		t.Fatal("secret: decrypt file should fail with unencrypted file")
	}

	salt := util.RandBytes(SaltSize)
	buf := &bytes.Buffer{}
	util.SetPRNG(buf)
	err = EncryptFile(testEncryptedFile, password, dup(message))
	if err == nil {
		t.Fatal("secret: encrypt file should fail with bad PRNG")
	}

	buf.Write(salt)
	err = EncryptFile(testEncryptedFile, password, dup(message))
	if err == nil {
		t.Fatal("secret: encrypt file should fail with bad PRNG")
	}
	util.SetPRNG(rand.Reader)
}